Exploring Factors that Influence Students' Behaviors in Information Security

ERIC Educational Resources Information Center

Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary

2012-01-01

Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept of…

Institutionalization of Information Security: Case of the Indonesian Banking Sector

ERIC Educational Resources Information Center

Nasution, Muhamad Faisal Fariduddin Attar

2012-01-01

This study focuses on the institutionalization of information security in the banking sector. This study is important to pursue since it explicates the internalization of information security governance and practices and how such internalization develops an organizational resistance towards security breach. The study argues that information…

77 FR 35336 - Privacy and Security of Information Stored on Mobile Communications Devices

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-13

.... ACTION: Proposed rule. SUMMARY: This document seeks comment on the privacy and data security practices of... Practice and Procedure and Part 0 Rules of Commission Organization, Notice of Proposed Rulemaking, 25 FCC... practices of mobile wireless service providers with respect to customer information stored on their users...

Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing

ERIC Educational Resources Information Center

Ilvonen, Ilona

2013-01-01

Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…

An Information Security Control Assessment Methodology for Organizations

ERIC Educational Resources Information Center

Otero, Angel R.

2014-01-01

In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

Homeland Security and Information.

ERIC Educational Resources Information Center

Relyea, Harold C.

2002-01-01

Reviews the development of two similar policy concepts, national security and internal security, before exploring the new phrase homeland security that has become popular since the September 11 terrorist attacks. Discusses the significance of each for information policy and practice. (Author/LRW)

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 1 2014-01-01 2014-01-01 false Admissibility of restricted data or other national security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION AGENCY RULES OF PRACTICE AND... National Security Information § 2.911 Admissibility of restricted data or other national security...

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 1 2013-01-01 2013-01-01 false Admissibility of restricted data or other national security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION AGENCY RULES OF PRACTICE AND... National Security Information § 2.911 Admissibility of restricted data or other national security...

12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for.... Definitions II. Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of...

12 CFR Appendix F to Part 225 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for.... Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B...

Implementing an Information Security Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to covermore » information security best practices, planning for an information security management system, and implementing security controls for information security.« less

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

TH-A-12A-01: Medical Physicist's Role in Digital Information Security: Threats, Vulnerabilities and Best Practices

DOE Office of Scientific and Technical Information (OSTI.GOV)

McDonald, K; Curran, B

I. Information Security Background (Speaker = Kevin McDonald) Evolution of Medical Devices Living and Working in a Hostile Environment Attack Motivations Attack Vectors Simple Safety Strategies Medical Device Security in the News Medical Devices and Vendors Summary II. Keeping Radiation Oncology IT Systems Secure (Speaker = Bruce Curran) Hardware Security Double-lock Requirements “Foreign” computer systems Portable Device Encryption Patient Data Storage System Requirements Network Configuration Isolating Critical Devices Isolating Clinical Networks Remote Access Considerations Software Applications / Configuration Passwords / Screen Savers Restricted Services / access Software Configuration Restriction Use of DNS to restrict accesse. Patches / Upgrades Awareness Intrusionmore » Prevention Intrusion Detection Threat Risk Analysis Conclusion Learning Objectives: Understanding how Hospital IT Requirements affect Radiation Oncology IT Systems. Illustrating sample practices for hardware, network, and software security. Discussing implementation of good IT security practices in radiation oncology. Understand overall risk and threats scenario in a networked environment.« less

16 CFR 312.8 - Confidentiality, security, and integrity of personal information collected from children.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 16 Commercial Practices 1 2013-01-01 2013-01-01 false Confidentiality, security, and integrity of personal information collected from children. 312.8 Section 312.8 Commercial Practices FEDERAL TRADE COMMISSION REGULATIONS UNDER SPECIFIC ACTS OF CONGRESS CHILDREN'S ONLINE PRIVACY PROTECTION RULE § 312.8...

16 CFR 312.8 - Confidentiality, security, and integrity of personal information collected from children.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 16 Commercial Practices 1 2010-01-01 2010-01-01 false Confidentiality, security, and integrity of personal information collected from children. 312.8 Section 312.8 Commercial Practices FEDERAL TRADE COMMISSION REGULATIONS UNDER SPECIFIC ACTS OF CONGRESS CHILDREN'S ONLINE PRIVACY PROTECTION RULE § 312.8...

16 CFR 312.8 - Confidentiality, security, and integrity of personal information collected from children.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 16 Commercial Practices 1 2011-01-01 2011-01-01 false Confidentiality, security, and integrity of personal information collected from children. 312.8 Section 312.8 Commercial Practices FEDERAL TRADE COMMISSION REGULATIONS UNDER SPECIFIC ACTS OF CONGRESS CHILDREN'S ONLINE PRIVACY PROTECTION RULE § 312.8...

16 CFR 312.8 - Confidentiality, security, and integrity of personal information collected from children.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 16 Commercial Practices 1 2012-01-01 2012-01-01 false Confidentiality, security, and integrity of personal information collected from children. 312.8 Section 312.8 Commercial Practices FEDERAL TRADE COMMISSION REGULATIONS UNDER SPECIFIC ACTS OF CONGRESS CHILDREN'S ONLINE PRIVACY PROTECTION RULE § 312.8...

16 CFR 312.8 - Confidentiality, security, and integrity of personal information collected from children.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 16 Commercial Practices 1 2014-01-01 2014-01-01 false Confidentiality, security, and integrity of personal information collected from children. 312.8 Section 312.8 Commercial Practices FEDERAL TRADE COMMISSION REGULATIONS UNDER SPECIFIC ACTS OF CONGRESS CHILDREN'S ONLINE PRIVACY PROTECTION RULE § 312.8...

78 FR 13075 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Pipeline...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-26

... From OMB of One Current Public Collection of Information: Pipeline Corporate Security Review Program... current security practices in the pipeline industry by way of TSA's Pipeline Corporate Security Review... Collection Requirement The TSA Pipeline Security Branch is responsible for conducting Pipeline Corporate...

Practices in security and confidentiality of HIV/AIDS patients' information: A national survey among staff at HIV outpatient clinics in Vietnam.

PubMed

Khac Hai, Nguyen; Lawpoolsri, Saranath; Jittamala, Podjanee; Thi Thu Huong, Phan; Kaewkungwal, Jaranit

2017-01-01

Breach of confidentiality or invasion of privacy from the collection and use of medical records, particularly those of patients with HIV/AIDS or other diseases sensitive to stigmatization, should be prevented by all related stakeholders in healthcare settings. The main focus of this study was to assess practices regarding security and confidentiality of HIV-related information among staff at HIV outpatient clinics (HIV-OPCs) in Vietnam. A descriptive cross-sectional study was conducted at all 312 HIV-OPCs across the country using an online survey technique. In general, the staff practices for securing and protecting patient information were at acceptable levels. Most staff had proper measures and practices for maintaining data security; however, the protection of patient confidentiality, particularly for data access, sharing, and transfer still required improvement. Most HIV-OPC staff had good or moderate knowledge and positive perceptions towards security and confidentiality issues. Staff who were not trained in the practice of security measures differed significantly from those who were trained (OR: 3.74; 95%CI: 1.44-9.67); staff needing improved knowledge levels differed significantly from those with good (OR: 5.20; 95%CI: 2.39-11.32) and moderate knowledge levels (OR: 5.10; 95%CI: 2.36-11.00); and staff needing improved perception levels differed significantly from those with good (i.e., with 100% proper practices) and moderate perception levels (OR: 5.67; 95%CI: 2.93-10.95). Staff who were not trained in the protection of data confidentiality differed significantly from those who were trained (OR: 2.18; 95%CI: 1.29-3.65). Training is an important factor to help raise the levels of proper practices regarding confidentiality and security, to improve knowledge and raise awareness about change among staff. The operation and management of HIV treatment and care in Vietnam are currently transitioning from separate healthcare clinics (HIV-OPC) into units integrated into general hospitals/healthcare facilities. The findings of this study highlight topics that could be used for improving management and operation of information system and revising guidelines and regulations on protection measures/strategies for data security and confidentiality of HIV/AIDS patients by Vietnam health authorities or other countries facing similar situations. Secure infrastructure and secure measures for data access and use are very important, worthwhile investments. The provision of continuous training and active enforcement and monitoring of the practices of healthcare personnel might lead to an improved understanding and acknowledegement of the importance of national policies/guidelines regarding HIV-related patient information.

Improving Insider Threat Training Awareness and Mitigation Programs at Nuclear Facilities.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abbott, Shannon

In recent years, insider threat programs have become an important aspect of nuclear security, and nuclear security training courses. However, many nuclear security insider threat programs fail to address the insider threat attack and monitoring potential that exists on information technology (IT) systems. This failure is critical because of the importance of information technology and networks in today’s world. IT systems offer an opportunity to perpetrate dangerous insider attacks, but they also present an opportunity to monitor for them and prevent them. This paper suggests a number of best practices for monitoring and preventing insider attacks on IT systems, andmore » proposes the development of a new IT insider threat tabletop that can be used to help train nuclear security practitioners on how best to implement IT insider threat prevention best practices. The development of IT insider threat best practices and a practical tabletop exercise will allow nuclear security practitioners to improve nuclear security trainings as it integrates a critical part of insider threat prevention into the broader nuclear security system.« less

Security breaches: tips for assessing and limiting your risks.

PubMed

Coons, Leeanne R

2011-01-01

As part of their compliance planning, medical practices should undergo a risk assessment to determine any vulnerability within the practice relative to security breaches. Practices should also implement safeguards to limit their risks. Such safeguards include facility access controls, information and electronic media management, use of business associate agreements, and education and enforcement. Implementation of specific policies and procedures to address security incidents is another critical step that medical practices should take as part of their security incident prevention plan. Medical practices should not only develop policies and procedures to prevent, detect, contain, and correct security violations, but should make sure that such policies and procedures are actually implemented in their everyday operations.

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 1 2012-01-01 2012-01-01 false Admissibility of restricted data or other national security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.911 Admissibility of restricted...

A Framework for the Governance of Information Security

ERIC Educational Resources Information Center

Edwards, Charles K.

2013-01-01

Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant…

Information Security and the Internet.

ERIC Educational Resources Information Center

Doddrell, Gregory R.

1996-01-01

As business relies less on "fortress" style central computers and more on distributed systems, the risk of disruption increases because of inadequate physical security, support services, and site monitoring. This article discusses information security and why protection is required on the Internet, presents a best practice firewall, and…

How secure is your information system? An investigation into actual healthcare worker password practices.

PubMed

Cazier, Joseph A; Medlin, B Dawn

2006-09-27

For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed.

How Secure Is Your Information System? An Investigation into Actual Healthcare Worker Password Practices

PubMed Central

Cazier, Joseph A; Medlin, B. Dawn

2006-01-01

For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed. PMID:18066366

How Attitude toward the Behavior, Subjective Norm, and Perceived Behavioral Control Affects Information Security Behavior Intention

ERIC Educational Resources Information Center

Johnson, David P.

2017-01-01

The education sector is at high risk for information security (InfoSec) breaches and in need of improved security practices. Achieving data protections cannot be through technical means alone. Addressing the human behavior factor is required. Security education, training, and awareness (SETA) programs are an effective method of addressing human…

Information Security Trends and Issues in the Moodle E-Learning Platform: An Ethnographic Content Analysis

ERIC Educational Resources Information Center

Schultz, Christopher

2012-01-01

Empirical research on information security trends and practices in e-learning is scarce. Many articles that have been published apply basic information security concepts to e-learning and list potential threats or propose frameworks for classifying threats. The purpose of this research is to identify, categorize and understand trends and issues in…

Practices in security and confidentiality of HIV/AIDS patients’ information: A national survey among staff at HIV outpatient clinics in Vietnam

PubMed Central

Khac Hai, Nguyen; Lawpoolsri, Saranath; Jittamala, Podjanee; Thi Thu Huong, Phan

2017-01-01

Introduction Breach of confidentiality or invasion of privacy from the collection and use of medical records, particularly those of patients with HIV/AIDS or other diseases sensitive to stigmatization, should be prevented by all related stakeholders in healthcare settings. The main focus of this study was to assess practices regarding security and confidentiality of HIV-related information among staff at HIV outpatient clinics (HIV-OPCs) in Vietnam. Methods A descriptive cross-sectional study was conducted at all 312 HIV-OPCs across the country using an online survey technique. Results In general, the staff practices for securing and protecting patient information were at acceptable levels. Most staff had proper measures and practices for maintaining data security; however, the protection of patient confidentiality, particularly for data access, sharing, and transfer still required improvement. Most HIV-OPC staff had good or moderate knowledge and positive perceptions towards security and confidentiality issues. Staff who were not trained in the practice of security measures differed significantly from those who were trained (OR: 3.74; 95%CI: 1.44–9.67); staff needing improved knowledge levels differed significantly from those with good (OR: 5.20; 95%CI: 2.39–11.32) and moderate knowledge levels (OR: 5.10; 95%CI: 2.36–11.00); and staff needing improved perception levels differed significantly from those with good (i.e., with 100% proper practices) and moderate perception levels (OR: 5.67; 95%CI: 2.93–10.95). Staff who were not trained in the protection of data confidentiality differed significantly from those who were trained (OR: 2.18; 95%CI: 1.29–3.65). Conclusions Training is an important factor to help raise the levels of proper practices regarding confidentiality and security, to improve knowledge and raise awareness about change among staff. The operation and management of HIV treatment and care in Vietnam are currently transitioning from separate healthcare clinics (HIV-OPC) into units integrated into general hospitals/healthcare facilities. The findings of this study highlight topics that could be used for improving management and operation of information system and revising guidelines and regulations on protection measures/strategies for data security and confidentiality of HIV/AIDS patients by Vietnam health authorities or other countries facing similar situations. Secure infrastructure and secure measures for data access and use are very important, worthwhile investments. The provision of continuous training and active enforcement and monitoring of the practices of healthcare personnel might lead to an improved understanding and acknowledegement of the importance of national policies/guidelines regarding HIV-related patient information. PMID:29136017

Hash Functions and Information Theoretic Security

NASA Astrophysics Data System (ADS)

Bagheri, Nasour; Knudsen, Lars R.; Naderi, Majid; Thomsen, Søren S.

Information theoretic security is an important security notion in cryptography as it provides a true lower bound for attack complexities. However, in practice attacks often have a higher cost than the information theoretic bound. In this paper we study the relationship between information theoretic attack costs and real costs. We show that in the information theoretic model, many well-known and commonly used hash functions such as MD5 and SHA-256 fail to be preimage resistant.

The ISACA Business Model for Information Security: An Integrative and Innovative Approach

NASA Astrophysics Data System (ADS)

von Roessing, Rolf

In recent years, information security management has matured into a professional discipline that covers both technical and managerial aspects in an organisational environment. Information security is increasingly dependent on business-driven parameters and interfaces to a variety of organisational units and departments. In contrast, common security models and frameworks have remained largely technical. A review of extant models ranging from [LaBe73] to more recent models shows that technical aspects are covered in great detail, while the managerial aspects of security are often neglected.Likewise, the business view on organisational security is frequently at odds with the demands of information security personnel or information technology management. In practice, senior and executive level management remain comparatively distant from technical requirements. As a result, information security is generally regarded as a cost factor rather than a benefit to the organisation.

Privacy, confidentiality, and security in information systems of state health agencies.

PubMed

O'Brien, D G; Yasnoff, W A

1999-05-01

To assess the employment and status of privacy, confidentiality, security and fair information practices in electronic information systems of U.S. state health agencies. A survey instrument was developed and administered to key contacts within the state health agencies of each of the 50 U.S. states, Puerto Rico and the District of Columbia. About a third of U.S. state health agencies have no written policies in place regarding privacy and confidentiality in electronic information systems. The doctrines of fair information practice often seemed to be ignored. One quarter of the agencies reported at least one security breach during the past two years, and 16% experienced a privacy and confidentiality related transgression. Most of the breaches were committed by personnel from within the agencies. These results raise questions about the integrity of existing privacy, confidentiality and security measures in the information systems of U.S. state health agencies. Recommendations include the development and vigorous enforcement of written privacy and confidentiality policies, increased personnel training, and expanded implementation of security measures such as encryption and system firewalls. A discussion of the current status of U.S. privacy, confidentiality and security issues is offered.

Practical secure quantum communications

NASA Astrophysics Data System (ADS)

Diamanti, Eleni

2015-05-01

We review recent advances in the field of quantum cryptography, focusing in particular on practical implementations of two central protocols for quantum network applications, namely key distribution and coin flipping. The former allows two parties to share secret messages with information-theoretic security, even in the presence of a malicious eavesdropper in the communication channel, which is impossible with classical resources alone. The latter enables two distrustful parties to agree on a random bit, again with information-theoretic security, and with a cheating probability lower than the one that can be reached in a classical scenario. Our implementations rely on continuous-variable technology for quantum key distribution and on a plug and play discrete-variable system for coin flipping, and necessitate a rigorous security analysis adapted to the experimental schemes and their imperfections. In both cases, we demonstrate the protocols with provable security over record long distances in optical fibers and assess the performance of our systems as well as their limitations. The reported advances offer a powerful toolbox for practical applications of secure communications within future quantum networks.

Technical solutions for mitigating security threats caused by health professionals in clinical settings.

PubMed

Fernandez-Aleman, Jose Luis; Belen Sanchez Garcia, Ana; Garcia-Mateos, Gines; Toval, Ambrosio

2015-08-01

The objective of this paper is to present a brief description of technical solutions for health information system security threats caused by inadequate security and privacy practices in healthcare professionals. A literature search was carried out in ScienceDirect, ACM Digital Library and IEEE Digital Library to find papers reporting technical solutions for certain security problems in information systems used in clinical settings. A total of 17 technical solutions were identified: measures for password security, the secure use of e-mail, the Internet, portable storage devices, printers and screens. Although technical safeguards are essential to the security of healthcare organization's information systems, good training, awareness programs and adopting a proper information security policy are particularly important to prevent insiders from causing security incidents.

Report: Improvements Needed in Key EPA Information System Security Practices

EPA Pesticide Factsheets

Report #10-P-0146, June 15, 2010. Williams Adley found that EPA program offices lacked evidence that they planned and executed tests of information system security controls as required by federal requirements.

77 FR 55900 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-11

... security-by-security information will require an average of 120 hours; and end-investors and custodians... Department of the Treasury, including whether the information collected will have practical uses; (b) the... respondents, including the use of information technologies to automate the collection of the data requested...

IT Security on Campus: A Fragile Equilibrium.

ERIC Educational Resources Information Center

Wada, Kent

2003-01-01

Considers how to provide appropriate levels of information technology (IT) security in the higher education environment. Discusses implications of the Digital Millennium Copyright Act, the USA Patriot Act, the Health Insurance Portability and Accountability Act of 1996, California Information Practices Act, VISA USA Cardholder Information Security…

Information security concepts and practices: the case of a provincial multi-specialty hospital.

PubMed

Cavalli, Enrico; Mattasoglio, Andrea; Pinciroli, Francesco; Spaggiari, Piergiorgio

2004-03-31

In recent years, major and widely accepted information security understandings and achievements confirm that the problem is complex. They clarify that technologies are fundamental tools, but management processes have even bigger relevance, as also prestigious international magazines dossier clearly explained recently. Such a magazine attention outlines the wide impact that the subject has on watchful decision makers. ISO17799 is an emerging standard in information security. In principle there are no reasons for considering it not applicable to the health care sector. In practice, because of both the just conceptual level of the standard and the peculiarities of the health care data and institutions, a lot of analysis and design work need to be invested any time a health care institution decides to deal with the subject. CEN/ENV 12924 is another emerging standard certainly more on the spot of the health care. Nevertheless, it also asks for evident further investigation. The practical case of information security design, implementation, management, and auditing inside a multi-specialty provincial Italian hospital will be described.

The adoption of IT security standards in a healthcare environment.

PubMed

Gomes, Rui; Lapão, Luís Velez

2008-01-01

Security is a vital part of daily life to Hospitals that need to ensure that the information is adequately secured. In Portugal, more CIOs are seeking that their hospital IS departments are properly protecting information assets from security threats. It is imperative to take necessary measures to ensure risk management and business continuity. Security management certification provides just such a guarantee, increasing patient and partner confidence. This paper introduces one best practice for implementing four security controls in a hospital datacenter infrastructure (ISO27002), and describes the security assessment for implementing such controls.

Text messaging to communicate with public health audiences: how the HIPAA Security Rule affects practice.

PubMed

Karasz, Hilary N; Eiden, Amy; Bogan, Sharon

2013-04-01

Text messaging is a powerful communication tool for public health purposes, particularly because of the potential to customize messages to meet individuals' needs. However, using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is written with flexibility to account for changing technologies. In practice, however, the rule leads to uncertainty about how to make text messaging policy decisions. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule.

Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

PubMed

Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

2000-05-01

The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gibbs, P. W.

Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

Communication security in open health care networks.

PubMed

Blobel, B; Pharow, P; Engel, K; Spiegel, V; Krohn, R

1999-01-01

Fulfilling the shared care paradigm, health care networks providing open systems' interoperability in health care are needed. Such communicating and co-operating health information systems, dealing with sensitive personal medical information across organisational, regional, national or even international boundaries, require appropriate security solutions. Based on the generic security model, within the European MEDSEC project an open approach for secure EDI like HL7, EDIFACT, XDT or XML has been developed. The consideration includes both securing the message in an unsecure network and the transport of the unprotected information via secure channels (SSL, TLS etc.). Regarding EDI, an open and widely usable security solution has been specified and practically implemented for the examples of secure mailing and secure file transfer (FTP) via wrapping the sensitive information expressed by the corresponding protocols. The results are currently prepared for standardisation.

Practical cryptographic strategies in the post-quantum era

NASA Astrophysics Data System (ADS)

Kabanov, I. S.; Yunusov, R. R.; Kurochkin, Y. V.; Fedorov, A. K.

2018-02-01

Quantum key distribution technologies promise information-theoretic security and are currently being deployed in com-mercial applications. We review new frontiers in information security technologies in communications and distributed storage applications with the use of classical, quantum, hybrid classical-quantum, and post-quantum cryptography. We analyze the cur-rent state-of-the-art, critical characteristics, development trends, and limitations of these techniques for application in enterprise information protection systems. An approach concerning the selection of practical encryption technologies for enterprises with branched communication networks is discussed.

Information and the War against Terrorism, Part IV: Civil Liberties versus Security in the Age of Terrorism.

ERIC Educational Resources Information Center

Strickland, Lee S.

2002-01-01

Discussion of information and the war on terrorism following the September 11th attacks focuses on a survey of legal provisions and new security-related practices in government and business as security competes with civil liberties. Topics include the Fourth Amendment overseas; Department of Justice legal initiatives; military tribunals; security…

45 CFR 164.520 - Notice of privacy practices for protected health information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.520 Notice of privacy practices for protected health information. (a) Standard... 45 Public Welfare 1 2014-10-01 2014-10-01 false Notice of privacy practices for protected health...

Performance of device-independent quantum key distribution

NASA Astrophysics Data System (ADS)

Cao, Zhu; Zhao, Qi; Ma, Xiongfeng

2016-07-01

Quantum key distribution provides information-theoretically-secure communication. In practice, device imperfections may jeopardise the system security. Device-independent quantum key distribution solves this problem by providing secure keys even when the quantum devices are untrusted and uncharacterized. Following a recent security proof of the device-independent quantum key distribution, we improve the key rate by tightening the parameter choice in the security proof. In practice where the system is lossy, we further improve the key rate by taking into account the loss position information. From our numerical simulation, our method can outperform existing results. Meanwhile, we outline clear experimental requirements for implementing device-independent quantum key distribution. The maximal tolerable error rate is 1.6%, the minimal required transmittance is 97.3%, and the minimal required visibility is 96.8 % .

Stable operation of a Secure QKD system in the real-world setting

NASA Astrophysics Data System (ADS)

Tomita, Akihisa

2007-06-01

Quantum Key Distribution (QKD) now steps forward from the proof of principle to the validation of the practical feasibility. Nevertheless, the QKD technology should respond to the challenges from the real-world such as stable operation against the fluctuating environment, and security proof under the practical setting. We report our recent progress on stable operation of a QKD system, and key generation with security assurance. A QKD system should robust to temperature fluctuation in a common office environment. We developed a loop-mirror, a substitution of a Faraday mirror, to allow easy compensation for the temperature dependence of the device. Phase locking technique was also employed to synchronize the system clock to the quantum signals. This technique is indispensable for the transmission system based on the installed fiber cables, which stretch and shrink due to the temperature change. The security proof of QKD, however, has assumed the ideal conditions, such as the use of a genuine single photon source and/or unlimited computational resources. It has been highly desirable to give an assurance of security for practical systems, where the ideal conditions are no longer satisfied. We have constructed a theory to estimate the leakage information on the transmitted key under the practically attainable conditions, and have developed a QKD system equipped with software for secure key distillation. The QKD system generates the final key at the rate of 2000 bps after 20 km fiber transmission. Eavesdropper's information on the final key is guaranteed to be less than 2-7 per bit. This is the first successful generation of the secure key with quantitative assurance of the upper bound of the leakage information. It will put forth the realization of highly secure metropolitan optical communication network against any types of eavesdropping.

Text Messaging to Communicate With Public Health Audiences: How the HIPAA Security Rule Affects Practice

PubMed Central

Karasz, Hilary N.; Eiden, Amy; Bogan, Sharon

2013-01-01

Text messaging is a powerful communication tool for public health purposes, particularly because of the potential to customize messages to meet individuals’ needs. However, using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is written with flexibility to account for changing technologies. In practice, however, the rule leads to uncertainty about how to make text messaging policy decisions. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule. PMID:23409902

A security architecture for health information networks.

PubMed

Kailar, Rajashekar; Muralidhar, Vinod

2007-10-11

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

A Security Architecture for Health Information Networks

PubMed Central

Kailar, Rajashekar

2007-01-01

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today’s healthcare enterprise. Recent work on ‘nationwide health information network’ architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately. PMID:18693862

[A guide to good practice for information security in the handling of personal health data by health personnel in ambulatory care facilities].

PubMed

Sánchez-Henarejos, Ana; Fernández-Alemán, José Luis; Toval, Ambrosio; Hernández-Hernández, Isabel; Sánchez-García, Ana Belén; Carrillo de Gea, Juan Manuel

2014-04-01

The appearance of electronic health records has led to the need to strengthen the security of personal health data in order to ensure privacy. Despite the large number of technical security measures and recommendations that exist to protect the security of health data, there is an increase in violations of the privacy of patients' personal data in healthcare organizations, which is in many cases caused by the mistakes or oversights of healthcare professionals. In this paper, we present a guide to good practice for information security in the handling of personal health data by health personnel, drawn from recommendations, regulations and national and international standards. The material presented in this paper can be used in the security audit of health professionals, or as a part of continuing education programs in ambulatory care facilities. Copyright © 2013 Elsevier España, S.L. All rights reserved.

A study on an information security system of a regional collaborative medical platform.

PubMed

Zhao, Junping; Peng, Kun; Leng, Jinchang; Sun, Xiaowei; Zhang, Zhenjiang; Xue, Wanguo; Ren, Lianzhong

2010-01-01

The objective of this study was to share the experience of building an information security system for a regional collaborative medical platform (RCMP) and discuss the lessons learned from practical projects. Safety measures are analyzed from the perspective of system engineering. We present the essential requirements, critical architectures, and policies for system security of regional collaborative medical platforms.

Study on the security of the authentication scheme with key recycling in QKD

NASA Astrophysics Data System (ADS)

Li, Qiong; Zhao, Qiang; Le, Dan; Niu, Xiamu

2016-09-01

In quantum key distribution (QKD), the information theoretically secure authentication is necessary to guarantee the integrity and authenticity of the exchanged information over the classical channel. In order to reduce the key consumption, the authentication scheme with key recycling (KR), in which a secret but fixed hash function is used for multiple messages while each tag is encrypted with a one-time pad (OTP), is preferred in QKD. Based on the assumption that the OTP key is perfect, the security of the authentication scheme has be proved. However, the OTP key of authentication in a practical QKD system is not perfect. How the imperfect OTP affects the security of authentication scheme with KR is analyzed thoroughly in this paper. In a practical QKD, the information of the OTP key resulting from QKD is partially leaked to the adversary. Although the information leakage is usually so little to be neglected, it will lead to the increasing degraded security of the authentication scheme as the system runs continuously. Both our theoretical analysis and simulation results demonstrate that the security level of authentication scheme with KR, mainly indicated by its substitution probability, degrades exponentially in the number of rounds and gradually diminishes to zero.

Parallel Processable Cryptographic Methods with Unbounded Practical Security.

ERIC Educational Resources Information Center

Rothstein, Jerome

Addressing the problem of protecting confidential information and data stored in computer databases from access by unauthorized parties, this paper details coding schemes which present such astronomical work factors to potential code breakers that security breaches are hopeless in any practical sense. Two procedures which can be used to encode for…

Report: Fiscal Year 2006 Federal Information Security Management Act Report Status of EPA’s Computer Security Program

EPA Pesticide Factsheets

Report #2006-S-00008, September 25, 2006. Although the Agency has made substantial progress to improve its security program, the OIG identified weaknesses in the Agency’s incident reporting practices.

76 FR 62818 - Extension of Agency Information Collection Activity Under OMB Review: Critical Facility...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-11

... Review (CFSR) Form. The CFSR will differ from TSA's Corporate Security Review (CSR) in that a CSR looks at corporate or company-wide security management plans and practices while the CFSR will look at... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Extension of Agency...

Exploring Factors That Affect Adoption of Computer Security Practices among College Students

ERIC Educational Resources Information Center

Alqarni, Amani

2017-01-01

Cyber-attacks threaten the security of computer users' information, networks, machines, and privacy. Studies of computer security education, awareness, and training among ordinary computer users, college students, non-IT-oriented user groups, and non-technically trained citizens are limited. Most research has focused on computer security standards…

Does the PCEHR mean a new paradigm for information security? Implications for health information management.

PubMed

Williams, Patricia A H

Australia is stepping up to the new e-health environment. With this comes new legislation and new demands on information security. The expanded functionality of e-health and the increased legislative requirements, coupled with new uses of technology, means that enhancement of existing security practice will be necessary. This paperanalyses the new operating environment for Australian healthcare and the legislation governing it, and highlights the changes that are required to meet this new context. Individuals are now more responsible for security and organisations should be prompted to review their security measures in light of the new demands of legislative compliance.

Analysis of health professional security behaviors in a real clinical setting: an empirical study.

PubMed

Fernández-Alemán, José Luis; Sánchez-Henarejos, Ana; Toval, Ambrosio; Sánchez-García, Ana Belén; Hernández-Hernández, Isabel; Fernandez-Luque, Luis

2015-06-01

The objective of this paper is to evaluate the security behavior of healthcare professionals in a real clinical setting. Standards, guidelines and recommendations on security and privacy best practices for staff personnel were identified using a systematic literature review. After a revision process, a questionnaire consisting of 27 questions was created and responded to by 180 health professionals from a public hospital. Weak passwords were reported by 62.2% of the respondents, 31.7% were unaware of the organization's procedures for discarding confidential information, and 19.4% did not carry out these procedures. Half of the respondents (51.7%) did not take measures to ensure that the personal health information on the computer monitor could not be seen by unauthorized individuals, and 57.8% were unaware of the procedure established to report a security violation. The correlation between the number of years in the position and good security practices was not significant (Pearson's r=0.085, P=0.254). Age was weakly correlated with good security practices (Pearson's r=-0.169, P=0.028). A Mann-Whitney test showed no significant difference between the respondents' security behavior as regards gender (U=2536, P=0.792, n=178). The results of the study suggest that more efforts are required to improve security education for health personnel. It was found that both preventive and corrective actions are needed to prevent health staff from causing security incidents. Healthcare organizations should: identify the types of information that require protection, clearly communicate the penalties that will be imposed, promote security training courses, and define what the organization considers improper behavior to be and communicate this to all personnel. Copyright © 2015 Elsevier Ireland Ltd. All rights reserved.

Information Technology Security Training Requirements: A Role- and Performance-Based Model

DTIC Science & Technology

1998-04-01

Journal, Vol.9, no. 2, pp. 18-20, 1995. Kearsley, Greg. Andragogy (M. Knowles), Washington, DC: George Washington University, 1996. Knowles, M.S...The Modern Practice of Adult Education: Andragogy vs. Pedagogy, New York: Association Press, 1970. Information Technology Security Training

12 CFR 1.5 - Safe and sound banking practices; credit information required.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 1 2010-01-01 2010-01-01 false Safe and sound banking practices; credit... TREASURY INVESTMENT SECURITIES § 1.5 Safe and sound banking practices; credit information required. (a) A national bank shall adhere to safe and sound banking practices and the specific requirements of this part...

12 CFR 1.5 - Safe and sound banking practices; credit information required.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 12 Banks and Banking 1 2012-01-01 2012-01-01 false Safe and sound banking practices; credit... TREASURY INVESTMENT SECURITIES § 1.5 Safe and sound banking practices; credit information required. (a) A national bank shall adhere to safe and sound banking practices and the specific requirements of this part...

12 CFR 1.5 - Safe and sound banking practices; credit information required.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 1 2013-01-01 2013-01-01 false Safe and sound banking practices; credit... TREASURY INVESTMENT SECURITIES § 1.5 Safe and sound banking practices; credit information required. (a) A national bank shall adhere to safe and sound banking practices and the specific requirements of this part...

12 CFR 1.5 - Safe and sound banking practices; credit information required.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 12 Banks and Banking 1 2014-01-01 2014-01-01 false Safe and sound banking practices; credit... TREASURY INVESTMENT SECURITIES § 1.5 Safe and sound banking practices; credit information required. (a) A national bank shall adhere to safe and sound banking practices and the specific requirements of this part...

12 CFR 1.5 - Safe and sound banking practices; credit information required.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 12 Banks and Banking 1 2011-01-01 2011-01-01 false Safe and sound banking practices; credit... TREASURY INVESTMENT SECURITIES § 1.5 Safe and sound banking practices; credit information required. (a) A national bank shall adhere to safe and sound banking practices and the specific requirements of this part...

75 FR 16491 - Science and Technology Directorate; Submission for Review; Information Collection Request for the...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-01

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2010-0026] Science and Technology Directorate; Submission for Review; Information Collection Request for the Department of Homeland Security Science and Technology Directorate First Responders Community of Practice AGENCY: Science and Technology Directorate, DHS...

46 CFR 295.23 - Reporting requirements.

Code of Federal Regulations, 2013 CFR

2013-10-01

... OPERATORS MARITIME SECURITY PROGRAM (MSP) Maritime Security Program Operating Agreements § 295.23 Reporting... (such as facsimile and Internet) for transmission of required information to MARAD, if practicable.]: (a...

46 CFR 295.23 - Reporting requirements.

Code of Federal Regulations, 2011 CFR

2011-10-01

... OPERATORS MARITIME SECURITY PROGRAM (MSP) Maritime Security Program Operating Agreements § 295.23 Reporting... (such as facsimile and Internet) for transmission of required information to MARAD, if practicable.]: (a...

46 CFR 295.23 - Reporting requirements.

Code of Federal Regulations, 2010 CFR

2010-10-01

... OPERATORS MARITIME SECURITY PROGRAM (MSP) Maritime Security Program Operating Agreements § 295.23 Reporting... (such as facsimile and Internet) for transmission of required information to MARAD, if practicable.]: (a...

46 CFR 295.23 - Reporting requirements.

Code of Federal Regulations, 2014 CFR

2014-10-01

... OPERATORS MARITIME SECURITY PROGRAM (MSP) Maritime Security Program Operating Agreements § 295.23 Reporting... (such as facsimile and Internet) for transmission of required information to MARAD, if practicable.]: (a...

46 CFR 295.23 - Reporting requirements.

Code of Federal Regulations, 2012 CFR

2012-10-01

... OPERATORS MARITIME SECURITY PROGRAM (MSP) Maritime Security Program Operating Agreements § 295.23 Reporting... (such as facsimile and Internet) for transmission of required information to MARAD, if practicable.]: (a...

Managing security risks for inter-organisational information systems: a multiagent collaborative model

NASA Astrophysics Data System (ADS)

Feng, Nan; Wu, Harris; Li, Minqiang; Wu, Desheng; Chen, Fuzan; Tian, Jin

2016-09-01

Information sharing across organisations is critical to effectively managing the security risks of inter-organisational information systems. Nevertheless, few previous studies on information systems security have focused on inter-organisational information sharing, and none have studied the sharing of inferred beliefs versus factual observations. In this article, a multiagent collaborative model (MACM) is proposed as a practical solution to assess the risk level of each allied organisation's information system and support proactive security treatment by sharing beliefs on event probabilities as well as factual observations. In MACM, for each allied organisation's information system, we design four types of agents: inspection agent, analysis agent, control agent, and communication agent. By sharing soft findings (beliefs) in addition to hard findings (factual observations) among the organisations, each organisation's analysis agent is capable of dynamically predicting its security risk level using a Bayesian network. A real-world implementation illustrates how our model can be used to manage security risks in distributed information systems and that sharing soft findings leads to lower expected loss from security risks.

Safe teleradiology: information assurance as project planning methodology.

PubMed

Collmann, Jeff; Alaoui, Adil; Nguyen, Dan; Lindisch, David

2005-01-01

The Georgetown University Medical Center Department of Radiology used a tailored version of OCTAVE, a self-directed information security risk assessment method, to design a teleradiology system that complied with the regulation implementing the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The system addressed threats to and vulnerabilities in the privacy and security of protected health information. By using OCTAVE, Georgetown identified the teleradiology program's critical assets, described threats to the assurance of those assets, developed and ran vulnerability scans of a system pilot, evaluated the consequences of security breaches, and developed a risk management plan to mitigate threats to program assets, thereby implementing good information assurance practices. This case study illustrates the basic point that prospective, comprehensive planning to protect the privacy and security of an information system strategically benefits program management as well as system security.

78 FR 38949 - Computer Security Incident Coordination (CSIC): Providing Timely Cyber Incident Response

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-28

... information as part of the research needed to write a NIST Special Publication (SP) to help Computer Security.... The NIST SP will identify technical standards, methodologies, procedures, and processes that facilitate prompt and effective response. This RFI requests information regarding technical best practices...

Privacy and security of patient data in the pathology laboratory.

PubMed

Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

Insider Threat and Information Security Management

NASA Astrophysics Data System (ADS)

Coles-Kemp, Lizzie; Theoharidou, Marianthi

The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.

When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist.

PubMed

Blanke, Sandra J; McGrady, Elizabeth

2016-07-01

Health care stakeholders are concerned about the growing risk of protecting sensitive patient health information from breaches. The Federal Emergency Management Agency (FEMA) has identified cyber attacks as an emerging concern, and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased security requirements and are enforcing compliance through stiff financial penalties. The purpose of this study is to describe health care breaches of protected information, analyze the hazards and vulnerabilities of reported breach cases, and prescribe best practices of managing risk through security controls and countermeasures. Prescriptive findings were used to construct a checklist tool to assess and monitor common risks. This research uses a case methodology to describe specific examples of the 3 major types of cyber breach hazards: portable device, insider, and physical breaches. We utilize a risk management framework to prescribe preventative actions that organizations can take to assess, analyze, and mitigate these risks. The health care sector has the largest number of reported breaches, with 3 major types: portable device, insider, and physical breaches. Analysis of actual cases indicates security gaps requiring prescriptive fixes based on "best practices." Our research culminates in a 25-item checklist that organizations can use to assess existing practices and identify security gaps requiring improvement. © 2016 American Society for Healthcare Risk Management of the American Hospital Association.

Measuring Operational Resilience Using the CERT(Registered) Resilience Management Model

DTIC Science & Technology

2010-09-01

such as ISO 27002 [ ISO 2005]) and then measure the implementation and performance of practices contained in the standard. This checklist-based ap...Security techniques – Code of practice for information security management. ISO /IEC 27002 :2005, June 2005. Also known as ISO /IEC 17799:2005. [ ISO 2007...Table 23: ISO 15939 Process Activities and Tasks 54 Table 24: CERT-RMM Measurement and Analysis Process Area Goals and Practices 55 CMU/SEI

77 FR 5747 - Security Zones, Seattle's Seafair Fleet Week Moving Vessels, Puget Sound, WA

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-06

... establishment of security zones. We seek any comments or information that may lead to the discovery of a... This proposed rule would call for no new collection of information under the Paperwork Reduction Act of..., design, or operation; test methods; sampling procedures; and related management systems practices) that...

Safeguarding Your Technology: Practical Guidelines for Electronic Education Information Security.

ERIC Educational Resources Information Center

Szuba, Tom

This guide was developed specifically for educational administrators at the building, campus, district, system, and state levels, and is meant to serve as a framework to help them better understand why and how to effectively secure their organization's information, software, and computer and networking equipment. This document is organized into 10…

A Model for an Information Security Risk Management (ISRM) Framework for Saudi Arabian Organisations

ERIC Educational Resources Information Center

Alshareef, Naser

2016-01-01

Countries in the Gulf represent thriving, globally important commercial centres. They have embraced technology and modern management methods, often originating in the western countries. In adapting to quite different cultures these do not always operate as successfully. The adoption and practices of the Information Security Risk Management (ISRM)…

Compliance with HIPAA security standards in U.S. Hospitals.

PubMed

Davis, Diane; Having, Karen

2006-01-01

With the widespread use of computer networks, the amount of information stored electronically has grown exponentially, resulting in increased concern for privacy and security of information. The healthcare industry has been put to the test with the federally mandated Health Insurance Portability and Accountability Act (HIPAA) of 1996. To assess the compliance status of HIPAA security standards, a random sample of 1,000 U.S. hospitals was surveyed in January 2004, yielding a return rate of 29 percent. One year later, a follow-up survey was sent to all previous respondents, with 50 percent replying. HIPAA officers'perceptions of security compliance in 2004 and 2005 are compared in this article. The security standards achieving the highest level of compliance in both 2004 and 2005 were obtaining required business associate agreements and physical safeguards to limit access to electronic information systems. Respondents indicated least compliance both years in performing periodic evaluation of security practices governed by the Security Rule. Roadblocks, threats, problems and solutions regarding HIPAA compliance are discussed. This information may be applied to current and future strategies toward maintaining security of information systems throughout the healthcare industry.

The Operational Manager - Enemy or Hero of Secure Business Practice?

NASA Astrophysics Data System (ADS)

Goucher, Wendy

This paper will investigate the role of the non-IT manager in information security. He can, for example, be the reason why sensitive work is carried out on the move and security focused spending is given a low priority in the budget. Alternatively, he can also be the driving force behind empowering the team to have a dynamic attitude to protecting data both at work and at home. Now is the time for managers to stop pushing information security issues away from their desk and into the in-tray of the IT department.

An updated look at document security: from initiation to storage or shredder.

PubMed

McConnell, Charles R

2014-01-01

In these days of close attention to security of information handled electronically, there is often a tendency to overlook the security of hard-copy documents. Document security can involve many areas of business, but the health care department manager's concerns are primarily for patient records and employee documentation. Document security is closely related to growing concerns for individual privacy; guidelines are furnished for protecting employee privacy by separating retention practices for business information from personal information. Sensitive documentation requires rules and procedures for processing, retaining, accessing, storing, and eventually destroying. Also, documents that are missing or incomplete at times present unique problems for the organization. The department manager is provided with some simple rules for safeguarding employee and patient documentation.

SHI(EL)DS: A Novel Hardware-Based Security Backplane to Enhance Security with Minimal Impact to System Operation

DTIC Science & Technology

2008-03-01

executables. The current roadblock to detecting Type I Malware consistantly is the practice of legitimate software , such as antivirus programs, using this... Software Security Systems . . 31 3.2.2 Advantages of Hardware . . . . . . . . . . . . . 32 3.2.3 Trustworthiness of Information . . . . . . . . . 33...Towards a Hardware Security Backplane . . . . . . . . . 42 IV. Review of State of the Art Computer Security Solutions . . . . . 46 4.1 Software

School Safety and Security Best Practices Approved by the Commissioner of Education. Information Brief. Report.

ERIC Educational Resources Information Center

Florida State Legislature, Tallahassee. Office of Program Policy Analysis and Government Accountability.

The 2001 Florida Legislature passed Ch. 2001-125, Laws of Florida, Section 40, which is often referred to as the Safe Passage Act. It requires all school districts to conduct a self-assessment of their school safety and security using best practices developed by the Office of Program Policy Analysis and Government Accountability (OPPAGA). It also…

Information security risk management for computerized health information systems in hospitals: a case study of Iran.

PubMed

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

[The concept and measurement of food security].

PubMed

Kim, Kirang; Kim, Mi Kyung; Shin, Young Jeon

2008-11-01

During the past two decades, food deprivation and hunger have been recognized to be not just the concerns of only underdeveloped or developing countries, but as problems for many affluent Western nations as well. Many countries have made numerous efforts to define and measure the extent of these problems. Based on these efforts, the theory and practice of food security studies has significantly evolved during the last decades. Thus, this study aims to provide a comprehensive review of the concept and measurement of food security. In this review, we introduce the definition and background of food security, we describe the impact of food insecurity on nutrition and health, we provide its measurements and operational instruments and we discuss its applications and implications. Some practical information for the use of the food security index in South Korea is also presented. Food security is an essential element in achieving a good nutritional and health status and it has an influence to reduce poverty. The information about the current understanding of food security can help scientists, policy makers and program practitioners conduct research and maintain outreach programs that address the issues of poverty and the promotion of food security.

The Role of Healthcare Technology Management in Facilitating Medical Device Cybersecurity.

PubMed

Busdicker, Mike; Upendra, Priyanka

2017-09-02

This article discusses the role of healthcare technology management (HTM) in medical device cybersecurity and outlines concepts that are applicable to HTM professionals at a healthcare delivery organization or at an integrated delivery network, regardless of size. It provides direction for HTM professionals who are unfamiliar with the security aspects of managing healthcare technologies but are familiar with standards from The Joint Commission (TJC). It provides a useful set of recommendations, including relevant references for incorporating good security practices into HTM practice. Recommendations for policies, procedures, and processes referencing TJC standards are easily applicable to HTM departments with limited resources and to those with no resource concerns. The authors outline processes from their organization as well as best practices learned through information sharing at AAMI, National Health Information Sharing and Analysis Center (NH-ISAC), and Medical Device Innovation, Safety, and Security Consortium (MDISS) conferences and workshops.

Privacy and security of patient data in the pathology laboratory

PubMed Central

Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

Measuring Information Security: Guidelines to Build Metrics

NASA Astrophysics Data System (ADS)

von Faber, Eberhard

Measuring information security is a genuine interest of security managers. With metrics they can develop their security organization's visibility and standing within the enterprise or public authority as a whole. Organizations using information technology need to use security metrics. Despite the clear demands and advantages, security metrics are often poorly developed or ineffective parameters are collected and analysed. This paper describes best practices for the development of security metrics. First attention is drawn to motivation showing both requirements and benefits. The main body of this paper lists things which need to be observed (characteristic of metrics), things which can be measured (how measurements can be conducted) and steps for the development and implementation of metrics (procedures and planning). Analysis and communication is also key when using security metrics. Examples are also given in order to develop a better understanding. The author wants to resume, continue and develop the discussion about a topic which is or increasingly will be a critical factor of success for any security managers in larger organizations.

Securing Location Services Infrastructures: Practical Criteria for Application Developers and Solutions Architects

ERIC Educational Resources Information Center

Karamanian, Andre

2013-01-01

This qualitative, exploratory, normative study examined the security and privacy of location based services in mobile applications. This study explored risk, and controls to implement privacy and security. This study was addressed using components of the FIPS Risk Management Framework. This study found that risk to location information was…

How ISO/IEC 17799 can be used for base lining information assurance among entities using data mining for defense, homeland security, commercial, and other civilian/commercial domains

NASA Astrophysics Data System (ADS)

Perry, William G.

2006-04-01

One goal of database mining is to draw unique and valid perspectives from multiple data sources. Insights that are fashioned from closely-held data stores are likely to possess a high degree of reliability. The degree of information assurance comes into question, however, when external databases are accessed, combined and analyzed to form new perspectives. ISO/IEC 17799, Information technology-Security techniques-Code of practice for information security management, can be used to establish a higher level of information assurance among disparate entities using data mining in the defense, homeland security, commercial and other civilian/commercial domains. Organizations that meet ISO/IEC information security standards have identified and assessed risks, threats and vulnerabilities and have taken significant proactive steps to meet their unique security requirements. The ISO standards address twelve domains: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management and business continuity management and compliance. Analysts can be relatively confident that if organizations are ISO 17799 compliant, a high degree of information assurance is likely to be a characteristic of the data sets being used. The reverse may be true. Extracting, fusing and drawing conclusions based upon databases with a low degree of information assurance may be wrought with all of the hazards that come from knowingly using bad data to make decisions. Using ISO/IEC 17799 as a baseline for information assurance can help mitigate these risks.

A Security Proof of Measurement Device Independent Quantum Key Distribution: From the View of Information Theory

NASA Astrophysics Data System (ADS)

Li, Fang-Yi; Yin, Zhen-Qiang; Li, Hong-Wei; Chen, Wei; Wang, Shuang; Wen, Hao; Zhao, Yi-Bo; Han, Zheng-Fu

2014-07-01

Although some ideal quantum key distribution protocols have been proved to be secure, there have been some demonstrations that practical quantum key distribution implementations were hacked due to some real-life imperfections. Among these attacks, detector side channel attacks may be the most serious. Recently, a measurement device independent quantum key distribution protocol [Phys. Rev. Lett. 108 (2012) 130503] was proposed and all detector side channel attacks are removed in this scheme. Here a new security proof based on quantum information theory is given. The eavesdropper's information of the sifted key bits is bounded. Then with this bound, the final secure key bit rate can be obtained.

Optical Security System Based on the Biometrics Using Holographic Storage Technique with a Simple Data Format

NASA Astrophysics Data System (ADS)

Jun, An Won

2006-01-01

We implement a first practical holographic security system using electrical biometrics that combines optical encryption and digital holographic memory technologies. Optical information for identification includes a picture of face, a name, and a fingerprint, which has been spatially multiplexed by random phase mask used for a decryption key. For decryption in our biometric security system, a bit-error-detection method that compares the digital bit of live fingerprint with of fingerprint information extracted from hologram is used.

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

PubMed

Bernik, Igor; Prislan, Kaja

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

Information security risk management for computerized health information systems in hospitals: a case study of Iran

PubMed Central

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

Methods of Organizational Information Security

NASA Astrophysics Data System (ADS)

Martins, José; Dos Santos, Henrique

The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant dimensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foundation of norms focused on technologies, in processes and taking into consideration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the development of a method of security of information for an organization in a conflicting environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of "Network centric warfare", "Information superiority" and "Information warfare" especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.

Best Practices for the Security of Radioactive Materials

DOE Office of Scientific and Technical Information (OSTI.GOV)

Coulter, D.T.; Musolino, S.

2009-05-01

This work is funded under a grant provided by the US Department of Health and Human Services, Centers for Disease Control. The Department of Health and Mental Hygiene (DOHMH) awarded a contract to Brookhaven National Laboratory (BNL) to develop best practices guidance for Office of Radiological Health (ORH) licensees to increase on-site security to deter and prevent theft of radioactive materials (RAM). The purpose of this document is to describe best practices available to manage the security of radioactive materials in medical centers, hospitals, and research facilities. There are thousands of such facilities in the United States, and recent studiesmore » suggest that these materials may be vulnerable to theft or sabotage. Their malevolent use in a radiological-dispersion device (RDD), viz., a dirty bomb, can have severe environmental- and economic- impacts, the associated area denial, and potentially large cleanup costs, as well as other effects on the licensees and the public. These issues are important to all Nuclear Regulatory Commission and Agreement State licensees, and to the general public. This document outlines approaches for the licensees possessing these materials to undertake security audits to identify vulnerabilities in how these materials are stored or used, and to describe best practices to upgrade or enhance their security. Best practices can be described as the most efficient (least amount of effort/cost) and effective (best results) way of accomplishing a task and meeting an objective, based on repeatable procedures that have proven themselves over time for many people and circumstances. Best practices within the security industry include information security, personnel security, administrative security, and physical security. Each discipline within the security industry has its own 'best practices' that have evolved over time into common ones. With respect to radiological devices and radioactive-materials security, industry best practices encompass both physical security (hardware and engineering) and administrative procedures. Security regimes for these devices and materials typically use a defense-in-depth- or layered-security approach to eliminate single points of failure. The Department of Energy, the Department of Homeland Security, the Department of Defense, the American Society of Industrial Security (ASIS), the Security Industry Association (SIA) and Underwriters Laboratory (UL) all rovide design guidance and hardware specifications. With a graded approach, a physical-security specialist can tailor an integrated security-management system in the most appropriate cost-effective manner to meet the regulatory and non-regulatory requirements of the licensee or client.« less

How to implement security controls for an information security program at CBRN facilities

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in anmore » easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.« less

14 CFR 1203.501 - Applying derivative classification markings.

Code of Federal Regulations, 2011 CFR

2011-01-01

... INFORMATION SECURITY PROGRAM Derivative Classification § 1203.501 Applying derivative classification markings... classification decisions: (b) Verify the information's current level of classification so far as practicable...

14 CFR 1203.501 - Applying derivative classification markings.

Code of Federal Regulations, 2010 CFR

2010-01-01

... INFORMATION SECURITY PROGRAM Derivative Classification § 1203.501 Applying derivative classification markings... classification decisions: (b) Verify the information's current level of classification so far as practicable...

A method of non-contact reading code based on computer vision

NASA Astrophysics Data System (ADS)

Zhang, Chunsen; Zong, Xiaoyu; Guo, Bingxuan

2018-03-01

With the purpose of guarantee the computer information exchange security between internal and external network (trusted network and un-trusted network), A non-contact Reading code method based on machine vision has been proposed. Which is different from the existing network physical isolation method. By using the computer monitors, camera and other equipment. Deal with the information which will be on exchanged, Include image coding ,Generate the standard image , Display and get the actual image , Calculate homography matrix, Image distort correction and decoding in calibration, To achieve the computer information security, Non-contact, One-way transmission between the internal and external network , The effectiveness of the proposed method is verified by experiments on real computer text data, The speed of data transfer can be achieved 24kb/s. The experiment shows that this algorithm has the characteristics of high security, fast velocity and less loss of information. Which can meet the daily needs of the confidentiality department to update the data effectively and reliably, Solved the difficulty of computer information exchange between Secret network and non-secret network, With distinctive originality, practicability, and practical research value.

Information Systems Security Management: A Review and a Classification of the ISO Standards

NASA Astrophysics Data System (ADS)

Tsohou, Aggeliki; Kokolakis, Spyros; Lambrinoudakis, Costas; Gritzalis, Stefanos

The need for common understanding and agreement of functional and non-functional requirements is well known and understood by information system designers. This is necessary for both: designing the "correct" system and achieving interoperability with other systems. Security is maybe the best example of this need. If the understanding of the security requirements is not the same for all involved parties and the security mechanisms that will be implemented do not comply with some globally accepted rules and practices, then the system that will be designed will not necessarily achieve the desired security level and it will be very difficult to securely interoperate with other systems. It is therefore clear that the role and contribution of international standards to the design and implementation of security mechanisms is dominant. In this paper we provide a state of the art review on information security management standards published by the International Organization for Standardization and the International Electrotechnical Commission. Such an analysis is meaningful to security practitioners for an efficient management of information security. Moreover, the classification of the standards in the clauses of ISO/IEC 27001:2005 that results from our analysis is expected to provide assistance in dealing with the plethora of security standards.

The role of privacy protection in healthcare information systems adoption.

PubMed

Hsu, Chien-Lung; Lee, Ming-Ren; Su, Chien-Hui

2013-10-01

Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users' privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection.

Biocontainment, biosecurity, and security practices in beef feedyards.

PubMed

Brandt, Aric W; Sanderson, Michael W; DeGroot, Brad D; Thomson, Dan U; Hollis, Larry C

2008-01-15

To determine the biocontainment, biosecurity, and security practices at beef feedyards in the Central Plains of the United States. Survey. Managers of feedyards in Colorado, Kansas, Nebraska, Oklahoma, and Texas that feed beef cattle for finish before slaughter; feedyards had to have an active concentrated animal feeding operation permit with a 1-time capacity of >or= 1,000 cattle. A voluntary survey of feedyard personnel was conducted. Identified feedyard personnel were interviewed and responses regarding facility design, security, employees, disease preparedness, feedstuffs, hospital or treatment systems, sanitation, cattle sources, handling of sick cattle, and disposal of carcasses were collected in a database questionnaire. The survey was conducted for 106 feedyards with a 1-time capacity that ranged from 1,300 to 125,000 cattle. Feedyards in general did not have high implementation of biocontainment, biosecurity, or security practices. Smaller feedyards were, in general, less likely to use good practices than were larger feedyards. Results of the survey provided standard practices for biocontainment, biosecurity, and security in feedyards located in Central Plains states. Information gained from the survey results can be used by consulting veterinarians and feedyard managers as a basis for discussion and to target training efforts.

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation

PubMed Central

2016-01-01

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model—ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it’s recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes. PMID:27655001

Quality and security - They work together

NASA Technical Reports Server (NTRS)

Carr, Richard; Tynan, Marie; Davis, Russell

1991-01-01

This paper describes the importance of considering computer security as part of software quality assurance practice. The intended audience is primarily those professionals involved in the design, development, and quality assurance of software. Many issues are raised which point to the need ultimately for integration of quality assurance and computer security disciplines. To address some of the issues raised, the NASA Automated Information Security program is presented as a model which may be used for improving interactions between the quality assurance and computer security community of professionals.

A Systematic Review of Research Studies Examining Telehealth Privacy and Security Practices used by Healthcare Providers.

PubMed

Watzlaf, Valerie J M; Zhou, Leming; Dealmeida, Dilhari R; Hartman, Linda M

2017-01-01

The objective of this systematic review was to systematically review papers in the United States that examine current practices in privacy and security when telehealth technologies are used by healthcare providers. A literature search was conducted using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses Protocols (PRISMA-P). PubMed, CINAHL and INSPEC from 2003 - 2016 were searched and returned 25,404 papers (after duplications were removed). Inclusion and exclusion criteria were strictly followed to examine title, abstract, and full text for 21 published papers which reported on privacy and security practices used by healthcare providers using telehealth. Data on confidentiality, integrity, privacy, informed consent, access control, availability, retention, encryption, and authentication were all searched and retrieved from the papers examined. Papers were selected by two independent reviewers, first per inclusion/exclusion criteria and, where there was disagreement, a third reviewer was consulted. The percentage of agreement and Cohen's kappa was 99.04% and 0.7331 respectively. The papers reviewed ranged from 2004 to 2016 and included several types of telehealth specialties. Sixty-seven percent were policy type studies, and 14 percent were survey/interview studies. There were no randomized controlled trials. Based upon the results, we conclude that it is necessary to have more studies with specific information about the use of privacy and security practices when using telehealth technologies as well as studies that examine patient and provider preferences on how data is kept private and secure during and after telehealth sessions.

Writing a group practice business plan.

PubMed

Reiboldt, J M

1999-07-01

A business plan offers group practices a blueprint to accomplish a variety of goals, such as securing capital, marketing the practice's services, recruiting new employees, developing a strategic plan or a budget, or planning for growth. A business plan should be informative, specific, and visionary. Elements that every business plan should address are a mission statement, strategy, planning, management information, and action scheme. A business plan should include certain information in a prescribed order. By writing a realistic business plan, group practices can work more efficiently and minimize the risk of not meeting their financial projections.

Methodology development for quantitative optimization of security enhancement in medical information systems -Case study in a PACS and a multi-institutional radiotherapy database-.

PubMed

Haneda, Kiyofumi; Umeda, Tokuo; Koyama, Tadashi; Harauchi, Hajime; Inamura, Kiyonari

2002-01-01

The target of our study is to establish the methodology for analyzing level of security requirements, for searching suitable security measures and for optimizing security distribution to every portion of medical practice. Quantitative expression must be introduced to our study as possible for the purpose of easy follow up of security procedures and easy evaluation of security outcomes or results. Results of system analysis by fault tree analysis (FTA) clarified that subdivided system elements in detail contribute to much more accurate analysis. Such subdivided composition factors very much depended on behavior of staff, interactive terminal devices, kinds of service, and routes of network. As conclusion, we found the methods to analyze levels of security requirements for each medical information systems employing FTA, basic events for each composition factor and combination of basic events. Methods for searching suitable security measures were found. Namely risk factors for each basic event, number of elements for each composition factor and candidates of security measure elements were found. Method to optimize the security measures for each medical information system was proposed. Namely optimum distribution of risk factors in terms of basic events were figured out, and comparison of them between each medical information systems became possible.

Safe: a status update on information security and the hospital community.

PubMed

Fundner, Rita

2003-01-01

IT Security and Privacy are becoming increasingly visible "hot topics" across the full spectrum of industry and service sectors. Legislation and global "best practices" are working hard to defend organizations and individuals against escalating, rapidly evolving cyber-threats. Predictably, the threat landscape is having an impact on all levels to varying degrees: governmental, organizational and individual. This article introduces the basic context for information security and offers insight into how a number of hospitals are addressing the situation, what barriers they currently face and what opportunities they see unfolding.

16 CFR 314.3 - Standards for safeguarding customer information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 16 Commercial Practices 1 2010-01-01 2010-01-01 false Standards for safeguarding customer... OF CONGRESS STANDARDS FOR SAFEGUARDING CUSTOMER INFORMATION § 314.3 Standards for safeguarding customer information. (a) Information security program. You shall develop, implement, and maintain a...

Attacks on practical quantum key distribution systems (and how to prevent them)

NASA Astrophysics Data System (ADS)

Jain, Nitin; Stiller, Birgit; Khan, Imran; Elser, Dominique; Marquardt, Christoph; Leuchs, Gerd

2016-07-01

With the emergence of an information society, the idea of protecting sensitive data is steadily gaining importance. Conventional encryption methods may not be sufficient to guarantee data protection in the future. Quantum key distribution (QKD) is an emerging technology that exploits fundamental physical properties to guarantee perfect security in theory. However, it is not easy to ensure in practice that the implementations of QKD systems are exactly in line with the theoretical specifications. Such theory-practice deviations can open loopholes and compromise security. Several such loopholes have been discovered and investigated in the last decade. These activities have motivated the proposal and implementation of appropriate countermeasures, thereby preventing future attacks and enhancing the practical security of QKD. This article introduces the so-called field of quantum hacking by summarising a variety of attacks and their prevention mechanisms.

Effectiveness of the Department of Defense Information Assurance Accreditation Process

DTIC Science & Technology

2013-03-01

meeting the requirements of ISO 27001, Information Security Management System. ISO 27002 provides “security techniques” or best practices that can be...efforts to the next level and implement a recognized standard such as the International Organization for Standards ( ISO ) 27000 Series of standards...implemented by an organization as part of their certification effort.15 Most likely, the main motivation a company would have for achieving an ISO

Efficient Privacy-Aware Record Integration.

PubMed

Kuzu, Mehmet; Kantarcioglu, Murat; Inan, Ali; Bertino, Elisa; Durham, Elizabeth; Malin, Bradley

2013-01-01

The integration of information dispersed among multiple repositories is a crucial step for accurate data analysis in various domains. In support of this goal, it is critical to devise procedures for identifying similar records across distinct data sources. At the same time, to adhere to privacy regulations and policies, such procedures should protect the confidentiality of the individuals to whom the information corresponds. Various private record linkage (PRL) protocols have been proposed to achieve this goal, involving secure multi-party computation (SMC) and similarity preserving data transformation techniques. SMC methods provide secure and accurate solutions to the PRL problem, but are prohibitively expensive in practice, mainly due to excessive computational requirements. Data transformation techniques offer more practical solutions, but incur the cost of information leakage and false matches. In this paper, we introduce a novel model for practical PRL, which 1) affords controlled and limited information leakage, 2) avoids false matches resulting from data transformation. Initially, we partition the data sources into blocks to eliminate comparisons for records that are unlikely to match. Then, to identify matches, we apply an efficient SMC technique between the candidate record pairs. To enable efficiency and privacy, our model leaks a controlled amount of obfuscated data prior to the secure computations. Applied obfuscation relies on differential privacy which provides strong privacy guarantees against adversaries with arbitrary background knowledge. In addition, we illustrate the practical nature of our approach through an empirical analysis with data derived from public voter records.

78 FR 70046 - Agency Information Collection Activities; Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-22

... Gans, Attorney, Division of Marketing Practices, Bureau of Consumer Protection, Federal Trade... that your comment does not include any sensitive personal information, such as anyone's Social Security...

Challenges of information security incident learning: An industrial case study in a Chinese healthcare organization.

PubMed

He, Ying; Johnson, Chris

2017-12-01

Security incidents can have negative impacts on healthcare organizations, and the security of medical records has become a primary concern of the public. However, previous studies showed that organizations had not effectively learned lessons from security incidents. Incident learning as an essential activity in the "follow-up" phase of security incident response lifecycle has long been addressed but not given enough attention. This paper conducted a case study in a healthcare organization in China to explore their current obstacles in the practice of incident learning. We interviewed both IT professionals and healthcare professionals. The results showed that the organization did not have a structured way to gather and redistribute incident knowledge. Incident response was ineffective in cycling incident knowledge back to inform security management. Incident reporting to multiple stakeholders faced a great challenge. In response to this case study, we suggest the security assurance modeling framework to address those obstacles.

Clinicians, security and information technology support services in practice settings--a pilot study.

PubMed

Fernando, Juanita

2010-01-01

This case study of 9 information technology (IT) support staff in 3 Australian (Victoria) public hospitals juxtaposes their experiences at the user-level of eHealth security in the Natural Hospital Environment with that previously reported by 26 medical, nursing and allied healthcare clinicians. IT support responsibilities comprised the entire hospital, of which clinician eHealth security needs were only part. IT staff believed their support tasks were often fragmented while work responsibilities were hampered by resources shortages. They perceived clinicians as an ongoing security risk to private health information. By comparison clinicians believed IT staff would not adequately support the private and secure application of eHealth for patient care. Preliminary data analysis suggests the tension between these cohorts manifests as an eHealth environment where silos of clinical work are disconnected from silos of IT support work. The discipline-based silos hamper health privacy outcomes. Privacy and security policies, especially those influencing the audit process, will benefit by further research of this phenomenon.

An Integrative Behavioral Model of Information Security Policy Compliance

PubMed Central

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized. PMID:24971373

An integrative behavioral model of information security policy compliance.

PubMed

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized.

A Systematic Review of Research Studies Examining Telehealth Privacy and Security Practices used by Healthcare Providers

PubMed Central

WATZLAF, VALERIE J. M.; ZHOU, LEMING; DEALMEIDA, DILHARI R.; HARTMAN, LINDA M.

2017-01-01

The objective of this systematic review was to systematically review papers in the United States that examine current practices in privacy and security when telehealth technologies are used by healthcare providers. A literature search was conducted using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses Protocols (PRISMA-P). PubMed, CINAHL and INSPEC from 2003 – 2016 were searched and returned 25,404 papers (after duplications were removed). Inclusion and exclusion criteria were strictly followed to examine title, abstract, and full text for 21 published papers which reported on privacy and security practices used by healthcare providers using telehealth. Data on confidentiality, integrity, privacy, informed consent, access control, availability, retention, encryption, and authentication were all searched and retrieved from the papers examined. Papers were selected by two independent reviewers, first per inclusion/exclusion criteria and, where there was disagreement, a third reviewer was consulted. The percentage of agreement and Cohen’s kappa was 99.04% and 0.7331 respectively. The papers reviewed ranged from 2004 to 2016 and included several types of telehealth specialties. Sixty-seven percent were policy type studies, and 14 percent were survey/interview studies. There were no randomized controlled trials. Based upon the results, we conclude that it is necessary to have more studies with specific information about the use of privacy and security practices when using telehealth technologies as well as studies that examine patient and provider preferences on how data is kept private and secure during and after telehealth sessions. PMID:29238448

HIPAA--a real world perspective.

PubMed

Nulan, C

2001-01-01

An effective and realistic approach to HIPAA compliance requires healthcare organizations to achieve a fundamental shift in attitude, awareness, habits and capabilities in the areas of privacy and security. They must create a sense of accountability among staff, and even patients, for the safeguarding of patient information. Only when this culture shift has occurred, along with the required technological advancements, can HIPAA compliance be realistically achieved. There is still ample time to create the organizational shift necessary, along with technological enhancements, to meet HIPAA requirements. Beyond compliance, HIPAA will benefit the healthcare industry by promoting administrative simplification--the original intention of the Act. And it will require the healthcare industry, in an abbreviated timeframe, to upgrade its level of sophistication in managing information. HIPAA certification springs from an organizational compliance method that has been underway in government for the past two decades. The HIPAA playbook is taken lock, stock and barrel from other Federal guidelines. HIPAA's legislative lineage includes the Healthcare Reform Act of 1993, Paperwork Reduction Act of 1980, Computer Security Act of 1987 and the Privacy Act of 1974. HIPAA means that public and private sector healthcare organizations are going to be required by law to adopt the same information-handling practices that have been in effect in the Federal government for years. That boils down to two things: Standardized formatting of data electronically exchanged between providers, payers and business partners (EDI) Federalization of security and privacy practices within private-sector healthcare information management The key to making HIPAA compliance achievable within a practical timeframe, as well as instituting the culture changes that go with enhanced privacy and security standards, is a process that is largely unfamiliar in the private sector, called administrative certification and accreditation. Certification is an organizational change-management methodology that drives accountability for security down to that level in the organization where it will concretely and tangibly get done. It is a comprehensive managerial assessment of the technical and non-technical security features and other safeguards of a system associated with its use and environment. The assessment seeks to establish and document the extent to which a particular system meets a set of specified security requirements. HIPAA accreditation occurs when all functional managers in an organization have completed reports of what they know they need to do in their areas. They submit that information to an executive official within the organization who functions as the accrediting official for the organization. Accreditation is the formal declaration that an information system is approved to operate in a particular security mode using a prescribed set of safeguards and should be strongly based on the solvable vulnerabilities and residual risks identified during certification. Institutionalizing a practical and formal HIPAA certification program is important to support business activities and can provide several benefits including increased communication within an organization.

What if? The one question every administrator should ask. Use HIPAA rules as a blueprint for broader safety, security.

PubMed

Redling, Bob

2007-08-01

Are you doing enough to control security and privacy at your practice? Could you cope if your organization suffered a disaster that destroyed facilities, business documents and patient records? Although Health Insurance Portability and Accountability Act (HIPAA) security and privacy rules focus on patient health information, they also point the way to a more comprehensive approach to managing risk. By using HIPAA rules as a blueprint, you can design policies and procedures to address everything from safeguarding financial information to protecting the personal safety of patients, physicians and staff.

Practical private database queries based on a quantum-key-distribution protocol

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jakobi, Markus; Humboldt-Universitaet zu Berlin, D-10117 Berlin; Simon, Christoph

2011-02-15

Private queries allow a user, Alice, to learn an element of a database held by a provider, Bob, without revealing which element she is interested in, while limiting her information about the other elements. We propose to implement private queries based on a quantum-key-distribution protocol, with changes only in the classical postprocessing of the key. This approach makes our scheme both easy to implement and loss tolerant. While unconditionally secure private queries are known to be impossible, we argue that an interesting degree of security can be achieved by relying on fundamental physical principles instead of unverifiable security assumptions inmore » order to protect both the user and the database. We think that the scope exists for such practical private queries to become another remarkable application of quantum information in the footsteps of quantum key distribution.« less

Statistics of software vulnerability detection in certification testing

NASA Astrophysics Data System (ADS)

Barabanov, A. V.; Markov, A. S.; Tsirlov, V. L.

2018-05-01

The paper discusses practical aspects of introduction of the methods to detect software vulnerability in the day-to-day activities of the accredited testing laboratory. It presents the approval results of the vulnerability detection methods as part of the study of the open source software and the software that is a test object of the certification tests under information security requirements, including software for communication networks. Results of the study showing the allocation of identified vulnerabilities by types of attacks, country of origin, programming languages used in the development, methods for detecting vulnerability, etc. are given. The experience of foreign information security certification systems related to the detection of certified software vulnerabilities is analyzed. The main conclusion based on the study is the need to implement practices for developing secure software in the development life cycle processes. The conclusions and recommendations for the testing laboratories on the implementation of the vulnerability analysis methods are laid down.

Secure smart grid communications and information integration based on digital watermarking in wireless sensor networks

NASA Astrophysics Data System (ADS)

Yan, Xin; Zhang, Ling; Wu, Yang; Luo, Youlong; Zhang, Xiaoxing

2017-02-01

As more and more wireless sensor nodes and networks are employed to acquire and transmit the state information of power equipment in smart grid, we are in urgent need of some viable security solutions to ensure secure smart grid communications. Conventional information security solutions, such as encryption/decryption, digital signature and so forth, are not applicable to wireless sensor networks in smart grid any longer, where bulk messages need to be exchanged continuously. The reason is that these cryptographic solutions will account for a large portion of the extremely limited resources on sensor nodes. In this article, a security solution based on digital watermarking is adopted to achieve the secure communications for wireless sensor networks in smart grid by data and entity authentications at a low cost of operation. Our solution consists of a secure framework of digital watermarking, and two digital watermarking algorithms based on alternating electric current and time window, respectively. Both watermarking algorithms are composed of watermark generation, embedding and detection. The simulation experiments are provided to verify the correctness and practicability of our watermarking algorithms. Additionally, a new cloud-based architecture for the information integration of smart grid is proposed on the basis of our security solutions.

A user anonymity preserving three-factor authentication scheme for telecare medicine information systems.

PubMed

Tan, Zuowen

2014-03-01

The telecare medicine information system enables the patients gain health monitoring at home and access medical services over internet or mobile networks. In recent years, the schemes based on cryptography have been proposed to address the security and privacy issues in the telecare medicine information systems. However, many schemes are insecure or they have low efficiency. Recently, Awasthi and Srivastava proposed a three-factor authentication scheme for telecare medicine information systems. In this paper, we show that their scheme is vulnerable to the reflection attacks. Furthermore, it fails to provide three-factor security and the user anonymity. We propose a new three-factor authentication scheme for the telecare medicine information systems. Detailed analysis demonstrates that the proposed scheme provides mutual authentication, server not knowing password and freedom of password, biometric update and three-factor security. Moreover, the new scheme provides the user anonymity. As compared with the previous three-factor authentication schemes, the proposed scheme is more secure and practical.

12 CFR 368.5 - Customer information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 4 2010-01-01 2010-01-01 false Customer information. 368.5 Section 368.5 Banks... GOVERNMENT SECURITIES SALES PRACTICES § 368.5 Customer information. Prior to the execution of a transaction... make reasonable efforts to obtain information concerning: (a) The customer's financial status; (b) The...

Practical aspects of handling data protection and data security.

PubMed

Louwerse, C P

1991-01-01

Looking at practical applications of health care information systems, we must conclude that in the field of data protection there still is too large a gap between what is feasible and necessary on one hand, and what is achieved in actual realizations on the other. To illustrate this point, we sketch the actual data protection measures in a large hospital information system, and describe the effects of changes affecting the system, such as increasing use of personal computers, and growing intensity of use of the system. Trends in the development of new and additional systems are indicated, and a summary of possible weak points and gaps in the security is given, some suggestions for improvement are made.

The application of data encryption technology in computer network communication security

NASA Astrophysics Data System (ADS)

Gong, Lina; Zhang, Li; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-04-01

With the rapid development of Intemet and the extensive application of computer technology, the security of information becomes more and more serious, and the information security technology with data encryption technology as the core has also been developed greatly. Data encryption technology not only can encrypt and decrypt data, but also can realize digital signature, authentication and authentication and other functions, thus ensuring the confidentiality, integrity and confirmation of data transmission over the network. In order to improve the security of data in network communication, in this paper, a hybrid encryption system is used to encrypt and decrypt the triple DES algorithm with high security, and the two keys are encrypted with RSA algorithm, thus ensuring the security of the triple DES key and solving the problem of key management; At the same time to realize digital signature using Java security software, to ensure data integrity and non-repudiation. Finally, the data encryption system is developed by Java language. The data encryption system is simple and effective, with good security and practicality.

Defining a risk-informed framework for whole-of-government lessons learned: A Canadian perspective.

PubMed

Friesen, Shaye K; Kelsey, Shelley; Legere, J A Jim

Lessons learned play an important role in emergency management (EM) and organizational agility. Virtually all aspects of EM can derive benefit from a lessons learned program. From major security events to exercises, exploiting and applying lessons learned and "best practices" is critical to organizational resilience and adaptiveness. A robust lessons learned process and methodology provides an evidence base with which to inform decisions, guide plans, strengthen mitigation strategies, and assist in developing tools for operations. The Canadian Safety and Security Program recently supported a project to define a comprehensive framework that would allow public safety and security partners to regularly share event response best practices, and prioritize recommendations originating from after action reviews. This framework consists of several inter-locking elements: a comprehensive literature review/environmental scan of international programs; a survey to collect data from end users and management; the development of a taxonomy for organizing and structuring information; a risk-informed methodology for selecting, prioritizing, and following through on recommendations; and standardized templates and tools for tracking recommendations and ensuring implementation. This article discusses the efforts of the project team, which provided "best practice" advice and analytical support to ensure that a systematic approach to lessons learned was taken by the federal community to improve prevention, preparedness, and response activities. It posits an approach by which one might design a systematic process for information sharing and event response coordination-an approach that will assist federal departments to institutionalize a cross-government lessons learned program.

Privacy Practices of Health Social Networking Sites: Implications for Privacy and Data Security in Online Cancer Communities.

PubMed

Charbonneau, Deborah H

2016-08-01

While online communities for social support continue to grow, little is known about the state of privacy practices of health social networking sites. This article reports on a structured content analysis of privacy policies and disclosure practices for 25 online ovarian cancer communities. All of the health social networking sites in the study sample provided privacy statements to users, yet privacy practices varied considerably across the sites. The majority of sites informed users that personal information was collected about participants and shared with third parties (96%, n = 24). Furthermore, more than half of the sites (56%, n = 14) stated that cookies technology was used to track user behaviors. Despite these disclosures, only 36% (n = 9) offered opt-out choices for sharing data with third parties. In addition, very few of the sites (28%, n = 7) allowed individuals to delete their personal information. Discussions about specific security measures used to protect personal information were largely missing. Implications for privacy, confidentiality, consumer choice, and data safety in online environments are discussed. Overall, nurses and other health professionals can utilize these findings to encourage individuals seeking online support and participating in social networking sites to build awareness of privacy risks to better protect their personal health information in the digital age.

75 FR 14429 - Agency Information Collection Activities; Submission for Office of Management and Budget Review...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-25

... regular security audits and have been certified for operation. The CPSC observes all industry and Federal government best practices for network security. CPSC staff regularly analyzes its systems for vulnerabilities and malware, and monitor the network for real-time intrusion attempts. B. Estimated Burden The CPSC...

A review and a framework of handheld computer adoption in healthcare.

PubMed

Lu, Yen-Chiao; Xiao, Yan; Sears, Andrew; Jacko, Julie A

2005-06-01

Wide adoption of mobile computing technology can potentially improve information access, enhance workflow, and promote evidence-based practice to make informed and effective decisions at the point of care. Handheld computers or personal digital assistants (PDAs) offer portable and unobtrusive access to clinical data and relevant information at the point of care. This article reviews the literature on issues related to adoption of PDAs in health care and barriers to PDA adoption. Studies showed that PDAs were used widely in health care providers' practice, and the level of use is expected to rise rapidly. Most care providers found PDAs to be functional and useful in areas of documentation, medical reference, and access to patient data. Major barriers to adoption were identified as usability, security concerns, and lack of technical and organizational support. PDAs offer health care practitioners advantages to enhance their clinical practice. However, better designed PDA hardware and software applications, more institutional support, seamless integration of PDA technology with hospital information systems, and satisfactory security measures are necessary to increase acceptance and wide use of PDAs in healthcare.

A security/safety survey of long term care facilities.

PubMed

Acorn, Jonathan R

2010-01-01

What are the major security/safety problems of long term care facilities? What steps are being taken by some facilities to mitigate such problems? Answers to these questions can be found in a survey of IAHSS members involved in long term care security conducted for the IAHSS Long Term Care Security Task Force. The survey, the author points out, focuses primarily on long term care facilities operated by hospitals and health systems. However, he believes, it does accurately reflect the security problems most long term facilities face, and presents valuable information on security systems and practices which should be also considered by independent and chain operated facilities.

Security of medical data transfer and storage in Internet. Cryptography, antiviral security and electronic signature problems, which must be solved in nearest future in practical context.

PubMed

Kasztelowicz, Piotr; Czubenko, Marek; Zieba, Iwona

2003-01-01

The informatical revolution in computer age, which gives significant benefit in transfer of medical information requests to pay still more attention for aspect of network security. All known advantages of network technologies--first of all simplicity of copying, multiplication and sending information to many individuals can be also dangerous, if illegal, not permitted persons get access to medical data bases. Internet is assumed to be as especially "anarchic" medium, therefore in order to use it in professional work any security principles should be bewared. In our presentation we will try to find the optimal security solution in organisational and technological aspects for any medical network. In our opinion the harmonious co-operation between users, medical authorities and network administrators is core of the success.

Breaching the security of the Kaiser Permanente Internet patient portal: the organizational foundations of information security.

PubMed

Collmann, Jeff; Cooper, Ted

2007-01-01

This case study describes and analyzes a breach of the confidentiality and integrity of personally identified health information (e.g. appointment details, answers to patients' questions, medical advice) for over 800 Kaiser Permanente (KP) members through KP Online, a web-enabled health care portal. The authors obtained and analyzed multiple types of qualitative data about this incident including interviews with KP staff, incident reports, root cause analyses, and media reports. Reasons at multiple levels account for the breach, including the architecture of the information system, the motivations of individual staff members, and differences among the subcultures of individual groups within as well as technical and social relations across the Kaiser IT program. None of these reasons could be classified, strictly speaking, as "security violations." This case study, thus, suggests that, to protect sensitive patient information, health care organizations should build safe organizational contexts for complex health information systems in addition to complying with good information security practice and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Lawrence Livermore National Laboratory`s Computer Security Short Subjects Videos: Hidden Password, The Incident, Dangerous Games and The Mess; Computer Security Awareness Guide

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

A video on computer security is described. Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education and Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1--3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices.

Practical quantum digital signature

NASA Astrophysics Data System (ADS)

Yin, Hua-Lei; Fu, Yao; Chen, Zeng-Bing

2016-03-01

Guaranteeing nonrepudiation, unforgeability as well as transferability of a signature is one of the most vital safeguards in today's e-commerce era. Based on fundamental laws of quantum physics, quantum digital signature (QDS) aims to provide information-theoretic security for this cryptographic task. However, up to date, the previously proposed QDS protocols are impractical due to various challenging problems and most importantly, the requirement of authenticated (secure) quantum channels between participants. Here, we present the first quantum digital signature protocol that removes the assumption of authenticated quantum channels while remaining secure against the collective attacks. Besides, our QDS protocol can be practically implemented over more than 100 km under current mature technology as used in quantum key distribution.

Faithful One-way Trip Deterministic Secure Quantum Communication Scheme Against Collective Rotating Noise Based on Order Rearrangement of Photon Pairs

NASA Astrophysics Data System (ADS)

Yuan, Hao; Zhang, Qin; Hong, Liang; Yin, Wen-jie; Xu, Dong

2014-08-01

We present a novel scheme for deterministic secure quantum communication (DSQC) over collective rotating noisy channel. Four special two-qubit states are found can constitute a noise-free subspaces, and so are utilized as quantum information carriers. In this scheme, the information carriers transmite over the quantum channel only one time, which can effectively reduce the influence of other noise existing in quantum channel. The information receiver need only perform two single-photon collective measurements to decode the secret messages, which can make the present scheme more convenient in practical application. It will be showed that our scheme has a relatively high information capacity and intrisic efficiency. Foremostly, the decoy photon pair checking technique and the order rearrangement of photon pairs technique guarantee that the present scheme is unconditionally secure.

Seeking Explanation in Theory: Reflections on the Social Practices of Organizations that Distribute Public Use Microdata Files for Research Purposes.

ERIC Educational Resources Information Center

Robbin, Alice; Koball, Heather

2001-01-01

Reports findings from a small-scale survey of organizational practices to limit disclosure of confidential information prior to publishing public use microdata files and illustrates how rules for preserving confidentiality were applied in practice. Discusses Internet data security, statistical disclosure limitation (SDL) methods, and improving…

77 FR 40371 - Agency Information Collection Activities: Submission for Review; Information Collection Extension...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-09

... Community of Practice (FRCoP): User Registration Page (DHS Form 10059 (9/09)). The FRCoP web based tool... Security Act of 2002 (PL 107-296) established this requirement. This notice and request for comments is...

17 CFR 200.80c - Appendix C-Rules and miscellaneous publications available from the Government Printing Office.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND... Commission in pamphlet form. All SEC public rules and regulations, including its Rules of Practice, are contained in title 17 of the Code of Federal Regulations, which also is available for purchase from the...

CERT Resilience Management Model (RMM) v1.1: Code of Practice Crosswalk Commercial Version 1.1

DTIC Science & Technology

2011-10-01

ISO /IEC 24762:2008 (E) 6 2.8 ISO /IEC 27002 :2005 (E) 6 2.9 ISO /IEC 27005:2008 (E) 6 2.10 ISO /IEC 31000:2009 (E) 6 2.11...webstore.ansi.org/. 2.8 ISO /IEC 27002 :2005 (E) ISO /IEC 27002 , “Code of practice for information security management” [ ISO /IEC 2005b], broaches the full...scope of security management, at points touching upon both IT management and disaster recovery. ISO /IEC 27002 is part of a growing “27000

10 CFR 95.18 - Key personnel.

Code of Federal Regulations, 2011 CFR

2011-01-01

... INFORMATION AND RESTRICTED DATA Physical Security § 95.18 Key personnel. The senior management official and... Clearance. Other key management officials, as determined by the CSA, must be granted an access authorization... organization's policies or practices in the performance of activities involving classified information. This...

Hacking Facebook Privacy and Security

DTIC Science & Technology

2012-08-28

that their information is somehow protected. However, practically this is not always the case and privacy on social networking sites has received...fraudsters target Facebook and other social networking sites to harvest information about you. Here’s how we recommend you set your Facebook privacy

Graduate Information Booklet, Spring 1986 [and] Answers to Frequently Asked Questions about Graduation and Transition from School for Special Education Students.

ERIC Educational Resources Information Center

Meissner, Margit; Patton, Ellen

The "Graduate Information Booklet" provides directory-type information on Montgomery County (Maryland) services for disabled students who are graduating from high school. The first section on practical information explains armed services registration, acquisition of school records, personal identification cards, social security cards,…

Experimental investigation of practical unforgeable quantum money

NASA Astrophysics Data System (ADS)

Bozzio, Mathieu; Orieux, Adeline; Trigo Vidarte, Luis; Zaquine, Isabelle; Kerenidis, Iordanis; Diamanti, Eleni

2018-01-01

Wiesner's unforgeable quantum money scheme is widely celebrated as the first quantum information application. Based on the no-cloning property of quantum mechanics, this scheme allows for the creation of credit cards used in authenticated transactions offering security guarantees impossible to achieve by classical means. However, despite its central role in quantum cryptography, its experimental implementation has remained elusive because of the lack of quantum memories and of practical verification techniques. Here, we experimentally implement a quantum money protocol relying on classical verification that rigorously satisfies the security condition for unforgeability. Our system exploits polarization encoding of weak coherent states of light and operates under conditions that ensure compatibility with state-of-the-art quantum memories. We derive working regimes for our system using a security analysis taking into account all practical imperfections. Our results constitute a major step towards a real-world realization of this milestone protocol.

Design and implementation of a secure workflow system based on PKI/PMI

NASA Astrophysics Data System (ADS)

Yan, Kai; Jiang, Chao-hui

2013-03-01

As the traditional workflow system in privilege management has the following weaknesses: low privilege management efficiency, overburdened for administrator, lack of trust authority etc. A secure workflow model based on PKI/PMI is proposed after studying security requirements of the workflow systems in-depth. This model can achieve static and dynamic authorization after verifying user's ID through PKC and validating user's privilege information by using AC in workflow system. Practice shows that this system can meet the security requirements of WfMS. Moreover, it can not only improve system security, but also ensures integrity, confidentiality, availability and non-repudiation of the data in the system.

The use of semi-structured interviews for the characterisation of farmer irrigation practices

NASA Astrophysics Data System (ADS)

O'Keeffe, Jimmy; Buytaert, Wouter; Mijic, Ana; Brozović, Nicholas; Sinha, Rajiv

2016-05-01

For the development of sustainable and realistic water security, generating information on the behaviours, characteristics, and drivers of users, as well as on the resource itself, is essential. In this paper we present a methodology for collecting qualitative and quantitative data on water use practices through semi-structured interviews. This approach facilitates the collection of detailed information on actors' decisions in a convenient and cost-effective manner. Semi-structured interviews are organised around a topic guide, which helps lead the conversation in a standardised way while allowing sufficient opportunity for relevant issues to emerge. In addition, they can be used to obtain certain types of quantitative data. While not as accurate as direct measurements, they can provide useful information on local practices and users' insights. We present an application of the methodology on farmer water use in two districts in the state of Uttar Pradesh in northern India. By means of 100 farmer interviews, information was collected on various aspects of irrigation practices, including irrigation water volumes, irrigation cost, water source, and their spatial variability. Statistical analyses of the information, along with data visualisation, are also presented, indicating a significant variation in irrigation practices both within and between districts. Our application shows that semi-structured interviews are an effective and efficient method of collecting both qualitative and quantitative information for the assessment of drivers, behaviours, and their outcomes in a data-scarce region. The collection of this type of data could significantly improve insights on water resources, leading to more realistic management options and increased water security in the future.

The use of semi-structured interviews for the characterisation of farmer irrigation practices

NASA Astrophysics Data System (ADS)

O'Keeffe, J.; Buytaert, W.; Mijic, A.; Brozovic, N.; Sinha, R.

2015-08-01

Generating information on the behaviours, characteristics and drivers of users, as well on the resource itself, is vital in developing sustainable and realistic water security options. In this paper we present a methodology for collecting qualitative and quantitative data on water use practices through semi-structured interviews. This approach facilitates the collection of detailed information on actors' decisions in a convenient and cost-effective manner. The interview is organised around a topic guide, which helps lead the conversation in a standardised way while allowing sufficient opportunity to identify relevant issues previously unknown to the researcher. In addition, semi-structured interviews can be used to obtain certain types of quantitative data. While not as accurate as direct measurements, it can provide useful information on local practices and farmers' insights. We present an application of the methodology on two districts in the State of Uttar Pradesh in North India. By means of 100 farmer interviews, information was collected on various aspects of irrigation practices, including irrigation water volumes, irrigation cost, water source and their spatial variability. A statistical analysis of the information, along with some data visualisation is also presented, which highlights a significant variation in irrigation practices both within and between the districts. Our application shows that semi-structured interviews are an effective and efficient method of collecting both qualitative and quantitative information for the assessment of drivers, behaviours and their outcomes in a data scarce region. The collection of this type of data could significantly improve insight on water resources, leading to more realistic management options and increased water security in the future.

Design of Hack-Resistant Diabetes Devices and Disclosure of Their Cyber Safety.

PubMed

Sackner-Bernstein, Jonathan

2017-03-01

The focus of the medical device industry and regulatory bodies on cyber security parallels that in other industries, primarily on risk assessment and user education as well as the recognition and response to infiltration. However, transparency of the safety of marketed devices is lacking and developers are not embracing optimal design practices with new devices. Achieving cyber safe diabetes devices: To improve understanding of cyber safety by clinicians and patients, and inform decision making on use practices of medical devices requires disclosure by device manufacturers of the results of their cyber security testing. Furthermore, developers should immediately shift their design processes to deliver better cyber safety, exemplified by use of state of the art encryption, secure operating systems, and memory protections from malware.

Informed Consent in Research on Second Language Acquisition

ERIC Educational Resources Information Center

Thomas, Margaret; Pettitt, Nicole

2017-01-01

The practice of securing informed consent from research participants has a relatively low profile in second language (L2) acquisition research, despite its prominence in the biomedical and social sciences. This review article analyses the role that informed consent now typically plays in L2 research; discusses an example of an L2 study where…

78 FR 72124 - Information Collection Request; Submission for OMB Review

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-02

... INFORMATION: Method: Applicants gain access to the form via a secure online portal. Applicants have to... perform the essential functions of a Peace Corps Volunteer and complete a tour of service without undue... functions of the Peace Corps, including whether the information will have practical use; the accuracy of the...

Train Practical Nurses to Become Registered Nurses: A Survey of the PN Point of View. Research Report Number 1.

ERIC Educational Resources Information Center

Gilpatrick, Eleanor

To secure information about the characteristics of the practical nurse population and their opinions about registered nurse preparation, questionnaires were distributed to 2,923 practical nurses employed by the New York City Municipal Hospitals. Usable questionnaires numbered 2,361 or 81 percent of the employed PN population. Approximately 9…

The Health Insurance Portability and Accountability Act: security and privacy requirements.

PubMed

Tribble, D A

2001-05-01

The security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their implications for pharmacy are discussed. HIPAA was enacted to improve the portability of health care insurance for persons leaving jobs. A section of the act encourages the use of electronic communications for health care claims adjudication, mandates the use of new standard code sets and transaction sets, and establishes the need for regulations to protect the security and privacy of individually identifiable health care information. Creating these regulations became the task of the Department of Health and Human Services. Regulations on security have been published for comment. Regulations on privacy and the definition of standard transaction sets and code sets are complete. National identifiers for patients, providers, and payers have not yet been established. The HIPAA regulations on security and privacy will require that pharmacies adopt policies and procedures that limit access to health care information. Existing pharmacy information systems may require upgrading or replacement. Costs of implementation nationwide are estimated to exceed $8 billion. The health care community has two years from the finalization of each regulation to comply with that regulation. The security and privacy requirements of HIPAA will require pharmacies to review their practices regarding the storage, use, and disclosure of protected health care information.

Security for decentralized health information systems.

PubMed

Bleumer, G

1994-02-01

Health care information systems must reflect at least two basic characteristics of the health care community: the increasing mobility of patients and the personal liability of everyone giving medical treatment. Open distributed information systems bear the potential to reflect these requirements. But the market for open information systems and operating systems hardly provides secure products today. This 'missing link' is approached by the prototype SECURE Talk that provides secure transmission and archiving of files on top of an existing operating system. Its services may be utilized by existing medical applications. SECURE Talk demonstrates secure communication utilizing only standard hardware. Its message is that cryptography (and in particular asymmetric cryptography) is practical for many medical applications even if implemented in software. All mechanisms are software implemented in order to be executable on standard-hardware. One can investigate more or less decentralized forms of public key management and the performance of many different cryptographic mechanisms. That of, e.g. hybrid encryption and decryption (RSA+DES-PCBC) is about 300 kbit/s. That of signing and verifying is approximately the same using RSA with a DES hash function. The internal speed, without disk accesses etc., is about 1.1 Mbit/s. (Apple Quadra 950 (MC 68040, 33 MHz, RAM: 20 MB, 80 ns. Length of RSA modulus is 512 bit).

Assessing staff attitudes towards information security in a European healthcare establishment.

PubMed

Furnell, S M; Gaunt, P N; Holben, R F; Sanders, P W; Stockel, C T; Warren, M J

1996-01-01

Information security is now recognized as an important consideration in modern healthcare establishments (HCEs), with a variety of guidelines and standards currently available to enable the environments to be properly protected. However, financial and operational constraints often exist which influence the practicality of these recommendations. This paper establishes that the staff culture of the organization is of particular importance in determining the level and types of security that will be accepted. This culture will be based upon staff awareness of and attitudes towards security and it is, therefore, important to have a clear idea of what these attitudes are. To this end, two surveys have been conducted within a reference environment to establish the attitudes of general users and technical staff, allowing the results to be fed back to HCE management to enable security policy to be appropriately defined. These results indicated that, although the establishment had participated in a European healthcare security initiative, staff attitudes and awareness were still weak in some areas.

Relativistic quantum private database queries

NASA Astrophysics Data System (ADS)

Sun, Si-Jia; Yang, Yu-Guang; Zhang, Ming-Ou

2015-04-01

Recently, Jakobi et al. (Phys Rev A 83, 022301, 2011) suggested the first practical private database query protocol (J-protocol) based on the Scarani et al. (Phys Rev Lett 92, 057901, 2004) quantum key distribution protocol. Unfortunately, the J-protocol is just a cheat-sensitive private database query protocol. In this paper, we present an idealized relativistic quantum private database query protocol based on Minkowski causality and the properties of quantum information. Also, we prove that the protocol is secure in terms of the user security and the database security.

76 FR 52042 - Auriga Laboratories, Inc., Curon Medical, Inc., Goldstate Corp., OneWorld Systems, Inc., and...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-19

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Auriga Laboratories, Inc., Curon Medical, Inc., Goldstate Corp., OneWorld Systems, Inc., and PracticeXpert, Inc.; Order of Suspension of Trading August 17, 2011. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the...

Security Engineering and Educational Initiatives for Critical Information Infrastructures

DTIC Science & Technology

2013-06-01

standard for cryptographic protection of SCADA communications. The United Kingdom’s National Infrastructure Security Co-ordination Centre (NISCC...has released a good practice guide on firewall deployment for SCADA systems and process control networks [17]. Meanwhile, National Institute for ...report. APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED 18 The SCADA gateway collects the data gathered by sensors, translates them from

Ultra-Dense Quantum Communication Using Integrated Photonic Architecture: First Annual Report

DTIC Science & Technology

2011-08-24

REPORT Ultra-Dense Quantum Communication Using Integrated Photonic Architecture: First Annual Report 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: The...goal of this program is to establish a fundamental information-theoretic understand of quantum secure communication and to devise a practical...scalable implementation of quantum key distribution protocols in an integrated photonic architecture. We report our progress on experimental and

Community Garden: A Bridging Program between Formal and Informal Learning

ERIC Educational Resources Information Center

Datta, Ranjan

2016-01-01

Community garden activities can play a significant role in bridging formal and informal learning, particularly in urban children's science and environmental education. It promotes relational methods of learning, discussing, and practicing that will integrate food security, social interactions, community development, environmental activism, and…

Development of quantitative security optimization approach for the picture archives and carrying system between a clinic and a rehabilitation center

NASA Astrophysics Data System (ADS)

Haneda, Kiyofumi; Kajima, Toshio; Koyama, Tadashi; Muranaka, Hiroyuki; Dojo, Hirofumi; Aratani, Yasuhiko

2002-05-01

The target of our study is to analyze the level of necessary security requirements, to search for suitable security measures and to optimize security distribution to every portion of the medical practice. Quantitative expression must be introduced to our study, if possible, to enable simplified follow-up security procedures and easy evaluation of security outcomes or results. Using fault tree analysis (FTA), system analysis showed that system elements subdivided into groups by details result in a much more accurate analysis. Such subdivided composition factors greatly depend on behavior of staff, interactive terminal devices, kinds of services provided, and network routes. Security measures were then implemented based on the analysis results. In conclusion, we identified the methods needed to determine the required level of security and proposed security measures for each medical information system, and the basic events and combinations of events that comprise the threat composition factors. Methods for identifying suitable security measures were found and implemented. Risk factors for each basic event, a number of elements for each composition factor, and potential security measures were found. Methods to optimize the security measures for each medical information system were proposed, developing the most efficient distribution of risk factors for basic events.

Walk the Talk: Progress in Building a Supply Chain Security Culture

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hund, Gretchen

Pacific Northwest National Laboratory (PNNL) has engaged industry to “go beyond compliance” for over a decade in controlling and securing their supply chains to ensure their goods are not diverted to nuclear weapons programs. This work has focused on dual-use industries that manufacture products that can be used in both commercial applications and in the development of a nuclear weapon. The team encourages industry to self-regulate to reduce proliferation risks. As part of that work, PNNL interviewed numerous companies about their compliance practices to understand their business and to build awareness around best practices to ensure security of goods, technology,more » and information along their supply chains. From conducting this work, PNNL identified indicators that a company can adopt as part of its commitment to nonproliferation ideals with a focus on supply chain security.« less

The health information system security threat lifecycle: an informatics theory.

PubMed

Fernando, Juanita I; Dawson, Linda L

2009-12-01

This manuscript describes the health information system security threat lifecycle (HISSTL) theory. The theory is grounded in case study data analyzing clinicians' health information system (HIS) privacy and security (P&S) experiences in the practice context. The 'questerview' technique was applied to this study of 26 clinicians situated in 3 large Australian (across Victoria) teaching hospitals. Questerviews rely on data collection that apply standardized questions and questionnaires during recorded interviews. Analysis (using Nvivo) involved the iterative scrutiny of interview transcripts to identify emergent themes. Issues including poor training, ambiguous legal frameworks containing punitive threats, productivity challenges, usability errors and the limitations of the natural hospital environment emerged from empirical data about the clinicians' HIS P&S practices. The natural hospital environment is defined by the permanence of electronic HISs (e-HISs), shared workspaces, outdated HIT infrastructure, constant interruption, a P&S regulatory environment that is not conducive to optimal training outcomes and budgetary constraints. The evidence also indicated the obtrusiveness, timeliness, and reliability of P&S implementations for clinical work affected participant attitudes to, and use of, e-HISs. The HISSTL emerged from the analysis of study evidence. The theory embodies elements such as the fiscal, regulatory and natural hospital environments which impede P&S implementations in practice settings. These elements conflict with improved patient care outcomes. Efforts by clinicians to avoid conflict and emphasize patient care above P&S tended to manifest as security breaches. These breaches entrench factors beyond clinician control and perpetuate those within clinician control. Security breaches of health information can progress through the HISSTL. Some preliminary suggestions for addressing these issues are proposed. Legislative frameworks that are not related to direct patient care were excluded from this study. Other limitations included an exclusive focus on patient care tasks post-admission and pre-discharge from public hospital wards. Finally, the number of cases was limited by the number of participants who volunteered to participate in the study. It is reasonable to assume these participants were more interested in the P&S of patient care work than their counterparts, though the study was not intended to provide quantitative or statistical data. Nonetheless, additional case studies would strengthen the HISSTL theory if confirmatory, practice-based evidence were found.

Improving computer security by health smart card.

PubMed

Nisand, Gabriel; Allaert, François-André; Brézillon, Régine; Isphording, Wilhem; Roeslin, Norbert

2003-01-01

The University hospitals of Strasbourg have worked for several years on the computer security of the medical data and have of this fact be the first to use the Health Care Professional Smart Card (CPS). This new tool must provide security to the information processing systems and especially to the medical data exchanges between the partners who collaborate to the care of the Beyond the purely data-processing aspects of the functions of safety offered by the CPS, safety depends above all on the practices on the users, their knowledge concerning the legislation, the risks and the stakes, of their adhesion to the procedures and protections installations. The aim of this study is to evaluate this level of knowledge, the practices and the feelings of the users concerning the computer security of the medical data, to check the relevance of the step taken, and if required, to try to improve it. The survey by questionnaires involved 648 users. The practices of users in terms of data security are clearly improved by the implementation of the security server and the use of the CPS system, but security breaches due to bad practices are not however completely eliminated. That confirms that is illusory to believe that data security is first and foremost a technical issue. Technical measures are of course indispensable, but the greatest efforts are required after their implementation and consist in making the key players [2], i.e. users, aware and responsible. However, it must be stressed that the user-friendliness of the security interface has a major effect on the results observed. For instance, it is highly probable that the bad practices continued or introduced upon the implementation of the security server and CPS scheme are due to the complicated nature or functional defects of the proposed solution, which must therefore be improved. Besides, this is only the pilot phase and card holders can be expected to become more responsible as time goes by, along with the gradual national implementation of the CPS project and the introduction of new functions using electronic signatures and encryption.

The personal health record paradox: health care professionals' perspectives and the information ecology of personal health record systems in organizational and clinical settings.

PubMed

Nazi, Kim M

2013-04-04

Despite significant consumer interest and anticipated benefits, overall adoption of personal health records (PHRs) remains relatively low. Understanding the consumer perspective is necessary, but insufficient by itself. Consumer PHR use also has broad implications for health care professionals and organizational delivery systems; however, these have received less attention. An exclusive focus on the PHR as a tool for consumer empowerment does not adequately take into account the social and organizational context of health care delivery, and the reciprocal nature of patient engagement. The purpose of this study was to examine the experiences of physicians, nurses, and pharmacists at the Department of Veterans Affairs (VA) using an organizationally sponsored PHR to develop insights into the interaction of technology and processes of health care delivery. The conceptual framework for the study draws on an information ecology perspective, which recognizes that a vibrant dynamic exists among technologies, people, practices, and values, accounting for both the values and norms of the participants and the practices of the local setting. The study explores the experiences and perspectives of VA health care professionals related to patient use of the My HealtheVet PHR portal and secure messaging systems. In-depth interviews were conducted with 30 VA health care professionals engaged in providing direct patient care who self-reported that they had experiences with at least 1 of 4 PHR features. Interviews were transcribed, coded, and analyzed to identify inductive themes. Organizational documents and artifacts were reviewed and analyzed to trace the trajectory of secure messaging implementation as part of the VA Patient Aligned Care Team (PACT) model. Study findings revealed a variety of factors that have facilitated or inhibited PHR adoption, use, and endorsement of patient use by health care professionals. Health care professionals' accounts and analysis of organizational documents revealed a multidimensional dynamic between the trajectory of secure messaging implementation and its impact on organizational actors and their use of technology, influencing workflow, practices, and the flow of information. In effect, secure messaging was the missing element of complex information ecology and its implementation acted as a catalyst for change. Secure messaging was found to have important consequences for access, communication, patient self-report, and patient/provider relationships. Study findings have direct implications for the development and implementation of PHR systems to ensure adequate training and support for health care professionals, alignment with clinical workflow, and features that enable information sharing and communication. Study findings highlight the importance of clinician endorsement and engagement, and the need to further examine both intended and unintended consequences of use. This research provides an integral step toward better understanding the social and organizational context and impact of PHR and secure messaging use in clinical practice settings.

Attacking a practical quantum-key-distribution system with wavelength-dependent beam-splitter and multiwavelength sources

DOE Office of Scientific and Technical Information (OSTI.GOV)

Li, Hong-Wei; Zhengzhou Information Science and Technology Institute, Zhengzhou, 450004; Wang, Shuang

2011-12-15

It is well known that the unconditional security of quantum-key distribution (QKD) can be guaranteed by quantum mechanics. However, practical QKD systems have some imperfections, which can be controlled by the eavesdropper to attack the secret key. With current experimental technology, a realistic beam splitter, made by fused biconical technology, has a wavelength-dependent property. Based on this fatal security loophole, we propose a wavelength-dependent attacking protocol, which can be applied to all practical QKD systems with passive state modulation. Moreover, we experimentally attack a practical polarization encoding QKD system to obtain all the secret key information at the cost ofmore » only increasing the quantum bit error rate from 1.3 to 1.4%.« less

[Information, knowledge and healthcare practice: professionals participation as the key element of the gear].

PubMed

Adam, Paula; Permanyer-Miralda, Gaietà; Solà-Morales, Oriol; Canela-Soler, Jaume

2010-02-01

This article analyzes the role of ICT within the complicated gear between information, knowledge and healthcare practices, which particular focus on two specific cases: the digitalization process of the healthcare system and the application of knowledge into the healthcare practices. In both cases, international and local experiences suggest, and sometimes demonstrate the importance of the participation, capacity-building and empowerment of healthcare practitioners for the generation, transfer and use of information and knowledge empowered by the digital tools which should bring into the system better performance, more efficacy, efficiency, equity, equality, security, quality. 2010 Elsevier España S.L. All rights reserved.

How strong are passwords used to protect personal health information in clinical trials?

PubMed

El Emam, Khaled; Moreau, Katherine; Jonker, Elizabeth

2011-02-11

Findings and statements about how securely personal health information is managed in clinical research are mixed. The objective of our study was to evaluate the security of practices used to transfer and share sensitive files in clinical trials. Two studies were performed. First, 15 password-protected files that were transmitted by email during regulated Canadian clinical trials were obtained. Commercial password recovery tools were used on these files to try to crack their passwords. Second, interviews with 20 study coordinators were conducted to understand file-sharing practices in clinical trials for files containing personal health information. We were able to crack the passwords for 93% of the files (14/15). Among these, 13 files contained thousands of records with sensitive health information on trial participants. The passwords tended to be relatively weak, using common names of locations, animals, car brands, and obvious numeric sequences. Patient information is commonly shared by email in the context of query resolution. Files containing personal health information are shared by email and, by posting them on shared drives with common passwords, to facilitate collaboration. If files containing sensitive patient information must be transferred by email, mechanisms to encrypt them and to ensure that password strength is high are necessary. More sophisticated collaboration tools are required to allow file sharing without password sharing. We provide recommendations to implement these practices.

How Strong are Passwords Used to Protect Personal Health Information in Clinical Trials?

PubMed Central

Moreau, Katherine; Jonker, Elizabeth

2011-01-01

Background Findings and statements about how securely personal health information is managed in clinical research are mixed. Objective The objective of our study was to evaluate the security of practices used to transfer and share sensitive files in clinical trials. Methods Two studies were performed. First, 15 password-protected files that were transmitted by email during regulated Canadian clinical trials were obtained. Commercial password recovery tools were used on these files to try to crack their passwords. Second, interviews with 20 study coordinators were conducted to understand file-sharing practices in clinical trials for files containing personal health information. Results We were able to crack the passwords for 93% of the files (14/15). Among these, 13 files contained thousands of records with sensitive health information on trial participants. The passwords tended to be relatively weak, using common names of locations, animals, car brands, and obvious numeric sequences. Patient information is commonly shared by email in the context of query resolution. Files containing personal health information are shared by email and, by posting them on shared drives with common passwords, to facilitate collaboration. Conclusion If files containing sensitive patient information must be transferred by email, mechanisms to encrypt them and to ensure that password strength is high are necessary. More sophisticated collaboration tools are required to allow file sharing without password sharing. We provide recommendations to implement these practices. PMID:21317106

The complexities of HIPAA and administration simplification.

PubMed

Mozlin, R

2000-11-01

The Health Insurance Portability and Accessibility Act (HIPAA) was signed into law in 1996. Although focused on information technology issues, HIPAA will ultimately impact day-to-day operations at multiple levels within any clinical setting. Optometrists must begin to familiarize themselves with HIPAA in order to prepare themselves to practice in a technology-enriched environment. Title II of HIPAA, entitled "Administration Simplification," is intended to reduce the costs and administrative burden of healthcare by standardizing the electronic transmission of administrative and financial transactions. The Department of Health and Human Services is expected to publish the final rules and regulations that will govern HIPAA's implementation this year. The rules and regulations will cover three key aspects of healthcare delivery: electronic data interchange (EDI), security and privacy. EDI will standardize the format for healthcare transactions. Health plans must accept and respond to all transactions in the EDI format. Security refers to policies and procedures that protect the accuracy and integrity of information and limit access. Privacy focuses on how the information is used and disclosure of identifiable health information. Security and privacy regulations apply to all information that is maintained and transmitted in a digital format and require administrative, physical, and technical safeguards. HIPAA will force the healthcare industry to adopt an e-commerce paradigm and provide opportunities to improve patient care processes. Optometrists should take advantage of the opportunity to develop more efficient and profitable practices.

Computer Security Awareness Guide for Department of Energy Laboratories, Government Agencies, and others for use with Lawrence Livermore National Laboratory`s (LLNL): Computer security short subjects videos

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education & Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1-3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices. Leaders may incorporate the Short Subjects into presentations. After talkingmore » about a subject area, one of the Short Subjects may be shown to highlight that subject matter. Another method for sharing them could be to show a Short Subject first and then lead a discussion about its topic. The cast of characters and a bit of information about their personalities in the LLNL Computer Security Short Subjects is included in this report.« less

Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme.

PubMed

Wang, Chengqi; Zhang, Xiao; Zheng, Zhiming

2016-01-01

With the security requirements of networks, biometrics authenticated schemes which are applied in the multi-server environment come to be more crucial and widely deployed. In this paper, we propose a novel biometric-based multi-server authentication and key agreement scheme which is based on the cryptanalysis of Mishra et al.'s scheme. The informal and formal security analysis of our scheme are given, which demonstrate that our scheme satisfies the desirable security requirements. The presented scheme provides a variety of significant functionalities, in which some features are not considered in the most of existing authentication schemes, such as, user revocation or re-registration and biometric information protection. Compared with several related schemes, our scheme has more secure properties and lower computation cost. It is obviously more appropriate for practical applications in the remote distributed networks.

77 FR 52372 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-29

... stolen securities. Reporting to the central database also allows reporting institutions to gain access to... proper performance of the functions of the agency, including whether the information shall have practical...

A Learning-Based Approach to Reactive Security

NASA Astrophysics Data System (ADS)

Barth, Adam; Rubinstein, Benjamin I. P.; Sundararajan, Mukund; Mitchell, John C.; Song, Dawn; Bartlett, Peter L.

Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst-case assumptions about the attacker: we grant the attacker complete knowledge of the defender's strategy and do not require the attacker to act rationally. In this model, we bound the competitive ratio between a reactive defense algorithm (which is inspired by online learning theory) and the best fixed proactive defense. Additionally, we show that, unlike proactive defenses, this reactive strategy is robust to a lack of information about the attacker's incentives and knowledge.

Decoy-state quantum key distribution with a leaky source

NASA Astrophysics Data System (ADS)

Tamaki, Kiyoshi; Curty, Marcos; Lucamarini, Marco

2016-06-01

In recent years, there has been a great effort to prove the security of quantum key distribution (QKD) with a minimum number of assumptions. Besides its intrinsic theoretical interest, this would allow for larger tolerance against device imperfections in the actual implementations. However, even in this device-independent scenario, one assumption seems unavoidable, that is, the presence of a protected space devoid of any unwanted information leakage in which the legitimate parties can privately generate, process and store their classical data. In this paper we relax this unrealistic and hardly feasible assumption and introduce a general formalism to tackle the information leakage problem in most of existing QKD systems. More specifically, we prove the security of optical QKD systems using phase and intensity modulators in their transmitters, which leak the setting information in an arbitrary manner. We apply our security proof to cases of practical interest and show key rates similar to those obtained in a perfectly shielded environment. Our work constitutes a fundamental step forward in guaranteeing implementation security of quantum communication systems.

An Axiology of Information Security for Futuristic Neuroprostheses: Upholding Human Values in the Context of Technological Posthumanization

PubMed Central

Gladden, Matthew E.

2017-01-01

Previous works exploring the challenges of ensuring information security for neuroprosthetic devices and their users have typically built on the traditional InfoSec concept of the “CIA Triad” of confidentiality, integrity, and availability. However, we argue that the CIA Triad provides an increasingly inadequate foundation for envisioning information security for neuroprostheses, insofar as it presumes that (1) any computational systems to be secured are merely instruments for expressing their human users' agency, and (2) computing devices are conceptually and practically separable from their users. Drawing on contemporary philosophy of technology and philosophical and critical posthumanist analysis, we contend that futuristic neuroprostheses could conceivably violate these basic InfoSec presumptions, insofar as (1) they may alter or supplant their users' biological agency rather than simply supporting it, and (2) they may structurally and functionally fuse with their users to create qualitatively novel “posthumanized” human-machine systems that cannot be secured as though they were conventional computing devices. Simultaneously, it is noted that many of the goals that have been proposed for future neuroprostheses by InfoSec researchers (e.g., relating to aesthetics, human dignity, authenticity, free will, and cultural sensitivity) fall outside the scope of InfoSec as it has historically been understood and touch on a wide range of ethical, aesthetic, physical, metaphysical, psychological, economic, and social values. We suggest that the field of axiology can provide useful frameworks for more effectively identifying, analyzing, and prioritizing such diverse types of values and goods that can (and should) be pursued through InfoSec practices for futuristic neuroprostheses. PMID:29163010

An Axiology of Information Security for Futuristic Neuroprostheses: Upholding Human Values in the Context of Technological Posthumanization.

PubMed

Gladden, Matthew E

2017-01-01

Previous works exploring the challenges of ensuring information security for neuroprosthetic devices and their users have typically built on the traditional InfoSec concept of the "CIA Triad" of confidentiality, integrity, and availability. However, we argue that the CIA Triad provides an increasingly inadequate foundation for envisioning information security for neuroprostheses, insofar as it presumes that (1) any computational systems to be secured are merely instruments for expressing their human users' agency, and (2) computing devices are conceptually and practically separable from their users. Drawing on contemporary philosophy of technology and philosophical and critical posthumanist analysis, we contend that futuristic neuroprostheses could conceivably violate these basic InfoSec presumptions, insofar as (1) they may alter or supplant their users' biological agency rather than simply supporting it, and (2) they may structurally and functionally fuse with their users to create qualitatively novel "posthumanized" human-machine systems that cannot be secured as though they were conventional computing devices. Simultaneously, it is noted that many of the goals that have been proposed for future neuroprostheses by InfoSec researchers (e.g., relating to aesthetics, human dignity, authenticity, free will, and cultural sensitivity) fall outside the scope of InfoSec as it has historically been understood and touch on a wide range of ethical, aesthetic, physical, metaphysical, psychological, economic, and social values. We suggest that the field of axiology can provide useful frameworks for more effectively identifying, analyzing, and prioritizing such diverse types of values and goods that can (and should) be pursued through InfoSec practices for futuristic neuroprostheses.

Information Assurance within the United States Air Force

ERIC Educational Resources Information Center

Cherry, John D.

2010-01-01

According to the Department of Defense (DoD), a review of information assurance (IA) in the United States Air Force (USAF) in 2009, cyber security is jeopardized because of information loss. This situation has occurred in large part because of less than optimal training practices or adherence to training protocols. The purpose of this study was…

The Effects of Risk and Size of Company on Business Performance in Information Technology Outsourcing

ERIC Educational Resources Information Center

Balogun, Shereef Adewale

2013-01-01

Information technology (IT) outsourcing is a practical way to transfer information technology by industries of different firms. The problem occurs when companies outsource services to domestic and international data centers as network security issues arise. This leads to competition between companies causing the size of the company to become more…

The Impact of Organizational Culture on the Sharing of Homeland Security Information

DTIC Science & Technology

2008-04-04

transform an organization through 8 U.S. Government Accountability Office, “Homeland Security: Efforts...www.whitehouse.gov/omb/ egov /documents/FEA_Practice_Guidance.pdf (accessed September 23, 2007), 4-1. 10 U.S. Government Accountability Office, GAO-04-777, 12...between the federal government and the state and local governments , and the transformation of disparate cultures into a new executive department – the

Nuclear Lessons for Cyber Security

DTIC Science & Technology

2011-01-01

major kinetic violence. In the physical world, governments have a near monopoly on large - scale use of force, the defender has an intimate knowledge of...with this transformative technology. Until now, the issue of cyber security has largely been the domain of computer experts and specialists. When the...with increasing economic returns to scale and political practices that make jurisdictional control difficult. Attacks from the informational realm

Design of Hack-Resistant Diabetes Devices and Disclosure of Their Cyber Safety

PubMed Central

Sackner-Bernstein, Jonathan

2017-01-01

Background: The focus of the medical device industry and regulatory bodies on cyber security parallels that in other industries, primarily on risk assessment and user education as well as the recognition and response to infiltration. However, transparency of the safety of marketed devices is lacking and developers are not embracing optimal design practices with new devices. Achieving cyber safe diabetes devices: To improve understanding of cyber safety by clinicians and patients, and inform decision making on use practices of medical devices requires disclosure by device manufacturers of the results of their cyber security testing. Furthermore, developers should immediately shift their design processes to deliver better cyber safety, exemplified by use of state of the art encryption, secure operating systems, and memory protections from malware. PMID:27837161

Ladder Safety Live #12985

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chochoms, Michael

2017-02-23

This course presents information for working safely with portable ladders: specifically, stepladders, extensions ladders, and their derivations. Additionally, this course provides limited information on the safe use of stepstools and fixed ladders. The skills, techniques, and good practices needed for selecting, inspecting, setting up and securing, and using ladders are presented in this course.

Exploitation of Unintentional Information Leakage from Integrated Circuits

ERIC Educational Resources Information Center

Cobb, William E.

2011-01-01

The information leakage of electronic devices, especially those used in cryptographic or other vital applications, represents a serious practical threat to secure systems. While physical implementation attacks have evolved rapidly over the last decade, relatively little work has been done to allow system designers to effectively counter the…

76 FR 14440 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-16

... 40-F is used by investors in making investment decisions with respect to the securities of such... performance of the functions of the agency, including whether the information will have practical utility; (b... to enhance the quality, utility, and clarity of the information collected; and (d) ways to minimize...

The business of medicine: how to overcome financial obstacles and secure financing for your private practice and ancillary services business.

PubMed

Nayor, David

2012-01-01

Doctors across the country who operate private medical practices are facing increasing financial obstacles, namely shrinking income as a result of rising costs and lower reimbursements. In addition, as hospitals have become overburdened many physicians have opened up private surgical centers; magnetic resonance imaging and computed tomography and positron emission tomography scanning facilities; pathology labs; colonoscopy/endoscopy suites; lithotripsy centers; and other medical businesses typically performed within the hospital. Moreover, many doctors seek loans to purchase existing practices or for their capital contribution in medical partnerships. The past decade has thus seen a significant increase in the number of doctors taking out small business loans. Indeed, banks view the healthcare industry as a large growth market. This article includes practical information, advice, and resources to help doctors to secure bank financing for their practices, ancillary services business, real estate, and equipment on the best possible market terms.

A Method for Evaluating Information Security Governance (ISG) Components in Banking Environment

NASA Astrophysics Data System (ADS)

Ula, M.; Ula, M.; Fuadi, W.

2017-02-01

As modern banking increasingly relies on the internet and computer technologies to operate their businesses and market interactions, the threats and security breaches have highly increased in recent years. Insider and outsider attacks have caused global businesses lost trillions of Dollars a year. Therefore, that is a need for a proper framework to govern the information security in the banking system. The aim of this research is to propose and design an enhanced method to evaluate information security governance (ISG) implementation in banking environment. This research examines and compares the elements from the commonly used information security governance frameworks, standards and best practices. Their strength and weakness are considered in its approaches. The initial framework for governing the information security in banking system was constructed from document review. The framework was categorized into three levels which are Governance level, Managerial level, and technical level. The study further conducts an online survey for banking security professionals to get their professional judgment about the ISG most critical components and the importance for each ISG component that should be implemented in banking environment. Data from the survey was used to construct a mathematical model for ISG evaluation, component importance data used as weighting coefficient for the related component in the mathematical model. The research further develops a method for evaluating ISG implementation in banking based on the mathematical model. The proposed method was tested through real bank case study in an Indonesian local bank. The study evidently proves that the proposed method has sufficient coverage of ISG in banking environment and effectively evaluates the ISG implementation in banking environment.

78 FR 38041 - Agency Information Collection Activities; Submission for OMB review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-25

...: Craig Tregillus, Attorney, Division of Marketing Practices, Bureau of Consumer Protection, Federal Trade... Social Security number, date of birth, driver's license number or other state identification number or...

Employee Participation--A Practical Guide.

ERIC Educational Resources Information Center

Wooden, Mark

1990-01-01

Despite the benefits of employee participation in decision making, it is not widespread. Making it work requires commitment, job security, training, access to information, communication channels, goal setting, flat organizational structures, and financial reinforcement. (SK)

Infotech. Cyber security. Health care learns to share scares and solutions.

PubMed

Colias, Mike

2004-05-01

Health care information technology leaders and others are coming together to share scary experiences and develop best practices to guard against crippling computer viruses, scheming hackers and other cyber threats.

Reflective Functioning in Parents of School-Aged Children

PubMed Central

Borelli, Jessica L.; St. John, H. Kate; Cho, Evelyn; Suchman, Nancy E.

2016-01-01

Parental reflective functioning (RF) has garnered tremendous support as a predictor of secure attachment in infancy, though little work has examined RF among parents of older children. In this study, we used a high-risk community sample of parent–child dyads (N = 117) to explore whether parental RF comprises self- and child-focused factors, whether parental RF is associated with parent and child attachment security, and whether parental RF mediates the association between parent and child attachment security. Results suggested that parental RF can be characterized as having both self- and child-focused components, and that child-focused parental RF is associated with child but not parent attachment security. Further, child-focused parental RF indirectly mediates the association between parent attachment avoidance and child attachment security. These findings extend previous work on parental RF to parents of school-age children and, in so doing, inform developmental models of attachment relationships in middle childhood. Discussion focuses on the importance of these findings in informing theory, prevention, clinical practice, and policy. PMID:26618938

Implementing Patient Access to Electronic Health Records Under HIPAA: Lessons Learned

PubMed Central

Wang, Tiffany; Pizziferri, Lisa; Volk, Lynn A; Mikels, Debra A; Grant, Karen G; Wald, Jonathan S; Bates, David W

2004-01-01

In 2001, the Institute of Medicine (IOM) and the Health Insurance Portability and Accountability Act (HIPAA) emphasized the need for patients to have greater control over their health information. We describe a Boston healthcare system's approach to providing patients access to their electronic health records (EHRs) via Patient Gateway, a secure, Web-based portal. Implemented in 19 clinic sites to date, Patient Gateway allows patients to access information from their medical charts via the Internet in a secure manner. Since 2002, over 19,000 patients have enrolled in Patient Gateway, more than 125,000 patients have logged into the system, and over 37,000 messages have been sent by patients to their practices. There have been no major security concerns. By providing access to EHR data, secure systems like Patient Gateway allow patients a greater role in their healthcare process, as envisioned by the IOM and HIPAA. PMID:18066391

Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme

PubMed Central

Wang, Chengqi; Zhang, Xiao; Zheng, Zhiming

2016-01-01

With the security requirements of networks, biometrics authenticated schemes which are applied in the multi-server environment come to be more crucial and widely deployed. In this paper, we propose a novel biometric-based multi-server authentication and key agreement scheme which is based on the cryptanalysis of Mishra et al.’s scheme. The informal and formal security analysis of our scheme are given, which demonstrate that our scheme satisfies the desirable security requirements. The presented scheme provides a variety of significant functionalities, in which some features are not considered in the most of existing authentication schemes, such as, user revocation or re-registration and biometric information protection. Compared with several related schemes, our scheme has more secure properties and lower computation cost. It is obviously more appropriate for practical applications in the remote distributed networks. PMID:26866606

Survey of Cyber Crime in Big Data

NASA Astrophysics Data System (ADS)

Rajeswari, C.; Soni, Krishna; Tandon, Rajat

2017-11-01

Big data is like performing computation operations and database operations for large amounts of data, automatically from the data possessor’s business. Since a critical strategic offer of big data access to information from numerous and various areas, security and protection will assume an imperative part in big data research and innovation. The limits of standard IT security practices are notable, with the goal that they can utilize programming sending to utilize programming designers to incorporate pernicious programming in a genuine and developing risk in applications and working frameworks, which are troublesome. The impact gets speedier than big data. In this way, one central issue is that security and protection innovation are sufficient to share controlled affirmation for countless direct get to. For powerful utilization of extensive information, it should be approved to get to the information of that space or whatever other area from a space. For a long time, dependable framework improvement has arranged a rich arrangement of demonstrated ideas of demonstrated security to bargain to a great extent with the decided adversaries, however this procedure has been to a great extent underestimated as “needless excess” and sellers In this discourse, essential talks will be examined for substantial information to exploit this develop security and protection innovation, while the rest of the exploration difficulties will be investigated.

Secure distribution for high resolution remote sensing images

NASA Astrophysics Data System (ADS)

Liu, Jin; Sun, Jing; Xu, Zheng Q.

2010-09-01

The use of remote sensing images collected by space platforms is becoming more and more widespread. The increasing value of space data and its use in critical scenarios call for adoption of proper security measures to protect these data against unauthorized access and fraudulent use. In this paper, based on the characteristics of remote sensing image data and application requirements on secure distribution, a secure distribution method is proposed, including users and regions classification, hierarchical control and keys generation, and multi-level encryption based on regions. The combination of the three parts can make that the same remote sensing images after multi-level encryption processing are distributed to different permission users through multicast, but different permission users can obtain different degree information after decryption through their own decryption keys. It well meets user access control and security needs in the process of high resolution remote sensing image distribution. The experimental results prove the effectiveness of the proposed method which is suitable for practical use in the secure transmission of remote sensing images including confidential information over internet.

Measurement-Device-Independent Quantum Key Distribution over Untrustful Metropolitan Network

NASA Astrophysics Data System (ADS)

Tang, Yan-Lin; Yin, Hua-Lei; Zhao, Qi; Liu, Hui; Sun, Xiang-Xiang; Huang, Ming-Qi; Zhang, Wei-Jun; Chen, Si-Jing; Zhang, Lu; You, Li-Xing; Wang, Zhen; Liu, Yang; Lu, Chao-Yang; Jiang, Xiao; Ma, Xiongfeng; Zhang, Qiang; Chen, Teng-Yun; Pan, Jian-Wei

2016-01-01

Quantum cryptography holds the promise to establish an information-theoretically secure global network. All field tests of metropolitan-scale quantum networks to date are based on trusted relays. The security critically relies on the accountability of the trusted relays, which will break down if the relay is dishonest or compromised. Here, we construct a measurement-device-independent quantum key distribution (MDIQKD) network in a star topology over a 200-square-kilometer metropolitan area, which is secure against untrustful relays and against all detection attacks. In the field test, our system continuously runs through one week with a secure key rate 10 times larger than previous results. Our results demonstrate that the MDIQKD network, combining the best of both worlds—security and practicality, constitutes an appealing solution to secure metropolitan communications.

Integrating Information Assurance and Security into IT Education: A Look at the Model Curriculum and Emerging Practice

ERIC Educational Resources Information Center

Dark, Melissa Jane; Ekstrom, Joseph J.; Lunt, Barry M.

2006-01-01

In December 2001 a meeting of interested parties from fifteen four-year IT programs from the US along with representatives from IEEE, ACM, and ABET (CITC-1) began work on the formalization of Information Technology as an accredited academic discipline. The effort has evolved into SIGITE, the ACM SIG for Information Technology Education. During…

Visual communications with side information via distributed printing channels: extended multimedia and security perspectives

NASA Astrophysics Data System (ADS)

Voloshynovskiy, Sviatoslav V.; Koval, Oleksiy; Deguillaume, Frederic; Pun, Thierry

2004-06-01

In this paper we address visual communications via printing channels from an information-theoretic point of view as communications with side information. The solution to this problem addresses important aspects of multimedia data processing, security and management, since printed documents are still the most common form of visual information representation. Two practical approaches to side information communications for printed documents are analyzed in the paper. The first approach represents a layered joint source-channel coding for printed documents. This approach is based on a self-embedding concept where information is first encoded assuming a Wyner-Ziv set-up and then embedded into the original data using a Gel'fand-Pinsker construction and taking into account properties of printing channels. The second approach is based on Wyner-Ziv and Berger-Flynn-Gray set-ups and assumes two separated communications channels where an appropriate distributed coding should be elaborated. The first printing channel is considered to be a direct visual channel for images ("analog" channel with degradations). The second "digital channel" with constrained capacity is considered to be an appropriate auxiliary channel. We demonstrate both theoretically and practically how one can benefit from this sort of "distributed paper communications".

Ver-i-Fus: an integrated access control and information monitoring and management system

NASA Astrophysics Data System (ADS)

Thomopoulos, Stelios C.; Reisman, James G.; Papelis, Yiannis E.

1997-01-01

This paper describes the Ver-i-Fus Integrated Access Control and Information Monitoring and Management (IAC-I2M) system that INTELNET Inc. has developed. The Ver-i-Fus IAC-I2M system has been designed to meet the most stringent security and information monitoring requirements while allowing two- way communication between the user and the system. The systems offers a flexible interface that permits to integrate practically any sensing device, or combination of sensing devices, including a live-scan fingerprint reader, thus providing biometrics verification for enhanced security. Different configurations of the system provide solutions to different sets of access control problems. The re-configurable hardware interface, tied together with biometrics verification and a flexible interface that allows to integrate Ver-i-Fus with an MIS, provide an integrated solution to security, time and attendance, labor monitoring, production monitoring, and payroll applications.

Threats and risks to information security: a practical analysis of free access wireless networks

NASA Astrophysics Data System (ADS)

Quirumbay, Daniel I.; Coronel, Iván. A.; Bayas, Marcia M.; Rovira, Ronald H.; Gromaszek, Konrad; Tleshova, Akmaral; Kozbekova, Ainur

2017-08-01

Nowadays, there is an ever-growing need to investigate, consult and communicate through the internet. This need leads to the intensification of free access to the web in strategic and functional points for the benefit of the community. However, this open access is also related to the increase of information insecurity. The existing works on computer security primarily focus on the development of techniques to reduce cyber-attacks. However, these approaches do not address the sector of inexperienced users who have difficulty understanding browser settings. Two methods can solve this problem: first the development of friendly browsers with intuitive setups for new users and on the other hand, by implementing awareness programs on essential security without deepening on technical information. This article addresses an analysis of the vulnerabilities of wireless equipment that provides internet service in the open access zones and the potential risks that could be found when using these means.

Conversations about Research Supervision--Enabling and Accrediting a Community of Practice Model for Research Degree Supervisor Development

ERIC Educational Resources Information Center

Hill, Geof; Vaughan, Sian

2018-01-01

The authors' lived experience of devising a professional development programme for research supervisors and securing SEDA (Staff and Educational Development Association) accreditation informs this paper. Our first purpose is to outline the programme and discuss its uniqueness in using a community of practice model in conjunction with practitioner…

SSA Disability: Other Programs May Provide Lessons for Improving Return-to-Work Efforts. Testimony before the Subcommittee on Social Security, Committee on Ways and Means, House of Representatives.

ERIC Educational Resources Information Center

Bovbjerg, Barbara D.

This report compares the Social Security Administration's Disability Insurance (DI) program and the practices of the private sector and other countries in helping people with severe disabilities return to work. Information was gathered in in-depth interviews and a review of policy documents and program data at three private sector disability…

A Rich Client-Server Based Framework for Convenient Security and Management of Mobile Applications

NASA Astrophysics Data System (ADS)

Badan, Stephen; Probst, Julien; Jaton, Markus; Vionnet, Damien; Wagen, Jean-Frédéric; Litzistorf, Gérald

Contact lists, Emails, SMS or custom applications on a professional smartphone could hold very confidential or sensitive information. What could happen in case of theft or accidental loss of such devices? Such events could be detected by the separation between the smartphone and a Bluetooth companion device. This event should typically block the applications and delete personal and sensitive data. Here, a solution is proposed based on a secured framework application running on the mobile phone as a rich client connected to a security server. The framework offers strong and customizable authentication and secured connectivity. A security server manages all security issues. User applications are then loaded via the framework. User data can be secured, synchronized, pushed or pulled via the framework. This contribution proposes a convenient although secured environment based on a client-server architecture using external authentications. Several features of the proposed system are exposed and a practical demonstrator is described.

Multiple-Feature Extracting Modules Based Leak Mining System Design

PubMed Central

Cho, Ying-Chiang; Pan, Jen-Yi

2013-01-01

Over the years, human dependence on the Internet has increased dramatically. A large amount of information is placed on the Internet and retrieved from it daily, which makes web security in terms of online information a major concern. In recent years, the most problematic issues in web security have been e-mail address leakage and SQL injection attacks. There are many possible causes of information leakage, such as inadequate precautions during the programming process, which lead to the leakage of e-mail addresses entered online or insufficient protection of database information, a loophole that enables malicious users to steal online content. In this paper, we implement a crawler mining system that is equipped with SQL injection vulnerability detection, by means of an algorithm developed for the web crawler. In addition, we analyze portal sites of the governments of various countries or regions in order to investigate the information leaking status of each site. Subsequently, we analyze the database structure and content of each site, using the data collected. Thus, we make use of practical verification in order to focus on information security and privacy through black-box testing. PMID:24453892

Multiple-feature extracting modules based leak mining system design.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2013-01-01

Over the years, human dependence on the Internet has increased dramatically. A large amount of information is placed on the Internet and retrieved from it daily, which makes web security in terms of online information a major concern. In recent years, the most problematic issues in web security have been e-mail address leakage and SQL injection attacks. There are many possible causes of information leakage, such as inadequate precautions during the programming process, which lead to the leakage of e-mail addresses entered online or insufficient protection of database information, a loophole that enables malicious users to steal online content. In this paper, we implement a crawler mining system that is equipped with SQL injection vulnerability detection, by means of an algorithm developed for the web crawler. In addition, we analyze portal sites of the governments of various countries or regions in order to investigate the information leaking status of each site. Subsequently, we analyze the database structure and content of each site, using the data collected. Thus, we make use of practical verification in order to focus on information security and privacy through black-box testing.

Unbreakable distributed storage with quantum key distribution network and password-authenticated secret sharing

PubMed Central

Fujiwara, M.; Waseda, A.; Nojima, R.; Moriai, S.; Ogata, W.; Sasaki, M.

2016-01-01

Distributed storage plays an essential role in realizing robust and secure data storage in a network over long periods of time. A distributed storage system consists of a data owner machine, multiple storage servers and channels to link them. In such a system, secret sharing scheme is widely adopted, in which secret data are split into multiple pieces and stored in each server. To reconstruct them, the data owner should gather plural pieces. Shamir’s (k, n)-threshold scheme, in which the data are split into n pieces (shares) for storage and at least k pieces of them must be gathered for reconstruction, furnishes information theoretic security, that is, even if attackers could collect shares of less than the threshold k, they cannot get any information about the data, even with unlimited computing power. Behind this scenario, however, assumed is that data transmission and authentication must be perfectly secure, which is not trivial in practice. Here we propose a totally information theoretically secure distributed storage system based on a user-friendly single-password-authenticated secret sharing scheme and secure transmission using quantum key distribution, and demonstrate it in the Tokyo metropolitan area (≤90 km). PMID:27363566

Unbreakable distributed storage with quantum key distribution network and password-authenticated secret sharing.

PubMed

Fujiwara, M; Waseda, A; Nojima, R; Moriai, S; Ogata, W; Sasaki, M

2016-07-01

Distributed storage plays an essential role in realizing robust and secure data storage in a network over long periods of time. A distributed storage system consists of a data owner machine, multiple storage servers and channels to link them. In such a system, secret sharing scheme is widely adopted, in which secret data are split into multiple pieces and stored in each server. To reconstruct them, the data owner should gather plural pieces. Shamir's (k, n)-threshold scheme, in which the data are split into n pieces (shares) for storage and at least k pieces of them must be gathered for reconstruction, furnishes information theoretic security, that is, even if attackers could collect shares of less than the threshold k, they cannot get any information about the data, even with unlimited computing power. Behind this scenario, however, assumed is that data transmission and authentication must be perfectly secure, which is not trivial in practice. Here we propose a totally information theoretically secure distributed storage system based on a user-friendly single-password-authenticated secret sharing scheme and secure transmission using quantum key distribution, and demonstrate it in the Tokyo metropolitan area (≤90 km).

Secure scalable disaster electronic medical record and tracking system.

PubMed

Demers, Gerard; Kahn, Christopher; Johansson, Per; Buono, Colleen; Chipara, Octav; Griswold, William; Chan, Theodore

2013-10-01

Electronic medical records (EMRs) are considered superior in documentation of care for medical practice. Current disaster medical response involves paper tracking systems and radio communication for mass-casualty incidents (MCIs). These systems are prone to errors, may be compromised by local conditions, and are labor intensive. Communication infrastructure may be impacted, overwhelmed by call volume, or destroyed by the disaster, making self-contained and secure EMR response a critical capability. Report As the prehospital disaster EMR allows for more robust content including protected health information (PHI), security measures must be instituted to safeguard these data. The Wireless Internet Information System for medicAl Response in Disasters (WIISARD) Research Group developed a handheld, linked, wireless EMR system utilizing current technology platforms. Smart phones connected to radio frequency identification (RFID) readers may be utilized to efficiently track casualties resulting from the incident. Medical information may be transmitted on an encrypted network to fellow prehospital team members, medical dispatch, and receiving medical centers. This system has been field tested in a number of exercises with excellent results, and future iterations will incorporate robust security measures. A secure prehospital triage EMR improves documentation quality during disaster drills.

The Role of Corporate and Government Surveillance in Shifting Journalistic Information Security Practices

ERIC Educational Resources Information Center

Shelton, Martin L.

2015-01-01

Digital technologies have fundamentally altered how journalists communicate with their sources, enabling them to exchange information through social media as well as video, audio, and text chat. Simultaneously, journalists are increasingly concerned with corporate and government surveillance as a threat to their ability to speak with sources in…

Thundercloud: Domain specific information security training for the smart grid

NASA Astrophysics Data System (ADS)

Stites, Joseph

In this paper, we describe a cloud-based virtual smart grid test bed: ThunderCloud, which is intended to be used for domain-specific security training applicable to the smart grid environment. The test bed consists of virtual machines connected using a virtual internal network. ThunderCloud is remotely accessible, allowing students to undergo educational exercises online. We also describe a series of practical exercises that we have developed for providing the domain-specific training using ThunderCloud. The training exercises and attacks are designed to be realistic and to reflect known vulnerabilities and attacks reported in the smart grid environment. We were able to use ThunderCloud to offer practical domain-specific security training for smart grid environment to computer science students at little or no cost to the department and no risk to any real networks or systems.

Security of BB84 with weak randomness and imperfect qubit encoding

NASA Astrophysics Data System (ADS)

Zhao, Liang-Yuan; Yin, Zhen-Qiang; Li, Hong-Wei; Chen, Wei; Fang, Xi; Han, Zheng-Fu; Huang, Wei

2018-03-01

The main threats for the well-known Bennett-Brassard 1984 (BB84) practical quantum key distribution (QKD) systems are that its encoding is inaccurate and measurement device may be vulnerable to particular attacks. Thus, a general physical model or security proof to tackle these loopholes simultaneously and quantitatively is highly desired. Here we give a framework on the security of BB84 when imperfect qubit encoding and vulnerability of measurement device are both considered. In our analysis, the potential attacks to measurement device are generalized by the recently proposed weak randomness model which assumes the input random numbers are partially biased depending on a hidden variable planted by an eavesdropper. And the inevitable encoding inaccuracy is also introduced here. From a fundamental view, our work reveals the potential information leakage due to encoding inaccuracy and weak randomness input. For applications, our result can be viewed as a useful tool to quantitatively evaluate the security of a practical QKD system.

Execution of a self-directed risk assessment methodology to address HIPAA data security requirements

NASA Astrophysics Data System (ADS)

Coleman, Johnathan

2003-05-01

This paper analyzes the method and training of a self directed risk assessment methodology entitled OCTAVE (Operationally Critical Threat Asset and Vulnerability Evaluation) at over 170 DOD medical treatment facilities. It focuses specifically on how OCTAVE built interdisciplinary, inter-hierarchical consensus and enhanced local capabilities to perform Health Information Assurance. The Risk Assessment Methodology was developed by the Software Engineering Institute at Carnegie Mellon University as part of the Defense Health Information Assurance Program (DHIAP). The basis for its success is the combination of analysis of organizational practices and technological vulnerabilities. Together, these areas address the core implications behind the HIPAA Security Rule and can be used to develop Organizational Protection Strategies and Technological Mitigation Plans. A key component of OCTAVE is the inter-disciplinary composition of the analysis team (Patient Administration, IT staff and Clinician). It is this unique composition of analysis team members, along with organizational and technical analysis of business practices, assets and threats, which enables facilities to create sound and effective security policies. The Risk Assessment is conducted in-house, and therefore the process, results and knowledge remain within the organization, helping to build consensus in an environment of differing organizational and disciplinary perspectives on Health Information Assurance.

The Personal Health Record Paradox: Health Care Professionals’ Perspectives and the Information Ecology of Personal Health Record Systems in Organizational and Clinical Settings

PubMed Central

2013-01-01

Background Despite significant consumer interest and anticipated benefits, overall adoption of personal health records (PHRs) remains relatively low. Understanding the consumer perspective is necessary, but insufficient by itself. Consumer PHR use also has broad implications for health care professionals and organizational delivery systems; however, these have received less attention. An exclusive focus on the PHR as a tool for consumer empowerment does not adequately take into account the social and organizational context of health care delivery, and the reciprocal nature of patient engagement. Objective The purpose of this study was to examine the experiences of physicians, nurses, and pharmacists at the Department of Veterans Affairs (VA) using an organizationally sponsored PHR to develop insights into the interaction of technology and processes of health care delivery. The conceptual framework for the study draws on an information ecology perspective, which recognizes that a vibrant dynamic exists among technologies, people, practices, and values, accounting for both the values and norms of the participants and the practices of the local setting. The study explores the experiences and perspectives of VA health care professionals related to patient use of the My HealtheVet PHR portal and secure messaging systems. Methods In-depth interviews were conducted with 30 VA health care professionals engaged in providing direct patient care who self-reported that they had experiences with at least 1 of 4 PHR features. Interviews were transcribed, coded, and analyzed to identify inductive themes. Organizational documents and artifacts were reviewed and analyzed to trace the trajectory of secure messaging implementation as part of the VA Patient Aligned Care Team (PACT) model. Results Study findings revealed a variety of factors that have facilitated or inhibited PHR adoption, use, and endorsement of patient use by health care professionals. Health care professionals’ accounts and analysis of organizational documents revealed a multidimensional dynamic between the trajectory of secure messaging implementation and its impact on organizational actors and their use of technology, influencing workflow, practices, and the flow of information. In effect, secure messaging was the missing element of complex information ecology and its implementation acted as a catalyst for change. Secure messaging was found to have important consequences for access, communication, patient self-report, and patient/provider relationships. Conclusions Study findings have direct implications for the development and implementation of PHR systems to ensure adequate training and support for health care professionals, alignment with clinical workflow, and features that enable information sharing and communication. Study findings highlight the importance of clinician endorsement and engagement, and the need to further examine both intended and unintended consequences of use. This research provides an integral step toward better understanding the social and organizational context and impact of PHR and secure messaging use in clinical practice settings. PMID:23557596

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

NASA Astrophysics Data System (ADS)

Mohammadi, Hadi

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to create and design a Security and Critical Patch Management Process (SCPMP) framework based on Systems Engineering (SE) principles. This framework will assist Information Technology Department Staff (ITDS) to reduce IT operating time and costs and mitigate the risk of security and vulnerability attacks. Further, this study evaluates implementation of the SCPMP in the networked computing systems of an academic environment in order to: 1. Meet patch management requirements by applying SE principles. 2. Reduce the cost of IT operations and PVM cycles. 3. Improve the current PVM methodologies to prevent networked computing systems from becoming the targets of security vulnerability attacks. 4. Embed a Maintenance Optimization Tool (MOT) in the proposed framework. The MOT allows IT managers to make the most practicable choice of methods for deploying and installing released patches and vulnerability remediation. In recent years, there has been a variety of frameworks for security practices in every networked computing system to protect computer workstations from becoming compromised or vulnerable to security attacks, which can expose important information and critical data. I have developed a new mechanism for implementing PVM for maximizing security-vulnerability maintenance, protecting OS and software packages, and minimizing SCPMP cost. To increase computing system security in any diverse environment, particularly in academia, one must apply SCPMP. I propose an optimal maintenance policy that will allow ITDS to measure and estimate the variation of PVM cycles based on their department's requirements. My results demonstrate that MOT optimizes the process of implementing SCPMP in academic workstations.

Software Assurance Curriculum Project Volume 3: Master of Software Assurance Course Syllabi

DTIC Science & Technology

2011-07-01

and International Electrotechnical Commission ( ISO /IEC). ISO /IEC 27002 :2005 Information Technology – Security Techniques – Code of Practice for...Compliance and Policy (CP) practice • [ ISO 2008] ISO 27002 Section 15 Research and identify (or develop) an example of policy language that...Microsoft SDL • [Merkow 2010] Chapters 5, 6, 8 • [ ISO 2008] ISO 27002 Sections 12.1-12.5 Identify practices to mitigate selected risks for sample

An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography.

PubMed

Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Kumar, Neeraj

2015-11-01

In the last few years, numerous remote user authentication and session key agreement schemes have been put forwarded for Telecare Medical Information System, where the patient and medical server exchange medical information using Internet. We have found that most of the schemes are not usable for practical applications due to known security weaknesses. It is also worth to note that unrestricted number of patients login to the single medical server across the globe. Therefore, the computation and maintenance overhead would be high and the server may fail to provide services. In this article, we have designed a medical system architecture and a standard mutual authentication scheme for single medical server, where the patient can securely exchange medical data with the doctor(s) via trusted central medical server over any insecure network. We then explored the security of the scheme with its resilience to attacks. Moreover, we formally validated the proposed scheme through the simulation using Automated Validation of Internet Security Schemes and Applications software whose outcomes confirm that the scheme is protected against active and passive attacks. The performance comparison demonstrated that the proposed scheme has lower communication cost than the existing schemes in literature. In addition, the computation cost of the proposed scheme is nearly equal to the exiting schemes. The proposed scheme not only efficient in terms of different security attacks, but it also provides an efficient login, mutual authentication, session key agreement and verification and password update phases along with password recovery.

Metering Best Practices, A Guide to Achieving Utility Resource Efficiency, Release 2.0

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sullivan, Greg; Hunt, W. D.; Pugh, Ray

2011-08-31

This release is an update and expansion of the information provided in Release 1.0 of the Metering Best Practice Guide that was issued in October 2007. This release, as was the previous release, was developed under the direction of the U.S. Department of Energy's Federal Energy Management Program (FEMP). The mission of FEMP is to facilitate the Federal Government's implementation of sound cost-effective energy management and investment practices to enhance the nation's energy security and environmental stewardship. Each of these activities is directly related to achieving requirements set forth in the Energy Policy Acts of 1992 and 2005, the Energymore » Independence and Security Act (EISA) of 2007, and the goals that have been established in Executive Orders 13423 and 13514 - and also those practices that are inherent in sound management of Federal financial and personnel resources.« less

Informal Workers in Thailand: Occupational Health and Social Security Disparities

PubMed Central

Kongtip, Pornpimol; Nankongnab, Noppanun; Chaikittiporn, Chalermchai; Laohaudomchok, Wisanti; Woskie, Susan; Slatin, Craig

2018-01-01

Informal workers in Thailand lack employee status as defined under the Labor Protection Act (LPA). Typically, they do not work at an employer’s premise; they work at home and may be self-employed or temporary workers. They account for 62.6 percent of the Thai workforce and have a workplace accident rate ten times higher than formal workers. Most Thai Labor laws apply only to formal workers, but some protect informal workers in the domestic, home work, and agricultural sectors. Laws that protect informal workers lack practical enforcement mechanisms and are generally ineffective because informal workers lack employment contracts and awareness of their legal rights. Thai social security laws fail to provide informal workers with treatment of work-related accidents, diseases, and injuries; unemployment and retirement insurance; and workers’ compensation. The article summarizes the differences in protections available for formal and informal sector workers and measures needed to decrease these disparities in coverage. PMID:25995374

Clinical benchmarking for the office practitioner enabled by the online health record

PubMed Central

Ricciardi, TN; Masarie, FE; Landholt, T; Middleton, B

2000-01-01

Payer organizations, regulatory entities, and delivery networks are placing increasing pressure on physicians to report aggregate information about their patients and practice of medicine. Historically, clinicians have been ill-equipped to respond to these pressures when their practices have relied upon payer records for clinical information management. Key Industry Drivers: Physicians need specific information from their practices for the purposes of contract management, preventive care, office productivity, and utilization reviews. Value Statement: Clinical data captured at the point of care can support reporting requirements, and supplement or replace laboriously-collected data derived from billing and other administrative systems. Information from the Online Health Record can empower the individual physician to assess what is going on in their practice of medicine, as opposed to being "profiled" by an external entity. We created a secure web-based system that provides access to a clinical data mart, to allow online benchmarking for the individual or office practitioner. Providers used a web-enabled documentation system to document the clinical facts of the encounter. A nightly set of routines extracts data from the online chart into the clinical data mart built in a relational database. The system uses a clinical vocabulary server to map provider-entered strings to normalized clinical concepts. The system loads chart data into a dimensional data model, to simplify data representation and ensure fast query performance. Providers can access their own profiles from a secure web browser. PMID:11080030

Security Vulnerability Profiles of NASA Mission Software: Empirical Analysis of Security Related Bug Reports

NASA Technical Reports Server (NTRS)

Goseva-Popstojanova, Katerina; Tyo, Jacob P.; Sizemore, Brian

2017-01-01

NASA develops, runs, and maintains software systems for which security is of vital importance. Therefore, it is becoming an imperative to develop secure systems and extend the current software assurance capabilities to cover information assurance and cybersecurity concerns of NASA missions. The results presented in this report are based on the information provided in the issue tracking systems of one ground mission and one flight mission. The extracted data were used to create three datasets: Ground mission IVV issues, Flight mission IVV issues, and Flight mission Developers issues. In each dataset, we identified the software bugs that are security related and classified them in specific security classes. This information was then used to create the security vulnerability profiles (i.e., to determine how, why, where, and when the security vulnerabilities were introduced) and explore the existence of common trends. The main findings of our work include:- Code related security issues dominated both the Ground and Flight mission IVV security issues, with 95 and 92, respectively. Therefore, enforcing secure coding practices and verification and validation focused on coding errors would be cost effective ways to improve mission's security. (Flight mission Developers issues dataset did not contain data in the Issue Category.)- In both the Ground and Flight mission IVV issues datasets, the majority of security issues (i.e., 91 and 85, respectively) were introduced in the Implementation phase. In most cases, the phase in which the issues were found was the same as the phase in which they were introduced. The most security related issues of the Flight mission Developers issues dataset were found during Code Implementation, Build Integration, and Build Verification; the data on the phase in which these issues were introduced were not available for this dataset.- The location of security related issues, as the location of software issues in general, followed the Pareto principle. Specifically, for all three datasets, from 86 to 88 the security related issues were located in two to four subsystems.- The severity levels of most security issues were moderate, in all three datasets.- Out of 21 primary security classes, five dominated: Exception Management, Memory Access, Other, Risky Values, and Unused Entities. Together, these classes contributed from around 80 to 90 of all security issues in each dataset. This again proves the Pareto principle of uneven distribution of security issues, in this case across CWE classes, and supports the fact that addressing these dominant security classes provides the most cost efficient way to improve missions' security. The findings presented in this report uncovered the security vulnerability profiles and identified the common trends and dominant classes of security issues, which in turn can be used to select the most efficient secure design and coding best practices compiled by the part of the SARP project team associated with the NASA's Johnson Space Center. In addition, these findings provide valuable input to the NASA IVV initiative aimed at identification of the two 25 CWEs of ground and flight missions.

Software Assurance Best Practices for Air Force Weapon and Information Technology Systems - Are We Bleeding

DTIC Science & Technology

2008-03-01

in applications is software assurance. There are many subtle variations to the software assurance definition (Goertzel, et al ., 2007), but the DoD...Gary McGraw (2006), and Thorsten 18 Schneider (2006). Goertzel, et al . (2007), lists and compares several security-enhanced software development...detailed by Goertzel, et al ., is the Microsoft Trustworthy Computing Security Development Lifecycle (SDL), shown in the following figure: Figure 6

A new image encryption algorithm based on the fractional-order hyperchaotic Lorenz system

NASA Astrophysics Data System (ADS)

Wang, Zhen; Huang, Xia; Li, Yu-Xia; Song, Xiao-Na

2013-01-01

We propose a new image encryption algorithm on the basis of the fractional-order hyperchaotic Lorenz system. While in the process of generating a key stream, the system parameters and the derivative order are embedded in the proposed algorithm to enhance the security. Such an algorithm is detailed in terms of security analyses, including correlation analysis, information entropy analysis, run statistic analysis, mean-variance gray value analysis, and key sensitivity analysis. The experimental results demonstrate that the proposed image encryption scheme has the advantages of large key space and high security for practical image encryption.

[Application of password manager software in health care].

PubMed

Ködmön, József

2016-12-01

When using multiple IT systems, handling of passwords in a secure manner means a potential source of problem. The most frequent issues are choosing the appropriate length and complexity, and then remembering the strong passwords. Password manager software provides a good solution for this problem, while greatly increasing the security of sensitive medical data. This article introduces a password manager software and provides basic information of the application. It also discusses how to select a really secure password manager software and suggests a practical application to efficient, safe and comfortable use for health care. Orv. Hetil., 2016, 157(52), 2066-2073.

Petroleum Geology and the securities laws: Implications for professional practice

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abbott, D.M. Jr.; Achuff, C.H.

1991-03-01

Many geologists' practice includes such activities as recommending prospects, estimating reserves, and assembling drilling deals. When other people's money is used to finance these and other activities, the geologist, knowingly or not, becomes subject to the securities laws. Full disclosure to investors of all relevant information is the primary securities law principle affecting geological practice. In particular, geologic recommendations or reports reaching investors must effectively communicate both the upside potential and the downside risks of the project. If investors feel misled, the geologist may be sued for statements made in or based on his or her reports or for failingmore » to discuss significant factors. To reduce this risk, professional reports should state the date of the report, what was done, for whom, what data and underlying assumptions were used, what remains to be done, what is recommended, and whether distribution of the report should be restricted, among other things. Always retain a copy in case questions about the report's contents arise. Remember, reports tend to be passed along with the project and can be used or misused several years later by successors in interest in the project. In today's litigious society, there is an increasing likelihood that geologists may have to defend their work in court. Geologists should be aware of the impact of the securities and other laws on their practice.« less

Building community resilience: what can the United States learn from experiences in other countries?

PubMed

Moore, Melinda; Chandra, Anita; Feeney, Kevin C

2013-06-01

Community resilience (CR) is emerging as a major public policy priority within disaster management and is one of two key pillars of the December 2009 US National Health Security Strategy. However, there is no clear agreement on what key elements constitute CR. We examined exemplary practices from international disaster management to validate the elements of CR, as suggested by Homeland Security Presidential Directive 21 (HSPD-21), to potentially identify new elements and to identify practices that could be emulated or adapted to help build CR. We extracted detailed information relevant to CR from unpublished case studies we had developed previously, describing exemplary practices from international natural disasters occurring between 1985 and 2005. We then mapped specific practices against the five elements of CR suggested by HSPD-21. We identified 49 relevant exemplary practices from 11 natural disasters in 10 countries (earthquakes in Mexico, India, and Iran; volcanic eruption in Philippines; hurricanes in Honduras and Cuba; floods in Bangladesh, Vietnam, and Mozambique; tsunami in Indian Ocean countries; and typhoon in Vietnam). Of these, 35 mapped well against the five elements of CR: community education, community empowerment, practice, social networks, and familiarity with local services; 15 additional practices were related to physical security and economic security. The five HSPD-21 CR elements and two additional ones we identified were closely related to one another; social networks were especially important to CR. While each disaster is unique, the elements of CR appear to be broadly applicable across countries and disaster settings. Our descriptive study provides retrospective empirical evidence that helps validate, and adds to, the elements of CR suggested by HSPD-21. It also generates hypotheses about factors contributing to CR that can be tested in future analytic or experimental research.

33 CFR 137.80 - Commonly known or reasonably ascertainable information about the facility and the real property...

Code of Federal Regulations, 2012 CFR

2012-07-01

... Section 137.80 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED... ALL APPROPRIATE INQUIRIES UNDER THE INNOCENT LAND-OWNER DEFENSE Standards and Practices § 137.80...

33 CFR 137.80 - Commonly known or reasonably ascertainable information about the facility and the real property...

Code of Federal Regulations, 2013 CFR

2013-07-01

... Section 137.80 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED... ALL APPROPRIATE INQUIRIES UNDER THE INNOCENT LAND-OWNER DEFENSE Standards and Practices § 137.80...

33 CFR 137.80 - Commonly known or reasonably ascertainable information about the facility and the real property...

Code of Federal Regulations, 2010 CFR

2010-07-01

... Section 137.80 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED... ALL APPROPRIATE INQUIRIES UNDER THE INNOCENT LAND-OWNER DEFENSE Standards and Practices § 137.80...

33 CFR 137.80 - Commonly known or reasonably ascertainable information about the facility and the real property...

Code of Federal Regulations, 2014 CFR

2014-07-01

... Section 137.80 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED... ALL APPROPRIATE INQUIRIES UNDER THE INNOCENT LAND-OWNER DEFENSE Standards and Practices § 137.80...

33 CFR 137.80 - Commonly known or reasonably ascertainable information about the facility and the real property...

Code of Federal Regulations, 2011 CFR

2011-07-01

... Section 137.80 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED... ALL APPROPRIATE INQUIRIES UNDER THE INNOCENT LAND-OWNER DEFENSE Standards and Practices § 137.80...

CERT Resilience Management Model, Version 1.0

DTIC Science & Technology

2010-05-01

practice such as ISO 27000 , COBIT, or ITIL. If you are a member of an established process improvement community, particularly one centered on CMMI...Systems Audit and Control Association ISO International Organization for Standardization ISSA Information Systems Security Association IT

Experimental plug and play quantum coin flipping.

PubMed

Pappa, Anna; Jouguet, Paul; Lawson, Thomas; Chailloux, André; Legré, Matthieu; Trinkler, Patrick; Kerenidis, Iordanis; Diamanti, Eleni

2014-04-24

Performing complex cryptographic tasks will be an essential element in future quantum communication networks. These tasks are based on a handful of fundamental primitives, such as coin flipping, where two distrustful parties wish to agree on a randomly generated bit. Although it is known that quantum versions of these primitives can offer information-theoretic security advantages with respect to classical protocols, a demonstration of such an advantage in a practical communication scenario has remained elusive. Here we experimentally implement a quantum coin flipping protocol that performs strictly better than classically possible over a distance suitable for communication over metropolitan area optical networks. The implementation is based on a practical plug and play system, developed by significantly enhancing a commercial quantum key distribution device. Moreover, we provide combined quantum coin flipping protocols that are almost perfectly secure against bounded adversaries. Our results offer a useful toolbox for future secure quantum communications.

Critical Infrastructure Protection II, The International Federation for Information Processing, Volume 290.

NASA Astrophysics Data System (ADS)

Papa, Mauricio; Shenoi, Sujeet

The information infrastructure -- comprising computers, embedded devices, networks and software systems -- is vital to day-to-day operations in every sector: information and telecommunications, banking and finance, energy, chemicals and hazardous materials, agriculture, food, water, public health, emergency services, transportation, postal and shipping, government and defense. Global business and industry, governments, indeed society itself, cannot function effectively if major components of the critical information infrastructure are degraded, disabled or destroyed. Critical Infrastructure Protection II describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated, yet practical, solutions that will help secure information, computer and network assets in the various critical infrastructure sectors. Areas of coverage include: - Themes and Issues - Infrastructure Security - Control Systems Security - Security Strategies - Infrastructure Interdependencies - Infrastructure Modeling and Simulation This book is the second volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection. The book contains a selection of twenty edited papers from the Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection held at George Mason University, Arlington, Virginia, USA in the spring of 2008.

Software Security Practices: Integrating Security into the SDLC

DTIC Science & Technology

2011-05-01

Software Security Practices Integrating Security into the SDLC Robert A. Martin HS SEDI is a trademark of the U.S. Department of Homeland Security...2011 to 00-00-2011 4. TITLE AND SUBTITLE Software Security Practices Integrating Security into the SDLC 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c...SEDI FFRDC is managed and operated by The MITRE Corporation for DHS. 4 y y w SDLC Integrating Security into a typical software development lifecycle

Command and Control Concepts and Solutions for Major Events Safety and Security: Lessons Learned from the Canadian Experience with Vancouver 2010 and G8/G20 Events

DTIC Science & Technology

2011-06-01

discuss best practices and the prerogatives of major events C2 solutions. In section 6, we present the conclusion. 2 Complexity of the Command and Control...best practices for sharing information, standard operating procedure (SOPs) and response plans have been investigated through formal studies and an...and contributed to the deployment of an information sharing solution on Command Network. This solution was based on Microsoft SharePoint. The team

An accountability server for health care information systems.

PubMed

Kowalski, S

1994-02-01

The paper starts off by first briefly discussing the necessary ethical, legal and administrative/management controls that are required before the mechanisms of accountability controls can be implemented in automated clinical patient record systems. After these social aspects are discussed the technical aspects of the ALS are outlined. The security concepts of the ECMA framework are reviewed and used to explain the technical design of the ALS. A walk-through of the server in a typical patient record transaction is used to explain the operations of the server. The paper concludes with a general discussion of the usefulness of accountability mechanisms in making security in health care information work in practice.

Towards Device-Independent Information Processing on General Quantum Networks

NASA Astrophysics Data System (ADS)

Lee, Ciarán M.; Hoban, Matty J.

2018-01-01

The violation of certain Bell inequalities allows for device-independent information processing secure against nonsignaling eavesdroppers. However, this only holds for the Bell network, in which two or more agents perform local measurements on a single shared source of entanglement. To overcome the practical constraints that entangled systems can only be transmitted over relatively short distances, large-scale multisource networks have been employed. Do there exist analogs of Bell inequalities for such networks, whose violation is a resource for device independence? In this Letter, the violation of recently derived polynomial Bell inequalities will be shown to allow for device independence on multisource networks, secure against nonsignaling eavesdroppers.

Collaborative Access Control For Critical Infrastructures

NASA Astrophysics Data System (ADS)

Baina, Amine; El Kalam, Anas Abou; Deswarte, Yves; Kaaniche, Mohamed

A critical infrastructure (CI) can fail with various degrees of severity due to physical and logical vulnerabilities. Since many interdependencies exist between CIs, failures can have dramatic consequences on the entire infrastructure. This paper focuses on threats that affect information and communication systems that constitute the critical information infrastructure (CII). A new collaborative access control framework called PolyOrBAC is proposed to address security problems that are specific to CIIs. The framework offers each organization participating in a CII the ability to collaborate with other organizations while maintaining control of its resources and internal security policy. The approach is demonstrated on a practical scenario involving the electrical power grid.

Towards Device-Independent Information Processing on General Quantum Networks.

PubMed

Lee, Ciarán M; Hoban, Matty J

2018-01-12

The violation of certain Bell inequalities allows for device-independent information processing secure against nonsignaling eavesdroppers. However, this only holds for the Bell network, in which two or more agents perform local measurements on a single shared source of entanglement. To overcome the practical constraints that entangled systems can only be transmitted over relatively short distances, large-scale multisource networks have been employed. Do there exist analogs of Bell inequalities for such networks, whose violation is a resource for device independence? In this Letter, the violation of recently derived polynomial Bell inequalities will be shown to allow for device independence on multisource networks, secure against nonsignaling eavesdroppers.

[Information security in health care].

PubMed

Ködmön, József; Csajbók, Zoltán Ernő

2015-07-05

Doctors, nurses and other medical professionals are spending more and more time in front of the computer, using applications developed for general practitioners, specialized care, or perhaps an integrated hospital system. The data they handle during healing and patient care are mostly sensitive data and, therefore, their management is strictly regulated. Finding our way in the jungle of laws, regulations and policies is not simple. Notwithstanding, our lack of information does not waive our responsibility. This study summarizes the most important points of international recommendations, standards and legal regulations of the field, as well as giving practical advices for managing medical and patient data securely and in compliance with the current legal regulations.

Data mining technique for a secure electronic payment transaction using MJk-RSA in mobile computing

NASA Astrophysics Data System (ADS)

G. V., Ramesh Babu; Narayana, G.; Sulaiman, A.; Padmavathamma, M.

2012-04-01

Due to the evolution of the Electronic Learning (E-Learning), one can easily get desired information on computer or mobile system connected through Internet. Currently E-Learning materials are easily accessible on the desktop computer system, but in future, most of the information shall also be available on small digital devices like Mobile, PDA, etc. Most of the E-Learning materials are paid and customer has to pay entire amount through credit/debit card system. Therefore, it is very important to study about the security of the credit/debit card numbers. The present paper is an attempt in this direction and a security technique is presented to secure the credit/debit card numbers supplied over the Internet to access the E-Learning materials or any kind of purchase through Internet. A well known method i.e. Data Cube Technique is used to design the security model of the credit/debit card system. The major objective of this paper is to design a practical electronic payment protocol which is the safest and most secured mode of transaction. This technique may reduce fake transactions which are above 20% at the global level.

On the security of two remote user authentication schemes for telecare medical information systems.

PubMed

Kim, Kee-Won; Lee, Jae-Dong

2014-05-01

The telecare medical information systems (TMISs) support convenient and rapid health-care services. A secure and efficient authentication scheme for TMIS provides safeguarding patients' electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Kumari et al. proposed a password based user authentication scheme using smart cards for TMIS, and claimed that the proposed scheme could resist various malicious attacks. However, we point out that their scheme is still vulnerable to lost smart card and cannot provide forward secrecy. Subsequently, Das and Goswami proposed a secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. They simulated their scheme for the formal security verification using the widely-accepted automated validation of Internet security protocols and applications (AVISPA) tool to ensure that their scheme is secure against passive and active attacks. However, we show that their scheme is still vulnerable to smart card loss attacks and cannot provide forward secrecy property. The proposed cryptanalysis discourages any use of the two schemes under investigation in practice and reveals some subtleties and challenges in designing this type of schemes.

Secure and Robust Transmission and Verification of Unknown Quantum States in Minkowski Space

PubMed Central

Kent, Adrian; Massar, Serge; Silman, Jonathan

2014-01-01

An important class of cryptographic applications of relativistic quantum information work as follows. B generates a random qudit and supplies it to A at point P. A is supposed to transmit it at near light speed c to to one of a number of possible pairwise spacelike separated points Q1, …, Qn. A's transmission is supposed to be secure, in the sense that B cannot tell in advance which Qj will be chosen. This poses significant practical challenges, since secure reliable long-range transmission of quantum data at speeds near to c is presently not easy. Here we propose different techniques to overcome these diffculties. We introduce protocols that allow secure long-range implementations even when both parties control only widely separated laboratories of small size. In particular we introduce a protocol in which A needs send the qudit only over a short distance, and securely transmits classical information (for instance using a one time pad) over the remaining distance. We further show that by using parallel implementations of the protocols security can be maintained in the presence of moderate amounts of losses and errors. PMID:24469425

Informed consent in implantable BCI research: identification of research risks and recommendations for development of best practices

NASA Astrophysics Data System (ADS)

Klein, Eran; Ojemann, Jeffrey

2016-08-01

Objective. Implantable brain-computer interface (BCI) research promises improvements in human health and enhancements in quality of life. Informed consent of subjects is a central tenet of this research. Rapid advances in neuroscience, and the intimate connection between functioning of the brain and conceptions of the self, make informed consent particularly challenging in BCI research. Identification of safety and research-related risks associated with BCI devices is an important step in ensuring meaningful informed consent. Approach. This paper highlights a number of BCI research risks, including safety concerns, cognitive and communicative impairments, inappropriate subject expectations, group vulnerabilities, privacy and security, and disruptions of identity. Main results. Based on identified BCI research risks, best practices are needed for understanding and incorporating BCI-related risks into informed consent protocols. Significance. Development of best practices should be guided by processes that are: multidisciplinary, systematic and transparent, iterative, relational and exploratory.

Informed consent in implantable BCI research: identification of research risks and recommendations for development of best practices.

PubMed

Klein, Eran; Ojemann, Jeffrey

2016-08-01

Implantable brain-computer interface (BCI) research promises improvements in human health and enhancements in quality of life. Informed consent of subjects is a central tenet of this research. Rapid advances in neuroscience, and the intimate connection between functioning of the brain and conceptions of the self, make informed consent particularly challenging in BCI research. Identification of safety and research-related risks associated with BCI devices is an important step in ensuring meaningful informed consent. This paper highlights a number of BCI research risks, including safety concerns, cognitive and communicative impairments, inappropriate subject expectations, group vulnerabilities, privacy and security, and disruptions of identity. Based on identified BCI research risks, best practices are needed for understanding and incorporating BCI-related risks into informed consent protocols. Development of best practices should be guided by processes that are: multidisciplinary, systematic and transparent, iterative, relational and exploratory.

Confidentiality, electronic health records, and the clinician.

PubMed

Graves, Stuart

2013-01-01

The advent of electronic health records (EHRs) to improve access and enable research in the everyday clinical world has simultaneously made medical information much more vulnerable to illicit, non-beneficent uses. This wealth of identified, aggregated data has and will attract attacks by domestic governments for surveillance and protection, foreign governments for espionage and sabotage, organized crime for illegal profits, and large corporations for "legal" profits. Against these powers with almost unlimited resources no security scheme is likely to prevail, so the design of such systems should include appropriate security measures. Unlike paper records, where the person maintaining and controlling the existence of the records also controls access to them, these two functions can be separated for EHRs. By giving physical control over access to individual records to their individual owners, the aggregate is dismantled, thereby protecting the nation's identified health information from large-scale data mining or tampering. Control over the existence and integrity of all the records--yet without the ability to examine their contents--would be left with larger institutions. This article discusses the implications of all of the above for the role of the clinician in assuring confidentiality (a cornerstone of clinical practice), for research and everyday practice, and for current security designs.

What is a 'secure base' when death is approaching? A study applying attachment theory to adult patients' and family members' experiences of palliative home care.

PubMed

Milberg, A; Wåhlberg, R; Jakobsson, M; Olsson, E-C; Olsson, M; Friedrichsen, M

2012-08-01

Attachment theory has received much interest lately in relation to how adults cope with stress and severe illness. The aim of this study was using the experiences of patients and family members to explore palliative home care as a 'secure base' (a central concept within the theory). Twelve patients and 14 family members were interviewed during ongoing palliative home care. The interviews were analysed with deductive qualitative content analysis. Informants expressed the relevance of sensing security during palliative home care because death and dying were threats that contributed to vulnerability. Palliative home care could foster a feeling of security and provide a secure base. This was facilitated when informants had trust in staff (e.g. due to availability and competence in providing symptom relief), felt recognised as individuals and welcomed to contact the team in times of needs. Being comfortable, informed and having an everyday life also contributed to a perception of palliative home care as a secure base. Family members stressed the importance of being relieved from responsibilities that were too heavy. The underlying meanings of experiencing palliative home care as a secure base involved gaining a sense of control and of inner peace, perceiving that despite a demanding and changed life situation, one could continue partially being oneself and having something to hope for, even if this no longer concerned cure for the ill person. Important aspects of palliative home care as providing a secure base were identified and these have implications for clinical practice. Copyright © 2011 John Wiley & Sons, Ltd.

Hiring Practices Used to Staff the Iraqi Provisional Authorities

DTIC Science & Technology

2009-01-16

Report No. D-2009-042 January 16 , 2009 Hiring Practices Used To Staff the Iraqi Provisional Authorities Report Documentation Page Form...with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE 16 JAN 2009 2. REPORT TYPE 3. DATES...AVAILABILITY STATEMENT Approved for public release; distribution unlimited 13. SUPPLEMENTARY NOTES 14. ABSTRACT 15. SUBJECT TERMS 16 . SECURITY

Pivots - A Bottom-Up Approach to Enhance Resilience

DTIC Science & Technology

2015-12-01

similar to a business incubator) to provide entrepreneurs with tools and resources to withstand disaster. Case studies and best practices identify...Salve Regina University, 2013 Submitted in partial fulfillment of the requirements for the degree of MASTER OF ARTS IN SECURITY STUDIES ...business incubator) to provide entrepreneurs with tools and resources to withstand disaster. Case studies and best practices identify and inform models of

Does microblogging convey firm-specific information? Evidence from China

NASA Astrophysics Data System (ADS)

Shen, Dehua; Li, Xiao; Xue, Mei; Zhang, Wei

2017-09-01

This paper investigates the impact of opening microblogging account in Sina Weibo on the diffusion of firm-specific information in Chinese stock market. With the unique sample of firms opening their official accounts, the empirical results show that this newly emerged information diffusion channel, i.e., Sina Weibo, plays an important role in conveying firm-specific information to the market. Generally speaking, these empirical findings have practical implications to securities regulators who have interest in monitoring the diffused information via social media.

75 FR 19415 - Agency Information Collection Activities: Proposed Collection; Comment Request, 1660-0022...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-14

... implement practices, such as building codes and public education activities, that are considered to reduce..., Department of Homeland Security. [FR Doc. 2010-8496 Filed 4-13-10; 8:45 am] BILLING CODE 9110-11-P ...

78 FR 16699 - National Maritime Security Advisory Committee; Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-18

... Executive Order \\1\\ to strengthen the cybersecurity of critical infrastructure by increasing information sharing and by jointly developing and implementing a framework of cybersecurity practices with our...-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity . (2...

Best Practices for Management of Biocontaminated Waste ...

EPA Pesticide Factsheets

Report The purpose of these best practices is to provide federal, state, territorial, and local waste management entities information on techniques and methodologies that have the potential to improve the handling and management of biocontaminated waste streams after a biological agent incident. These best practices are intended to be general in nature serving as a resource to a variety of biological agents in a variety of situations; however, these best practices also present a specific homeland security scenario – a biological attack with Bacillus anthracis (B. anthracis) – to help illustrate specific waste management considerations.

Wireless physical layer security

NASA Astrophysics Data System (ADS)

Poor, H. Vincent; Schaefer, Rafael F.

2017-01-01

Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments.

Wireless physical layer security.

PubMed

Poor, H Vincent; Schaefer, Rafael F

2017-01-03

Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments.

Wireless physical layer security

PubMed Central

Schaefer, Rafael F.

2017-01-01

Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments. PMID:28028211

Meeting the privacy requirements for the development of a multi-centre patient registry in Canada: the Rick Hansen Spinal Cord Injury Registry.

PubMed

Noonan, Vanessa K; Thorogood, Nancy P; Joshi, Phalgun B; Fehlings, Michael G; Craven, B Catharine; Linassi, Gary; Fourney, Daryl R; Kwon, Brian K; Bailey, Christopher S; Tsai, Eve C; Drew, Brian M; Ahn, Henry; Tsui, Deborah; Dvorak, Marcel F

2013-05-01

Privacy legislation addresses concerns regarding the privacy of personal information; however, its interpretation by research ethics boards has resulted in significant challenges to the collection, management, use and disclosure of personal health information for multi-centre research studies. This paper describes the strategy used to develop the national Rick Hansen Spinal Cord Injury Registry (RHSCIR) in accordance with privacy statutes and benchmarked against best practices. An analysis of the regional and national privacy legislation was conducted to determine the requirements for each of the 31 local RHSCIR sites and the national RHSCIR office. A national privacy and security framework was created for RHSCIR that includes a governance structure, standard operating procedures, training processes, physical and technical security and privacy impact assessments. The framework meets a high-water mark in ensuring privacy and security of personal health information nationally and may assist in the development of other national or international research initiatives. Copyright © 2013 Longwoods Publishing.

Meeting the Privacy Requirements for the Development of a Multi-Centre Patient Registry in Canada: The Rick Hansen Spinal Cord Injury Registry

PubMed Central

Noonan, Vanessa K.; Thorogood, Nancy P.; Joshi, Phalgun B.; Fehlings, Michael G.; Craven, B. Catharine; Linassi, Gary; Fourney, Daryl R.; Kwon, Brian K.; Bailey, Christopher S.; Tsai, Eve C.; Drew, Brian M.; Ahn, Henry; Tsui, Deborah; Dvorak, Marcel F.

2013-01-01

Privacy legislation addresses concerns regarding the privacy of personal information; however, its interpretation by research ethics boards has resulted in significant challenges to the collection, management, use and disclosure of personal health information for multi-centre research studies. This paper describes the strategy used to develop the national Rick Hansen Spinal Cord Injury Registry (RHSCIR) in accordance with privacy statutes and benchmarked against best practices. An analysis of the regional and national privacy legislation was conducted to determine the requirements for each of the 31 local RHSCIR sites and the national RHSCIR office. A national privacy and security framework was created for RHSCIR that includes a governance structure, standard operating procedures, training processes, physical and technical security and privacy impact assessments. The framework meets a high-water mark in ensuring privacy and security of personal health information nationally and may assist in the development of other national or international research initiatives. PMID:23968640

Securing SIFT: Privacy-preserving Outsourcing Computation of Feature Extractions Over Encrypted Image Data.

PubMed

Hu, Shengshan; Wang, Qian; Wang, Jingjun; Qin, Zhan; Ren, Kui

2016-05-13

Advances in cloud computing have greatly motivated data owners to outsource their huge amount of personal multimedia data and/or computationally expensive tasks onto the cloud by leveraging its abundant resources for cost saving and flexibility. Despite the tremendous benefits, the outsourced multimedia data and its originated applications may reveal the data owner's private information, such as the personal identity, locations or even financial profiles. This observation has recently aroused new research interest on privacy-preserving computations over outsourced multimedia data. In this paper, we propose an effective and practical privacy-preserving computation outsourcing protocol for the prevailing scale-invariant feature transform (SIFT) over massive encrypted image data. We first show that previous solutions to this problem have either efficiency/security or practicality issues, and none can well preserve the important characteristics of the original SIFT in terms of distinctiveness and robustness. We then present a new scheme design that achieves efficiency and security requirements simultaneously with the preservation of its key characteristics, by randomly splitting the original image data, designing two novel efficient protocols for secure multiplication and comparison, and carefully distributing the feature extraction computations onto two independent cloud servers. We both carefully analyze and extensively evaluate the security and effectiveness of our design. The results show that our solution is practically secure, outperforms the state-of-theart, and performs comparably to the original SIFT in terms of various characteristics, including rotation invariance, image scale invariance, robust matching across affine distortion, addition of noise and change in 3D viewpoint and illumination.

Security Standards and Best Practice Considerations for Quantum Key Distribution (QKD)

DTIC Science & Technology

2012-03-01

SECURITY STANDARDS AND BEST PRACTICE CONSIDERATIONS FOR QUANTUM KEY DISTRIBUTION (QKD) THESIS...protection in the United States. AFIT/GSE/ENV/12-M05 SECURITY STANDARDS AND BEST PRACTICE CONSIDERATIONS FOR QUANTUM KEY DISTRIBUTION (QKD...FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED. AFIT/GSE/ENV/12-M05 SECURITY STANDARDS AND BEST PRACTICE CONSIDERATIONS FOR QUANTUM KEY

Classified Information and Technical Libraries. Final Report. Army Technical Library Improvement Studies (ATLIS), Report No. 11.

ERIC Educational Resources Information Center

Luger, Herbert P.; Booser, Ronald J.

A survey of the literature in the last ten years and interviews with library and security personnel indicated: (1)the problems of handling classified information in libraries have been scanted; (2) there is wide divergence in policies and practices of disseminating such materials; (3)interlibrary cooperation with respect to classified holdings is…

A secure and efficiently searchable health information architecture.

PubMed

Yasnoff, William A

2016-06-01

Patient-centric repositories of health records are an important component of health information infrastructure. However, patient information in a single repository is potentially vulnerable to loss of the entire dataset from a single unauthorized intrusion. A new health record storage architecture, the personal grid, eliminates this risk by separately storing and encrypting each person's record. The tradeoff for this improved security is that a personal grid repository must be sequentially searched since each record must be individually accessed and decrypted. To allow reasonable search times for large numbers of records, parallel processing with hundreds (or even thousands) of on-demand virtual servers (now available in cloud computing environments) is used. Estimated search times for a 10 million record personal grid using 500 servers vary from 7 to 33min depending on the complexity of the query. Since extremely rapid searching is not a critical requirement of health information infrastructure, the personal grid may provide a practical and useful alternative architecture that eliminates the large-scale security vulnerabilities of traditional databases by sacrificing unnecessary searching speed. Copyright © 2016 Elsevier Inc. All rights reserved.

Experimental measurement-device-independent quantum digital signatures over a metropolitan network

NASA Astrophysics Data System (ADS)

Yin, Hua-Lei; Wang, Wei-Long; Tang, Yan-Lin; Zhao, Qi; Liu, Hui; Sun, Xiang-Xiang; Zhang, Wei-Jun; Li, Hao; Puthoor, Ittoop Vergheese; You, Li-Xing; Andersson, Erika; Wang, Zhen; Liu, Yang; Jiang, Xiao; Ma, Xiongfeng; Zhang, Qiang; Curty, Marcos; Chen, Teng-Yun; Pan, Jian-Wei

2017-04-01

Quantum digital signatures (QDSs) provide a means for signing electronic communications with information-theoretic security. However, all previous demonstrations of quantum digital signatures assume trusted measurement devices. This renders them vulnerable against detector side-channel attacks, just like quantum key distribution. Here we exploit a measurement-device-independent (MDI) quantum network, over a metropolitan area, to perform a field test of a three-party MDI QDS scheme that is secure against any detector side-channel attack. In so doing, we are able to successfully sign a binary message with a security level of about 10-7. Remarkably, our work demonstrates the feasibility of MDI QDSs for practical applications.

Linking Research to Practice: FEWS NET and Its Use of Satellite Remote Sensing Data

NASA Technical Reports Server (NTRS)

Brown, Molly E.; Brickley, Elizabeth B.

2011-01-01

The purpose of the Famine Early Warning Systems Network (FEWS NET) is to collaborate with international, regional and national partners to provide timely and rigorous early warning and vulnerability information on emerging and evolving food security issues

An Analysis of Fraud on the Internet.

ERIC Educational Resources Information Center

Baker, C. Richard

1999-01-01

Examines the issue of fraud on the Internet and discusses three areas with significant potential for misleading and fraudulent practices: securities sales and trading; electronic commerce, including privacy and information protection; and the rapid growth of Internet companies, including advertising issues. (Author/LRW)

78 FR 61807 - National Cybersecurity Awareness Month, 2013

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-04

... National Cybersecurity Awareness Month, 2013 By the President of the United States of America A... public awareness about cybersecurity, and we recommit to enhancing the security and resilience of our... best practices for cybersecurity, increase information sharing between the Federal Government and...

78 FR 19277 - National Maritime Security Advisory Committee; Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-29

... Obama signed an Executive Order to strengthen the cybersecurity of critical infrastructure by increasing information sharing and by jointly developing and implementing a framework of cybersecurity practices with our...-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity . (2...

Establishing rational networking using the DL04 quantum secure direct communication protocol

NASA Astrophysics Data System (ADS)

Qin, Huawang; Tang, Wallace K. S.; Tso, Raylin

2018-06-01

The first rational quantum secure direct communication scheme is proposed, in which we use the game theory with incomplete information to model the rational behavior of the participant, and give the strategy space and utility function. The rational participant can get his maximal utility when he performs the protocol faithfully, and then the Nash equilibrium of the protocol can be achieved. Compared to the traditional schemes, our scheme will be more practical in the presence of rational participant.

Brainjacking: Implant Security Issues in Invasive Neuromodulation.

PubMed

Pycroft, Laurie; Boccard, Sandra G; Owen, Sarah L F; Stein, John F; Fitzgerald, James J; Green, Alexander L; Aziz, Tipu Z

2016-08-01

The security of medical devices is critical to good patient care, especially when the devices are implanted. In light of recent developments in information security, there is reason to be concerned that medical implants are vulnerable to attack. The ability of attackers to exert malicious control over brain implants ("brainjacking") has unique challenges that we address in this review, with particular focus on deep brain stimulation implants. To illustrate the potential severity of this risk, we identify several mechanisms through which attackers could manipulate patients if unauthorized access to an implant can be achieved. These include blind attacks in which the attacker requires no patient-specific knowledge and targeted attacks that require patient-specific information. Blind attacks include cessation of stimulation, draining implant batteries, inducing tissue damage, and information theft. Targeted attacks include impairment of motor function, alteration of impulse control, modification of emotions or affect, induction of pain, and modulation of the reward system. We also discuss the limitations inherent in designing implants and the trade-offs that must be made to balance device security with battery life and practicality. We conclude that researchers, clinicians, manufacturers, and regulatory bodies should cooperate to minimize the risk posed by brainjacking. Copyright © 2016 Elsevier Inc. All rights reserved.

Robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps.

PubMed

Lu, Yanrong; Li, Lixiang; Peng, Haipeng; Xie, Dong; Yang, Yixian

2015-06-01

The Telecare Medicine Information Systems (TMISs) provide an efficient communicating platform supporting the patients access health-care delivery services via internet or mobile networks. Authentication becomes an essential need when a remote patient logins into the telecare server. Recently, many extended chaotic maps based authentication schemes using smart cards for TMISs have been proposed. Li et al. proposed a secure smart cards based authentication scheme for TMISs using extended chaotic maps based on Lee's and Jiang et al.'s scheme. In this study, we show that Li et al.'s scheme has still some weaknesses such as violation the session key security, vulnerability to user impersonation attack and lack of local verification. To conquer these flaws, we propose a chaotic maps and smart cards based password authentication scheme by applying biometrics technique and hash function operations. Through the informal and formal security analyses, we demonstrate that our scheme is resilient possible known attacks including the attacks found in Li et al.'s scheme. As compared with the previous authentication schemes, the proposed scheme is more secure and efficient and hence more practical for telemedical environments.

Embedding Secure Coding Instruction into the IDE: Complementing Early and Intermediate CS Courses with ESIDE

ERIC Educational Resources Information Center

Whitney, Michael; Lipford, Heather Richter; Chu, Bill; Thomas, Tyler

2018-01-01

Many of the software security vulnerabilities that people face today can be remediated through secure coding practices. A critical step toward the practice of secure coding is ensuring that our computing students are educated on these practices. We argue that secure coding education needs to be included across a computing curriculum. We are…

Radioactive source security: the cultural challenges.

PubMed

Englefield, Chris

2015-04-01

Radioactive source security is an essential part of radiation protection. Sources can be abandoned, lost or stolen. If they are stolen, they could be used to cause deliberate harm and the risks are varied and significant. There is a need for a global security protection system and enhanced capability to achieve this. The establishment of radioactive source security requires 'cultural exchanges'. These exchanges include collaboration between: radiation protection specialists and security specialists; the nuclear industry and users of radioactive sources; training providers and regulators/users. This collaboration will facilitate knowledge and experience exchange for the various stakeholder groups, beyond those already provided. This will promote best practice in both physical and information security and heighten security awareness generally. Only if all groups involved are prepared to open their minds to listen to and learn from, each other will a suitable global level of control be achieved. © The Author 2014. Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com.

Informal Workers in Thailand: Occupational Health and Social Security Disparities.

PubMed

Kongtip, Pornpimol; Nankongnab, Noppanun; Chaikittiporn, Chalermchai; Laohaudomchok, Wisanti; Woskie, Susan; Slatin, Craig

2015-08-01

Informal workers in Thailand lack employee status as defined under the Labor Protection Act (LPA). Typically, they do not work at an employer's premise; they work at home and may be self-employed or temporary workers. They account for 62.6 percent of the Thai workforce and have a workplace accident rate ten times higher than formal workers. Most Thai Labor laws apply only to formal workers, but some protect informal workers in the domestic, home work, and agricultural sectors. Laws that protect informal workers lack practical enforcement mechanisms and are generally ineffective because informal workers lack employment contracts and awareness of their legal rights. Thai social security laws fail to provide informal workers with treatment of work-related accidents, diseases, and injuries; unemployment and retirement insurance; and workers' compensation. The article summarizes the differences in protections available for formal and informal sector workers and measures needed to decrease these disparities in coverage. © The Author(s) 2015.

Security Issues for Mobile Medical Imaging: A Primer.

PubMed

Choudhri, Asim F; Chatterjee, Arindam R; Javan, Ramin; Radvany, Martin G; Shih, George

2015-10-01

The end-user of mobile device apps in the practice of clinical radiology should be aware of security measures that prevent unauthorized use of the device, including passcode policies, methods for dealing with failed login attempts, network manager-controllable passcode enforcement, and passcode enforcement for the protection of the mobile device itself. Protection of patient data must be in place that complies with the Health Insurance Portability and Accountability Act and U.S. Federal Information Processing Standards. Device security measures for data protection include methods for locally stored data encryption, hardware encryption, and the ability to locally and remotely clear data from the device. As these devices transfer information over both local wireless networks and public cell phone networks, wireless network security protocols, including wired equivalent privacy and Wi-Fi protected access, are important components in the chain of security. Specific virtual private network protocols, Secure Sockets Layer and related protocols (especially in the setting of hypertext transfer protocols), native apps, virtual desktops, and nonmedical commercial off-the-shelf apps require consideration in the transmission of medical data over both private and public networks. Enterprise security and management of both personal and enterprise mobile devices are discussed. Finally, specific standards for hardware and software platform security, including prevention of hardware tampering, protection from malicious software, and application authentication methods, are vital components in establishing a secure platform for the use of mobile devices in the medical field. © RSNA, 2015.

Conception of a course for professional training and education in the field of computer and mobile forensics

NASA Astrophysics Data System (ADS)

Kröger, Knut; Creutzburg, Reiner

2012-06-01

IT security and computer forensics are important components in the information technology. From year to year, incidents and crimes increase that target IT systems or was done with their help. More and more companies and authorities have security problems in their own IT infrastructure. To respond to these incidents professionally, it is important to have well trained staff. The fact that many agencies and companies work with very sensitive data makes it necessary to further train the own employees in the field of IT forensics. Motivated by these facts, a training concept, which allows the creation of practical exercises, is presented in this paper. The focus is on the practical implementation of forensic important relationships.

Taking aim at medical identity theft. Document security key element to comply with government regulations.

PubMed

Raymond, Colette

2010-01-01

Sensitive paper documents, such as patient records, customer data, and legal information, must be securely stored and destroyed when no longer needed. This is not only a good business practice that reduces costs and protects reputations, but also a legal and regulatory imperative. According to some experts, medical identity theft is the fastest-growing form of identity theft in North America. The Federal Trade Commission's Red Flags Rule, due to take effect June 1, 2010, requires banks; credit card companies; and, in some situations, retailers, hospitals, insurance companies, health clinics, and other organizations to store confidential personal information that can expose consumers to significant identity theft risks. This also includes healthcare providers and other organizations that are considered creditors according to their billing/payment procedures. This article highlights the steps healthcare providers must take to ensure data security.

Security policies and trust in ubiquitous computing.

PubMed

Joshi, Anupam; Finin, Tim; Kagal, Lalana; Parker, Jim; Patwardhan, Anand

2008-10-28

Ubiquitous environments comprise resource-constrained mobile and wearable devices and computational elements embedded in everyday artefacts. These are connected to each other using both infrastructure-based as well as short-range ad hoc networks. Limited Internet connectivity limits the use of conventional security mechanisms such as public key infrastructures and other forms of server-centric authentication. Under these circumstances, peer-to-peer interactions are well suited for not just information interchange, but also managing security and privacy. However, practical solutions for protecting mobile devices, preserving privacy, evaluating trust and determining the reliability and accuracy of peer-provided data in such interactions are still in their infancy. Our research is directed towards providing stronger assurances of the reliability and trustworthiness of information and services, and the use of declarative policy-driven approaches to handle the open and dynamic nature of such systems. This paper provides an overview of some of the challenges and issues, and points out directions for progress.

Experimental bit commitment based on quantum communication and special relativity.

PubMed

Lunghi, T; Kaniewski, J; Bussières, F; Houlmann, R; Tomamichel, M; Kent, A; Gisin, N; Wehner, S; Zbinden, H

2013-11-01

Bit commitment is a fundamental cryptographic primitive in which Bob wishes to commit a secret bit to Alice. Perfectly secure bit commitment between two mistrustful parties is impossible through asynchronous exchange of quantum information. Perfect security is however possible when Alice and Bob split into several agents exchanging classical and quantum information at times and locations suitably chosen to satisfy specific relativistic constraints. Here we report on an implementation of a bit commitment protocol using quantum communication and special relativity. Our protocol is based on [A. Kent, Phys. Rev. Lett. 109, 130501 (2012)] and has the advantage that it is practically feasible with arbitrary large separations between the agents in order to maximize the commitment time. By positioning agents in Geneva and Singapore, we obtain a commitment time of 15 ms. A security analysis considering experimental imperfections and finite statistics is presented.

Improving Mental Health Reporting Practices in Between Personnel Security Investigations

DTIC Science & Technology

2017-06-01

Improving Mental Health Reporting Practices in Between Personnel Security Investigations Stephanie L. Jaros Donna L. Tadle David Ciani Keith B...2017 Improving Mental Health Reporting Practices in Between Personnel Security Investigations Stephanie L. Jaros, Donna L. Tadle, David Ciani, Keith...COVERED: 4. Improving Mental Health Reporting Practices in Between Personnel Security Investigations 5a. CONTRACT NUMBER: 5b. GRANT NUMBER: 5c

12 CFR 208.37 - Government securities sales practices.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 2 2010-01-01 2010-01-01 false Government securities sales practices. 208.37... Securities-Related Activities § 208.37 Government securities sales practices. (a) Scope. This subpart is applicable to state member banks that have filed notice as, or are required to file notice as, government...

12 CFR 208.37 - Government securities sales practices.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 2 2013-01-01 2013-01-01 false Government securities sales practices. 208.37... Securities-Related Activities § 208.37 Government securities sales practices. (a) Scope. This subpart is applicable to state member banks that have filed notice as, or are required to file notice as, government...

What Practices in Airport Security Should the United States Implement at Commercial Airports in Light of the Events of September 11, 2001?

DTIC Science & Technology

2002-06-01

NAVAL POSTGRADUATE SCHOOL Monterey, California THESIS WHAT PRACTICES IN AIRPORT SECURITY SHOULD THE UNITED STATES IMPLEMENT AT...COVERED Master’s Thesis 4. TITLE AND SUBTITLE What Practices in Airport Security Should the United States Implement at Commercial...complacency and conflicts of interest. 14. SUBJECT TERMS Airport Security , Aviation Security Systems, Terrorism, Hijacking

78 FR 10169 - Federal Advisory Committee Act; Communications Security, Reliability, and Interoperability Council

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-13

... Location Accuracy, Network Security Best Practices, DNSSEC Implementation Practices for ISPs, Secure BGP... FEDERAL COMMUNICATIONS COMMISSION Federal Advisory Committee Act; Communications Security... persons that the Federal Communications Commission's (FCC) Communications Security, Reliability, and...

Security bound of cheat sensitive quantum bit commitment.

PubMed

He, Guang Ping

2015-03-23

Cheat sensitive quantum bit commitment (CSQBC) loosens the security requirement of quantum bit commitment (QBC), so that the existing impossibility proofs of unconditionally secure QBC can be evaded. But here we analyze the common features in all existing CSQBC protocols, and show that in any CSQBC having these features, the receiver can always learn a non-trivial amount of information on the sender's committed bit before it is unveiled, while his cheating can pass the security check with a probability not less than 50%. The sender's cheating is also studied. The optimal CSQBC protocols that can minimize the sum of the cheating probabilities of both parties are found to be trivial, as they are practically useless. We also discuss the possibility of building a fair protocol in which both parties can cheat with equal probabilities.

Cryptanalysis of a chaotic communication scheme using adaptive observer.

PubMed

Liu, Ying; Tang, Wallace K S

2008-12-01

This paper addresses the cryptanalysis of a secure communication scheme recently proposed by Wu [Chaos 16, 043118 (2006)], where the information signal is modulated into a system parameter of a unified chaotic system. With the Kerckhoff principle, assuming that the structure of the cryptosystem is known, an adaptive observer can be designed to synchronize the targeted system, so that the transmitted information and the user-specific parameters are obtained. The success of adaptive synchronization is mathematically proved with the use of Lyapunov stability theory, based on the original assumption, i.e., the dynamical evolution of the information signal is available. A more practical case, but yet much more difficult, is also considered. As demonstrated with simulations, generalized synchronization is still possible, even if the derivative of the information signal is kept secret. Hence, the message can be coarsely estimated, making the security of the considered system questionable.

Introduction

NASA Astrophysics Data System (ADS)

Thoma, Klaus; Hiller, Daniel

Security research as a practical discipline has a long-standing history. Faced with myriad hazards throughout its past, mankind has developed sophisticated means to counter such threats. The latter include natural disasters such as earthquakes, floods and fires, but also encompass man-made hazards such as military aggression, terrorist attacks or threats resulting from the malicious application of technological developments. Since the end of the Cold War major armed conflicts between nations of the Western hemisphere have become highly unlikely and genuinely different security issues have become the focus of concern. The terrorist attacks of 2001 against the United States, the train bombings of Madrid in 2004 and the bombings of London in 2005 were horrific embodiments of a new security environment that has evolved on a global scale. One could list numerous other examples of both executed attacks and successfully deterred attempts from around the world. Our modern industrial societies are interlinked with infrastructure networks, providing citizens with mobility, energy and information flows, which also open the door to a whole new dimension of vulnerabilities. Security research, once anything but a practical discipline with a capacity for reacting to short-term demands, has in the span of only a few years evolved into an entirely new scientific discipline uniting various fields of research. Today, security research (in Europe) encompasses a broad community of natural/engineering and social sciences.

Assessing and comparing information security in swiss hospitals.

PubMed

Landolt, Sarah; Hirschel, Jürg; Schlienger, Thomas; Businger, Walter; Zbinden, Alex M

2012-11-07

Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. The goal of this study was to assess information security in hospitals through a questionnaire based on the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002, evaluating Information technology - Security techniques - Code of practice for information-security management, with a special focus on the effect of the hospitals' size and type. The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs) of 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast and easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful way, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The scores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital. The participating hospitals were offered a benchmark report about their status. The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all items in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering "process and quality management" (average score 1.3 ± 0.8 out of a maximum of 3) and "organization and risk management" (average score 1.3 ± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the implementation of "security zones" and "backup" (P = .008). Half (50.00%, 8588/17,177) of all assessed hospital beds in German-speaking Switzerland are in hospitals that have a score of 49% or less of the maximum possible score in information security. Patient data need to be better protected because of the data protection laws and because sensitive, personal data should be guaranteed confidentiality, integrity, and availability.

Assessing and Comparing Information Security in Swiss Hospitals

PubMed Central

Hirschel, Jürg; Schlienger, Thomas; Businger, Walter; Zbinden, Alex M

2012-01-01

Background Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. Objective The goal of this study was to assess information security in hospitals through a questionnaire based on the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002, evaluating Information technology – Security techniques – Code of practice for information-security management, with a special focus on the effect of the hospitals’ size and type. Methods The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs) of 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast and easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful way, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The scores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital. The participating hospitals were offered a benchmark report about their status. Results The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all items in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering “process and quality management” (average score 1.3 ± 0.8 out of a maximum of 3) and “organization and risk management” (average score 1.3 ± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the implementation of “security zones” and “backup” (P = .008). Conclusions Half (50.00%, 8588/17,177) of all assessed hospital beds in German-speaking Switzerland are in hospitals that have a score of 49% or less of the maximum possible score in information security. Patient data need to be better protected because of the data protection laws and because sensitive, personal data should be guaranteed confidentiality, integrity, and availability. PMID:23611956

Knowledge of practice: A multi-sited event ethnography of border security fairs in Europe and North America.

PubMed

Baird, Theodore

2017-06-01

This article takes the reader inside four border security fairs in Europe and North America to examine the knowledge practices of border security professionals. Building on the border security as practice research agenda, the analysis focuses on the production, circulation, and consumption of scarce forms of knowledge. To explore situated knowledge of border security practices, I develop an approach to multi-sited event ethnography to observe and interpret knowledge that may be hard to access at the security fairs. The analysis focuses on mechanisms for disseminating and distributing scarce forms of knowledge, technological materializations of situated knowledge, expressions of transversal knowledge of security problems, how masculinities structure knowledge in gendered ways, and how unease is expressed through imagined futures in order to anticipate emergent solutions to proposed security problems. The article concludes by reflecting on the contradictions at play at fairs and how to address such contradictions through alternative knowledges and practices.

Knowledge of practice: A multi-sited event ethnography of border security fairs in Europe and North America

PubMed Central

Baird, Theodore

2017-01-01

This article takes the reader inside four border security fairs in Europe and North America to examine the knowledge practices of border security professionals. Building on the border security as practice research agenda, the analysis focuses on the production, circulation, and consumption of scarce forms of knowledge. To explore situated knowledge of border security practices, I develop an approach to multi-sited event ethnography to observe and interpret knowledge that may be hard to access at the security fairs. The analysis focuses on mechanisms for disseminating and distributing scarce forms of knowledge, technological materializations of situated knowledge, expressions of transversal knowledge of security problems, how masculinities structure knowledge in gendered ways, and how unease is expressed through imagined futures in order to anticipate emergent solutions to proposed security problems. The article concludes by reflecting on the contradictions at play at fairs and how to address such contradictions through alternative knowledges and practices. PMID:29046601

10 CFR 2.909 - Rearrangement or suspension of proceedings.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 1 2010-01-01 2010-01-01 false Rearrangement or suspension of proceedings. 2.909 Section 2.909 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR DOMESTIC LICENSING PROCEEDINGS AND.../or National Security Information § 2.909 Rearrangement or suspension of proceedings. In any...

10 CFR 2.909 - Rearrangement or suspension of proceedings.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 1 2011-01-01 2011-01-01 false Rearrangement or suspension of proceedings. 2.909 Section 2.909 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR DOMESTIC LICENSING PROCEEDINGS AND.../or National Security Information § 2.909 Rearrangement or suspension of proceedings. In any...

24 CFR 100.141 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-04-01

...) Secured by residential real estate. Self-test means any program, practice or study a lender voluntarily conducts or authorizes which is designed and used specifically to determine the extent or effectiveness of compliance with the Fair Housing Act. The self-test must create data or factual information that is not...

24 CFR 100.141 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-04-01

...) Secured by residential real estate. Self-test means any program, practice or study a lender voluntarily conducts or authorizes which is designed and used specifically to determine the extent or effectiveness of compliance with the Fair Housing Act. The self-test must create data or factual information that is not...

24 CFR 100.141 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-04-01

...) Secured by residential real estate. Self-test means any program, practice or study a lender voluntarily conducts or authorizes which is designed and used specifically to determine the extent or effectiveness of compliance with the Fair Housing Act. The self-test must create data or factual information that is not...

24 CFR 100.141 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-04-01

...) Secured by residential real estate. Self-test means any program, practice or study a lender voluntarily conducts or authorizes which is designed and used specifically to determine the extent or effectiveness of compliance with the Fair Housing Act. The self-test must create data or factual information that is not...

24 CFR 100.141 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-04-01

...) Secured by residential real estate. Self-test means any program, practice or study a lender voluntarily conducts or authorizes which is designed and used specifically to determine the extent or effectiveness of compliance with the Fair Housing Act. The self-test must create data or factual information that is not...

Testing Integrity Symposium: Issues and Recommendations for Best Practice

ERIC Educational Resources Information Center

National Center for Education Statistics, 2013

2013-01-01

Educators, parents, and the public depend on accurate, valid, reliable, and timely information about student academic performance. Testing irregularities--breaches of test security or improper administration of academic testing--undermine efforts to use those data to improve student achievement. Unfortunately, there have been high-profile and…

A Fresh Look at Internet Protocol Version 6 (IPv6) for Department of Defense (DoD) Networks

DTIC Science & Technology

2010-08-01

since system administration practices (such as the use of security appliances) depend heavily on tools for network management, diagnosis and protection...are mobile ad hoc networks (MANETs) and yet there is limited practical experience with MANETs and their performance. Further, the interaction between...Systems FCS Future Combat System IETF Internet Engineering Task Force ISAT Information Science and Technology BAST Board on Army Science and

Secure data sharing in public cloud

NASA Astrophysics Data System (ADS)

Venkataramana, Kanaparti; Naveen Kumar, R.; Tatekalva, Sandhya; Padmavathamma, M.

2012-04-01

Secure multi-party protocols have been proposed for entities (organizations or individuals) that don't fully trust each other to share sensitive information. Many types of entities need to collect, analyze, and disseminate data rapidly and accurately, without exposing sensitive information to unauthorized or untrusted parties. Solutions based on secure multiparty computation guarantee privacy and correctness, at an extra communication (too costly in communication to be practical) and computation cost. The high overhead motivates us to extend this SMC to cloud environment which provides large computation and communication capacity which makes SMC to be used between multiple clouds (i.e., it may between private or public or hybrid clouds).Cloud may encompass many high capacity servers which acts as a hosts which participate in computation (IaaS and PaaS) for final result, which is controlled by Cloud Trusted Authority (CTA) for secret sharing within the cloud. The communication between two clouds is controlled by High Level Trusted Authority (HLTA) which is one of the hosts in a cloud which provides MgaaS (Management as a Service). Due to high risk for security in clouds, HLTA generates and distributes public keys and private keys by using Carmichael-R-Prime- RSA algorithm for exchange of private data in SMC between itself and clouds. In cloud, CTA creates Group key for Secure communication between the hosts in cloud based on keys sent by HLTA for exchange of Intermediate values and shares for computation of final result. Since this scheme is extended to be used in clouds( due to high availability and scalability to increase computation power) it is possible to implement SMC practically for privacy preserving in data mining at low cost for the clients.

Security proof of counterfactual quantum cryptography against general intercept-resend attacks and its vulnerability

NASA Astrophysics Data System (ADS)

Zhang, Sheng; Wang, Jian; Tang, Chao-Jing

2012-06-01

Counterfactual quantum cryptography, recently proposed by Noh, is featured with no transmission of signal particles. This exhibits evident security advantages, such as its immunity to the well-known photon-number-splitting attack. In this paper, the theoretical security of counterfactual quantum cryptography protocol against the general intercept-resend attacks is proved by bounding the information of an eavesdropper Eve more tightly than in Yin's proposal [Phys. Rev. A 82 042335 (2010)]. It is also shown that practical counterfactual quantum cryptography implementations may be vulnerable when equipped with imperfect apparatuses, by proving that a negative key rate can be achieved when Eve launches a time-shift attack based on imperfect detector efficiency.

Lemnos interoperable security project.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Halbgewachs, Ronald D.

2010-03-01

With the Lemnos framework, interoperability of control security equipment is straightforward. To obtain interoperability between proprietary security appliance units, one or both vendors must now write cumbersome 'translation code.' If one party changes something, the translation code 'breaks.' The Lemnos project is developing and testing a framework that uses widely available security functions and protocols like IPsec - to form a secure communications channel - and Syslog, to exchange security log messages. Using this model, security appliances from two or more different vendors can clearly and securely exchange information, helping to better protect the total system. Simplify regulatory compliance inmore » a complicated security environment by leveraging the Lemnos framework. As an electric utility, are you struggling to implement the NERC CIP standards and other regulations? Are you weighing the misery of multiple management interfaces against committing to a ubiquitous single-vendor solution? When vendors build their security appliances to interoperate using the Lemnos framework, it becomes practical to match best-of-breed offerings from an assortment of vendors to your specific control systems needs. The Lemnos project is developing and testing a framework that uses widely available open-source security functions and protocols like IPsec and Syslog to create a secure communications channel between appliances in order to exchange security data.« less

A nested virtualization tool for information technology practical education.

PubMed

Pérez, Carlos; Orduña, Juan M; Soriano, Francisco R

2016-01-01

A common problem of some information technology courses is the difficulty of providing practical exercises. Although different approaches have been followed to solve this problem, it is still an open issue, specially in security and computer network courses. This paper proposes NETinVM, a tool based on nested virtualization that includes a fully functional lab, comprising several computers and networks, in a single virtual machine. It also analyzes and evaluates how it has been used in different teaching environments. The results show that this tool makes it possible to perform demos, labs and practical exercises, greatly appreciated by the students, that would otherwise be unfeasible. Also, its portability allows to reproduce classroom activities, as well as the students' autonomous work.

Cyber security: a critical examination of information sharing versus data sensitivity issues for organisations at risk of cyber attack.

PubMed

Mallinder, Jason; Drabwell, Peter

Cyber threats are growing and evolving at an unprecedented rate.Consequently, it is becoming vitally important that organisations share information internally and externally before, during and after incidents they encounter so that lessons can be learned, good practice identified and new cyber resilience capabilities developed. Many organisations are reluctant to share such information for fear of divulging sensitive information or because it may be vague or incomplete. This provides organisations with a complex dilemma: how to share information as openly as possibly about cyber incidents, while protecting their confidentiality and focusing on service recovery from such incidents. This paper explores the dilemma of information sharing versus sensitivity and provides a practical overview of considerations every business continuity plan should address to plan effectively for information sharing in the event of a cyber incident.

Security of electronic mental health communication and record-keeping in the digital age.

PubMed

Elhai, Jon D; Frueh, B Christopher

2016-02-01

The mental health field has seen a trend in recent years of the increased use of information technology, including mobile phones, tablets, and laptop computers, to facilitate clinical treatment delivery to individual patients and for record keeping. However, little attention has been paid to ensuring that electronic communication with patients is private and secure. This is despite potentially deleterious consequences of a data breach, which are reported in the news media very frequently in modern times. In this article, we present typical security concerns associated with using technology in clinical services or research. We also discuss enhancing the privacy and security of electronic communication with clinical patients and research participants. We offer practical, easy-to-use software application solutions for clinicians and researchers to secure patient communication and records. We discuss such issues as using encrypted wireless networks, secure e-mail, encrypted messaging and videoconferencing, privacy on social networks, and others. © Copyright 2015 Physicians Postgraduate Press, Inc.

Using information technology for an improved pharmaceutical care delivery in developing countries. Study case: Benin.

PubMed

Edoh, Thierry Oscar; Teege, Gunnar

2011-10-01

One of the problems in health care in developing countries is the bad accessibility of medicine in pharmacies for patients. Since this is mainly due to a lack of organization and information, it should be possible to improve the situation by introducing information and communication technology. However, for several reasons, standard solutions are not applicable here. In this paper, we describe a case study in Benin, a West African developing country. We identify the problem and the existing obstacles for applying standard ECommerce solutions. We develop an adapted system approach and describe a practical test which has shown that the approach has the potential of actually improving the pharmaceutical care delivery. Finally, we consider the security aspects of the system and propose an organizational solution for some specific security problems.

Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure

DTIC Science & Technology

2009-05-01

information technology revolution. The architecture of the Nation’s digital infrastructure, based largely upon the Internet, is not secure or resilient...thriving digital infrastructure. In addi­ tion, differing national and regional laws and practices —such as laws concerning the investigation and... technology has transformed the global economy and connected people and markets in ways never imagined. To realize the full benefits of the digital

SecSIFT: Privacy-preserving Outsourcing Computation of Feature Extractions Over Encrypted Image Data.

PubMed

Hu, Shengshan; Wang, Qian; Wang, Jingjun; Qin, Zhan; Ren, Kui

2016-05-13

Advances in cloud computing have greatly motivated data owners to outsource their huge amount of personal multimedia data and/or computationally expensive tasks onto the cloud by leveraging its abundant resources for cost saving and flexibility. Despite the tremendous benefits, the outsourced multimedia data and its originated applications may reveal the data owner's private information, such as the personal identity, locations or even financial profiles. This observation has recently aroused new research interest on privacy-preserving computations over outsourced multimedia data. In this paper, we propose an effective and practical privacy-preserving computation outsourcing protocol for the prevailing scale-invariant feature transform (SIFT) over massive encrypted image data. We first show that previous solutions to this problem have either efficiency/security or practicality issues, and none can well preserve the important characteristics of the original SIFT in terms of distinctiveness and robustness. We then present a new scheme design that achieves efficiency and security requirements simultaneously with the preservation of its key characteristics, by randomly splitting the original image data, designing two novel efficient protocols for secure multiplication and comparison, and carefully distributing the feature extraction computations onto two independent cloud servers. We both carefully analyze and extensively evaluate the security and effectiveness of our design. The results show that our solution is practically secure, outperforms the state-of-theart, and performs comparably to the original SIFT in terms of various characteristics, including rotation invariance, image scale invariance, robust matching across affine distortion, addition of noise and change in 3D viewpoint and illumination.

Correlation Research of Medical Security Management System Network Platform in Medical Practice

NASA Astrophysics Data System (ADS)

Jie, Wang; Fan, Zhang; Jian, Hao; Li-nong, Yu; Jun, Fei; Ping, Hao; Ya-wei, Shen; Yue-jin, Chang

Objective-The related research of medical security management system network in medical practice. Methods-Establishing network platform of medical safety management system, medical security network host station, medical security management system(C/S), medical security management system of departments and sections, comprehensive query, medical security disposal and examination system. Results-In medical safety management, medical security management system can reflect the hospital medical security problem, and can achieve real-time detection and improve the medical security incident detection rate. Conclusion-The application of the research in the hospital management implementation, can find hospital medical security hidden danger and the problems of medical disputes, and can help in resolving medical disputes in time and achieve good work efficiency, which is worth applying in the hospital practice.

Hash function based on chaotic map lattices.

PubMed

Wang, Shihong; Hu, Gang

2007-06-01

A new hash function system, based on coupled chaotic map dynamics, is suggested. By combining floating point computation of chaos and some simple algebraic operations, the system reaches very high bit confusion and diffusion rates, and this enables the system to have desired statistical properties and strong collision resistance. The chaos-based hash function has its advantages for high security and fast performance, and it serves as one of the most highly competitive candidates for practical applications of hash function for software realization and secure information communications in computer networks.

A Model for the Development of an Organization’s Information System (IS) Security System

DTIC Science & Technology

1986-12-01

INTRODUCTION — = 52 B. A RISK ASSESSMENT 52 1. Background 52 2. Threat Identification -— — 53 3. Impact Analysis 54 C. LOGICAL DESIGN • — 59 D. PRACTICAL DESIGN...OF ESTIMATED IMPACT AND FREQUENCY • 93 APPENDIX H: COMBINED MATRIX OF 1, F, AND ALE 9 4 APPENDIX I: SECURITY RESOURCES (CONTROLS) 9 5 APPENDIX J...that have been developed, the computer’s impact is sometimes hard to discern. Except in recent years, with the increasing use of microcomputers, the

Hash function based on chaotic map lattices

NASA Astrophysics Data System (ADS)

Wang, Shihong; Hu, Gang

2007-06-01

A new hash function system, based on coupled chaotic map dynamics, is suggested. By combining floating point computation of chaos and some simple algebraic operations, the system reaches very high bit confusion and diffusion rates, and this enables the system to have desired statistical properties and strong collision resistance. The chaos-based hash function has its advantages for high security and fast performance, and it serves as one of the most highly competitive candidates for practical applications of hash function for software realization and secure information communications in computer networks.

76 FR 81793 - Net Worth Standard for Accredited Investors

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-29

... the information requirements of Rule 502(b) if sales are made only to accredited investors; and sales... incurred by the investor is the most appropriate value to use in determining accredited investor status... practice of advising investors to use equity in their primary residence to purchase securities less...

Establishing and Maintaining a Writing Center in the Junior or Community College.

ERIC Educational Resources Information Center

Olson, Gary A.

Practical information and advice are presented on l6 considerations in the establishment of a campus writing center. First, six concerns related to planning are discussed: obtaining administrative and departmental support; securing funds from various internal and external sources; obtaining furniture, supplies, and instructional materials;…

17 CFR 160.4 - Initial privacy notice to consumers required.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Initial privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.4 Initial privacy... notice that accurately reflects your privacy policies and practices to: (1) Customer. An individual who...

17 CFR 160.5 - Annual privacy notice to customers required.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Annual privacy notice to... COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION Privacy and Opt Out Notices § 160.5 Annual privacy... customers that accurately reflects your privacy policies and practices not less than annually during the...

Telemedicine systems and telecommunications.

PubMed

Harnett, Brett

2006-01-01

Successful telemedicine requires appropriate equipment and some kind of telecommunications medium. However, successful telemedicine requires more than just technology. The three essential components are the personnel, the technology and a liberal measure of perseverance. Before the technology can be selected, it is necessary to consider the nature of the information to be transmitted between the sites and the time frame over which it must be sent to achieve the desired clinical goals, because this will determine the choice of equipment and the telecommunications network. Factors to be considered include the types of information to be transmitted, the quantity of information to be transferred, and security and privacy (e.g. in Europe and the USA there has been recent legislation about data security). The choice of transmission method for any telemedicine application is, in practice, a compromise between what one would like and what one can afford. In practice, various trade-offs have to be made, which include cost, availability of the service (i.e. the coverage), bandwidth, reliability and quality of service. Equipment and the telecommunications medium are a necessary, but not sufficient, pre-requisite for a successful telemedicine programme. The right people are also required and they must be properly trained.

Effective information management and assurance for a modern organisation during a crisis.

PubMed

MacLeod, Andrew

2015-01-01

During a crisis, organisations face a major unpredictable event with potentially negative consequences. Effective information management and assurance can assist the organisation in making sure that they have the correct information in a secure format to make decisions to recover their operations. The main elements of effective information management and assurance are confidentiality, integrity and availability, combined with non-repudiation. Should an element of effective information management or assurance be removed it can have a detrimental effect on the other elements and render the information management and assurance practices of the organisation ineffectual.

Physics and Its Multiple Roles in the International Atomic Energy Agency

NASA Astrophysics Data System (ADS)

Massey, Charles D.

2017-01-01

The IAEA is the world's centre for cooperation in the nuclear field. It was set up as the world's ``Atoms for Peace'' organization in 1957 within the United Nations family. The Agency works with its Member States and multiple partners worldwide to promote the safe, secure and peaceful use of nuclear technologies. Three main areas of work underpin the IAEA's mission: Safety and Security, Science and Technology, and Safeguards and Verification. To carry out its mission, the Agency is authorized to encourage and assist research on, and development and practical application of, atomic energy for peaceful uses throughout the world; foster the exchange of scientific and technical information on peaceful uses of atomic energy; and encourage the exchange of training of scientists and experts in the field of peaceful uses of atomic energy. Nowadays, nuclear physics and nuclear technology are applied in a great variety of social areas, such as power production, medical diagnosis and therapies, environmental protection, security control, material tests, food processing, waste treatments, agriculture and artifacts analysis. This presentation will cover the role and practical application of physics at the IAEA, and, in particular, focus on the role physics has, and will play, in nuclear security.

The legal and ethical implications of consent to nursing procedures.

PubMed

Power, K J

Nurses are increasingly expanding their practice to include many more invasive procedures. Consequently, there is a need to re-examine nurses' responsibilities in relation to obtaining consent for nursing as opposed to medical procedures. Fully informed consent is not a legal requirement in England, for either medical or nursing procedures. However, this article argues that to comply with the standard set by the Code of Professional Conduct nurses should obtain informed consent for any proposed procedure they undertake. The concept of informed consent is examined and applied to practice. Ultimately, nurses are charged with four key tasks in relation to securing consent for nursing procedures: educating themselves about the risks and benefits of the procedures they propose to undertake; conveying this information to patients; assessing their understanding of the information given; and endeavouring to support the patient in his/her decision.

Data governance and stewardship: designing data stewardship entities and advancing data access.

PubMed

Rosenbaum, Sara

2010-10-01

U.S. health policy is engaged in a struggle over access to health information, in particular, the conditions under which information should be accessible for research when appropriate privacy protections and security safeguards are in place. The expanded use of health information-an inevitable step in an information age-is widely considered be essential to health system reform. Models exist for the creation of data-sharing arrangements that promote proper use of information in a safe and secure environment and with attention to ethical standards. Data stewardship is a concept with deep roots in the science and practice of data collection, sharing, and analysis. Reflecting the values of fair information practice, data stewardship denotes an approach to the management of data, particularly data that can identify individuals. The concept of a data steward is intended to convey a fiduciary (or trust) level of responsibility toward the data. Data governance is the process by which responsibilities of stewardship are conceptualized and carried out. As the concept of health information data stewardship advances in a technology-enabled environment, the question is whether legal barriers to data access and use will begin to give way. One possible answer may lie in defining the public interest in certain data uses, tying provider participation in federal health programs to the release of all-payer data to recognized data stewardship entities for aggregation and management, and enabling such entities to foster and enable the creation of knowledge through research. © Health Research and Educational Trust.

Adoption of information technology by resident physicians.

PubMed

Parekh, Selene G; Nazarian, David G; Lim, Charles K

2004-04-01

The Internet represents a technological revolution that is transforming our society. In the healthcare industry, physicians have been typified as slow adopters of information technology. However, young physicians, having been raised in a computer-prevalent society, may be more likely to embrace technology. We attempt to characterize the use and acceptance of the Internet and information technology among resident physicians in a large academic medical center and to assess concerns regarding privacy, security, and credibility of information on the Internet. A 41-question survey was distributed to 150 pediatric, medical, and surgical residents at an urban, academic medical center. One hundred thirty-five residents completed the survey (response rate of 90%). Responses were evaluated and statistical analysis was done. The majority of resident physicians in our survey have adopted the tools of information technology. Ninety-eight percent used the Internet and 96% use e-mail. Two-thirds of the respondents used the Internet for healthcare-related purposes and a similar percentage thought that the Internet has affected their practice of medicine positively. The majority of residents thought that Internet healthcare services such as electronic medical records, peer-support websites, and remote patient monitoring would be beneficial for the healthcare industry. However, they are concerned about the credibility, privacy, and security of health and medical information online. The majority of resident physicians in our institution use Internet and information technology in their practice of medicine. Most think that the Internet will continue to have a beneficial role in the healthcare industry.

'Known Secure Sensor Measurements' for Critical Infrastructure Systems: Detecting Falsification of System State

DOE Office of Scientific and Technical Information (OSTI.GOV)

Miles McQueen; Annarita Giani

2011-09-01

This paper describes a first investigation on a low cost and low false alarm, reliable mechanism for detecting manipulation of critical physical processes and falsification of system state. We call this novel mechanism Known Secure Sensor Measurements (KSSM). The method moves beyond analysis of network traffic and host based state information, in fact it uses physical measurements of the process being controlled to detect falsification of state. KSSM is intended to be incorporated into the design of new, resilient, cost effective critical infrastructure control systems. It can also be included in incremental upgrades of already in- stalled systems for enhancedmore » resilience. KSSM is based on known secure physical measurements for assessing the likelihood of an attack and will demonstrate a practical approach to creating, transmitting, and using the known secure measurements for detection.« less

Impersonation attack on a quantum secure direct communication and authentication protocol with improvement

NASA Astrophysics Data System (ADS)

Amerimehr, Ali; Hadain Dehkordi, Massoud

2018-03-01

We analyze the security of a quantum secure direct communication and authentication protocol based on single photons. We first give an impersonation attack on the protocol. The cryptanalysis shows that there is a gap in the authentication procedure of the protocol so that an opponent can reveal the secret information by an undetectable attempt. We then propose an improvement for the protocol and show it closes the gap by applying a mutual authentication procedure. In the improved protocol single photons are transmitted once in a session, so it is easy to implement as the primary protocol. Furthermore, we use a novel technique for secret order rearrangement of photons by which not only quantum storage is eliminated also a secret key can be reused securely. So the new protocol is applicable in practical approaches like embedded system devices.

Policy revision in health enterprise information security: P3WG final report

NASA Astrophysics Data System (ADS)

Sostrom, Kristen; Collmann, Jeff R.

2003-05-01

Health information management policies usually address the use of paper records with little or no mention of electronic health records. Information Technology (IT) policies often ignore the health care business needs and operational use of the information stored in its systems. Representatives from the Telemedicine & Advanced Technology Research Center (TATRC), TRICARE and Offices of the Surgeon General of each Military Service, collectively referred to as the Policies, Procedures and Practices Work Group (P3WG) examined military policies and regulations relating to computer-based information systems and medical records management. Using an interdisciplinary and interservice QA approach they compared existing military policies with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to identify gaps and discrepancies. The final report, including a plain English explanation of the individual standards and relevance to the Department of Defense (DoD), a comparative analysis and recommendations, will feed in to the security management process and HIPAA implementation efforts at multiple levels within the DoD. In light of High Reliability Theory, this process models how large enterprises may coordinate policy revision and reform across broad organizational and work domains, building consensus on key policy reforms among military stakeholders across different disciplines, levels of command hierarchy and services.

The PTSD Practitioner Registry: An Innovative Tracking, Dissemination, and Support Tool for Providers in Military and Nonmilitary Settings

DTIC Science & Technology

2016-10-01

are being conducted with 60 providers to assess practitioner needs and interests in the registry as well as pre-test the proposed registry survey . In...15. SUBJECT TERMS PTSD, qualitative interviews, survey development, best practices, CPGs 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF...being; and to identify factors enabling the implementation of clinical best practices in the treatment of PTSD. This clinician-informed online survey and

Randomness determines practical security of BB84 quantum key distribution.

PubMed

Li, Hong-Wei; Yin, Zhen-Qiang; Wang, Shuang; Qian, Yong-Jun; Chen, Wei; Guo, Guang-Can; Han, Zheng-Fu

2015-11-10

Unconditional security of the BB84 quantum key distribution protocol has been proved by exploiting the fundamental laws of quantum mechanics, but the practical quantum key distribution system maybe hacked by considering the imperfect state preparation and measurement respectively. Until now, different attacking schemes have been proposed by utilizing imperfect devices, but the general security analysis model against all of the practical attacking schemes has not been proposed. Here, we demonstrate that the general practical attacking schemes can be divided into the Trojan horse attack, strong randomness attack and weak randomness attack respectively. We prove security of BB84 protocol under randomness attacking models, and these results can be applied to guarantee the security of the practical quantum key distribution system.

Randomness determines practical security of BB84 quantum key distribution

PubMed Central

Li, Hong-Wei; Yin, Zhen-Qiang; Wang, Shuang; Qian, Yong-Jun; Chen, Wei; Guo, Guang-Can; Han, Zheng-Fu

2015-01-01

Unconditional security of the BB84 quantum key distribution protocol has been proved by exploiting the fundamental laws of quantum mechanics, but the practical quantum key distribution system maybe hacked by considering the imperfect state preparation and measurement respectively. Until now, different attacking schemes have been proposed by utilizing imperfect devices, but the general security analysis model against all of the practical attacking schemes has not been proposed. Here, we demonstrate that the general practical attacking schemes can be divided into the Trojan horse attack, strong randomness attack and weak randomness attack respectively. We prove security of BB84 protocol under randomness attacking models, and these results can be applied to guarantee the security of the practical quantum key distribution system. PMID:26552359

Randomness determines practical security of BB84 quantum key distribution

NASA Astrophysics Data System (ADS)

Li, Hong-Wei; Yin, Zhen-Qiang; Wang, Shuang; Qian, Yong-Jun; Chen, Wei; Guo, Guang-Can; Han, Zheng-Fu

2015-11-01

Unconditional security of the BB84 quantum key distribution protocol has been proved by exploiting the fundamental laws of quantum mechanics, but the practical quantum key distribution system maybe hacked by considering the imperfect state preparation and measurement respectively. Until now, different attacking schemes have been proposed by utilizing imperfect devices, but the general security analysis model against all of the practical attacking schemes has not been proposed. Here, we demonstrate that the general practical attacking schemes can be divided into the Trojan horse attack, strong randomness attack and weak randomness attack respectively. We prove security of BB84 protocol under randomness attacking models, and these results can be applied to guarantee the security of the practical quantum key distribution system.

A National Agenda for Public Health Informatics

PubMed Central

Yasnoff, William A.; Overhage, J. Marc; Humphreys, Betsy L.; LaVenture, Martin

2001-01-01

The AMIA 2001 Spring Congress brought together members of the the public health and informatics communities to develop a national agenda for public health informatics. Discussions of funding and governance; architecture and infrastructure; standards and vocabulary; research, evaluation, and best practices; privacy, confidentiality, and security; and training and workforce resulted in 74 recommendations with two key themes—that all stakeholders need to be engaged in coordinated activities related to public health information architecture, standards, confidentiality, best practices, and research; and that informatics training is needed throughout the public health workforce. Implementation of this consensus agenda will help promote progress in the application of information technology to improve public health. PMID:11687561

Computers in the surgery. The patient's view.

PubMed Central

Pringle, M; Robins, S; Brown, G

1984-01-01

A postal survey sent to 350 patients from two rural practices confirmed that an appreciable minority of patients (17%) were opposed to doctors using computers. The questionnaire distributed had been carefully designed to identify their opposition more specifically. Most of the general concern was accounted for by the 91 patients (31%) who feared that confidentiality of information would be reduced. The sensitive nature of medical information alerts patients to the possibility of diminished security of records and obliges practices considering acquiring a computer to ensure that these fears are not realised. Smaller proportions of patients were found to oppose computers on other grounds--namely, impersonality, economy, and general anxiety. PMID:6419902

'Feeling someone is there for you' - experiences of women with vulvar neoplasia with care delivered by an Advanced Practice Nurse.

PubMed

Kobleder, Andrea; Mayer, Hanna; Senn, Beate

2017-02-01

To explore the experiences of women with vulvar neoplasia with care delivered by an Advanced Practice Nurse. Women with vulvar neoplasia suffer from a high number of symptoms and report a lack of information and support by health care professionals. Further, talking about their disease, which is still a social taboo, is difficult for them. From approaches for other patients, it can be suggested that support from an Advanced Practice Nurse can be helpful. For Advanced Practice Nurse development, implementation and evaluation, it is important to assess patients' perceptions. But so far, little is known about how patients with vulvar neoplasia experience support of an Advanced Practice Nurse. A qualitative interview study was chosen to gain understanding of the experience of women with vulvar neoplasia who received care delivered by an Advanced Practice Nurse. Narrative interviews were conducted with a purposive sample of 13 women with vulvar neoplasia after they received care from an Advanced Practice Nurse for six months. Thematic analysis was used to analyse the data from the interviews. Four main themes could be identified: a trusting relationship; accessibility; feeling safe and secure; and feeling someone is there for you. Women felt more secure and less alone in the experience of their illness through having the possibility of contacting an Advanced Practice Nurse and getting sufficient information and psychosocial support. Women with vulvar neoplasia experienced care delivered by an Advanced Practice Nurse as 'feeling someone is there for you'. Due to the localisation of the disease and the associated social taboo, psychosocial support from the Advanced Practice Nurse beyond months after surgery was very important for them. Addressing psychosocial needs in caring for women with vulvar neoplasia must be given greater attention in clinical practice. Further, continuous nursing support delivered by an Advanced Practice Nurse beyond the acute treatment phase can be recommended. © 2016 John Wiley & Sons Ltd.

Development of an Interdisciplinary Team Communication Framework and Quality Metrics for Home-Based Medical Care Practices.

PubMed

Fathi, Roya; Sheehan, Orla C; Garrigues, Sarah K; Saliba, Debra; Leff, Bruce; Ritchie, Christine S

2016-08-01

The unique needs of homebound adults receiving home-based medical care (HBMC) (ie, home-based primary care and home-based palliative care services) are ideally provided by interdisciplinary care teams (IDTs) that provide coordinated care. The composition of team members from an array of organizations and the unique dimension of providing care in the home present specific challenges to timely access and communication of patient care information. The objective of this work was to develop a conceptual framework and corresponding quality indicators (QIs) that assess how IDT members for HBMC practices access and communicate key patient information with each other. A systematic review of peer-reviewed and gray literature was performed to inform a framework for care coordination in the home and the development of candidate QIs to assess processes by which all IDT members optimally access and use patient information. A technical expert panel (TEP) participated in a modified Delphi process to assess the validity and feasibility of each QI and to identify which would be most suitable for testing in the field. Thematic analysis of literature revealed 4 process themes for how HBMC practices might engage in high-quality care coordination: using electronic medical records, conducting interdisciplinary team meetings, sharing standardized patient assessments, and communicating via secure e-messaging. Based on these themes, 9 candidate QIs were developed to reflect these processes. Three candidate QIs were assessed by the TEP as valid and feasible to measure in an HBMC practice setting. These indicators focused on use of IDT meetings, standardized patient assessments, and secure e-messaging. Translating the complex issue of care coordination into QIs will improve care delivered to vulnerable home-limited adults who receive HBMC. Guided by the literature, we developed a framework to reflect optimal care coordination in the home setting and identified 3 candidate QIs to field-test in HBMC practices. Published by Elsevier Inc.

Information Assurance and Forensic Readiness

NASA Astrophysics Data System (ADS)

Pangalos, Georgios; Katos, Vasilios

Egalitarianism and justice are amongst the core attributes of a democratic regime and should be also secured in an e-democratic setting. As such, the rise of computer related offenses pose a threat to the fundamental aspects of e-democracy and e-governance. Digital forensics are a key component for protecting and enabling the underlying (e-)democratic values and therefore forensic readiness should be considered in an e-democratic setting. This position paper commences from the observation that the density of compliance and potential litigation activities is monotonically increasing in modern organizations, as rules, legislative regulations and policies are being constantly added to the corporate environment. Forensic practices seem to be departing from the niche of law enforcement and are becoming a business function and infrastructural component, posing new challenges to the security professionals. Having no a priori knowledge on whether a security related event or corporate policy violation will lead to litigation, we advocate that computer forensics need to be applied to all investigatory, monitoring and auditing activities. This would result into an inflation of the responsibilities of the Information Security Officer. After exploring some commonalities and differences between IS audit and computer forensics, we present a list of strategic challenges the organization and, in effect, the IS security and audit practitioner will face.

Food security and nutritional outcomes among urban poor orphans in Nairobi, Kenya.

PubMed

Kimani-Murage, Elizabeth W; Holding, Penny A; Fotso, Jean-Christophe; Ezeh, Alex C; Madise, Nyovani J; Kahurani, Elizabeth N; Zulu, Eliya M

2011-06-01

The study examines the relationship between orphanhood status and nutritional status and food security among children living in the rapidly growing and uniquely vulnerable slum settlements in Nairobi, Kenya. The study was conducted between January and June 2007 among children aged 6-14 years, living in informal settlements of Nairobi, Kenya. Anthropometric measurements were taken using standard procedures and z scores generated using the NCHS/WHO reference. Data on food security were collected through separate interviews with children and their caregivers, and used to generate a composite food security score. Multiple regression analysis was done to determine factors related to vulnerability with regards to food security and nutritional outcomes. The results show that orphans were more vulnerable to food insecurity than non-orphans and that paternal orphans were the most vulnerable orphan group. However, these effects were not significant for nutritional status, which measures long-term food deficiencies. The results also show that the most vulnerable children are boys, those living in households with lowest socioeconomic status, with many dependants, and female-headed and headed by adults with low human capital (low education). This study provides useful insights to inform policies and practice to identify target groups and intervention programs to improve the welfare of orphans and vulnerable children living in urban poor communities.

Data Governance and Stewardship: Designing Data Stewardship Entities and Advancing Data Access

PubMed Central

Rosenbaum, Sara

2010-01-01

U.S. health policy is engaged in a struggle over access to health information, in particular, the conditions under which information should be accessible for research when appropriate privacy protections and security safeguards are in place. The expanded use of health information—an inevitable step in an information age—is widely considered be essential to health system reform. Models exist for the creation of data-sharing arrangements that promote proper use of information in a safe and secure environment and with attention to ethical standards. Data stewardship is a concept with deep roots in the science and practice of data collection, sharing, and analysis. Reflecting the values of fair information practice, data stewardship denotes an approach to the management of data, particularly data that can identify individuals. The concept of a data steward is intended to convey a fiduciary (or trust) level of responsibility toward the data. Data governance is the process by which responsibilities of stewardship are conceptualized and carried out. As the concept of health information data stewardship advances in a technology-enabled environment, the question is whether legal barriers to data access and use will begin to give way. One possible answer may lie in defining the public interest in certain data uses, tying provider participation in federal health programs to the release of all-payer data to recognized data stewardship entities for aggregation and management, and enabling such entities to foster and enable the creation of knowledge through research. PMID:21054365

Computer Security for Commercial Nuclear Power Plants - Literature Review for Korea Hydro Nuclear Power Central Research Institute

DOE Office of Scientific and Technical Information (OSTI.GOV)

Duran, Felicia Angelica; Waymire, Russell L.

2013-10-01

Sandia National Laboratories (SNL) is providing training and consultation activities on security planning and design for the Korea Hydro and Nuclear Power Central Research Institute (KHNPCRI). As part of this effort, SNL performed a literature review on computer security requirements, guidance and best practices that are applicable to an advanced nuclear power plant. This report documents the review of reports generated by SNL and other organizations [U.S. Nuclear Regulatory Commission, Nuclear Energy Institute, and International Atomic Energy Agency] related to protection of information technology resources, primarily digital controls and computer resources and their data networks. Copies of the key documentsmore » have also been provided to KHNP-CRI.« less

Applying World Wide Web technology to the study of patients with rare diseases.

PubMed

de Groen, P C; Barry, J A; Schaller, W J

1998-07-15

Randomized, controlled trials of sporadic diseases are rarely conducted. Recent developments in communication technology, particularly the World Wide Web, allow efficient dissemination and exchange of information. However, software for the identification of patients with a rare disease and subsequent data entry and analysis in a secure Web database are currently not available. To study cholangiocarcinoma, a rare cancer of the bile ducts, we developed a computerized disease tracing system coupled with a database accessible on the Web. The tracing system scans computerized information systems on a daily basis and forwards demographic information on patients with bile duct abnormalities to an electronic mailbox. If informed consent is given, the patient's demographic and preexisting medical information available in medical database servers are electronically forwarded to a UNIX research database. Information from further patient-physician interactions and procedures is also entered into this database. The database is equipped with a Web user interface that allows data entry from various platforms (PC-compatible, Macintosh, and UNIX workstations) anywhere inside or outside our institution. To ensure patient confidentiality and data security, the database includes all security measures required for electronic medical records. The combination of a Web-based disease tracing system and a database has broad applications, particularly for the integration of clinical research within clinical practice and for the coordination of multicenter trials.

78 FR 15722 - Federal Advisory Committee Act; Communications Security, Reliability, and Interoperability Council

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-12

... Alerting, E9-1-1 Location Accuracy, Network Security Best Practices, DNSSEC Implementation Practices for... FEDERAL COMMUNICATIONS COMMISSION Federal Advisory Committee Act; Communications Security... Security, Reliability, and Interoperability Council (CSRIC) meeting that was scheduled for March 6, 2013 is...

78 FR 39048 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Notice of Filing of a...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-28

... filed with the Commission an interpretation on customer protection obligations relating to the marketing... MSRB has worked with CSPN and individual states on, among other issues, disclosure principles and best practices, in order to better inform and protect investors.\\9\\ The disclosure principles cover a variety of...

77 FR 66841 - The Sherwin-Williams Company; Analysis of Proposed Consent Order To Aid Public Comment

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-07

... include any sensitive personal information, like anyone's Social Security number, date of birth, driver's... make final the agreement's proposed order. This matter involves Sherwin-Williams's marketing and sale... and practices in the future. Part I addresses the marketing of zero VOC paints. It prohibits Sherwin...

78 FR 46950 - Ecobaby Organics, Inc.; Analysis of Proposed Consent Order To Aid Public Comment

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-02

... any sensitive personal information, like anyone's Social Security number, date of birth, driver's... or make final the agreement's proposed order. This matter involves respondent's marketing and sale of... respondent from engaging in similar acts and practices in the future. Part I addresses the marketing of VOC...

Earthquake Preparedness: What Every Childcare Provider Should Know.

ERIC Educational Resources Information Center

California State Office of Emergency Services, Sacramento.

This brochure provides information to help child care providers reduce or avoid damage, injuries, or loss of life during earthquakes. It first discusses steps to implement before an earthquake strikes, including securing household contents, and practicing with children how to duck and cover. Next, the brochure describes what to do during an…

Operating Policies and Procedures of Computer Data-Base Systems.

ERIC Educational Resources Information Center

Anderson, David O.

Speaking on the operating policies and procedures of computer data bases containing information on students, the author divides his remarks into three parts: content decisions, data base security, and user access. He offers nine recommended practices that should increase the data base's usefulness to the user community: (1) the cost of developing…

Analyzing Security Breaches in the U.S.: A Business Analytics Case-Study

ERIC Educational Resources Information Center

Parks, Rachida F.; Adams, Lascelles

2016-01-01

This is a real-world applicable case-study and includes background information, functional organization requirements, and real data. Business analytics has been defined as the technologies, skills, and practices needed to iteratively investigate historical performance to gain insight or spot trends. You are asked to utilize/apply critical thinking…

A Safe School's Top 10 Needs

ERIC Educational Resources Information Center

Brunner, Judy; Lewis, Dennis

2005-01-01

An environment of safety in the school seldom comes down to any one particular component or plan; it is a combination of strategies and ideas that makes a school safe and secure for everyone. In this article, the authors provide practical information to educators who are already working to capacity in terms of time allocation and monetary…

Total centralisation and optimisation of an oncology management suite via Citrix®

NASA Astrophysics Data System (ADS)

James, C.; Frantzis, J.; Ripps, L.; Fenton, P.

2014-03-01

The management of patient information and treatment planning is traditionally an intra-departmental requirement of a radiation oncology service. Epworth Radiation Oncology systems must support the transient nature of Visiting Medical Officers (VMOs). This unique work practice created challenges when implementing the vision of a completely paperless solution that allows for a responsive and efficient service delivery. ARIA® and EclipseTM (Varian Medical Systems, Palo Alto, CA, USA) have been deployed across four dedicated Citrix® (Citrix Systems, Santa Clara, CA, USA) servers allowing VMOs to access these applications remotely. A range of paperless solutions were developed within ARIA® to facilitate clinical and organisational management whilst optimising efficient work practices. The IT infrastructure and paperless workflow has enabled VMOs to securely access the VarianTM (Varian Medical Systems, Palo Alto, CA, USA) oncology software and experience full functionality from any location on multiple devices. This has enhanced access to patient information and improved the responsiveness of the service. Epworth HealthCare has developed a unique solution to enable remote access to a centralised oncology management suite, while maintaining a secure and paperless working environment.

Security Personnel Practices and Policies in U.S. Hospitals: Findings From a National Survey.

PubMed

Schoenfisch, Ashley L; Pompeii, Lisa A

2016-06-27

Concerns of violence in hospitals warrant examination of current hospital security practices. Cross-sectional survey data were collected from members of a health care security and safety association to examine the type of personnel serving as security in hospitals, their policies and practices related to training and weapon/restraint tool carrying/use, and the broader context in which security personnel work to maintain staff and patient safety, with an emphasis on workplace violence prevention and mitigation. Data pertaining to 340 hospitals suggest security personnel were typically non-sworn officers directly employed (72%) by hospitals. Available tools included handcuffs (96%), batons (56%), oleoresin capsicum products (e.g., pepper spray; 52%), hand guns (52%), conducted electrical weapons (e.g., TASERs®; 47%), and K9 units (12%). Current workplace violence prevention policy components, as well as recommendations to improve hospital security practices, aligned with Occupational Safety and Health Administration guidelines. Comprehensive efforts to address the safety and effectiveness of hospital security personnel should consider security personnel's relationships with other hospital work groups and hospitals' focus on patients' safety and satisfaction. © 2016 The Author(s).

Measurement-Device-Independent Quantum Cryptography

NASA Astrophysics Data System (ADS)

Tang, Zhiyuan

Quantum key distribution (QKD) enables two legitimate parties to share a secret key even in the presence of an eavesdropper. The unconditional security of QKD is based on the fundamental laws of quantum physics. Original security proofs of QKD are based on a few assumptions, e.g., perfect single photon sources and perfect single-photon detectors. However, practical implementations of QKD systems do not fully comply with such assumptions due to technical limitations. The gap between theory and implementations leads to security loopholes in most QKD systems, and several attacks have been launched on sophisticated QKD systems. Particularly, the detectors have been found to be the most vulnerable part of QKD. Much effort has been put to build side-channel-free QKD systems. Solutions such as security patches and device-independent QKD have been proposed. However, the former are normally ad-hoc, and cannot close unidentified loopholes. The latter, while having the advantages of removing all assumptions on devices, is impractical to implement today. Measurement-device-independent QKD (MDI-QKD) turns out to be a promising solution to the security problem of QKD. In MDI-QKD, all security loopholes, including those yet-to-be discovered, have been removed from the detectors, the most critical part in QKD. In this thesis, we investigate issues related to the practical implementation and security of MDI-QKD. We first present a demonstration of polarization-encoding MDI-QKD. Taking finite key effect into account, we achieve a secret key rate of 0.005 bit per second (bps) over 10 km spooled telecom fiber, and a 1600-bit key is distributed. This work, together with other demonstrations, shows the practicality of MDI-QKD. Next we investigate a critical assumption of MDI-QKD: perfect state preparation. We apply the loss-tolerant QKD protocol and adapt it to MDI-QKD to quantify information leakage due to imperfect state preparation. We then present an experimental demonstration of MDI-QKD over 10 km and 40 km of spooled fiber, which for the first time considers the impact of inaccurate polarization state preparation on the secret key rate. This would not have been possible under previous security proofs, given the same amount of state preparation flaws.

Demography and Public Health Emergency Preparedness: Making the Connection

PubMed Central

Katz, Rebecca

2009-01-01

The tools and techniques of population sciences are extremely relevant to the discipline of public health emergency preparedness: protecting and securing the population’s health requires information about that population. While related fields such as security studies have successfully integrated demographic tools into their research and literature, the theoretical and practical connection between the methods of demography and the practice of public health emergency preparedness is weak. This article suggests the need to further the interdisciplinary use of demography by examining the need for a systematic use of population science techniques in public health emergency preparedness. Ultimately, we demonstrate how public health emergency preparedness can incorporate demography to develop more effective preparedness plans. Important policy implications emerge: demographers and preparedness experts need to collaborate more formally in order to facilitate community resilience and mitigate the consequences of public health emergencies. PMID:20694030

Facilitating Secure Sharing of Personal Health Data in the Cloud.

PubMed

Thilakanathan, Danan; Calvo, Rafael A; Chen, Shiping; Nepal, Surya; Glozier, Nick

2016-05-27

Internet-based applications are providing new ways of promoting health and reducing the cost of care. Although data can be kept encrypted in servers, the user does not have the ability to decide whom the data are shared with. Technically this is linked to the problem of who owns the data encryption keys required to decrypt the data. Currently, cloud service providers, rather than users, have full rights to the key. In practical terms this makes the users lose full control over their data. Trust and uptake of these applications can be increased by allowing patients to feel in control of their data, generally stored in cloud-based services. This paper addresses this security challenge by providing the user a way of controlling encryption keys independently of the cloud service provider. We provide a secure and usable system that enables a patient to share health information with doctors and specialists. We contribute a secure protocol for patients to share their data with doctors and others on the cloud while keeping complete ownership. We developed a simple, stereotypical health application and carried out security tests, performance tests, and usability tests with both students and doctors (N=15). We developed the health application as an app for Android mobile phones. We carried out the usability tests on potential participants and medical professionals. Of 20 participants, 14 (70%) either agreed or strongly agreed that they felt safer using our system. Using mixed methods, we show that participants agreed that privacy and security of health data are important and that our system addresses these issues. We presented a security protocol that enables patients to securely share their eHealth data with doctors and nurses and developed a secure and usable system that enables patients to share mental health information with doctors.

Memory attacks on device-independent quantum cryptography.

PubMed

Barrett, Jonathan; Colbeck, Roger; Kent, Adrian

2013-01-04

Device-independent quantum cryptographic schemes aim to guarantee security to users based only on the output statistics of any components used, and without the need to verify their internal functionality. Since this would protect users against untrustworthy or incompetent manufacturers, sabotage, or device degradation, this idea has excited much interest, and many device-independent schemes have been proposed. Here we identify a critical weakness of device-independent protocols that rely on public communication between secure laboratories. Untrusted devices may record their inputs and outputs and reveal information about them via publicly discussed outputs during later runs. Reusing devices thus compromises the security of a protocol and risks leaking secret data. Possible defenses include securely destroying or isolating used devices. However, these are costly and often impractical. We propose other more practical partial defenses as well as a new protocol structure for device-independent quantum key distribution that aims to achieve composable security in the case of two parties using a small number of devices to repeatedly share keys with each other (and no other party).

Quantum Secure Direct Communication with Quantum Memory

NASA Astrophysics Data System (ADS)

Zhang, Wei; Ding, Dong-Sheng; Sheng, Yu-Bo; Zhou, Lan; Shi, Bao-Sen; Guo, Guang-Can

2017-06-01

Quantum communication provides an absolute security advantage, and it has been widely developed over the past 30 years. As an important branch of quantum communication, quantum secure direct communication (QSDC) promotes high security and instantaneousness in communication through directly transmitting messages over a quantum channel. The full implementation of a quantum protocol always requires the ability to control the transfer of a message effectively in the time domain; thus, it is essential to combine QSDC with quantum memory to accomplish the communication task. In this Letter, we report the experimental demonstration of QSDC with state-of-the-art atomic quantum memory for the first time in principle. We use the polarization degrees of freedom of photons as the information carrier, and the fidelity of entanglement decoding is verified as approximately 90%. Our work completes a fundamental step toward practical QSDC and demonstrates a potential application for long-distance quantum communication in a quantum network.

Quantum Secure Direct Communication with Quantum Memory.

PubMed

Zhang, Wei; Ding, Dong-Sheng; Sheng, Yu-Bo; Zhou, Lan; Shi, Bao-Sen; Guo, Guang-Can

2017-06-02

Quantum communication provides an absolute security advantage, and it has been widely developed over the past 30 years. As an important branch of quantum communication, quantum secure direct communication (QSDC) promotes high security and instantaneousness in communication through directly transmitting messages over a quantum channel. The full implementation of a quantum protocol always requires the ability to control the transfer of a message effectively in the time domain; thus, it is essential to combine QSDC with quantum memory to accomplish the communication task. In this Letter, we report the experimental demonstration of QSDC with state-of-the-art atomic quantum memory for the first time in principle. We use the polarization degrees of freedom of photons as the information carrier, and the fidelity of entanglement decoding is verified as approximately 90%. Our work completes a fundamental step toward practical QSDC and demonstrates a potential application for long-distance quantum communication in a quantum network.

Mission Assurance Modeling and Simulation: A Cyber Security Roadmap

NASA Technical Reports Server (NTRS)

Gendron, Gerald; Roberts, David; Poole, Donold; Aquino, Anna

2012-01-01

This paper proposes a cyber security modeling and simulation roadmap to enhance mission assurance governance and establish risk reduction processes within constrained budgets. The term mission assurance stems from risk management work by Carnegie Mellon's Software Engineering Institute in the late 19905. By 2010, the Defense Information Systems Agency revised its cyber strategy and established the Program Executive Officer-Mission Assurance. This highlights a shift from simply protecting data to balancing risk and begins a necessary dialogue to establish a cyber security roadmap. The Military Operations Research Society has recommended a cyber community of practice, recognizing there are too few professionals having both cyber and analytic experience. The authors characterize the limited body of knowledge in this symbiotic relationship. This paper identifies operational and research requirements for mission assurance M&S supporting defense and homeland security. M&S techniques are needed for enterprise oversight of cyber investments, test and evaluation, policy, training, and analysis.

The impact of rewards on empowering public nurses.

PubMed

Gkorezis, Panagiotis; Petridou, Eugenia

2011-05-01

Employee empowerment is regarded as an essential management practice that may offer various benefits in health-care organizations. Despite a growing research body regarding the antecedents of psychological empowerment, the literature indicates limited empirical evidence on the effect of rewards on nurses' psychological empowerment. Thus, the purpose of this paper is to examine the impact of a bundle of rewards, namely skill variety, information, recognition and job security, on the psychological empowerment of public nurses. Further, this study investigates the influence of demographics on this construct. Data from 258 public nurses demonstrate that information, recognition and job security have a significant association with employees' feelings of psychological empowerment. This study shows no relationship between skill variety and psychological empowerment. With respect to demographics, age, work experience and tenure have an impact on psychological empowerment.

Freedom, security and justice: the thin end of the wedge for biometrics?

PubMed

Lodge, Juliet

2007-01-01

This paper examines an area of EU policy where the application of information and communication tecnology (ICT) poses acutely difficult problems for policymakers: freedom, security and justice. It focuses on the absence of an ethical debate about the adoption of ICT-based instruments in this area. It highlights the implausibility of simply adopting codes of ethical practice from the health sector to close the public trust deficit. It argues that health and justice professionals need to cooperate in order to create a code of ethical e-governance fit for an e-governance age.

The Regulatory Framework for Privacy and Security

NASA Astrophysics Data System (ADS)

Hiller, Janine S.

The internet enables the easy collection of massive amounts of personally identifiable information. Unregulated data collection causes distrust and conflicts with widely accepted principles of privacy. The regulatory framework in the United States for ensuring privacy and security in the online environment consists of federal, state, and self-regulatory elements. New laws have been passed to address technological and internet practices that conflict with privacy protecting policies. The United States and the European Union approaches to privacy differ significantly, and the global internet environment will likely cause regulators to face the challenge of balancing privacy interests with data collection for many years to come.

Phase-Reference-Free Experiment of Measurement-Device-Independent Quantum Key Distribution

NASA Astrophysics Data System (ADS)

Wang, Chao; Song, Xiao-Tian; Yin, Zhen-Qiang; Wang, Shuang; Chen, Wei; Zhang, Chun-Mei; Guo, Guang-Can; Han, Zheng-Fu

2015-10-01

Measurement-device-independent quantum key distribution (MDI QKD) is a substantial step toward practical information-theoretic security for key sharing between remote legitimate users (Alice and Bob). As with other standard device-dependent quantum key distribution protocols, such as BB84, MDI QKD assumes that the reference frames have been shared between Alice and Bob. In practice, a nontrivial alignment procedure is often necessary, which requires system resources and may significantly reduce the secure key generation rate. Here, we propose a phase-coding reference-frame-independent MDI QKD scheme that requires no phase alignment between the interferometers of two distant legitimate parties. As a demonstration, a proof-of-principle experiment using Faraday-Michelson interferometers is presented. The experimental system worked at 1 MHz, and an average secure key rate of 8.309 bps was obtained at a fiber length of 20 km between Alice and Bob. The system can maintain a positive key generation rate without phase compensation under normal conditions. The results exhibit the feasibility of our system for use in mature MDI QKD devices and its value for network scenarios.

Physician office readiness for managing Internet security threats.

PubMed

Keshavjee, K; Pairaudeau, N; Bhanji, A

2006-01-01

Internet security threats are evolving toward more targeted and focused attacks.Increasingly, organized crime is involved and they are interested in identity theft. Physicians who use Internet in their practice are at risk for being invaded. We studied 16 physician practices in Southern Ontario for their readiness to manage internet security threats. Overall, physicians have an over-inflated sense of preparedness. Security practices such as maintaining a firewall and conducting regular virus checks were not consistently done.

Physician Office Readiness for Managing Internet Security Threats

PubMed Central

Keshavjee, K; Pairaudeau, N; Bhanji, A

2006-01-01

Internet security threats are evolving toward more targeted and focused attacks. Increasingly, organized crime is involved and they are interested in identity theft. Physicians who use Internet in their practice are at risk for being invaded. We studied 16 physician practices in Southern Ontario for their readiness to manage internet security threats. Overall, physicians have an over-inflated sense of preparedness. Security practices such as maintaining a firewall and conducting regular virus checks were not consistently done. PMID:17238600

Mobile agent application and integration in electronic anamnesis system.

PubMed

Liu, Chia-Hui; Chung, Yu-Fang; Chen, Tzer-Shyong; Wang, Sheng-De

2012-06-01

Electronic anamnesis is to transform ordinary paper trails to digitally formatted health records, which include the patient's general information, health status, and follow-ups on chronic diseases. Its main purpose is to let the records could be stored for a longer period of time and could be shared easily across departments and hospitals. Which means hospital management could use less resource on maintaining ever-growing database and reduce redundancy, so less money would be spent for managing the health records. In the foreseeable future, building up a comprehensive and integrated medical information system is a must, because it is critical to hospital resource integration and quality improvement. If mobile agent technology is adopted in the electronic anamnesis system, it would help the hospitals to make the medical practices more efficiently and conveniently. Nonetheless, most of the hospitals today are still using paper-based health records to manage the medical information. The reason why the institutions continue using traditional practices to manage the records is because there is no well-trusted and reliable electronic anamnesis system existing and accepted by both institutions and patients. The threat of privacy invasion is one of the biggest concerns when the topic of electronic anamnesis is brought up, because the security threats drag us back from using such a system. So, the medical service quality is difficult to be improved substantially. In this case, we have come up a theory to remove such security threats and make electronic anamnesis more appealing for use. Our theory is to integrate the mobile agent technology with the backbone of electronic anamnesis to construct a hierarchical access control system to retrieve the corresponding information based upon the permission classes. The system would create a classification for permission among the users inside the medical institution. Under this framework, permission control center would distribute an access key to each user, so they would only allow using the key to access information correspondingly. In order to verify the reliability of the proposed system framework, we have also conducted a security analysis to list all the possible security threats that may harm the system and to prove the system is reliable and safe. If the system is adopted, the doctors would be able to quickly access the information while performing medical examinations. Hence, the efficiency and quality of healthcare service would be greatly improved.

Practical and secure telemedicine systems for user mobility.

PubMed

Rezaeibagha, Fatemeh; Mu, Yi

2018-02-01

The application of wireless devices has led to a significant improvement in the quality delivery of care in telemedicine systems. Patients who live in a remote area are able to communicate with the healthcare provider and benefit from the doctor consultations. However, it has been a challenge to provide a secure telemedicine system, which captures users (patients and doctors) mobility and patient privacy. In this work, we present several secure protocols for telemedicine systems, which ensure the secure communication between patients and doctors who are located in different geographical locations. Our protocols are the first of this kind featured with confidentiality of patient information, mutual authentication, patient anonymity, data integrity, freshness of communication, and mobility. Our protocols are based on symmetric-key schemes and capture all desirable security requirements in order to better serve our objectives of research for secure telemedicine services; therefore, they are very efficient in implementation. A comparison with related works shows that our work contributes first comprehensive solution to capture user mobility and patient privacy for telemedicine systems. Copyright © 2018 Elsevier Inc. All rights reserved.

Two-dimensional distributed-phase-reference protocol for quantum key distribution

NASA Astrophysics Data System (ADS)

Bacco, Davide; Christensen, Jesper Bjerge; Castaneda, Mario A. Usuga; Ding, Yunhong; Forchhammer, Søren; Rottwitt, Karsten; Oxenløwe, Leif Katsuo

2016-12-01

Quantum key distribution (QKD) and quantum communication enable the secure exchange of information between remote parties. Currently, the distributed-phase-reference (DPR) protocols, which are based on weak coherent pulses, are among the most practical solutions for long-range QKD. During the last 10 years, long-distance fiber-based DPR systems have been successfully demonstrated, although fundamental obstacles such as intrinsic channel losses limit their performance. Here, we introduce the first two-dimensional DPR-QKD protocol in which information is encoded in the time and phase of weak coherent pulses. The ability of extracting two bits of information per detection event, enables a higher secret key rate in specific realistic network scenarios. Moreover, despite the use of more dimensions, the proposed protocol remains simple, practical, and fully integrable.

Two-dimensional distributed-phase-reference protocol for quantum key distribution.

PubMed

Bacco, Davide; Christensen, Jesper Bjerge; Castaneda, Mario A Usuga; Ding, Yunhong; Forchhammer, Søren; Rottwitt, Karsten; Oxenløwe, Leif Katsuo

2016-12-22

Quantum key distribution (QKD) and quantum communication enable the secure exchange of information between remote parties. Currently, the distributed-phase-reference (DPR) protocols, which are based on weak coherent pulses, are among the most practical solutions for long-range QKD. During the last 10 years, long-distance fiber-based DPR systems have been successfully demonstrated, although fundamental obstacles such as intrinsic channel losses limit their performance. Here, we introduce the first two-dimensional DPR-QKD protocol in which information is encoded in the time and phase of weak coherent pulses. The ability of extracting two bits of information per detection event, enables a higher secret key rate in specific realistic network scenarios. Moreover, despite the use of more dimensions, the proposed protocol remains simple, practical, and fully integrable.

Two-dimensional distributed-phase-reference protocol for quantum key distribution

PubMed Central

Bacco, Davide; Christensen, Jesper Bjerge; Castaneda, Mario A. Usuga; Ding, Yunhong; Forchhammer, Søren; Rottwitt, Karsten; Oxenløwe, Leif Katsuo

2016-01-01

Quantum key distribution (QKD) and quantum communication enable the secure exchange of information between remote parties. Currently, the distributed-phase-reference (DPR) protocols, which are based on weak coherent pulses, are among the most practical solutions for long-range QKD. During the last 10 years, long-distance fiber-based DPR systems have been successfully demonstrated, although fundamental obstacles such as intrinsic channel losses limit their performance. Here, we introduce the first two-dimensional DPR-QKD protocol in which information is encoded in the time and phase of weak coherent pulses. The ability of extracting two bits of information per detection event, enables a higher secret key rate in specific realistic network scenarios. Moreover, despite the use of more dimensions, the proposed protocol remains simple, practical, and fully integrable. PMID:28004821

Cyber crimes.

PubMed

Nuzback, Kara

2014-07-01

Since it began offering cyber liability coverage in December 2011, the Texas Medical Liability Trust has received more than 150 cyber liability claims, most of which involved breaches of electronic protected health information. TMLT's cyber liability insurance will protect practices financially should a breach occur. The insurance covers a breach notification to customers and business partners, expenses for legal counsel, information security and forensic data services, public relations support, call center and website support, credit monitoring, and identity theft restoration services.

The research and implementation of a unified identity authentication in e-government network

NASA Astrophysics Data System (ADS)

Feng, Zhou

Current problem existing in e-government network is that the applications of information system are developed independently by various departments, and each has its own specific set of authentication and access control mechanism. To build a comprehensive information system in favor of sharing and exchanging information, a sound and secure unified e-government authentication system is firstly needed. The paper, combining with practical development of e-government network, carries out a thorough discussion on how to achieve data synchronization between unified authentication system and related application systems.

A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

ERIC Educational Resources Information Center

Francois, Michael T.

2016-01-01

Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

Measurement-device-independent quantum digital signatures

NASA Astrophysics Data System (ADS)

Puthoor, Ittoop Vergheese; Amiri, Ryan; Wallden, Petros; Curty, Marcos; Andersson, Erika

2016-08-01

Digital signatures play an important role in software distribution, modern communication, and financial transactions, where it is important to detect forgery and tampering. Signatures are a cryptographic technique for validating the authenticity and integrity of messages, software, or digital documents. The security of currently used classical schemes relies on computational assumptions. Quantum digital signatures (QDS), on the other hand, provide information-theoretic security based on the laws of quantum physics. Recent work on QDS Amiri et al., Phys. Rev. A 93, 032325 (2016);, 10.1103/PhysRevA.93.032325 Yin, Fu, and Zeng-Bing, Phys. Rev. A 93, 032316 (2016), 10.1103/PhysRevA.93.032316 shows that such schemes do not require trusted quantum channels and are unconditionally secure against general coherent attacks. However, in practical QDS, just as in quantum key distribution (QKD), the detectors can be subjected to side-channel attacks, which can make the actual implementations insecure. Motivated by the idea of measurement-device-independent quantum key distribution (MDI-QKD), we present a measurement-device-independent QDS (MDI-QDS) scheme, which is secure against all detector side-channel attacks. Based on the rapid development of practical MDI-QKD, our MDI-QDS protocol could also be experimentally implemented, since it requires a similar experimental setup.

The Shaping of Managers' Security Objectives through Information Security Awareness Training

ERIC Educational Resources Information Center

Harris, Mark A.

2010-01-01

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

Data security and patient confidentiality: the manager's role.

PubMed

Fisher, F; Madge, B

1996-10-01

The maintenance of patient confidentiality is of utmost importance in the doctor patient relationship. With the advent of networks such as the National Health Service Wide Area Network in the UK, the potential to transmit identifiable clinical data will become greater. Links between general practitioners (GPs) and hospitals will allow the rapid transmission of data which if intercepted could be potentially embarrassing to the patient concerned. In 1994 the British Medical Association launched a draft bill on privacy and confidentiality and in association with this bill it is pushing for encryption of all clinical data across electronic networks. The manager's role within an acute hospital, community units and general practice, is to ensure that all employees are aware of the principles of data protection, security of hospital computer systems and that no obvious breaches of security can occur at publicly accessible terminals. Managers must be kept up to date with the latest developments in computer security such as digital signatures and be prepared to instigate these developments where practically possible. Managers must also take responsibility for the monitoring of access to terminals and be prepared to deal severely with staff who breach the code of confidentiality. Each manager must be kept informed of employees status with regard to their 'need to know' clearance level and also to promote confidentiality of patient details throughout the hospital. All of the management team must be prepared to train new staff in the principles of data security as they join the organisation and recognise their accountability if the programme fails. Data security and patient confidentiality is a broad responsibility in any healthcare organisation, with the Chief Executive accountable. In family practice, the partners are responsible and accountable. The British Medical Association believes as a matter of policy, that allowing access to personal health data without the patients consent, except in a legally allowable situation, should be a statutory offence.

The use of big data in transfusion medicine.

PubMed

Pendry, K

2015-06-01

'Big data' refers to the huge quantities of digital information now available that describe much of human activity. The science of data management and analysis is rapidly developing to enable organisations to convert data into useful information and knowledge. Electronic health records and new developments in Pathology Informatics now support the collection of 'big laboratory and clinical data', and these digital innovations are now being applied to transfusion medicine. To use big data effectively, we must address concerns about confidentiality and the need for a change in culture and practice, remove barriers to adopting common operating systems and data standards and ensure the safe and secure storage of sensitive personal information. In the UK, the aim is to formulate a single set of data and standards for communicating test results and so enable pathology data to contribute to national datasets. In transfusion, big data has been used for benchmarking, detection of transfusion-related complications, determining patterns of blood use and definition of blood order schedules for surgery. More generally, rapidly available information can monitor compliance with key performance indicators for patient blood management and inventory management leading to better patient care and reduced use of blood. The challenges of enabling reliable systems and analysis of big data and securing funding in the restrictive financial climate are formidable, but not insurmountable. The promise is that digital information will soon improve the implementation of best practice in transfusion medicine and patient blood management globally. © 2015 British Blood Transfusion Society.

Making the Match: Finding Funding for after School Education and Safety Programs

ERIC Educational Resources Information Center

Sandel, Kate; Hayes, Cheryl; Anuszkiewicz, Brittany; Cohen, Carol; Deich, Sharon

2007-01-01

This guide aims to help California leaders in schools, school districts, and community-based organizations meet the After School Education and Safety (ASES) Program matching requirement and secure funding. This guide is filled with practical information on how to attract and work with school and community partners; how to adopt a strategic…

77 FR 66843 - The PPG Architectural Finishes, Inc.; Analysis of Proposed Consent Order To Aid Public Comment

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-07

... does not include any sensitive personal information, like anyone's Social Security number, date of... the agreement or make final the agreement's proposed order. This matter involves PPG's marketing and... prevent PPG from engaging in similar acts and practices in the future. Part I addresses the marketing of...

Social Marketing Traction: A Practical Resource Book for Social Marketing.

ERIC Educational Resources Information Center

Hanlon, Eileen; Lane, Amy; Romano, Rose Mary

This book is about understanding people's behavior and changing that behavior using a discipline called "social marketing." It is based on the idea that all marketing is an exchange: if you want people to change their behavior, you have to offer them something, be it security, information, an image, or a feeling of belonging. The book…

Living in Spain. A Brief Introduction or Review of the Culture and Language of Spain for Visitors, Students, and Business Travelers. First Edition.

ERIC Educational Resources Information Center

Fantini, Alvino E.; Enriquez A., Cristina

The guide offers practical information on various aspects of daily living, including: money; banks; food; restaurants; hotels; tipping; postal and telecommunications services; transportation; shopping; health and medical care; safety and security; electricity; measurement and clothing size conversions; greetings and leave-takings; titles and forms…

Regulation of health information processing in an outsourcing environment.

PubMed

2004-06-01

Policy makers must consider the work force, technology, cost, and legal implications of their legislative proposals. AHIMA, AAMT, CHIA, and MTIA urge lawmakers to craft regulatory solutions that enforce HIPAA and support advancements in modern health information processing practices that improve the quality and cost of healthcare. We also urge increased investment in health information work force development and implementation of new technologies to advance critical healthcare outcomes--timely, accurate, accessible, and secure information to support patient care. It is essential that state legislatures reinforce the importance of improving information processing solutions for healthcare and not take actions that will produce unintended and detrimental consequences.

A layered trust information security architecture.

PubMed

de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

2014-12-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

77 FR 12623 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National... Information Security Oversight Office no later than Friday, March 16, 2012. The Information Security Oversight... FURTHER INFORMATION CONTACT: David O. Best, Senior Program Analyst, The Information Security Oversight...

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

75 FR 49943 - New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-16

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY: Transportation... INFORMATION CONTACT: Joanna Johnson, Office of Information Technology, TSA-11, Transportation Security...

Secure searching of biomarkers through hybrid homomorphic encryption scheme.

PubMed

Kim, Miran; Song, Yongsoo; Cheon, Jung Hee

2017-07-26

As genome sequencing technology develops rapidly, there has lately been an increasing need to keep genomic data secure even when stored in the cloud and still used for research. We are interested in designing a protocol for the secure outsourcing matching problem on encrypted data. We propose an efficient method to securely search a matching position with the query data and extract some information at the position. After decryption, only a small amount of comparisons with the query information should be performed in plaintext state. We apply this method to find a set of biomarkers in encrypted genomes. The important feature of our method is to encode a genomic database as a single element of polynomial ring. Since our method requires a single homomorphic multiplication of hybrid scheme for query computation, it has the advantage over the previous methods in parameter size, computation complexity, and communication cost. In particular, the extraction procedure not only prevents leakage of database information that has not been queried by user but also reduces the communication cost by half. We evaluate the performance of our method and verify that the computation on large-scale personal data can be securely and practically outsourced to a cloud environment during data analysis. It takes about 3.9 s to search-and-extract the reference and alternate sequences at the queried position in a database of size 4M. Our solution for finding a set of biomarkers in DNA sequences shows the progress of cryptographic techniques in terms of their capability can support real-world genome data analysis in a cloud environment.

Correctional nursing: a study protocol to develop an educational intervention to optimize nursing practice in a unique context.

PubMed

Almost, Joan; Gifford, Wendy A; Doran, Diane; Ogilvie, Linda; Miller, Crystal; Rose, Don N; Squires, Mae

2013-06-21

Nurses are the primary healthcare providers in correctional facilities. A solid knowledge and expertise that includes the use of research evidence in clinical decision making is needed to optimize nursing practice and promote positive health outcomes within these settings. The institutional emphasis on custodial care within a heavily secured, regulated, and punitive environment presents unique contextual challenges for nursing practice. Subsequently, correctional nurses are not always able to obtain training or ongoing education that is required for broad scopes of practice. The purpose of the proposed study is to develop an educational intervention for correctional nurses to support the provision of evidence-informed care. A two-phase mixed methods research design will be used. The setting will be three provincial correctional facilities. Phase one will focus on identifying nurses' scope of practice and practice needs, describing work environment characteristics that support evidence-informed practice and developing the intervention. Semi-structured interviews will be completed with nurses and nurse managers. To facilitate priorities for the intervention, a Delphi process will be used to rank the learning needs identified by participants. Based on findings, an online intervention will be developed. Phase two will involve evaluating the acceptability and feasibility of the intervention to inform a future experimental design. The context of provincial correctional facilities presents unique challenges for nurses' provision of care. This study will generate information to address practice and learning needs specific to correctional nurses. Interventions tailored to barriers and supports within specific contexts are important to enable nurses to provide evidence-informed care.

5 CFR 9701.517 - Unfair labor practices.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 9701.517 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.517 Unfair labor practices. (a) For the...

[Application of classified protection of information security in the information system of air pollution and health impact monitoring].

PubMed

Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

2018-01-01

To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

Safety, security and dual-use chemicals

DOE PAGES

Walters, Douglas B.; Ho, Pauline; Hardesty, Jasper

2014-12-18

Many chemicals that are frequently used in laboratories and industries can be harmful if not handled properly. Chemical safety best practices are designed to protect people from accidentally being exposed to hazardous chemicals. On the other hand, chemical security best practices are designed to protect people from someone deliberately exposing others to hazardous chemicals. Finally, many chemical safety best practices overlap with chemical security best practices, but there are important differences, as will be discussed in this paper.

14 CFR 1203.201 - Information security objectives.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

14 CFR 1203.201 - Information security objectives.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

Evaluating the feasibility of using online software to collect patient information in a chiropractic practice-based research network.

PubMed

Kania-Richmond, Ania; Weeks, Laura; Scholten, Jeffrey; Reney, Mikaël

2016-03-01

Practice based research networks (PBRNs) are increasingly used as a tool for evidence based practice. We developed and tested the feasibility of using software to enable online collection of patient data within a chiropractic PBRN to support clinical decision making and research in participating clinics. To assess the feasibility of using online software to collect quality patient information. The study consisted of two phases: 1) Assessment of the quality of information provided, using a standardized form; and 2) Exploration of patients' perspectives and experiences regarding online information provision through semi-structured interviews. Data analysis was descriptive. Forty-five new patients were recruited. Thirty-six completed online forms, which were submitted by an appropriate person 100% of the time, with an error rate of less than 1%, and submitted in a timely manner 83% of the time. Twenty-one participants were interviewed. Overall, online forms were preferred given perceived security, ease of use, and enabling provision of more accurate information. Use of online software is feasible, provides high quality information, and is preferred by most participants. A pen-and-paper format should be available for patients with this preference and in case of technical difficulties.

76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-15

...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

Evidence-Based Parenting Interventions to Promote Secure Attachment

PubMed Central

Wright, Barry; Edginton, Elizabeth

2016-01-01

Various interventions are used in clinical practice to address insecure or disorganized attachment patterns and attachment disorders. The most common of these are parenting interventions, but not all have a robust empirical evidence base. We undertook a systematic review of randomized trials comparing a parenting intervention with a control, where these used a validated attachment instrument, in order to evaluate the clinical and cost-effectiveness of interventions aiming to improve attachment in children with severe attachment problems (mean age <13 years). This article aims to inform clinicians about the parenting interventions included in our systematic review that were clinically effective in promoting secure attachment. For completeness, we also briefly discuss other interventions without randomized controlled trial evidence, identified in Patient Public Involvement workshops and expert groups at the point our review was completed as being used or recommended. We outline the key implications of our findings for clinical practice and future research. PMID:27583298

Risk to Water Security on Small Islands

NASA Astrophysics Data System (ADS)

Holding, S. T.; Allen, D. M.

2013-12-01

The majority of fresh water available on small islands is shallow groundwater that forms a freshwater lens. Freshwater lenses are generally limited in extent and as such are vulnerable to many stressors that impact water security. These include stressors related to climate change, such as sea level rise, as well as those related to human impacts, such as contamination. Traditionally, water security assessments have focussed on indicators that provide a snapshot of the current condition. However, recent work suggests that in order to effectively manage the water system, it is also important to consider uncertain future impacts to the system by evaluating how different stressors might impact water security. In this study, a framework for assessing risk to water security was developed and tested on Andros Island in The Bahamas. The assessment comprises two main components that characterise the water system: numerical modelling studies and a hazard survey. A baseline numerical model of the freshwater lens throughout Andros Island was developed to simulate the morphology of the freshwater lens and estimate the freshwater resources currently available. The model was prepared using SEAWAT, a density-dependent flow and solute transport code. Various stressors were simulated in the model to evaluate the response of the freshwater lens to predicted future shifts in climate patterns, sea level rise, and changes in water use. A hazard survey was also conducted on the island to collect information related to the storage of contaminants, sanitation infrastructure, waste disposal practices and groundwater abstraction rates. The results of the survey form a geo-spatial database of the location and associated hazards to the freshwater lens. The resulting risk framework provides a ranking of overall risk to water security based on information from the numerical modelling and hazard survey. The risk framework is implemented in a Geographic Information System (GIS) and provides a map of the risk to water security throughout Andros Island. It evaluates risk to water security for current and future scenarios and will enable water resource managers to effectively adapt to future impacts on water security.

Can GPs working in secure environments in England re-license using the Royal College of General Practitioners revalidation proposals?

PubMed Central

2012-01-01

Background Revalidation for UK doctors is expected to be introduced from late 2012. For general practitioners (GPs), this entails collecting supporting information to be submitted and assessed in a revalidation portfolio every five years. The aim of this study was to explore the feasibility of GPs working in secure environments to collect supporting information for the Royal College of General Practitioners’ (RCGP) proposed revalidation portfolio. Methods We invited GPs working in secure environments in England to submit items of supporting information collected during the previous 12 months using criteria and standards required for the proposed RCGP revalidation portfolio and complete a GP issues log. Initial focus groups and initial and follow-up semi-structured face-to-face and telephone interviews were held to explore GPs’ views of this process. Quantitative and qualitative data were analysed using descriptive statistics and identifying themes respectively. Results Of the 50 GPs who consented to participate in the study, 20 submitted a portfolio. Thirty-eight GPs participated in an initial interview, nine took part in a follow-up interview and 17 completed a GP issues log. GPs reported difficulty in collecting supporting information for valid patient feedback, full-cycle clinical audits and evidence for their extended practice role(s) as sessional practitioners in the high population turnover custodial environment. Peripatetic practitioners experienced more difficulty than their institution based counterparts collating this evidence. Conclusions GPs working in secure environments may experience difficulties in collecting the newer types of supporting information for the proposed RCGP revalidation portfolio primarily due to their employment status within a non-medical environment and characteristics of the detainee population. Increased support from secure environment service commissioners and employers will be a prerequisite for these practitioners to enable them to re-license using the RCGP revalidation proposals. PMID:23253694

Gifts, bribes and solicitions: print media and the social construction of informal payments to doctors in Taiwan.

PubMed

Chiu, Yu-Chan; Smith, Katherine Clegg; Morlock, Laura; Wissow, Lawrence

2007-02-01

The Taiwanese practice of patients giving informal payments to physicians to secure services is deeply rooted in social and cultural factors. This study examines the portrayal of informal payments by Taiwanese print news media over a period of 12 years-from prior to until after the implementation of national health insurance (NHI) in Taiwan in 1995. The goal of the study was to examine how the advent of NHI changed the rationale for and use of informal payments. Both before and after the introduction of NHI, Taiwanese newspapers portrayed informal payments as appropriate means to secure access to better health care. Newspaper accounts established that, although NHI reduced patients' financial barriers to care, it did not change deeply held cultural beliefs that good care depended on the development of a reciprocal sense of obligation between patients and physicians. Physicians may have also encouraged the ongoing use of informal payments to make up revenue lost when NHI standardized fees and limited income from dispensing medications. In 2002, seven years after the implementation of NHI, the use of informal payments, though illegal, was still being justified in the print media through allusions to its role in traditional Taiwanese culture.

Tensions of network security and collaborative work practice: understanding a single sign-on deployment in a regional hospital.

PubMed

Heckle, Rosa R; Lutters, Wayne G

2011-08-01

Healthcare providers and their IT staff, working in an effort to balance appropriate accessibility with stricter security mandates, are considering the use of a single network sign-on approach for authentication and password management. Single sign-on (SSO) promises to improve usability of authentication for multiple-system users, increase compliance, and help curb system maintenance costs. However, complexities are introduced when SSO is placed within a collaborative environment. These complexities include unanticipated workflow implications that introduce greater security vulnerability for the individual user. OBJECTIVES AND METHODOLOGY: In this work, we examine the challenges of implementing a single sign-on authentication technology in a hospital environment. The aim of the study was to document the factors that affected SSO adoption within the context of use. The ultimate goal is to better inform the design of usable authentication systems within collaborative healthcare work sites. The primary data collection techniques used are ethnographically informed - observation, contextual interviews, and document review. The study included a cross-section of individuals from various departments and varying rolls. These participants were a mix of both clinical and administrative staff, as well as the Information Technology group. The field work revealed fundamental mis-matches between the technology and routine work practices that will significantly impact its effective adoption. While single sign-on was effective in the administrative offices, SSO was not a good fit for collaborative areas. The collaborative needs of the clinical staff unearthed tensions in its implementation. An analysis of the findings revealed that the workflow, activities, and physical environment of the clinical areas create increased security vulnerabilities for the individual user. The clinical users were cognizant of these vulnerabilities and this created resistance to the implementation due to a concern for privacy. From a preliminary analysis of our on-going field study at a community hospital, there appears to be a number of mismatches between the SSO vision and the realities of routine work. While we cannot conclusively say if a SSO adoption will be effective in meeting its goals in a hospital environment, we do know that it will affect the work practice and that will make the management of the SSO system problematic. Copyright © 2011 Elsevier Ireland Ltd. All rights reserved.

A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS.

PubMed

Das, Ashok Kumar; Odelu, Vanga; Goswami, Adrijit

2015-09-01

The telecare medicine information system (TMIS) helps the patients to gain the health monitoring facility at home and access medical services over the Internet of mobile networks. Recently, Amin and Biswas presented a smart card based user authentication and key agreement security protocol usable for TMIS system using the cryptographic one-way hash function and biohashing function, and claimed that their scheme is secure against all possible attacks. Though their scheme is efficient due to usage of one-way hash function, we show that their scheme has several security pitfalls and design flaws, such as (1) it fails to protect privileged-insider attack, (2) it fails to protect strong replay attack, (3) it fails to protect strong man-in-the-middle attack, (4) it has design flaw in user registration phase, (5) it has design flaw in login phase, (6) it has design flaw in password change phase, (7) it lacks of supporting biometric update phase, and (8) it has flaws in formal security analysis. In order to withstand these security pitfalls and design flaws, we aim to propose a secure and robust user authenticated key agreement scheme for the hierarchical multi-server environment suitable in TMIS using the cryptographic one-way hash function and fuzzy extractor. Through the rigorous security analysis including the formal security analysis using the widely-accepted Burrows-Abadi-Needham (BAN) logic, the formal security analysis under the random oracle model and the informal security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results show that our scheme is also secure. Our scheme is more efficient in computation and communication as compared to Amin-Biswas's scheme and other related schemes. In addition, our scheme supports extra functionality features as compared to other related schemes. As a result, our scheme is very appropriate for practical applications in TMIS.

Balancing entrepreneurship and business practices for e-collaboration: responsible information sharing in academic research.

PubMed

Porter, Mark W; Porter, Mark William; Milley, David; Oliveti, Kristyn; Ladd, Allen; O'Hara, Ryan J; Desai, Bimal R; White, Peter S

2008-11-06

Flexible, highly accessible collaboration tools can inherently conflict with controls placed on information sharing by offices charged with privacy protection, compliance, and maintenance of the general business environment. Our implementation of a commercial enterprise wiki within the academic research environment addresses concerns of all involved through the development of a robust user training program, a suite of software customizations that enhance security elements, a robust auditing program, allowance for inter-institutional wiki collaboration, and wiki-specific governance.

44 CFR 8.3 - Senior FEMA official responsible for the information security program.

Code of Federal Regulations, 2011 CFR

2011-10-01

... responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.3 Senior FEMA official responsible for the information security program. The Director of the Security...

75 FR 44800 - Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-29

... DEPARTMENT OF HOMELAND SECURITY Notice of Meeting of the Homeland Security Information Network... Security. ACTION: Notice of open meeting. SUMMARY: The Homeland Security Information Network Advisory... (Pub. L. 92-463). The mission of the Homeland Security Information Network Advisory Committee is to...

Eating and Weight-related Parenting of Adolescents in the Context of Food Insecurity

PubMed Central

MacLehose, Rich; Loth, Katie A.; Fisher, Jennifer O.; Larson, Nicole I.; Neumark-Sztainer, Dianne

2015-01-01

Background Food insecurity is hypothesized to influence mothers’ use of parenting strategies to regulate children’s eating. Little is known about the parenting practices directed toward adolescents in food insecure households. Objective Examine differences in use of eating- and weight-related parenting practices among mothers of adolescents by household food security status. Design Cross-sectional Participants/setting A socio-demographically diverse sample of mothers and adolescents from the Minneapolis/St. Paul metropolitan area who participated in the EAT 2010 and Project F-EAT studies in 2009–2010 (dyad n=2,087). Seventy percent of mothers identified as non-white. Main outcome measures Mother-reported use of parenting practices including pressuring children to eat, restricting high-calorie foods, and encouraging dieting. Statistical analyses performed Logistic regression models were used to determine the predicted probabilities of parenting practices among food secure, low food secure, and very low food secure households. Socio-demographic characteristics, mothers’ body mass index (BMI), and adolescents’ BMI-for-age percentile were examined as confounders. Results In unadjusted models, food insecure mothers were more likely than food secure mothers to frequently encourage their children to diet, comment on their child’s weight, be concerned about their child’s weight, use restrictive feeding practices, and use pressured feeding practices. After adjustment for socio-demographic characteristics and mothers’ and children’s BMI, compared to food secure mothers, mothers with low food security were more likely to frequently comment on their son’s weight (41.5% vs. 32.9%, prevalence difference (PD=8.6 (0.9, 16.3)) and mothers with very low food security were more likely to be concerned about their son’s weight (48.8% vs. 35.1%, PD=13.7 (3.5, 23.9)). Mothers with very low food security were more likely to frequently use restrictive feeding practices with their daughters compared to food secure mothers (33.0% vs. 20.5%, PD=12.4 (4.2, 20.7)). Conclusions Interventions to improve food insecure adolescents’ eating behaviors may benefit from supporting mothers’ use of health-promoting parenting practices. PMID:25824114

12 CFR 605.501 - Information Security Officer.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 12 Banks and Banking 6 2011-01-01 2011-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

12 CFR 605.501 - Information Security Officer.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

A Layered Trust Information Security Architecture

PubMed Central

de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

2014-01-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a... have access to matter revealing Secret or Confidential National Security Information or Restricted Data...

12 CFR 19.122 - Newspaper notice.

Code of Federal Regulations, 2013 CFR

2013-01-01

... Securities and Corporate Practices Division, Office of the Comptroller of the Currency, Washington, DC 20219... to the Securities and Corporate Practices Division, and to bank shareholders. ... Exemption Hearings Under Section 12(h) of the Securities Exchange Act of 1934 § 19.122 Newspaper notice...

12 CFR 19.122 - Newspaper notice.

Code of Federal Regulations, 2014 CFR

2014-01-01

... Securities and Corporate Practices Division, Office of the Comptroller of the Currency, Washington, DC 20219... to the Securities and Corporate Practices Division, and to bank shareholders. ... Exemption Hearings Under Section 12(h) of the Securities Exchange Act of 1934 § 19.122 Newspaper notice...

12 CFR 19.122 - Newspaper notice.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Securities and Corporate Practices Division, Office of the Comptroller of the Currency, Washington, DC 20219... to the Securities and Corporate Practices Division, and to bank shareholders. ... Exemption Hearings Under Section 12(h) of the Securities Exchange Act of 1934 § 19.122 Newspaper notice...

12 CFR 19.122 - Newspaper notice.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Securities and Corporate Practices Division, Office of the Comptroller of the Currency, Washington, DC 20219... to the Securities and Corporate Practices Division, and to bank shareholders. ... Exemption Hearings Under Section 12(h) of the Securities Exchange Act of 1934 § 19.122 Newspaper notice...

12 CFR 19.122 - Newspaper notice.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Securities and Corporate Practices Division, Office of the Comptroller of the Currency, Washington, DC 20219... to the Securities and Corporate Practices Division, and to bank shareholders. ... Exemption Hearings Under Section 12(h) of the Securities Exchange Act of 1934 § 19.122 Newspaper notice...

The Use of BS7799 Information Security Standard to Construct Mechanisms for the Management of Medical Organization Information Security

NASA Astrophysics Data System (ADS)

Liu, Shu-Fan; Chueh, Hao-En; Liao, Kuo-Hsiung

According to surveys, 80 % of security related events threatening information in medical organizations is due to improper management. Most research on information security has focused on information and security technology, such as network security and access control; rarely addressing issues at the management issues. The main purpose of this study is to construct a BS7799 based mechanism for the management of information with regard to security as it applies to medical organizations. This study analyzes and identifies the most common events related to information security in medical organizations and categorizes these events as high-risk, transferable-risk, and controlled-risk to facilitate the management of such risk.

Personalized health care and health information technology policy: an exploratory analysis.

PubMed

Wald, Jonathan S; Shapiro, Michael

2013-01-01

Personalized healthcare (PHC) is envisioned to enhance clinical practice decision-making using new genome-driven knowledge that tailors diagnosis, treatment, and prevention to the individual patient. In 2012, we conducted a focused environmental scan and informal interviews with fifteen experts to anticipate how PHC might impact health Information Technology (IT) policy in the United States. Findings indicatedthat PHC has a variable impact on current clinical practice, creates complex questions for providers, patients, and policy-makers, and will require a robust health IT infrastructure with advanced data architecture, clinical decision support, provider workflow tools, and re-use of clinical data for research. A number of health IT challenge areas were identified, along with five policy areas including: interoperable clinical decision support, standards for patient values and preferences, patient engagement, data transparency, and robust privacy and security.

ToHajiilee Economic Development, Inc.(TEDI) Feasibility Study for Utility-Scale Solar

DOE Office of Scientific and Technical Information (OSTI.GOV)

Burpo, Rob

2012-02-29

To Hajiilee Economic Development, Inc. (TEDI) is the economic development entity representing the ToHajiilee Chapter of the Navajo Nation, also known as the Caoncito Band of Navajo (CBN). Using DOE funding, TEDI assembled a team of qualified advisors to conduct a feasibility study for a utility-scale 30 MW Photovoltaic (PV) solar power generation facility on TEDI trust lands. The goal for this project has been to gather information and practical business commitments to successfully complete the feasibility analysis. The TEDI approach was to successively make informed decisions to select an appropriate technology best suited to the site, determine environmental viabilitymore » of the site, secure options for the sale of generated power, determine practicality of transmission and interconnection of power to the local grid, and secure preliminary commitments on project financing. The feasibility study has been completed and provides TEDI with a practical understanding of its business options in moving forward with developing a solar project on CBN tribal lands. Funding from DOE has allowed TEDI and its team of professional advisors to carefully select technology and business partners and build a business model to develop this utility-scale solar project. As a result of the positive feasibility findings, TEDI is moving forward with finalizing all pre-construction activities for its major renewable energy project.« less

Three-party Quantum Secure Direct Communication with Single Photons in both Polarization and Spatial-mode Degrees of Freedom

NASA Astrophysics Data System (ADS)

Wang, LiLi; Ma, WenPing; Wang, MeiLing; Shen, DongSu

2016-05-01

We present an efficient three-party quantum secure direct communication (QSDC) protocol with single photos in both polarization and spatial-mode degrees of freedom. The three legal parties' messages can be encoded on the polarization and the spatial-mode states of single photons independently with desired unitary operations. A party can obtain the other two parties' messages simultaneously through a quantum channel. Because no extra public information is transmitted in the classical channels, the drawback of information leakage or classical correlation does not exist in the proposed scheme. Moreover, the comprehensive security analysis shows that the presented QSDC network protocol can defend the outsider eavesdropper's several sorts of attacks. Compared with the single photons with only one degree of freedom, our protocol based on the single photons in two degrees of freedom has higher capacity. Since the preparation and the measurement of single photon quantum states in both the polarization and the spatial-mode degrees of freedom are available with current quantum techniques, the proposed protocol is practical.

Is your station secure?

PubMed

Patrick, Richard W

2003-07-01

All department personnel must practice and assure safety and security of stations, vehicles, equipment and related items. Keep vehicle bay doors closed unless the bays are physically occupied by a department member. When responding or leaving the station, ensure, after exiting the bay, that the door is closed. If confronted with questions pertaining to department operations, including SOPs and SOGs, box alarms, response patterns, training times, member rosters/addresses, etc., do not provide the information. Document the incident and immediately report it. Should the inquiry appear extremely unusual in nature, do not hesitate to contact law enforcement. Emergency service personnel should be educated on a periodic basis and remain vigilant at all times.

Monitoring of continuous-variable quantum key distribution system in real environment.

PubMed

Liu, Weiqi; Peng, Jinye; Huang, Peng; Huang, Duan; Zeng, Guihua

2017-08-07

How to guarantee the practical security of continuous-variable quantum key distribution (CVQKD) system has been an important issue in the quantum cryptography applications. In contrast to the previous practical security strategies, which focus on the intercept-resend attack or the Gaussian attack, we investigate the practical security strategy based on a general attack, i.e., an arbitrated individual attack or collective attack on the system by Eve in this paper. The low bound of intensity disturbance of the local oscillator signal for eavesdropper successfully concealing herself is obtained, considering all noises can be used by Eve in the practical environment. Furthermore, we obtain an optimal monitoring condition for the practical CVQKD system so that legitimate communicators can monitor the general attack in real-time. As examples, practical security of two special systems, i.e., the Gaussian modulated coherent state CVQKD system and the middle-based CVQKD system, are investigated under the intercept-resend attacks.

12 CFR 208.37 - Government securities sales practices.

Code of Federal Regulations, 2011 CFR

2011-01-01

...-institutional customer means any customer other than: (i) A bank, savings association, insurance company, or registered investment company; (ii) An investment adviser registered under section 203 of the Investment... Securities-Related Activities § 208.37 Government securities sales practices. (a) Scope. This subpart is...

Is Seeing Believing? Training Users on Information Security: Evidence from Java Applets

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Figueroa, Norilyz

2017-01-01

Information Security issues are one of the top concerns of CEOs. Accordingly, information systems education and research have addressed security issues. One of the main areas of research is the behavioral issues in Information Security, primarily focusing on users' compliance to information security policies. We contribute to this literature by…

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Establishing Information Security Standards Table of Contents I. Introduction A. Scope B. Preservation of... Security Program B. Objectives III. Development and Implementation of Customer Information Security Program.... Introduction The Interagency Guidelines Establishing Information Security Standards (Guidelines) set forth...

76 FR 67750 - Homeland Security Information Network Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0107] Homeland Security Information Network... Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network Advisory Committee (HSINAC) is necessary and in the...

78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-04

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0005] Homeland Security Information Network... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet... received by the (Homeland Security Information Network Advisory Committee), go to http://www.regulations...

78 FR 34665 - Homeland Security Information Network Advisory Committee (HSINAC); Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-10

... DEPARTMENT OF HOMELAND SECURITY [DHS-2013-0037] Homeland Security Information Network Advisory... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSINAC) will meet... posted beforehand at this link: http://www.dhs.gov/homeland-security-information-network-advisory...

QUANTUM CRYPTOGRAPHY: Single Photons.

PubMed

Benjamin, S

2000-12-22

Quantum cryptography offers the potential of totally secure transfer of information, but as Benjamin discusses in this Perspective, its practical implementation hinges on being able to generate single photons (rather than two or more) at a time. Michler et al. show how this condition can be met in a quantum dot microdisk structure. Single molecules were also recently shown to allow controlled single-photon emission.

Roadmap for K-12 and Postsecondary Linkages: Key Focus Areas to Ensure Quality Implementation. Data for Action

ERIC Educational Resources Information Center

Data Quality Campaign, 2014

2014-01-01

States rely on data from both the K-12 and postsecondary sectors to inform policy discussions; chart the progress of students, schools, districts, colleges, and the state; pinpoint best practices and areas of need; allocate scarce resources; and make other important education decisions every day. However, states need to securely link limited, but…

Living in France. A Brief Introduction or Review of the Culture and Language of France for Visitors, Students and Business Travelers. Third revised Edition.

ERIC Educational Resources Information Center

Hawkinson, Anni; Moran, Patrick R.

The guide offers practical information on various aspects of daily living in France, including: money; food; restaurants; hotels; postal and telecommunications services; transportation; shopping; health and medical care; safety and security; tipping; electricity; measurement and clothing size conversions; greetings and leave-takings; names,…

Social Media Use of Cooperative Extension Family Economics Educators: Online Survey Results and Implications

ERIC Educational Resources Information Center

O'Neill, Barbara; Zumwalt, Andrew; Bechman, Janet

2011-01-01

This article describes results of an online survey conducted by the eXtension Financial Security for All (FSA) Community of Practice (CoP) to determine the social media capacity and activity of its members. The survey was conducted to inform two subsequent FSA CoP programs: an archived webinar on social media programs and impact evaluation methods…

Eavesdropping on counterfactual quantum key distribution with finite resources

NASA Astrophysics Data System (ADS)

Liu, Xingtong; Zhang, Bo; Wang, Jian; Tang, Chaojing; Zhao, Jingjing; Zhang, Sheng

2014-08-01

A striking scheme called "counterfactual quantum cryptography" gives a conceptually new approach to accomplish the task of key distribution. It allows two legitimate parties to share a secret even though a particle carrying secret information is not, in fact, transmitted through the quantum channel. Since an eavesdropper cannot directly access the entire quantum system of each signal particle, the protocol seems to provide practical security advantages. However, here we propose an eavesdropping method which works on the scheme in a finite key scenario. We show that, for practical systems only generating a finite number of keys, the eavesdropping can obtain all of the secret information without being detected. We also present a improved protocol as a countermeasure against this attack.

The use of information and communication technology (ICT) in dentistry.

PubMed

Knott, N J

2013-02-01

As the use of information and communication technology (ICT) becomes more widespread in dentistry the risk of breaching electronic commerce laws and patient confidentiality increases. It is necessary to be aware of the responsibilities internet usage entails, especially within a dental practice where the protection of patient information is of the utmost importance. More should be done to outline the various precautions that should be taken to ensure ICT security within the professional domain, as it would appear dentistry has been neglected with regard to receiving the proper ICT education, training and support systems.

Manual of Documentation Practices Applicable to Defence-Aerospace Scientific and Technical Information. Volume 4. Section 10 - Security Storage and Control. Section 11 - Organisation and Management. Section 12 - Networks and External Sources of Information

DTIC Science & Technology

1981-03-01

information centre will either be a comple’ety new .reation or an improvement to an existing system. It may replace a group of smaller, dispersed systems whei ...staff in providing these services. The servi.es and funtions )f the centre .ave to be analysed and in the average organization this will reveal three...79,000 1971 113 No. of Dating Namne f’Dato Base (continued) items online from FSTA ( Food Science

Information security using multiple reference-based optical joint transform correlation and orthogonal code

NASA Astrophysics Data System (ADS)

Nazrul Islam, Mohammed; Karim, Mohammad A.; Vijayan Asari, K.

2013-09-01

Protecting and processing of confidential information, such as personal identification, biometrics, remains a challenging task for further research and development. A new methodology to ensure enhanced security of information in images through the use of encryption and multiplexing is proposed in this paper. We use orthogonal encoding scheme to encode multiple information independently and then combine them together to save storage space and transmission bandwidth. The encoded and multiplexed image is encrypted employing multiple reference-based joint transform correlation. The encryption key is fed into four channels which are relatively phase shifted by different amounts. The input image is introduced to all the channels and then Fourier transformed to obtain joint power spectra (JPS) signals. The resultant JPS signals are again phase-shifted and then combined to form a modified JPS signal which yields the encrypted image after having performed an inverse Fourier transformation. The proposed cryptographic system makes the confidential information absolutely inaccessible to any unauthorized intruder, while allows for the retrieval of the information to the respective authorized recipient without any distortion. The proposed technique is investigated through computer simulations under different practical conditions in order to verify its overall robustness.

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

Social climate along the pathway of care in women's secure mental health service: variation with level of security, patient motivation, therapeutic alliance and level of disturbance.

PubMed

Long, C G; Anagnostakis, K; Fox, E; Silaule, P; Somers, J; West, R; Webster, A

2011-07-01

Social climate has been measured in a variety of therapeutic settings, but there is little information about it in secure mental health services, or how it may vary along a gender specific care pathway. To assess social climate in women's secure wards and its variation by level of security and ward type, therapeutic alliance, patient motivation, treatment engagement and disturbed behaviour. Three-quarters (80, 76%) of staff and nearly all (65, 92%) of patients in the two medium-security wards and two low-security wards that comprised the unit completed the Essen Climate Evaluation Schema (EssenCES) and the California Psychotherapy Alliance Scale (CALPAS); patients also completed the Patient Motivation Inventory (PMI). Pre-assessment levels of disturbed behaviour and treatment engagement were recorded. Social climate varied according to ward type and level of security. EssenCES ratings indicative of positive social climate were associated with lower levels of security; such ratings were also associated with lower behavioural disturbance and with higher levels of motivation, treatment engagement and therapeutic alliance. This serial cross-sectional survey indicated that use of the EssenCES alone might be a good practical measure of treatment progress/responsivity. A longitudinal study would be an important next step in establishing the extent to which it would be useful in this regard. Copyright © 2010 John Wiley & Sons, Ltd.

The Role Of Moral Awareness In Computer Security

NASA Astrophysics Data System (ADS)

Stawinski, Arthur

1984-08-01

Maintaining security of databases and other computer systems requires constraining the behavior of those persons who are able to access these systems so that they do not obtain, alter, or abuse the information contained in these systems. Three types of constraints are available: Physical contraints are obstructions designed to prevent (or at least make difficult) access to data by unauthorized persons; external constraints restrict behavior through threat of detection and punishment; internal constraints are self-imposed limitations on behavior which are derived from a person's moral standards. This paper argues that an effective computer security program will require attention to internal constraints as well as physical and external ones. Recent developments in moral philosophy and the psychology of moral development have given us new understanding of how individuals grow in moral awareness and how this growth can be encouraged. These insights are the foundation for some practical proposals for encouraging morally responsible behavior by computer professionals and others with access to confidential data. The aim of this paper is to encourage computer security professionals to discuss, refine and incorporate systems of internal constraints in developing methods of maintaining security.

It Security and EO Systems

NASA Astrophysics Data System (ADS)

Burnett, M.

2010-12-01

One topic that is beginning to influence the systems that support these goals is that of Information Technology (IT) Security. Unsecure systems are vulnerable to increasing attacks and other negative consequences; sponsoring agencies are correspondingly responding with more refined policies and more stringent security requirements. These affect how EO systems can meet the goals of data and service interoperability and harmonization through open access, transformation and visualization services. Contemporary systems, including the vision of a system-of-systems (such as GEOSS, the Global Earth Observation System of Systems), utilize technologies that support a distributed, global, net-centric environment. These types of systems have a high reliance on the open systems, web services, shared infrastructure and data standards. The broader IT industry has developed and used these technologies in their business and mission critical systems for many years. Unfortunately, the IT industry, and their customers have learned the importance of protecting their assets and resources (computing and information) as they have been forced to respond to an ever increasing number and more complex illegitimate “attackers”. This presentation will offer an overview of work done by the CEOS WGISS organization in summarizing security threats, the challenges to responding to them and capturing the current state of the practice within the EO community.

High Fidelity Simulations of Large-Scale Wireless Networks (Plus-Up)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Onunkwo, Uzoma

Sandia has built a strong reputation in scalable network simulation and emulation for cyber security studies to protect our nation’s critical information infrastructures. Georgia Tech has preeminent reputation in academia for excellence in scalable discrete event simulations, with strong emphasis on simulating cyber networks. Many of the experts in this field, such as Dr. Richard Fujimoto, Dr. George Riley, and Dr. Chris Carothers, have strong affiliations with Georgia Tech. The collaborative relationship that we intend to immediately pursue is in high fidelity simulations of practical large-scale wireless networks using ns-3 simulator via Dr. George Riley. This project will have mutualmore » benefits in bolstering both institutions’ expertise and reputation in the field of scalable simulation for cyber-security studies. This project promises to address high fidelity simulations of large-scale wireless networks. This proposed collaboration is directly in line with Georgia Tech’s goals for developing and expanding the Communications Systems Center, the Georgia Tech Broadband Institute, and Georgia Tech Information Security Center along with its yearly Emerging Cyber Threats Report. At Sandia, this work benefits the defense systems and assessment area with promise for large-scale assessment of cyber security needs and vulnerabilities of our nation’s critical cyber infrastructures exposed to wireless communications.« less

PennDOT transportation security strategy : volume 2 : effective practices of state departments of transportation security planning

DOT National Transportation Integrated Search

2004-08-01

Since September 11, 2001, state departments of transportation (DOTs) have been assuming a more proactive role in security and emergency management. The purpose of this Effective Practices Report is to document key lessons learned by state DOTs as the...

17 CFR 201.104 - Business hours.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Business hours. 201.104 Section 201.104 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION RULES OF PRACTICE Rules of Practice General Rules § 201.104 Business hours. The Headquarters office of the Commission, at...

12 CFR 19.121 - Application for exemption.

Code of Federal Regulations, 2014 CFR

2014-01-01

... application for an exemption order to the Securities and Corporate Practices Division, Office of the... the public interest or the protection of investors. The Securities and Corporate Practices Division... PROCEDURE Exemption Hearings Under Section 12(h) of the Securities Exchange Act of 1934 § 19.121 Application...

12 CFR 19.121 - Application for exemption.

Code of Federal Regulations, 2010 CFR

2010-01-01

... application for an exemption order to the Securities and Corporate Practices Division, Office of the... the public interest or the protection of investors. The Securities and Corporate Practices Division... PROCEDURE Exemption Hearings Under Section 12(h) of the Securities Exchange Act of 1934 § 19.121 Application...

12 CFR 19.121 - Application for exemption.

Code of Federal Regulations, 2012 CFR

2012-01-01

... application for an exemption order to the Securities and Corporate Practices Division, Office of the... the public interest or the protection of investors. The Securities and Corporate Practices Division... PROCEDURE Exemption Hearings Under Section 12(h) of the Securities Exchange Act of 1934 § 19.121 Application...

12 CFR 19.121 - Application for exemption.

Code of Federal Regulations, 2011 CFR

2011-01-01

... application for an exemption order to the Securities and Corporate Practices Division, Office of the... the public interest or the protection of investors. The Securities and Corporate Practices Division... PROCEDURE Exemption Hearings Under Section 12(h) of the Securities Exchange Act of 1934 § 19.121 Application...

12 CFR 19.121 - Application for exemption.

Code of Federal Regulations, 2013 CFR

2013-01-01

... application for an exemption order to the Securities and Corporate Practices Division, Office of the... the public interest or the protection of investors. The Securities and Corporate Practices Division... PROCEDURE Exemption Hearings Under Section 12(h) of the Securities Exchange Act of 1934 § 19.121 Application...

17 CFR 201.104 - Business hours.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 3 2014-04-01 2014-04-01 false Business hours. 201.104 Section 201.104 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION RULES OF PRACTICE Rules of Practice General Rules § 201.104 Business hours. The Headquarters office of the Commission, at...

17 CFR 201.104 - Business hours.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 2 2011-04-01 2011-04-01 false Business hours. 201.104 Section 201.104 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION RULES OF PRACTICE Rules of Practice General Rules § 201.104 Business hours. The Headquarters office of the Commission, at...

17 CFR 201.104 - Business hours.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 2 2012-04-01 2012-04-01 false Business hours. 201.104 Section 201.104 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION RULES OF PRACTICE Rules of Practice General Rules § 201.104 Business hours. The Headquarters office of the Commission, at...

17 CFR 201.104 - Business hours.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 2 2013-04-01 2013-04-01 false Business hours. 201.104 Section 201.104 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION RULES OF PRACTICE Rules of Practice General Rules § 201.104 Business hours. The Headquarters office of the Commission, at...

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

Use of Patient Portals for Personal Health Information Management: The Older Adult Perspective

PubMed Central

Turner, Anne M.; Osterhage, Katie; Hartzler, Andrea; Joe, Jonathan; Lin, Lorelei; Kanagat, Natasha; Demiris, George

2015-01-01

The personal health information management (PHIM) practices and needs of older adults are poorly understood. We describe initial results from the UW SOARING project (Studying Older Adults & Researching Information Needs and Goals), a participatory design investigation of PHIM in older adults (60 years and older). We conducted in-depth interviews with older adults (n=74) living in a variety of residential settings about their management of personal health information. A surprising 20% of participants report using patient portals and another 16% reported prior use or anticipated use of portals in the future. Participants cite ease of access to health information and direct communication with providers as valuable portal features. Barriers to the use of patient portals include a general lack of computer proficiency, high internet costs and security concerns. Design features based on consideration of needs and practices of older adults will facilitate appeal and maximize usability; both are elements critical to adoption of tools such as patient portals that can support older adults and PHIM. PMID:26958263

Development of a privacy and security policy framework for a multistate comparative effectiveness research network.

PubMed

Kim, Katherine K; McGraw, Deven; Mamo, Laura; Ohno-Machado, Lucila

2013-08-01

Comparative effectiveness research (CER) conducted in distributed research networks (DRNs) is subject to different state laws and regulations as well as institution-specific policies intended to protect privacy and security of health information. The goal of the Scalable National Network for Effectiveness Research (SCANNER) project is to develop and demonstrate a scalable, flexible technical infrastructure for DRNs that enables near real-time CER consistent with privacy and security laws and best practices. This investigation began with an analysis of privacy and security laws and state health information exchange (HIE) guidelines applicable to SCANNER participants from California, Illinois, Massachusetts, and the Federal Veteran's Administration. A 7-member expert panel of policy and technical experts reviewed the analysis and gave input into the framework during 5 meetings held in 2011-2012. The state/federal guidelines were applied to 3 CER use cases: safety of new oral hematologic medications; medication therapy management for patients with diabetes and hypertension; and informational interventions for providers in the treatment of acute respiratory infections. The policy framework provides flexibility, beginning with a use-case approach rather than a one-size-fits-all approach. The policies may vary depending on the type of patient data shared (aggregate counts, deidentified, limited, and fully identified datasets) and the flow of data. The types of agreements necessary for a DRN may include a network-level and data use agreements. The need for flexibility in the development and implementation of policies must be balanced with responsibilities of data stewardship.

Hacking on decoy-state quantum key distribution system with partial phase randomization

NASA Astrophysics Data System (ADS)

Sun, Shi-Hai; Jiang, Mu-Sheng; Ma, Xiang-Chun; Li, Chun-Yan; Liang, Lin-Mei

2014-04-01

Quantum key distribution (QKD) provides means for unconditional secure key transmission between two distant parties. However, in practical implementations, it suffers from quantum hacking due to device imperfections. Here we propose a hybrid measurement attack, with only linear optics, homodyne detection, and single photon detection, to the widely used vacuum + weak decoy state QKD system when the phase of source is partially randomized. Our analysis shows that, in some parameter regimes, the proposed attack would result in an entanglement breaking channel but still be able to trick the legitimate users to believe they have transmitted secure keys. That is, the eavesdropper is able to steal all the key information without discovered by the users. Thus, our proposal reveals that partial phase randomization is not sufficient to guarantee the security of phase-encoding QKD systems with weak coherent states.

An authenticated image encryption scheme based on chaotic maps and memory cellular automata

NASA Astrophysics Data System (ADS)

Bakhshandeh, Atieh; Eslami, Ziba

2013-06-01

This paper introduces a new image encryption scheme based on chaotic maps, cellular automata and permutation-diffusion architecture. In the permutation phase, a piecewise linear chaotic map is utilized to confuse the plain-image and in the diffusion phase, we employ the Logistic map as well as a reversible memory cellular automata to obtain an efficient and secure cryptosystem. The proposed method admits advantages such as highly secure diffusion mechanism, computational efficiency and ease of implementation. A novel property of the proposed scheme is its authentication ability which can detect whether the image is tampered during the transmission or not. This is particularly important in applications where image data or part of it contains highly sensitive information. Results of various analyses manifest high security of this new method and its capability for practical image encryption.

Hacking on decoy-state quantum key distribution system with partial phase randomization.

PubMed

Sun, Shi-Hai; Jiang, Mu-Sheng; Ma, Xiang-Chun; Li, Chun-Yan; Liang, Lin-Mei

2014-04-23

Quantum key distribution (QKD) provides means for unconditional secure key transmission between two distant parties. However, in practical implementations, it suffers from quantum hacking due to device imperfections. Here we propose a hybrid measurement attack, with only linear optics, homodyne detection, and single photon detection, to the widely used vacuum + weak decoy state QKD system when the phase of source is partially randomized. Our analysis shows that, in some parameter regimes, the proposed attack would result in an entanglement breaking channel but still be able to trick the legitimate users to believe they have transmitted secure keys. That is, the eavesdropper is able to steal all the key information without discovered by the users. Thus, our proposal reveals that partial phase randomization is not sufficient to guarantee the security of phase-encoding QKD systems with weak coherent states.

Blind Quantum Signature with Blind Quantum Computation

NASA Astrophysics Data System (ADS)

Li, Wei; Shi, Ronghua; Guo, Ying

2017-04-01

Blind quantum computation allows a client without quantum abilities to interact with a quantum server to perform a unconditional secure computing protocol, while protecting client's privacy. Motivated by confidentiality of blind quantum computation, a blind quantum signature scheme is designed with laconic structure. Different from the traditional signature schemes, the signing and verifying operations are performed through measurement-based quantum computation. Inputs of blind quantum computation are securely controlled with multi-qubit entangled states. The unique signature of the transmitted message is generated by the signer without leaking information in imperfect channels. Whereas, the receiver can verify the validity of the signature using the quantum matching algorithm. The security is guaranteed by entanglement of quantum system for blind quantum computation. It provides a potential practical application for e-commerce in the cloud computing and first-generation quantum computation.

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 4 2011-10-01 2011-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 4 2014-10-01 2014-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 4 2012-10-01 2012-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 4 2013-10-01 2013-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-23

... Office, --Update of NIST Computer Security Division, and --Information Security and Privacy Advisory... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

Reflective practices at the Security Council: Children and armed conflict and the three United Nations

PubMed Central

Bode, Ingvild

2017-01-01

The United Nations Security Council passed its first resolution on children in armed conflict in 1999, making it one of the oldest examples of Security Council engagement with a thematic mandate and leading to the creation of a dedicated working group in 2005. Existing theoretical accounts of the Security Council cannot account for the developing substance of the children and armed conflict agenda as they are macro-oriented and focus exclusively on states. I argue that Security Council decision-making on thematic mandates is a productive process whose outcomes are created by and through practices of actors across the three United Nations: member states (the first United Nations), United Nations officials (the second United Nations) and non-governmental organizations (the third United Nations). In presenting a practice-based, micro-oriented analysis of the children and armed conflict agenda, the article aims to deliver on the empirical promise of practice theories in International Relations. I make two contributions to practice-based understandings: first, I argue that actors across the three United Nations engage in reflective practices of a strategic or tactical nature to manage, arrange or create space in Security Council decision-making. Portraying practices as reflective rather than as only based on tacit knowledge highlights how actors may creatively adapt their practices to social situations. Second, I argue that particular individuals from the three United Nations are more likely to become recognized as competent performers of practices because of their personality, understood as plural socialization experiences. This adds varied individual agency to practice theories that, despite their micro-level interests, have focused on how agency is relationally constituted. PMID:29782586

Reflective practices at the Security Council: Children and armed conflict and the three United Nations.

PubMed

Bode, Ingvild

2018-06-01

The United Nations Security Council passed its first resolution on children in armed conflict in 1999, making it one of the oldest examples of Security Council engagement with a thematic mandate and leading to the creation of a dedicated working group in 2005. Existing theoretical accounts of the Security Council cannot account for the developing substance of the children and armed conflict agenda as they are macro-oriented and focus exclusively on states. I argue that Security Council decision-making on thematic mandates is a productive process whose outcomes are created by and through practices of actors across the three United Nations: member states (the first United Nations), United Nations officials (the second United Nations) and non-governmental organizations (the third United Nations). In presenting a practice-based, micro-oriented analysis of the children and armed conflict agenda, the article aims to deliver on the empirical promise of practice theories in International Relations. I make two contributions to practice-based understandings: first, I argue that actors across the three United Nations engage in reflective practices of a strategic or tactical nature to manage, arrange or create space in Security Council decision-making. Portraying practices as reflective rather than as only based on tacit knowledge highlights how actors may creatively adapt their practices to social situations. Second, I argue that particular individuals from the three United Nations are more likely to become recognized as competent performers of practices because of their personality, understood as plural socialization experiences. This adds varied individual agency to practice theories that, despite their micro-level interests, have focused on how agency is relationally constituted.

Information Security: Computer Hacker Information Available on the Internet

DTIC Science & Technology

1996-06-05

INFORMATION SECURITY Computer Hacker Information Available on the Internet Statement for the Record of...Report Type N/A Dates Covered (from... to) - Title and Subtitle INFORMATION SECURITY Computer Hacker Information Available on the Internet Contract...1996 4. TITLE AND SUBTITLE Information Security: Computer Hacker Information Available on the Internet 5. FUNDING NUMBERS 6. AUTHOR(S) Jack L.

Practical security analysis of continuous-variable quantum key distribution with jitter in clock synchronization

NASA Astrophysics Data System (ADS)

Xie, Cailang; Guo, Ying; Liao, Qin; Zhao, Wei; Huang, Duan; Zhang, Ling; Zeng, Guihua

2018-03-01

How to narrow the gap of security between theory and practice has been a notoriously urgent problem in quantum cryptography. Here, we analyze and provide experimental evidence of the clock jitter effect on the practical continuous-variable quantum key distribution (CV-QKD) system. The clock jitter is a random noise which exists permanently in the clock synchronization in the practical CV-QKD system, it may compromise the system security because of its impact on data sampling and parameters estimation. In particular, the practical security of CV-QKD with different clock jitter against collective attack is analyzed theoretically based on different repetition frequencies, the numerical simulations indicate that the clock jitter has more impact on a high-speed scenario. Furthermore, a simplified experiment is designed to investigate the influence of the clock jitter.

'Haven of safety' and 'secure base': a qualitative inquiry into factors affecting child attachment security in Nairobi, Kenya.

PubMed

Polkovnikova-Wamoto, Anastasia; Mathai, Muthoni; Stoep, Ann Vander; Kumar, Manasi

2016-01-01

Secure attachment in childhood and adolescence protects children from engagement in high risk behaviors and development of mental health problems over the life span. Poverty has been shown to create impoverishment in certain aspects of caregiving and correspondingly to compromise development of secure attachment in children. Nineteen children 8 to 14 years old from two schools in a middle income area and an urban informal settlement area of Nairobi were interviewed using an adapted Child Attachment Interview (CAI) protocol. CAI was developed to provide a glimpse into the 'meta-theories' children have about themselves, parents, parenting and their attachment ties with parents and extended family members. Narratives obtained with the CAI were analyzed using thematic analysis. Both Bowlby's idea of 'secure base' as well as Bronfrenbrenner's 'ecological niche' are used as reference points to situate child attachment and parenting practices in the larger Kenyan context. We found that with slight linguistic alterations CAI can be used to assess attachment security of Kenyan children in this particular age range. We also found that the narration ability in both groups of children was generally good such that formal coding was possible, despite cultural differences. Our analysis suggested differences in narrative quality across the children from middle class and lower socio-economic class schools on specific themes such as: sensitivity of parenting (main aspects of sensitivity were associated with disciplinary methods and child's access to education), birth order , parental emotional availability , and severity of inter-parental conflicts and child's level of exposure. The paper puts in context a few cultural practices such as greater household responsibility accorded to the eldest child and stern to harsh disciplinary methods adopted by parents in the Kenyan setting.

A review of security of electronic health records.

PubMed

Win, Khin Than

The objective of this study is to answer the research question, "Are current information security technologies adequate for electronic health records (EHRs)?" In order to achieve this, the following matters have been addressed in this article: (i) What is information security in the context of EHRs? (ii) Why is information security important for EHRs? and (iii) What are the current technologies for information security available to EHRs? It is concluded that current EHR security technologies are inadequate and urgently require improvement. Further study regarding information security of EHRs is indicated.

Increasing operational command and control security by the implementation of device independent quantum key distribution

NASA Astrophysics Data System (ADS)

Bovino, Fabio Antonio; Messina, Angelo

2016-10-01

In a very simplistic way, the Command and Control functions can be summarized as the need to provide the decision makers with an exhaustive, real-time, situation picture and the capability to convey their decisions down to the operational forces. This two-ways data and information flow is vital to the execution of current operations and goes far beyond the border of military operations stretching to Police and disaster recovery as well. The availability of off-the shelf technology has enabled hostile elements to endanger the security of the communication networks by violating the traditional security protocols and devices and hacking sensitive databases. In this paper an innovative approach based to implementing Device Independent Quantum Key Distribution system is presented. The use of this technology would prevent security breaches due to a stolen crypto device placed in an end-to-end communication chain. The system, operating with attenuated laser, is practical and provides the increasing of the distance between the legitimate users.

Study on Cloud Security Based on Trust Spanning Tree Protocol

NASA Astrophysics Data System (ADS)

Lai, Yingxu; Liu, Zenghui; Pan, Qiuyue; Liu, Jing

2015-09-01

Attacks executed on Spanning Tree Protocol (STP) expose the weakness of link layer protocols and put the higher layers in jeopardy. Although the problems have been studied for many years and various solutions have been proposed, many security issues remain. To enhance the security and credibility of layer-2 network, we propose a trust-based spanning tree protocol aiming at achieving a higher credibility of LAN switch with a simple and lightweight authentication mechanism. If correctly implemented in each trusted switch, the authentication of trust-based STP can guarantee the credibility of topology information that is announced to other switch in the LAN. To verify the enforcement of the trusted protocol, we present a new trust evaluation method of the STP using a specification-based state model. We implement a prototype of trust-based STP to investigate its practicality. Experiment shows that the trusted protocol can achieve security goals and effectively avoid STP attacks with a lower computation overhead and good convergence performance.

A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography.

PubMed

Chaudhry, Shehzad Ashraf; Khan, Muhammad Tawab; Khan, Muhammad Khurram; Shon, Taeshik

2016-11-01

Recently several authentication schemes are proposed for telecare medicine information system (TMIS). Many of such schemes are proved to have weaknesses against known attacks. Furthermore, numerous such schemes cannot be used in real time scenarios. Because they assume a single server for authentication across the globe. Very recently, Amin et al. (J. Med. Syst. 39(11):180, 2015) designed an authentication scheme for secure communication between a patient and a medical practitioner using a trusted central medical server. They claimed their scheme to extend all security requirements and emphasized the efficiency of their scheme. However, the analysis in this article proves that the scheme designed by Amin et al. is vulnerable to stolen smart card and stolen verifier attacks. Furthermore, their scheme is having scalability issues along with inefficient password change and password recovery phases. Then we propose an improved scheme. The proposed scheme is more practical, secure and lightweight than Amin et al.'s scheme. The security of proposed scheme is proved using the popular automated tool ProVerif.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks.

PubMed

Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F; Schnabel, Roman

2015-10-30

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein-Podolsky-Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks

PubMed Central

Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F.; Schnabel, Roman

2015-01-01

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein–Podolsky–Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components. PMID:26514280

49 CFR 1548.19 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an Information... security measures are necessary to respond to a threat assessment, or to a specific threat against civil...

Data security101: avoiding the list.

PubMed

Perna, Gabriel

2012-01-01

Thanks to the rampant digitization of healthcare data, breaches have become commonplace in an industry that lacks advanced security practices. In this industry-wide report, those who have dealt with breaches implore others to shore up internal security practices and be transparent. As one CIO keenly notes, "we're all in this together."

17 CFR 201.411 - Commission consideration of initial decisions by hearing officers.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Commission consideration of initial decisions by hearing officers. 201.411 Section 201.411 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION RULES OF PRACTICE Rules of Practice Appeal to the Commission and...