Computer security: a necessary element of integrated information systems.

PubMed Central

Butzen, F; Furler, F

1986-01-01

The Matheson Report sees the medical library as playing a key role in a network of interlocking information bases that will extend from central repositories of medical information to each physician's personal records. It appears, however, that the role of security in this vision has not been fully delineated. This paper discusses problems in maintaining the security of confidential medical information, the state of the applicable law, and techniques for security (with special emphasis on the UNIX operating system). It is argued that the absence of security threatens any plan to build an information network, as there will be resistance to any system that may give intruders access to confidential data. PMID:3742113

78 FR 13678 - Agency Information Collection Activities: Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-28

... Information Collection: Social Security Office (SSO) Report of State Buy-in Problem; Use: Under Section 1843..., ``SSO Report of State Buy-In Problem'' is used to report Buy- in problems cases. The CMS-1957 is the...

Toward a Theory of Employee Compliance with Information Security Policies: A Grounded Theory Methodology

ERIC Educational Resources Information Center

Sikolia, David Wafula

2013-01-01

User non-compliance with information security policies in organizations due to negligence or ignorance is reported as a key data security problem for organizations. The violation of the confidentiality, integrity and availability of organizational data has led to losses in millions of dollars for organizations in terms of money and time spent…

Big data, little security: Addressing security issues in your platform

NASA Astrophysics Data System (ADS)

Macklin, Thomas; Mathews, Joseph

2017-05-01

This paper describes some patterns for information security problems that consistently emerge among traditional enterprise networks and applications, both with respect to cyber threats and data sensitivity. We draw upon cases from qualitative studies and interviews of system developers, network operators, and certifiers of military applications. Specifically, the problems discussed involve sensitivity of data aggregates, training efficacy, and security decision support in the human machine interface. While proven techniques can address many enterprise security challenges, we provide additional recommendations on how to further improve overall security posture, and suggest additional research thrusts to address areas where known gaps remain.

An Improved Protocol for Controlled Deterministic Secure Quantum Communication Using Five-Qubit Entangled State

NASA Astrophysics Data System (ADS)

Kao, Shih-Hung; Lin, Jason; Tsai, Chia-Wei; Hwang, Tzonelih

2018-03-01

In early 2009, Xiu et al. (Opt. Commun. 282(2) 333-337 2009) presented a controlled deterministic secure quantum communication (CDSQC) protocol via a newly constructed five-qubit entangled quantum state. Later, Qin et al. (Opt. Commun. 282(13), 2656-2658 2009) pointed out two security loopholes in Xiu et al.'s protocol: (1) A correlation-elicitation (CE) attack can reveal the entire secret message; (2) A leakage of partial information for the receiver is noticed. Then, Xiu et al. (Opt. Commun. 283(2), 344-347 2010) presented a revised CDSQC protocol to remedy the CE attack problem. However, the information leakage problem still remains open. This work proposes a new CDSQC protocol using the same five-qubit entangled state which can work without the above mentioned security problems. Moreover, the Trojan Horse attacks can be automatically avoided without using detecting devices in the new CDSQC.

An Improved Protocol for Controlled Deterministic Secure Quantum Communication Using Five-Qubit Entangled State

NASA Astrophysics Data System (ADS)

Kao, Shih-Hung; Lin, Jason; Tsai, Chia-Wei; Hwang, Tzonelih

2018-06-01

In early 2009, Xiu et al. (Opt. Commun. 282(2) 333-337 2009) presented a controlled deterministic secure quantum communication (CDSQC) protocol via a newly constructed five-qubit entangled quantum state. Later, Qin et al. (Opt. Commun. 282(13), 2656-2658 2009) pointed out two security loopholes in Xiu et al.'s protocol: (1) A correlation-elicitation (CE) attack can reveal the entire secret message; (2) A leakage of partial information for the receiver is noticed. Then, Xiu et al. (Opt. Commun. 283(2), 344-347 2010) presented a revised CDSQC protocol to remedy the CE attack problem. However, the information leakage problem still remains open. This work proposes a new CDSQC protocol using the same five-qubit entangled state which can work without the above mentioned security problems. Moreover, the Trojan Horse attacks can be automatically avoided without using detecting devices in the new CDSQC.

Smart cards--the key to trustworthy health information systems.

PubMed Central

Neame, R.

1997-01-01

Some 20 years after they were first developed, "smart cards" are set to play a crucial part in healthcare systems. Last year about a billion were supplied, mainly for use in the financial sector, but their special features make them of particular strategic importance for the health sector, where they offer a ready made solution to some key problems of security and confidentiality. This article outlines what smart cards are and why they are so important in managing health information. I discuss some of the unique features of smart cards that are of special importance in the development of secure and trustworthy health information systems. Smart cards would enable individuals' identities to be authenticated and communications to be secured and would provide the mechanisms for implementing strong security, differential access to data, and definitive audit trails. Patient cards can also with complete security carry personal details, data on current health problems and medications, emergency care data, and pointers to where medical records for the patient can be found. Provider cards can in addition carry authorisations and information on computer set up. PMID:9055719

CLARUS as a Cloud Security Framework: e-Health Use Case.

PubMed

Vidal, David; Iriso, Santiago; Mulero, Rafael

2017-01-01

Maintaining Passive Medical Health Records (PMHR) is an increasing cost and resource consumption problem. Moving to the cloud is the clearest solution to solve the problem as it offers a high amount of space and computation power. But the cloud is not safe enough when dealing with this kind of information because it can be easily accessed by attackers. The European Commission funded research project CLARUS contributes to protect healthcare-sensitive information in a secure way.

A security mediator for health care information.

PubMed Central

Wiederhold, G.; Bilello, M.; Sarathy, V.; Qian, X.

1996-01-01

The TIHI (Trusted Interoperation of Healthcare Information) project addresses a security issue that arises when some information is being shared among collaborating enterprises, although not all enterprise information is sharable. It assumes that protection exists to prevent intrusion by adversaries through secure transmission and firewalls. The TIHI system design provides a gateway, owned by the enterprise security officer, to mediate queries and responses. The latter are typically transmitted via the Internet. The enterprise policy is determined by rules provided to the mediator. We show examples of typical rules. The problem and our solution, although developed in a healthcare context, is equally valid among collaborating enterprises. PMID:8947640

State-of-the-art research on electromagnetic information security

NASA Astrophysics Data System (ADS)

Hayashi, Yu-ichi

2016-07-01

As information security is becoming increasingly significant, security at the hardware level is as important as in networks and applications. In recent years, instrumentation has become cheaper and more precise, computation has become faster, and capacities have increased. With these advancements, the threat of advanced attacks that were considerably difficult to carry out previously has increased not only in military and diplomatic fields but also in general-purpose manufactured devices. This paper focuses on the problem of the security limitations concerning electromagnetic waves (electromagnetic information security) that has rendered attack detection particularly difficult at the hardware level. In addition to reviewing the mechanisms of these information leaks and countermeasures, this paper also presents the latest research trends and standards.

[Research and implementation of the TLS network transport security technology based on DICOM standard].

PubMed

Lu, Xiaoqi; Wang, Lei; Zhao, Jianfeng

2012-02-01

With the development of medical information, Picture Archiving and Communications System (PACS), Hospital Information System/Radiology Information System(HIS/RIS) and other medical information management system become popular and developed, and interoperability between these systems becomes more frequent. So, these enclosed systems will be open and regionalized by means of network, and this is inevitable. If the trend becomes true, the security of information transmission may be the first problem to be solved. Based on the need for network security, we investigated the Digital Imaging and Communications in Medicine (DICOM) Standard and Transport Layer Security (TLS) Protocol, and implemented the TLS transmission of the DICOM medical information with OpenSSL toolkit and DCMTK toolkit.

The study and implementation of the wireless network data security model

NASA Astrophysics Data System (ADS)

Lin, Haifeng

2013-03-01

In recent years, the rapid development of Internet technology and the advent of information age, people are increasing the strong demand for the information products and the market for information technology. Particularly, the network security requirements have become more sophisticated. This paper analyzes the wireless network in the data security vulnerabilities. And a list of wireless networks in the framework is the serious defects with the related problems. It has proposed the virtual private network technology and wireless network security defense structure; and it also given the wireless networks and related network intrusion detection model for the detection strategies.

Relationship between stakeholders' information value perception and information security behaviour

NASA Astrophysics Data System (ADS)

Tajuddin, Sharul; Olphert, Wendy; Doherty, Neil

2015-02-01

The study, reported in this paper, aims to explore the relationship between the stakeholders' perceptions about the value of information and their resultant information security behaviours. Moreover, this study seeks to explore the role of national and organisational culture in facilitating information value assignment. Information Security is a concept that formed from the recognition that information is valuable and that there is a need to protect it. The ISO 27002 defines information as an asset, which, like other important business assets, is essential to an organisation's business and consequently needs to be appropriately protected. By definition, an asset has a value to the organisation hence it requires protection. Information protection is typically accomplished through the implementation of countermeasures against the threats and vulnerabilities of information security, for example, implementation of technological processes and mechanisms such as firewall and authorization and authentication systems, set-up of deterrence procedures such as password control and enforcement of organisational policy on information handling procedures. However, evidence routinely shows that despite such measures, information security breaches and incidents are on the rise. These breaches lead to loss of information, personal records, or other data, with consequent implications for the value of the information asset. A number of studies have suggested that such problems are not related primarily to technology problems or procedural deficiencies, but rather to stakeholders' poor compliance with the security measures that are in place. Research indicates that compliance behaviour is affected by many variables including perceived costs and benefits, national and organisational culture and norms. However, there has been little research to understand the concept of information value from the perspective of those who interact with the data, and the consequences for information security behaviours. This study seeks to address this gap in the research. Data will be presented from a pilot study consisting of interviews with 6 participants from public organisations in Brunei Darussalam which illustrate the nature of the value assignment process, together with an initial model of the relationship between perceived information value and information security behaviours.

Three Modes of Hydrogeophysical Investigation: Puzzles, Mysteries, and Conundrums

NASA Astrophysics Data System (ADS)

Ferre, P. A.

2011-12-01

In an article in the New Yorker in 2007, Malcolm Gladwell discussed the distinction that national security expert Gregory Treverton has made between puzzles and mysteries. Specifically, puzzles are problems that we understand and that will eventually be solved when we amass enough information. (Think crossword puzzles.) Mysteries are problems for which we have the necessary information, but it is often overwhelmed by irrelevant or misleading input. To solve a mystery, we require improved analysis. (Think find-a-word.) Gladwell goes on to explain that, in the national security realm, the Cold War was a puzzle while the current national security condition is a mystery. I will discuss the past, current, and future trajectories of hydrogeophysics in terms of puzzles and mysteries. I will also add a third class of problem: conundrums - those for which we lack sufficient information about their structure to know how to solve them. A conundrum is a mystery with an unexpected twist. I hope to make the case that the future growth of hydrogeophysics lies in our ability to address this more challenging and more interesting class of problem.

Backward Channel Protection Based on Randomized Tree-Walking Algorithm and Its Analysis for Securing RFID Tag Information and Privacy

NASA Astrophysics Data System (ADS)

Choi, Wonjoon; Yoon, Myungchul; Roh, Byeong-Hee

Eavesdropping on backward channels in RFID environments may cause severe privacy problems because it means the exposure of personal information related to tags that each person has. However, most existing RFID tag security schemes are focused on the forward channel protections. In this paper, we propose a simple but effective method to solve the backward channel eavesdropping problem based on Randomized-tree walking algorithm for securing tag ID information and privacy in RFID-based applications. In order to show the efficiency of the proposed scheme, we derive two performance models for the cases when CRC is used and not used. It is shown that the proposed method can lower the probability of eavesdropping on backward channels near to ‘0.’

Comment on: Supervisory Asymmetric Deterministic Secure Quantum Communication

NASA Astrophysics Data System (ADS)

Kao, Shih-Hung; Tsai, Chia-Wei; Hwang, Tzonelih

2012-12-01

In 2010, Xiu et al. (Optics Communications 284:2065-2069, 2011) proposed several applications based on a new secure four-site distribution scheme using χ-type entangled states. This paper points out that one of these applications, namely, supervisory asymmetric deterministic secure quantum communication, is subject to an information leakage problem, in which the receiver can extract two bits of a three-bit secret message without the supervisor's permission. An enhanced protocol is proposed to resolve this problem.

A novel quantum scheme for secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Zhong, Hong; Cui, Jie; Zhang, Shun

2017-12-01

Secure multiparty computational geometry is an essential field of secure multiparty computation, which computes a computation geometric problem without revealing any private information of each party. Secure two-party distance computation is a primitive of secure multiparty computational geometry, which computes the distance between two points without revealing each point's location information (i.e., coordinate). Secure two-party distance computation has potential applications with high secure requirements in military, business, engineering and so on. In this paper, we present a quantum solution to secure two-party distance computation by subtly using quantum private query. Compared to the classical related protocols, our quantum protocol can ensure higher security and better privacy protection because of the physical principle of quantum mechanics.

A Study on the Secure User Profiling Structure and Procedure for Home Healthcare Systems.

PubMed

Ko, Hoon; Song, MoonBae

2016-01-01

Despite of various benefits such as a convenience and efficiency, home healthcare systems have some inherent security risks that may cause a serious leak on personal health information. This work presents a Secure User Profiling Structure which has the patient information including their health information. A patient and a hospital keep it at that same time, they share the updated data. While they share the data and communicate, the data can be leaked. To solve the security problems, a secure communication channel with a hash function and an One-Time Password between a client and a hospital should be established and to generate an input value to an OTP, it uses a dual hash-function. This work presents a dual hash function-based approach to generate the One-Time Password ensuring a secure communication channel with the secured key. In result, attackers are unable to decrypt the leaked information because of the secured key; in addition, the proposed method outperforms the existing methods in terms of computation cost.

Compliance with HIPAA security standards in U.S. Hospitals.

PubMed

Davis, Diane; Having, Karen

2006-01-01

With the widespread use of computer networks, the amount of information stored electronically has grown exponentially, resulting in increased concern for privacy and security of information. The healthcare industry has been put to the test with the federally mandated Health Insurance Portability and Accountability Act (HIPAA) of 1996. To assess the compliance status of HIPAA security standards, a random sample of 1,000 U.S. hospitals was surveyed in January 2004, yielding a return rate of 29 percent. One year later, a follow-up survey was sent to all previous respondents, with 50 percent replying. HIPAA officers'perceptions of security compliance in 2004 and 2005 are compared in this article. The security standards achieving the highest level of compliance in both 2004 and 2005 were obtaining required business associate agreements and physical safeguards to limit access to electronic information systems. Respondents indicated least compliance both years in performing periodic evaluation of security practices governed by the Security Rule. Roadblocks, threats, problems and solutions regarding HIPAA compliance are discussed. This information may be applied to current and future strategies toward maintaining security of information systems throughout the healthcare industry.

An updated look at document security: from initiation to storage or shredder.

PubMed

McConnell, Charles R

2014-01-01

In these days of close attention to security of information handled electronically, there is often a tendency to overlook the security of hard-copy documents. Document security can involve many areas of business, but the health care department manager's concerns are primarily for patient records and employee documentation. Document security is closely related to growing concerns for individual privacy; guidelines are furnished for protecting employee privacy by separating retention practices for business information from personal information. Sensitive documentation requires rules and procedures for processing, retaining, accessing, storing, and eventually destroying. Also, documents that are missing or incomplete at times present unique problems for the organization. The department manager is provided with some simple rules for safeguarding employee and patient documentation.

Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users

ERIC Educational Resources Information Center

Edwards, Keith

2015-01-01

Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the…

[The concept and measurement of food security].

PubMed

Kim, Kirang; Kim, Mi Kyung; Shin, Young Jeon

2008-11-01

During the past two decades, food deprivation and hunger have been recognized to be not just the concerns of only underdeveloped or developing countries, but as problems for many affluent Western nations as well. Many countries have made numerous efforts to define and measure the extent of these problems. Based on these efforts, the theory and practice of food security studies has significantly evolved during the last decades. Thus, this study aims to provide a comprehensive review of the concept and measurement of food security. In this review, we introduce the definition and background of food security, we describe the impact of food insecurity on nutrition and health, we provide its measurements and operational instruments and we discuss its applications and implications. Some practical information for the use of the food security index in South Korea is also presented. Food security is an essential element in achieving a good nutritional and health status and it has an influence to reduce poverty. The information about the current understanding of food security can help scientists, policy makers and program practitioners conduct research and maintain outreach programs that address the issues of poverty and the promotion of food security.

The secure authorization model for healthcare information system.

PubMed

Hsu, Wen-Shin; Pan, Jiann-I

2013-10-01

Exploring healthcare system for assisting medical services or transmitting patients' personal health information in web application has been widely investigated. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. In the healthcare system, not all users are allowed to access all the information. Several authorization models for restricting users to access specific information at specific permissions have been proposed. However, as the number of users and the amount of information grows, the difficulties for administrating user authorization will increase. The critical problem limits the widespread usage of the healthcare system. This paper proposes an approach for role-based and extends it to deal with the information for authorizations in the healthcare system. We propose the role-based authorization model which supports authorizations for different kinds of objects, and a new authorization domain. Based on this model, we discuss the issues and requirements of security in the healthcare systems. The security issues for services shared between different healthcare industries will also be discussed.

Information security risk management for computerized health information systems in hospitals: a case study of Iran.

PubMed

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

Intelligent cloud computing security using genetic algorithm as a computational tools

NASA Astrophysics Data System (ADS)

Razuky AL-Shaikhly, Mazin H.

2018-05-01

An essential change had occurred in the field of Information Technology which represented with cloud computing, cloud giving virtual assets by means of web yet awesome difficulties in the field of information security and security assurance. Currently main problem with cloud computing is how to improve privacy and security for cloud “cloud is critical security”. This paper attempts to solve cloud security by using intelligent system with genetic algorithm as wall to provide cloud data secure, all services provided by cloud must detect who receive and register it to create list of users (trusted or un-trusted) depend on behavior. The execution of present proposal has shown great outcome.

An analysis of factors contributing to household water security problems and threats in different settlement categories of Ngamiland, Botswana

NASA Astrophysics Data System (ADS)

Kujinga, Krasposy; Vanderpost, Cornelis; Mmopelwa, Gagoitseope; Wolski, Piotr

Globally, water security is negatively affected by factors that include climatic and hydrological conditions, population growth, rural-urban migration, increased per-capita water use, pollution and over-abstraction of groundwater. While Botswana has made strides in providing safe and clean water to its population since independence in 1966, over the years, a combination of factors have contributed to water security problems in different settlement categories of the country (i.e., primary, secondary, tertiary and ungazetted settlements) in general and in the district of Ngamiland in particular. To study water security problems differentiated by settlement category, this study employed quantitative data collection methods (i.e. household structured questionnaires) and qualitative data collection methods (i.e. key informant interviews, observation, focus group discussions and informal interviews), complemented by a review of relevant literature. Water security in all settlements is affected by status of the settlement, i.e. gazetted or ungazetted, climatic and hydrological factors and water governance challenges. In large villages such as Maun, factors threatening water security include population growth, urbanization, management challenges, old water supply and distribution infrastructure, increased demand for individual connections and changing lifestyles. Small gazetted and ungazetted settlements encounter problems related to limited sources of water supply as well as salinity of groundwater resources. In order to enhance water security in different settlement categories, Botswana has to develop a comprehensive water resources management strategy underpinned by integrated water resources management principles aimed at addressing factors contributing to water security problems. The strategy has to be settlement category specific. Large villages have to address factors related to demographic changes, urbanization, management challenges, water supply infrastructure and the introducing of water demand management activities. Households in small villages need provision of water from more sustainable sources while ungazetted settlements need better access to clean water.

The Double-System Architecture for Trusted OS

NASA Astrophysics Data System (ADS)

Zhao, Yong; Li, Yu; Zhan, Jing

With the development of computer science and technology, current secure operating systems failed to respond to many new security challenges. Trusted operating system (TOS) is proposed to try to solve these problems. However, there are no mature, unified architectures for the TOS yet, since most of them cannot make clear of the relationship between security mechanism and the trusted mechanism. Therefore, this paper proposes a double-system architecture (DSA) for the TOS to solve the problem. The DSA is composed of the Trusted System (TS) and the Security System (SS). We constructed the TS by establishing a trusted environment and realized related SS. Furthermore, we proposed the Trusted Information Channel (TIC) to protect the information flow between TS and SS. In a word, the double system architecture we proposed can provide reliable protection for the OS through the SS with the supports provided by the TS.

The Management and Security Expert (MASE)

NASA Technical Reports Server (NTRS)

Miller, Mark D.; Barr, Stanley J.; Gryphon, Coranth D.; Keegan, Jeff; Kniker, Catherine A.; Krolak, Patrick D.

1991-01-01

The Management and Security Expert (MASE) is a distributed expert system that monitors the operating systems and applications of a network. It is capable of gleaning the information provided by the different operating systems in order to optimize hardware and software performance; recognize potential hardware and/or software failure, and either repair the problem before it becomes an emergency, or notify the systems manager of the problem; and monitor applications and known security holes for indications of an intruder or virus. MASE can eradicate much of the guess work of system management.

How secure is your information system? An investigation into actual healthcare worker password practices.

PubMed

Cazier, Joseph A; Medlin, B Dawn

2006-09-27

For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed.

How Secure Is Your Information System? An Investigation into Actual Healthcare Worker Password Practices

PubMed Central

Cazier, Joseph A; Medlin, B. Dawn

2006-01-01

For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed. PMID:18066366

76 FR 28843 - Meeting of Advisory Committee on International Communications and Information Policy

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-18

... channel for regular consultation and coordination on major economic, social and legal issues and problems in international communications and information policy, especially as these issues and problems... the building. Personal data is requested pursuant to Pub. L. 99-399 (Omnibus Diplomatic Security and...

Using information technology for an improved pharmaceutical care delivery in developing countries. Study case: Benin.

PubMed

Edoh, Thierry Oscar; Teege, Gunnar

2011-10-01

One of the problems in health care in developing countries is the bad accessibility of medicine in pharmacies for patients. Since this is mainly due to a lack of organization and information, it should be possible to improve the situation by introducing information and communication technology. However, for several reasons, standard solutions are not applicable here. In this paper, we describe a case study in Benin, a West African developing country. We identify the problem and the existing obstacles for applying standard ECommerce solutions. We develop an adapted system approach and describe a practical test which has shown that the approach has the potential of actually improving the pharmaceutical care delivery. Finally, we consider the security aspects of the system and propose an organizational solution for some specific security problems.

Information security risk management for computerized health information systems in hospitals: a case study of Iran

PubMed Central

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

Is the biggest security threat to medical information simply a lack of understanding?

PubMed

Williams, Patricia A H

2011-01-01

Connecting Australian health services and the e-health initiative is a major focus in the current health environment. Many issues are presented as key to its success including solving issues with confidentiality and privacy. However, the main problem may not be these issues in sharing information but the fact that the point of origin of such records is still relatively insecure. This paper highlights why this may be the case. Research into the security of medical information has shown that many primary healthcare providers are unable to create an environment with effective information security. Numerous factors contribute to this complex situation including a trustful environment, the resultant security culture and the capability of individual healthcare organisations. Further, the growing importance of new directions in the use of patient information is considered. This paper discusses these issues and positions them within the complex environment that is healthcare. In our current health system infrastructure, the points of origin of patient information are our most vulnerable. This entwined with progressively new uses of this information expose additional security concerns, such as re-identification of information, that require attention.

Methods of Organizational Information Security

NASA Astrophysics Data System (ADS)

Martins, José; Dos Santos, Henrique

The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant dimensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foundation of norms focused on technologies, in processes and taking into consideration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the development of a method of security of information for an organization in a conflicting environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of "Network centric warfare", "Information superiority" and "Information warfare" especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.

Research on Quantum Authentication Methods for the Secure Access Control Among Three Elements of Cloud Computing

NASA Astrophysics Data System (ADS)

Dong, Yumin; Xiao, Shufen; Ma, Hongyang; Chen, Libo

2016-12-01

Cloud computing and big data have become the developing engine of current information technology (IT) as a result of the rapid development of IT. However, security protection has become increasingly important for cloud computing and big data, and has become a problem that must be solved to develop cloud computing. The theft of identity authentication information remains a serious threat to the security of cloud computing. In this process, attackers intrude into cloud computing services through identity authentication information, thereby threatening the security of data from multiple perspectives. Therefore, this study proposes a model for cloud computing protection and management based on quantum authentication, introduces the principle of quantum authentication, and deduces the quantum authentication process. In theory, quantum authentication technology can be applied in cloud computing for security protection. This technology cannot be cloned; thus, it is more secure and reliable than classical methods.

Addressing software security and mitigations in the life cycle

NASA Technical Reports Server (NTRS)

Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

2003-01-01

Traditionally, security is viewed as an organizational and Information Technology (IIJ systems function comprising of Firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach in the software life cycle. The Jet Propulsion Laboratory has approached the problem through the development of an integrated formal Software Security Assessment Instrument (SSAI) with six foci for the software life cycle.

Addressing software security and mitigations in the life cycle

NASA Technical Reports Server (NTRS)

Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

2004-01-01

Traditionally, security is viewed as an organizational and Information Technology (IT) systems function comprising of firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach in the software life cycle. The Jet Propulsion Laboratory has approached the problem through the development of an integrated formal Software Security Assessment Instrument (SSAI) with six foci for the software life cycle.

Information Communication and Technology for Water Resource Management and Food Security in Kenya: A Case Study of Kericho and Uasin Gishu Districts

ERIC Educational Resources Information Center

Omboto, P. I.; Macharia, J.; Mbagaya, Grace; Standa, F. N.

2011-01-01

Recent reports on Kenya have indicated food insecurity and destruction of water catchments as serious problems facing the country. Despite the tremendous strides in Information and Communication Technology (ICT), the country has not taken advantage of the technology to improve food security by effectively managing her water resources. A survey on…

Going Beyond Compliance: A Strategic Framework for Promoting Information Security in Hospitals.

PubMed

Zandona, David J; Thompson, Jon M

In the past decade, public and private organizations have experienced a significant and alarming rise in the number of data breaches. Across all sectors, there seems to be no safe haven for the protection of information. In the health care industry, the trend is even worse. Information security is at an unbelievable low point, and it is unlikely that government oversight can fix this issue. Health care organizations have ramped up their approaches to addressing the problem; however, these initiatives are often incremental rather than transformational. Hospitals need an overall organization-wide strategy to prevent breaches from occurring and to minimize effects if they do occur. This article provides an analysis of the literature related to health information security and offers a suggested strategy for hospital administrators to follow in order to create a more secure environment for patient health information.

A secure and efficient password-based user authentication scheme using smart cards for the integrated EPR information system.

PubMed

Lee, Tian-Fu; Chang, I-Pin; Lin, Tsung-Hung; Wang, Ching-Cheng

2013-06-01

The integrated EPR information system supports convenient and rapid e-medicine services. A secure and efficient authentication scheme for the integrated EPR information system provides safeguarding patients' electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Wu et al. proposed an efficient password-based user authentication scheme using smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various malicious attacks. However, their scheme is still vulnerable to lost smart card and stolen verifier attacks. This investigation discusses these weaknesses and proposes a secure and efficient authentication scheme for the integrated EPR information system as alternative. Compared with related approaches, the proposed scheme not only retains a lower computational cost and does not require verifier tables for storing users' secrets, but also solves the security problems in previous schemes and withstands possible attacks.

Aerial secure display by use of polarization-processing display with retarder film and retro-reflector

NASA Astrophysics Data System (ADS)

Ito, Shusei; Uchida, Keitaro; Mizushina, Haruki; Suyama, Shiro; Yamamoto, Hirotsugu

2017-02-01

Security is one of the big issues in automated teller machine (ATM). In ATM, two types of security have to be maintained. One is to secure displayed information. The other is to secure screen contamination. This paper gives a solution for these two security issues. In order to secure information against peeping at the screen, we utilize visual cryptography for displayed information and limit the viewing zone. Furthermore, an aerial information screen with aerial imaging by retro-reflection, named AIRR enables users to avoid direct touch on the information screen. The purpose of this paper is to propose an aerial secure display technique that ensures security of displayed information as well as security against contamination problem on screen touch. We have developed a polarization-processing display that is composed of a backlight, a polarizer, a background LCD panel, a gap, a half-wave retarder, and a foreground LCD panel. Polarization angle is rotated with the LCD panels. We have constructed a polarization encryption code set. Size of displayed images are designed to limit the viewing position. Furthermore, this polarization-processing display has been introduced into our aerial imaging optics, which employs a reflective polarizer and a retro-reflector covered with a quarter-wave retarder. Polarization-modulated light forms the real image over the reflective polarizer. We have successfully formed aerial information screen that shows the secret image with a limited viewing position. This is the first realization of aerial secure display by use of polarization-processing display with retarder-film and retro-reflector.

[Application of password manager software in health care].

PubMed

Ködmön, József

2016-12-01

When using multiple IT systems, handling of passwords in a secure manner means a potential source of problem. The most frequent issues are choosing the appropriate length and complexity, and then remembering the strong passwords. Password manager software provides a good solution for this problem, while greatly increasing the security of sensitive medical data. This article introduces a password manager software and provides basic information of the application. It also discusses how to select a really secure password manager software and suggests a practical application to efficient, safe and comfortable use for health care. Orv. Hetil., 2016, 157(52), 2066-2073.

Effectiveness of Using a Change Management Approach to Convey the Benefits of an Information Security Implementation to Technology Users

ERIC Educational Resources Information Center

Bennett, Jeannine B.

2012-01-01

This study addressed the problems associated with users' understanding, accepting, and complying with requirements of security-oriented solutions. The goal of the research was not to dispute existing theory on IT project implementations, but rather to further the knowledge on the topic of technology user acceptance of security-oriented IT…

Cost-Benefit Analysis of Confidentiality Policies for Advanced Knowledge Management Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

May, D

Knowledge Discovery (KD) processes can create new information within a Knowledge Management (KM) system. In many domains, including government, this new information must be secured against unauthorized disclosure. Applying an appropriate confidentiality policy achieves this. However, it is not evident which confidentiality policy to apply, especially when the goals of sharing and disseminating knowledge have to be balanced with the requirements to secure knowledge. This work proposes to solve this problem by developing a cost-benefit analysis technique for examining the tradeoffs between securing and sharing discovered knowledge.

Protecting software agents from malicious hosts using quantum computing

NASA Astrophysics Data System (ADS)

Reisner, John; Donkor, Eric

2000-07-01

We evaluate how quantum computing can be applied to security problems for software agents. Agent-based computing, which merges technological advances in artificial intelligence and mobile computing, is a rapidly growing domain, especially in applications such as electronic commerce, network management, information retrieval, and mission planning. System security is one of the more eminent research areas in agent-based computing, and the specific problem of protecting a mobile agent from a potentially hostile host is one of the most difficult of these challenges. In this work, we describe our agent model, and discuss the capabilities and limitations of classical solutions to the malicious host problem. Quantum computing may be extremely helpful in addressing the limitations of classical solutions to this problem. This paper highlights some of the areas where quantum computing could be applied to agent security.

Common Criteria Related Security Design Patterns for Intelligent Sensors—Knowledge Engineering-Based Implementation

PubMed Central

Bialas, Andrzej

2011-01-01

Intelligent sensors experience security problems very similar to those inherent to other kinds of IT products or systems. The assurance for these products or systems creation methodologies, like Common Criteria (ISO/IEC 15408) can be used to improve the robustness of the sensor systems in high risk environments. The paper presents the background and results of the previous research on patterns-based security specifications and introduces a new ontological approach. The elaborated ontology and knowledge base were validated on the IT security development process dealing with the sensor example. The contribution of the paper concerns the application of the knowledge engineering methodology to the previously developed Common Criteria compliant and pattern-based method for intelligent sensor security development. The issue presented in the paper has a broader significance in terms that it can solve information security problems in many application domains. PMID:22164064

Common criteria related security design patterns for intelligent sensors--knowledge engineering-based implementation.

PubMed

Bialas, Andrzej

2011-01-01

Intelligent sensors experience security problems very similar to those inherent to other kinds of IT products or systems. The assurance for these products or systems creation methodologies, like Common Criteria (ISO/IEC 15408) can be used to improve the robustness of the sensor systems in high risk environments. The paper presents the background and results of the previous research on patterns-based security specifications and introduces a new ontological approach. The elaborated ontology and knowledge base were validated on the IT security development process dealing with the sensor example. The contribution of the paper concerns the application of the knowledge engineering methodology to the previously developed Common Criteria compliant and pattern-based method for intelligent sensor security development. The issue presented in the paper has a broader significance in terms that it can solve information security problems in many application domains.

Problems of collaborative work of the automated process control system (APCS) and the its information security and solutions.

NASA Astrophysics Data System (ADS)

Arakelyan, E. K.; Andryushin, A. V.; Mezin, S. V.; Kosoy, A. A.; Kalinina, Ya V.; Khokhlov, I. S.

2017-11-01

The principle of interaction of the specified systems of technological protections by the Automated process control system (APCS) and information safety in case of incorrect execution of the algorithm of technological protection is offered. - checking the correctness of the operation of technological protection in each specific situation using the functional relationship between the monitored parameters. The methodology for assessing the economic feasibility of developing and implementing an information security system.

New Advanced Technologies to Provide Decentralised and Secure Access to Medical Records: Case Studies in Oncology

PubMed Central

Quantin, Catherine; Coatrieux, Gouenou; Allaert, François André; Fassa, Maniane; Bourquard, Karima; Boire, Jean-Yves; de Vlieger, Paul; Maigne, Lydia; Breton, Vincent

2009-01-01

The main problem for health professionals and patients in accessing information is that this information is very often distributed over many medical records and locations. This problem is particularly acute in cancerology because patients may be treated for many years and undergo a variety of examinations. Recent advances in technology make it feasible to gain access to medical records anywhere and anytime, allowing the physician or the patient to gather information from an “ephemeral electronic patient record”. However, this easy access to data is accompanied by the requirement for improved security (confidentiality, traceability, integrity, ...) and this issue needs to be addressed. In this paper we propose and discuss a decentralised approach based on recent advances in information sharing and protection: Grid technologies and watermarking methodologies. The potential impact of these technologies for oncology is illustrated by the examples of two experimental cases: a cancer surveillance network and a radiotherapy treatment plan. It is expected that the proposed approach will constitute the basis of a future secure “google-like” access to medical records. PMID:19718446

Effective Strategies for School Security.

ERIC Educational Resources Information Center

Blauvelt, Peter D.

This handbook offers administrators specific advice on developing the skills, knowledge, and techniques needed for coping with problems of school crime and violence. The guide begins by advising administrators that having security information available at all times helps determine the climate of the school. Instructions are given for preparing…

Do You Lock Your Network Doors? Some Network Management Precautions.

ERIC Educational Resources Information Center

Neray, Phil

1997-01-01

Discusses security problems and solutions for networked organizations with Internet connections. Topics include access to private networks from electronic mail information; computer viruses; computer software; corporate espionage; firewalls, that is computers that stand between a local network and the Internet; passwords; and physical security.…

Data Security: Locked Down, Not out

ERIC Educational Resources Information Center

Waters, John K.

2007-01-01

The problem with traditional, perimeterbased security methods is twofold: First, they can stifle the educational mission that district networks were created to encourage. Firewalls can thwart hackers, but they can also prevent staff and students from accessing online tools or information. Second, these approaches tend to provide inadequate…

Information security: where computer science, economics and psychology meet.

PubMed

Anderson, Ross; Moore, Tyler

2009-07-13

Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.

A study on agent-based secure scheme for electronic medical record system.

PubMed

Chen, Tzer-Long; Chung, Yu-Fang; Lin, Frank Y S

2012-06-01

Patient records, including doctors' diagnoses of diseases, trace of treatments and patients' conditions, nursing actions, and examination results from allied health profession departments, are the most important medical records of patients in medical systems. With patient records, medical staff can instantly understand the entire medical information of a patient so that, according to the patient's conditions, more accurate diagnoses and more appropriate in-depth treatments can be provided. Nevertheless, in such a modern society with booming information technologies, traditional paper-based patient records have faced a lot of problems, such as lack of uniform formats, low data mobility, slow data transfer, illegible handwritings, enormous and insufficient storage space, difficulty of conservation, being easily damaged, and low transferability. To improve such drawbacks, reduce medical costs, and advance medical quality, paper-based patient records are modified into electronic medical records and reformed into electronic patient records. However, since electronic patient records used in various hospitals are diverse and different, in consideration of cost, it is rather difficult to establish a compatible and complete integrated electronic patient records system to unify patient records from heterogeneous systems in hospitals. Moreover, as the booming of the Internet, it is no longer necessary to build an integrated system. Instead, doctors can instantly look up patients' complete information through the Internet access to electronic patient records as well as avoid the above difficulties. Nonetheless, the major problem of accessing to electronic patient records cross-hospital systems exists in the security of transmitting and accessing to the records in case of unauthorized medical personnels intercepting or stealing the information. This study applies the Mobile Agent scheme to cope with the problem. Since a Mobile Agent is a program, which can move among hosts and automatically disperse arithmetic processes, and moves from one host to another in heterogeneous network systems with the characteristics of autonomy and mobility, decreasing network traffic, reducing transfer lag, encapsulating protocol, availability on heterogeneous platforms, fault-tolerance, high flexibility, and personalization. However, since a Mobile Agent contacts and exchanges information with other hosts or agents on the Internet for rapid exchange and access to medical information, the security is threatened. In order to solve the problem, this study proposes a key management scheme based on Lagrange interpolation formulas and hierarchical management structure to make Mobile Agents a more secure and efficient access control scheme for electronic patient record systems when applied to the access of patients' personal electronic patient records cross hospitals. Meanwhile, with the comparison of security and efficacy analyses being the feasibility of validation scheme and the basis of better efficiency, the security of Mobile Agents in the process of operation can be guaranteed, key management efficacy can be advanced, and the security of the Mobile Agent system can be protected.

Security management techniques and evaluative checklists for security force effectiveness. Technical report (final) Sep 80-Jul 81

DOE Office of Scientific and Technical Information (OSTI.GOV)

Schurman, D.L.; Datesman, G.H. Jr; Truitt, J.O.

The report presents a system for evaluating and correcting deficiencies in security-force effectiveness in licensed nuclear facilities. There are four checklists which security managers can copy directly, or can use as guidelines for developing their own checklists. The checklists are keyed to corrective-action guides found in the body of the report. In addition to the corrective-action guides, the report gives background information on the nature of security systems and discussions of various special problems of the licensed nuclear industry.

A secure and robust information hiding technique for covert communication

NASA Astrophysics Data System (ADS)

Parah, S. A.; Sheikh, J. A.; Hafiz, A. M.; Bhat, G. M.

2015-08-01

The unprecedented advancement of multimedia and growth of the internet has made it possible to reproduce and distribute digital media easier and faster. This has given birth to information security issues, especially when the information pertains to national security, e-banking transactions, etc. The disguised form of encrypted data makes an adversary suspicious and increases the chance of attack. Information hiding overcomes this inherent problem of cryptographic systems and is emerging as an effective means of securing sensitive data being transmitted over insecure channels. In this paper, a secure and robust information hiding technique referred to as Intermediate Significant Bit Plane Embedding (ISBPE) is presented. The data to be embedded is scrambled and embedding is carried out using the concept of Pseudorandom Address Vector (PAV) and Complementary Address Vector (CAV) to enhance the security of the embedded data. The proposed ISBPE technique is fully immune to Least Significant Bit (LSB) removal/replacement attack. Experimental investigations reveal that the proposed technique is more robust to various image processing attacks like JPEG compression, Additive White Gaussian Noise (AWGN), low pass filtering, etc. compared to conventional LSB techniques. The various advantages offered by ISBPE technique make it a good candidate for covert communication.

Adaptation of interoperability standards for cross domain usage

NASA Astrophysics Data System (ADS)

Essendorfer, B.; Kerth, Christian; Zaschke, Christian

2017-05-01

As globalization affects most aspects of modern life, challenges of quick and flexible data sharing apply to many different domains. To protect a nation's security for example, one has to look well beyond borders and understand economical, ecological, cultural as well as historical influences. Most of the time information is produced and stored digitally and one of the biggest challenges is to receive relevant readable information applicable to a specific problem out of a large data stock at the right time. These challenges to enable data sharing across national, organizational and systems borders are known to other domains (e.g., ecology or medicine) as well. Solutions like specific standards have been worked on for the specific problems. The question is: what can the different domains learn from each other and do we have solutions when we need to interlink the information produced in these domains? A known problem is to make civil security data available to the military domain and vice versa in collaborative operations. But what happens if an environmental crisis leads to the need to quickly cooperate with civil or military security in order to save lives? How can we achieve interoperability in such complex scenarios? The paper introduces an approach to adapt standards from one domain to another and lines out problems that have to be overcome and limitations that may apply.

Fostering E-Mail Security Awareness: The West Point Carronade

ERIC Educational Resources Information Center

Ferguson, Aaron J.

2005-01-01

The United States Military Academy (USMA) at West Point had a problem with some cadets clicking on suspicious attachments and embedded links, significantly affecting network performance and resource availability. West Point information technology leadership needed a way to increase e-mail security awareness in hopes of maintaining a strong…

Parallel Processable Cryptographic Methods with Unbounded Practical Security.

ERIC Educational Resources Information Center

Rothstein, Jerome

Addressing the problem of protecting confidential information and data stored in computer databases from access by unauthorized parties, this paper details coding schemes which present such astronomical work factors to potential code breakers that security breaches are hopeless in any practical sense. Two procedures which can be used to encode for…

Information Security and Integrity Systems

NASA Technical Reports Server (NTRS)

1990-01-01

Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

Security System Software

NASA Technical Reports Server (NTRS)

1993-01-01

C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.

Survey of Collaboration Technologies in Multi-level Security Environments

DTIC Science & Technology

2014-04-28

infrastructure or resources. In this research program, the security implications of the US Air Force GeoBase (the US The problem is that in many cases...design structure. ORA uses a Java interface for ease of use, and a C++ computational backend . The current version ORA1.2 software is available on the...information: culture, policy, governance, economics and resources, and technology and infrastructure . This plan, the DoD Information Sharing

Efficient proof of ownership for cloud storage systems

NASA Astrophysics Data System (ADS)

Zhong, Weiwei; Liu, Zhusong

2017-08-01

Cloud storage system through the deduplication technology to save disk space and bandwidth, but the use of this technology has appeared targeted security attacks: the attacker can deceive the server to obtain ownership of the file by get the hash value of original file. In order to solve the above security problems and the different security requirements of the files in the cloud storage system, an efficient and information-theoretical secure proof of ownership sceme is proposed to support the file rating. Through the K-means algorithm to implement file rating, and use random seed technology and pre-calculation method to achieve safe and efficient proof of ownership scheme. Finally, the scheme is information-theoretical secure, and achieve better performance in the most sensitive areas of client-side I/O and computation.

Performance of device-independent quantum key distribution

NASA Astrophysics Data System (ADS)

Cao, Zhu; Zhao, Qi; Ma, Xiongfeng

2016-07-01

Quantum key distribution provides information-theoretically-secure communication. In practice, device imperfections may jeopardise the system security. Device-independent quantum key distribution solves this problem by providing secure keys even when the quantum devices are untrusted and uncharacterized. Following a recent security proof of the device-independent quantum key distribution, we improve the key rate by tightening the parameter choice in the security proof. In practice where the system is lossy, we further improve the key rate by taking into account the loss position information. From our numerical simulation, our method can outperform existing results. Meanwhile, we outline clear experimental requirements for implementing device-independent quantum key distribution. The maximal tolerable error rate is 1.6%, the minimal required transmittance is 97.3%, and the minimal required visibility is 96.8 % .

Geostationary Orbital Crowding: An Analysis of Problems and Solutions

DTIC Science & Technology

1990-05-16

PAGES 237 16. PRICE CODE 17. SECURITY CLASSIFICATION 18. SECURITY CLASSIFICATION 19. SECURITY CLASSIFICATION 20. LIMITATION OF ABSTRACT OF REPORT OF...later chapters. Those with technical backgrounds may still wish to skim this chapter as kind of a refresher of rarely used information. The purpose of...increased, by economic reason, so must supply. Basically, when prices are high the market will drive the availability of new resources 5 through

Research on the information security system in electrical gis system in mobile application

NASA Astrophysics Data System (ADS)

Zhou, Chao; Feng, Renjun; Jiang, Haitao; Huang, Wei; Zhu, Daohua

2017-05-01

With the rapid development of social informatization process, the demands of government, enterprise, and individuals for spatial information becomes larger. In addition, the combination of wireless network technology and spatial information technology promotes the generation and development of mobile technologies. In today’s rapidly developed information technology field, network technology and mobile communication have become the two pillar industries by leaps and bounds. They almost absorbed and adopted all the latest information, communication, computer, electronics and so on new technologies. Concomitantly, the network coverage is more and more big, the transmission rate is faster and faster, the volume of user’s terminal is smaller and smaller. What’s more, from LAN to WAN, from wired network to wireless network, from wired access to mobile wireless access, people’s demand for communication technology is increasingly higher. As a result, mobile communication technology is facing unprecedented challenges as well as unprecedented opportunities. When combined with the existing mobile communication network, it led to the development of leaps and bounds. However, due to the inherent dependence of the system on the existing computer communication network, information security problems cannot be ignored. Today’s information security has penetrated into all aspects of life. Information system is a complex computer system, and it’s physical, operational and management vulnerabilities constitute the security vulnerability of the system. Firstly, this paper analyzes the composition of mobile enterprise network and information security threat. Secondly, this paper puts forward the security planning and measures, and constructs the information security structure.

The application of data encryption technology in computer network communication security

NASA Astrophysics Data System (ADS)

Gong, Lina; Zhang, Li; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-04-01

With the rapid development of Intemet and the extensive application of computer technology, the security of information becomes more and more serious, and the information security technology with data encryption technology as the core has also been developed greatly. Data encryption technology not only can encrypt and decrypt data, but also can realize digital signature, authentication and authentication and other functions, thus ensuring the confidentiality, integrity and confirmation of data transmission over the network. In order to improve the security of data in network communication, in this paper, a hybrid encryption system is used to encrypt and decrypt the triple DES algorithm with high security, and the two keys are encrypted with RSA algorithm, thus ensuring the security of the triple DES key and solving the problem of key management; At the same time to realize digital signature using Java security software, to ensure data integrity and non-repudiation. Finally, the data encryption system is developed by Java language. The data encryption system is simple and effective, with good security and practicality.

Information security of Smart Factories

NASA Astrophysics Data System (ADS)

Iureva, R. A.; Andreev, Y. S.; Iuvshin, A. M.; Timko, A. S.

2018-05-01

In several years, technologies and systems based on the Internet of things (IoT) will be widely used in all smart factories. When processing a huge array of unstructured data, their filtration and adequate interpretation are a priority for enterprises. In this context, the correct representation of information in a user-friendly form acquires special importance, for which the market today presents advanced analytical platforms designed to collect, store and analyze data on technological processes and events in real time. The main idea of the paper is the statement of the information security problem in IoT and integrity of processed information.

Virtualization in education: Information Security lab in your hands

NASA Astrophysics Data System (ADS)

Karlov, A. A.

2016-09-01

The growing demand for qualified specialists in advanced information technologies poses serious challenges to the education and training of young personnel for science, industry and social problems. Virtualization as a way to isolate the user from the physical characteristics of computing resources (processors, servers, operating systems, networks, applications, etc.), has, in particular, an enormous influence in the field of education, increasing its efficiency, reducing the cost, making it more widely and readily available. The study of Information Security of computer systems is considered as an example of use of virtualization in education.

Management of U.S. Coast Guard Information Security Program Using Management by Objectives.

DTIC Science & Technology

1979-09-01

conducted. These men described their jobs and the attendant problems with obvious complete frankness and in the most lucid way. Thirdly, the security...scenario is not an unrealistic dream but a statement of the conditions that would exist if the organization arrived at some future state successfully

Discussion on the Technology and Method of Computer Network Security Management

NASA Astrophysics Data System (ADS)

Zhou, Jianlei

2017-09-01

With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.

Business continuity strategies for cyber defence: battling time and information overload.

PubMed

Streufert, John

2010-11-01

Can the same numbers and letters which are the life blood of modern business and government computer systems be harnessed to protect computers from attack against known information security risks? For the past seven years, Foreign Service officers and technicians of the US Government have sought to maintain diplomatic operations in the face of rising cyber attacks and test the hypothesis that an ounce of prevention is worth a pound of cure. As eight out of ten attacks leverage known computer security vulnerabilities or configuration setting weaknesses, a pound of cure would seem to be easy to come by. Yet modern security tools present an unusually consequential threat to business continuity - too much rather than too little information on cyber problems is presented, harking back to a phenomenon cited by social scientists in the 1960s called 'information overload'. Experience indicates that the longer the most serious cyber problems go untreated, the wider the attack surface adversaries can find. One technique used at the Department of State, called 'risk scoring', resulted in an 89 per cent overall reduction in measured risk over 12 months for the Department of State's servers and personal computers. Later refinements of risk scoring enabled technicians to correct unique security threats with unprecedented speed. This paper explores how the use of metrics, special care in presenting information to technicians and executives alike, as well as tactical use of organisational incentives can result in stronger cyber defences protecting modern organisations.

Trust and Reputation Management for Critical Infrastructure Protection

NASA Astrophysics Data System (ADS)

Caldeira, Filipe; Monteiro, Edmundo; Simões, Paulo

Today's Critical Infrastructures (CI) depend of Information and Communication Technologies (ICT) to deliver their services with the required level of quality and availability. ICT security plays a major role in CI protection and risk prevention for single and also for interconnected CIs were cascading effects might occur because of the interdependencies that exist among different CIs. This paper addresses the problem of ICT security in interconnected CIs. Trust and reputation management using the Policy Based Management paradigm is the proposed solution to be applied at the CI interconnection points for information exchange. The proposed solution is being applied to the Security Mediation Gateway being developed in the European FP7 MICIE project, to allow for information exchange among interconnected CIs.

Security of medical data transfer and storage in Internet. Cryptography, antiviral security and electronic signature problems, which must be solved in nearest future in practical context.

PubMed

Kasztelowicz, Piotr; Czubenko, Marek; Zieba, Iwona

2003-01-01

The informatical revolution in computer age, which gives significant benefit in transfer of medical information requests to pay still more attention for aspect of network security. All known advantages of network technologies--first of all simplicity of copying, multiplication and sending information to many individuals can be also dangerous, if illegal, not permitted persons get access to medical data bases. Internet is assumed to be as especially "anarchic" medium, therefore in order to use it in professional work any security principles should be bewared. In our presentation we will try to find the optimal security solution in organisational and technological aspects for any medical network. In our opinion the harmonious co-operation between users, medical authorities and network administrators is core of the success.

Secure medical information sharing in cloud computing.

PubMed

Shao, Zhiyi; Yang, Bo; Zhang, Wenzheng; Zhao, Yi; Wu, Zhenqiang; Miao, Meixia

2015-01-01

Medical information sharing is one of the most attractive applications of cloud computing, where searchable encryption is a fascinating solution for securely and conveniently sharing medical data among different medical organizers. However, almost all previous works are designed in symmetric key encryption environment. The only works in public key encryption do not support keyword trapdoor security, have long ciphertext related to the number of receivers, do not support receiver revocation without re-encrypting, and do not preserve the membership of receivers. In this paper, we propose a searchable encryption supporting multiple receivers for medical information sharing based on bilinear maps in public key encryption environment. In the proposed protocol, data owner stores only one copy of his encrypted file and its corresponding encrypted keywords on cloud for multiple designated receivers. The keyword ciphertext is significantly shorter and its length is constant without relation to the number of designated receivers, i.e., for n receivers the ciphertext length is only twice the element length in the group. Only the owner knows that with whom his data is shared, and the access to his data is still under control after having been put on the cloud. We formally prove the security of keyword ciphertext based on the intractability of Bilinear Diffie-Hellman problem and the keyword trapdoor based on Decisional Diffie-Hellman problem.

Bio-inspired secure data mules for medical sensor network

NASA Astrophysics Data System (ADS)

Muraleedharan, Rajani; Gao, Weihua; Osadciw, Lisa A.

2010-04-01

Medical sensor network consist of heterogeneous nodes, wireless, mobile and wired with varied functionality. The resources at each sensor require to be exploited minimally while sensitive information is sensed and communicated to its access points using secure data mules. In this paper, we analyze the flat architecture, where different functionality and priority information require varied resources forms a non-deterministic polynomial-time hard problem. Hence, a bio-inspired data mule that helps to obtain dynamic multi-objective solution with minimal resource and secure path is applied. The performance of the proposed approach is based on reduced latency, data delivery rate and resource cost.

On chaos synchronization and secure communication.

PubMed

Kinzel, W; Englert, A; Kanter, I

2010-01-28

Chaos synchronization, in particular isochronal synchronization of two chaotic trajectories to each other, may be used to build a means of secure communication over a public channel. In this paper, we give an overview of coupling schemes of Bernoulli units deduced from chaotic laser systems, different ways to transmit information by chaos synchronization and the advantage of bidirectional over unidirectional coupling with respect to secure communication. We present the protocol for using dynamical private commutative filters for tap-proof transmission of information that maps the task of a passive attacker to the class of non-deterministic polynomial time-complete problems. This journal is © 2010 The Royal Society

7 CFR 2610.1 - General statement.

Code of Federal Regulations, 2011 CFR

2011-01-01

... the Secretary and the Congress informed of problems and deficiencies relative to the programs and... policies and programs. (2) Provide for the personal security of the Secretary and Deputy Secretary. (3... problems and deficiencies and the necessity for and progress of corrective actions in the administration of...

A security scheme of SMS system

NASA Astrophysics Data System (ADS)

Zhang, Fangzhou; Yang, Hong-Wei; Song, Chuck

2005-02-01

With the prosperous development and the use of SMS, more and more important information need to be transferred through the wireless and mobile networks by the users. But in the GSM/GPRS network, the SMS messages are transferred in text mode through the signaling channel and there is no integrality for SMS messages. Because of the speciality of the mobile communications, the security of signaling channel is very weak. So we need to improve and enhance the security and integrality of SMS. At present, developed investigation based on SMS security is still incomplete. The key distribution and management is not perfect to meet the usability in a wide area. This paper introduces a high-level security method to solve this problem. We design the Secure SMS of GSM/GPRS in order to improve the security of the important information that need to be transferred by the mobile networks. Using this method, we can improve the usability of E-payment and other mobile electronic commerce.

Secure quantum private information retrieval using phase-encoded queries

NASA Astrophysics Data System (ADS)

Olejnik, Lukasz

2011-08-01

We propose a quantum solution to the classical private information retrieval (PIR) problem, which allows one to query a database in a private manner. The protocol offers privacy thresholds and allows the user to obtain information from a database in a way that offers the potential adversary, in this model the database owner, no possibility of deterministically establishing the query contents. This protocol may also be viewed as a solution to the symmetrically private information retrieval problem in that it can offer database security (inability for a querying user to steal its contents). Compared to classical solutions, the protocol offers substantial improvement in terms of communication complexity. In comparison with the recent quantum private queries [Phys. Rev. Lett.PRLTAO0031-900710.1103/PhysRevLett.100.230502 100, 230502 (2008)] protocol, it is more efficient in terms of communication complexity and the number of rounds, while offering a clear privacy parameter. We discuss the security of the protocol and analyze its strengths and conclude that using this technique makes it challenging to obtain the unconditional (in the information-theoretic sense) privacy degree; nevertheless, in addition to being simple, the protocol still offers a privacy level. The oracle used in the protocol is inspired both by the classical computational PIR solutions as well as the Deutsch-Jozsa oracle.

Secure quantum private information retrieval using phase-encoded queries

DOE Office of Scientific and Technical Information (OSTI.GOV)

Olejnik, Lukasz

We propose a quantum solution to the classical private information retrieval (PIR) problem, which allows one to query a database in a private manner. The protocol offers privacy thresholds and allows the user to obtain information from a database in a way that offers the potential adversary, in this model the database owner, no possibility of deterministically establishing the query contents. This protocol may also be viewed as a solution to the symmetrically private information retrieval problem in that it can offer database security (inability for a querying user to steal its contents). Compared to classical solutions, the protocol offersmore » substantial improvement in terms of communication complexity. In comparison with the recent quantum private queries [Phys. Rev. Lett. 100, 230502 (2008)] protocol, it is more efficient in terms of communication complexity and the number of rounds, while offering a clear privacy parameter. We discuss the security of the protocol and analyze its strengths and conclude that using this technique makes it challenging to obtain the unconditional (in the information-theoretic sense) privacy degree; nevertheless, in addition to being simple, the protocol still offers a privacy level. The oracle used in the protocol is inspired both by the classical computational PIR solutions as well as the Deutsch-Jozsa oracle.« less

[Universalization of health or of social security?].

PubMed

Levy-Algazi, Santiago

2011-01-01

This article presents an analysis of the architecture of Mexico's health system based on the main economic problem, failing to achieve a GDP growth rate to increase real wages and give workers in formal employment coverage social security. This analysis describes the relationship between social security of the population and employment status of it (either formal or informal employment) and the impact that this situation poses to our health system. Also, it ends with a reform proposal that will give all workers the same social rights, ie to grant universal social security.

Evaluating the risk of industrial espionage

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bott, T.F.

1998-12-31

A methodology for estimating the relative probabilities of different compromise paths for protected information by insider and visitor intelligence collectors has been developed based on an event-tree analysis of the intelligence collection operation. The analyst identifies target information and ultimate users who might attempt to gain that information. The analyst then uses an event tree to develop a set of compromise paths. Probability models are developed for each of the compromise paths that user parameters based on expert judgment or historical data on security violations. The resulting probability estimates indicate the relative likelihood of different compromise paths and provide anmore » input for security resource allocation. Application of the methodology is demonstrated using a national security example. A set of compromise paths and probability models specifically addressing this example espionage problem are developed. The probability models for hard-copy information compromise paths are quantified as an illustration of the results using parametric values representative of historical data available in secure facilities, supplemented where necessary by expert judgment.« less

The Federal Government and Information Technology Standards: Building the National Information Infrastructure.

ERIC Educational Resources Information Center

Radack, Shirley M.

1994-01-01

Examines the role of the National Institute of Standards and Technology (NIST) in the development of the National Information Infrastructure (NII). Highlights include the standards process; voluntary standards; Open Systems Interconnection problems; Internet Protocol Suite; consortia; government's role; and network security. (16 references) (LRW)

Experimental Physical Sciences Vitae 2017

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kippen, Karen Elizabeth; Del Mauro, Diana; Patterson, Eileen Frances

Frequently our most basic research experiments stimulate solutions for some of the most intractable national security problems, such as nuclear weapons stewardship, homeland security, intelligence and information analysis, and nuclear and alternative energy. This publication highlights our talented and creative staff who deliver solutions to these complex scientific and technological challenges by conducting cutting-edge multidisciplinary physical science research.

A noise immunity controlled quantum teleportation protocol

NASA Astrophysics Data System (ADS)

Li, Dong-fen; Wang, Rui-jin; Zhang, Feng-li; Baagyere, Edward; Qin, Zhen; Xiong, Hu; Zhan, Huayi

2016-11-01

With the advent of the Internet and information and communication technology, quantum teleportation has become an important field in information security and its application areas. This is because quantum teleportation has the ability to attain a timely secret information delivery and offers unconditional security. And as such, the field of quantum teleportation has become a hot research topic in recent years. However, noise has serious effect on the safety of quantum teleportation within the aspects of information fidelity, channel capacity and information transfer. Therefore, the main purpose of this paper is to address these problems of quantum teleportation. Firstly, in order to resist collective noise, we construct a decoherence-free subspace under different noise scenarios to establish a two-dimensional fidelity quantum teleportation models. And also create quantum teleportation of multiple degree of freedom, and these models ensure the accuracy and availability of the exchange of information and in multiple degree of freedom. Secondly, for easy preparation, measurement and implementation, we use super dense coding features to build an entangled quantum secret exchange channel. To improve the channel utilization and capacity, an efficient super dense coding method based on ultra-entanglement exchange is used. Thirdly, continuous variables of the controlled quantum key distribution were designed for quantum teleportation; in addition, we perform Bell-basis measurement under the collective noise and also prepare the storage technology of quantum states to achieve one-bit key by three-photon encoding to improve its security and efficiency. We use these two methods because they conceal information, resist a third party attack and can detect eavesdropping. Our proposed methods, according to the security analysis, are able to solve the problems associated with the quantum teleportation under various noise environments.

Attitudes towards information system security among physicians in Croatia.

PubMed

Markota, M; Kern, J; Svab, I

2001-07-01

To examine attitudes about information system security among Croatian physicians a cross-sectional study was performed on a representative sample of 800 Croatian physicians. An anonymous questionnaire comprising 21 questions was distributed and statistical analysis was performed using a chi-square test. A 76.2% response rate was obtained. The majority of respondents (85.8%) believe that information system security is a new area in their work. In general, physicians are not informed about European directives, conventions, recommendations, etc. Only a small number of physicians use personal computers at work (29%). Those physicians who have a personal computer use it mainly for administrative reasons. Most healthcare institutions (89%) do not have a security manual and the area of information system security is left to individual interest and initiative. Only 25% of physicians who have a personal computer use any type of password. A high percentage of physicians (22%) has never thought about the problem of personal data being used by organizations (e.g. police, banks) without legal background; a small, but still significant percentage of physicians (5.6%) has even agreed with such use. Results indicate that for the vast majority of physicians, information system security is a new area in their daily work, one which is left to individual interest and initiative. They are not familiar with the ethical, technical and legal backgrounds which have been defined for that area within the Council of Europe and the European Union. New aspects: This is the first study performed in Central and Eastern Europe dealing with information system security, performed on a representative nationwide sample of all the physicians.

Security Analysis of Measurement-Device-Independent Quantum Key Distribution in Collective-Rotation Noisy Environment

NASA Astrophysics Data System (ADS)

Li, Na; Zhang, Yu; Wen, Shuang; Li, Lei-lei; Li, Jian

2018-01-01

Noise is a problem that communication channels cannot avoid. It is, thus, beneficial to analyze the security of MDI-QKD in noisy environment. An analysis model for collective-rotation noise is introduced, and the information theory methods are used to analyze the security of the protocol. The maximum amount of information that Eve can eavesdrop is 50%, and the eavesdropping can always be detected if the noise level ɛ ≤ 0.68. Therefore, MDI-QKD protocol is secure as quantum key distribution protocol. The maximum probability that the relay outputs successful results is 16% when existing eavesdropping. Moreover, the probability that the relay outputs successful results when existing eavesdropping is higher than the situation without eavesdropping. The paper validates that MDI-QKD protocol has better robustness.

The role of food-security solutions in the protection of natural resources and environment of developing countries.

PubMed

Lashgarara, Farhad; Mirdamadi, Seyyed Mehdi; Hosseini, Seyyed Jamal Farajollah; Chizari, Mohammad

2008-10-01

The majority of the countries of the world, especially developing countries, face environmental problems. Limitations of basic resources (water and soil) and population growth have been the cause of these environmental problems that countries are confronted with. Developing countries have numerous problems, including destruction of forests, vegetable and animal species, and pollution of the environment. Damage to natural resources and the environment can influence the food-security situation. One of the main millennium development goals (MDGs) is protection of the environment and people's health. This cannot obtained unless there is ensured food security. Food security has been defined as a situation when all people, at all times, have physical and economic access to sufficient, safe, and nutritious food needed to maintain a healthy and active life. At the same time, with ensured food security, we can hope to protect the natural resources and environment. The methodology used is descriptive-analytical, and its main purpose is determining the importance and role of food-security solutions in the reduction of environmental hazards and improvement of natural resources and the environmental situation in developing countries. Therefore, some of the most important food-security solutions that can play an important role in this relation were discussed, including conventional research-based technology, biotechnology, information and communication technologies (ICTs), alternative energy sources, and food irradiation.

An eCK-Secure Authenticated Key Exchange Protocol without Random Oracles

NASA Astrophysics Data System (ADS)

Moriyama, Daisuke; Okamoto, Tatsuaki

This paper presents a (PKI-based) two-pass authenticated key exchange (AKE) protocol that is secure in the extended Canetti-Krawczyk (eCK) security model. The security of the proposed protocol is proven without random oracles (under three assumptions), and relies on no implementation techniques such as a trick by LaMacchia, Lauter and Mityagin (so-called the NAXOS trick). Since an AKE protocol that is eCK-secure under a NAXOS-like implementation trick will be no more eCK-secure if some realistic information leakage occurs through side-channel attacks, it has been an important open problem how to realize an eCK-secure AKE protocol without using the NAXOS tricks (and without random oracles).

Proof of cipher text ownership based on convergence encryption

NASA Astrophysics Data System (ADS)

Zhong, Weiwei; Liu, Zhusong

2017-08-01

Cloud storage systems save disk space and bandwidth through deduplication technology, but with the use of this technology has been targeted security attacks: the attacker can get the original file just use hash value to deceive the server to obtain the file ownership. In order to solve the above security problems and the different security requirements of cloud storage system files, an efficient information theory security proof of ownership scheme is proposed. This scheme protects the data through the convergence encryption method, and uses the improved block-level proof of ownership scheme, and can carry out block-level client deduplication to achieve efficient and secure cloud storage deduplication scheme.

Transportation Self-Efficacy and Social Problem-Solving of Persons Who Are Blind or Visually Impaired.

PubMed

Crudden, Adele; O'Mally, Jamie; Antonelli, Karla

2016-01-01

Social problem-solving skills and transportation self-efficacy were assessed for 48 vocational rehabilitation consumers with visual disabilities who required assistance securing work transportation. Social problem solving was at the upper end of the normed average; transportation self-efficacy averaged 101.5 out of 140. Level of vision loss was not associated with score differences; urban residence related to slightly higher self-efficacy than suburban or rural residency. Participants appeared to have the skills necessary to secure employment transportation, but were less confident about transportation-seeking activities that required more initiative of social interaction. Training and information might help consumers gain confidence in these tasks and increase viable transportation options.

Guidelines for contingency planning NASA (National Aeronautics and Space Administration) ADP security risk reduction decision studies

NASA Technical Reports Server (NTRS)

Tompkins, F. G.

1984-01-01

Guidance is presented to NASA Computer Security Officials for determining the acceptability or unacceptability of ADP security risks based on the technical, operational and economic feasibility of potential safeguards. The risk management process is reviewed as a specialized application of the systems approach to problem solving and information systems analysis and design. Reporting the results of the risk reduction analysis to management is considered. Report formats for the risk reduction study are provided.

Development of building security integration system using sensors, microcontroller and GPS (Global Positioning System) based android smartphone

NASA Astrophysics Data System (ADS)

Sihombing, P.; Siregar, Y. M.; Tarigan, J. T.; Jaya, I.; Turnip, A.

2018-03-01

Security system is one of the common problems to protect an environment such as personal house or a warehouse. There are numerous methods and technologies that can be used as part of a security system. In this paper, we present a security system that offers a better efficiency. The purpose of this study is to build a system that can monitor home security at any time in particular fire and theft. Through sensors, the system will be able to provide warning information of hazard conditions via LCD monitor, sound, and alarm. This information will be sent automatically to the home owner’s smartphone as well as to the corresponding to the security agency. Thus the prevention of theft and fire hazards can be immediately anticipated by the police and firefighters. The system will also notify the position of the coordinates of the location of the building (the house) by a link to the Google map in order to make it easier to get the location quickly.

SURVIVABILITY THROUGH OPTIMIZING RESILIENT MECHANISMS (STORM)

DTIC Science & Technology

2017-04-01

STATEMENT Approved for Public Release; Distribution Unlimited. PA# 88ABW-2017-0894 Date Cleared: 07 Mar 2017 13. SUPPLEMENTARY NOTES 14. ABSTRACT Game ...quantitatively about cyber-attacks. Game theory is the branch of applied mathematics that formalizes strategic interaction among intelligent rational agents...mechanism based on game theory. This work has applied game theory to numerous cyber security problems: cloud security, cyber threat information sharing

Relativistic quantum cryptography

NASA Astrophysics Data System (ADS)

Molotkov, S. N.; Nazin, S. S.

2003-07-01

The problem of unconditional security of quantum cryptography (i.e. the security which is guaranteed by the fundamental laws of nature rather than by technical limitations) is one of the central points in quantum information theory. We propose a relativistic quantum cryptosystem and prove its unconditional security against any eavesdropping attempts. Relativistitic causality arguments allow to demonstrate the security of the system in a simple way. Since the proposed protocol does not empoly collective measurements and quantum codes, the cryptosystem can be experimentally realized with the present state-of-art in fiber optics technologies. The proposed cryptosystem employs only the individual measurements and classical codes and, in addition, the key distribution problem allows to postpone the choice of the state encoding scheme until after the states are already received instead of choosing it before sending the states into the communication channel (i.e. to employ a sort of "antedate" coding).

Development and Operation of a Modern Information Portal for the ISS Medical Groups

NASA Technical Reports Server (NTRS)

Damann, V.; Johnson, MaGee; Sargsyan, Ashot; McDonald, P. Vernon; Armstrong, C.; Scheer, M.; Duncan, J. Michael

2007-01-01

This viewgraph presentation begins with a review of some of the problems inherent in running medical services for the International Space Station. Part of the solution for the problems is the development of the information portal for the ISS medical groups. The presentation shows the tools that have been developed to assist in collaboration for the medical services, the security system and the capabilities of the portal.

Towards improving software security by using simulation to inform requirements and conceptual design

DOE PAGES

Nutaro, James J.; Allgood, Glenn O.; Kuruganti, Teja

2015-06-17

We illustrate the use of modeling and simulation early in the system life-cycle to improve security and reduce costs. The models that we develop for this illustration are inspired by problems in reliability analysis and supervisory control, for which similar models are used to quantify failure probabilities and rates. In the context of security, we propose that models of this general type can be used to understand trades between risk and cost while writing system requirements and during conceptual design, and thereby significantly reduce the need for expensive security corrections after a system enters operation

A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

PubMed

Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

2015-08-01

Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency.

The Role of Human Factors/Ergonomics in the Science of Security: Decision Making and Action Selection in Cyberspace.

PubMed

Proctor, Robert W; Chen, Jing

2015-08-01

The overarching goal is to convey the concept of science of security and the contributions that a scientifically based, human factors approach can make to this interdisciplinary field. Rather than a piecemeal approach to solving cybersecurity problems as they arise, the U.S. government is mounting a systematic effort to develop an approach grounded in science. Because humans play a central role in security measures, research on security-related decisions and actions grounded in principles of human information-processing and decision-making is crucial to this interdisciplinary effort. We describe the science of security and the role that human factors can play in it, and use two examples of research in cybersecurity--detection of phishing attacks and selection of mobile applications--to illustrate the contribution of a scientific, human factors approach. In these research areas, we show that systematic information-processing analyses of the decisions that users make and the actions they take provide a basis for integrating the human component of security science. Human factors specialists should utilize their foundation in the science of applied information processing and decision making to contribute to the science of cybersecurity. © 2015, Human Factors and Ergonomics Society.

Evaluation on Electronic Securities Settlements Systems by AHP Methods

NASA Astrophysics Data System (ADS)

Fukaya, Kiyoyuki; Komoda, Norihisa

Accompanying the spread of Internet and the change of business models, electronic commerce expands buisness areas. Electronic finance commerce becomes popular and especially online security tradings becoome very popular in this area. This online securitiy tradings have some good points such as less mistakes than telephone calls. In order to expand this online security tradings, the transfer of the security paper is one the largest problems to be solved. Because it takes a few days to transfer the security paper from a seller to a buyer. So the dematerialization of security papers is one of the solutions. The demterilization needs the information systems for setteling security. Some countries such as France, German, United Kingdom and U.S.A. have been strating the dematerialization projects. The legacy assesments on these projects focus from the viewpoint of the legal schemes only and there is no assessment from system architectures. This paper focuses on the information system scheme and valuates these dematerlization projects by AHP methods from the viewpoints of “dematerializaion of security papers", “speed of transfer", “usefulness on the system" and “accumulation of risks". This is the first case of valuations on security settlements systems by AHP methods, especially four counties’ systems.

Installation of secure, always available wireless LAN systems as a component of the hospital communication infrastructure.

PubMed

Hanada, Eisuke; Kudou, Takato; Tsumoto, Shusaku

2013-06-01

Wireless technologies as part of the data communication infrastructure of modern hospitals are being rapidly introduced. Even though there are concerns about problems associated with wireless communication security, the demand is remarkably large. In addition, insuring that the network is always available is important. Herein, we discuss security countermeasures and points to insure availability that must be taken to insure safe hospital/business use of wireless LAN systems, referring to the procedures introduced at Shimane University Hospital. Security countermeasures differ according to their purpose, such as for preventing illegal use or insuring availability, both of which are discussed. It is our hope that this information will assist others in their efforts to insure safe implementation of wireless LAN systems, especially in hospitals where they have the potential to greatly improve information sharing and patient safety.

Enabling search over encrypted multimedia databases

NASA Astrophysics Data System (ADS)

Lu, Wenjun; Swaminathan, Ashwin; Varna, Avinash L.; Wu, Min

2009-02-01

Performing information retrieval tasks while preserving data confidentiality is a desirable capability when a database is stored on a server maintained by a third-party service provider. This paper addresses the problem of enabling content-based retrieval over encrypted multimedia databases. Search indexes, along with multimedia documents, are first encrypted by the content owner and then stored onto the server. Through jointly applying cryptographic techniques, such as order preserving encryption and randomized hash functions, with image processing and information retrieval techniques, secure indexing schemes are designed to provide both privacy protection and rank-ordered search capability. Retrieval results on an encrypted color image database and security analysis of the secure indexing schemes under different attack models show that data confidentiality can be preserved while retaining very good retrieval performance. This work has promising applications in secure multimedia management.

Design of the Hospital Integrated Information Management System Based on Cloud Platform.

PubMed

Aijing, L; Jin, Y

2015-12-01

At present, the outdated information management style cannot meet the needs of hospital management, and has become the bottleneck of hospital's management and development. In order to improve the integrated management of information, hospitals have increased their investment in integrated information management systems. On account of the lack of reasonable and scientific design, some hospital integrated information management systems have common problems, such as unfriendly interface, poor portability and maintainability, low security and efficiency, lack of interactivity and information sharing. To solve the problem, this paper carries out the research and design of a hospital information management system based on cloud platform, which can realize the optimized integration of hospital information resources and save money.

Decoy-state quantum key distribution with a leaky source

NASA Astrophysics Data System (ADS)

Tamaki, Kiyoshi; Curty, Marcos; Lucamarini, Marco

2016-06-01

In recent years, there has been a great effort to prove the security of quantum key distribution (QKD) with a minimum number of assumptions. Besides its intrinsic theoretical interest, this would allow for larger tolerance against device imperfections in the actual implementations. However, even in this device-independent scenario, one assumption seems unavoidable, that is, the presence of a protected space devoid of any unwanted information leakage in which the legitimate parties can privately generate, process and store their classical data. In this paper we relax this unrealistic and hardly feasible assumption and introduce a general formalism to tackle the information leakage problem in most of existing QKD systems. More specifically, we prove the security of optical QKD systems using phase and intensity modulators in their transmitters, which leak the setting information in an arbitrary manner. We apply our security proof to cases of practical interest and show key rates similar to those obtained in a perfectly shielded environment. Our work constitutes a fundamental step forward in guaranteeing implementation security of quantum communication systems.

Information security concepts and practices: the case of a provincial multi-specialty hospital.

PubMed

Cavalli, Enrico; Mattasoglio, Andrea; Pinciroli, Francesco; Spaggiari, Piergiorgio

2004-03-31

In recent years, major and widely accepted information security understandings and achievements confirm that the problem is complex. They clarify that technologies are fundamental tools, but management processes have even bigger relevance, as also prestigious international magazines dossier clearly explained recently. Such a magazine attention outlines the wide impact that the subject has on watchful decision makers. ISO17799 is an emerging standard in information security. In principle there are no reasons for considering it not applicable to the health care sector. In practice, because of both the just conceptual level of the standard and the peculiarities of the health care data and institutions, a lot of analysis and design work need to be invested any time a health care institution decides to deal with the subject. CEN/ENV 12924 is another emerging standard certainly more on the spot of the health care. Nevertheless, it also asks for evident further investigation. The practical case of information security design, implementation, management, and auditing inside a multi-specialty provincial Italian hospital will be described.

The Effects of Risk and Size of Company on Business Performance in Information Technology Outsourcing

ERIC Educational Resources Information Center

Balogun, Shereef Adewale

2013-01-01

Information technology (IT) outsourcing is a practical way to transfer information technology by industries of different firms. The problem occurs when companies outsource services to domestic and international data centers as network security issues arise. This leads to competition between companies causing the size of the company to become more…

Marine data security based on blockchain technology

NASA Astrophysics Data System (ADS)

Yang, Zhao; Xie, Weiwei; Huang, Lei; Wei, Zhiqiang

2018-03-01

With the development of marine observation technology and network technology, the volume of marine data growing rapidly. This brings new challenges for data storage and transmission. How to protect data security of marine big data has become an urgent problem. The traditional information security methods’ characteristic is centralization. These technologies cannot provide whole process protection, e.g., data storage, data management and application of data. The blockchain technology is a novel technology, which can keep the data security and reliability by using decentralized methodology. It has aroused wide interest in the financial field. In this paper, we describe the concept, characteristics and key technologies of blockchain technology and introduce it into the field of marine data security.

Analyzing the security of an existing computer system

NASA Technical Reports Server (NTRS)

Bishop, M.

1986-01-01

Most work concerning secure computer systems has dealt with the design, verification, and implementation of provably secure computer systems, or has explored ways of making existing computer systems more secure. The problem of locating security holes in existing systems has received considerably less attention; methods generally rely on thought experiments as a critical step in the procedure. The difficulty is that such experiments require that a large amount of information be available in a format that makes correlating the details of various programs straightforward. This paper describes a method of providing such a basis for the thought experiment by writing a special manual for parts of the operating system, system programs, and library subroutines.

MedBlock: Efficient and Secure Medical Data Sharing Via Blockchain.

PubMed

Fan, Kai; Wang, Shangyang; Ren, Yanhui; Li, Hui; Yang, Yintang

2018-06-21

With the development of electronic information technology, electronic medical records (EMRs) have been a common way to store the patients' data in hospitals. They are stored in different hospitals' databases, even for the same patient. Therefore, it is difficult to construct a summarized EMR for one patient from multiple hospital databases due to the security and privacy concerns. Meanwhile, current EMRs systems lack a standard data management and sharing policy, making it difficult for pharmaceutical scientists to develop precise medicines based on data obtained under different policies. To solve the above problems, we proposed a blockchain-based information management system, MedBlock, to handle patients' information. In this scheme, the distributed ledger of MedBlock allows the efficient EMRs access and EMRs retrieval. The improved consensus mechanism achieves consensus of EMRs without large energy consumption and network congestion. In addition, MedBlock also exhibits high information security combining the customized access control protocols and symmetric cryptography. MedBlock can play an important role in the sensitive medical information sharing.

Attribute based encryption for secure sharing of E-health data

NASA Astrophysics Data System (ADS)

Charanya, R.; Nithya, S.; Manikandan, N.

2017-11-01

Distributed computing is one of the developing innovations in IT part and information security assumes a real part. It includes sending gathering of remote server and programming that permit the unified information and online access to PC administrations. Distributed computing depends on offering of asset among different clients are additionally progressively reallocated on interest. Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. The reasons for security and protection issues, which rise on the grounds that the health information possessed by distinctive clients are put away in some cloud servers rather than under their own particular control”z. To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed. In this paper, in order to make ehealth data’s more secure we use multi party in cloud computing system. Where the health data is encrypted using attributes and key policy. And the user with a particular attribute and key policy alone will be able to decrypt the health data after it is verified by “key distribution centre” and the “secure data distributor”. This technique can be used in medical field for secure storage of patient details and limiting to particular doctor access. To make data’s scalable secure we need to encrypt the health data before outsourcing.

Strategic Arguments and Tactical Battles over Federal Information Policy.

ERIC Educational Resources Information Center

Sherwood, Diane E.

1990-01-01

Examines public agency attempts to disseminate information in ways that satisfy constituencies, Office of Management and Budget (OMB), and the private sector. The Securities and Exchange Commission's release of EDGAR, the Patent and Trademark Office's recent lawsuit, and Department of Defense problems with Fedlog are cited. Statements and policy…

Effects of Multiple Maltreatment Experiences among Psychiatrically Hospitalized Youth

ERIC Educational Resources Information Center

Boxer, Paul; Terranova, Andrew M.

2008-01-01

Objective: Relying on indicators coded from information collected routinely during intake assessments at a secure inpatient psychiatric facility, this study examined the extent to which different forms of maltreatment accounted for variations in youths' emotional and behavioral problems. Methods: Clinical information was reviewed for a large (N =…

Authenticated multi-user quantum key distribution with single particles

NASA Astrophysics Data System (ADS)

Lin, Song; Wang, Hui; Guo, Gong-De; Ye, Guo-Hua; Du, Hong-Zhen; Liu, Xiao-Fen

2016-03-01

Quantum key distribution (QKD) has been growing rapidly in recent years and becomes one of the hottest issues in quantum information science. During the implementation of QKD on a network, identity authentication has been one main problem. In this paper, an efficient authenticated multi-user quantum key distribution (MQKD) protocol with single particles is proposed. In this protocol, any two users on a quantum network can perform mutual authentication and share a secure session key with the assistance of a semi-honest center. Meanwhile, the particles, which are used as quantum information carriers, are not required to be stored, therefore the proposed protocol is feasible with current technology. Finally, security analysis shows that this protocol is secure in theory.

The Intersection of National Security and Climate Change

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hund, Gretchen; Fankhauser, Jana G.; Kurzrok, Andrew J.

On June 4, 2014, the Henry M. Jackson Foundation and the Pacific Northwest National Laboratory hosted a groundbreaking symposium in Seattle, Washington, that brought together 36 leaders from federal agencies, state and local governments, NGOs, business, and academia. The participants examined approaches and tools to help decision makers make informed choices about the climate and security risks they face. The following executive summary is based on the day’s discussions and examines the problem of climate change and its impact on national security, the responses to date, and future considerations.

Distinguishability of quantum states and shannon complexity in quantum cryptography

NASA Astrophysics Data System (ADS)

Arbekov, I. M.; Molotkov, S. N.

2017-07-01

The proof of the security of quantum key distribution is a rather complex problem. Security is defined in terms different from the requirements imposed on keys in classical cryptography. In quantum cryptography, the security of keys is expressed in terms of the closeness of the quantum state of an eavesdropper after key distribution to an ideal quantum state that is uncorrelated to the key of legitimate users. A metric of closeness between two quantum states is given by the trace metric. In classical cryptography, the security of keys is understood in terms of, say, the complexity of key search in the presence of side information. In quantum cryptography, side information for the eavesdropper is given by the whole volume of information on keys obtained from both quantum and classical channels. The fact that the mathematical apparatuses used in the proof of key security in classical and quantum cryptography are essentially different leads to misunderstanding and emotional discussions [1]. Therefore, one should be able to answer the question of how different cryptographic robustness criteria are related to each other. In the present study, it is shown that there is a direct relationship between the security criterion in quantum cryptography, which is based on the trace distance determining the distinguishability of quantum states, and the criterion in classical cryptography, which uses guesswork on the determination of a key in the presence of side information.

Delivery Path Length and Holding Tree Minimization Method of Securities Delivery among the Registration Agencies Connected as Non-Tree

NASA Astrophysics Data System (ADS)

Shimamura, Atsushi; Moritsu, Toshiyuki; Someya, Harushi

To dematerialize the securities such as stocks or cooporate bonds, the securities were registered to account in the registration agencies which were connected as tree. This tree structure had the advantage in the management of the securities those were issued large amount and number of brands of securities were limited. But when the securities such as account receivables or advance notes are dematerialized, number of brands of the securities increases extremely. In this case, the management of securities with tree structure becomes very difficult because of the concentration of information to root of the tree. To resolve this problem, using the graph structure is assumed instead of the tree structure. When the securities are kept with tree structure, the delivery path of securities is unique, but when securities are kept with graph structure, path of delivery is not unique. In this report, we describe the requirement of the delivery path of securities, and we describe selecting method of the path.

Famine Early Warning Systems and Their Use of Satellite Remote Sensing Data

NASA Technical Reports Server (NTRS)

Brown, Molly E.; Essam, Timothy; Leonard, Kenneth

2011-01-01

Famine early warning organizations have experience that has much to contribute to efforts to incorporate climate and weather information into economic and political systems. Food security crises are now caused almost exclusively by problems of food access, not absolute food availability, but the role of monitoring agricultural production both locally and globally remains central. The price of food important to the understanding of food security in any region, but it needs to be understood in the context of local production. Thus remote sensing is still at the center of much food security analysis, along with an examination of markets, trade and economic policies during food security analyses. Technology including satellite remote sensing, earth science models, databases of food production and yield, and modem telecommunication systems contributed to improved food production information. Here we present an econometric approach focused on bringing together satellite remote sensing and market analysis into food security assessment in the context of early warning.

EMRlog method for computer security for electronic medical records with logic and data mining.

PubMed

Martínez Monterrubio, Sergio Mauricio; Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system.

EMRlog Method for Computer Security for Electronic Medical Records with Logic and Data Mining

PubMed Central

Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system. PMID:26495300

Ensuring the security and availability of a hospital wireless LAN system.

PubMed

Hanada, Eisuke; Kudou, Takato; Tsumoto, Shusaku

2013-01-01

Wireless technologies as part of the data communication infrastructure of modern hospitals are being rapidly introduced. Even though there are concerns about problems associated with wireless communication security, the demand is remarkably large. Herein we discuss security countermeasures that must be taken and issues concerning availability that must be considered to ensure safe hospital/business use of wireless LAN systems, referring to the procedures introduced at a university hospital. Security countermeasures differ according to their purpose, such as preventing illegal use or ensuring availability, both of which are discussed. The main focus of the availability discussion is on signal reach, electromagnetic noise elimination, and maintaining power supply to the network apparatus. It is our hope that this information will assist others in their efforts to ensure safe implementation of wireless LAN systems, especially in hospitals where they have the potential to greatly improve information sharing and patient safety.

Analysis of the Demand for Distance Education at Eastern and Central European Higher Education Institutions

ERIC Educational Resources Information Center

Vasilevska, Daina; Rivza, Baiba; Pivac, Tatjana; Alekneviciene, Vilija; Parlinska, Agnieszka

2017-01-01

Distance education as one of the new and perspective forms of completing higher education increases in popularity around the world. At the same time, the development of this model of education generates new problems: organization of the study process and information security. Distance learning allows solving a problem of accessibility of higher…

Design of the Hospital Integrated Information Management System Based on Cloud Platform

PubMed Central

Aijing, L; Jin, Y

2015-01-01

ABSTRACT At present, the outdated information management style cannot meet the needs of hospital management, and has become the bottleneck of hospital's management and development. In order to improve the integrated management of information, hospitals have increased their investment in integrated information management systems. On account of the lack of reasonable and scientific design, some hospital integrated information management systems have common problems, such as unfriendly interface, poor portability and maintainability, low security and efficiency, lack of interactivity and information sharing. To solve the problem, this paper carries out the research and design of a hospital information management system based on cloud platform, which can realize the optimized integration of hospital information resources and save money. PMID:27399033

A privacy preserving protocol for tracking participants in phase I clinical trials.

PubMed

El Emam, Khaled; Farah, Hanna; Samet, Saeed; Essex, Aleksander; Jonker, Elizabeth; Kantarcioglu, Murat; Earle, Craig C

2015-10-01

Some phase 1 clinical trials offer strong financial incentives for healthy individuals to participate in their studies. There is evidence that some individuals enroll in multiple trials concurrently. This creates safety risks and introduces data quality problems into the trials. Our objective was to construct a privacy preserving protocol to track phase 1 participants to detect concurrent enrollment. A protocol using secure probabilistic querying against a database of trial participants that allows for screening during telephone interviews and on-site enrollment was developed. The match variables consisted of demographic information. The accuracy (sensitivity, precision, and negative predictive value) of the matching and its computational performance in seconds were measured under simulated environments. Accuracy was also compared to non-secure matching methods. The protocol performance scales linearly with the database size. At the largest database size of 20,000 participants, a query takes under 20s on a 64 cores machine. Sensitivity, precision, and negative predictive value of the queries were consistently at or above 0.9, and were very similar to non-secure versions of the protocol. The protocol provides a reasonable solution to the concurrent enrollment problems in phase 1 clinical trials, and is able to ensure that personal information about participants is kept secure. Copyright © 2015 The Authors. Published by Elsevier Inc. All rights reserved.

A Weakest Precondition Approach to Robustness

NASA Astrophysics Data System (ADS)

Balliu, Musard; Mastroeni, Isabella

With the increasing complexity of information management computer systems, security becomes a real concern. E-government, web-based financial transactions or military and health care information systems are only a few examples where large amount of information can reside on different hosts distributed worldwide. It is clear that any disclosure or corruption of confidential information in these contexts can result fatal. Information flow controls constitute an appealing and promising technology to protect both data confidentiality and data integrity. The certification of the security degree of a program that runs in untrusted environments still remains an open problem in the area of language-based security. Robustness asserts that an active attacker, who can modify program code in some fixed points (holes), is unable to disclose more private information than a passive attacker, who merely observes unclassified data. In this paper, we extend a method recently proposed for checking declassified non-interference in presence of passive attackers only, in order to check robustness by means of weakest precondition semantics. In particular, this semantics simulates the kind of analysis that can be performed by an attacker, i.e., from public output towards private input. The choice of semantics allows us to distinguish between different attacks models and to characterize the security of applications in different scenarios.

Soft drinks consumption and child behaviour problems: the role of food insecurity and sleep patterns.

PubMed

King, Christian

2017-02-01

To examine whether the association between soft drinks consumption and child behaviour problems differs by food security status and sleep patterns in young children. Cross-sectional observational data from the Fragile Families and Child Wellbeing Study (FFCWS), which collected information on food insecurity, soft drinks consumption, sleep patterns and child behaviour problems. Bivariate and multivariate ordinary least-squares regression analyses predicting child behaviour problems and accounting for socio-economic factors and household characteristics were performed. Twenty urban cities in the USA with a population of 200 000 or more. Parental interviews of 2829 children who were about 5 years old. Soft drinks consumption was associated with aggressive behaviours, withdrawn and attention problems for children aged 5 years. However, the association differed by food security status. The association was mostly statistically insignificant among food-secure children after accounting for socio-economic and demographic characteristics. On the other hand, soft drinks consumption was associated with behaviour problems for food-insecure children even after accounting for these factors. However, after accounting for child sleep patterns, the association between soft drinks consumption and child behaviour problems became statistically insignificant for food-insecure children. The negative association between soft drinks consumption and child behaviour problems could be explained by sleep problems for food-insecure children. Since about 21 % of households with children are food insecure, targeted efforts to reduce food insecurity would help improve dietary (reduce soft drinks consumption) and health behaviours (improve sleep) and reduce child behaviour problems.

Ver-i-Fus: an integrated access control and information monitoring and management system

NASA Astrophysics Data System (ADS)

Thomopoulos, Stelios C.; Reisman, James G.; Papelis, Yiannis E.

1997-01-01

This paper describes the Ver-i-Fus Integrated Access Control and Information Monitoring and Management (IAC-I2M) system that INTELNET Inc. has developed. The Ver-i-Fus IAC-I2M system has been designed to meet the most stringent security and information monitoring requirements while allowing two- way communication between the user and the system. The systems offers a flexible interface that permits to integrate practically any sensing device, or combination of sensing devices, including a live-scan fingerprint reader, thus providing biometrics verification for enhanced security. Different configurations of the system provide solutions to different sets of access control problems. The re-configurable hardware interface, tied together with biometrics verification and a flexible interface that allows to integrate Ver-i-Fus with an MIS, provide an integrated solution to security, time and attendance, labor monitoring, production monitoring, and payroll applications.

Threats and risks to information security: a practical analysis of free access wireless networks

NASA Astrophysics Data System (ADS)

Quirumbay, Daniel I.; Coronel, Iván. A.; Bayas, Marcia M.; Rovira, Ronald H.; Gromaszek, Konrad; Tleshova, Akmaral; Kozbekova, Ainur

2017-08-01

Nowadays, there is an ever-growing need to investigate, consult and communicate through the internet. This need leads to the intensification of free access to the web in strategic and functional points for the benefit of the community. However, this open access is also related to the increase of information insecurity. The existing works on computer security primarily focus on the development of techniques to reduce cyber-attacks. However, these approaches do not address the sector of inexperienced users who have difficulty understanding browser settings. Two methods can solve this problem: first the development of friendly browsers with intuitive setups for new users and on the other hand, by implementing awareness programs on essential security without deepening on technical information. This article addresses an analysis of the vulnerabilities of wireless equipment that provides internet service in the open access zones and the potential risks that could be found when using these means.

A secure EHR system based on hybrid clouds.

PubMed

Chen, Yu-Yi; Lu, Jun-Chao; Jan, Jinn-Ke

2012-10-01

Consequently, application services rendering remote medical services and electronic health record (EHR) have become a hot topic and stimulating increased interest in studying this subject in recent years. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. Sharing EHR information can provide professional medical programs with consultancy, evaluation, and tracing services can certainly improve accessibility to the public receiving medical services or medical information at remote sites. With the widespread use of EHR, building a secure EHR sharing environment has attracted a lot of attention in both healthcare industry and academic community. Cloud computing paradigm is one of the popular healthIT infrastructures for facilitating EHR sharing and EHR integration. In this paper, we propose an EHR sharing and integration system in healthcare clouds and analyze the arising security and privacy issues in access and management of EHRs.

Intrusion Detection in Database Systems

NASA Astrophysics Data System (ADS)

Javidi, Mohammad M.; Sohrabi, Mina; Rafsanjani, Marjan Kuchaki

Data represent today a valuable asset for organizations and companies and must be protected. Ensuring the security and privacy of data assets is a crucial and very difficult problem in our modern networked world. Despite the necessity of protecting information stored in database systems (DBS), existing security models are insufficient to prevent misuse, especially insider abuse by legitimate users. One mechanism to safeguard the information in these databases is to use an intrusion detection system (IDS). The purpose of Intrusion detection in database systems is to detect transactions that access data without permission. In this paper several database Intrusion detection approaches are evaluated.

Academic Information Security Researchers: Hackers or Specialists?

PubMed

Dadkhah, Mehdi; Lagzian, Mohammad; Borchardt, Glenn

2018-04-01

In this opinion piece, we present a synopsis of our findings from the last 2 years concerning cyber-attacks on web-based academia. We also present some of problems that we have faced and try to resolve any misunderstandings about our work. We are academic information security specialists, not hackers. Finally, we present a brief overview of our methods for detecting cyber fraud in an attempt to present general guidelines for researchers who would like to continue our work. We believe that our work is necessary for protecting the integrity of scholarly publishing against emerging cybercrime.

Role of Outsourcing in Stress and Job Satisfaction of Information Technology Professionals

ERIC Educational Resources Information Center

Robinson, Janell R.

2016-01-01

Information technology (IT) outsourcing poses a potential job loss threat to IT professionals, which can decrease job security, job satisfaction, and organizational commitment. The problem that this study addressed was the perceived role of IT outsourcing in the job stress, job dissatisfaction, and turnover intention of IT professionals. The…

Proposal of Secure VoIP System Using Attribute Certificate

NASA Astrophysics Data System (ADS)

Kim, Jin-Mook; Jeong, Young-Ae; Hong, Seong-Sik

VoIP is a service that changes the analogue audio signal into a digital signal and then transfers the audio information to the users after configuring it as a packet; and it has an advantage of lower price than the existing voice call service and better extensibility. However, VoIP service has a system structure that, compared to the existing PSTN (Public Switched Telephone Network), has poor call quality and is vulnerable in the security aspect. To make up these problems, TLS service was introduced to enhance the security. In practical system, however, since QoS problem occurs, it is necessary to develop the VoIP security system that can satisfy QoS at the same time in the security aspect. In this paper, a user authentication VoIP system that can provide a service according to the security and the user through providing a differential service according to the approach of the users by adding AA server at the step of configuring the existing VoIP session is suggested. It was found that the proposed system of this study provides a quicker QoS than the TLS-added system at a similar level of security. Also, it is able to provide a variety of additional services by the different users.

Security Threat Assessment of an Internet Security System Using Attack Tree and Vague Sets

PubMed Central

2014-01-01

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete—the traditional approach for calculating reliability—is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods. PMID:25405226

Security threat assessment of an Internet security system using attack tree and vague sets.

PubMed

Chang, Kuei-Hu

2014-01-01

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete--the traditional approach for calculating reliability--is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods.

Security Recommendations for mHealth Apps: Elaboration of a Developer's Guide.

PubMed

Morera, Enrique Pérez; de la Torre Díez, Isabel; Garcia-Zapirain, Begoña; López-Coronado, Miguel; Arambarri, Jon

2016-06-01

Being the third fastest-growing app category behind games and utilities, mHealth apps are changing the healthcare model, as medicine today involves the data they compile and analyse, information known as Big Data. However, the majority of apps are lacking in security when gathering and dealing with the information, which becomes a serious problem. This article presents a guide regarding security solution, intended to be of great use for developers of mHealth apps. In August 2015 current mobile health apps were sought out in virtual stores such as Android Google Play, Apple iTunes App Store etc., in order to classify them in terms of usefulness. After this search, the most widespread weaknesses in the field of security in the development of these mobile apps were examined, based on sources such as the "OWASP Mobile Security Project, the initiative recently launched by the Office of Civil Rights (OCR), and other articles of scientific interest. An informative, elemental guide has been created for the development of mHealth apps. It includes information about elements of security and its implementation on different levels for all types of mobile health apps based on the data that each app manipulates, the associated calculated risk as a result of the likelihood of occurrence and the threat level resulting from its vulnerabilities - high level (apps for monitoring, diagnosis, treatment and care) from 6 ≤ 9, medium level (calculator, localizer and alarm) from 3 ≤ 6 and low level (informative and educational apps) from 0 ≤ 3. The guide aims to guarantee and facilitate security measures in the development of mobile health applications by programmers unconnected to the ITC and professional health areas.

CD-ROM and Metering--An Overview.

ERIC Educational Resources Information Center

Shear, Victor

1992-01-01

Discusses the need for security and metering features for CD-ROM products. Topics covered include user productivity issues, pricing problems, integrated information resources, advantages of CD-ROM distribution systems, unauthorized use, content encryption, and multiple simultaneous meters. (MES)

Quantum key distribution session with 16-dimensional photonic states.

PubMed

Etcheverry, S; Cañas, G; Gómez, E S; Nogueira, W A T; Saavedra, C; Xavier, G B; Lima, G

2013-01-01

The secure transfer of information is an important problem in modern telecommunications. Quantum key distribution (QKD) provides a solution to this problem by using individual quantum systems to generate correlated bits between remote parties, that can be used to extract a secret key. QKD with D-dimensional quantum channels provides security advantages that grow with increasing D. However, the vast majority of QKD implementations has been restricted to two dimensions. Here we demonstrate the feasibility of using higher dimensions for real-world quantum cryptography by performing, for the first time, a fully automated QKD session based on the BB84 protocol with 16-dimensional quantum states. Information is encoded in the single-photon transverse momentum and the required states are dynamically generated with programmable spatial light modulators. Our setup paves the way for future developments in the field of experimental high-dimensional QKD.

Quantum key distribution session with 16-dimensional photonic states

NASA Astrophysics Data System (ADS)

Etcheverry, S.; Cañas, G.; Gómez, E. S.; Nogueira, W. A. T.; Saavedra, C.; Xavier, G. B.; Lima, G.

2013-07-01

The secure transfer of information is an important problem in modern telecommunications. Quantum key distribution (QKD) provides a solution to this problem by using individual quantum systems to generate correlated bits between remote parties, that can be used to extract a secret key. QKD with D-dimensional quantum channels provides security advantages that grow with increasing D. However, the vast majority of QKD implementations has been restricted to two dimensions. Here we demonstrate the feasibility of using higher dimensions for real-world quantum cryptography by performing, for the first time, a fully automated QKD session based on the BB84 protocol with 16-dimensional quantum states. Information is encoded in the single-photon transverse momentum and the required states are dynamically generated with programmable spatial light modulators. Our setup paves the way for future developments in the field of experimental high-dimensional QKD.

Quantum key distribution session with 16-dimensional photonic states

PubMed Central

Etcheverry, S.; Cañas, G.; Gómez, E. S.; Nogueira, W. A. T.; Saavedra, C.; Xavier, G. B.; Lima, G.

2013-01-01

The secure transfer of information is an important problem in modern telecommunications. Quantum key distribution (QKD) provides a solution to this problem by using individual quantum systems to generate correlated bits between remote parties, that can be used to extract a secret key. QKD with D-dimensional quantum channels provides security advantages that grow with increasing D. However, the vast majority of QKD implementations has been restricted to two dimensions. Here we demonstrate the feasibility of using higher dimensions for real-world quantum cryptography by performing, for the first time, a fully automated QKD session based on the BB84 protocol with 16-dimensional quantum states. Information is encoded in the single-photon transverse momentum and the required states are dynamically generated with programmable spatial light modulators. Our setup paves the way for future developments in the field of experimental high-dimensional QKD. PMID:23897033

Analysis of Computer Network Information Based on "Big Data"

NASA Astrophysics Data System (ADS)

Li, Tianli

2017-11-01

With the development of the current era, computer network and large data gradually become part of the people's life, people use the computer to provide convenience for their own life, but at the same time there are many network information problems has to pay attention. This paper analyzes the information security of computer network based on "big data" analysis, and puts forward some solutions.

Design and implementation of website information disclosure assessment system.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2015-01-01

Internet application technologies, such as cloud computing and cloud storage, have increasingly changed people's lives. Websites contain vast amounts of personal privacy information. In order to protect this information, network security technologies, such as database protection and data encryption, attract many researchers. The most serious problems concerning web vulnerability are e-mail address and network database leakages. These leakages have many causes. For example, malicious users can steal database contents, taking advantage of mistakes made by programmers and administrators. In order to mitigate this type of abuse, a website information disclosure assessment system is proposed in this study. This system utilizes a series of technologies, such as web crawler algorithms, SQL injection attack detection, and web vulnerability mining, to assess a website's information disclosure. Thirty websites, randomly sampled from the top 50 world colleges, were used to collect leakage information. This testing showed the importance of increasing the security and privacy of website information for academic websites.

A security architecture for interconnecting health information systems.

PubMed

Gritzalis, Dimitris; Lambrinoudakis, Costas

2004-03-31

Several hereditary and other chronic diseases necessitate continuous and complicated health care procedures, typically offered in different, often distant, health care units. Inevitably, the medical records of patients suffering from such diseases become complex, grow in size very fast and are scattered all over the units involved in the care process, hindering communication of information between health care professionals. Web-based electronic medical records have been recently proposed as the solution to the above problem, facilitating the interconnection of the health care units in the sense that health care professionals can now access the complete medical record of the patient, even if it is distributed in several remote units. However, by allowing users to access information from virtually anywhere, the universe of ineligible people who may attempt to harm the system is dramatically expanded, thus severely complicating the design and implementation of a secure environment. This paper presents a security architecture that has been mainly designed for providing authentication and authorization services in web-based distributed systems. The architecture has been based on a role-based access scheme and on the implementation of an intelligent security agent per site (i.e. health care unit). This intelligent security agent: (a). authenticates the users, local or remote, that can access the local resources; (b). assigns, through temporary certificates, access privileges to the authenticated users in accordance to their role; and (c). communicates to other sites (through the respective security agents) information about the local users that may need to access information stored in other sites, as well as about local resources that can be accessed remotely.

Network systems security analysis

NASA Astrophysics Data System (ADS)

Yilmaz, Ä.°smail

2015-05-01

Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

Database security and encryption technology research and application

NASA Astrophysics Data System (ADS)

Zhu, Li-juan

2013-03-01

The main purpose of this paper is to discuss the current database information leakage problem, and discuss the important role played by the message encryption techniques in database security, As well as MD5 encryption technology principle and the use in the field of website or application. This article is divided into introduction, the overview of the MD5 encryption technology, the use of MD5 encryption technology and the final summary. In the field of requirements and application, this paper makes readers more detailed and clearly understood the principle, the importance in database security, and the use of MD5 encryption technology.

Improving security of the ping-pong protocol

NASA Astrophysics Data System (ADS)

Zawadzki, Piotr

2013-01-01

A security layer for the asymptotically secure ping-pong protocol is proposed and analyzed in the paper. The operation of the improvement exploits inevitable errors introduced by the eavesdropping in the control and message modes. Its role is similar to the privacy amplification algorithms known from the quantum key distribution schemes. Messages are processed in blocks which guarantees that an eavesdropper is faced with a computationally infeasible problem as long as the system parameters are within reasonable limits. The introduced additional information preprocessing does not require quantum memory registers and confidential communication is possible without prior key agreement or some shared secret.

Probabilistic Solution of Inverse Problems.

DTIC Science & Technology

1985-09-01

AODRESSIl differentI from Conat.oildun 0111C*) It. SECURITY CLASS (ofll ~e vport) Office of Naval Research UCASFE Information Systems ...report describes research done within the Laboratory for Information and Decision Systems and the Artificial Intelligence Laboratory at the Massachusetts...analysis of systems endowed with perceptual abilities is the construction of internal representations of the physical structures in the external world

78 FR 27399 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-10

... Information Collection: Social Security Office (SSO) Report of State Buy-in Problem; Use: Under Section 1843... State Buy-in program is to assure that Medicaid is the payer of last resort by permitting a state to... assistance plan. State Buy-in also has the effect of transferring some medical costs for this population from...

Meeting EHR security requirements: SeAAS approach.

PubMed

Katt, Basel; Trojer, Thomas; Breu, Ruth; Schabetsberger, Thomas; Wozak, Florian

2010-01-01

In the last few years, Electronic Health Record (EHR) systems have received a great attention in the literature, as well as in the industry. They are expected to lead to health care savings, increase health care quality and reduce medical errors. This interest has been accompanied by the development of different standards and frameworks to meet EHR challenges. One of the most important initiatives that was developed to solve problems of EHR is IHE (Integrating the Healthcare Enterprise), which adapts the distributed approach to store and manage healthcare data. IHE aims at standardizing the way healthcare systems exchange information in distributed environments. For this purpose it defines several so called Integration Profiles that specify the interactions and the interfaces (Transactions) between various healthcare systems (Actors) or entities. Security was considered also in few profiles that tackled the main security requirements, mainly authentication and audit trails. The security profiles of IHE currently suffer two drawbacks. First, they apply end point security methodology, which has been proven recently to be insufficient and cumbersome in distributed and heterogeneous environment. Second, the current security profiles for more complex security requirements are oversimplified, vague and do not consider architectural design. This recently changed to some extend e.g., with the introduction of newly published white papers regarding privacy [5] and access control [9]. In order to solve the first problem we utilize results of previous studies conducted in the area of security-aware IHE-based systems and the state-of-the-art Security-as-a-Service approach as a convenient methodology to group domain-wide security needs and overcome the end point security shortcomings.

Priority Intelligence Requirements: The Operational Vacuum

DTIC Science & Technology

1990-05-16

armored vehicles , not ho!: the systems are used to achieve operational goals.34 Enemy mobilization, employment philosophy, and history are excluded in...extensive security problems create massive bottlenecks in the dissemination of intellingence information .48 Today, we sport a tremendous intelligence

The Myth of Employee Planning for Retirement

ERIC Educational Resources Information Center

Morrison, Malcolm H.

1975-01-01

A survey of male hourly-wage earners indicates employees face serious problems in planning for income security in retirement. Retirement preparation programs that supply information and technical planning expertise are needed to assist employees in realistic retirement planning. (EA)

Fundamental quantitative security in quantum key generation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yuen, Horace P.

2010-12-15

We analyze the fundamental security significance of the quantitative criteria on the final generated key K in quantum key generation including the quantum criterion d, the attacker's mutual information on K, and the statistical distance between her distribution on K and the uniform distribution. For operational significance a criterion has to produce a guarantee on the attacker's probability of correctly estimating some portions of K from her measurement, in particular her maximum probability of identifying the whole K. We distinguish between the raw security of K when the attacker just gets at K before it is used in a cryptographicmore » context and its composition security when the attacker may gain further information during its actual use to help get at K. We compare both of these securities of K to those obtainable from conventional key expansion with a symmetric key cipher. It is pointed out that a common belief in the superior security of a quantum generated K is based on an incorrect interpretation of d which cannot be true, and the security significance of d is uncertain. Generally, the quantum key distribution key K has no composition security guarantee and its raw security guarantee from concrete protocols is worse than that of conventional ciphers. Furthermore, for both raw and composition security there is an exponential catch-up problem that would make it difficult to quantitatively improve the security of K in a realistic protocol. Some possible ways to deal with the situation are suggested.« less

My, your and our needs for safety and security: relatives' reflections on using information and communication technology in dementia care.

PubMed

Olsson, Annakarin; Engström, Maria; Skovdahl, Kirsti; Lampic, Claudia

2012-03-01

The present paper reports on a study aimed at describing relatives' reflections on different kinds of information and communication technology (ICT) devices that are used or can be used in the daily care of persons with dementia. Many persons with dementia continue living in their own homes, which requires the support of their relatives. One way to meet the needs of relatives and persons with dementia is to use ICT. An interview study was conducted in Sweden (2007-2008) with a purposive sample of 14 spouses of a person with dementia. Qualitative content analysis was used to identify categories and themes in the data. Relatives' reflections on the use of ICT were described as ICT - a support in daily life, ICT - internal and external conditions and ICT - the decision to use or not use. Based on these categories, a theme was revealed: shifting between different perspectives: my, your and our needs for safety and security. Relatives struggle to create a situation of safety and security in daily life for themselves and the persons with dementia. ICT devices with the right functionality and used at the right time are regarded as useful in solving everyday problems. In the decision to use or not use ICT, the opportunity to create a safe and secure environment overshadows potential ethical problems. Providing early information about ICT to persons with dementia and their relatives could facilitate joint decision-making regarding use of ICT. © 2011 The Authors. Scandinavian Journal of Caring Sciences © 2011 Nordic College of Caring Science.

Security Analysis and Improvement of 'a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System'.

PubMed

Islam, S K Hafizul; Khan, Muhammad Khurram; Li, Xiong

2015-01-01

Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.'s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen's scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature.

Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’

PubMed Central

Islam, SK Hafizul; Khan, Muhammad Khurram; Li, Xiong

2015-01-01

Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.’s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen’s scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature. PMID:26263401

Collaborative Access Control For Critical Infrastructures

NASA Astrophysics Data System (ADS)

Baina, Amine; El Kalam, Anas Abou; Deswarte, Yves; Kaaniche, Mohamed

A critical infrastructure (CI) can fail with various degrees of severity due to physical and logical vulnerabilities. Since many interdependencies exist between CIs, failures can have dramatic consequences on the entire infrastructure. This paper focuses on threats that affect information and communication systems that constitute the critical information infrastructure (CII). A new collaborative access control framework called PolyOrBAC is proposed to address security problems that are specific to CIIs. The framework offers each organization participating in a CII the ability to collaborate with other organizations while maintaining control of its resources and internal security policy. The approach is demonstrated on a practical scenario involving the electrical power grid.

Quantum communication and information processing

NASA Astrophysics Data System (ADS)

Beals, Travis Roland

Quantum computers enable dramatically more efficient algorithms for solving certain classes of computational problems, but, in doing so, they create new problems. In particular, Shor's Algorithm allows for efficient cryptanalysis of many public-key cryptosystems. As public key cryptography is a critical component of present-day electronic commerce, it is crucial that a working, secure replacement be found. Quantum key distribution (QKD), first developed by C.H. Bennett and G. Brassard, offers a partial solution, but many challenges remain, both in terms of hardware limitations and in designing cryptographic protocols for a viable large-scale quantum communication infrastructure. In Part I, I investigate optical lattice-based approaches to quantum information processing. I look at details of a proposal for an optical lattice-based quantum computer, which could potentially be used for both quantum communications and for more sophisticated quantum information processing. In Part III, I propose a method for converting and storing photonic quantum bits in the internal state of periodically-spaced neutral atoms by generating and manipulating a photonic band gap and associated defect states. In Part II, I present a cryptographic protocol which allows for the extension of present-day QKD networks over much longer distances without the development of new hardware. I also present a second, related protocol which effectively solves the authentication problem faced by a large QKD network, thus making QKD a viable, information-theoretic secure replacement for public key cryptosystems.

Creativity: Creativity in Complex Military Systems

DTIC Science & Technology

2017-05-25

generation later in the problem-solving process. The design process is an alternative problem-solving framework individuals or groups use to orient...no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently valid OMB control ...the potential of their formations. 15. SUBJECT TERMS Creativity, Divergent Thinking, Design , Systems Thinking, Operational Art 16. SECURITY

Unconditional security from noisy quantum storage

NASA Astrophysics Data System (ADS)

Wehner, Stephanie

2010-03-01

We consider the implementation of two-party cryptographic primitives based on the sole physical assumption that no large-scale reliable quantum storage is available to the cheating party. An important example of such a task is secure identification. Here, Alice wants to identify herself to Bob (possibly an ATM machine) without revealing her password. More generally, Alice and Bob wish to solve problems where Alice holds an input x (e.g. her password), and Bob holds an input y (e.g. the password an honest Alice should possess), and they want to obtain the value of some function f(x,y) (e.g. the equality function). Security means that the legitimate users should not learn anything beyond this specification. That is, Alice should not learn anything about y and Bob should not learn anything about x, other than what they may be able to infer from the value of f(x,y). We show that any such problem can be solved securely in the noisy-storage model by constructing protocols for bit commitment and oblivious transfer, where we prove security against the most general attack. Our protocols can be implemented with present-day hardware used for quantum key distribution. In particular, no quantum storage is required for the honest parties. Our work raises a large number of immediate theoretical as well as experimental questions related to many aspects of quantum information science, such as for example understanding the information carrying properties of quantum channels and memories, randomness extraction, min-entropy sampling, as well as constructing small handheld devices which are suitable for the task of secure identification. [4pt] Full version available at arXiv:0906.1030 (theoretical) and arXiv:0911.2302 (practically oriented).

An effective and secure key-management scheme for hierarchical access control in E-medicine system.

PubMed

Odelu, Vanga; Das, Ashok Kumar; Goswami, Adrijit

2013-04-01

Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against 'man-in-the-middle attack' or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.'s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu-Chen's scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu-Chen's scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu-Chen's scheme, Nikooghadam-Zakerolhosseini's scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems.

Secure Fusion Estimation for Bandwidth Constrained Cyber-Physical Systems Under Replay Attacks.

PubMed

Chen, Bo; Ho, Daniel W C; Hu, Guoqiang; Yu, Li; Bo Chen; Ho, Daniel W C; Guoqiang Hu; Li Yu; Chen, Bo; Ho, Daniel W C; Hu, Guoqiang; Yu, Li

2018-06-01

State estimation plays an essential role in the monitoring and supervision of cyber-physical systems (CPSs), and its importance has made the security and estimation performance a major concern. In this case, multisensor information fusion estimation (MIFE) provides an attractive alternative to study secure estimation problems because MIFE can potentially improve estimation accuracy and enhance reliability and robustness against attacks. From the perspective of the defender, the secure distributed Kalman fusion estimation problem is investigated in this paper for a class of CPSs under replay attacks, where each local estimate obtained by the sink node is transmitted to a remote fusion center through bandwidth constrained communication channels. A new mathematical model with compensation strategy is proposed to characterize the replay attacks and bandwidth constrains, and then a recursive distributed Kalman fusion estimator (DKFE) is designed in the linear minimum variance sense. According to different communication frameworks, two classes of data compression and compensation algorithms are developed such that the DKFEs can achieve the desired performance. Several attack-dependent and bandwidth-dependent conditions are derived such that the DKFEs are secure under replay attacks. An illustrative example is given to demonstrate the effectiveness of the proposed methods.

Emergency Response Manual

NASA Technical Reports Server (NTRS)

Barnett, Traci M.

2004-01-01

Safety and security is very important at NASA. The Security Management and Safeguards Office goal is ensure safety and security for all NASA Lewis and Plum Brook Station visitors and workers. The office protects against theft, sabotage, malicious damage, espionage, and other threats or acts of violence. There are three types of security at NASA: physical, IT, and personnel. IT is concerned with sensitive and classified information and computers. Physical security includes the officers who check visitors and workers in and patrol the facility. Personnel security is concerned with background checks during hiring. During my internship, I met people from and gained knowledge about all three types of security. I primarily worked with Dr. Richard Soppet in physical security. During my experience with physical security, I observed and worked with many aspects of it. I attended various security meetings at both NASA Lewis and Plum Brook. The meetings were about homeland security and other improvements that will be made to both facilities. I also spent time with a locksmith. The locksmith makes copies of keys and unlocks doors for people who need them. I rode around in a security vehicle with an officer as he patrolled. I also observed the officer make a search of a visitor s vehicle. All visitors vehicles are searched upon entering NASA. I spent time and observed in the dispatch office. The officer answers calls and sends out officers when needed. The officer also monitors the security cameras. My primary task was completing an emergency response manual. This manual would assist local law enforcement and fire agencies in case of an emergency. The manual has pictures and descriptions of the buildings. It also contains the information about hazards inside of the buildings. This information will be very helpul to law enforcement so that when called upon during an emergency, they will not create an even bigger problem with collateral damage.

The distinctive sequelae of children's coping with interparental conflict: Testing the reformulated emotional security theory.

PubMed

Davies, Patrick T; Martin, Meredith J; Sturge-Apple, Melissa L; Ripple, Michael T; Cicchetti, Dante

2016-10-01

Two studies tested hypotheses about the distinctive psychological consequences of children's patterns of responding to interparental conflict. In Study 1, 174 preschool children (M = 4.0 years) and their mothers participated in a cross-sectional design. In Study 2, 243 preschool children (M = 4.6 years) and their parents participated in 2 annual measurement occasions. Across both studies, multiple informants assessed children's psychological functioning. Guided by the reformulated version of emotional security theory, behavioral observations of children's coping with interparental conflict assessed their tendencies to exhibit 4 patterns based on their function in defusing threat: secure (i.e., efficiently address direct instances of threat), mobilizing (i.e., react to potential threat and social opportunities), dominant (i.e., directly defeat threat), and demobilizing (i.e., reduce salience as a target of hostility). As hypothesized, each profile predicted unique patterns of adjustment. Greater security was associated with lower levels of internalizing and externalizing symptoms and greater social competence, whereas higher dominance was associated with externalizing problems and extraversion. In contrast, mobilizing patterns of reactivity predicted more problems with self-regulation, internalizing symptoms, externalizing difficulties, but also greater extraversion. Finally, higher levels of demobilizing reactivity were linked with greater internalizing problems and lower extraversion but also better self-regulation. (PsycINFO Database Record (c) 2016 APA, all rights reserved).

The Distinctive Sequelae of Children’s Coping with Interparental Conflict: Testing the Reformulated Emotional Security Theory

PubMed Central

Davies, Patrick T.; Martin, Meredith J.; Sturge-Apple, Melissa L.; Ripple, Michael T.; Cicchetti, Dante

2016-01-01

Two studies tested hypotheses about the distinctive psychological consequences of children’s patterns of responding to interparental conflict. In Study 1, 174 preschool children (M = 4.0 years) and their mothers participated in a cross-sectional design. In Study 2, 243 preschool children (M = 4.6 years) and their parents participated in two annual measurement occasions. Across both studies, multiple informants assessed children’s psychological functioning. Guided by the reformulated version of emotional security theory, behavioral observations of children’s coping with interparental conflict assessed their tendencies to exhibit four patterns based on their function in defusing threat: secure (i.e., efficiently address direct instances of threat), mobilizing (i.e., react to potential threat and social opportunities), dominant (i.e., directly defeat threat), and demobilizing (i.e., reduce salience as a target of hostility). As hypothesized, each profile predicted unique patterns of adjustment. Greater security was associated with lower levels of internalizing and externalizing symptoms and greater social competence, whereas higher dominance was associated with externalizing problems and extraversion. In contrast, mobilizing patterns of reactivity predicted more problems with self-regulation, internalizing symptoms, externalizing difficulties, but also greater extraversion. Finally, higher levels of demobilizing reactivity were linked with greater internalizing problems and lower extraversion but also better self-regulation. PMID:27598256

Draft secure medical database standard.

PubMed

Pangalos, George

2002-01-01

Medical database security is a particularly important issue for all Healthcare establishments. Medical information systems are intended to support a wide range of pertinent health issues today, for example: assure the quality of care, support effective management of the health services institutions, monitor and contain the cost of care, implement technology into care without violating social values, ensure the equity and availability of care, preserve humanity despite the proliferation of technology etc.. In this context, medical database security aims primarily to support: high availability, accuracy and consistency of the stored data, the medical professional secrecy and confidentiality, and the protection of the privacy of the patient. These properties, though of technical nature, basically require that the system is actually helpful for medical care and not harmful to patients. These later properties require in turn not only that fundamental ethical principles are not violated by employing database systems, but instead, are effectively enforced by technical means. This document reviews the existing and emerging work on the security of medical database systems. It presents in detail the related problems and requirements related to medical database security. It addresses the problems of medical database security policies, secure design methodologies and implementation techniques. It also describes the current legal framework and regulatory requirements for medical database security. The issue of medical database security guidelines is also examined in detailed. The current national and international efforts in the area are studied. It also gives an overview of the research work in the area. The document also presents in detail the most complete to our knowledge set of security guidelines for the development and operation of medical database systems.

Secure Dynamic access control scheme of PHR in cloud computing.

PubMed

Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

2012-12-01

With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access scheme in Cloud computing environments is proven flexible and secure and could effectively correspond to real-time appending and deleting user access authorization and appending and revising PHR records.

Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas.

PubMed

Wang, Ze; Zhang, Haijuan; Wu, Luqiang; Zhou, Chang

2015-09-25

Network security is one of the most important issues in mobile sensor networks (MSNs). Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA) is proposed to resist malicious attacks by using mobile nodes' dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards.

PubMed

An, Younghwa

2012-01-01

Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das's authentication scheme, and we have shown that Das's authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das's authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server.

Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards

PubMed Central

An, Younghwa

2012-01-01

Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das's authentication scheme, and we have shown that Das's authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das's authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server. PMID:22899887

Proposal for founding mistrustful quantum cryptography on coin tossing

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kent, Adrian; Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, Bristol BS34 8QZ,

2003-07-01

A significant branch of classical cryptography deals with the problems which arise when mistrustful parties need to generate, process, or exchange information. As Kilian showed a while ago, mistrustful classical cryptography can be founded on a single protocol, oblivious transfer, from which general secure multiparty computations can be built. The scope of mistrustful quantum cryptography is limited by no-go theorems, which rule out, inter alia, unconditionally secure quantum protocols for oblivious transfer or general secure two-party computations. These theorems apply even to protocols which take relativistic signaling constraints into account. The best that can be hoped for, in general, aremore » quantum protocols which are computationally secure against quantum attack. Here a method is described for building a classically certified bit commitment, and hence every other mistrustful cryptographic task, from a secure coin-tossing protocol. No security proof is attempted, but reasons are sketched why these protocols might resist quantum computational attack.« less

Classified Information and Technical Libraries. Final Report. Army Technical Library Improvement Studies (ATLIS), Report No. 11.

ERIC Educational Resources Information Center

Luger, Herbert P.; Booser, Ronald J.

A survey of the literature in the last ten years and interviews with library and security personnel indicated: (1)the problems of handling classified information in libraries have been scanted; (2) there is wide divergence in policies and practices of disseminating such materials; (3)interlibrary cooperation with respect to classified holdings is…

IT Employer and Graduate Assessments Regarding Preparedness in Skills of IT College Graduates Offered Employment

ERIC Educational Resources Information Center

Waldrop, Gerry L.

2017-01-01

Securing employment poses a significant problem for information technology (IT) college and university graduates. An overarching purpose of this research was to inform IT faculty, IT hiring managers and IT graduates of which 42 critical IT skills best predict the offering of jobs to graduates and how long it takes graduates to receive such offers.…

Security and privacy qualities of medical devices: an analysis of FDA postmarket surveillance.

PubMed

Kramer, Daniel B; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R

2012-01-01

Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients' stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware.

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

PubMed Central

Kramer, Daniel B.; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R.

2012-01-01

Background Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware. PMID:22829874

Authentication techniques for smart cards

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nelson, R.A.

1994-02-01

Smart card systems are most cost efficient when implemented as a distributed system, which is a system without central host interaction or a local database of card numbers for verifying transaction approval. A distributed system, as such, presents special card and user authentication problems. Fortunately, smart cards offer processing capabilities that provide solutions to authentication problems, provided the system is designed with proper data integrity measures. Smart card systems maintain data integrity through a security design that controls data sources and limits data changes. A good security design is usually a result of a system analysis that provides a thoroughmore » understanding of the application needs. Once designers understand the application, they may specify authentication techniques that mitigate the risk of system compromise or failure. Current authentication techniques include cryptography, passwords, challenge/response protocols, and biometrics. The security design includes these techniques to help prevent counterfeit cards, unauthorized use, or information compromise. This paper discusses card authentication and user identity techniques that enhance security for microprocessor card systems. It also describes the analysis process used for determining proper authentication techniques for a system.« less

Quantum secret information equal exchange protocol based on dense coding

NASA Astrophysics Data System (ADS)

Jiang, Ying-Hua; Zhang, Shi-Bin; Dai, Jin-Qiao; Shi, Zhi-Ping

2018-04-01

In this paper, we design a novel quantum secret information equal exchange protocol, which implements the equal exchange of secret information between the two parties with the help of semi-trusted third party (TP). In the protocol, EPR pairs prepared by the TP are, respectively, distributed to both the communication parties. Then, the two parties perform Pauli operation on each particle and return the new particles to TP, respectively. TP measures each new pair with Bell basis and announces the measurement results. Both parties deduce the secret information of each other according to the result of announcement by TP. Finally, the security analysis shows that this protocol solves the problem about equal exchange of secret information between two parties and verifies the security of semi-trusted TPs. It proves that the protocol can effectively resist glitch attacks, intercept retransmission attacks and entanglement attack.

Building a Successful Security Infrastructure: What You Want vs. What You Need vs. What You Can Afford

NASA Technical Reports Server (NTRS)

Crabb, Michele D.; Woodrow, Thomas S. (Technical Monitor)

1995-01-01

With the fast growing popularity of the Internet, many organizations are racing to get onto the on-ramp to the Information Superhighway. However, with frequent headlines such as 'Hackers' break in at General Electric raises questions about the Net's Security', 'Internet Security Imperiled - Hackers steal data that could threaten computers world-wide' and 'Stanford Computer system infiltrated; Security fears grow', organizations find themselves rethinking their approach to the on-ramp. Is the Internet safe? What do I need to do to protect my organization? Will hackers try to break into my systems? These are questions many organizations are asking themselves today. In order to safely travel along the Information Superhighway, organizations need a strong security framework. Developing such a framework for a computer site, whether it be just a few dozen hosts or several thousand hosts is not an easy task. The security infrastructure for a site is often developed piece-by-piece in response to security incidents which have affected that site over time. Or worse yet, no coordinated effort has been dedicated toward security. The end result is that many sites are still poorly prepared to handle the security dangers of the Internet. This paper presents guidelines for building a successful security infrastructure. The problem is addressed in a cookbook style method. First is a discussion on how to identify your assets and evaluate the threats to those assets; next are suggestions and tips for identifying the weak areas in your security armor. Armed with this information we can begin to think about what you really need for your site and what you can afford. In this stage of the process we examine the different categories of security tools and products that are available and then present some tips for deciding what is best for your site.

Secure multiparty computation of a comparison problem.

PubMed

Liu, Xin; Li, Shundong; Liu, Jian; Chen, Xiubo; Xu, Gang

2016-01-01

Private comparison is fundamental to secure multiparty computation. In this study, we propose novel protocols to privately determine [Formula: see text], or [Formula: see text] in one execution. First, a 0-1-vector encoding method is introduced to encode a number into a vector, and the Goldwasser-Micali encryption scheme is used to compare integers privately. Then, we propose a protocol by using a geometric method to compare rational numbers privately, and the protocol is information-theoretical secure. Using the simulation paradigm, we prove the privacy-preserving property of our protocols in the semi-honest model. The complexity analysis shows that our protocols are more efficient than previous solutions.

Three-party quantum secure direct communication against collective noise

NASA Astrophysics Data System (ADS)

He, Ye-Feng; Ma, Wen-Ping

2017-10-01

Based on logical quantum states, two three-party quantum secure direct communication protocols are proposed, which can realize the exchange of the secret messages between three parties with the help of the measurement correlation property of six-particle entangled states. These two protocols can be immune to the collective-dephasing noise and the collective-rotation noise, respectively; neither of them has information leakage problem. The one-way transmission mode ensures that they can congenitally resist against the Trojan horse attacks and the teleportation attack. Furthermore, these two protocols are secure against other active attacks because of the use of the decoy state technology.

14 CFR § 1203.202 - Responsibilities.

Code of Federal Regulations, 2014 CFR

2014-01-01

... permitted by law, suspension without pay and removal. (b) All NASA employees are responsible for bringing to the attention of the Chairperson of the NISPC any information security problems in need of resolution... the attention of the Chairperson, NISPC, for resolution, any disagreement with classification...

Privacy and Access Control for IHE-Based Systems

NASA Astrophysics Data System (ADS)

Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian

Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.

When trust is threatened: Qualitative study of parents' perspectives on problematic clinical relationships in child cancer care

PubMed Central

Davies, Sarah; Salmon, Peter

2017-01-01

Abstract Objective We explored parents' accounts of the parent‐clinician relationship in childhood cancer to understand how parents who perceive threats to the relationship can be supported. Methods Multicentre longitudinal qualitative study, with 67 UK parents of children (aged 1‐12 years) receiving treatment for acute lymphoblastic leukaemia. Analyses drew on the wider sample but focussed on 50 semistructured interviews with 20 parents and were informed by constant comparison. Results All 20 parents described problems with clinical care such as inadequate information or mistakes by staff but varied in how much the problems threatened their sense of relationship with clinicians. Some parents saw the problems as having no relevance to the parent‐clinician relationship. Others saw the problems as threats to the clinical relationship but worked to “contain” the threat in ways that preserved a trusting relationship with at least one senior clinician. Parents' containment work protected the security they needed from the parent‐clinician relationship, but containment was a tenuous process for some. A few parents were unable to contain the problems at all; lacking trust in clinicians, these parents suffered considerably. Conclusions Given the complexity of childhood cancer care, problems with clinical care are inevitable. By engaging in containment work, parents met their needs to feel secure in the face of these problems, but the extent to which parents should have to do this work is debatable. Parents could benefit from support to seek help when problems arise which threaten their trust in clinicians. Attachment theory can guide clinicians in giving this support. PMID:28494129

Problems With Deployment of Multi-Domained, Multi-Homed Mobile Networks

NASA Technical Reports Server (NTRS)

Ivancic, William D.

2008-01-01

This document describes numerous problems associated with deployment of multi-homed mobile platforms consisting of multiple networks and traversing large geographical areas. The purpose of this document is to provide insight to real-world deployment issues and provide information to groups that are addressing many issues related to multi-homing, policy-base routing, route optimization and mobile security - particularly those groups within the Internet Engineering Task Force.

Tackling 'wicked' health promotion problems: a New Zealand case study.

PubMed

Signal, Louise N; Walton, Mat D; Ni Mhurchu, Cliona; Maddison, Ralph; Bowers, Sharron G; Carter, Kristie N; Gorton, Delvina; Heta, Craig; Lanumata, Tolotea S; McKerchar, Christina W; O'Dea, Des; Pearce, Jamie

2013-03-01

This paper reports on a complex environmental approach to addressing 'wicked' health promotion problems devised to inform policy for enhancing food security and physical activity among Māori, Pacific and low-income people in New Zealand. This multi-phase research utilized literature reviews, focus groups, stakeholder workshops and key informant interviews. Participants included members of affected communities, policy-makers and academics. Results suggest that food security and physical activity 'emerge' from complex systems. Key areas for intervention include availability of money within households; the cost of food; improvements in urban design and culturally specific physical activity programmes. Seventeen prioritized intervention areas were explored in-depth and recommendations for action identified. These include healthy food subsidies, increasing the statutory minimum wage rate and enhancing open space and connectivity in communities. This approach has moved away from seeking individual solutions to complex social problems. In doing so, it has enabled the mapping of the relevant systems and the identification of a range of interventions while taking account of the views of affected communities and the concerns of policy-makers. The complex environmental approach used in this research provides a method to identify how to intervene in complex systems that may be relevant to other 'wicked' health promotion problems.

Capturing security requirements for software systems.

PubMed

El-Hadary, Hassan; El-Kassas, Sherif

2014-07-01

Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

Capturing security requirements for software systems

PubMed Central

El-Hadary, Hassan; El-Kassas, Sherif

2014-01-01

Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way. PMID:25685514

Symmetric quantum fully homomorphic encryption with perfect security

NASA Astrophysics Data System (ADS)

Liang, Min

2013-12-01

Suppose some data have been encrypted, can you compute with the data without decrypting them? This problem has been studied as homomorphic encryption and blind computing. We consider this problem in the context of quantum information processing, and present the definitions of quantum homomorphic encryption (QHE) and quantum fully homomorphic encryption (QFHE). Then, based on quantum one-time pad (QOTP), we construct a symmetric QFHE scheme, where the evaluate algorithm depends on the secret key. This scheme permits any unitary transformation on any -qubit state that has been encrypted. Compared with classical homomorphic encryption, the QFHE scheme has perfect security. Finally, we also construct a QOTP-based symmetric QHE scheme, where the evaluate algorithm is independent of the secret key.

Cryptanalysis on a scheme to share information via employing a discrete algorithm to quantum states

NASA Astrophysics Data System (ADS)

Amellal, H.; Meslouhi, A.; El Baz, M.; Hassouni, Y.; El Allati, A.

2017-03-01

Recently, Yang and Hwang [Int. J. Theor. Phys. 53, 224 (2014)] demonstrated that the scheme to share information via employing discrete algorithm to quantum states presented by Kang and Fang [Commun. Theor. Phys. 55, 239 (2011)] suffers from a major vulnerability allowing an eavesdropper to perform a measurement and resend attack. By introducing an additional checking state framework, the authors have proposed an improved protocol to overcome this weakness. This work calls into question the invoked vulnerability in order to clarify a misinterpretation in the same protocol stages also introduce a possible leakage information strategy, known as a faked state attack, despite the proposed improvement, which means that the same security problem may persist. Finally, an upgrading technic was introduced in order to enhance the security transmission.

Design and Implementation of Website Information Disclosure Assessment System

PubMed Central

Cho, Ying-Chiang; Pan, Jen-Yi

2015-01-01

Internet application technologies, such as cloud computing and cloud storage, have increasingly changed people’s lives. Websites contain vast amounts of personal privacy information. In order to protect this information, network security technologies, such as database protection and data encryption, attract many researchers. The most serious problems concerning web vulnerability are e-mail address and network database leakages. These leakages have many causes. For example, malicious users can steal database contents, taking advantage of mistakes made by programmers and administrators. In order to mitigate this type of abuse, a website information disclosure assessment system is proposed in this study. This system utilizes a series of technologies, such as web crawler algorithms, SQL injection attack detection, and web vulnerability mining, to assess a website’s information disclosure. Thirty websites, randomly sampled from the top 50 world colleges, were used to collect leakage information. This testing showed the importance of increasing the security and privacy of website information for academic websites. PMID:25768434

A broadcast-based key agreement scheme using set reconciliation for wireless body area networks.

PubMed

Ali, Aftab; Khan, Farrukh Aslam

2014-05-01

Information and communication technologies have thrived over the last few years. Healthcare systems have also benefited from this progression. A wireless body area network (WBAN) consists of small, low-power sensors used to monitor human physiological values remotely, which enables physicians to remotely monitor the health of patients. Communication security in WBANs is essential because it involves human physiological data. Key agreement and authentication are the primary issues in the security of WBANs. To agree upon a common key, the nodes exchange information with each other using wireless communication. This information exchange process must be secure enough or the information exchange should be minimized to a certain level so that if information leak occurs, it does not affect the overall system. Most of the existing solutions for this problem exchange too much information for the sake of key agreement; getting this information is sufficient for an attacker to reproduce the key. Set reconciliation is a technique used to reconcile two similar sets held by two different hosts with minimal communication complexity. This paper presents a broadcast-based key agreement scheme using set reconciliation for secure communication in WBANs. The proposed scheme allows the neighboring nodes to agree upon a common key with the personal server (PS), generated from the electrocardiogram (EKG) feature set of the host body. Minimal information is exchanged in a broadcast manner, and even if every node is missing a different subset, by reconciling these feature sets, the whole network will still agree upon a single common key. Because of the limited information exchange, if an attacker gets the information in any way, he/she will not be able to reproduce the key. The proposed scheme mitigates replay, selective forwarding, and denial of service attacks using a challenge-response authentication mechanism. The simulation results show that the proposed scheme has a great deal of adoptability in terms of security, communication overhead, and running time complexity, as compared to the existing EKG-based key agreement scheme.

Information Measures of Degree Distributions with an Application to Labeled Graphs

DOE Office of Scientific and Technical Information (OSTI.GOV)

Joslyn, Cliff A.; Purvine, Emilie AH

2016-01-11

The problem of describing the distribution of labels over a set of objects is relevant to many domains. For example: cyber security, social media, and protein interactions all care about the manner in which labels are distributed among different objects. In this paper we present three interacting statistical measures on label distributions, inspired by entropy and information theory. Labeled graphs are discussed as a specific case of labels distributed over a set of edges. We describe a use case in cyber security using a labeled directed multi-graph of IPFLOW. Finally we show how these measures respond when labels are updatedmore » in certain ways.« less

Distributed Noise Generation for Density Estimation Based Clustering without Trusted Third Party

NASA Astrophysics Data System (ADS)

Su, Chunhua; Bao, Feng; Zhou, Jianying; Takagi, Tsuyoshi; Sakurai, Kouichi

The rapid growth of the Internet provides people with tremendous opportunities for data collection, knowledge discovery and cooperative computation. However, it also brings the problem of sensitive information leakage. Both individuals and enterprises may suffer from the massive data collection and the information retrieval by distrusted parties. In this paper, we propose a privacy-preserving protocol for the distributed kernel density estimation-based clustering. Our scheme applies random data perturbation (RDP) technique and the verifiable secret sharing to solve the security problem of distributed kernel density estimation in [4] which assumed a mediate party to help in the computation.

a Discussion about Effective Ways of Basic Resident Register on GIS

NASA Astrophysics Data System (ADS)

Oku, Naoya; Nonaka, Yasuaki; Ito, Yutaka

2016-06-01

In Japan, each municipality keeps a database of every resident's name, address, gender and date of birth called the Basic Resident Register. If the address information in the register is converted into coordinates by geocoding, it can be plotted as point data on a map. This would enable prompt evacuation from disaster, analysis of distribution of residents, integrating statistics and so on. Further, it can be used for not only analysis of the current situation but also future planning. However, the geographic information system (GIS) incorporating the Basic Resident Register is not widely used in Japan because of the following problems: - Geocoding In order to plot address point data, it is necessary to match the Basic Resident Register and the address dictionary by using the address as a key. The information in the Basic Resident Register does not always match the actual addresses. As the register is based on applications made by residents, the information is prone to errors, such as incorrect Kanji characters. - Security policy on personal information In the register, the address of a resident is linked with his/her name and date of birth. If the information in the Basic Resident Register were to be leaked, it could be used for malicious purposes. This paper proposes solutions to the above problems. The suitable solutions for the problems depend on the purpose of use, thus it is important that the purpose should be defined and a suitable way of the application for each purpose should be chosen. In this paper, we mainly focus on the specific purpose of use: to analyse the distribution of the residents. We provide two solutions to improve the matching rate in geocoding. First, regarding errors in Kanji characters, a correction list of possible errors should be compiled in advance. Second, some sort of analyses such as distribution of residents may not require exactly correct position for the address point. Therefore we set the matching level in order: prefecture, city, town, city-block, house-code, house, and decided to accept up to city-block level for the matching. Moreover, in terms of security policy on personal information, some part of information may not be needed for the distribution analysis. For example, the personal information like resident's name should be excluded from the attribute of address point in order to secure the safety operation of the system.

Protecting Patient Records from Unwarranted Access

NASA Astrophysics Data System (ADS)

Gardner, Ryan; Garera, Sujata; Rubin, Aviel D.; Rajan, Anand; Rozas, Carlos V.; Sastry, Manoj

Securing access to medical information is vital to protecting patient privacy. However, Electronic Patient Record (EPR) systems are vulnerable to a number of inside and outside threats. Adversaries can compromise EPR client machines to obtain a variety of highly sensitive information including valid EPR login credentials, without detection. Furthermore, medical staff can covertly view records of their choosing for personal interest or more malicious purposes. In particular, we observe that the lack of integrity measurement and auditability in these systems creates a potential threat to the privacy of patient information. We explore the use of virtualization and trusted computing hardware to address these problems. We identify open problems and encourage further research in the area.

Security Research on VoIP with Watermarking

NASA Astrophysics Data System (ADS)

Hu, Dong; Lee, Ping

2008-11-01

With the wide application of VoIP, many problems have occurred. One of the problems is security. The problems with securing VoIP systems, insufficient standardization and lack of security mechanisms emerged the need for new approaches and solutions. In this paper, we propose a new security architecture for VoIP which is based on digital watermarking which is a new, flexible and powerful technology that is increasingly gaining more and more attentions. Besides known applications e.g. to solve copyright protection problems, we propose to use digital watermarking to secure not only transmitted audio but also signaling protocol that VoIP is based on.

Managing business compliance using model-driven security management

NASA Astrophysics Data System (ADS)

Lang, Ulrich; Schreiner, Rudolf

Compliance with regulatory and governance standards is rapidly becoming one of the hot topics of information security today. This is because, especially with regulatory compliance, both business and government have to expect large financial and reputational losses if compliance cannot be ensured and demonstrated. One major difficulty of implementing such regulations is caused the fact that they are captured at a high level of abstraction that is business-centric and not IT centric. This means that the abstract intent needs to be translated in a trustworthy, traceable way into compliance and security policies that the IT security infrastructure can enforce. Carrying out this mapping process manually is time consuming, maintenance-intensive, costly, and error-prone. Compliance monitoring is also critical in order to be able to demonstrate compliance at any given point in time. The problem is further complicated because of the need for business-driven IT agility, where IT policies and enforcement can change frequently, e.g. Business Process Modelling (BPM) driven Service Oriented Architecture (SOA). Model Driven Security (MDS) is an innovative technology approach that can solve these problems as an extension of identity and access management (IAM) and authorization management (also called entitlement management). In this paper we will illustrate the theory behind Model Driven Security for compliance, provide an improved and extended architecture, as well as a case study in the healthcare industry using our OpenPMF 2.0 technology.

A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems.

PubMed

Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao

2014-09-01

Telecare medicine information system (TMIS) is widely used for providing a convenient and efficient communicating platform between patients at home and physicians at medical centers or home health care (HHC) organizations. To ensure patient privacy, in 2013, Hao et al. proposed a chaotic map based authentication scheme with user anonymity for TMIS. Later, Lee showed that Hao et al.'s scheme is in no provision for providing fairness in session key establishment and gave an efficient user authentication and key agreement scheme using smart cards, in which only few hashing and Chebyshev chaotic map operations are required. In addition, Jiang et al. discussed that Hao et al.'s scheme can not resist stolen smart card attack and they further presented an improved scheme which attempts to repair the security pitfalls found in Hao et al.'s scheme. In this paper, we found that both Lee's and Jiang et al.'s authentication schemes have a serious security problem in that a registered user's secret parameters may be intentionally exposed to many non-registered users and this problem causing the service misuse attack. Therefore, we propose a slight modification on Lee's scheme to prevent the shortcomings. Compared with previous schemes, our improved scheme not only inherits the advantages of Lee's and Jiang et al.'s authentication schemes for TMIS but also remedies the serious security weakness of not being able to withstand service misuse attack.

Time Pattern Locking Scheme for Secure Multimedia Contents in Human-Centric Device

PubMed Central

Kim, Hyun-Woo; Kim, Jun-Ho; Park, Jong Hyuk; Jeong, Young-Sik

2014-01-01

Among the various smart multimedia devices, multimedia smartphones have become the most widespread due to their convenient portability and real-time information sharing, as well as various other built-in features. Accordingly, since personal and business activities can be carried out using multimedia smartphones without restrictions based on time and location, people have more leisure time and convenience than ever. However, problems such as loss, theft, and information leakage because of convenient portability have also increased proportionally. As a result, most multimedia smartphones are equipped with various built-in locking features. Pattern lock, personal identification numbers, and passwords are the most used locking features on current smartphones, but these are vulnerable to shoulder surfing and smudge attacks, allowing malicious users to bypass the security feature easily. In particular, the smudge attack technique is a convenient way to unlock multimedia smartphones after they have been stolen. In this paper, we propose the secure locking screen using time pattern (SLSTP) focusing on improved security and convenience for users to support human-centric multimedia device completely. The SLSTP can provide a simple interface to users and reduce the risk factors pertaining to security leakage to malicious third parties. PMID:25202737

Time pattern locking scheme for secure multimedia contents in human-centric device.

PubMed

Kim, Hyun-Woo; Kim, Jun-Ho; Park, Jong Hyuk; Jeong, Young-Sik

2014-01-01

Among the various smart multimedia devices, multimedia smartphones have become the most widespread due to their convenient portability and real-time information sharing, as well as various other built-in features. Accordingly, since personal and business activities can be carried out using multimedia smartphones without restrictions based on time and location, people have more leisure time and convenience than ever. However, problems such as loss, theft, and information leakage because of convenient portability have also increased proportionally. As a result, most multimedia smartphones are equipped with various built-in locking features. Pattern lock, personal identification numbers, and passwords are the most used locking features on current smartphones, but these are vulnerable to shoulder surfing and smudge attacks, allowing malicious users to bypass the security feature easily. In particular, the smudge attack technique is a convenient way to unlock multimedia smartphones after they have been stolen. In this paper, we propose the secure locking screen using time pattern (SLSTP) focusing on improved security and convenience for users to support human-centric multimedia device completely. The SLSTP can provide a simple interface to users and reduce the risk factors pertaining to security leakage to malicious third parties.

Medical Devices Transition to Information Systems: Lessons Learned

PubMed Central

Charters, Kathleen G.

2012-01-01

Medical devices designed to network can share data with a Clinical Information System (CIS), making that data available within clinician workflow. Some lessons learned by transitioning anesthesia reporting and monitoring devices (ARMDs) on a local area network (LAN) to integration of anesthesia documentation within a CIS include the following categories: access, contracting, deployment, implementation, planning, security, support, training and workflow integration. Areas identified for improvement include: Vendor requirements for access reconciled with the organizations’ security policies and procedures. Include clauses supporting transition from stand-alone devices to information integrated into clinical workflow in the medical device procurement contract. Resolve deployment and implementation barriers that make the process less efficient and more costly. Include effective field communication and creative alternatives in planning. Build training on the baseline knowledge of trainees. Include effective help desk processes and metrics. Have a process for determining where problems originate when systems share information. PMID:24199054

Surveillance systems for intermodal transportation

NASA Astrophysics Data System (ADS)

Jakovlev, Sergej; Voznak, Miroslav; Andziulis, Arunas

2015-05-01

Intermodal container monitoring is considered a major security issue in many major logistic companies and countries worldwide. Current representation of the problem, we face today, originated in 2002, right after the 9/11 attacks. Then, a new worldwide Container Security Initiative (CSI, 2002) was considered that shaped the perception of the transportation operations. Now more than 80 larger ports all over the world contribute to its further development and integration into everyday transportation operations and improve the regulations for the developing regions. Although, these new improvements allow us to feel safer and secure, constant management of transportation operations has become a very difficult problem for conventional data analysis methods and information systems. The paper deals with a proposal of a whole new concept for the improvement of the Containers Security Initiative (CSI) by virtually connecting safety, security processes and systems. A conceptual middleware approach with deployable intelligent agent modules is proposed to be used with possible scenarios and a testbed is used to test the solution. Middleware examples are visually programmed using National Instruments LabView software packages and Wireless sensor network hardware modules. An experimental software is used to evaluate he solution. This research is a contribution to the intermodal transportation and is intended to be used as a means or the development of intelligent transport systems.

Legal issues of the electronic dental record: security and confidentiality.

PubMed

Szekely, D G; Milam, S; Khademi, J A

1996-01-01

Computer-based, electronic dental record keeping involves complex issues of patient privacy and the dental practitioner's ethical duty of confidentiality. Federal and state law is responding to the new legal issues presented by computer technology. Authenticating the electronic record in terms of ensuring its reliability and accuracy is essential in order to protect its admissibility as evidence in legal actions. Security systems must be carefully planned to limit access and provide for back-up and storage of dental records. Carefully planned security systems protect the patient from disclosure without the patient's consent and also protect the practitioner from the liability that would arise from such disclosure. Human errors account for the majority of data security problems. Personnel security is assured through pre-employment screening, employment contracts, policies, and staff education. Contracts for health information systems should include provisions for indemnification and ensure the confidentiality of the system by the vendor.

A robust anonymous biometric-based authenticated key agreement scheme for multi-server environments

PubMed Central

Huang, Yuanfei; Ma, Fangchao

2017-01-01

In order to improve the security in remote authentication systems, numerous biometric-based authentication schemes using smart cards have been proposed. Recently, Moon et al. presented an authentication scheme to remedy the flaws of Lu et al.’s scheme, and claimed that their improved protocol supports the required security properties. Unfortunately, we found that Moon et al.’s scheme still has weaknesses. In this paper, we show that Moon et al.’s scheme is vulnerable to insider attack, server spoofing attack, user impersonation attack and guessing attack. Furthermore, we propose a robust anonymous multi-server authentication scheme using public key encryption to remove the aforementioned problems. From the subsequent formal and informal security analysis, we demonstrate that our proposed scheme provides strong mutual authentication and satisfies the desirable security requirements. The functional and performance analysis shows that the improved scheme has the best secure functionality and is computational efficient. PMID:29121050

A robust anonymous biometric-based authenticated key agreement scheme for multi-server environments.

PubMed

Guo, Hua; Wang, Pei; Zhang, Xiyong; Huang, Yuanfei; Ma, Fangchao

2017-01-01

In order to improve the security in remote authentication systems, numerous biometric-based authentication schemes using smart cards have been proposed. Recently, Moon et al. presented an authentication scheme to remedy the flaws of Lu et al.'s scheme, and claimed that their improved protocol supports the required security properties. Unfortunately, we found that Moon et al.'s scheme still has weaknesses. In this paper, we show that Moon et al.'s scheme is vulnerable to insider attack, server spoofing attack, user impersonation attack and guessing attack. Furthermore, we propose a robust anonymous multi-server authentication scheme using public key encryption to remove the aforementioned problems. From the subsequent formal and informal security analysis, we demonstrate that our proposed scheme provides strong mutual authentication and satisfies the desirable security requirements. The functional and performance analysis shows that the improved scheme has the best secure functionality and is computational efficient.

A Posteriori Error Analysis and Uncertainty Quantification for Adaptive Multiscale Operator Decomposition Methods for Multiphysics Problems

DTIC Science & Technology

2013-06-24

Barrier methods for critical exponent problems in geometric analysis and mathematical physics, J. Erway and M. Hoist, Submitted for publication . • Finite...1996. [20] C. LANCZOS, Linear Differential Operators, Dover Publications , Mineola, NY, 1997. [21] G.I. MARCHUK, Adjoint Equations and Analysis of...NUMBER(S) 16. SECURITY CLASSIFICATION OF: 19b. TELEPHONE NUMBER (Include area code) The public reporting burden for this collection of information is

A Generalized Orienteering Problem for Optimal Search and Interdiction Planning

DTIC Science & Technology

2013-09-01

NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA DISSERTATION A GENERALIZED ORIENTEERING PROBLEM FOR OPTIMAL SEARCH AND INTERDICTION PLANNING by Jesse...provision of law, no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently...16. SECURITY CLASSIFICATION OF: a . REPORT b. ABSTRACT c. THIS PAGE 17. LIMITATION OF ABSTRACT 18. NUMBER OF PAGES 19a. NAME OF RESPONSIBLE PERSON 19b

Operational Reconnaissance: Identifying the Right Problems in a Complex World

DTIC Science & Technology

2015-05-23

about the activities and resources of an enemy or rival, or to secure data concerning the meteorological , hydrographic, or geographic characteristics of...Information. Kansas City, KS: Hudson -Kimberly Publishing Co., 1896. War Department. Field Manual (FM) 1-20, Army Air Force Field Manual, Tactics and

Optical security features for plastic card documents

NASA Astrophysics Data System (ADS)

Hossick Schott, Joachim

1998-04-01

Print-on-demand is currently a major trend in the production of paper based documents. This fully digital production philosophy will likely have ramifications also for the secure identification document market. Here, plastic cards increasingly replace traditionally paper based security sensitive documents such as drivers licenses and passports. The information content of plastic cards can be made highly secure by using chip cards. However, printed and other optical security features will continue to play an important role, both for machine readable and visual inspection. Therefore, on-demand high resolution print technologies, laser engraving, luminescent pigments and laminated features such as holograms, kinegrams or phase gratings will have to be considered for the production of secure identification documents. Very important are also basic optical, surface and material durability properties of the laminates as well as the strength and nature of the adhesion between the layers. This presentation will address some of the specific problems encountered when optical security features such as high resolution printing and laser engraving are to be integrated in the on-demand production of secure plastic card identification documents.

Analysis on the security of cloud computing

NASA Astrophysics Data System (ADS)

He, Zhonglin; He, Yuhua

2011-02-01

Cloud computing is a new technology, which is the fusion of computer technology and Internet development. It will lead the revolution of IT and information field. However, in cloud computing data and application software is stored at large data centers, and the management of data and service is not completely trustable, resulting in safety problems, which is the difficult point to improve the quality of cloud service. This paper briefly introduces the concept of cloud computing. Considering the characteristics of cloud computing, it constructs the security architecture of cloud computing. At the same time, with an eye toward the security threats cloud computing faces, several corresponding strategies are provided from the aspect of cloud computing users and service providers.

Practical quantum digital signature

NASA Astrophysics Data System (ADS)

Yin, Hua-Lei; Fu, Yao; Chen, Zeng-Bing

2016-03-01

Guaranteeing nonrepudiation, unforgeability as well as transferability of a signature is one of the most vital safeguards in today's e-commerce era. Based on fundamental laws of quantum physics, quantum digital signature (QDS) aims to provide information-theoretic security for this cryptographic task. However, up to date, the previously proposed QDS protocols are impractical due to various challenging problems and most importantly, the requirement of authenticated (secure) quantum channels between participants. Here, we present the first quantum digital signature protocol that removes the assumption of authenticated quantum channels while remaining secure against the collective attacks. Besides, our QDS protocol can be practically implemented over more than 100 km under current mature technology as used in quantum key distribution.

High-performance compression and double cryptography based on compressive ghost imaging with the fast Fourier transform

NASA Astrophysics Data System (ADS)

Leihong, Zhang; Zilan, Pan; Luying, Wu; Xiuhua, Ma

2016-11-01

To solve the problem that large images can hardly be retrieved for stringent hardware restrictions and the security level is low, a method based on compressive ghost imaging (CGI) with Fast Fourier Transform (FFT) is proposed, named FFT-CGI. Initially, the information is encrypted by the sender with FFT, and the FFT-coded image is encrypted by the system of CGI with a secret key. Then the receiver decrypts the image with the aid of compressive sensing (CS) and FFT. Simulation results are given to verify the feasibility, security, and compression of the proposed encryption scheme. The experiment suggests the method can improve the quality of large images compared with conventional ghost imaging and achieve the imaging for large-sized images, further the amount of data transmitted largely reduced because of the combination of compressive sensing and FFT, and improve the security level of ghost images through ciphertext-only attack (COA), chosen-plaintext attack (CPA), and noise attack. This technique can be immediately applied to encryption and data storage with the advantages of high security, fast transmission, and high quality of reconstructed information.

Adequate Security Protocols Adopt in a Conceptual Model in Identity Management for the Civil Registry of Ecuador

NASA Astrophysics Data System (ADS)

Toapanta, Moisés; Mafla, Enrique; Orizaga, Antonio

2017-08-01

We analyzed the problems of security of the information of the civil registries and identification at world level that are considered strategic. The objective is to adopt the appropriate security protocols in a conceptual model in the identity management for the Civil Registry of Ecuador. In this phase, the appropriate security protocols were determined in a Conceptual Model in Identity Management with Authentication, Authorization and Auditing (AAA). We used the deductive method and exploratory research to define the appropriate security protocols to be adopted in the identity model: IPSec, DNSsec, Radius, SSL, TLS, IEEE 802.1X EAP, Set. It was a prototype of the location of the security protocols adopted in the logical design of the technological infrastructure considering the conceptual model for Identity, Authentication, Authorization, and Audit management. It was concluded that the adopted protocols are appropriate for a distributed database and should have a direct relationship with the algorithms, which allows vulnerability and risk mitigation taking into account confidentiality, integrity and availability (CIA).

When trust is threatened: Qualitative study of parents' perspectives on problematic clinical relationships in child cancer care.

PubMed

Davies, Sarah; Salmon, Peter; Young, Bridget

2017-09-01

We explored parents' accounts of the parent-clinician relationship in childhood cancer to understand how parents who perceive threats to the relationship can be supported. Multicentre longitudinal qualitative study, with 67 UK parents of children (aged 1-12 years) receiving treatment for acute lymphoblastic leukaemia. Analyses drew on the wider sample but focussed on 50 semistructured interviews with 20 parents and were informed by constant comparison. All 20 parents described problems with clinical care such as inadequate information or mistakes by staff but varied in how much the problems threatened their sense of relationship with clinicians. Some parents saw the problems as having no relevance to the parent-clinician relationship. Others saw the problems as threats to the clinical relationship but worked to "contain" the threat in ways that preserved a trusting relationship with at least one senior clinician. Parents' containment work protected the security they needed from the parent-clinician relationship, but containment was a tenuous process for some. A few parents were unable to contain the problems at all; lacking trust in clinicians, these parents suffered considerably. Given the complexity of childhood cancer care, problems with clinical care are inevitable. By engaging in containment work, parents met their needs to feel secure in the face of these problems, but the extent to which parents should have to do this work is debatable. Parents could benefit from support to seek help when problems arise which threaten their trust in clinicians. Attachment theory can guide clinicians in giving this support. © 2017 The Authors. Psycho-Oncology Published by John Wiley & Sons Ltd.

Remote sensing and geographically based information systems

NASA Technical Reports Server (NTRS)

Cicone, R. C.

1977-01-01

A structure is proposed for a geographically-oriented computer-based information system applicable to the analysis of remote sensing digital data. The structure, intended to answer a wide variety of user needs, would permit multiple views of the data, provide independent management of data security, quality and integrity, and rely on automatic data filing. Problems in geographically-oriented data systems, including those related to line encoding and cell encoding, are considered.

Unclassified Information Sharing and Coordination in Security, Stabilization, Transition and Reconstruction Efforts

DTIC Science & Technology

2008-03-01

is implemented using the Drupal (2007) content management system (CMS) and many of the baseline information sharing and collaboration tools have...been contributed through the Dru- pal open source community. Drupal is a very modular open source software written in PHP hypertext processor...needed to suit the particular problem domain. While other frameworks have the potential to provide similar advantages (“Ruby,” 2007), Drupal was

Study on development and application of platform with students' safety based on SOA

NASA Astrophysics Data System (ADS)

Jiang, Derong

2011-10-01

Students' safety management is a very important work, which is responsible for the entire school student security problems, student safety primarily prevent, only advance predict various of the imminent problems, to better protect their safety. The system mainly used on the development request the student safety management, safety evaluation, safety education, and etc, which are for daily management work completed for students in the security digital management. Development of the system can reduce the safety management for department working pressure, meanwhile, can reduce the labor force to use, accelerate query speed, strengthens the management, as well as the national various departments about the information step, making each management standardized. Therefore, developing a set of suitability and the populace, compatibly good system is very necessary.

SoS Lablet; Perpetually Available and Secure Information Systems

DTIC Science & Technology

2015-11-16

settings, people simply err on the safe side and do a lot less sharing, which explains why all pull -based location sharing applications have failed so...number of data centers is raising concerns about their power consumption. Through an NSF GOALI Bruce Krogh and I have investigated the problem by

InterCon Travel Health: Case B

ERIC Educational Resources Information Center

Truman, Gregory E.; Pachamanova, Dessislava A.; Goldstein, Michael A.

2010-01-01

InterCon provides services to health insurers of foreign tourists who travel to the United States and Canada. Management wants to implement a new information system that will deal with several operational problems, but it is having difficulty securing the capital resources to fund the system's development. After an initial failure, the chief…

A Quantitative Analysis of the Relationship between Computer Self-Efficacy and Misuse Intention

ERIC Educational Resources Information Center

Desire, Jean Ronald

2017-01-01

Intention to misuse information systems (IS) is a growing problem where employees of organizations are contributors to successful IS security breaches. Misuse of IS resources in organizations in the healthcare and pharmaceutical industries can affect patient care. Researchers investigated factors that influence changes in behavior regarding…

Strict integrity control of biomedical images

NASA Astrophysics Data System (ADS)

Coatrieux, Gouenou; Maitre, Henri; Sankur, Bulent

2001-08-01

The control of the integrity and authentication of medical images is becoming ever more important within the Medical Information Systems (MIS). The intra- and interhospital exchange of images, such as in the PACS (Picture Archiving and Communication Systems), and the ease of copying, manipulation and distribution of images have brought forth the security aspects. In this paper we focus on the role of watermarking for MIS security and address the problem of integrity control of medical images. We discuss alternative schemes to extract verification signatures and compare their tamper detection performance.

Dealing with problem number one--budget cuts: can you do more with less?

PubMed

2001-09-01

To cope with current budget restraints and cutbacks, hospital security departments are increasingly integrating their manpower with technology in the form of access control, CCTV cameras, and alarm systems to supplement their services as well as becoming more dependent on computerized information technology systems and IT departments to track hospital activities and incidents. Security directors contacted for this report also emphasize that they are doing more with less by providing value-added services both to expand activities and to demonstrate the importance of their departments to top management.

Research on parallel combinatory spread spectrum communication system with double information matching

NASA Astrophysics Data System (ADS)

Xue, Wei; Wang, Qi; Wang, Tianyu

2018-04-01

This paper presents an improved parallel combinatory spread spectrum (PC/SS) communication system with the method of double information matching (DIM). Compared with conventional PC/SS system, the new model inherits the advantage of high transmission speed, large information capacity and high security. Besides, the problem traditional system will face is the high bit error rate (BER) and since its data-sequence mapping algorithm. Hence the new model presented shows lower BER and higher efficiency by its optimization of mapping algorithm.

TRENCADIS - secure architecture to share and manage DICOM objects in a ontological framework based on OGSA.

PubMed

Blanquer, Ignacio; Hernandez, Vicente; Segrelles, Damià; Torres, Erik

2007-01-01

Today most European healthcare centers use the digital format for their databases of images. TRENCADIS is a software architecture comprising a set of services as a solution for interconnecting, managing and sharing selected parts of medical DICOM data for the development of training and decision support tools. The organization of the distributed information in virtual repositories is based on semantic criteria. Different groups of researchers could organize themselves to propose a Virtual Organization (VO). These VOs will be interested in specific target areas, and will share information concerning each area. Although the private part of the information to be shared will be removed, special considerations will be taken into account to avoid the access by non-authorized users. This paper describes the security model implemented as part of TRENCADIS. The paper is organized as follows. First introduces the problem and presents our motivations. Section 1 defines the objectives. Section 2 presents an overview of the existing proposals per objective. Section 3 outlines the overall architecture. Section 4 describes how TRENCADIS is architected to realize the security goals discussed in the previous sections. The different security services and components of the infrastructure are briefly explained, as well as the exposed interfaces. Finally, Section 5 concludes and gives some remarks on our future work.

Indirection and computer security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Berg, Michael J.

2011-09-01

The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyzemore » common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.« less

Common Criteria related security design patterns--validation on the intelligent sensor example designed for mine environment.

PubMed

Bialas, Andrzej

2010-01-01

The paper discusses the security issues of intelligent sensors that are able to measure and process data and communicate with other information technology (IT) devices or systems. Such sensors are often used in high risk applications. To improve their robustness, the sensor systems should be developed in a restricted way to provide them with assurance. One of assurance creation methodologies is Common Criteria (ISO/IEC 15408), used for IT products and systems. The contribution of the paper is a Common Criteria compliant and pattern-based method for the intelligent sensors security development. The paper concisely presents this method and its evaluation for the sensor detecting methane in a mine, focusing on the security problem of the intelligent sensor definition and solution. The aim of the validation is to evaluate and improve the introduced method.

Quantum simulator review

NASA Astrophysics Data System (ADS)

Bednar, Earl; Drager, Steven L.

2007-04-01

Quantum information processing's objective is to utilize revolutionary computing capability based on harnessing the paradigm shift offered by quantum computing to solve classically hard and computationally challenging problems. Some of our computationally challenging problems of interest include: the capability for rapid image processing, rapid optimization of logistics, protecting information, secure distributed simulation, and massively parallel computation. Currently, one important problem with quantum information processing is that the implementation of quantum computers is difficult to realize due to poor scalability and great presence of errors. Therefore, we have supported the development of Quantum eXpress and QuIDD Pro, two quantum computer simulators running on classical computers for the development and testing of new quantum algorithms and processes. This paper examines the different methods used by these two quantum computing simulators. It reviews both simulators, highlighting each simulators background, interface, and special features. It also demonstrates the implementation of current quantum algorithms on each simulator. It concludes with summary comments on both simulators.

Is the Pungwe water supply project a solution to water accessibility and sanitation problems for the households of Sakubva, Zimbabwe?

NASA Astrophysics Data System (ADS)

Mukheli, Azwidowi; Mosupye, Gilbert; Swatuk, Larry A.

Following the severe drought of 1991-92, the City of Mutare embarked upon a concerted search for a secure water supply. This search culminated in the decision to transfer water from the Pungwe River via pipeline to the City of Mutare. This project was heralded as bringing 'purity, security, and prosperity' to the people of Mutare. Once again, and as is typical of Southern Africa today, a new 'supply' was presented as the 'solution' to the city's water problems. In this paper, we challenge this claim by presenting the case of Sakubva, a low income, and high-density suburb of Mutare, Zimbabwe. Residents of Sakubva face many problems relating to water supply and sanitation. Has the Pungwe-Mutare Water Project 'solved' these problems? In short, we argue that while the Pungwe project has ensured a steady supply of clean water to Sakubva, this water inadvertently worsens many of Sakubva's extant water and sanitation problems. In the absence of appropriate water demand management measures, supply alone is as much burden as it is blessing. In terms of methodology, between July 2000 and July 2001, members of the research team made several visits to the study area. This included a two-week home stay for two of the researchers-one in a private home in New Dangare, one in a shack in Muchena. Aside from direct participation and informal observation, a variety of methods were used: formal, semi-/structured interviews with key informants; informal, semi-structured interviews and focus group discussions with a cross-section of residents in Sakubva; transect walks where interviews were carried out both on formal and informal bases. Two peer educators from the Voices of Concerned Youth, City Health Department, Mutare assisted researchers. In addition, primary and secondary data were consulted.

Implementing an electronic medication overview in Belgium.

PubMed

Storms, Hannelore; Marquet, Kristel; Nelissen, Katherine; Hulshagen, Leen; Lenie, Jan; Remmen, Roy; Claes, Neree

2014-12-16

An accurate medication overview is essential to reduce medication errors. Therefore, it is essential to keep the medication overview up-to-date and to exchange healthcare information between healthcare professionals and patients. Digitally shared information yields possibilities to improve communication. However, implementing a digitally shared medication overview is challenging. This articles describes the development process of a secured, electronic platform designed for exchanging medication information as executed in a pilot study in Belgium, called "Vitalink". The goal of "Vitalink" is to improve the exchange of medication information between professionals working in healthcare and patients in order to achieve a more efficient cooperation and better quality of care. Healthcare professionals of primary and secondary health care and patients of four Belgian regions participated in the project. In each region project groups coordinated implementation and reported back to the steering committee supervising the pilot study. The electronic medication overview was developed based on consensus in the project groups. The steering committee agreed to establish secured and authorized access through the use of electronic identity documents (eID) and a secured, eHealth-platform conform prior governmental regulations regarding privacy and security of healthcare information. A successful implementation of an electronic medication overview strongly depends on the accessibility and usability of the tool for healthcare professionals. Coordinating teams of the project groups concluded, based on their own observations and on problems reported to them, that secured and quick access to medical data needed to be pursued. According to their observations, the identification process using the eHealth platform, crucial to ensure secured data, was very time consuming. Secondly, software packages should meet the needs of their users, thus be adapted to daily activities of healthcare professionals. Moreover, software should be easy to install and run properly. The project would have benefited from a cost analysis executed by the national bodies prior to implementation.

Modeling Security Bridge Certificate Authority Architecture

NASA Astrophysics Data System (ADS)

Ren, Yizhi; Li, Mingchu; Sakurai, Kouichi

Current Public Key Infrastructures suffer from a scaling problem, and some may have security problems, even given the topological simplification of bridge certification authorities. This paper analyzes the security problems in Bridge Certificate Authorities (BCA) model by using the concept of “impersonation risk, ” and proposes a new modified BCA model, which enhances its security, but is a bit more complex incertification path building and implementation than the existing one.

New optimization model for routing and spectrum assignment with nodes insecurity

NASA Astrophysics Data System (ADS)

Xuan, Hejun; Wang, Yuping; Xu, Zhanqi; Hao, Shanshan; Wang, Xiaoli

2017-04-01

By adopting the orthogonal frequency division multiplexing technology, elastic optical networks can provide the flexible and variable bandwidth allocation to each connection request and get higher spectrum utilization. The routing and spectrum assignment problem in elastic optical network is a well-known NP-hard problem. In addition, information security has received worldwide attention. We combine these two problems to investigate the routing and spectrum assignment problem with the guaranteed security in elastic optical network, and establish a new optimization model to minimize the maximum index of the used frequency slots, which is used to determine an optimal routing and spectrum assignment schemes. To solve the model effectively, a hybrid genetic algorithm framework integrating a heuristic algorithm into a genetic algorithm is proposed. The heuristic algorithm is first used to sort the connection requests and then the genetic algorithm is designed to look for an optimal routing and spectrum assignment scheme. In the genetic algorithm, tailor-made crossover, mutation and local search operators are designed. Moreover, simulation experiments are conducted with three heuristic strategies, and the experimental results indicate that the effectiveness of the proposed model and algorithm framework.

An authentication scheme for secure access to healthcare services.

PubMed

Khan, Muhammad Khurram; Kumari, Saru

2013-08-01

Last few decades have witnessed boom in the development of information and communication technologies. Health-sector has also been benefitted with this advancement. To ensure secure access to healthcare services some user authentication mechanisms have been proposed. In 2012, Wei et al. proposed a user authentication scheme for telecare medical information system (TMIS). Recently, Zhu pointed out offline password guessing attack on Wei et al.'s scheme and proposed an improved scheme. In this article, we analyze both of these schemes for their effectiveness in TMIS. We show that Wei et al.'s scheme and its improvement proposed by Zhu fail to achieve some important characteristics necessary for secure user authentication. We find that security problems of Wei et al.'s scheme stick with Zhu's scheme; like undetectable online password guessing attack, inefficacy of password change phase, traceability of user's stolen/lost smart card and denial-of-service threat. We also identify that Wei et al.'s scheme lacks forward secrecy and Zhu's scheme lacks session key between user and healthcare server. We therefore propose an authentication scheme for TMIS with forward secrecy which preserves the confidentiality of air messages even if master secret key of healthcare server is compromised. Our scheme retains advantages of Wei et al.'s scheme and Zhu's scheme, and offers additional security. The security analysis and comparison results show the enhanced suitability of our scheme for TMIS.

A Secure and Efficient Threshold Group Signature Scheme

NASA Astrophysics Data System (ADS)

Zhang, Yansheng; Wang, Xueming; Qiu, Gege

The paper presents a secure and efficient threshold group signature scheme aiming at two problems of current threshold group signature schemes: conspiracy attack and inefficiency. Scheme proposed in this paper takes strategy of separating designed clerk who is responsible for collecting and authenticating each individual signature from group, the designed clerk don't participate in distribution of group secret key and has his own public key and private key, designed clerk needs to sign part information of threshold group signature after collecting signatures. Thus verifier has to verify signature of the group after validating signature of the designed clerk. This scheme is proved to be secure against conspiracy attack at last and is more efficient by comparing with other schemes.

The Cyber Security Crisis

ScienceCinema

Spafford, Eugene

2018-05-11

Despite considerable activity and attention, the overall state of information security continues to get worse. Attacks are increasing, fraud and theft are rising, and losses may exceed $100 billion per year worldwide. Many factors contribute to this, including misplaced incentives for industry, a lack of attention by government, ineffective law enforcement, and an uninformed image of who the perpetrators really are. As a result, many of the intended attempts at solutions are of limited (if any) overall effectiveness. This presentation will illustrate some key aspects of the cyber security problem and its magnitude, as well as provide some insight into causes and enabling factors. The talk will conclude with some observations on how the computing community can help improve the situation, as well as some suggestions for 'cyber self-defense.'

Information security: from classical to quantum

NASA Astrophysics Data System (ADS)

Barnett, Stephen M.; Brougham, Thomas

2012-09-01

Quantum cryptography was designed to provide a new approach to the problem of distributing keys for private-key cryptography. The principal idea is that security can be ensured by exploiting the laws of quantum physics and, in particular, by the fact that any attempt to measure a quantum state will change it uncontrollably. This change can be detected by the legitimate users of the communication channel and so reveal to them the presence of an eavesdropper. In this paper I explain (briefly) how quantum key distribution works and some of the progress that has been made towards making this a viable technology. With the principles of quantum communication and quantum key distribution firmly established, it is perhaps time to consider how efficient it can be made. It is interesting to ask, in particular, how many bits of information might reasonably be encoded securely on each photon. The use of photons entangled in their time of arrival might make it possible to achieve data rates in excess of 10 bits per photon.

THE SCHOOL AND THE MIGRANT CHILD--A SURVEY INTERPRETED.

ERIC Educational Resources Information Center

National Committee on the Education of Migrant Children, Washington, DC.

A SURVEY CONDUCTED TO SECURE INFORMATION ON CONDITIONS AFFECTING MIGRANT CHILDREN IS PRESENTED. A FIVE-PART QUESTIONNAIRE DELINEATES THE NUMBER OF MIGRANT CHILDREN IN A GIVEN STATE, THEIR PARTICIPATION IN REGULAR AND SUMMER TERMS, AND NEEDS AND PROBLEMS CONNECTED WITH THEIR CLASSROOM ATTENDANCE. THE QUESTIONNAIRE HAS BEEN SENT TO DEPARTMENTS OF…

The Dichotomous Relationship between Personality Traits and Repatriation Decisions by Information Technology Workers

ERIC Educational Resources Information Center

Pearson, Marcia L. Y.

2013-01-01

Researchers have consistently documented high turnover rates among repatriated workers after overseas assignments, mainly due to post-repatriation concerns about career advancement, compensation reduction, subsequent use of overseas experience, and job security. What is unknown is a method to alleviate this problem by selecting the types of…

75 FR 18857 - Privacy Act of 1974; Department of Homeland Security Citizenship and Immigration Services...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-13

... processing of information and to aid the Ombudsman in assisting individuals and employers in making systemic... individuals and employers problems allowing the Ombudsman to make systemic recommendations to USCIS. The... prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either...

The Design and Realization of Net Testing System on Campus Network

ERIC Educational Resources Information Center

Ren, Zhanying; Liu, Shijie

2005-01-01

According to the requirement of modern teaching theory and technology, based on software engineering, database theory, the technique of net information security and system integration, a net testing system on local network was designed and realized. The system benefits for dividing of testing & teaching and settles the problems of random…

The Wicked Problem of Information Sharing in Homeland Security - A Leadership Perspective

DTIC Science & Technology

2014-06-01

filled environment. One such coping strategy termed emotion work, describes how analysts manage their feelings to display a public face or bodily ...in many aspects of Western culture but 56 Jeff Conklin, Dialogue Mapping : Building Shared...effective, whether modifications should be 60 Conklin, Dialogue Mapping : Building Shared Understanding

Privacy vs usability: a qualitative exploration of patients' experiences with secure Internet communication with their general practitioner.

PubMed

Tjora, Aksel; Tran, Trung; Faxvaag, Arild

2005-05-31

Direct electronic communication between patients and physicians has the potential to empower patients and improve health care services. Communication by regular email is, however, considered a security threat in many countries and is not recommended. Systems which offer secure communication have now emerged. Unlike regular email, secure systems require that users authenticate themselves. However, the authentication steps per se may become barriers that reduce use. The objective was to study the experiences of patients who were using a secure electronic communication system. The focus of the study was the users' privacy versus the usability of the system. Qualitative interviews were conducted with 15 patients who used a secure communication system (MedAxess) to exchange personal health information with their primary care physician. Six main themes were identified from the interviews: (1) supporting simple questions, (2) security issues, (3) aspects of written communication, (4) trust in the physician, (5) simplicity of MedAxess, and (6) trouble using the system. By using the system, about half of the patients (8/15) experienced easier access to their physician, with whom they tended to solve minor health problems and elaborate on more complex illness experiences. Two thirds of the respondents (10/15) found that their physician quickly responded to their MedAxess requests. As a result of the security barriers, the users felt that the system was secure. However, due to the same barriers, the patients considered the log-in procedure cumbersome, which had considerable negative impact on the actual use of the system. Despite a perceived need for secure electronic patient-physician communication systems, security barriers may diminish their overall usefulness. A dual approach is necessary to improve this situation: patients need to be better informed about security issues, and, at the same time, their experiences of using secure systems must be studied and used to improve user interfaces.

Privacy vs Usability: A Qualitative Exploration of Patients' Experiences With Secure Internet Communication With Their General Practitioner

PubMed Central

Tran, Trung; Faxvaag, Arild

2005-01-01

Background Direct electronic communication between patients and physicians has the potential to empower patients and improve health care services. Communication by regular email is, however, considered a security threat in many countries and is not recommended. Systems which offer secure communication have now emerged. Unlike regular email, secure systems require that users authenticate themselves. However, the authentication steps per se may become barriers that reduce use. Objectives The objective was to study the experiences of patients who were using a secure electronic communication system. The focus of the study was the users' privacy versus the usability of the system. Methods Qualitative interviews were conducted with 15 patients who used a secure communication system (MedAxess) to exchange personal health information with their primary care physician. Results Six main themes were identified from the interviews: (1) supporting simple questions, (2) security issues, (3) aspects of written communication, (4) trust in the physician, (5) simplicity of MedAxess, and (6) trouble using the system. By using the system, about half of the patients (8/15) experienced easier access to their physician, with whom they tended to solve minor health problems and elaborate on more complex illness experiences. Two thirds of the respondents (10/15) found that their physician quickly responded to their MedAxess requests. As a result of the security barriers, the users felt that the system was secure. However, due to the same barriers, the patients considered the log-in procedure cumbersome, which had considerable negative impact on the actual use of the system. Conclusions Despite a perceived need for secure electronic patient-physician communication systems, security barriers may diminish their overall usefulness. A dual approach is necessary to improve this situation: patients need to be better informed about security issues, and, at the same time, their experiences of using secure systems must be studied and used to improve user interfaces. PMID:15998606

Relationship between Food Security with Sugar Level and Blood Pressure in Diabetes Type 2 in Tehran.

PubMed

Moghadam, Seyed Amir Hossein Zehni; Javadi, Maryam; Mohammadpooral, Asghar

2016-12-01

Food security has been defined as the "availability, stability, access and utilization of safe foods". Diabetes has been known as one of the biggest health and medical problems throughout the world and is clearly related to lifestyle, and particularly, improper food consumption. The aim of this study was to determine the relationship between food security with sugar and blood pressure in patients suffering from type 2 diabetes who refer to diabetes centers in Tehran. This cross-sectional study was conducted in 2015 on type 2 diabetes patients in Tehran, Iran. From two diabetes centers in the eastern and southern parts of Tehran, 243 type 2 diabetes patients were selected. Necessary information (demographic and food security information) about all the studied persons was collected using the standard questionnaire verified by US Department of Agriculture (USDA). The data was analyzed by SPSS version 16, statistical comparisons were made using analysis of variance (ANOVA) and Chi-square and Tukey tests and a significant level of <0.05. Most subjects were female (68.7%). There was no significant relationship between gender and food security (p=0.372). No significant relation was observed between food security and fasting blood pressure, HbA1C, and systolic blood pressure (p>0.05), but there was a significant relationship between food security and diastolic blood pressure (p= 0.030). According to the relationship between diastolic blood pressure and food security and the role of blood pressure in the irreparable diabetic complications, it is recommended to perform appropriate food advice.

Negligence in securing informed consent and medical malpractice.

PubMed

Perry, C

1988-01-01

The doctrine of informed consent requires that the patient must act voluntarily and in the light of adequate information in order to give legally valid consent to medical care. Different models have been developed by various courts to determine whether the informational requirement, what the physician must disclose to the patient about the potential risks of the proposed treatment, has been met under the tort theory of negligence. To prevail, the patient plaintiff must show that a particular jurisdiction's disclosure standard has been breached, that harm has resulted, and that the defendant physician's negligent failure to discuss certain risks was causally responsible for the patient's failure to withhold consent. Perry discusses possible problems of redundancy or inconsistency concerning the relationship between different models for disclosure and causality, and notes that these problems may have serious implications for patient autonomy.

Hacking and securing the AR.Drone 2.0 quadcopter: investigations for improving the security of a toy

NASA Astrophysics Data System (ADS)

Pleban, Johann-Sebastian; Band, Ricardo; Creutzburg, Reiner

2014-02-01

In this article we describe the security problems of the Parrot AR.Drone 2.0 quadcopter. Due to the fact that it is promoted as a toy with low acquisition costs, it may end up being used by many individuals which makes it a target for harmful attacks. In addition, the videostream of the drone could be of interest for a potential attacker due to its ability of revealing confidential information. Therefore, we will perform a security threat analysis on this particular drone. We will set the focus mainly on obvious security vulnerabilities like the unencrypted Wi-Fi connection or the user management of the GNU/Linux operating system which runs on the drone. We will show how the drone can be hacked in order to hijack the AR.Drone 2.0. Our aim is to sensitize the end-user of AR.Drones by describing the security vulnerabilities and to show how the AR.Drone 2.0 could be secured from unauthorized access. We will provide instructions to secure the drones Wi-Fi connection and its operation with the official Smartphone App and third party PC software.

Mobile Device Security: Perspectives of Future Healthcare Workers

PubMed Central

Hewitt, Barbara; Dolezel, Diane; McLeod, Alexander

2017-01-01

Healthcare data breaches on mobile devices continue to increase, yet the healthcare industry has not adopted mobile device security standards. This increase is disturbing because individuals are often accessing patients’ protected health information on personal mobile devices, which could lead to a data breach. This deficiency led the researchers to explore the perceptions of future healthcare workers regarding mobile device security. To determine healthcare students’ perspectives on mobile device security, the investigators designed and distributed a survey based on the Technology Threat Avoidance Theory. Three hundred thirty-five students participated in the survey. The data were analyzed to determine participants’ perceptions about security threats, effectiveness and costs of safeguards, self-efficacy, susceptibility, severity, and their motivation and actions to secure their mobile devices. Awareness of interventions to protect mobile devices was also examined. Results indicate that while future healthcare professionals perceive the severity of threats to their mobile data, they do not feel personally susceptible. Additionally, participants were knowledgeable about security safeguards, but their knowledge of costs and problems related to the adoption of these measures was mixed. These findings indicate that increasing security awareness of healthcare professionals should be a priority. PMID:28566992

Mobile Device Security: Perspectives of Future Healthcare Workers.

PubMed

Hewitt, Barbara; Dolezel, Diane; McLeod, Alexander

2017-01-01

Healthcare data breaches on mobile devices continue to increase, yet the healthcare industry has not adopted mobile device security standards. This increase is disturbing because individuals are often accessing patients' protected health information on personal mobile devices, which could lead to a data breach. This deficiency led the researchers to explore the perceptions of future healthcare workers regarding mobile device security. To determine healthcare students' perspectives on mobile device security, the investigators designed and distributed a survey based on the Technology Threat Avoidance Theory. Three hundred thirty-five students participated in the survey. The data were analyzed to determine participants' perceptions about security threats, effectiveness and costs of safeguards, self-efficacy, susceptibility, severity, and their motivation and actions to secure their mobile devices. Awareness of interventions to protect mobile devices was also examined. Results indicate that while future healthcare professionals perceive the severity of threats to their mobile data, they do not feel personally susceptible. Additionally, participants were knowledgeable about security safeguards, but their knowledge of costs and problems related to the adoption of these measures was mixed. These findings indicate that increasing security awareness of healthcare professionals should be a priority.

A review on several key problems of standoff trace explosives detection by optical-related technology

NASA Astrophysics Data System (ADS)

Chen, Zhibin; Xiao, Cheng; Xiao, Wenjian; Qin, Mengze; Liu, Xianhong

2016-01-01

To prevent tragic disasters caused by terror acts and warfare threats, security check personnel must be capable of discovering, distinguishing and eliminating the explosives at multiple circumstances. Standoff technology for the remote detection of explosives and their traces on contaminated surfaces is a research field that has become a heightened priority in recent years for homeland security and counter-terrorism applications. There has been a huge increase in research within this area, the improvement of standoff trace explosives detection by optical-related technology. This paper provides a consolidation of information relating to recent advances in several key problems of, without being limited to one specific research area or explosive type. Working laser wavelength of detection system is discussed. Generation and collection of explosives spectra signal are summarized. Techniques for analysing explosives spectra signal are summed up.

Negative emotionality moderates associations among attachment, toddler sleep, and later problem behaviors.

PubMed

Troxel, Wendy M; Trentacosta, Christopher J; Forbes, Erika E; Campbell, Susan B

2013-02-01

Secure parent-child relationships are implicated in children's self-regulation, including the ability to self-soothe at bedtime. Sleep, in turn, may serve as a pathway linking attachment security with subsequent emotional and behavioral problems in children. We used path analysis to examine the direct relationship between attachment security and maternal reports of sleep problems during toddlerhood and the degree to which sleep serves as a pathway linking attachment with subsequent teacher-reported emotional and behavioral problems. We also examined infant negative emotionality as a vulnerability factor that may potentiate attachment-sleep-adjustment outcomes. Data were drawn from 776 mother-infant dyads participating in the National Institute of Child and Human Development Study of Early Child Care. After statistically adjusting for mother and child characteristics, including child sleep and emotional and behavioral problems at 24 months, we found no evidence for a statistically significant direct path between attachment security and sleep problems at 36 months; however, there was a direct relationship between sleep problems at 36 months and internalizing problems at 54 months. Path models that examined the moderating influence of infant negative emotionality demonstrated significant direct relationships between attachment security and toddler sleep problems and between sleep problems and subsequent emotional and behavioral problems, but only among children characterized by high negative emotionality at 6 months. In addition, among this subset, there was a significant indirect path between attachment and internalizing problems through sleep problems. These longitudinal findings implicate sleep as one critical pathway linking attachment security with adjustment difficulties, particularly among temperamentally vulnerable children. PsycINFO Database Record (c) 2013 APA, all rights reserved.

Negative Emotionality Moderates Associations among Attachment, Toddler Sleep, and Later Problem Behaviors

PubMed Central

Troxel, Wendy M.; Trentacosta, Christopher J.; Forbes, Erika E.; Campbell, Susan B.

2013-01-01

Secure parent-child relationships are implicated in children’s self-regulation, including the ability to self-soothe at bedtime. Sleep, in turn, may serve as a pathway linking attachment security with subsequent emotional and behavioral problems in children. We used path analysis to examine the direct relationship between attachment security and maternal-reports of sleep problems during toddlerhood, and the degree to which sleep serves as a pathway linking attachment with subsequent teacher-reported emotional and behavioral problems. We also examined infant negative emotionality as a vulnerability factor that may potentiate attachment-sleep-adjustment outcomes. Data were drawn from 776 mother-infant dyads participating in the NICHD Study of Early Child Care (SECC). In the full sample, after statistically adjusting for mother and child characteristics, including child sleep and emotional and behavioral problems at 24 months, we did not find evidence for a statistically significant direct path between attachment security and sleep problems at 36 months; however, there was a direct relationship between sleep problems at 36 months and internalizing problems at 54 months. Path models that examined the moderating influence of infant negative emotionality demonstrated significant direct relationships between attachment security and toddler sleep problems, and sleep problems and subsequent emotional and behavioral problems, but only among children characterized by high negative emotionality at 6 months of age. In addition, among this subset, there was a significant indirect path between attachment and internalizing problems through sleep problems. These longitudinal findings implicate sleep as one critical pathway linking attachment security with adjustment difficulties, particularly among temperamentally vulnerable children. PMID:23421840

Facilitating Secure Sharing of Personal Health Data in the Cloud.

PubMed

Thilakanathan, Danan; Calvo, Rafael A; Chen, Shiping; Nepal, Surya; Glozier, Nick

2016-05-27

Internet-based applications are providing new ways of promoting health and reducing the cost of care. Although data can be kept encrypted in servers, the user does not have the ability to decide whom the data are shared with. Technically this is linked to the problem of who owns the data encryption keys required to decrypt the data. Currently, cloud service providers, rather than users, have full rights to the key. In practical terms this makes the users lose full control over their data. Trust and uptake of these applications can be increased by allowing patients to feel in control of their data, generally stored in cloud-based services. This paper addresses this security challenge by providing the user a way of controlling encryption keys independently of the cloud service provider. We provide a secure and usable system that enables a patient to share health information with doctors and specialists. We contribute a secure protocol for patients to share their data with doctors and others on the cloud while keeping complete ownership. We developed a simple, stereotypical health application and carried out security tests, performance tests, and usability tests with both students and doctors (N=15). We developed the health application as an app for Android mobile phones. We carried out the usability tests on potential participants and medical professionals. Of 20 participants, 14 (70%) either agreed or strongly agreed that they felt safer using our system. Using mixed methods, we show that participants agreed that privacy and security of health data are important and that our system addresses these issues. We presented a security protocol that enables patients to securely share their eHealth data with doctors and nurses and developed a secure and usable system that enables patients to share mental health information with doctors.

Safety and privacy outcomes from a moderated online social therapy for young people with first-episode psychosis.

PubMed

Gleeson, John F; Lederman, Reeva; Wadley, Greg; Bendall, Sarah; McGorry, Patrick D; Alvarez-Jimenez, Mario

2014-04-01

Internet-based treatments for early psychosis offer considerable promise, but safety and security need to be established. This study pilot tested Horyzons, a novel online treatment application that integrates purpose-built moderated social networking with psychoeducation for recovery from early psychosis. Safety, privacy, and security were evaluated during a one-month single-group trial with 20 young consumers recovering from early psychosis who were recruited in Melbourne, Australia. Known clinical risk factors informed the safety protocol. Safety, privacy, and security were evaluated with respect to relapse and self-harm, users' perceptions of safety and privacy, and activity using Horyzons. No clinical or security problems with use of Horyzons were noted. Participants described feeling safe and trusting Horyzons. Private moderated online social networking combined with psychoeducation was a safe and secure therapeutic environment for consumers recovering from a first episode of psychosis. Testing the intervention in a randomized controlled trial is warranted.

Common Criteria Related Security Design Patterns—Validation on the Intelligent Sensor Example Designed for Mine Environment

PubMed Central

Bialas, Andrzej

2010-01-01

The paper discusses the security issues of intelligent sensors that are able to measure and process data and communicate with other information technology (IT) devices or systems. Such sensors are often used in high risk applications. To improve their robustness, the sensor systems should be developed in a restricted way to provide them with assurance. One of assurance creation methodologies is Common Criteria (ISO/IEC 15408), used for IT products and systems. The contribution of the paper is a Common Criteria compliant and pattern-based method for the intelligent sensors security development. The paper concisely presents this method and its evaluation for the sensor detecting methane in a mine, focusing on the security problem of the intelligent sensor definition and solution. The aim of the validation is to evaluate and improve the introduced method. PMID:22399888

Unfalsifiability of security claims.

PubMed

Herley, Cormac

2016-06-07

There is an inherent asymmetry in computer security: Things can be declared insecure by observation, but not the reverse. There is no observation that allows us to declare an arbitrary system or technique secure. We show that this implies that claims of necessary conditions for security (and sufficient conditions for insecurity) are unfalsifiable. This in turn implies an asymmetry in self-correction: Whereas the claim that countermeasures are sufficient is always subject to correction, the claim that they are necessary is not. Thus, the response to new information can only be to ratchet upward: Newly observed or speculated attack capabilities can argue a countermeasure in, but no possible observation argues one out. Further, when justifications are unfalsifiable, deciding the relative importance of defensive measures reduces to a subjective comparison of assumptions. Relying on such claims is the source of two problems: once we go wrong we stay wrong and errors accumulate, and we have no systematic way to rank or prioritize measures.

A cognitive and economic decision theory for examining cyber defense strategies.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bier, Asmeret Brooke

Cyber attacks pose a major threat to modern organizations. Little is known about the social aspects of decision making among organizations that face cyber threats, nor do we have empirically-grounded models of the dynamics of cooperative behavior among vulnerable organizations. The effectiveness of cyber defense can likely be enhanced if information and resources are shared among organizations that face similar threats. Three models were created to begin to understand the cognitive and social aspects of cyber cooperation. The first simulated a cooperative cyber security program between two organizations. The second focused on a cyber security training program in which participantsmore » interact (and potentially cooperate) to solve problems. The third built upon the first two models and simulates cooperation between organizations in an information-sharing program.« less

Freedom, security and justice: the thin end of the wedge for biometrics?

PubMed

Lodge, Juliet

2007-01-01

This paper examines an area of EU policy where the application of information and communication tecnology (ICT) poses acutely difficult problems for policymakers: freedom, security and justice. It focuses on the absence of an ethical debate about the adoption of ICT-based instruments in this area. It highlights the implausibility of simply adopting codes of ethical practice from the health sector to close the public trust deficit. It argues that health and justice professionals need to cooperate in order to create a code of ethical e-governance fit for an e-governance age.

Integrated Cognitive-neuroscience Architectures for Understanding Sensemaking (ICArUS): Phase 2 Challenge Problem Design and Test Specification

DTIC Science & Technology

2014-11-01

intelligence. No. Title of Case Study P U Pc Pt Ft Pa 1 Clinical vs. Actuarial Geospatial Profiling Strategies X X 2 Route Security in Baghdad X...support. Information Sciences , 176, 1570-1589. Burns, K. (2005). Mental models and normal errors. In Montgomery, H., Lipshitz, & Brehmer, B. (eds...utilities. Information Sciences , 179, 1599-1607. Davis, M. (1997). Game Theory: A Nontechnical Introduction. New York: Dover. Edwards, W. (1982

The research and implementation of a unified identity authentication in e-government network

NASA Astrophysics Data System (ADS)

Feng, Zhou

Current problem existing in e-government network is that the applications of information system are developed independently by various departments, and each has its own specific set of authentication and access control mechanism. To build a comprehensive information system in favor of sharing and exchanging information, a sound and secure unified e-government authentication system is firstly needed. The paper, combining with practical development of e-government network, carries out a thorough discussion on how to achieve data synchronization between unified authentication system and related application systems.

Key management schemes using routing information frames in secure wireless sensor networks

NASA Astrophysics Data System (ADS)

Kamaev, V. A.; Finogeev, A. G.; Finogeev, A. A.; Parygin, D. S.

2017-01-01

The article considers the problems and objectives of key management for data encryption in wireless sensor networks (WSN) of SCADA systems. The structure of the key information in the ZigBee network and methods of keys obtaining are discussed. The use of a hybrid key management schemes is most suitable for WSN. The session symmetric key is used to encrypt the sensor data, asymmetric keys are used to encrypt the session key transmitted from the routing information. Three algorithms of hybrid key management using routing information frames determined by routing methods and the WSN topology are presented.

Transit security : a description of problems and countermeasures

DOT National Transportation Integrated Search

1984-10-01

This report provides a broad perspective on transit security. It examines a wide range of transit security problems encountered by transit systems, namely: crime against passengers and employees; crimes involving revenues, including fare evasion by p...

Full-Duplex Bidirectional Secure Communications Under Perfect and Distributionally Ambiguous Eavesdropper's CSI

NASA Astrophysics Data System (ADS)

Li, Qiang; Zhang, Ying; Lin, Jingran; Wu, Sissi Xiaoxiao

2017-09-01

Consider a full-duplex (FD) bidirectional secure communication system, where two communication nodes, named Alice and Bob, simultaneously transmit and receive confidential information from each other, and an eavesdropper, named Eve, overhears the transmissions. Our goal is to maximize the sum secrecy rate (SSR) of the bidirectional transmissions by optimizing the transmit covariance matrices at Alice and Bob. To tackle this SSR maximization (SSRM) problem, we develop an alternating difference-of-concave (ADC) programming approach to alternately optimize the transmit covariance matrices at Alice and Bob. We show that the ADC iteration has a semi-closed-form beamforming solution, and is guaranteed to converge to a stationary solution of the SSRM problem. Besides the SSRM design, this paper also deals with a robust SSRM transmit design under a moment-based random channel state information (CSI) model, where only some roughly estimated first and second-order statistics of Eve's CSI are available, but the exact distribution or other high-order statistics is not known. This moment-based error model is new and different from the widely used bounded-sphere error model and the Gaussian random error model. Under the consider CSI error model, the robust SSRM is formulated as an outage probability-constrained SSRM problem. By leveraging the Lagrangian duality theory and DC programming, a tractable safe solution to the robust SSRM problem is derived. The effectiveness and the robustness of the proposed designs are demonstrated through simulations.

Perceptions of the importance and control of professional problems in the clinical setting.

PubMed

Maupomé, G; Borges-Yáñez, S A; Dáez-de-Bonilla, F J; Pineda-Cruz, A

2001-01-01

The objective of this study was to identify the relative importance of culturally relevant professional problems and the degree of control over them, as perceived by dentists and dental students in Mexico City, Mexico. The dentists and students ranked 13 problems according to importance and then according to the perceived degree of control over each one. Novice clinicians were less secure about their ability to cope with the legal, financial, and clinical performance problems, whereas experienced clinicians were more concerned about occupational hazards and the dental market and culture. Both reported similar perceptions of their control of the problems. This preliminary information should support introducing into dental schools relevant practice-management courses, targeting continuing education efforts, and instituting professional counseling measures to meet the challenges posed by these problems.

Information Acquisition, Analysis and Integration

DTIC Science & Technology

2016-08-03

of sensing and processing, theory, applications, signal processing, image and video processing, machine learning , technology transfer. 16. SECURITY... learning . 5. Solved elegantly old problems like image and video debluring, intro- ducing new revolutionary approaches. 1 DISTRIBUTION A: Distribution...Polatkan, G. Sapiro, D. Blei, D. B. Dunson, and L. Carin, “ Deep learning with hierarchical convolution factor analysis,” IEEE 6 DISTRIBUTION A

Roles for Schools and School Social Workers in Improving Child Food Security

ERIC Educational Resources Information Center

Fram, Maryah Stella; Frongillo, Edward A.; Fishbein, Eliza M.; Burke, Michael P.

2014-01-01

Food insecurity is associated with a range of child developmental, behavioral, and emotional challenges, all of which can inhibit a child's school success. Schools offer a number of formal and informal services aimed at reducing food insecurity, but the problems associated with identifying children in need, addressing issues of stigma, and…

A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

ERIC Educational Resources Information Center

Francois, Michael T.

2016-01-01

Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

NetWall distributed firewall in the use of campus network

NASA Astrophysics Data System (ADS)

He, Junhua; Zhang, Pengshuai

2011-10-01

Internet provides a modern means of education but also non-mainstream consciousness and poor dissemination of information opens the door, network and moral issues have become prominent, poor dissemination of information and network spread rumors and negative effects of new problems, ideological and political education in schools had a huge impact, poses a severe challenge. This paper presents a distributed firewall will NetWall deployed in a campus network solution. The characteristics of the campus network, using technology to filter out bad information on the means of control, of sensitive information related to the record, establish a complete information security management platform for the campus network.

The Shaping of Managers' Security Objectives through Information Security Awareness Training

ERIC Educational Resources Information Center

Harris, Mark A.

2010-01-01

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

The Cyber Security Crisis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Spafford, Eugene

2006-05-10

Despite considerable activity and attention, the overall state of information security continues to get worse. Attacks are increasing, fraud and theft are rising, and losses may exceed $100 billion per year worldwide. Many factors contribute to this, including misplaced incentives for industry, a lack of attention by government, ineffective law enforcement, and an uninformed image of who the perpetrators really are. As a result, many of the intended attempts at solutions are of limited (if any) overall effectiveness. This presentation will illustrate some key aspects of the cyber security problem and its magnitude, as well as provide some insight intomore » causes and enabling factors. The talk will conclude with some observations on how the computing community can help improve the situation, as well as some suggestions for 'cyber self-defense.'« less

A cross-case comparative analysis of international security forces' impacts on health systems in conflict-affected and fragile states.

PubMed

Bourdeaux, Margaret; Kerry, Vanessa; Haggenmiller, Christian; Nickel, Karlheinz

2015-01-01

Destruction of health systems in fragile and conflict-affected states increases civilian mortality. Despite the size, scope, scale and political influence of international security forces intervening in fragile states, little attention has been paid to array of ways they may impact health systems beyond their effects on short-term humanitarian health aid delivery. Using case studies we published on international security forces' impacts on health systems in Haiti, Kosovo, Afghanistan and Libya, we conducted a comparative analysis that examined three questions: What aspects, or building blocks, of health systems did security forces impact across the cases and what was the nature of these impacts? What forums or mechanisms did international security forces use to interact with health system actors? What policies facilitated or hindered security forces from supporting health systems? We found international security forces impacted health system governance, information systems and indigenous health delivery organizations. Positive impacts included bolstering the authority, transparency and capability of health system leadership. Negative impacts included undermining the impartial nature of indigenous health institutions by using health projects to achieve security objectives. Interactions between security and health actors were primarily ad hoc, often to the detriment of health system support efforts. When international security forces were engaged in health system support activities, the most helpful communication and consultative mechanisms to manage their involvement were ones that could address a wide array of problems, were nimble enough to accommodate rapidly changing circumstances, leveraged the power of personal relationships, and were able to address the tensions that arose between security and health system supporting strategies. Policy barriers to international security organizations participating in health system support included lack of mandate, conflicts between security strategies and health system preservation, and lack of interoperability between security and indigenous health organizations with respect to logistics and sharing information. The cases demonstrate both the opportunities and risks of international security organizations involvement in health sector protection, recovery and reconstruction. We discuss two potential approaches to engaging these organizations in health system support that may increase the chances of realizing these opportunities while mitigating risks.

Cyberspace modernization. An interest protocol planning advisory

DOE Office of Scientific and Technical Information (OSTI.GOV)

Keliiaa, Curtis M.; McLane, Victor N.

A common challenge across the communications and information technology (IT) sectors is Internet + modernization + complexity + risk + cost. Cyberspace modernization and cyber security risks, issues, and concerns impact service providers, their customers, and the industry at large. Public and private sectors are struggling to solve the problem. New service opportunities lie in mobile voice, video, and data, and machine-to-machine (M2M) information and communication technologies that are migrating not only to predominant Internet Protocol (IP) communications, but also concurrently integrating IP, version 4 (IPv4) and IP, version 6 (IPv6). With reference to the Second Internet and the Internetmore » of Things, next generation information services portend business survivability in the changing global market. The planning, architecture, and design information herein is intended to increase infrastructure preparedness, security, interoperability, resilience, and trust in the midst of such unprecedented change and opportunity. This document is a product of Sandia National Laboratories Tribal Cyber and IPv6 project work. It is a Cyberspace Modernization objective advisory in support of bridging the digital divide through strategic partnership and an informed path forward.« less

Secure searching of biomarkers through hybrid homomorphic encryption scheme.

PubMed

Kim, Miran; Song, Yongsoo; Cheon, Jung Hee

2017-07-26

As genome sequencing technology develops rapidly, there has lately been an increasing need to keep genomic data secure even when stored in the cloud and still used for research. We are interested in designing a protocol for the secure outsourcing matching problem on encrypted data. We propose an efficient method to securely search a matching position with the query data and extract some information at the position. After decryption, only a small amount of comparisons with the query information should be performed in plaintext state. We apply this method to find a set of biomarkers in encrypted genomes. The important feature of our method is to encode a genomic database as a single element of polynomial ring. Since our method requires a single homomorphic multiplication of hybrid scheme for query computation, it has the advantage over the previous methods in parameter size, computation complexity, and communication cost. In particular, the extraction procedure not only prevents leakage of database information that has not been queried by user but also reduces the communication cost by half. We evaluate the performance of our method and verify that the computation on large-scale personal data can be securely and practically outsourced to a cloud environment during data analysis. It takes about 3.9 s to search-and-extract the reference and alternate sequences at the queried position in a database of size 4M. Our solution for finding a set of biomarkers in DNA sequences shows the progress of cryptographic techniques in terms of their capability can support real-world genome data analysis in a cloud environment.

[Security specifications for electronic medical records on the Internet].

PubMed

Mocanu, Mihai; Mocanu, Carmen

2007-01-01

The extension for the Web applications of the Electronic Medical Record seems both interesting and promising. Correlated with the expansion of Internet in our country, it allows the interconnection of physicians of different specialties and their collaboration for better treatment of patients. In this respect, the ophthalmologic medical applications consider the increased possibilities for monitoring chronic ocular diseases and for the identification of some elements for early diagnosis and risk factors supervision. We emphasize in this survey some possible solutions to the problems of interconnecting medical information systems to the Internet: the achievement of interoperability within medical organizations through the use of open standards, the automated input and processing for ocular imaging, the use of data reduction techniques in order to increase the speed of image retrieval in large databases, and, last but not least, the resolution of security and confidentiality problems in medical databases.

Ground water security and drought in Africa: linking availability, access, and demand.

PubMed

Calow, Roger C; Macdonald, Alan M; Nicol, Alan L; Robins, Nick S

2010-01-01

Drought in Africa has been extensively researched, particularly from meteorological, agricultural, and food security perspectives. However, the impact of drought on water security, particularly ground water dependent rural water supplies, has received much less attention. Policy responses have concentrated on food needs, and it has often been difficult to mobilize resources for water interventions, despite evidence that access to safe water is a serious and interrelated concern. Studies carried out in Ghana, Malawi, South Africa, and Ethiopia highlight how rural livelihoods are affected by seasonal stress and longer-term drought. Declining access to food and water is a common and interrelated problem. Although ground water plays a vital role in buffering the effects of rainfall variability, water shortages and difficulties in accessing water that is available can affect domestic and productive water uses, with knock-on effects on food consumption and production. Total depletion of available ground water resources is rarely the main concern. A more common scenario is a spiral of water insecurity as shallow water sources fail, additional demands are put on remaining sources, and mechanical failures increase. These problems can be planned for within normal development programs. Water security mapping can help identify vulnerable areas, and changes to monitoring systems can ensure early detection of problems. Above all, increasing the coverage of ground water-based rural water supplies, and ensuring that the design and siting of water points is informed by an understanding of hydrogeological conditions and user demand, can significantly increase the resilience of rural communities to climate variability.

A layered trust information security architecture.

PubMed

de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

2014-12-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

77 FR 12623 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National... Information Security Oversight Office no later than Friday, March 16, 2012. The Information Security Oversight... FURTHER INFORMATION CONTACT: David O. Best, Senior Program Analyst, The Information Security Oversight...

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

75 FR 49943 - New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-16

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY: Transportation... INFORMATION CONTACT: Joanna Johnson, Office of Information Technology, TSA-11, Transportation Security...

Juvenile Justice: DOJ Is Enhancing Information on Effective Programs, But Could Better Assess the Utility of This Information. Report to the Chairman, Subcommittee on Crime, Terrorism, and Homeland Security, Committee on the Judiciary, House of Representatives. GAO-10-125

ERIC Educational Resources Information Center

Larence, Eileen R.

2009-01-01

State juvenile justice systems face critical problems when it comes to juvenile delinquency issues such as reentry--when offenders return home from incarceration--and substance abuse. GAO was asked to review juvenile reentry and substance abuse program research and efforts by the Department of Justice's (DOJ) Office of Juvenile Justice and…

Public-Sector Information Security: A Call to Action for Public-Sector CIOs

DTIC Science & Technology

2002-10-01

scenarios. However, in a larger sense, it is a story for all public-sector CIOs, a story both prophetic and sobering. Deep in this story, however, there...information technology (IT), our way of life, and the values that lay deep in the core of our American culture. These values include rights to...defines roles and accountabilities. The Scope of the Problem Today there are 109.5 million Internet hosts on the World Wide Web . Five years ago there

Connecting to the Internet Securely; Protecting Home Networks CIAC-2324

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orvis, W J; Krystosek, P; Smith, J

2002-11-27

With more and more people working at home and connecting to company networks via the Internet, the risk to company networks to intrusion and theft of sensitive information is growing. Working from home has many positive advantages for both the home worker and the company they work for. However, as companies encourage people to work from home, they need to start considering the interaction of the employee's home network and the company network he connects to. This paper discusses problems and solutions related to protection of home computers from attacks on those computers via the network connection. It does notmore » consider protection of those systems from people who have physical access to the computers nor does it consider company laptops taken on-the-road. Home networks are often targeted by intruders because they are plentiful and they are usually not well secured. While companies have departments of professionals to maintain and secure their networks, home networks are maintained by the employee who may be less knowledgeable about network security matters. The biggest problems with home networks are that: Home networks are not designed to be secure and may use technologies (wireless) that are not secure; The operating systems are not secured when they are installed; The operating systems and applications are not maintained (for security considerations) after they are installed; and The networks are often used for other activities that put them at risk for being compromised. Home networks that are going to be connected to company networks need to be cooperatively secured by the employee and the company so they do not open up the company network to intruders. Securing home networks involves many of the same operations as securing a company network: Patch and maintain systems; Securely configure systems; Eliminate unneeded services; Protect remote logins; Use good passwords; Use current antivirus software; and Moderate your Internet usage habits. Most of these items do not take a lot of work, but require an awareness of the risks involved in not doing them or doing them incorrectly. The security of home networks and communications with company networks can be significantly improved by adding an appropriate software or hardware firewall to the home network and using a protected protocol such as Secure Sockets Layer (SSL), a Virtual Private Network (VPN), or Secure Shell (SSH) for connecting to the company network.« less

Security controls in an integrated Biobank to protect privacy in data sharing: rationale and study design.

PubMed

Takai-Igarashi, Takako; Kinoshita, Kengo; Nagasaki, Masao; Ogishima, Soichi; Nakamura, Naoki; Nagase, Sachiko; Nagaie, Satoshi; Saito, Tomo; Nagami, Fuji; Minegishi, Naoko; Suzuki, Yoichi; Suzuki, Kichiya; Hashizume, Hiroaki; Kuriyama, Shinichi; Hozawa, Atsushi; Yaegashi, Nobuo; Kure, Shigeo; Tamiya, Gen; Kawaguchi, Yoshio; Tanaka, Hiroshi; Yamamoto, Masayuki

2017-07-06

With the goal of realizing genome-based personalized healthcare, we have developed a biobank that integrates personal health, genome, and omics data along with biospecimens donated by volunteers of 150,000. Such a large-scale of data integration involves obvious risks of privacy violation. The research use of personal genome and health information is a topic of global discussion with regard to the protection of privacy while promoting scientific advancement. The present paper reports on our plans, current attempts, and accomplishments in addressing security problems involved in data sharing to ensure donor privacy while promoting scientific advancement. Biospecimens and data have been collected in prospective cohort studies with the comprehensive agreement. The sample size of 150,000 participants was required for multiple researches including genome-wide screening of gene by environment interactions, haplotype phasing, and parametric linkage analysis. We established the T ohoku M edical M egabank (TMM) data sharing policy: a privacy protection rule that requires physical, personnel, and technological safeguards against privacy violation regarding the use and sharing of data. The proposed policy refers to that of NCBI and that of the Sanger Institute. The proposed policy classifies shared data according to the strength of re-identification risks. Local committees organized by TMM evaluate re-identification risk and assign a security category to a dataset. Every dataset is stored in an assigned segment of a supercomputer in accordance with its security category. A security manager should be designated to handle all security problems at individual data use locations. The proposed policy requires closed networks and IP-VPN remote connections. The mission of the biobank is to distribute biological resources most productively. This mission motivated us to collect biospecimens and health data and simultaneously analyze genome/omics data in-house. The biobank also has the mission of improving the quality and quantity of the contents of the biobank. This motivated us to request users to share the results of their research as feedback to the biobank. The TMM data sharing policy has tackled every security problem originating with the missions. We believe our current implementation to be the best way to protect privacy in data sharing.

[Application of classified protection of information security in the information system of air pollution and health impact monitoring].

PubMed

Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

2018-01-01

To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

How Secure Is Your Radiology Department? Mapping Digital Radiology Adoption and Security Worldwide.

PubMed

Stites, Mark; Pianykh, Oleg S

2016-04-01

Despite the long history of digital radiology, one of its most critical aspects--information security--still remains extremely underdeveloped and poorly standardized. To study the current state of radiology security, we explored the worldwide security of medical image archives. Using the DICOM data-transmitting standard, we implemented a highly parallel application to scan the entire World Wide Web of networked computers and devices, locating open and unprotected radiology servers. We used only legal and radiology-compliant tools. Our security-probing application initiated a standard DICOM handshake to remote computer or device addresses, and then assessed their security posture on the basis of handshake replies. The scan discovered a total of 2774 unprotected radiology or DICOM servers worldwide. Of those, 719 were fully open to patient data communications. Geolocation was used to analyze and rank our findings according to country utilization. As a result, we built maps and world ranking of clinical security, suggesting that even the most radiology-advanced countries have hospitals with serious security gaps. Despite more than two decades of active development and implementation, our radiology data still remains insecure. The results provided should be applied to raise awareness and begin an earnest dialogue toward elimination of the problem. The application we designed and the novel scanning approach we developed can be used to identify security breaches and to eliminate them before they are compromised.

14 CFR 1203.201 - Information security objectives.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

14 CFR 1203.201 - Information security objectives.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

[Are the flight security measures good for the patients? The "sickurity" problem].

PubMed

Felkai, Péter

2010-10-10

Due to the stiffening requirements of security measures at the airports, prevention of air-travel related illnesses have become more difficult. The backlash effects of restrictions (e.g. fluid and movement restrictions) can trigger or even improve pathophysiological processes. The most advanced security check methods, the full body scan, besides ethical and moral considerations, may induce yet unknown pathological processes. We face the similar problem with the traveller, who becomes ill or injured during the trip. In this case, repatriation is often required, which is usually accomplished by commercial airlines. If patient should be transported by stretcher, it is also available on regular flight, but in this case he/she must be accompanied by a medical professional. This solution raises much more security problem: not only the sick person and the medical team, but even their medical equipments and medicines have to be checked. Due to the lack of standardised regulations the security staff solves the problem by various attempts from emphatic approach till refusal. For these reasons, a clear and exact regulation is needed, which must be based upon medical experts' opinion, and should deal not only with the flight security but with the patient's security, as well. This regulation can cease the patients and their medical accompanied persons' to be defencelessness against local authorities and security services. The same is true for handicapped persons. Author suggests solutions for the problem, balancing between flight security and the patient's "sickurity".

Systems Security Engineering

DTIC Science & Technology

2010-08-22

Commission (IEC). “Information technology — Security techniques — Code of practice for information security management ( ISO /IEC 27002 ...Information technology — Security techniques — Information security management systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security...was a draft ISO standard on Systems and software engineering, Systems and software assurance [18]. Created by systems engineers for systems

76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-15

...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

Design and Implementation of Secure Area Expansion Scheme for Public Wireless LAN Services

NASA Astrophysics Data System (ADS)

Watanabe, Ryu; Tanaka, Toshiaki

Recently, wireless LAN (WLAN) technology has become a major wireless communication method. The communication bandwidth is increasing and speeds have attained rates exceeding 100 Mbps. Therefore, WLAN technology is regarded as one of the promising communication methods for future networks. In addition, public WLAN connection services can be used in many locations. However, the number of the access points (AP) is insufficient for seamless communication and it cannot be said that users can use the service ubiquitously. An ad-hoc network style connection can be used to expand the coverage area of a public WLAN service. By relaying the user messages among the user nodes, a node can obtain an Internet connection via an AP, even though the node is located outside the AP's direct wireless connection area. Such a coverage area extending technology has many advantages thanks to the feature that no additional infrastructure is required. Therefore, there is a strong demand for this technology as it allows the cost-effective construction of future networks. When a secure ad-hoc routing protocol is used for message exchange in the WLAN service, the message routes are protected from malicious behavior such as route forging and can be maintained appropriately. To do this, however, a new node that wants to join the WLAN service has to obtain information such as the public key certificate and IP address in order to start secure ad-hoc routing. In other words, an initial setup is required for every network node to join the WLAN service properly. Ordinarily, such information should be assigned from the AP. However, new nodes cannot always contact an AP directly. Therefore, there are problems about information delivery in the initial setup of a network node. These problems originate in the multi hop connection based on the ad-hoc routing protocols. In order to realize an expanded area WLAN service, in this paper, the authors propose a secure public key certificate and address provision scheme during the initial setup phase on mobile nodes for the service. The proposed scheme also considers the protection of user privacy. Accordingly, none of the user nodes has to reveal their unique and persistent information to other nodes. Instead of using such information, temporary values are sent by an AP to mobile nodes and used for secure ad-hoc routing operations. Therefore, our proposed scheme prevents tracking by malicious parties by avoiding the use of unique information. Moreover, a test bed was also implemented based on the proposal and an evaluation was carried out in order to confirm performance. In addition, the authors describe a countermeasure against denial of service (DoS) attacks based on the approach to privacy protection described in our proposal.

An enhanced mobile-healthcare emergency system based on extended chaotic maps.

PubMed

Lee, Cheng-Chi; Hsu, Che-Wei; Lai, Yan-Ming; Vasilakos, Athanasios

2013-10-01

Mobile Healthcare (m-Healthcare) systems, namely smartphone applications of pervasive computing that utilize wireless body sensor networks (BSNs), have recently been proposed to provide smartphone users with health monitoring services and received great attentions. An m-Healthcare system with flaws, however, may leak out the smartphone user's personal information and cause security, privacy preservation, or user anonymity problems. In 2012, Lu et al. proposed a secure and privacy-preserving opportunistic computing (SPOC) framework for mobile-Healthcare emergency. The brilliant SPOC framework can opportunistically gather resources on the smartphone such as computing power and energy to process the computing-intensive personal health information (PHI) in case of an m-Healthcare emergency with minimal privacy disclosure. To balance between the hazard of PHI privacy disclosure and the necessity of PHI processing and transmission in m-Healthcare emergency, in their SPOC framework, Lu et al. introduced an efficient user-centric privacy access control system which they built on the basis of an attribute-based access control mechanism and a new privacy-preserving scalar product computation (PPSPC) technique. However, we found out that Lu et al.'s protocol still has some secure flaws such as user anonymity and mutual authentication. To fix those problems and further enhance the computation efficiency of Lu et al.'s protocol, in this article, the authors will present an improved mobile-Healthcare emergency system based on extended chaotic maps. The new system is capable of not only providing flawless user anonymity and mutual authentication but also reducing the computation cost.

44 CFR 8.3 - Senior FEMA official responsible for the information security program.

Code of Federal Regulations, 2011 CFR

2011-10-01

... responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.3 Senior FEMA official responsible for the information security program. The Director of the Security...

75 FR 44800 - Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-29

... DEPARTMENT OF HOMELAND SECURITY Notice of Meeting of the Homeland Security Information Network... Security. ACTION: Notice of open meeting. SUMMARY: The Homeland Security Information Network Advisory... (Pub. L. 92-463). The mission of the Homeland Security Information Network Advisory Committee is to...

Systems Security Engineering

DTIC Science & Technology

2010-08-22

practice for information security management ( ISO /IEC 27002 ),” “Information technology — Security techniques — Information security management...systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security techniques — Information security risk management ( ISO /IEC 27005).” from...associated practice aids. Perhaps the most germane discovery from this effort was a draft ISO standard on Systems and software engineering, Systems and

12 CFR 605.501 - Information Security Officer.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 12 Banks and Banking 6 2011-01-01 2011-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

12 CFR 605.501 - Information Security Officer.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

Borrowing to save: a critique of recent proposals to partially privatize Social Security.

PubMed

Dattalo, Patrick

2007-07-01

Concern over Social Security's forecasted long-run deficit is occurring at a time when the program has a short-term surplus. One proposed strategy to address this forecasted deficit is to allow the investment of a portion of payroll taxes into private savings accounts (PSAs). The author analyzes recent proposals for PSAs and concludes that PSAs are more likely to be a problem than a solution. Paradoxically, PSAs require the government to borrow to encourage current workers to save. The author recommends resources to help social workers remain informed about proposed program reforms and prepared to advocate for the concept of social insurance.

Consideration of techniques to mitigate the unauthorized 3D printing production of keys

NASA Astrophysics Data System (ADS)

Straub, Jeremy; Kerlin, Scott

2016-05-01

The illicit production of 3D printed keys based on remote-sensed imagery is problematic as it allows a would-be intruder to access a secured facility without the attack attempt being as obviously detectable as conventional techniques. This paper considers the problem from multiple perspectives. First, it looks at different attack types and considers the prospective attack from a digital information perspective. Second, based on this, techniques for securing keys are considered. Third, the design of keys is considered from the perspective of making them more difficult to duplicate using visible light sensing and 3D printing. Policy and legal considerations are discussed.

Programming secure mobile agents in healthcare environments using role-based permissions.

PubMed

Georgiadis, C K; Baltatzis, J; Pangalos, G I

2003-01-01

The healthcare environment consists of vast amounts of dynamic and unstructured information, distributed over a large number of information systems. Mobile agent technology is having an ever-growing impact on the delivery of medical information. It supports acquiring and manipulating information distributed in a large number of information systems. Moreover is suitable for the computer untrained medical stuff. But the introduction of mobile agents generates advanced threads to the sensitive healthcare information, unless the proper countermeasures are taken. By applying the role-based approach to the authorization problem, we ease the sharing of information between hospital information systems and we reduce the administering part. The different initiative of the agent's migration method, results in different methods of assigning roles to the agent.

Interparental conflict, children’s security with parents, and long-term risk of internalizing problems: A longitudinal study from ages 2 to 10

PubMed Central

Brock, Rebecca L.; Kochanska, Grazyna

2015-01-01

Although the negative impact of marital conflict on children has been amply documented, few studies have examined the process of risk in a long-term, longitudinal design. We examined parent–child attachment security as a mechanism that may account for the impact of interparental conflict on children’s long-term risk of internalizing problems. Sixty-two community mothers, fathers, and children were followed from ages 2 to 10. Parents reported on their conflicts when their children were 2. Trained observers produced parent–child attachment security scores (Attachment Q-Set, Waters, 1987), based on lengthy naturalistic observations of the child with each parent. Parents rated children’s internalizing problems at age 10. A conditional process model and bootstrap approach were implemented to examine conditional indirect effects of conflict on child internalizing problems through attachment security for girls versus boys. Maladaptive marital conflict (destructive strategies, severity of arguments) increased internalizing problems 8 years later due to the undermined security for girls, whereas negative emotional aftermath of conflict (unresolved, lingering tension) increased internalizing problems for both boys and girls. The emotional aftermath of conflict is often overlooked, yet it appears to be a key dimension influencing emotional security in the family system, with significant consequences for children’s development. PMID:25797703

Interparental conflict, children's security with parents, and long-term risk of internalizing problems: A longitudinal study from ages 2 to 10.

PubMed

Brock, Rebecca L; Kochanska, Grazyna

2016-02-01

Although the negative impact of marital conflict on children has been amply documented, few studies have examined the process of risk in a long-term, longitudinal design. We examined parent-child attachment security as a mechanism that may account for the impact of interparental conflict on children's long-term risk of internalizing problems. Sixty-two community mothers, fathers, and children were followed from ages 2 to 10. Parents reported on their conflicts when their children were 2. Trained observers produced parent-child attachment security scores (Attachment Q-Set, Waters, 1987), based on lengthy naturalistic observations of the child with each parent. Parents rated children's internalizing problems at age 10. A conditional process model and bootstrap approach were implemented to examine conditional indirect effects of conflict on child internalizing problems through attachment security for girls versus boys. Maladaptive marital conflict (destructive strategies, severity of arguments) increased internalizing problems 8 years later due to the undermined security for girls, whereas negative emotional aftermath of conflict (unresolved, lingering tension) increased internalizing problems for both boys and girls. The emotional aftermath of conflict is often overlooked, yet it appears to be a key dimension influencing emotional security in the family system, with significant consequences for children's development.

Fuzzy Kernel k-Medoids algorithm for anomaly detection problems

NASA Astrophysics Data System (ADS)

Rustam, Z.; Talita, A. S.

2017-07-01

Intrusion Detection System (IDS) is an essential part of security systems to strengthen the security of information systems. IDS can be used to detect the abuse by intruders who try to get into the network system in order to access and utilize the available data sources in the system. There are two approaches of IDS, Misuse Detection and Anomaly Detection (behavior-based intrusion detection). Fuzzy clustering-based methods have been widely used to solve Anomaly Detection problems. Other than using fuzzy membership concept to determine the object to a cluster, other approaches as in combining fuzzy and possibilistic membership or feature-weighted based methods are also used. We propose Fuzzy Kernel k-Medoids that combining fuzzy and possibilistic membership as a powerful method to solve anomaly detection problem since on numerical experiment it is able to classify IDS benchmark data into five different classes simultaneously. We classify IDS benchmark data KDDCup'99 data set into five different classes simultaneously with the best performance was achieved by using 30 % of training data with clustering accuracy reached 90.28 percent.

Wireless Technology Infrastructures for Authentication of Patients: PKI that Rings

PubMed Central

Sax, Ulrich; Kohane, Isaac; Mandl, Kenneth D.

2005-01-01

As the public interest in consumer-driven electronic health care applications rises, so do concerns about the privacy and security of these applications. Achieving a balance between providing the necessary security while promoting user acceptance is a major obstacle in large-scale deployment of applications such as personal health records (PHRs). Robust and reliable forms of authentication are needed for PHRs, as the record will often contain sensitive and protected health information, including the patient's own annotations. Since the health care industry per se is unlikely to succeed at single-handedly developing and deploying a large scale, national authentication infrastructure, it makes sense to leverage existing hardware, software, and networks. This report proposes a new model for authentication of users to health care information applications, leveraging wireless mobile devices. Cell phones are widely distributed, have high user acceptance, and offer advanced security protocols. The authors propose harnessing this technology for the strong authentication of individuals by creating a registration authority and an authentication service, and examine the problems and promise of such a system. PMID:15684133

Wireless technology infrastructures for authentication of patients: PKI that rings.

PubMed

Sax, Ulrich; Kohane, Isaac; Mandl, Kenneth D

2005-01-01

As the public interest in consumer-driven electronic health care applications rises, so do concerns about the privacy and security of these applications. Achieving a balance between providing the necessary security while promoting user acceptance is a major obstacle in large-scale deployment of applications such as personal health records (PHRs). Robust and reliable forms of authentication are needed for PHRs, as the record will often contain sensitive and protected health information, including the patient's own annotations. Since the health care industry per se is unlikely to succeed at single-handedly developing and deploying a large scale, national authentication infrastructure, it makes sense to leverage existing hardware, software, and networks. This report proposes a new model for authentication of users to health care information applications, leveraging wireless mobile devices. Cell phones are widely distributed, have high user acceptance, and offer advanced security protocols. The authors propose harnessing this technology for the strong authentication of individuals by creating a registration authority and an authentication service, and examine the problems and promise of such a system.

A Layered Trust Information Security Architecture

PubMed Central

de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

2014-01-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

A System of Deception and Fraud Detection Using Reliable Linguistic Cues Including Hedging, Disfluencies, and Repeated Phrases

ERIC Educational Resources Information Center

Humpherys, Sean LaMarc

2010-01-01

Given the increasing problem of fraud, crime, and national security threats, assessing credibility is a recurring research topic in Information Systems and in other disciplines. Decision support systems can help. But the success of the system depends on reliable cues that can distinguish deceptive/truthful behavior and on a proven classification…

A nested virtualization tool for information technology practical education.

PubMed

Pérez, Carlos; Orduña, Juan M; Soriano, Francisco R

2016-01-01

A common problem of some information technology courses is the difficulty of providing practical exercises. Although different approaches have been followed to solve this problem, it is still an open issue, specially in security and computer network courses. This paper proposes NETinVM, a tool based on nested virtualization that includes a fully functional lab, comprising several computers and networks, in a single virtual machine. It also analyzes and evaluates how it has been used in different teaching environments. The results show that this tool makes it possible to perform demos, labs and practical exercises, greatly appreciated by the students, that would otherwise be unfeasible. Also, its portability allows to reproduce classroom activities, as well as the students' autonomous work.

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a... have access to matter revealing Secret or Confidential National Security Information or Restricted Data...

Implementing an Information Security Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to covermore » information security best practices, planning for an information security management system, and implementing security controls for information security.« less

An Outline of Data Aggregation Security in Heterogeneous Wireless Sensor Networks.

PubMed

Boubiche, Sabrina; Boubiche, Djallel Eddine; Bilami, Azzedine; Toral-Cruz, Homero

2016-04-12

Data aggregation processes aim to reduce the amount of exchanged data in wireless sensor networks and consequently minimize the packet overhead and optimize energy efficiency. Securing the data aggregation process is a real challenge since the aggregation nodes must access the relayed data to apply the aggregation functions. The data aggregation security problem has been widely addressed in classical homogeneous wireless sensor networks, however, most of the proposed security protocols cannot guarantee a high level of security since the sensor node resources are limited. Heterogeneous wireless sensor networks have recently emerged as a new wireless sensor network category which expands the sensor nodes' resources and capabilities. These new kinds of WSNs have opened new research opportunities where security represents a most attractive area. Indeed, robust and high security level algorithms can be used to secure the data aggregation at the heterogeneous aggregation nodes which is impossible in classical homogeneous WSNs. Contrary to the homogeneous sensor networks, the data aggregation security problem is still not sufficiently covered and the proposed data aggregation security protocols are numberless. To address this recent research area, this paper describes the data aggregation security problem in heterogeneous wireless sensor networks and surveys a few proposed security protocols. A classification and evaluation of the existing protocols is also introduced based on the adopted data aggregation security approach.

Maternal prenatal felt security and infant health at birth interact to predict infant fussing and crying at 12 months postpartum.

PubMed

Sawada, Natsumi; Gagné, Faby M; Séguin, Louise; Kramer, Michael S; McNamara, Helen; Platt, Robert W; Goulet, Lise; Meaney, Michael J; Lydon, John E

2015-08-01

Infants born with medical problems are at risk for less optimal developmental outcomes. This may be, in part, because neonatal medical problems are associated with maternal distress, which may adversely impact infants. However, the reserve capacity model suggests that an individual's bank of psychosocial resources buffers the adverse effects of later-encountered stressors. This prospective longitudinal study examined whether preexisting maternal psychosocial resources, conceptualized as felt security in close relationships, moderate the association between neonatal medical problems and infant fussing and crying 12 months postpartum. Maternal felt security was measured by assessing its indicators in 5,092 pregnant women. At birth, infants were classified as healthy or having a medical problem. At 12 months, experience sampling was used to assess daily maternal reports of fussing and crying in 135 mothers of infants who were healthy or had medical problems at birth. Confirmatory factor analyses revealed that attachment, relationship quality, self-esteem, and social support can be conceptualized as indicators of a single felt security factor. Multiple regression analyses revealed that prenatal maternal felt security interacts with infant health at birth to predict fussing and crying at 12 months. Among infants born with medical problems, higher felt security predicted decreased fussing and crying. Maternal felt security assessed before birth dampens the association between neonatal medical problems and subsequent infant behavior. This supports the hypothesis that psychosocial resources in reserve can be called upon in the face of a stressor to reduce its adverse effects on the self or others. (c) 2015 APA, all rights reserved).

The Use of BS7799 Information Security Standard to Construct Mechanisms for the Management of Medical Organization Information Security

NASA Astrophysics Data System (ADS)

Liu, Shu-Fan; Chueh, Hao-En; Liao, Kuo-Hsiung

According to surveys, 80 % of security related events threatening information in medical organizations is due to improper management. Most research on information security has focused on information and security technology, such as network security and access control; rarely addressing issues at the management issues. The main purpose of this study is to construct a BS7799 based mechanism for the management of information with regard to security as it applies to medical organizations. This study analyzes and identifies the most common events related to information security in medical organizations and categorizes these events as high-risk, transferable-risk, and controlled-risk to facilitate the management of such risk.

Visual communications with side information via distributed printing channels: extended multimedia and security perspectives

NASA Astrophysics Data System (ADS)

Voloshynovskiy, Sviatoslav V.; Koval, Oleksiy; Deguillaume, Frederic; Pun, Thierry

2004-06-01

In this paper we address visual communications via printing channels from an information-theoretic point of view as communications with side information. The solution to this problem addresses important aspects of multimedia data processing, security and management, since printed documents are still the most common form of visual information representation. Two practical approaches to side information communications for printed documents are analyzed in the paper. The first approach represents a layered joint source-channel coding for printed documents. This approach is based on a self-embedding concept where information is first encoded assuming a Wyner-Ziv set-up and then embedded into the original data using a Gel'fand-Pinsker construction and taking into account properties of printing channels. The second approach is based on Wyner-Ziv and Berger-Flynn-Gray set-ups and assumes two separated communications channels where an appropriate distributed coding should be elaborated. The first printing channel is considered to be a direct visual channel for images ("analog" channel with degradations). The second "digital channel" with constrained capacity is considered to be an appropriate auxiliary channel. We demonstrate both theoretically and practically how one can benefit from this sort of "distributed paper communications".

Controlled Bidirectional Quantum Secure Direct Communication

PubMed Central

Chou, Yao-Hsin; Lin, Yu-Ting; Zeng, Guo-Jyun; Lin, Fang-Jhu; Chen, Chi-Yuan

2014-01-01

We propose a novel protocol for controlled bidirectional quantum secure communication based on a nonlocal swap gate scheme. Our proposed protocol would be applied to a system in which a controller (supervisor/Charlie) controls the bidirectional communication with quantum information or secret messages between legitimate users (Alice and Bob). In this system, the legitimate users must obtain permission from the controller in order to exchange their respective quantum information or secret messages simultaneously; the controller is unable to obtain any quantum information or secret messages from the decoding process. Moreover, the presence of the controller also avoids the problem of one legitimate user receiving the quantum information or secret message before the other, and then refusing to help the other user decode the quantum information or secret message. Our proposed protocol is aimed at protecting against external and participant attacks on such a system, and the cost of transmitting quantum bits using our protocol is less than that achieved in other studies. Based on the nonlocal swap gate scheme, the legitimate users exchange their quantum information or secret messages without transmission in a public channel, thus protecting against eavesdroppers stealing the secret messages. PMID:25006596

The design and implementation of hydrographical information management system (HIMS)

NASA Astrophysics Data System (ADS)

Sui, Haigang; Hua, Li; Wang, Qi; Zhang, Anming

2005-10-01

With the development of hydrographical work and information techniques, the large variety of hydrographical information including electronic charts, documents and other materials are widely used, and the traditional management mode and techniques are unsuitable for the development of the Chinese Marine Safety Administration Bureau (CMSAB). How to manage all kinds of hydrographical information has become an important and urgent problem. A lot of advanced techniques including GIS, RS, spatial database management and VR techniques are introduced for solving these problems. Some design principles and key techniques of the HIMS including the mixed mode base on B/S, C/S and stand-alone computer mode, multi-source & multi-scale data organization and management, multi-source data integration and diverse visualization of digital chart, efficient security control strategies are illustrated in detail. Based on the above ideas and strategies, an integrated system named Hydrographical Information Management System (HIMS) was developed. And the HIMS has been applied in the Shanghai Marine Safety Administration Bureau and obtained good evaluation.

A Study on Group Key Agreement in Sensor Network Environments Using Two-Dimensional Arrays

PubMed Central

Jang, Seung-Jae; Lee, Young-Gu; Lee, Kwang-Hyung; Kim, Tai-Hoon; Jun, Moon-Seog

2011-01-01

These days, with the emergence of the concept of ubiquitous computing, sensor networks that collect, analyze and process all the information through the sensors have become of huge interest. However, sensor network technology fundamentally has wireless communication infrastructure as its foundation and thus has security weakness and limitations such as low computing capacity, power supply limitations and price. In this paper, and considering the characteristics of the sensor network environment, we propose a group key agreement method using a keyset pre-distribution of two-dimension arrays that should minimize the exposure of key and personal information. The key collision problems are resolved by utilizing a polygonal shape’s center of gravity. The method shows that calculating a polygonal shape’s center of gravity only requires a very small amount of calculations from the users. The simple calculation not only increases the group key generation efficiency, but also enhances the sense of security by protecting information between nodes. PMID:22164072

Research and design of smart grid monitoring control via terminal based on iOS system

NASA Astrophysics Data System (ADS)

Fu, Wei; Gong, Li; Chen, Heli; Pan, Guangji

2017-06-01

Aiming at a series of problems existing in current smart grid monitoring Control Terminal, such as high costs, poor portability, simple monitoring system, poor software extensions, low system reliability when transmitting information, single man-machine interface, poor security, etc., smart grid remote monitoring system based on the iOS system has been designed. The system interacts with smart grid server so that it can acquire grid data through WiFi/3G/4G networks, and monitor each grid line running status, as well as power plant equipment operating conditions. When it occurs an exception in the power plant, incident information can be sent to the user iOS terminal equipment timely, which will provide troubleshooting information to help the grid staff to make the right decisions in a timely manner, to avoid further accidents. Field tests have shown the system realizes the integrated grid monitoring functions, low maintenance cost, friendly interface, high security and reliability, and it possesses certain applicable value.

Secure steganography designed for mobile platforms

NASA Astrophysics Data System (ADS)

Agaian, Sos S.; Cherukuri, Ravindranath; Sifuentes, Ronnie R.

2006-05-01

Adaptive steganography, an intelligent approach to message hiding, integrated with matrix encoding and pn-sequences serves as a promising resolution to recent security assurance concerns. Incorporating the above data hiding concepts with established cryptographic protocols in wireless communication would greatly increase the security and privacy of transmitting sensitive information. We present an algorithm which will address the following problems: 1) low embedding capacity in mobile devices due to fixed image dimensions and memory constraints, 2) compatibility between mobile and land based desktop computers, and 3) detection of stego images by widely available steganalysis software [1-3]. Consistent with the smaller available memory, processor capabilities, and limited resolution associated with mobile devices, we propose a more magnified approach to steganography by focusing adaptive efforts at the pixel level. This deeper method, in comparison to the block processing techniques commonly found in existing adaptive methods, allows an increase in capacity while still offering a desired level of security. Based on computer simulations using high resolution, natural imagery and mobile device captured images, comparisons show that the proposed method securely allows an increased amount of embedding capacity but still avoids detection by varying steganalysis techniques.

Is Seeing Believing? Training Users on Information Security: Evidence from Java Applets

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Figueroa, Norilyz

2017-01-01

Information Security issues are one of the top concerns of CEOs. Accordingly, information systems education and research have addressed security issues. One of the main areas of research is the behavioral issues in Information Security, primarily focusing on users' compliance to information security policies. We contribute to this literature by…

Correlation Research of Medical Security Management System Network Platform in Medical Practice

NASA Astrophysics Data System (ADS)

Jie, Wang; Fan, Zhang; Jian, Hao; Li-nong, Yu; Jun, Fei; Ping, Hao; Ya-wei, Shen; Yue-jin, Chang

Objective-The related research of medical security management system network in medical practice. Methods-Establishing network platform of medical safety management system, medical security network host station, medical security management system(C/S), medical security management system of departments and sections, comprehensive query, medical security disposal and examination system. Results-In medical safety management, medical security management system can reflect the hospital medical security problem, and can achieve real-time detection and improve the medical security incident detection rate. Conclusion-The application of the research in the hospital management implementation, can find hospital medical security hidden danger and the problems of medical disputes, and can help in resolving medical disputes in time and achieve good work efficiency, which is worth applying in the hospital practice.

Revitalization of food barns in supporting sustainable food security in Central Java

NASA Astrophysics Data System (ADS)

Riptanti, E. W.; Qonita, A.; Suprapti

2018-02-01

Rice barns have been developed in some areas in Central Java, but several problems seem to appear, leading to nonoptimal functions of nonactive food barns. The present article aims to examine revitalization of food barns through systematic, integrated, and sustainable empowerment. The research design is exploratory research to generate data that are in-depth qualitative and quantitative. Survey was applied in four regencies including Wonogiri, Purworejo, Temanggung, and Batang. Key informants comprise caretakers of food barns, village apparatus, public figures, and Food Security Office apparatus. The research results revealed that the food barns have not been managed in professional manners. Active roles of all members and caretakers, village government, and Food Security Agency are, therefore, required in revitalizing the food barns. In order to perform social functions well, the food barns should be profit-oriented to achieve sustainability.

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Establishing Information Security Standards Table of Contents I. Introduction A. Scope B. Preservation of... Security Program B. Objectives III. Development and Implementation of Customer Information Security Program.... Introduction The Interagency Guidelines Establishing Information Security Standards (Guidelines) set forth...

76 FR 67750 - Homeland Security Information Network Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0107] Homeland Security Information Network... Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network Advisory Committee (HSINAC) is necessary and in the...

78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-04

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0005] Homeland Security Information Network... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet... received by the (Homeland Security Information Network Advisory Committee), go to http://www.regulations...

78 FR 34665 - Homeland Security Information Network Advisory Committee (HSINAC); Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-10

... DEPARTMENT OF HOMELAND SECURITY [DHS-2013-0037] Homeland Security Information Network Advisory... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSINAC) will meet... posted beforehand at this link: http://www.dhs.gov/homeland-security-information-network-advisory...

An energy-efficient and secure hybrid algorithm for wireless sensor networks using a mobile data collector

NASA Astrophysics Data System (ADS)

Dayananda, Karanam Ravichandran; Straub, Jeremy

2017-05-01

This paper proposes a new hybrid algorithm for security, which incorporates both distributed and hierarchal approaches. It uses a mobile data collector (MDC) to collect information in order to save energy of sensor nodes in a wireless sensor network (WSN) as, in most networks, these sensor nodes have limited energy. Wireless sensor networks are prone to security problems because, among other things, it is possible to use a rogue sensor node to eavesdrop on or alter the information being transmitted. To prevent this, this paper introduces a security algorithm for MDC-based WSNs. A key use of this algorithm is to protect the confidentiality of the information sent by the sensor nodes. The sensor nodes are deployed in a random fashion and form group structures called clusters. Each cluster has a cluster head. The cluster head collects data from the other nodes using the time-division multiple access protocol. The sensor nodes send their data to the cluster head for transmission to the base station node for further processing. The MDC acts as an intermediate node between the cluster head and base station. The MDC, using its dynamic acyclic graph path, collects the data from the cluster head and sends it to base station. This approach is useful for applications including warfighting, intelligent building and medicine. To assess the proposed system, the paper presents a comparison of its performance with other approaches and algorithms that can be used for similar purposes.

Wearable technology as a booster of clinical care

NASA Astrophysics Data System (ADS)

Jonas, Stephan; Hannig, Andreas; Spreckelsen, Cord; Deserno, Thomas M.

2014-03-01

Wearable technology defines a new class of smart devices that are accessories or clothing equipped with computational power and sensors, like Google Glass. In this work, we propose a novel concept for supporting everyday clinical pathways with wearable technology. In contrast to most prior work, we are not focusing on the omnipresent screen to display patient information or images, but are trying to maintain existing workflows. To achieve this, our system supports clinical staff as a documenting observer, only intervening adequately if problems are detected. Using the example of medication preparation and administration, a task known to be prone to errors, we demonstrate the full potential of the new devices. Patient and medication identifier are captured with the built-in camera, and the information is send to a transaction server. The server communicates with the hospital information system to obtain patient records and medication information. The system then analyses the new medication for possible side-effects and interactions with already administered drugs. The result is sent to the device while encapsulating all sensitive information respecting data security and privacy. The user only sees a traffic light style encoded feedback to avoid distraction. The server can reduce documentation efforts and reports in real-time on possible problems during medication preparation or administration. In conclusion, we designed a secure system around three basic principles with many applications in everyday clinical work: (i) interaction and distraction is kept as low as possible; (ii) no patient data is displayed; and (iii) device is pure observer, not part of the workflow. By reducing errors and documentation burden, our approach has the capability to boost clinical care.

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

Post-Social Politics, Employability, and the Security Effects of Higher Education

ERIC Educational Resources Information Center

Frauley, Jon

2012-01-01

Trends within Western capitalist societies toward the individualizing of social problems, the responsibilizing of individuals for such problems, the treating of social problems as problems of control, ongoing attempts to shift the burden for safety and security from the state to the market, and changing conceptions of citizenship, have produced a…

Study on Cloud Security Based on Trust Spanning Tree Protocol

NASA Astrophysics Data System (ADS)

Lai, Yingxu; Liu, Zenghui; Pan, Qiuyue; Liu, Jing

2015-09-01

Attacks executed on Spanning Tree Protocol (STP) expose the weakness of link layer protocols and put the higher layers in jeopardy. Although the problems have been studied for many years and various solutions have been proposed, many security issues remain. To enhance the security and credibility of layer-2 network, we propose a trust-based spanning tree protocol aiming at achieving a higher credibility of LAN switch with a simple and lightweight authentication mechanism. If correctly implemented in each trusted switch, the authentication of trust-based STP can guarantee the credibility of topology information that is announced to other switch in the LAN. To verify the enforcement of the trusted protocol, we present a new trust evaluation method of the STP using a specification-based state model. We implement a prototype of trust-based STP to investigate its practicality. Experiment shows that the trusted protocol can achieve security goals and effectively avoid STP attacks with a lower computation overhead and good convergence performance.

DS-ARP: a new detection scheme for ARP spoofing attacks based on routing trace for ubiquitous environments.

PubMed

Song, Min Su; Lee, Jae Dong; Jeong, Young-Sik; Jeong, Hwa-Young; Park, Jong Hyuk

2014-01-01

Despite the convenience, ubiquitous computing suffers from many threats and security risks. Security considerations in the ubiquitous network are required to create enriched and more secure ubiquitous environments. The address resolution protocol (ARP) is a protocol used to identify the IP address and the physical address of the associated network card. ARP is designed to work without problems in general environments. However, since it does not include security measures against malicious attacks, in its design, an attacker can impersonate another host using ARP spoofing or access important information. In this paper, we propose a new detection scheme for ARP spoofing attacks using a routing trace, which can be used to protect the internal network. Tracing routing can find the change of network movement path. The proposed scheme provides high constancy and compatibility because it does not alter the ARP protocol. In addition, it is simple and stable, as it does not use a complex algorithm or impose extra load on the computer system.

DS-ARP: A New Detection Scheme for ARP Spoofing Attacks Based on Routing Trace for Ubiquitous Environments

PubMed Central

Song, Min Su; Lee, Jae Dong; Jeong, Hwa-Young; Park, Jong Hyuk

2014-01-01

Despite the convenience, ubiquitous computing suffers from many threats and security risks. Security considerations in the ubiquitous network are required to create enriched and more secure ubiquitous environments. The address resolution protocol (ARP) is a protocol used to identify the IP address and the physical address of the associated network card. ARP is designed to work without problems in general environments. However, since it does not include security measures against malicious attacks, in its design, an attacker can impersonate another host using ARP spoofing or access important information. In this paper, we propose a new detection scheme for ARP spoofing attacks using a routing trace, which can be used to protect the internal network. Tracing routing can find the change of network movement path. The proposed scheme provides high constancy and compatibility because it does not alter the ARP protocol. In addition, it is simple and stable, as it does not use a complex algorithm or impose extra load on the computer system. PMID:25243205

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks.

PubMed

Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F; Schnabel, Roman

2015-10-30

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein-Podolsky-Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks

PubMed Central

Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F.; Schnabel, Roman

2015-01-01

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein–Podolsky–Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components. PMID:26514280

Unfalsifiability of security claims

PubMed Central

Herley, Cormac

2016-01-01

There is an inherent asymmetry in computer security: Things can be declared insecure by observation, but not the reverse. There is no observation that allows us to declare an arbitrary system or technique secure. We show that this implies that claims of necessary conditions for security (and sufficient conditions for insecurity) are unfalsifiable. This in turn implies an asymmetry in self-correction: Whereas the claim that countermeasures are sufficient is always subject to correction, the claim that they are necessary is not. Thus, the response to new information can only be to ratchet upward: Newly observed or speculated attack capabilities can argue a countermeasure in, but no possible observation argues one out. Further, when justifications are unfalsifiable, deciding the relative importance of defensive measures reduces to a subjective comparison of assumptions. Relying on such claims is the source of two problems: once we go wrong we stay wrong and errors accumulate, and we have no systematic way to rank or prioritize measures. PMID:27217574

Security of fragile authentication watermarks with localization

NASA Astrophysics Data System (ADS)

Fridrich, Jessica

2002-04-01

In this paper, we study the security of fragile image authentication watermarks that can localize tampered areas. We start by comparing the goals, capabilities, and advantages of image authentication based on watermarking and cryptography. Then we point out some common security problems of current fragile authentication watermarks with localization and classify attacks on authentication watermarks into five categories. By investigating the attacks and vulnerabilities of current schemes, we propose a variation of the Wong scheme18 that is fast, simple, cryptographically secure, and resistant to all known attacks, including the Holliman-Memon attack9. In the new scheme, a special symmetry structure in the logo is used to authenticate the block content, while the logo itself carries information about the block origin (block index, the image index or time stamp, author ID, etc.). Because the authentication of the content and its origin are separated, it is possible to easily identify swapped blocks between images and accurately detect cropped areas, while being able to accurately localize tampered pixels.

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

Prospective relations between family conflict and adolescent maladjustment: security in the family system as a mediating process.

PubMed

Cummings, E Mark; Koss, Kalsea J; Davies, Patrick T

2015-04-01

Conflict in specific family systems (e.g., interparental, parent-child) has been implicated in the development of a host of adjustment problems in adolescence, but little is known about the impact of family conflict involving multiple family systems. Furthermore, questions remain about the effects of family conflict on symptoms of specific disorders and adjustment problems and the processes mediating these effects. The present study prospectively examines the impact of family conflict and emotional security about the family system on adolescent symptoms of specific disorders and adjustment problems, including the development of symptoms of anxiety, depression, conduct problems, and peer problems. Security in the family system was examined as a mediator of these relations. Participants included 295 mother-father-adolescent families (149 girls) participating across three annual time points (grades 7-9). Including auto-regressive controls for initial levels of emotional insecurity and multiple adjustment problems (T1), higher-order emotional insecurity about the family system (T2) mediated relations between T1 family conflict and T3 peer problems, anxiety, and depressive symptoms. Further analyses supported specific patterns of emotional security/insecurity (i.e., security, disengagement, preoccupation) as mediators between family conflict and specific domains of adolescent adjustment. Family conflict was thus found to prospectively predict the development of symptoms of multiple specific adjustment problems, including symptoms of depression, anxiety, conduct problems, and peer problems, by elevating in in adolescent's emotional insecurity about the family system. The clinical implications of these findings are considered.

Security Shift in Future Network Architectures

DTIC Science & Technology

2010-11-01

RTO-MP-IST-091 2 - 1 Security Shift in Future Network Architectures Tim Hartog, M.Sc Information Security Dept. TNO Information and...current practice military communication infrastructures are deployed as stand-alone networked information systems. Network -Enabled Capabilities (NEC) and...information architects and security specialists about the separation of network and information security, the consequences of this shift and our view

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 4 2011-10-01 2011-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 4 2014-10-01 2014-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 4 2012-10-01 2012-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 4 2013-10-01 2013-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-23

... Office, --Update of NIST Computer Security Division, and --Information Security and Privacy Advisory... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

Photonic quantum digital signatures operating over kilometer ranges in installed optical fiber

NASA Astrophysics Data System (ADS)

Collins, Robert J.; Fujiwara, Mikio; Amiri, Ryan; Honjo, Toshimori; Shimizu, Kaoru; Tamaki, Kiyoshi; Takeoka, Masahiro; Andersson, Erika; Buller, Gerald S.; Sasaki, Masahide

2016-10-01

The security of electronic communications is a topic that has gained noteworthy public interest in recent years. As a result, there is an increasing public recognition of the existence and importance of mathematically based approaches to digital security. Many of these implement digital signatures to ensure that a malicious party has not tampered with the message in transit, that a legitimate receiver can validate the identity of the signer and that messages are transferable. The security of most digital signature schemes relies on the assumed computational difficulty of solving certain mathematical problems. However, reports in the media have shown that certain implementations of such signature schemes are vulnerable to algorithmic breakthroughs and emerging quantum processing technologies. Indeed, even without quantum processors, the possibility remains that classical algorithmic breakthroughs will render these schemes insecure. There is ongoing research into information-theoretically secure signature schemes, where the security is guaranteed against an attacker with arbitrary computational resources. One such approach is quantum digital signatures. Quantum signature schemes can be made information-theoretically secure based on the laws of quantum mechanics while comparable classical protocols require additional resources such as anonymous broadcast and/or a trusted authority. Previously, most early demonstrations of quantum digital signatures required dedicated single-purpose hardware and operated over restricted ranges in a laboratory environment. Here, for the first time, we present a demonstration of quantum digital signatures conducted over several kilometers of installed optical fiber. The system reported here operates at a higher signature generation rate than previous fiber systems.

Interpreting international governance standards for health IT use within general medical practice.

PubMed

Mahncke, Rachel J; Williams, Patricia A H

2014-01-01

General practices in Australia recognise the importance of comprehensive protective security measures. Some elements of information security governance are incorporated into recommended standards, however the governance component of information security is still insufficiently addressed in practice. The International Organistion for Standardisation (ISO) released a new global standard in May 2013 entitled, ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security. This standard, applicable to organisations of all sizes, offers a framework against which to assess and implement the governance components of information security. The standard demonstrates the relationship between governance and the management of information security, provides strategic principles and processes, and forms the basis for establishing a positive information security culture. An analysis interpretation of this standard for use in Australian general practice was performed. This work is unique as such interpretation for the Australian healthcare environment has not been undertaken before. It demonstrates an application of the standard at a strategic level to inform existing development of an information security governance framework.

Security Investment in Contagious Networks.

PubMed

Hasheminasab, Seyed Alireza; Tork Ladani, Behrouz

2018-01-16

Security of the systems is normally interdependent in such a way that security risks of one part affect other parts and threats spread through the vulnerable links in the network. So, the risks of the systems can be mitigated through investments in the security of interconnecting links. This article takes an innovative look at the problem of security investment of nodes on their vulnerable links in a given contagious network as a game-theoretic model that can be applied to a variety of applications including information systems. In the proposed game model, each node computes its corresponding risk based on the value of its assets, vulnerabilities, and threats to determine the optimum level of security investments on its external links respecting its limited budget. Furthermore, direct and indirect nonlinear influences of a node's security investment on the risks of other nodes are considered. The existence and uniqueness of the game's Nash equilibrium in the proposed game are also proved. Further analysis of the model in a practical case revealed that taking advantage of the investment effects of other players, perfectly rational players (i.e., those who use the utility function of the proposed game model) make more cost-effective decisions than selfish nonrational or semirational players. © 2018 Society for Risk Analysis.

How do you select the right security features for your company's products

NASA Astrophysics Data System (ADS)

Pickett, Gordon E.

1998-04-01

If your company manufacturers, supplies, or distributes products of almost any type, style, shape, or for any usage, they may become the objective of fraudulent activities from one or more sources. Therefore, someone at your company should be concerned about how these activities may affect the company's future. This paper/presentation will provide information about where these 'threats' may come from, what products have been compromised in the past, and what steps might be taken to deter these threats. During product security conferences, conversations, and other sources of information, you'll hear about many different types of security features that can be incorporated into monetary and identification documents, packaging, labeling, and other products/systems to help protect against counterfeiting, unauthorized tampering, or to identify 'genuine' products. Many of these features have been around for some time (which means that they may have lost at least some of their effectiveness) while others, or improved versions of some of the more mature features, have been or are being developed. This area is a 'moving target' and re-examination of the threats and counterthreats needs to be an ongoing activity. The 'value' and the capabilities of these features can sometimes be overstated, i.e. that a feature/system can solve all of the security-related problems that you may (or may not) have with your products. A couple of things to always keep in mind is that no feature(s) is universally effective and none of the features, or even combinations of features, is totally 'tamperproof' or counterfeitproof, irrespective of what may be said or claimed. So how do you go about determining if you have a product security problem and what, if any, security features might be used to reduce the threat(s) to your products? This paper will attempt to provide information to help you separate the 'wheat from the chaff' in these considerations. Specifically, information to be discussed in this paper will attempt to assist you and your associates define (1) what products are or may be under threat and how many different ways the product(s) might be compromised, (2) who might attempt to compromise your company's product(s), (3) what product security features may be effective in deterring the perceived threats, (4) how many deterrent features are needed, and should the features be overt, covert, or a combination of the two, (5) how will the candidate features hold up in the 'usage' environment, and (6) who will 'validate' the features and what skill levels, or auxiliary equipment, will be needed? Obviously, the cost effectiveness for adding possible security features to the product(s) needs to be considered, but more than just the cost of the feature, or the value of the product, needs to be factored into these considerations. For example, the effect of any compromise on the company's reputation and legal liabilities. This paper obviously can not provide all of the 'answers' but will attempt to provide you with 'food for thought.'

Information Security: Computer Hacker Information Available on the Internet

DTIC Science & Technology

1996-06-05

INFORMATION SECURITY Computer Hacker Information Available on the Internet Statement for the Record of...Report Type N/A Dates Covered (from... to) - Title and Subtitle INFORMATION SECURITY Computer Hacker Information Available on the Internet Contract...1996 4. TITLE AND SUBTITLE Information Security: Computer Hacker Information Available on the Internet 5. FUNDING NUMBERS 6. AUTHOR(S) Jack L.

Facilitating Secure Sharing of Personal Health Data in the Cloud

PubMed Central

Nepal, Surya; Glozier, Nick

2016-01-01

Background Internet-based applications are providing new ways of promoting health and reducing the cost of care. Although data can be kept encrypted in servers, the user does not have the ability to decide whom the data are shared with. Technically this is linked to the problem of who owns the data encryption keys required to decrypt the data. Currently, cloud service providers, rather than users, have full rights to the key. In practical terms this makes the users lose full control over their data. Trust and uptake of these applications can be increased by allowing patients to feel in control of their data, generally stored in cloud-based services. Objective This paper addresses this security challenge by providing the user a way of controlling encryption keys independently of the cloud service provider. We provide a secure and usable system that enables a patient to share health information with doctors and specialists. Methods We contribute a secure protocol for patients to share their data with doctors and others on the cloud while keeping complete ownership. We developed a simple, stereotypical health application and carried out security tests, performance tests, and usability tests with both students and doctors (N=15). Results We developed the health application as an app for Android mobile phones. We carried out the usability tests on potential participants and medical professionals. Of 20 participants, 14 (70%) either agreed or strongly agreed that they felt safer using our system. Using mixed methods, we show that participants agreed that privacy and security of health data are important and that our system addresses these issues. Conclusions We presented a security protocol that enables patients to securely share their eHealth data with doctors and nurses and developed a secure and usable system that enables patients to share mental health information with doctors. PMID:27234691

A review of security of electronic health records.

PubMed

Win, Khin Than

The objective of this study is to answer the research question, "Are current information security technologies adequate for electronic health records (EHRs)?" In order to achieve this, the following matters have been addressed in this article: (i) What is information security in the context of EHRs? (ii) Why is information security important for EHRs? and (iii) What are the current technologies for information security available to EHRs? It is concluded that current EHR security technologies are inadequate and urgently require improvement. Further study regarding information security of EHRs is indicated.

49 CFR 1548.19 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an Information... security measures are necessary to respond to a threat assessment, or to a specific threat against civil...

An Outline of Data Aggregation Security in Heterogeneous Wireless Sensor Networks

PubMed Central

Boubiche, Sabrina; Boubiche, Djallel Eddine; Bilami, Azzedine; Toral-Cruz, Homero

2016-01-01

Data aggregation processes aim to reduce the amount of exchanged data in wireless sensor networks and consequently minimize the packet overhead and optimize energy efficiency. Securing the data aggregation process is a real challenge since the aggregation nodes must access the relayed data to apply the aggregation functions. The data aggregation security problem has been widely addressed in classical homogeneous wireless sensor networks, however, most of the proposed security protocols cannot guarantee a high level of security since the sensor node resources are limited. Heterogeneous wireless sensor networks have recently emerged as a new wireless sensor network category which expands the sensor nodes’ resources and capabilities. These new kinds of WSNs have opened new research opportunities where security represents a most attractive area. Indeed, robust and high security level algorithms can be used to secure the data aggregation at the heterogeneous aggregation nodes which is impossible in classical homogeneous WSNs. Contrary to the homogeneous sensor networks, the data aggregation security problem is still not sufficiently covered and the proposed data aggregation security protocols are numberless. To address this recent research area, this paper describes the data aggregation security problem in heterogeneous wireless sensor networks and surveys a few proposed security protocols. A classification and evaluation of the existing protocols is also introduced based on the adopted data aggregation security approach. PMID:27077866

Fuzzy portfolio model with fuzzy-input return rates and fuzzy-output proportions

NASA Astrophysics Data System (ADS)

Tsaur, Ruey-Chyn

2015-02-01

In the finance market, a short-term investment strategy is usually applied in portfolio selection in order to reduce investment risk; however, the economy is uncertain and the investment period is short. Further, an investor has incomplete information for selecting a portfolio with crisp proportions for each chosen security. In this paper we present a new method of constructing fuzzy portfolio model for the parameters of fuzzy-input return rates and fuzzy-output proportions, based on possibilistic mean-standard deviation models. Furthermore, we consider both excess or shortage of investment in different economic periods by using fuzzy constraint for the sum of the fuzzy proportions, and we also refer to risks of securities investment and vagueness of incomplete information during the period of depression economics for the portfolio selection. Finally, we present a numerical example of a portfolio selection problem to illustrate the proposed model and a sensitivity analysis is realised based on the results.

A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

ERIC Educational Resources Information Center

Waddell, Stanie Adolphus

2013-01-01

Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

49 CFR 8.9 - Information Security Review Committee.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 1 2011-10-01 2011-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... Clause 1352.239-73, Security Requirements for Information Technology Resources, is needed, contracting... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339...

49 CFR 8.9 - Information Security Review Committee.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 1 2010-10-01 2010-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

Fundamental problems in provable security and cryptography.

PubMed

Dent, Alexander W

2006-12-15

This paper examines methods for formally proving the security of cryptographic schemes. We show that, despite many years of active research and dozens of significant results, there are fundamental problems which have yet to be solved. We also present a new approach to one of the more controversial aspects of provable security, the random oracle model.

The Globalization of Higher Education as a Societal and Cultural Security Problem

ERIC Educational Resources Information Center

Samier, Eugenie A.

2015-01-01

In this article, I propose a theory of the globalization of higher education as societal and cultural security problems for many regions of the world. The first section examines the field of security studies for theoretical frameworks appropriate to critiquing globalized higher education, including critical human, societal and cultural security…

Children’s Attachment to Both Parents from Toddler Age to Middle Childhood: Links to Adaptive and Maladaptive Outcomes

PubMed Central

Boldt, Lea J.; Kochanska, Grazyna; Yoon, Jeung Eun; Nordling, Jamie Koenig

2014-01-01

We examined children’s attachment security with their mothers and fathers in a community sample (N = 100). At 25 months, mothers, fathers, and trained observers completed Attachment Q-Set (AQS). At 100 months, children completed Kerns Security Scale (KSS) for each parent. Children’s adaptation (behavior problems and competence in broader ecologies of school and peer group, child- and parent-reported) was assessed at 100 months. By and large, the child’s security with the mother and father was modestly to robustly concordant across both relationships, depending on the assessment method. Observers’ AQS security scores predicted children’s self-reported security 6 years later. For children with low AQS security scores with mothers, variations in security with fathers had significant implications for adaptation: Those whose security with fathers was also low reported the most behavior problems and were seen as least competent in broader ecologies, but those whose security with fathers was high reported few problems and were seen as competent. Security with fathers, observer-rated and child-reported, predicted children’s higher competence in broader ecologies. A cumulative index of the history of security from toddler age to middle childhood, integrating measures across both relationships and diverse methodologies, was significantly associated with positive adaptation at 100 months. PMID:24605850

Patients' and relatives' experiences of transfer from intensive care unit to wards.

PubMed

Cullinane, James P; Plowright, Catherine I

2013-11-01

This literature review looks at the evidence around transferring patients from intensive care units (ICU) to wards. The literature informs us that patients and their families experience problems when being transferred from an ICU environment and that this increases overall anxiety. The effects of surviving critical illness often have a profound psychological impact on patients and families This study examines the experiences of adult patients, and their families, following their transfer from the ICU to the ward. Five themes emerged from this literature review: physical responses, psychological responses, information and communication, safety and security, and the needs of relatives. This review reminds us that these problems can be reduced if information and communication around time of transfers were improved. As critical care nurses it is essential that we prepare patients and families for transfer to wards. © 2013 British Association of Critical Care Nurses.

Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

PubMed

Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

2000-05-01

The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.

Australian Defense.

DTIC Science & Technology

1979-12-01

the Joint Intelligence Organization ( JIO ) came into existence. It was only an analysis and information agency and did not collect intelligence. It was...34to provide expert technical analysis and the best kind of judgment on kinds of security problems that might arise." 3 The JIO brought sections of the... JIO char er detailed its function of intelligence assessments "on military, economic, scientific, and technical matters affecting Australia’s defence

The Impact of Death of a Loved One on the Cognitive Development of Young Children.

ERIC Educational Resources Information Center

Duhon, Rose M.; Daniel, Debra

This study analyses the problems facing classroom teachers who must cope with young children who have experienced the death of a parent, a sibling, or a close grandparent. A questionnaire was designed to secure information on the impact of the death of a loved one on the cognitive development of young children. Teachers were asked about the extent…

Stochastic Models of Polymer Systems

DTIC Science & Technology

2016-01-01

SECURITY CLASSIFICATION OF: The stochastic gradient decent algorithm is the now the "algorithm of choice" for very large machine learning problems...information about the behavior of the algorithm. At the same time, we were also able to formulate various acceleration techniques in precise math terms... gradient decent, REPORT DOCUMENTATION PAGE 11. SPONSOR/MONITOR’S REPORT NUMBER(S) 10. SPONSOR/MONITOR’S ACRONYM(S) ARO 8. PERFORMING

Financial Irresponsibility: Background Information for Security Personnel

DTIC Science & Technology

1991-09-01

shoppers he has treated have also suffered from some eating disorder , usually bulimia .6 3 A study of Gamblers Anonymous members found that 52% also...ramifications--compulsive gambling, compulsive shopping, drug or alcohol abuse. Compulsive behavior is a form of emotional disorder in which one loses...financial problems, however, as this emotional disorder affects the wealthy as well as those with limited means. Like alcoholism, compulsive shopping

6 CFR 27.200 - Information regarding security risk for a chemical facility.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Information regarding security risk for a chemical facility. 27.200 Section 27.200 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information...

Software Development Life Cycle Security Issues

NASA Astrophysics Data System (ADS)

Kaur, Daljit; Kaur, Parminder

2011-12-01

Security is now-a-days one of the major problems because of many reasons. Security is now-a-days one of the major problems because of many reasons. The main cause is that software can't withstand security attacks because of vulnerabilities in it which are caused by defective specifications design and implementation. We have conducted a survey asking software developers, project managers and other people in software development about their security awareness and implementation in Software Development Life Cycle (SDLC). The survey was open to participation for three weeks and this paper explains the survey results.

Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

ERIC Educational Resources Information Center

Imam, Abbas H.

2013-01-01

Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

14 CFR 1203.202 - Responsibilities.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.202 Responsibilities. (a) The Chairperson, NASA Information Security...) Ensuring effective compliance with and implementation of “the Order” and the Information Security Oversight...

14 CFR 1203.202 - Responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.202 Responsibilities. (a) The Chairperson, NASA Information Security...) Ensuring effective compliance with and implementation of “the Order” and the Information Security Oversight...

Data threats analysis and prevention on iOS platform

NASA Astrophysics Data System (ADS)

Gao, Bo; Wang, Yi; Chen, Zhou; Tang, Jiqiang

2015-12-01

Background: The rapid growth of mobile internet has driven the rapid popularity of smart mobiles. iOS device is chosen by more and more people for its humanity, stability and excellent industrial design, and the data security problem that followed it has gradually attracted the researchers' attention. Method & Result: This thesis focuses on the analysis of current situation of data security on iOS platform, from both security mechanism and data risk, and proposes countermeasures. Conclusion: From practical work, many problems of data security mechanism on iOS platform still exist. At present, the problem of malicious software towards iOS system has not been severe, but how to ensure the security of data on iOS platform will inevitably become one of the directions for our further study.

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Part 364—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

75 FR 63499 - Extension of Agency Information Collection Activity Under OMB Review: Sensitive Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-15

... Information Collection Activity Under OMB Review: Sensitive Security Information Threat Assessments AGENCY... Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of... of a party seeking access to sensitive security information (SSI) in a civil proceeding in Federal...

Risk assessment for sustainable food security in China according to integrated food security--taking Dongting Lake area for example.

PubMed

Qi, Xiaoxing; Liu, Liming; Liu, Yabin; Yao, Lan

2013-06-01

Integrated food security covers three aspects: food quantity security, food quality security, and sustainable food security. Because sustainable food security requires that food security must be compatible with sustainable development, the risk assessment of sustainable food security is becoming one of the most important issues. This paper mainly focuses on the characteristics of sustainable food security problems in the major grain-producing areas in China. We establish an index system based on land resources and eco-environmental conditions and apply a dynamic assessment method based on status assessments and trend analysis models to overcome the shortcomings of the static evaluation method. Using fuzzy mathematics, the risks are categorized into four grades: negligible risk, low risk, medium risk, and high risk. A case study was conducted in one of China's major grain-producing areas: Dongting Lake area. The results predict that the status of the sustainable food security in the Dongting Lake area is unsatisfactory for the foreseeable future. The number of districts at the medium-risk range will increase from six to ten by 2015 due to increasing population pressure, a decrease in the cultivated area, and a decrease in the effective irrigation area. Therefore, appropriate policies and measures should be put forward to improve it. The results could also provide direct support for an early warning system-which could be used to monitor food security trends or nutritional status so to inform policy makers of impending food shortages-to prevent sustainable food security risk based on some classical systematic methods. This is the first research of sustainable food security in terms of risk assessment, from the perspective of resources and the environment, at the regional scale.

Economic Evaluation of the Information Security Levels Achieved by Electric Energy Providers in North Arctic Region

NASA Astrophysics Data System (ADS)

Sushko, O. P.; Kaznin, A. A.; Babkin, A. V.; Bogdanov, D. A.

2017-10-01

The study we are conducting involves the analysis of information security levels achieved by energy providers operating in the North Arctic Region. We look into whether the energy providers’ current information security levels meet reliability standards and determine what further actions may be needed for upgrading information security in the context of the digital transformation that the world community is undergoing. When developing the information security systems for electric energy providers or selecting the protection means for them, we are governed by the fact that the assets to be protected are process technologies. While information security risk can be assessed using different methods, the evaluation of the economic damage from these risks appears to be a difficult task. The most probable and harmful risks we have identified when evaluating the electric energy providers’ information security will be used by us as variables. To provide the evaluation, it is necessary to calculate the costs relating to elimination of the risks identified. The final stage of the study will involve the development of an operation algorithm for the North Arctic Region’s energy provider’s business information protection security system - a set of information security services, and security software and hardware.

75 FR 65526 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 6636 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-07

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 67484 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... must be submitted to the Information Security Oversight Office (ISOO) no later than Friday, November 11...

76 FR 28099 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-13

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

75 FR 39582 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-09

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 1 2010-01-01 2010-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 1 2011-01-01 2011-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

Secure and Efficient k-NN Queries⋆

PubMed Central

Asif, Hafiz; Vaidya, Jaideep; Shafiq, Basit; Adam, Nabil

2017-01-01

Given the morass of available data, ranking and best match queries are often used to find records of interest. As such, k-NN queries, which give the k closest matches to a query point, are of particular interest, and have many applications. We study this problem in the context of the financial sector, wherein an investment portfolio database is queried for matching portfolios. Given the sensitivity of the information involved, our key contribution is to develop a secure k-NN computation protocol that can enable the computation k-NN queries in a distributed multi-party environment while taking domain semantics into account. The experimental results show that the proposed protocols are extremely efficient. PMID:29218333

Prospective Relations between Family Conflict and Adolescent Maladjustment: Security in the Family System as a Mediating Process

PubMed Central

Cummings, E. Mark; Koss, Kalsea J.; Davies, Patrick T.

2018-01-01

Conflict in specific family systems (e.g., interparental, parent-child) has been implicated in the development of a host of adjustment problems in adolescence, but little is known about the impact of family conflict involving multiple family systems. Furthermore, questions remain about the effects of family conflict on symptoms of specific disorders and adjustment problems and the processes mediating these effects. The present study prospectively examines the impact of family conflict and emotional security about the family system on adolescent symptoms of specific disorders and adjustment problems, including the development of symptoms of anxiety, depression, conduct problems, and peer problems. Security in the family system was examined as a mediator of these relations. Participants included 295 mother-father-adolescent families (149 girls) participating across three annual time points (grades 7–9). Including auto-regressive controls for initial levels of emotional insecurity and multiple adjustment problems (T1), higher-order emotional insecurity about the family system (T2) mediated relations between T1 family conflict and T3 peer problems, anxiety, and depressive symptoms. Further analyses supported specific patterns of emotional security/insecurity (i.e., security, disengagement, preoccupation) as mediators between family conflict and specific domains of adolescent adjustment. Family conflict was thus found to prospectively predict the development of symptoms of multiple specific adjustment problems, including symptoms of depression, anxiety, conduct problems, and peer problems, by elevating in in adolescent’s emotional insecurity about the family system. The clinical implications of these findings are considered. PMID:25131144

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Information and Restricted Data. 95.35 Section 95.35 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a...

Approach to estimation of level of information security at enterprise based on genetic algorithm

NASA Astrophysics Data System (ADS)

V, Stepanov L.; V, Parinov A.; P, Korotkikh L.; S, Koltsov A.

2018-05-01

In the article, the way of formalization of different types of threats of information security and vulnerabilities of an information system of the enterprise and establishment is considered. In a type of complexity of ensuring information security of application of any new organized system, the concept and decisions in the sphere of information security are expedient. One of such approaches is the method of a genetic algorithm. For the enterprises of any fields of activity, the question of complex estimation of the level of security of information systems taking into account the quantitative and qualitative factors characterizing components of information security is relevant.

17 CFR 249.1001 - Form SIP, for application for registration as a securities information processor or to amend such...

Code of Federal Regulations, 2011 CFR

2011-04-01

... registration as a securities information processor or to amend such an application or registration. 249.1001..., SECURITIES EXCHANGE ACT OF 1934 Form for Registration of, and Reporting by Securities Information Processors § 249.1001 Form SIP, for application for registration as a securities information processor or to amend...

17 CFR 249.1001 - Form SIP, for application for registration as a securities information processor or to amend such...

Code of Federal Regulations, 2010 CFR

2010-04-01

... registration as a securities information processor or to amend such an application or registration. 249.1001..., SECURITIES EXCHANGE ACT OF 1934 Form for Registration of, and Reporting by Securities Information Processors § 249.1001 Form SIP, for application for registration as a securities information processor or to amend...

NINJA: a noninvasive framework for internal computer security hardening

NASA Astrophysics Data System (ADS)

Allen, Thomas G.; Thomson, Steve

2004-07-01

Vulnerabilities are a growing problem in both the commercial and government sector. The latest vulnerability information compiled by CERT/CC, for the year ending Dec. 31, 2002 reported 4129 vulnerabilities representing a 100% increase over the 2001 [1] (the 2003 report has not been published at the time of this writing). It doesn"t take long to realize that the growth rate of vulnerabilities greatly exceeds the rate at which the vulnerabilities can be fixed. It also doesn"t take long to realize that our nation"s networks are growing less secure at an accelerating rate. As organizations become aware of vulnerabilities they may initiate efforts to resolve them, but quickly realize that the size of the remediation project is greater than their current resources can handle. In addition, many IT tools that suggest solutions to the problems in reality only address "some" of the vulnerabilities leaving the organization unsecured and back to square one in searching for solutions. This paper proposes an auditing framework called NINJA (acronym for Network Investigation Notification Joint Architecture) for noninvasive daily scanning/auditing based on common security vulnerabilities that repeatedly occur in a network environment. This framework is used for performing regular audits in order to harden an organizations security infrastructure. The framework is based on the results obtained by the Network Security Assessment Team (NSAT) which emulates adversarial computer network operations for US Air Force organizations. Auditing is the most time consuming factor involved in securing an organization's network infrastructure. The framework discussed in this paper uses existing scripting technologies to maintain a security hardened system at a defined level of performance as specified by the computer security audit team. Mobile agents which were under development at the time of this writing are used at a minimum to improve the noninvasiveness of our scans. In general, noninvasive scans with an adequate framework performed on a daily basis reduce the amount of security work load as well as the timeliness in performing remediation, as verified by the NINJA framework. A vulnerability assessment/auditing architecture based on mobile agent technology is proposed and examined at the end of the article as an enhancement to the current NINJA architecture.

46 CFR 503.52 - Senior agency official.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 9 2011-10-01 2011-10-01 false Senior agency official. 503.52 Section 503.52 Shipping FEDERAL MARITIME COMMISSION GENERAL AND ADMINISTRATIVE PROVISIONS PUBLIC INFORMATION Information Security...'s information security program, which includes oversight (self-inspection) and security information...

Autonomous Information Unit: Why Making Data Smart Can also Make Data Secured?

NASA Technical Reports Server (NTRS)

Chow, Edward T.

2006-01-01

In this paper, we introduce a new fine-grain distributed information protection mechanism which can self-protect, self-discover, self-organize, and self-manage. In our approach, we decompose data into smaller pieces and provide individualized protection. We also provide a policy control mechanism to allow 'smart' access control and context based re-assembly of the decomposed data. By combining smart policy with individually protected data, we are able to provide better protection of sensitive information and achieve more flexible access during emergency conditions. As a result, this new fine-grain protection mechanism can enable us to achieve better solutions for problems such as distributed information protection and identity theft.

75 FR 10507 - Information Security Oversight Office; National Industrial Security Program Policy Advisory...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-08

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... individuals planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later...

Postselection technique for quantum channels with applications to quantum cryptography.

PubMed

Christandl, Matthias; König, Robert; Renner, Renato

2009-01-16

We propose a general method for studying properties of quantum channels acting on an n-partite system, whose action is invariant under permutations of the subsystems. Our main result is that, in order to prove that a certain property holds for an arbitrary input, it is sufficient to consider the case where the input is a particular de Finetti-type state, i.e., a state which consists of n identical and independent copies of an (unknown) state on a single subsystem. Our technique can be applied to the analysis of information-theoretic problems. For example, in quantum cryptography, we get a simple proof for the fact that security of a discrete-variable quantum key distribution protocol against collective attacks implies security of the protocol against the most general attacks. The resulting security bounds are tighter than previously known bounds obtained with help of the exponential de Finetti theorem.

Sustainable Food Security in the Mountains of Pakistan: Towards a Policy Framework.

PubMed

Rasul, Golam; Hussain, Abid

2015-01-01

The nature and causes of food and livelihood security in mountain areas are quite different to those in the plains. Rapid socioeconomic and environmental changes added to the topographical constraints have exacerbated the problem of food insecurity in the Hindu Kush-Himalayan (HKH) region. In Pakistan, food insecurity is significantly higher in the mountain areas than in the plains as a result of a range of biophysical and socioeconomic factors. The potential of mountain niche products such as fruit, nuts, and livestock has remained underutilized. Moreover, the opportunities offered by globalization, market integration, remittances, and non-farm income have not been fully tapped. This paper analyzes the opportunities and challenges of food security in Pakistan's mountain areas, and outlines a framework for addressing the specific issues in terms of four different types of area differentiated by agro-ecological potential and access to markets, information, and institutional services.

Realization and optimization of AES algorithm on the TMS320DM6446 based on DaVinci technology

NASA Astrophysics Data System (ADS)

Jia, Wen-bin; Xiao, Fu-hai

2013-03-01

The application of AES algorithm in the digital cinema system avoids video data to be illegal theft or malicious tampering, and solves its security problems. At the same time, in order to meet the requirements of the real-time, scene and transparent encryption of high-speed data streams of audio and video in the information security field, through the in-depth analysis of AES algorithm principle, based on the hardware platform of TMS320DM6446, with the software framework structure of DaVinci, this paper proposes the specific realization methods of AES algorithm in digital video system and its optimization solutions. The test results show digital movies encrypted by AES128 can not play normally, which ensures the security of digital movies. Through the comparison of the performance of AES128 algorithm before optimization and after, the correctness and validity of improved algorithm is verified.

Job-related motivational factors among Malaysian employees.

PubMed

Manshor, Amat Taap; Abdullah, Adilah

2002-12-01

This study identified job-related motivational factors among Malaysian employees in several telecommunication companies. Responses were obtained from 1,179 employees at all levels up to senior managers and six different functional divisions, sales and marketing, human resources, finance, technical, information, technology, and support division. All employees were asked to rate the importance of Kovach's 10 job-motivational factors. These factors were good wages, job security, opportunity for career growth in the organization, good working conditions, interesting work, company loyalty to employees, tactful discipline, full appreciation of work done, sympathetic help with personal problems, and feeling of being involved in the organization. The top five factors employees identified as motivating them in their jobs were good wages, job security, company loyalty to employees, good working conditions, and full appreciation for work done. Findings were in accordance with Kovach for U.S. employees, in which the top motivational factors were good wages and job security.

Rebuilding and the private cloud of the hospital information system by the virtualization technology.

PubMed

Yamashita, Yoshinori; Ogaito, Tatoku

2013-01-01

In our hospital, we managed an electronic health record system and many section subsystems as a hospital information system. By the expansion of these information systems, a system becomes complicated, and maintenance and operative cost increased. Furthermore, the environment that is available to medical information is demanded anywhere anytime by expansion of the computerization. However, the expansion of the information use becomes necessary for the expansion such as the personal protection of information for security. We became rebuilding and the private cloud of the hospital information system by the virtualization technology to solve such a problem. As a result, we were able to perform a decrease in number of the servers which constituted a system, a decrease in network traffic, reduction of the operative cost.

A wavelet domain adaptive image watermarking method based on chaotic encryption

NASA Astrophysics Data System (ADS)

Wei, Fang; Liu, Jian; Cao, Hanqiang; Yang, Jun

2009-10-01

A digital watermarking technique is a specific branch of steganography, which can be used in various applications, provides a novel way to solve security problems for multimedia information. In this paper, we proposed a kind of wavelet domain adaptive image digital watermarking method using chaotic stream encrypt and human eye visual property. The secret information that can be seen as a watermarking is hidden into a host image, which can be publicly accessed, so the transportation of the secret information will not attract the attention of illegal receiver. The experimental results show that the method is invisible and robust against some image processing.

Advanced information society(7)

NASA Astrophysics Data System (ADS)

Chiba, Toshihiro

Various threats are hiding in advanced informationalized society. As we see car accident problems in motorization society light aspects necessarily accompy shady ones. Under the changing circumstances of advanced informationalization added values of information has become much higher. It causes computer crime, hacker, computer virus to come to the surface. In addition it can be said that infringement of intellectual property and privacy are threats brought by advanced information. Against these threats legal, institutional and insurance measures have been progressed, and newly security industry has been established. However, they are not adequate individually or totally. The future vision should be clarified, and countermeasures according to the visions have to be considered.

6 CFR 7.27 - Declassification and downgrading.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY INFORMATION Classified Information § 7.27 Declassification and downgrading. (a) Classified... Security Officer. (b) Information shall be declassified or downgraded by the official who authorized the... Secretary of Homeland Security or the Chief Security Officer. (c) It is presumed that information that...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2013 CFR

2013-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2013-01-01 2013-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2014 CFR

2014-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2014-01-01 2014-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

78 FR 26057 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-03

... Information Collection Activity Under OMB Review: Pipeline Corporate Security Review AGENCY: Transportation.... Information Collection Requirement Title: Pipeline Corporate Security Review (PCSR). Type of Request... current industry security practices through its Pipeline Corporate Security Review (PCSR) program. The...

Information Security Management (ISM)

NASA Astrophysics Data System (ADS)

Šalgovičová, Jarmila; Prajová, Vanessa

2012-12-01

Currently, all organizations have to tackle the issue of information security. The paper deals with various aspects of Information Security Management (ISM), including procedures, processes, organizational structures, policies and control processes. Introduction of Information Security Management should be a strategic decision. The concept and implementation of Information Security Management in an organization are determined by the corporate needs and objectives, security requirements, the processes deployed as well as the size and structure of the organization. The implementation of ISM should be carried out to the extent consistent with the needs of the organization.

Secure Internet video conferencing for assessing acute medical problems in a nursing facility.

PubMed Central

Weiner, M.; Schadow, G.; Lindbergh, D.; Warvel, J.; Abernathy, G.; Dexter, P.; McDonald, C. J.

2001-01-01

Although video-based teleconferencing is becoming more widespread in the medical profession, especially for scheduled consultations, applications for rapid assessment of acute medical problems are rare. Use of such a video system in a nursing facility may be especially beneficial, because physicians are often not immediately available to evaluate patients. We have assembled and tested a portable, wireless conferencing system to prepare for a randomized trial of the system s influence on resource utilization and satisfaction. The system includes a rolling cart with video conferencing hardware and software, a remotely controllable digital camera, light, wireless network, and battery. A semi-automated paging system informs physicians of patient s study status and indications for conferencing. Data transmission occurs wirelessly in the nursing home and then through Internet cables to the physician s home. This provides sufficient bandwidth to support quality motion images. IPsec secures communications. Despite human and technical challenges, this system is affordable and functional. Images Figure 1 PMID:11825286

Information security of power enterprises of North-Arctic region

NASA Astrophysics Data System (ADS)

Sushko, O. P.

2018-05-01

The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

Disaster at a University: A Case Study in Information Security

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Tyks, Jonathan

2012-01-01

Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

Information Leakage Analysis by Abstract Interpretation

NASA Astrophysics Data System (ADS)

Zanioli, Matteo; Cortesi, Agostino

Protecting the confidentiality of information stored in a computer system or transmitted over a public network is a relevant problem in computer security. The approach of information flow analysis involves performing a static analysis of the program with the aim of proving that there will not be leaks of sensitive information. In this paper we propose a new domain that combines variable dependency analysis, based on propositional formulas, and variables' value analysis, based on polyhedra. The resulting analysis is strictly more accurate than the state of the art abstract interpretation based analyses for information leakage detection. Its modular construction allows to deal with the tradeoff between efficiency and accuracy by tuning the granularity of the abstraction and the complexity of the abstract operators.

Security in Father-child Relationship and Behavior Problems in Sexually Abused Children.

PubMed

Parent-Boursier, Claudel; Hébert, Martine

2015-01-01

While the influence of mother-child relationships on children's recovery following sexual abuse has been documented, less is known about the possible contribution of father-child relationships on outcomes. The present study explored the contribution of children's perception of security in their relationship to the father on internalizing and externalizing behavior problems, while controlling for sociodemographic variables and variables associated with the mother-child relationship. Participants were 142 children who disclosed sexual abuse involving a perpetrator other than the biological father. Regression analyses indicated that children's perception of security to fathers contributed to the prediction of parental reports of children's behavior problems, even after controlling for maternal psychological distress and perception of security to mothers.

The old age health security in rural China: where to go?

PubMed

Dai, Baozhen

2015-11-04

The huge number of rural elders and the deepening health problems (e.g. growing threats of infectious diseases and chronic diseases etc.) place enormous pressure on old age health security in rural China. This study aims to provide information for policy-makers to develop effective measures for promoting rural elders' health care service access by examining the current developments and challenges confronted by the old age health security in rural China. Search resources are electronic databases, web pages of the National Bureau of Statistics of China and the National Health and Family Planning Commission of China on the internet, China Population and Employment Statistics Yearbook, China Civil Affairs' Statistical Yearbook and China Health Statistics Yearbooks etc. Articles were identified from Elsevier, Wiley, EBSCO, EMBASE, PubMed, SCI Expanded, ProQuest, and National Knowledge Infrastructure of China (CNKI) which is the most informative database in Chinese. Search terms were "rural", "China", "health security", "cooperative medical scheme", "social medical assistance", "medical insurance" or "community based medical insurance", "old", or "elder", "elderly", or "aged", "aging". Google scholar was searched with the same combination of keywords. The results showed that old age health security in rural China had expanded to all rural elders and substantially improved health care service utilization among rural elders. Increasing chronic disease prevalence rates, pressing public health issues, inefficient rural health care service provision system and lack of sufficient financing challenged the old age health security in rural China. Increasing funds from the central and regional governments for old age health security in rural China will contribute to reducing urban-rural disparities in provision of old age health security and increasing health equity among rural elders between different regions. Meanwhile, initiating provider payment reform may contribute to improving the efficiency of rural health care service provision system and promoting health care service access among rural elders.

6 CFR 7.12 - Violations of classified information requirements.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Violations of classified information requirements. 7.12 Section 7.12 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION Administration § 7.12 Violations of classified information...

78 FR 77484 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline System Operator...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-23

... Federal agency for pipeline security, it is important for TSA to have contact information for company... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 1 2011-07-01 2011-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

75 FR 38595 - Guidance to States Regarding Driver History Record Information Security, Continuity of Operation...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-02

... Standards and Technology's (NIST) Computer Security Division maintains a Computer Security Resource Center... Regarding Driver History Record Information Security, Continuity of Operation Planning, and Disaster... (SDLAs) to support their efforts at maintaining the security of information contained in the driver...

14 CFR 1203.409 - Exceptional cases.

Code of Federal Regulations, 2010 CFR

2010-01-01

....409 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM... Information Security Program Committee, Security Division, Washington, DC 20546 for a classification..., to the Director, Information Security Oversight Office, GSA, for a determination. ...

The ISACA Business Model for Information Security: An Integrative and Innovative Approach

NASA Astrophysics Data System (ADS)

von Roessing, Rolf

In recent years, information security management has matured into a professional discipline that covers both technical and managerial aspects in an organisational environment. Information security is increasingly dependent on business-driven parameters and interfaces to a variety of organisational units and departments. In contrast, common security models and frameworks have remained largely technical. A review of extant models ranging from [LaBe73] to more recent models shows that technical aspects are covered in great detail, while the managerial aspects of security are often neglected.Likewise, the business view on organisational security is frequently at odds with the demands of information security personnel or information technology management. In practice, senior and executive level management remain comparatively distant from technical requirements. As a result, information security is generally regarded as a cost factor rather than a benefit to the organisation.

Evaluating the Use of Remote Sensing Data in the USAID Famine Early Warning Systems Network

NASA Technical Reports Server (NTRS)

Brown, Molly E.; Brickley, Elizabeth B.

2011-01-01

The US Agency for International Development (USAID) s Famine Early Warning System Network (FEWS NET) provides monitoring and early warning support to decision makers responsible for responding to food insecurity emergencies on three continents. FEWS NET uses satellite remote sensing and ground observations of rainfall and vegetation in order to provide information on drought, floods and other extreme weather events to decision makers. Previous research has presented results from a professional review questionnaire with FEWS NET expert end-users whose focus was to elicit Earth observation requirements. The review provided FEWS NET operational requirements and assessed the usefulness of additional remote sensing data. Here we analyzed 1342 food security update reports from FEWS NET. The reports consider the biophysical, socioeconomic, and contextual influences on the food security in 17 countries in Africa from 2000-2009. The objective was to evaluate the use of remote sensing information in comparison with other important factors in the evaluation of food security crises. The results show that all 17 countries use rainfall information, agricultural production statistics, food prices and food access parameters in their analysis of food security problems. The reports display large scale patterns that are strongly related to history of the FEWS NET program in each country. We found that rainfall data was used 84% of the time, remote sensing of vegetation 28% of the time, and gridded crop models 10%, reflecting the length of use of each product in the regions. More investment is needed in training personnel on remote sensing products to improve use of data products throughout the FEWS NET system.

Evaluation of internet-based technology for supporting self-care: problems encountered by patients and caregivers when using self-care applications.

PubMed

Nijland, Nicol; van Gemert-Pijnen, Julia; Boer, Henk; Steehouder, Michaël F; Seydel, Erwin R

2008-05-15

Prior studies have shown that many patients are interested in Internet-based technology that enables them to control their own care. As a result, innovative eHealth services are evolving rapidly, including self-assessment tools and secure patient-caregiver email communication. It is interesting to explore how these technologies can be used for supporting self-care. The aim of this study was to determine user-centered criteria for successful application of Internet-based technology used in primary care for supporting self-care. We conducted scenario-based tests combined with in-depth interviews among 14 caregivers and 14 patients/consumers to describe the use of various self-care applications and the accompanying user problems. We focused on the user-friendliness of the applications, the quality of care provided by the applications, and the implementation of the applications in practice. Problems with the user-friendliness of the self-care applications concerned inadequate navigation structures and search options and lack of feedback features. Patients want to retrieve health information with as little effort as possible; however, the navigation and search functionalities of the applications appeared incapable of handling patients' health complaints efficiently. Among caregivers, the lack of feedback and documentation possibilities caused inconvenience. Caregivers wanted to know how patients acted on their advice, but the applications did not offer an adequate feedback feature. Quality of care problems were mainly related to insufficient tailoring of information to patients' needs and to efficiency problems. Patients expected personalized advice to control their state of health, but the applications failed to deliver this. Language (semantics) also appeared as an obstacle to providing appropriate and useful self-care advice. Caregivers doubted the reliability of the computer-generated information and the efficiency and effectiveness of secure email consultation. Legal or ethical issues with respect to possible misuse of email consultation also caused concerns. Implementation problems were mainly experienced by caregivers due to unclear policy on email consultation and the lack of training for email consultations. Patients' and caregivers' expectations did not correspond with their experiences of the use of the Internet-based applications for self-care. Patients thought that the applications would support them in solving their health problems. Caregivers were more reserved about the applications because of medico-legal concerns about misuse. However, the applications failed to support self-care because eHealth is more than just a technological intervention. The design of the applications should include a way of thinking about how to deliver health care with the aid of technology. The most powerful application for self-care was secure email consultation, combined with a suitable triage mechanism to empower patients' self-awareness. Future research should focus on the effectiveness of such Web-based triage mechanisms for medical complaints and on the development of interactive features to enhance patients' self-care.

Evaluation of Internet-Based Technology for Supporting Self-Care: Problems Encountered by Patients and Caregivers When Using Self-Care Applications

PubMed Central

van Gemert-Pijnen, Julia; Boer, Henk; Steehouder, Michaël F; Seydel, Erwin R

2008-01-01

Background Prior studies have shown that many patients are interested in Internet-based technology that enables them to control their own care. As a result, innovative eHealth services are evolving rapidly, including self-assessment tools and secure patient-caregiver email communication. It is interesting to explore how these technologies can be used for supporting self-care. Objective The aim of this study was to determine user-centered criteria for successful application of Internet-based technology used in primary care for supporting self-care. Methods We conducted scenario-based tests combined with in-depth interviews among 14 caregivers and 14 patients/consumers to describe the use of various self-care applications and the accompanying user problems. We focused on the user-friendliness of the applications, the quality of care provided by the applications, and the implementation of the applications in practice. Results Problems with the user-friendliness of the self-care applications concerned inadequate navigation structures and search options and lack of feedback features. Patients want to retrieve health information with as little effort as possible; however, the navigation and search functionalities of the applications appeared incapable of handling patients’ health complaints efficiently. Among caregivers, the lack of feedback and documentation possibilities caused inconvenience. Caregivers wanted to know how patients acted on their advice, but the applications did not offer an adequate feedback feature. Quality of care problems were mainly related to insufficient tailoring of information to patients’ needs and to efficiency problems. Patients expected personalized advice to control their state of health, but the applications failed to deliver this. Language (semantics) also appeared as an obstacle to providing appropriate and useful self-care advice. Caregivers doubted the reliability of the computer-generated information and the efficiency and effectiveness of secure email consultation. Legal or ethical issues with respect to possible misuse of email consultation also caused concerns. Implementation problems were mainly experienced by caregivers due to unclear policy on email consultation and the lack of training for email consultations. Conclusions Patients’ and caregivers’ expectations did not correspond with their experiences of the use of the Internet-based applications for self-care. Patients thought that the applications would support them in solving their health problems. Caregivers were more reserved about the applications because of medico-legal concerns about misuse. However, the applications failed to support self-care because eHealth is more than just a technological intervention. The design of the applications should include a way of thinking about how to deliver health care with the aid of technology. The most powerful application for self-care was secure email consultation, combined with a suitable triage mechanism to empower patients’ self-awareness. Future research should focus on the effectiveness of such Web-based triage mechanisms for medical complaints and on the development of interactive features to enhance patients’ self-care. PMID:18487137

Target tracking and surveillance by fusing stereo and RFID information

NASA Astrophysics Data System (ADS)

Raza, Rana H.; Stockman, George C.

2012-06-01

Ensuring security in high risk areas such as an airport is an important but complex problem. Effectively tracking personnel, containers, and machines is a crucial task. Moreover, security and safety require understanding the interaction of persons and objects. Computer vision (CV) has been a classic tool; however, variable lighting, imaging, and random occlusions present difficulties for real-time surveillance, resulting in erroneous object detection and trajectories. Determining object ID via CV at any instance of time in a crowded area is computationally prohibitive, yet the trajectories of personnel and objects should be known in real time. Radio Frequency Identification (RFID) can be used to reliably identify target objects and can even locate targets at coarse spatial resolution, while CV provides fuzzy features for target ID at finer resolution. Our research demonstrates benefits obtained when most objects are "cooperative" by being RFID tagged. Fusion provides a method to simplify the correspondence problem in 3D space. A surveillance system can query for unique object ID as well as tag ID information, such as target height, texture, shape and color, which can greatly enhance scene analysis. We extend geometry-based tracking so that intermittent information on ID and location can be used in determining a set of trajectories of N targets over T time steps. We show that partial-targetinformation obtained through RFID can reduce computation time (by 99.9% in some cases) and also increase the likelihood of producing correct trajectories. We conclude that real-time decision-making should be possible if the surveillance system can integrate information effectively between the sensor level and activity understanding level.

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2014 CFR

2014-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2011 CFR

2011-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2012 CFR

2012-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2013 CFR

2013-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

Mobile code security

NASA Astrophysics Data System (ADS)

Ramalingam, Srikumar

2001-11-01

A highly secure mobile agent system is very important for a mobile computing environment. The security issues in mobile agent system comprise protecting mobile hosts from malicious agents, protecting agents from other malicious agents, protecting hosts from other malicious hosts and protecting agents from malicious hosts. Using traditional security mechanisms the first three security problems can be solved. Apart from using trusted hardware, very few approaches exist to protect mobile code from malicious hosts. Some of the approaches to solve this problem are the use of trusted computing, computing with encrypted function, steganography, cryptographic traces, Seal Calculas, etc. This paper focuses on the simulation of some of these existing techniques in the designed mobile language. Some new approaches to solve malicious network problem and agent tampering problem are developed using public key encryption system and steganographic concepts. The approaches are based on encrypting and hiding the partial solutions of the mobile agents. The partial results are stored and the address of the storage is destroyed as the agent moves from one host to another host. This allows only the originator to make use of the partial results. Through these approaches some of the existing problems are solved.

49 CFR 1549.109 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SCREENING PROGRAM Operations § 1549.109 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify certified cargo screening facilities of security concerns. (b) When TSA...

49 CFR 1544.305 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SECURITY: AIR CARRIERS AND COMMERCIAL OPERATORS Threat and Threat Response § 1544.305 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify aircraft operators of...

36 CFR 1256.70 - What controls access to national security-classified information?

Code of Federal Regulations, 2010 CFR

2010-07-01

... national security-classified information? 1256.70 Section 1256.70 Parks, Forests, and Public Property... HISTORICAL MATERIALS Access to Materials Containing National Security-Classified Information § 1256.70 What controls access to national security-classified information? (a) The declassification of and public access...

Efficient Privacy-Aware Record Integration.

PubMed

Kuzu, Mehmet; Kantarcioglu, Murat; Inan, Ali; Bertino, Elisa; Durham, Elizabeth; Malin, Bradley

2013-01-01

The integration of information dispersed among multiple repositories is a crucial step for accurate data analysis in various domains. In support of this goal, it is critical to devise procedures for identifying similar records across distinct data sources. At the same time, to adhere to privacy regulations and policies, such procedures should protect the confidentiality of the individuals to whom the information corresponds. Various private record linkage (PRL) protocols have been proposed to achieve this goal, involving secure multi-party computation (SMC) and similarity preserving data transformation techniques. SMC methods provide secure and accurate solutions to the PRL problem, but are prohibitively expensive in practice, mainly due to excessive computational requirements. Data transformation techniques offer more practical solutions, but incur the cost of information leakage and false matches. In this paper, we introduce a novel model for practical PRL, which 1) affords controlled and limited information leakage, 2) avoids false matches resulting from data transformation. Initially, we partition the data sources into blocks to eliminate comparisons for records that are unlikely to match. Then, to identify matches, we apply an efficient SMC technique between the candidate record pairs. To enable efficiency and privacy, our model leaks a controlled amount of obfuscated data prior to the secure computations. Applied obfuscation relies on differential privacy which provides strong privacy guarantees against adversaries with arbitrary background knowledge. In addition, we illustrate the practical nature of our approach through an empirical analysis with data derived from public voter records.

An efficient biometric and password-based remote user authentication using smart card for Telecare Medical Information Systems in multi-server environment.

PubMed

Maitra, Tanmoy; Giri, Debasis

2014-12-01

The medical organizations have introduced Telecare Medical Information System (TMIS) to provide a reliable facility by which a patient who is unable to go to a doctor in critical or urgent period, can communicate to a doctor through a medical server via internet from home. An authentication mechanism is needed in TMIS to hide the secret information of both parties, namely a server and a patient. Recent research includes patient's biometric information as well as password to design a remote user authentication scheme that enhances the security level. In a single server environment, one server is responsible for providing services to all the authorized remote patients. However, the problem arises if a patient wishes to access several branch servers, he/she needs to register to the branch servers individually. In 2014, Chuang and Chen proposed an remote user authentication scheme for multi-server environment. In this paper, we have shown that in their scheme, an non-register adversary can successfully logged-in into the system as a valid patient. To resist the weaknesses, we have proposed an authentication scheme for TMIS in multi-server environment where the patients can register to a root telecare server called registration center (RC) in one time to get services from all the telecare branch servers through their registered smart card. Security analysis and comparison shows that our proposed scheme provides better security with low computational and communication cost.

A Double Chaotic Layer Encryption Algorithm for Clinical Signals in Telemedicine.

PubMed

Murillo-Escobar, M A; Cardoza-Avendaño, L; López-Gutiérrez, R M; Cruz-Hernández, C

2017-04-01

Recently, telemedicine offers medical services remotely via telecommunications systems and physiological monitoring devices. This scheme provides healthcare delivery services between physicians and patients conveniently, since some patients can not attend the hospital due to any reason. However, transmission of information over an insecure channel such as internet or private data storing generates a security problem. Therefore, authentication, confidentiality, and privacy are important challenges in telemedicine, where only authorized users should have access to medical or clinical records. On the other hand, chaotic systems have been implemented efficiently in cryptographic systems to provide confidential and privacy. In this work, we propose a novel symmetric encryption algorithm based on logistic map with double chaotic layer encryption (DCLE) in diffusion process and just one round of confusion-diffusion for the confidentiality and privacy of clinical information such as electrocardiograms (ECG), electroencephalograms (EEG), and blood pressure (BP) for applications in telemedicine. The clinical signals are acquired from PhysioBank data base for encryption proposes and analysis. In contrast with recent schemes in literature, we present a secure cryptographic algorithm based on chaos validated with the most complete security analysis until this time. In addition, the cryptograms are validated with the most complete pseudorandomness tests based on National Institute of Standards and Technology (NIST) 800-22 suite. All results are at MATLAB simulations and all them show the effectiveness, security, robustness, and the potential use of the proposed scheme in telemedicine.

Security inspection in ports by anomaly detection using hyperspectral imaging technology

NASA Astrophysics Data System (ADS)

Rivera, Javier; Valverde, Fernando; Saldaña, Manuel; Manian, Vidya

2013-05-01

Applying hyperspectral imaging technology in port security is crucial for the detection of possible threats or illegal activities. One of the most common problems that cargo suffers is tampering. This represents a danger to society because it creates a channel to smuggle illegal and hazardous products. If a cargo is altered, security inspections on that cargo should contain anomalies that reveal the nature of the tampering. Hyperspectral images can detect anomalies by gathering information through multiple electromagnetic bands. The spectrums extracted from these bands can be used to detect surface anomalies from different materials. Based on this technology, a scenario was built in which a hyperspectral camera was used to inspect the cargo for any surface anomalies and a user interface shows the results. The spectrum of items, altered by different materials that can be used to conceal illegal products, is analyzed and classified in order to provide information about the tampered cargo. The image is analyzed with a variety of techniques such as multiple features extracting algorithms, autonomous anomaly detection, and target spectrum detection. The results will be exported to a workstation or mobile device in order to show them in an easy -to-use interface. This process could enhance the current capabilities of security systems that are already implemented, providing a more complete approach to detect threats and illegal cargo.

Does standard deviation matter? Using "standard deviation" to quantify security of multistage testing.

PubMed

Wang, Chun; Zheng, Yi; Chang, Hua-Hua

2014-01-01

With the advent of web-based technology, online testing is becoming a mainstream mode in large-scale educational assessments. Most online tests are administered continuously in a testing window, which may post test security problems because examinees who take the test earlier may share information with those who take the test later. Researchers have proposed various statistical indices to assess the test security, and one most often used index is the average test-overlap rate, which was further generalized to the item pooling index (Chang & Zhang, 2002, 2003). These indices, however, are all defined as the means (that is, the expected proportion of common items among examinees) and they were originally proposed for computerized adaptive testing (CAT). Recently, multistage testing (MST) has become a popular alternative to CAT. The unique features of MST make it important to report not only the mean, but also the standard deviation (SD) of test overlap rate, as we advocate in this paper. The standard deviation of test overlap rate adds important information to the test security profile, because for the same mean, a large SD reflects that certain groups of examinees share more common items than other groups. In this study, we analytically derived the lower bounds of the SD under MST, with the results under CAT as a benchmark. It is shown that when the mean overlap rate is the same between MST and CAT, the SD of test overlap tends to be larger in MST. A simulation study was conducted to provide empirical evidence. We also compared the security of MST under the single-pool versus the multiple-pool designs; both analytical and simulation studies show that the non-overlapping multiple-pool design will slightly increase the security risk.

DNA based random key generation and management for OTP encryption.

PubMed

Zhang, Yunpeng; Liu, Xin; Sun, Manhui

2017-09-01

One-time pad (OTP) is a principle of key generation applied to the stream ciphering method which offers total privacy. The OTP encryption scheme has proved to be unbreakable in theory, but difficult to realize in practical applications. Because OTP encryption specially requires the absolute randomness of the key, its development has suffered from dense constraints. DNA cryptography is a new and promising technology in the field of information security. DNA chromosomes storing capabilities can be used as one-time pad structures with pseudo-random number generation and indexing in order to encrypt the plaintext messages. In this paper, we present a feasible solution to the OTP symmetric key generation and transmission problem with DNA at the molecular level. Through recombinant DNA technology, by using only sender-receiver known restriction enzymes to combine the secure key represented by DNA sequence and the T vector, we generate the DNA bio-hiding secure key and then place the recombinant plasmid in implanted bacteria for secure key transmission. The designed bio experiments and simulation results show that the security of the transmission of the key is further improved and the environmental requirements of key transmission are reduced. Analysis has demonstrated that the proposed DNA-based random key generation and management solutions are marked by high security and usability. Published by Elsevier B.V.

A Low-Cost and Secure Solution for e-Commerce

NASA Astrophysics Data System (ADS)

Pasquet, Marc; Vacquez, Delphine; Rosenberger, Christophe

We present in this paper a new architecture for remote banking and e-commerce applications. The proposed solution is designed to be low cost and provides some good guarantees of security for a client and his bank issuer. Indeed, the main problem for an issuer is to identify and authenticate one client (a cardholder) using his personal computer through the web when this client wants to access to remote banking services or when he wants to pay on a e-commerce site equipped with 3D-secure payment solution. The proposed solution described in this paper is MasterCard Chip Authentication Program compliant and was experimented in the project called SOPAS. The main contribution of this system consists in the use of a smartcard with a I2C bus that pilots a terminal only equipped with a screen and a keyboard. During the use of services, the user types his PIN code on the keyboard and all the security part of the transaction is performed by the chip of the smartcard. None information of security stays on the personal computer and a dynamic token created by the card is sent to the bank and verified by the front end. We present first the defined methodology and we analyze the main security aspects of the proposed solution.

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.911 Admissibility of restricted data or other national security information. A presiding officer shall not receive any Restricted Data...

10 CFR 2.903 - Protection of restricted data and national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national security information. Nothing in this subpart shall relieve any person from safeguarding Restricted Data or National Security Information in accordance with the applicable provisions of laws of the United States and...

Examining the Relationship between Organization Systems and Information Security Awareness

ERIC Educational Resources Information Center

Tintamusik, Yanarong

2010-01-01

The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

Information Sharing for IT Security Professionals

ERIC Educational Resources Information Center

Petersen, Rodney J.

2008-01-01

Information sharing is a core value for information technology (IT) security professionals. It is also a familiar concept for those who work at institutions of higher education because of their long history of collaboration and openness. Information sharing has become part of the national fabric as IT security professionals attempt to secure cyber…

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.911 Admissibility of restricted data or other national security information. A presiding officer shall not receive any Restricted Data...

12 CFR Appendix B to Part 170 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2014 CFR

2014-01-01

... Security Standards B Appendix B to Part 170 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF... Part 170—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of...

12 CFR Appendix B to Part 170 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2013 CFR

2013-01-01

... Security Standards B Appendix B to Part 170 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF... Part 170—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of...

Research on Decision-Making Support of Chineserural Land Tenure Information System

NASA Astrophysics Data System (ADS)

Tan, Jun; Su, Hongyou

Since 1949, the information of land tenure has a positive effect on defining the scope of collective land and state-owned land, implementing the system of cultivated land protection and land use control, designing general land use planning, etc. But as the economic and social development, the existing land tenure information is not appropriate anymore and results in many problems. The emphasis in the near future should be placed on establishing rural land tenure information system including cadastral management system, the uniform property registration system and cadastral management information system, defining the scope and content of various collective land ownership, securing peasants' land tenure rights, shortening the gap between urban and rural areas, all of which will guarantee the effective use of information of land tenure for the government's decision-making.

[How to establish the hospital information system security policies].

PubMed

Gong, Qing-Yue; Shi, Cheng

2008-03-01

It is important to establish the hospital information system security policies. While these security policies are being established, a comprehensive consideration should be given to the acceptable levels of users, IT supporters and hospital managers. We should have a formal policy designing process that is consistently followed by all security policies. Reasons for establishing the security policies and their coverage and applicable objects should be stated clearly. Besides, each policy should define user's responsibilities and penalties of violation. Every organization will need some key policies, such as of information sources usage, remote access, information protection, perimeter security, and baseline host/device security. Security managing procedures are the mechanisms to enforce the policies. An incident-handling procedure is the most important security managing procedure for all organizations.

46 CFR 503.59 - Safeguarding classified information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Information Security Program § 503.59 Safeguarding classified information. (a) All classified information... security; (2) Takes appropriate steps to protect classified information from unauthorized disclosure or... security check; (2) To protect the classified information in accordance with the provisions of Executive...

78 FR 73819 - Information Collection; Financial Information Security Request Form

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-09

... DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Financial Information Security... individuals and organizations on the extension with revision of a currently approved information collection, Financial Information Security Request Form. DATES: Comments must be received in writing on or before...

Informed consent: what does it mean?

PubMed Central

Kirby, M D

1983-01-01

The editorial in the September 1982 issue of this journal and many articles before and since have addressed the problem of informed consent. Is it possible? Is it a useful concept? Is there anything new to be said about it? In this article the basic rationale of the rule (patient autonomy) is explained and the extent of the rule explored. Various exceptions have been offered by the law and an attempt is made to catalogue the chief of these. A number of specially vulnerable groups are then identified, the most important, and vexed, being children. How can informed consent be secured in the case of young patients? Finally, a few problems are mentioned in an attempt to get this subject back to reality. The appeal to the principle primum non nocere may be medical paternalism in disguise. Informed consent is the competing principle that reminds us of the primacy of human autonomy. A pointer is given to the future: even the use of sound recordings to explain medical procedures and to activate informed consent so that it may become a reality and not just a lawyer's myth, should be considered. PMID:6876100

How ISO/IEC 17799 can be used for base lining information assurance among entities using data mining for defense, homeland security, commercial, and other civilian/commercial domains

NASA Astrophysics Data System (ADS)

Perry, William G.

2006-04-01

One goal of database mining is to draw unique and valid perspectives from multiple data sources. Insights that are fashioned from closely-held data stores are likely to possess a high degree of reliability. The degree of information assurance comes into question, however, when external databases are accessed, combined and analyzed to form new perspectives. ISO/IEC 17799, Information technology-Security techniques-Code of practice for information security management, can be used to establish a higher level of information assurance among disparate entities using data mining in the defense, homeland security, commercial and other civilian/commercial domains. Organizations that meet ISO/IEC information security standards have identified and assessed risks, threats and vulnerabilities and have taken significant proactive steps to meet their unique security requirements. The ISO standards address twelve domains: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management and business continuity management and compliance. Analysts can be relatively confident that if organizations are ISO 17799 compliant, a high degree of information assurance is likely to be a characteristic of the data sets being used. The reverse may be true. Extracting, fusing and drawing conclusions based upon databases with a low degree of information assurance may be wrought with all of the hazards that come from knowingly using bad data to make decisions. Using ISO/IEC 17799 as a baseline for information assurance can help mitigate these risks.

[The relationship between a sense of security and psychological problems in adolescents living in boarding schools and youth-welfare institutions].

PubMed

Seidler, Corinna; Rau, Thea; Allroggen, Marc

2018-05-01

The willingness to participate and a sense of security are important aspects to be fostered in the institutional care of adolescents. Although these aspects are increasingly being examined from the perspective of the affected adolescents, it has yet to be considered whether psychological problems can be attributed to their experiences with the above-mentioned aspects. A total of 216 adolescents aged 14 to 18 years answered an online questionnaire the sense of security in their institution and their perception of the institution. Their willingness to participate was also examined. Psychological symptoms were assessed with the Strengths and Difficulties Questionnaire Self-Report (SDQ-S). There is a significant correlation between sense of security and the overall SDQ score, with prosocial behavior, and with the positive perception of the institution. In addition, sense of security had a significant influence on the SDQ factors, the positive perception of the institution, and the items on the willingness to participate of the adolescents. The subsequent t-tests also showed significant results. Among other things, it was shown that the factor problems of adolescents is related to sense of security. The results provide an initial indication that there is a link between sense of security and psychological symptoms as well as willingness to participate and perception of the institution. Especially problems of adolescents in dealing with peers must be taken into account.in the development of protective concepts to increase the sense of security and their willingness to participate.

Information security for compliance with select agent regulations.

PubMed

Lewis, Nick; Campbell, Mark J; Baskin, Carole R

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

Information Security for Compliance with Select Agent Regulations

PubMed Central

Lewis, Nick; Campbell, Mark J.

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

78 FR 30319 - Intent to Request Renewal From OMB of One Current Public Collection of Information: Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-22

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration [Docket No. TSA-2002-11602] Intent to Request Renewal From OMB of One Current Public Collection of Information: Security Programs for..., Transportation Security Administration, 601 South 12th Street, Arlington, VA 20598-6011. FOR FURTHER INFORMATION...

Information Security Awareness On-Line Materials Design with Knowledge Maps

ERIC Educational Resources Information Center

Shaw, Ruey-Shiang; Keh, Huan-Chao; Huang, Nan-Ching; Huang, Tien-Chuan

2011-01-01

Information Security Awareness, though known as a primary and important issue in the domain of Information Security, CSI computer crime and security survey showed poor security awareness training in public and private sectors. In many studies, the authors have found that the usage of knowledge maps helps the process of learning and conception…

Assessing security technology's impact: old tools for new problems.

PubMed

Kreissl, Reinhard

2014-09-01

The general idea developed in this paper from a sociological perspective is that some of the foundational categories on which the debate about privacy, security and technology rests are blurring. This process is a consequence of a blurring of physical and digital worlds. In order to define limits for legitimate use of intrusive digital technologies, one has to refer to binary distinctions such as private versus public, human versus technical, security versus insecurity to draw differences determining limits for the use of surveillance technologies. These distinctions developed in the physical world and are rooted in a cultural understanding of pre-digital culture. Attempts to capture the problems emerging with the implementation of security technologies using legal reasoning encounter a number of problems since law is by definition oriented backwards, adapting new developments to existing traditions, whereas the intrusion of new technologies in the physical world produces changes and creates fundamentally new problems.

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability. Contracting Officers are responsible for ensuring that all information technology acquisitions comply with the Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

Security in Father-child Relationship and Behavior Problems in Sexually Abused Children

PubMed Central

Parent-Boursier, Claudel; Hébert, Martine

2017-01-01

While the influence of mother-child relationships on children’s recovery following sexual abuse has been documented, less is known about the possible contribution of father-child relationships on outcomes. The present study explored the contribution of children’s perception of security in their relationship to the father on internalizing and externalizing behavior problems, while controlling for sociodemographic variables and variables associated with the mother-child relationship. Participants were 142 children who disclosed sexual abuse involving a perpetrator other than the biological father. Regression analyses indicated that children’s perception of security to fathers contributed to the prediction of parental reports of children’s behavior problems, even after controlling for maternal psychological distress and perception of security to mothers. PMID:29321696

Integrating security in multiple, remote, and diverse facilities: how major health systems are meeting today's and tomorrow's technological and organizational challenges.

PubMed

1996-11-01

As the trend to mergers and diversification of healthcare facilities grows, so too does the challenge to security directors to effectively and efficiently protect not only acute care, emergency, and outpatient facilities, but physician office buildings, parking garages, long-term-care units, medical schools, technical service units, and even health clubs. Besides the different security and communications problems posed by each type of facility, the problem of distance between facilities and their geographic location must also be met. In this report, we'll update you on the approaches being taken by security and planning executives at three leading health systems and how they are dealing with current and future problems.

10 CFR 2.906 - Obligation of parties to avoid introduction of restricted data or national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... data or national security information. 2.906 Section 2.906 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.906 Obligation of parties to avoid introduction of restricted data or national security information. It is the...

22 CFR 9a.1 - Security of certain information and material related to the International Energy Program.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 22 Foreign Relations 1 2011-04-01 2011-04-01 false Security of certain information and material... GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL ENERGY PROGRAMS; RELATED MATERIAL § 9a.1 Security of certain information and material related to the International Energy Program...

10 CFR 2.913 - Review of Restricted Data or other National Security Information received in evidence.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.913 Review of Restricted Data or other National Security Information received in evidence. At the close of the reception of... National Security Information be expunged from the record where such expunction would not prejudice the...

10 CFR 2.907 - Notice of intent to introduce restricted data or national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... security information. 2.907 Section 2.907 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.907 Notice of intent to introduce restricted data or national security information. (a) If, at the time of publication of a notice...

17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

Code of Federal Regulations, 2011 CFR

2011-04-01

... information processors: form of application and amendments. 242.609 Section 242.609 Commodity and Securities....609 Registration of securities information processors: form of application and amendments. (a) An application for the registration of a securities information processor shall be filed on Form SIP (§ 249.1001...

17 CFR 140.20 - Designation of senior official to oversee Commission use of national security information.

Code of Federal Regulations, 2011 CFR

2011-04-01

... to oversee Commission use of national security information. 140.20 Section 140.20 Commodity and... safeguarding of national security information received by the Commission from other agencies, to chair a... suggestions and complaints with respect to the Commission administration of its information security program...

10 CFR 2.908 - Contents of notice of intent to introduce restricted data or other national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... or other national security information. 2.908 Section 2.908 Energy NUCLEAR REGULATORY COMMISSION... Applicable to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.908 Contents of notice of intent to introduce restricted data or other national security information. (a) A...

Key Factors in the Success of an Organization's Information Security Culture: A Quantitative Study and Analysis

ERIC Educational Resources Information Center

Pierce, Robert E.

2012-01-01

This research study reviewed relative literature on information security and information security culture within organizations to determine what factors potentially assist an organization in implementing, integrating, and maintaining a successful organizational information security culture. Based on this review of literature, five key factors were…

Incorporating Global Information Security and Assurance in I.S. Education

ERIC Educational Resources Information Center

White, Garry L.; Hewitt, Barbara; Kruck, S. E.

2013-01-01

Over the years, the news media has reported numerous information security incidents. Because of identity theft, terrorism, and other criminal activities, President Obama has made information security a national priority. Not only is information security and assurance an American priority, it is also a global issue. This paper discusses the…

10 CFR 2.908 - Contents of notice of intent to introduce restricted data or other national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... or other national security information. 2.908 Section 2.908 Energy NUCLEAR REGULATORY COMMISSION... Applicable to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.908 Contents of notice of intent to introduce restricted data or other national security information. (a) A...

22 CFR 9a.1 - Security of certain information and material related to the International Energy Program.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 22 Foreign Relations 1 2010-04-01 2010-04-01 false Security of certain information and material... GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL ENERGY PROGRAMS; RELATED MATERIAL § 9a.1 Security of certain information and material related to the International Energy Program...

10 CFR 2.913 - Review of Restricted Data or other National Security Information received in evidence.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.913 Review of Restricted Data or other National Security Information received in evidence. At the close of the reception of... National Security Information be expunged from the record where such expunction would not prejudice the...

10 CFR 2.906 - Obligation of parties to avoid introduction of restricted data or national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... data or national security information. 2.906 Section 2.906 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.906 Obligation of parties to avoid introduction of restricted data or national security information. It is the...

10 CFR 2.907 - Notice of intent to introduce restricted data or national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... security information. 2.907 Section 2.907 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.907 Notice of intent to introduce restricted data or national security information. (a) If, at the time of publication of a notice...

17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

Code of Federal Regulations, 2010 CFR

2010-04-01

... information processors: form of application and amendments. 242.609 Section 242.609 Commodity and Securities....609 Registration of securities information processors: form of application and amendments. (a) An application for the registration of a securities information processor shall be filed on Form SIP (§ 249.1001...

Exploring Factors that Influence Students' Behaviors in Information Security

ERIC Educational Resources Information Center

Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary

2012-01-01

Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept of…