Developing a computer security training program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

1990-01-01

We all know that training can empower the computer protection program. However, pushing computer security information outside the computer security organization into the rest of the company is often labeled as an easy project or a dungeon full of dragons. Used in part or whole, the strategy offered in this paper may help the developer of a computer security training program ward off dragons and create products and services. The strategy includes GOALS (what the result of training will be), POINTERS (tips to ensure survival), and STEPS (products and services as a means to accomplish the goals).

Security under Uncertainty: Adaptive Attackers Are More Challenging to Human Defenders than Random Attackers

PubMed Central

Moisan, Frédéric; Gonzalez, Cleotilde

2017-01-01

Game Theory is a common approach used to understand attacker and defender motives, strategies, and allocation of limited security resources. For example, many defense algorithms are based on game-theoretic solutions that conclude that randomization of defense actions assures unpredictability, creating difficulties for a human attacker. However, many game-theoretic solutions often rely on idealized assumptions of decision making that underplay the role of human cognition and information uncertainty. The consequence is that we know little about how effective these algorithms are against human players. Using a simplified security game, we study the type of attack strategy and the uncertainty about an attacker's strategy in a laboratory experiment where participants play the role of defenders against a simulated attacker. Our goal is to compare a human defender's behavior in three levels of uncertainty (Information Level: Certain, Risky, Uncertain) and three types of attacker's strategy (Attacker's strategy: Minimax, Random, Adaptive) in a between-subjects experimental design. Best defense performance is achieved when defenders play against a minimax and a random attack strategy compared to an adaptive strategy. Furthermore, when payoffs are certain, defenders are as efficient against random attack strategy as they are against an adaptive strategy, but when payoffs are uncertain, defenders have most difficulties defending against an adaptive attacker compared to a random attacker. We conclude that given conditions of uncertainty in many security problems, defense algorithms would be more efficient if they are adaptive to the attacker actions, taking advantage of the attacker's human inefficiencies. PMID:28690557

The study and implementation of the wireless network data security model

NASA Astrophysics Data System (ADS)

Lin, Haifeng

2013-03-01

In recent years, the rapid development of Internet technology and the advent of information age, people are increasing the strong demand for the information products and the market for information technology. Particularly, the network security requirements have become more sophisticated. This paper analyzes the wireless network in the data security vulnerabilities. And a list of wireless networks in the framework is the serious defects with the related problems. It has proposed the virtual private network technology and wireless network security defense structure; and it also given the wireless networks and related network intrusion detection model for the detection strategies.

Collaborating to optimize nursing students' agency information technology use.

PubMed

Fetter, Marilyn S

2009-01-01

As the learning laboratory for gaining actual patient care experience, clinical agencies play an essential role in nursing education. With an information technology revolution transforming healthcare, nursing programs are eager for their students to learn the latest informatics systems and technologies. However, many healthcare institutions are struggling to meet their own information technology needs and report limited resources and other as barriers to nursing student training. In addition, nursing students' information technology access and use raise security and privacy concerns. With the goal of a fully electronic health record by 2014, it is imperative that agencies and educational programs collaborate. They need to establish educationally sound, cost-effective, and secure policies and procedures for managing students' use of information technology systems. Strategies for evaluating options, selecting training methods, and ensuring data security are shared, along with strategies that may reap clinical, economic, and educational benefits. Students' information technology use raises numerous issues that the nursing profession must address to participate in healthcare's transformation into the digital age.

Information security for compliance with select agent regulations.

PubMed

Lewis, Nick; Campbell, Mark J; Baskin, Carole R

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

Information Security for Compliance with Select Agent Regulations

PubMed Central

Lewis, Nick; Campbell, Mark J.

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

U.S. National Security Strategy - The Magnitude of Second and Third-Order Effects on Smaller Nations: The Cases of Lebanon During the Cold War and Pakistan During the Global War on Terrorism

DTIC Science & Technology

2004-03-19

informal management style used during the war years was not suited to the longer-term security issues of the post-war era. As US grand strategy became...Eisenhower Doctrine in 1957. THE CASE OF LEBANON Each of the above mentioned security policies were products of American diplomacy aimed at managing the...consisting of its East and West entities, found itself a principle player in the American-led security alliance structure designed to check Soviet

A Learning-Based Approach to Reactive Security

NASA Astrophysics Data System (ADS)

Barth, Adam; Rubinstein, Benjamin I. P.; Sundararajan, Mukund; Mitchell, John C.; Song, Dawn; Bartlett, Peter L.

Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst-case assumptions about the attacker: we grant the attacker complete knowledge of the defender's strategy and do not require the attacker to act rationally. In this model, we bound the competitive ratio between a reactive defense algorithm (which is inspired by online learning theory) and the best fixed proactive defense. Additionally, we show that, unlike proactive defenses, this reactive strategy is robust to a lack of information about the attacker's incentives and knowledge.

Compliance with HIPAA security standards in U.S. Hospitals.

PubMed

Davis, Diane; Having, Karen

2006-01-01

With the widespread use of computer networks, the amount of information stored electronically has grown exponentially, resulting in increased concern for privacy and security of information. The healthcare industry has been put to the test with the federally mandated Health Insurance Portability and Accountability Act (HIPAA) of 1996. To assess the compliance status of HIPAA security standards, a random sample of 1,000 U.S. hospitals was surveyed in January 2004, yielding a return rate of 29 percent. One year later, a follow-up survey was sent to all previous respondents, with 50 percent replying. HIPAA officers'perceptions of security compliance in 2004 and 2005 are compared in this article. The security standards achieving the highest level of compliance in both 2004 and 2005 were obtaining required business associate agreements and physical safeguards to limit access to electronic information systems. Respondents indicated least compliance both years in performing periodic evaluation of security practices governed by the Security Rule. Roadblocks, threats, problems and solutions regarding HIPAA compliance are discussed. This information may be applied to current and future strategies toward maintaining security of information systems throughout the healthcare industry.

U.S. Army War College Guide to National Security Issues. Volume 2. National Security Policy and Strategy

DTIC Science & Technology

2012-06-01

1998 National War College paper entitled “U.S. National Se- curity Structure: A New Model for the 21st Century” defines the national security community ...fueled by revolu- tions in communications and information management, the emergence of a truly global market and world economy, the primacy of economic...collection of information is estimated to average 1 hour per response, including the time for reviewing instructions , searching existing data sources

The enhancement of security in healthcare information systems.

PubMed

Liu, Chia-Hui; Chung, Yu-Fang; Chen, Tzer-Shyong; Wang, Sheng-De

2012-06-01

With the progress and the development of information technology, the internal data in medical organizations have become computerized and are further established the medical information system. Moreover, the use of the Internet enhances the information communication as well as affects the development of the medical information system that a lot of medical information is transmitted with the Internet. Since there is a network within another network, when all networks are connected together, they will form the "Internet". For this reason, the Internet is considered as a high-risk and public environment which is easily destroyed and invaded so that a relevant protection is acquired. Besides, the data in the medical network system are confidential that it is necessary to protect the personal privacy, such as electronic patient records, medical confidential information, and authorization-controlled data in the hospital. As a consequence, a medical network system is considered as a network requiring high security that excellent protections and managerial strategies are inevitable to prevent illegal events and external attacks from happening. This study proposes secure medical managerial strategies being applied to the network environment of the medical organization information system so as to avoid the external or internal information security events, allow the medical system to work smoothly and safely that not only benefits the patients, but also allows the doctors to use it more conveniently, and further promote the overall medical quality. The objectives could be achieved by preventing from illegal invasion or medical information being stolen, protecting the completeness and security of medical information, avoiding the managerial mistakes of the internal information system in medical organizations, and providing the highly-reliable medical information system.

A Mature Maritime Strategy for Africa to Meet National Security Goals

DTIC Science & Technology

2011-06-17

by corrupt governments, poverty, piracy, poaching in territorial waters, terrorist cells, militant youth activities, environmental violations, illegal...regions with maritime distress that are, or have the potential to impact vital U.S. national interests. Good national strategy that informs combatant and...environmental violations and many other debilitating maritime activities get conveyed ashore and directly impact the security and well-being of the

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lee, Juhui; School of Computatioal Sciences, Korea Institute for Advanced Study, Seoul 130-722; Lee, Soojoon

Extending the eavesdropping strategy devised by Zhang, Li, and Guo [Zhang, Li, and Guo, Phys. Rev. A 63, 036301 (2001)], we show that the multiparty quantum communication protocol based on entanglement swapping, which was proposed by Cabello (e-print quant-ph/0009025), is not secure. We modify the protocol so that entanglement swapping can secure multiparty quantum communication, such as multiparty quantum key distribution and quantum secret sharing of classical information, and show that the modified protocol is secure against the Zhang-Li-Guo strategy for eavesdropping as well as the basic intercept-resend attack.0.

Strategy for IT Security

NASA Technical Reports Server (NTRS)

Santiago, S. Scott; Moyles, Thomas J. (Technical Monitor)

2001-01-01

This viewgraph presentation provides information on the importance of information technology (IT) security (ITS) to NASA's mission. Several points are made concerning the subject. In order for ITS to be successful, it must be supported by management. NASA, while required by law to keep the public informed of its pursuits, must take precautions due to possible IT-based incursions by computer hackers and other malignant persons. Fear is an excellent motivation for establishing and maintaining a robust ITS policy. The ways in which NASA ITS personnel continually increase security are manifold, however a great deal relies upon the active involvement of the entire NASA community.

Eavesdropping-aware routing and spectrum allocation based on multi-flow virtual concatenation for confidential information service in elastic optical networks

NASA Astrophysics Data System (ADS)

Bai, Wei; Yang, Hui; Yu, Ao; Xiao, Hongyun; He, Linkuan; Feng, Lei; Zhang, Jie

2018-01-01

The leakage of confidential information is one of important issues in the network security area. Elastic Optical Networks (EON) as a promising technology in the optical transport network is under threat from eavesdropping attacks. It is a great demand to support confidential information service (CIS) and design efficient security strategy against the eavesdropping attacks. In this paper, we propose a solution to cope with the eavesdropping attacks in routing and spectrum allocation. Firstly, we introduce probability theory to describe eavesdropping issue and achieve awareness of eavesdropping attacks. Then we propose an eavesdropping-aware routing and spectrum allocation (ES-RSA) algorithm to guarantee information security. For further improving security and network performance, we employ multi-flow virtual concatenation (MFVC) and propose an eavesdropping-aware MFVC-based secure routing and spectrum allocation (MES-RSA) algorithm. The presented simulation results show that the proposed two RSA algorithms can both achieve greater security against the eavesdropping attacks and MES-RSA can also improve the network performance efficiently.

76 FR 59112 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-23

... (DoD) strategy for cyberspace, --Presentation on Doctrine of Cybersecurity relating to computer... paper, ``Enabling Distributed Security in Cyberspace'', --Discussion with Cybersecurity Coordinator and... Awareness Month, --Discussion on cybersecurity with Senior Defense and Intelligence Advisor, --Discussion...

Social security income and the utilization of home care: Evidence from the social security notch.

PubMed

Tsai, Yuping

2015-09-01

This paper exploits Social Security law changes to identify the effect of Social Security income on the use of formal and informal home care by the elderly. Results from an instrumental variables estimation strategy show that as retirement income increases, elderly individuals increase their use of formal home care and become less likely to rely on informal home care provided to them by their children. This negative effect on informal home care is most likely driven by male children withdrawing from their caregiving roles. The empirical results also suggest that higher Social Security benefits would encourage the use of formal home care by those who would not have otherwise used any type of home care and would also encourage the use of both types of home care services among elderly individuals. Published by Elsevier B.V.

Social security income and the utilization of home care: Evidence from the social security notch☆

PubMed Central

Tsai, Yuping

2018-01-01

This paper exploits Social Security law changes to identify the effect of Social Security income on the use of formal and informal home care by the elderly. Results from an instrumental variables estimation strategy show that as retirement income increases, elderly individuals increase their use of formal home care and become less likely to rely on informal home care provided to them by their children. This negative effect on informal home care is most likely driven by male children withdrawing from their caregiving roles. The empirical results also suggest that higher Social Security benefits would encourage the use of formal home care by those who would not have otherwise used any type of home care and would also encourage the use of both types of home care services among elderly individuals. PMID:26184382

Practical cryptographic strategies in the post-quantum era

NASA Astrophysics Data System (ADS)

Kabanov, I. S.; Yunusov, R. R.; Kurochkin, Y. V.; Fedorov, A. K.

2018-02-01

Quantum key distribution technologies promise information-theoretic security and are currently being deployed in com-mercial applications. We review new frontiers in information security technologies in communications and distributed storage applications with the use of classical, quantum, hybrid classical-quantum, and post-quantum cryptography. We analyze the cur-rent state-of-the-art, critical characteristics, development trends, and limitations of these techniques for application in enterprise information protection systems. An approach concerning the selection of practical encryption technologies for enterprises with branched communication networks is discussed.

An Exploration of Cyberspace Security R&D Investment Strategies for DARPA: "The Day After. . . in Cyberspace II",

DTIC Science & Technology

1996-01-01

Automated Teller Machine networks malfunction in Georgia 2000 May 20 CNN off air for 12 minutes; issues special report 2000 May 20 worm...password combinations, social security and credit card numbers, account information, health status, and innumerable other sensitive information...as follows: TW/AA Issues Recommended Technical Response Possible Implementation Obstacles 1. (re Tactical Warning) • Place automated software

Effective Strategies for School Security.

ERIC Educational Resources Information Center

Blauvelt, Peter D.

This handbook offers administrators specific advice on developing the skills, knowledge, and techniques needed for coping with problems of school crime and violence. The guide begins by advising administrators that having security information available at all times helps determine the climate of the school. Instructions are given for preparing…

OAS - Organization of American States: Democracy for peace, security, and

Science.gov Websites

Information Offices in the Member States Our History Logo Authorities Services Legal Protocol Topics A Access Knowledge-based Society L Labor Legal Services M MACCIH MAPP Migration Multidimensional Security O Estate Strategy Financial Reports Annual Operating Plan Legal Services Ombudsperson Strategic Plan

77 FR 64120 - Agency Information Collection Activities: Petition for CNMI-Only Nonimmigrant Transition Worker...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-18

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services [OMB Control Number 1615.... SUMMARY: The Department of Homeland Security (DHS), U.S. Citizenship and Immigration Services (USCIS) will... Coordination Division, Office of Policy and Strategy, U.S. Citizenship and Immigration Services, Department of...

77 FR 55484 - Agency Information Collection Activities: Request to Enforce Affidavit of Financial Support and...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-10

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services [OMB Control Number 1615... Security (DHS), U.S. Citizenship and Immigration Services (USCIS) will be submitting the following... Coordination Division, Office of Policy and Strategy, U.S. Citizenship and Immigration Services, Department of...

TH-A-12A-01: Medical Physicist's Role in Digital Information Security: Threats, Vulnerabilities and Best Practices

DOE Office of Scientific and Technical Information (OSTI.GOV)

McDonald, K; Curran, B

I. Information Security Background (Speaker = Kevin McDonald) Evolution of Medical Devices Living and Working in a Hostile Environment Attack Motivations Attack Vectors Simple Safety Strategies Medical Device Security in the News Medical Devices and Vendors Summary II. Keeping Radiation Oncology IT Systems Secure (Speaker = Bruce Curran) Hardware Security Double-lock Requirements “Foreign” computer systems Portable Device Encryption Patient Data Storage System Requirements Network Configuration Isolating Critical Devices Isolating Clinical Networks Remote Access Considerations Software Applications / Configuration Passwords / Screen Savers Restricted Services / access Software Configuration Restriction Use of DNS to restrict accesse. Patches / Upgrades Awareness Intrusionmore » Prevention Intrusion Detection Threat Risk Analysis Conclusion Learning Objectives: Understanding how Hospital IT Requirements affect Radiation Oncology IT Systems. Illustrating sample practices for hardware, network, and software security. Discussing implementation of good IT security practices in radiation oncology. Understand overall risk and threats scenario in a networked environment.« less

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing

PubMed Central

Měsíček, Libor; Choi, Jongsun

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely. PMID:29796233

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing.

PubMed

Ko, Hoon; Měsíček, Libor; Choi, Jongsun; Hwang, Seogchan

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely.

Providing security for automated process control systems at hydropower engineering facilities

NASA Astrophysics Data System (ADS)

Vasiliev, Y. S.; Zegzhda, P. D.; Zegzhda, D. P.

2016-12-01

This article suggests the concept of a cyberphysical system to manage computer security of automated process control systems at hydropower engineering facilities. According to the authors, this system consists of a set of information processing tools and computer-controlled physical devices. Examples of cyber attacks on power engineering facilities are provided, and a strategy of improving cybersecurity of hydropower engineering systems is suggested. The architecture of the multilevel protection of the automated process control system (APCS) of power engineering facilities is given, including security systems, control systems, access control, encryption, secure virtual private network of subsystems for monitoring and analysis of security events. The distinctive aspect of the approach is consideration of interrelations and cyber threats, arising when SCADA is integrated with the unified enterprise information system.

Secure uniform random-number extraction via incoherent strategies

NASA Astrophysics Data System (ADS)

Hayashi, Masahito; Zhu, Huangjun

2018-01-01

To guarantee the security of uniform random numbers generated by a quantum random-number generator, we study secure extraction of uniform random numbers when the environment of a given quantum state is controlled by the third party, the eavesdropper. Here we restrict our operations to incoherent strategies that are composed of the measurement on the computational basis and incoherent operations (or incoherence-preserving operations). We show that the maximum secure extraction rate is equal to the relative entropy of coherence. By contrast, the coherence of formation gives the extraction rate when a certain constraint is imposed on the eavesdropper's operations. The condition under which the two extraction rates coincide is then determined. Furthermore, we find that the exponential decreasing rate of the leaked information is characterized by Rényi relative entropies of coherence. These results clarify the power of incoherent strategies in random-number generation, and can be applied to guarantee the quality of random numbers generated by a quantum random-number generator.

An Analysis of China’s Information Technology Strategies and their Implication for US National Security

DTIC Science & Technology

2006-06-01

environment of Web-enabled database searches, online shopping , e-business, and daily credit-card use, which are very common in the United States. Cyberspace...establishing credibility for data exchange such as online shopping . Present regulations stipulate that security chips used by the Chinese government and

Components of a Course on National Security Policy.

ERIC Educational Resources Information Center

Quester, George H.

1987-01-01

Describes the components of a course on the formation of national security policy. Includes information on the amount of emphasis and instructional approach to take with each component of the course. Components include the nature of strategy, the role of war in international politics, disarmament and arms control, nuclear weapons and nuclear war,…

77 FR 50521 - Agency Information Collection Activities: Under Section 245A of the INA, Form I-687; Extension...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-21

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services [OMB Control Number 1615... Homeland Security (DHS), U.S. Citizenship and Immigration Services (USCIS) will be submitting the following... Coordination Division, Office of Policy and Strategy, U.S. Citizenship and Immigration Services, Department of...

Corporate Perspective: An Interview with John Sculley.

ERIC Educational Resources Information Center

Temares, M. Lewis

1989-01-01

John Sculley, the chairman of the board of Apple Computer, Inc., discusses information technology management, management strategies, network management, the Chief Information Officer, strategic planning, back-to-the-future planning, business and university joint ventures, and security issues. (MLW)

Coverage of the Test of Memory Malingering, Victoria Symptom Validity Test, and Word Memory Test on the Internet: is test security threatened?

PubMed

Bauer, Lyndsey; McCaffrey, Robert J

2006-01-01

In forensic neuropsychological settings, maintaining test security has become critically important, especially in regard to symptom validity tests (SVTs). Coaching, which can entail providing patients or litigants with information about the cognitive sequelae of head injury, or teaching them test-taking strategies to avoid detection of symptom dissimulation has been examined experimentally in many research studies. Emerging evidence supports that coaching strategies affect psychological and neuropsychological test performance to differing degrees depending on the coaching paradigm and the tests administered. The present study sought to examine Internet coverage of SVTs because it is potentially another source of coaching, or information that is readily available. Google searches were performed on the Test of Memory Malingering, the Victoria Symptom Validity Test, and the Word Memory Test. Results indicated that there is a variable amount of information available about each test that could threaten test security and validity should inappropriately interested parties find it. Steps that could be taken to improve this situation and limitations to this exploration are discussed.

Leveraging Trade Agreements to Meet U.S. Security Aims

DTIC Science & Technology

2016-04-08

TO MEET U.S. SECURITY AIMS 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) Sd. PROJECT NUMBER LTC Allysa A. Kropp (USARNG) Se. TASK NUMBER 5f...Sanctions Programs and Country Information,” under “Resource Center, Financial Sanctions, Programs ,” https’.//wwiv.treasurv.gov/resource center/sanctions... Program , and economic integration of former adversaries through U.S. trade policy.7 In the National Security Strategy, President Obama underscored the

INcreasing Security and Protection through Infrastructure REsilience: The INSPIRE Project

NASA Astrophysics Data System (ADS)

D'Antonio, Salvatore; Romano, Luigi; Khelil, Abdelmajid; Suri, Neeraj

The INSPIRE project aims at enhancing the European potential in the field of security by ensuring the protection of critical information infrastructures through (a) the identification of their vulnerabilities and (b) the development of innovative techniques for securing networked process control systems. To increase the resilience of such systems INSPIRE will develop traffic engineering algorithms, diagnostic processes and self-reconfigurable architectures along with recovery techniques. Hence, the core idea of the INSPIRE project is to protect critical information infrastructures by appropriately configuring, managing, and securing the communication network which interconnects the distributed control systems. A working prototype will be implemented as a final demonstrator of selected scenarios. Controls/Communication Experts will support project partners in the validation and demonstration activities. INSPIRE will also contribute to standardization process in order to foster multi-operator interoperability and coordinated strategies for securing lifeline systems.

Via generalized function projective synchronization in nonlinear Schrödinger equation for secure communication

NASA Astrophysics Data System (ADS)

Zhao, L. W.; Du, J. G.; Yin, J. L.

2018-05-01

This paper proposes a novel secured communication scheme in a chaotic system by applying generalized function projective synchronization of the nonlinear Schrödinger equation. This phenomenal approach guarantees a secured and convenient communication. Our study applied the Melnikov theorem with an active control strategy to suppress chaos in the system. The transmitted information signal is modulated into the parameter of the nonlinear Schrödinger equation in the transmitter and it is assumed that the parameter of the receiver system is unknown. Based on the Lyapunov stability theory and the adaptive control technique, the controllers are designed to make two identical nonlinear Schrödinger equation with the unknown parameter asymptotically synchronized. The numerical simulation results of our study confirmed the validity, effectiveness and the feasibility of the proposed novel synchronization method and error estimate for a secure communication. The Chaos masking signals of the information communication scheme, further guaranteed a safer and secured information communicated via this approach.

Security model for picture archiving and communication systems.

PubMed

Harding, D B; Gac, R J; Reynolds, C T; Romlein, J; Chacko, A K

2000-05-01

The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement comprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both non-performance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model.

[Security agents on the front line against Ebola: roles, perceptions and knowledge in Fann Teaching Hospital, Dakar, Senegal].

PubMed

Lanièce, C; Sow, K; Desclaux, A

2016-10-01

Security agents are on the front line when patients arrive at health facilities, giving them a potential role to play in an Ebola virus disease (EVD) outbreak. The position of security agents within health services is poorly documented. A survey was conducted to clarify their understanding of Ebola pathology, to assess their need for information and to determine their role in patient management. The survey included both qualitative and quantitative aspects. 80 security agents of the Fann teaching hospital (Dakar) completed questionnaires, and 11 were interviewed. Qualitative analysis was performed with Dedoose and the quantitative analysis using Excel. The results show that security agents' activities go beyond their mission of security and control. They are involved in informing, orienting and assisting patients and those accompanying them in the hospital. The security agents have basic knowledge of EVD, but overestimate the risk of transmission. They want to be more informed and to have access to protective material. These results suggest that these professionals should be taken into account when developing response strategies to Ebola outbreaks. Their knowledge of and protection against the disease must be strengthened. Non-health professionals working in health facilities should be trained in order to be able to relay information to the public.

77 FR 57593 - Comment Request for Information Collection for Reemployment Demonstration Grants and Projects...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-18

... and innovative strategies to better help connect unemployed Americans with work. Section 2102 of the... the Social Security Act (SSA) which allows the Secretary of Labor (Secretary) to enter into agreements... oversight of the program is authorized under Section 303(a)(6) of the Social Security Act. In order for...

Community perspectives on barriers and strategies for promoting locally grown produce from an urban agriculture farm.

PubMed

Hu, Alice; Acosta, Angela; McDaniel, Abigail; Gittelsohn, Joel

2013-01-01

Although much is understood about barriers to healthy food consumption in low-income, urban communities, knowledge regarding the crucial next step of building feasible, community-supported approaches to address those barriers remains limited. This qualitative study used in-depth interviews (n = 20), focus groups (n = 2), and participant observations (n = 3) to identify strategies to promote locally grown produce from an urban food security project, Produce From the Park (PFP), an urban farm. Informants included community organization representatives and residents from low-income neighborhoods in a mid-Atlantic city. Informants identified structural and cultural barriers to purchasing healthy food, including price, location, food culture, and lack of interest. Participants proposed a number of strategies, such as distribution through mobile food carts and farm stands, marketing new foods through taste tests and cooking demonstrations, and youth mentorship. Informants also described their perceptions of the local urban farm and suggested ways to increase community buy-in. Strategies mentioned were inexpensive and incorporated cultural norms and local assets. These community perspectives can provide insights for those promoting healthy eating in urban African American communities through urban food security projects.

Integrated secure solution for electronic healthcare records sharing

NASA Astrophysics Data System (ADS)

Yao, Yehong; Zhang, Chenghao; Sun, Jianyong; Jin, Jin; Zhang, Jianguo

2007-03-01

The EHR is a secure, real-time, point-of-care, patient-centric information resource for healthcare providers. Many countries and regional districts have set long-term goals to build EHRs, and most of EHRs are usually built based on the integration of different information systems with different information models and platforms. A number of hospitals in Shanghai are also piloting the development of an EHR solution based on IHE XDS/XDS-I profiles with a service-oriented architecture (SOA). The first phase of the project targets the Diagnostic Imaging domain and allows seamless sharing of images and reports across the multiple hospitals. To develop EHRs for regional coordinated healthcare, some factors should be considered in designing architecture, one of which is security issue. In this paper, we present some approaches and policies to improve and strengthen the security among the different hospitals' nodes, which are compliant with the security requirements defined by IHE IT Infrastructure (ITI) Technical Framework. Our security solution includes four components: Time Sync System (TSS), Digital Signature Manage System (DSMS), Data Exchange Control Component (DECC) and Single Sign-On (SSO) System. We give a design method and implementation strategy of these security components, and then evaluate the performance and overheads of the security services or features by integrating the security components into an image-based EHR system.

Strategies for Improving Polio Surveillance Performance in the Security-Challenged Nigerian States of Adamawa, Borno, and Yobe During 2009-2014.

PubMed

Hamisu, Abdullahi Walla; Johnson, Ticha Muluh; Craig, Kehinde; Mkanda, Pascal; Banda, Richard; Tegegne, Sisay G; Oyetunji, Ajiboye; Ningi, Nuhu; Mohammed, Said M; Adamu, Mohammed Isa; Abdulrahim, Khalid; Nsubuga, Peter; Vaz, Rui G; Muhammed, Ado J G

2016-05-01

The security-challenged states of Adamawa, Borno, and Yobe bear most of the brunt of the Boko Haram insurgency in Nigeria. The security challenge has led to the killing of health workers, destruction of health facilities, and displacement of huge populations. To identify areas of polio transmission and promptly detect possible cases of importation in these states, polio surveillance must be very sensitive. We conducted a retrospective review of acute flaccid paralysis surveillance in the security-compromised states between 2009 and 2014, using the acute flaccid paralysis database at the World Health Organization Nigeria Country Office. We also reviewed the reports of surveillance activities conducted in these security-challenged states, to identify strategies that were implemented to improve polio surveillance. Environmental surveillance was implemented in Borno in 2013 and in Yobe in 2014. All disease surveillance and notification officers in the 3 security-challenged states now receive annual training, and the number of community informants in these states has dramatically increased. Media-based messaging (via radio and television) is now used to sensitize the public to the importance of surveillance, and contact samples have been regularly collected in both states since 2014. The strategies implemented in the security-challenged states improved the quality of polio surveillance during the review period. © 2016 World Health Organization; licensee Oxford Journals.

Strategies for Improving Polio Surveillance Performance in the Security-Challenged Nigerian States of Adamawa, Borno, and Yobe During 2009–2014

PubMed Central

Hamisu, Abdullahi Walla; Johnson, Ticha Muluh; Craig, Kehinde; Mkanda, Pascal; Banda, Richard; Tegegne, Sisay G.; Oyetunji, Ajiboye; Ningi, Nuhu; Mohammed, Said M.; Adamu, Mohammed Isa; Abdulrahim, Khalid; Nsubuga, Peter; Vaz, Rui G.; Muhammed, Ado J. G.

2016-01-01

Background. The security-challenged states of Adamawa, Borno, and Yobe bear most of the brunt of the Boko Haram insurgency in Nigeria. The security challenge has led to the killing of health workers, destruction of health facilities, and displacement of huge populations. To identify areas of polio transmission and promptly detect possible cases of importation in these states, polio surveillance must be very sensitive. Methods. We conducted a retrospective review of acute flaccid paralysis surveillance in the security-compromised states between 2009 and 2014, using the acute flaccid paralysis database at the World Health Organization Nigeria Country Office. We also reviewed the reports of surveillance activities conducted in these security-challenged states, to identify strategies that were implemented to improve polio surveillance. Results. Environmental surveillance was implemented in Borno in 2013 and in Yobe in 2014. All disease surveillance and notification officers in the 3 security-challenged states now receive annual training, and the number of community informants in these states has dramatically increased. Media-based messaging (via radio and television) is now used to sensitize the public to the importance of surveillance, and contact samples have been regularly collected in both states since 2014. Conclusions. The strategies implemented in the security-challenged states improved the quality of polio surveillance during the review period. PMID:26655842

Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo

2006-01-01

The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglectedmore » or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .« less

Cyber Warfare: China’s Strategy to Dominate in Cyber Space

DTIC Science & Technology

2011-06-10

CYBER WARFARE : CHINA‘S STRATEGY TO DOMINATE IN CYBER SPACE A thesis presented to the Faculty of the U.S. Army Command and...warfare supports the use of cyber warfare in future conflict. The IW militia unit organization provides each Chinese military region commander with...China, Strategy, Cyber Warfare , Cyber Space, Information Warfare, Electronic Warfare 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18

Doorstep: A doorbell security system for the prevention of doorstep crime.

PubMed

Ennis, Andrew; Cleland, Ian; Patterson, Timothy; Nugent, Chris D; Cruciani, Federico; Paggetti, Cristiano; Morrison, Gareth; Taylor, Richard

2016-08-01

Safety and security rank highly in the priorities of older people on both an individual and policy level. Older people are commonly targeted as victims of doorstep crime, as they can be perceived as being vulnerable. As a result, this can have a major effect on the victim's health and wellbeing. There have been numerous prevention strategies implemented in an attempt to combat and reduce the number of doorstep crimes. There is, however, little information available detailing the effectiveness of these strategies and how they impact on the fear of crime, particularly with repeat victims. There is therefore clear merit in the creation and piloting of a technology based solution to combat doorstep crime. This paper presents a developed solution to provide increased security for older people within their home.

Control Systems Cyber Security:Defense in Depth Strategies

DOE Office of Scientific and Technical Information (OSTI.GOV)

David Kuipers; Mark Fabro

2006-05-01

Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecturemore » that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.« less

Control Systems Cyber Security: Defense-in-Depth Strategies

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mark Fabro

2007-10-01

Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecturemore » that requires: • Maintenance of various field devices, telemetry collection, and/or industrial-level process systems • Access to facilities via remote data link or modem • Public facing services for customer or corporate operations • A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.« less

A Game-Theoretical Model to Improve Process Plant Protection from Terrorist Attacks.

PubMed

Zhang, Laobing; Reniers, Genserik

2016-12-01

The New York City 9/11 terrorist attacks urged people from academia as well as from industry to pay more attention to operational security research. The required focus in this type of research is human intention. Unlike safety-related accidents, security-related accidents have a deliberate nature, and one has to face intelligent adversaries with characteristics that traditional probabilistic risk assessment techniques are not capable of dealing with. In recent years, the mathematical tool of game theory, being capable to handle intelligent players, has been used in a variety of ways in terrorism risk assessment. In this article, we analyze the general intrusion detection system in process plants, and propose a game-theoretical model for security management in such plants. Players in our model are assumed to be rational and they play the game with complete information. Both the pure strategy and the mixed strategy solutions are explored and explained. We illustrate our model by an illustrative case, and find that in our case, no pure strategy but, instead, a mixed strategy Nash equilibrium exists. © 2016 Society for Risk Analysis.

Sustainable Food Security Measurement: A Systemic Methodology

NASA Astrophysics Data System (ADS)

Findiastuti, W.; Singgih, M. L.; Anityasari, M.

2017-04-01

Sustainable food security measures how a region provides food for its people without endangered the environment. In Indonesia, it was legally measured in Food Security and Vulnerability (FSVA). However, regard to sustainable food security policy, the measurement has not encompassed the environmental aspect. This will lead to lack of environmental aspect information for adjusting the next strategy. This study aimed to assess Sustainable Food security by encompassing both food security and environment aspect using systemic eco-efficiency. Given existing indicator of cereal production level, total emission as environment indicator was generated by constructing Causal Loop Diagram (CLD). Then, a stock-flow diagram was used to develop systemic simulation model. This model was demonstrated for Indonesian five provinces. The result showed there was difference between food security order with and without environmental aspect assessment.

Intranet Implementation as an HR Communication Strategy.

ERIC Educational Resources Information Center

Murphy, Daniel J.; Andrews, Dianna M.

1996-01-01

Applications of World Wide Web-style institutional intranets and browsers to provide and manage information in college personnel administration are examined. The intranet can facilitate use of more complex data structures, protect data security, allow tracking of information and forms, eliminate hard-copy manuals, maintain up-to-date schedules,…

Policing men: militarised masculinity, youth livelihoods, and security in conflict-affected northern Uganda.

PubMed

Tapscott, Rebecca

2018-01-01

Relations between militaries and masculinities-and hegemonic masculinity and the state-are well-established in the literature on gender and development. However, there is less research on how militarised masculinities relate to state governance strategies. This paper, based on qualitative research conducted in northern Uganda between 2014 and 2017, offers a gender analysis of youths participating in informal security arrangements. Civilian male youths accept poorly paid or unpaid work in the informal security sector in the hope of gaining access to livelihoods that will enable them to fulfil masculine ideal-types. However, this arrangement denies them the resources necessary to achieve the ideal-type of civilian masculinity, as well as the state's military masculinity, which produces young men as subjects of the ruling regime. To reconfigure this relationship between civilian and militarised masculinities, one should understand informal security organisations in the context of alternative livelihood arrangements and take a long-term approach to the demilitarisation of the Ugandan state. © 2018 The Author(s). Disasters © Overseas Development Institute, 2018.

A cross-case comparative analysis of international security forces' impacts on health systems in conflict-affected and fragile states.

PubMed

Bourdeaux, Margaret; Kerry, Vanessa; Haggenmiller, Christian; Nickel, Karlheinz

2015-01-01

Destruction of health systems in fragile and conflict-affected states increases civilian mortality. Despite the size, scope, scale and political influence of international security forces intervening in fragile states, little attention has been paid to array of ways they may impact health systems beyond their effects on short-term humanitarian health aid delivery. Using case studies we published on international security forces' impacts on health systems in Haiti, Kosovo, Afghanistan and Libya, we conducted a comparative analysis that examined three questions: What aspects, or building blocks, of health systems did security forces impact across the cases and what was the nature of these impacts? What forums or mechanisms did international security forces use to interact with health system actors? What policies facilitated or hindered security forces from supporting health systems? We found international security forces impacted health system governance, information systems and indigenous health delivery organizations. Positive impacts included bolstering the authority, transparency and capability of health system leadership. Negative impacts included undermining the impartial nature of indigenous health institutions by using health projects to achieve security objectives. Interactions between security and health actors were primarily ad hoc, often to the detriment of health system support efforts. When international security forces were engaged in health system support activities, the most helpful communication and consultative mechanisms to manage their involvement were ones that could address a wide array of problems, were nimble enough to accommodate rapidly changing circumstances, leveraged the power of personal relationships, and were able to address the tensions that arose between security and health system supporting strategies. Policy barriers to international security organizations participating in health system support included lack of mandate, conflicts between security strategies and health system preservation, and lack of interoperability between security and indigenous health organizations with respect to logistics and sharing information. The cases demonstrate both the opportunities and risks of international security organizations involvement in health sector protection, recovery and reconstruction. We discuss two potential approaches to engaging these organizations in health system support that may increase the chances of realizing these opportunities while mitigating risks.

Human Factors and Information Security: Individual, Culture and Security Environment

DTIC Science & Technology

2010-10-01

cannot operate effectively ( Ivancevich et al., 2000). However, Buono, Bowditch and Lewis (1985), state that the strength of values is questionable...socialisation can be viewed as a form of organisational integration ( Ivancevich et al., 2000). Specifically, socialisation “is a strategy for achieving... Ivancevich et al., 2000, p.605). Organisations with strong cultures are considered to operate under a cohesive set of values and norms (George & Jones

US Africa Command: Paradigm Change for the Combatant Command

DTIC Science & Technology

2009-01-01

information operations. 5 The ability to attempt the successfully manage all these elements has been referred to as the DIME Ballet , characterizing...3 U.S. National Security Counsel, National Security Strategy 2006, pp 43. 4Austin Bay, "The DIME Ballet " strategypage. com May 24,2005. http...DIME Ballet " May 24,2005. http://www.strategypage.comlon--point/2005524.aspx. (accessed on February 19, 2009). Eisenhower, Dwight. Presidential

Nuclear Terrorism: The Possibilities, Probable Consequences, and Preventive Strategies.

ERIC Educational Resources Information Center

Totten, Michael

1986-01-01

This article explores the possibility of terrorist acts against nuclear power stations. It includes information on reactor security, public policy, and alternative courses of action deemed to increase public safety and cost efficiency. (JDH)

Validating the Octave Allegro Information Systems Risk Assessment Methodology: A Case Study

ERIC Educational Resources Information Center

Keating, Corland G.

2014-01-01

An information system (IS) risk assessment is an important part of any successful security management strategy. Risk assessments help organizations to identify mission-critical IS assets and prioritize risk mitigation efforts. Many risk assessment methodologies, however, are complex and can only be completed successfully by highly qualified and…

User Profiling in Online Marketplaces and Security

ERIC Educational Resources Information Center

Koh, Byungwan

2011-01-01

The advent of information technology has enabled firms to collect significant amounts of data about individuals and mine the data for developing their strategies. Profiling of individuals is one common use of data collected about them. It refers to using known or inferred information to categorize the type of an individual and to tailor specific…

Strategic Information Warfare: Challenges for the United States.

DTIC Science & Technology

1998-05-01

Professor Richard H. Shultz Jr. as Director of the International Security Studies Program at the Fletcher School, helped provide both the academic...of Information Warfare and Strategy at National Defense University; and Larry Rothenberg, Institute for Foreign Policy Analysis. Captain Richard P...War in the Information Age" in War in the Information Age. Robert L. Pfaltzgraff, Jr. and Richard P. Shultz, Jr., eds. London: Brassey’s, 1997

Defence Science and Technology Strategy. Science and Technology for a Secure Canada

DTIC Science & Technology

2006-12-01

Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions...searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information . Send comments...regarding this burden estimate or any other aspect of this collection of information , including suggestions for reducing this burden, to Washington

Strategies for Preserving Owner Privacy in the National Information Management System of the USDA Forest Service's Forest Inventory and Analysis Unit

Treesearch

Andrew Lister; Charles Scott; Susan King; Michael Hoppus; Brett Butler; Douglas Griffith

2005-01-01

The Food Security Act of 1985 prohibits the disclosure of any information collected by the USDA Forest Service's FIA program that would link individual landowners to inventory plot information. To address this, we developed a technique based on a "swapping" procedure in which plots with similar characteristics are exchanged, and on a ...

Remote sensing of global croplands for food security

USGS Publications Warehouse

Thenkabail, Prasad S.; Biradar, Chandrashekhar M.; Turral, Hugh; Lyon, John G.

2009-01-01

Increases in populations have created an increasing demand for food crops while increases in demand for biofuels have created an increase in demand for fuel crops. What has not increased is the amount of croplands and their productivity. These and many other factors such as decreasing water resources in a changing climate have created a crisis like situation in global food security. Decision makers in these situations need accurate information based on science. Remote Sensing of Global Croplands for Food Security provides a comprehensive knowledge base in use of satellite sensor-based maps and statistics that can be used to develop strategies for croplands (irrigated and rainfed) and their water use for food security.

National Counterintelligence Strategy of the United States of America 2016

DTIC Science & Technology

2015-01-01

including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson...while protecting sensitive information and assets from FIE theft , manipulation, or exploitation;  Identify vulnerabilities and threats to...process into supply chain operations to secure the supply chain from exploitation and reduce its vulnerability to disruption;  Expand partnerships

Using RFID to Enhance Security in Off-Site Data Storage

PubMed Central

Lopez-Carmona, Miguel A.; Marsa-Maestre, Ivan; de la Hoz, Enrique; Velasco, Juan R.

2010-01-01

Off-site data storage is one of the most widely used strategies in enterprises of all sizes to improve business continuity. In medium-to-large size enterprises, the off-site data storage processes are usually outsourced to specialized providers. However, outsourcing the storage of critical business information assets raises serious security considerations, some of which are usually either disregarded or incorrectly addressed by service providers. This article reviews these security considerations and presents a radio frequency identification (RFID)-based, off-site, data storage management system specifically designed to address security issues. The system relies on a set of security mechanisms or controls that are arranged in security layers or tiers to balance security requirements with usability and costs. The system has been successfully implemented, deployed and put into production. In addition, an experimental comparison with classical bar-code-based systems is provided, demonstrating the system’s benefits in terms of efficiency and failure prevention. PMID:22163638

Using RFID to enhance security in off-site data storage.

PubMed

Lopez-Carmona, Miguel A; Marsa-Maestre, Ivan; de la Hoz, Enrique; Velasco, Juan R

2010-01-01

Off-site data storage is one of the most widely used strategies in enterprises of all sizes to improve business continuity. In medium-to-large size enterprises, the off-site data storage processes are usually outsourced to specialized providers. However, outsourcing the storage of critical business information assets raises serious security considerations, some of which are usually either disregarded or incorrectly addressed by service providers. This article reviews these security considerations and presents a radio frequency identification (RFID)-based, off-site, data storage management system specifically designed to address security issues. The system relies on a set of security mechanisms or controls that are arranged in security layers or tiers to balance security requirements with usability and costs. The system has been successfully implemented, deployed and put into production. In addition, an experimental comparison with classical bar-code-based systems is provided, demonstrating the system's benefits in terms of efficiency and failure prevention.

Maneuver Warfare in Cyberspace

DTIC Science & Technology

1997-01-01

government departments and agencies; (2) National security and military strategies must outline a response to the threats and opportunities of cyber ... warfare ; and (3) the Department of Defense’s offensive and defensive responsibilities, parameters, and capabilities for strategic information warfare need

Optimal security investments and extreme risk.

PubMed

Mohtadi, Hamid; Agiwal, Swati

2012-08-01

In the aftermath of 9/11, concern over security increased dramatically in both the public and the private sector. Yet, no clear algorithm exists to inform firms on the amount and the timing of security investments to mitigate the impact of catastrophic risks. The goal of this article is to devise an optimum investment strategy for firms to mitigate exposure to catastrophic risks, focusing on how much to invest and when to invest. The latter question addresses the issue of whether postponing a risk mitigating decision is an optimal strategy or not. Accordingly, we develop and estimate both a one-period model and a multiperiod model within the framework of extreme value theory (EVT). We calibrate these models using probability measures for catastrophic terrorism risks associated with attacks on the food sector. We then compare our findings with the purchase of catastrophic risk insurance. © 2012 Society for Risk Analysis.

On Glitchkriege: Strategy in the Cyber-Age

DTIC Science & Technology

2013-06-01

ON GLITCHKRIEGE: Strategy in the Cyber-Age BY LIEUTENANT-COLONEL WILLIAM DUPUY FRENCH AIR FORCE A THESIS PRESENTED TO THE...3 ABOUT THE AUTHOR Lieutenant-Colonel William Dupuy entered the French Air Force Academy in 1995 as an engineering officer and graduated in...Lieutenant-Colonel William Dupuy owns an engineering degree from the French Air Force Academy, a master’s degree from the Information Security Training

Chemical Industry Security: Voluntary or Mandatory Approach?

DTIC Science & Technology

2007-03-01

reasonably ask ourselves whether we run the risk of comparing apples and oranges when trying to learn something new from them.35 The main...Myriam Dunn’s caution of comparing apples and oranges in CIP strategies. The European Union strategy of classifying CI information does not appear...level to establish an effective oversight program. SWOT Analysis – New Jersey Department of Environmental Protection Strengths: • Existing

The exploration of the exhibition informatization

NASA Astrophysics Data System (ADS)

Zhang, Jiankang

2017-06-01

The construction and management of exhibition informatization is the main task and choke point during the process of Chinese exhibition industry’s transformation and promotion. There are three key points expected to realize a breakthrough during the construction of Chinese exhibition informatization, and the three aspects respectively are adopting service outsourcing to construct and maintain the database, adopting advanced chest card technology to collect various kinds of information, developing statistics analysis to maintain good cutomer relations. The success of Chinese exhibition informatization mainly calls for mature suppliers who can provide construction and maintenance of database, the proven technology, a sense of data security, advanced chest card technology, the ability of data mining and analysis and the ability to improve the exhibition service basing on the commercial information got from the data analysis. Several data security measures are expected to apply during the process of system developing, including the measures of the terminal data security, the internet data security, the media data security, the storage data security and the application data security. The informatization of this process is based on the chest card designing. At present, there are several types of chest card technology: bar code chest card; two-dimension code card; magnetic stripe chest card; smart-chip chest card. The information got from the exhibition data will help the organizers to make relevant service strategies, quantify the accumulated indexes of the customers, and improve the level of the customer’s satisfaction and loyalty, what’s more, the information can also provide more additional services like the commercial trips, VIP ceremonial reception.

Impacts of marine protected areas on fishing communities.

PubMed

Mascia, Michael B; Claus, C Anne; Naidoo, Robin

2010-10-01

Marine protected areas (MPAs) are a popular conservation strategy, but their impacts on human welfare are poorly understood. To inform future research and policy decisions, we reviewed the scientific literature to assess MPA impacts on five indicators of human welfare: food security, resource rights, employment, community organization, and income. Following MPA establishment, food security generally remained stable or increased in older and smaller MPAs. The ability of most fishing groups to govern MPA resources changed. Increased resource rights were positively correlated with MPA zoning and compliance with MPA regulations. Small sample sizes precluded statistical tests of the impacts of MPAs on employment, community organization, and income. Our results demonstrate that MPAs shape the social well-being and political power of fishing communities; impacts (positive and negative) vary within and among social groups; and social impacts are correlated with some--but not all--commonly hypothesized explanatory factors. Accordingly, MPAs may represent a viable strategy for enhancing food security and empowering local communities, but current practices negatively affect at least a minority of fishers. To inform policy making, further research must better document and explain variation in the positive and negative social impacts of MPAs. © 2010 Society for Conservation Biology.

An analysis of factors contributing to household water security problems and threats in different settlement categories of Ngamiland, Botswana

NASA Astrophysics Data System (ADS)

Kujinga, Krasposy; Vanderpost, Cornelis; Mmopelwa, Gagoitseope; Wolski, Piotr

Globally, water security is negatively affected by factors that include climatic and hydrological conditions, population growth, rural-urban migration, increased per-capita water use, pollution and over-abstraction of groundwater. While Botswana has made strides in providing safe and clean water to its population since independence in 1966, over the years, a combination of factors have contributed to water security problems in different settlement categories of the country (i.e., primary, secondary, tertiary and ungazetted settlements) in general and in the district of Ngamiland in particular. To study water security problems differentiated by settlement category, this study employed quantitative data collection methods (i.e. household structured questionnaires) and qualitative data collection methods (i.e. key informant interviews, observation, focus group discussions and informal interviews), complemented by a review of relevant literature. Water security in all settlements is affected by status of the settlement, i.e. gazetted or ungazetted, climatic and hydrological factors and water governance challenges. In large villages such as Maun, factors threatening water security include population growth, urbanization, management challenges, old water supply and distribution infrastructure, increased demand for individual connections and changing lifestyles. Small gazetted and ungazetted settlements encounter problems related to limited sources of water supply as well as salinity of groundwater resources. In order to enhance water security in different settlement categories, Botswana has to develop a comprehensive water resources management strategy underpinned by integrated water resources management principles aimed at addressing factors contributing to water security problems. The strategy has to be settlement category specific. Large villages have to address factors related to demographic changes, urbanization, management challenges, water supply infrastructure and the introducing of water demand management activities. Households in small villages need provision of water from more sustainable sources while ungazetted settlements need better access to clean water.

Formulating a strategy for securing high-speed rail in the United States.

DOT National Transportation Integrated Search

2013-03-01

This report presents an analysis of information relating to attacks, attempted attacks, and plots against high-speed rail (HSR) : systems. It draws upon empirical data from MTIs Database of Terrorist and Serious Criminal Attacks Against Public Sur...

Reinforcement Learning for Constrained Energy Trading Games With Incomplete Information.

PubMed

Wang, Huiwei; Huang, Tingwen; Liao, Xiaofeng; Abu-Rub, Haitham; Chen, Guo

2017-10-01

This paper considers the problem of designing adaptive learning algorithms to seek the Nash equilibrium (NE) of the constrained energy trading game among individually strategic players with incomplete information. In this game, each player uses the learning automaton scheme to generate the action probability distribution based on his/her private information for maximizing his own averaged utility. It is shown that if one of admissible mixed-strategies converges to the NE with probability one, then the averaged utility and trading quantity almost surely converge to their expected ones, respectively. For the given discontinuous pricing function, the utility function has already been proved to be upper semicontinuous and payoff secure which guarantee the existence of the mixed-strategy NE. By the strict diagonal concavity of the regularized Lagrange function, the uniqueness of NE is also guaranteed. Finally, an adaptive learning algorithm is provided to generate the strategy probability distribution for seeking the mixed-strategy NE.

Critical Infrastructure Protection II, The International Federation for Information Processing, Volume 290.

NASA Astrophysics Data System (ADS)

Papa, Mauricio; Shenoi, Sujeet

The information infrastructure -- comprising computers, embedded devices, networks and software systems -- is vital to day-to-day operations in every sector: information and telecommunications, banking and finance, energy, chemicals and hazardous materials, agriculture, food, water, public health, emergency services, transportation, postal and shipping, government and defense. Global business and industry, governments, indeed society itself, cannot function effectively if major components of the critical information infrastructure are degraded, disabled or destroyed. Critical Infrastructure Protection II describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated, yet practical, solutions that will help secure information, computer and network assets in the various critical infrastructure sectors. Areas of coverage include: - Themes and Issues - Infrastructure Security - Control Systems Security - Security Strategies - Infrastructure Interdependencies - Infrastructure Modeling and Simulation This book is the second volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection. The book contains a selection of twenty edited papers from the Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection held at George Mason University, Arlington, Virginia, USA in the spring of 2008.

National Strategy for Aviation Security

DTIC Science & Technology

2007-03-26

for Aviation Security (hereafter referred to as the Strategy) to protect the Nation and its interests from threats in the Air Domain. The Secretary of... Aviation security is best achieved by integrating public and private aviation security global activities into a coordinated effort to detect, deter...might occur. The Strategy aligns Federal government aviation security programs and initiatives into a comprehensive and cohesive national effort

Surveillance data management system

NASA Astrophysics Data System (ADS)

Teague, Ralph

2002-10-01

On October 8, 2001, an Executive Order was signed creating the White House Office of Homeland Security. With its formaiton comes focused attention in setting goals and priorities for homeland security. Analysis, preparation, and implementation of strategies will hinge not only on how information is collected and analyzed, but more important, on how it is coordinated and shared. Military installations/facilities, Public safety agencies, airports, federal and local offices, public utilities, harbors, transportation and others critical areas must work either independently or as a team to ensure the safety of our citizens and visitor. In this new era of increased security, the key to interoperation is continuous information exchanged-events must be rapidly identified, reported and responded to by the appropriate agencies. For instance when a threat has been detected the security officers must be immediately alerted and must have access to the type of threat, location, movement, heading, threat size, etc to respond accordingly and the type of support required. This requires instant communications and teamwork with reliable and flexible technology.

How Do Communities Use a Participatory Public Health Approach to Build Resilience? The Los Angeles County Community Disaster Resilience Project.

PubMed

Bromley, Elizabeth; Eisenman, David P; Magana, Aizita; Williams, Malcolm; Kim, Biblia; McCreary, Michael; Chandra, Anita; Wells, Kenneth B

2017-10-21

Community resilience is a key concept in the National Health Security Strategy that emphasizes development of multi-sector partnerships and equity through community engagement. Here, we describe the advancement of CR principles through community participatory methods in the Los Angeles County Community Disaster Resilience (LACCDR) initiative. LACCDR, an initiative led by the Los Angeles County Department of Public Health with academic partners, randomized 16 community coalitions to implement either an Enhanced Standard Preparedness or Community Resilience approach over 24 months. Facilitated by a public health nurse or community educator, coalitions comprised government agencies, community-focused organizations and community members. We used thematic analysis of data from focus groups ( n = 5) and interviews ( n = 6 coalition members; n = 16 facilitators) to compare coalitions' strategies for operationalizing community resilience levers of change (engagement, partnership, self-sufficiency, education). We find that strategies that included bidirectional learning helped coalitions understand and adopt resilience principles. Strategies that operationalized community resilience levers in mutually reinforcing ways (e.g., disseminating information while strengthening partnerships) also secured commitment to resilience principles. We review additional challenges and successes in achieving cross-sector collaboration and engaging at-risk groups in the resilience versus preparedness coalitions. The LACCDR example can inform strategies for uptake and implementation of community resilience and uptake of the resilience concept and methods.

How Do Communities Use a Participatory Public Health Approach to Build Resilience? The Los Angeles County Community Disaster Resilience Project

PubMed Central

Bromley, Elizabeth; Eisenman, David P.; Magana, Aizita; Williams, Malcolm; Kim, Biblia; McCreary, Michael; Chandra, Anita; Wells, Kenneth B.

2017-01-01

Community resilience is a key concept in the National Health Security Strategy that emphasizes development of multi-sector partnerships and equity through community engagement. Here, we describe the advancement of CR principles through community participatory methods in the Los Angeles County Community Disaster Resilience (LACCDR) initiative. LACCDR, an initiative led by the Los Angeles County Department of Public Health with academic partners, randomized 16 community coalitions to implement either an Enhanced Standard Preparedness or Community Resilience approach over 24 months. Facilitated by a public health nurse or community educator, coalitions comprised government agencies, community-focused organizations and community members. We used thematic analysis of data from focus groups (n = 5) and interviews (n = 6 coalition members; n = 16 facilitators) to compare coalitions’ strategies for operationalizing community resilience levers of change (engagement, partnership, self-sufficiency, education). We find that strategies that included bidirectional learning helped coalitions understand and adopt resilience principles. Strategies that operationalized community resilience levers in mutually reinforcing ways (e.g., disseminating information while strengthening partnerships) also secured commitment to resilience principles. We review additional challenges and successes in achieving cross-sector collaboration and engaging at-risk groups in the resilience versus preparedness coalitions. The LACCDR example can inform strategies for uptake and implementation of community resilience and uptake of the resilience concept and methods. PMID:29065491

National Aviation Security Policy, Strategy, and Mode-Specific Plans: Background and Considerations for Congress

DTIC Science & Technology

2009-02-02

aviation security . The approach to aviation security was largely shaped by past events, such as the bombing of Pan Am flight 103 in December 1988, rather...community. Following the September 11, 2001, attacks, U.S. aviation security policy and strategy was closely linked to the changes called for in the...have been considered security sensitive thus limiting public discourse on the DHS strategy for aviation security . However, in June 2006 President

Strategy to Enhance International Supply Chain Security

DTIC Science & Technology

2007-07-01

as part of the effort to secure air passenger travel . The security assessment crew traveling by air, land or sea cannot be considered only a travel ...threats through its traveler screening and worker credentialing programs. The strategy to secure the supply chain reflects the larger security strategy of...living or traveling abroad. • Assisting U.S. businesses in the international marketplace. • Coordinating and providing support for international

Meeting the privacy requirements for the development of a multi-centre patient registry in Canada: the Rick Hansen Spinal Cord Injury Registry.

PubMed

Noonan, Vanessa K; Thorogood, Nancy P; Joshi, Phalgun B; Fehlings, Michael G; Craven, B Catharine; Linassi, Gary; Fourney, Daryl R; Kwon, Brian K; Bailey, Christopher S; Tsai, Eve C; Drew, Brian M; Ahn, Henry; Tsui, Deborah; Dvorak, Marcel F

2013-05-01

Privacy legislation addresses concerns regarding the privacy of personal information; however, its interpretation by research ethics boards has resulted in significant challenges to the collection, management, use and disclosure of personal health information for multi-centre research studies. This paper describes the strategy used to develop the national Rick Hansen Spinal Cord Injury Registry (RHSCIR) in accordance with privacy statutes and benchmarked against best practices. An analysis of the regional and national privacy legislation was conducted to determine the requirements for each of the 31 local RHSCIR sites and the national RHSCIR office. A national privacy and security framework was created for RHSCIR that includes a governance structure, standard operating procedures, training processes, physical and technical security and privacy impact assessments. The framework meets a high-water mark in ensuring privacy and security of personal health information nationally and may assist in the development of other national or international research initiatives. Copyright © 2013 Longwoods Publishing.

Meeting the Privacy Requirements for the Development of a Multi-Centre Patient Registry in Canada: The Rick Hansen Spinal Cord Injury Registry

PubMed Central

Noonan, Vanessa K.; Thorogood, Nancy P.; Joshi, Phalgun B.; Fehlings, Michael G.; Craven, B. Catharine; Linassi, Gary; Fourney, Daryl R.; Kwon, Brian K.; Bailey, Christopher S.; Tsai, Eve C.; Drew, Brian M.; Ahn, Henry; Tsui, Deborah; Dvorak, Marcel F.

2013-01-01

Privacy legislation addresses concerns regarding the privacy of personal information; however, its interpretation by research ethics boards has resulted in significant challenges to the collection, management, use and disclosure of personal health information for multi-centre research studies. This paper describes the strategy used to develop the national Rick Hansen Spinal Cord Injury Registry (RHSCIR) in accordance with privacy statutes and benchmarked against best practices. An analysis of the regional and national privacy legislation was conducted to determine the requirements for each of the 31 local RHSCIR sites and the national RHSCIR office. A national privacy and security framework was created for RHSCIR that includes a governance structure, standard operating procedures, training processes, physical and technical security and privacy impact assessments. The framework meets a high-water mark in ensuring privacy and security of personal health information nationally and may assist in the development of other national or international research initiatives. PMID:23968640

Establishing rational networking using the DL04 quantum secure direct communication protocol

NASA Astrophysics Data System (ADS)

Qin, Huawang; Tang, Wallace K. S.; Tso, Raylin

2018-06-01

The first rational quantum secure direct communication scheme is proposed, in which we use the game theory with incomplete information to model the rational behavior of the participant, and give the strategy space and utility function. The rational participant can get his maximal utility when he performs the protocol faithfully, and then the Nash equilibrium of the protocol can be achieved. Compared to the traditional schemes, our scheme will be more practical in the presence of rational participant.

A reservoir of ethnobotanical knowledge informs resilient food security and health strategies in the Balkans.

PubMed

Quave, Cassandra L; Pieroni, Andrea

2015-02-02

While all peoples are nested in their environments, their decisions and actions are mediated by culturally constructed values, beliefs and priorities. Ethnobotanical methods can show how different ethnic groups living within the same geographic landscape interact with environmental resources. Here, we explore the impact of culture on ethnobotanical knowledge, and practice on local food security and human health. Gora, a mountainous territory of northeastern Albania, is home to two culturally and linguistically distinct peoples: Gorani and Albanians. We investigated the divergences and convergences of ethnobotanical strategies among the groups with respect to the use of 104 plant species. Local knowledge modulated by cultural history has moulded these peoples' use of their natural environment, fostering resilience during periods of food insecurity.

Roots and routes to resilience and its role in psychotherapy: a selective, attachment-informed review.

PubMed

Holmes, Jeremy

2017-08-01

Developmental research on resilience is summarised and illustrated with a case example. Self-reflection, positive relationships, and agency foster resilience in the face of adversity. Attachment and resilience are related categories. The different patterns of attachment - secure, insecure-organised and insecure-disorganised - are manifest in different patterns of resilience, depending on prevailing environmental conditions. However, the greater the environmental adversity, the less will the resilience factors emerge. Clients tend to present for psychotherapy when resilience strategies have failed. The therapeutic relationship has neurochemical and relational characteristic mirroring the secure mother-infant bond. These foster mentalising, stress innoculation, affect co-regulation, self-esteem, and agency, forming the basis for enduring and more flexible resilience strategies.

75 FR 18819 - Second DRAFT NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber Security Strategy and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-13

...-0143-01] Second DRAFT NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber Security Strategy and... (NIST) seeks comments on the second draft of NISTIR 7628, Smart Grid Cyber Security Strategy and..., vulnerability categories, bottom-up analysis, individual logical interface diagrams, and the cyber security...

National Aviation Security Policy, Strategy, and Mode-Specific Plans: Background and Considerations for Congress

DTIC Science & Technology

2008-01-02

aviation security . The approach to aviation security was largely shaped by past events, such as the bombing of Pan Am flight 103 in December 1988, rather...2001 attacks, U.S. aviation security policy and strategy was closely linked to the changes called for in the Aviation and Transportation Security Act...sensitive thus limiting public discourse on the DHS strategy for aviation security . However, in June 2006 President Bush directed the DHS to establish and

Cryptanalysis on a scheme to share information via employing a discrete algorithm to quantum states

NASA Astrophysics Data System (ADS)

Amellal, H.; Meslouhi, A.; El Baz, M.; Hassouni, Y.; El Allati, A.

2017-03-01

Recently, Yang and Hwang [Int. J. Theor. Phys. 53, 224 (2014)] demonstrated that the scheme to share information via employing discrete algorithm to quantum states presented by Kang and Fang [Commun. Theor. Phys. 55, 239 (2011)] suffers from a major vulnerability allowing an eavesdropper to perform a measurement and resend attack. By introducing an additional checking state framework, the authors have proposed an improved protocol to overcome this weakness. This work calls into question the invoked vulnerability in order to clarify a misinterpretation in the same protocol stages also introduce a possible leakage information strategy, known as a faked state attack, despite the proposed improvement, which means that the same security problem may persist. Finally, an upgrading technic was introduced in order to enhance the security transmission.

Security Considerations for E-Mental Health Interventions

PubMed Central

Bennett, Anthony James; Griffiths, Kathleen Margaret

2010-01-01

Security considerations are an often overlooked and underfunded aspect of the development, delivery, and evaluation of e-mental health interventions although they are crucial to the overall success of any eHealth project. The credibility and reliability of eHealth scientific research and the service delivery of eHealth interventions rely on a high standard of data security. This paper describes some of the key methodological, technical, and procedural issues that need to be considered to ensure that eHealth research and intervention delivery meet adequate security standards. The paper concludes by summarizing broad strategies for addressing the major security risks associated with eHealth interventions. These include involving information technology (IT) developers in all stages of the intervention process including its development, evaluation, and ongoing delivery; establishing a wide-ranging discourse about relevant security issues; and familiarizing researchers and providers with the security measures that must be instituted in order to protect the integrity of eHealth interventions. PMID:21169173

Learning and Coping Strategies Used by Learning Disabled Students Participating in Adult Basic Education and Literacy Programs. A Final Report of the 310 Special Project 87-98-7014.

ERIC Educational Resources Information Center

Ross, Jovita M.

Interviews with 19 adults participating in adult basic education or literacy programs were conducted to ascertain the strategies they used to compensate for reading and writing difficulties. Although the project intended to secure this information from adults diagnosed as learning disabled, it had to rely on self-reports and educational history to…

NATIONAL PREPAREDNESS: Integrating New and Existing Technology and Information Sharing into an Effective Homeland Security Strategy

DTIC Science & Technology

2002-06-07

Continue to Develop and Refine Emerging Technology • Some of the emerging biometric devices, such as iris scans and facial recognition systems...such as iris scans and facial recognition systems, facial recognition systems, and speaker verification systems. (976301)

Building Alternative-Energy Partnerships with Latin America

DTIC Science & Technology

2007-03-30

both its National Energy Strategy and Foreign Policy. Endnotes 1 COL John Amidon, "Needed Now: A National Energy Security Manhattan Project ," Air... Manhattan Project ," Briefing to Headquarters U.S. Air Force, 21 March 2006. 30 U.S. Energy Information Agency, "International Petroleum Monthly

Analysis on the security of cloud computing

NASA Astrophysics Data System (ADS)

He, Zhonglin; He, Yuhua

2011-02-01

Cloud computing is a new technology, which is the fusion of computer technology and Internet development. It will lead the revolution of IT and information field. However, in cloud computing data and application software is stored at large data centers, and the management of data and service is not completely trustable, resulting in safety problems, which is the difficult point to improve the quality of cloud service. This paper briefly introduces the concept of cloud computing. Considering the characteristics of cloud computing, it constructs the security architecture of cloud computing. At the same time, with an eye toward the security threats cloud computing faces, several corresponding strategies are provided from the aspect of cloud computing users and service providers.

Randomized Prediction Games for Adversarial Machine Learning.

PubMed

Rota Bulo, Samuel; Biggio, Battista; Pillai, Ignazio; Pelillo, Marcello; Roli, Fabio

In spam and malware detection, attackers exploit randomization to obfuscate malicious data and increase their chances of evading detection at test time, e.g., malware code is typically obfuscated using random strings or byte sequences to hide known exploits. Interestingly, randomization has also been proposed to improve security of learning algorithms against evasion attacks, as it results in hiding information about the classifier to the attacker. Recent work has proposed game-theoretical formulations to learn secure classifiers, by simulating different evasion attacks and modifying the classification function accordingly. However, both the classification function and the simulated data manipulations have been modeled in a deterministic manner, without accounting for any form of randomization. In this paper, we overcome this limitation by proposing a randomized prediction game, namely, a noncooperative game-theoretic formulation in which the classifier and the attacker make randomized strategy selections according to some probability distribution defined over the respective strategy set. We show that our approach allows one to improve the tradeoff between attack detection and false alarms with respect to the state-of-the-art secure classifiers, even against attacks that are different from those hypothesized during design, on application examples including handwritten digit recognition, spam, and malware detection.In spam and malware detection, attackers exploit randomization to obfuscate malicious data and increase their chances of evading detection at test time, e.g., malware code is typically obfuscated using random strings or byte sequences to hide known exploits. Interestingly, randomization has also been proposed to improve security of learning algorithms against evasion attacks, as it results in hiding information about the classifier to the attacker. Recent work has proposed game-theoretical formulations to learn secure classifiers, by simulating different evasion attacks and modifying the classification function accordingly. However, both the classification function and the simulated data manipulations have been modeled in a deterministic manner, without accounting for any form of randomization. In this paper, we overcome this limitation by proposing a randomized prediction game, namely, a noncooperative game-theoretic formulation in which the classifier and the attacker make randomized strategy selections according to some probability distribution defined over the respective strategy set. We show that our approach allows one to improve the tradeoff between attack detection and false alarms with respect to the state-of-the-art secure classifiers, even against attacks that are different from those hypothesized during design, on application examples including handwritten digit recognition, spam, and malware detection.

U.S. Energy Prospects: An Engineering Viewpoint.

ERIC Educational Resources Information Center

National Academy of Engineering, Washington, DC. Commission on Education.

With the Arab oil embargo of 1973, the United States became aware of its dependence on foreign fuel to maintain its productive capacity, employment base, political autonomy, strategic security, and living standard. An engineering Task Force on Energy was appointed to provide an informed assessment of the realistic strategies that could be…

76 FR 11279 - Agency Information Collection Activities: Extension of a Currently Approved Collection

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-01

... (institutions of higher education) of the Grants to Reduce Violent Crimes Against Women on Campus Program whose... of higher education to develop and strengthen effective security and investigation strategies to combat violent crimes against women on campuses, including domestic violence, dating violence, sexual...

78 FR 31964 - Agency Information Collection Activities: Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-28

... infrastructure and the traveling public from acts of terrorism, major disasters, and other emergencies... acts of terrorism, major disasters, and other emergencies. Affected Public: State, Local, or Tribal...,080.32 Security Strategy. Total 123 123 5,043 147,053.88 Estimated Cost: The estimated annual cost to...

Integrated Cognitive-neuroscience Architectures for Understanding Sensemaking (ICArUS): Transition to the Intelligence Community

DTIC Science & Technology

2014-12-01

Case Study P U Pc Pt Ft Pa 1 Clinical vs. Actuarial Geospatial Profiling Strategies X X 2 Route Security in Baghdad X X X X 3 International...Information Sciences , 176, 1570-1589. Burns, K., & Bonaceto, C. (2014). Integrated Cognitive-neuroscience Architectures for Understanding Sensemaking

Dow Jones News/Retrieval--An IndepthBxook.

ERIC Educational Resources Information Center

Dempsey, Tim

1984-01-01

This introduction to the nonbibliographic databases offered by the Dow Jones News/Retrieval Service describes file content and search strategies in four groups: Dow Jones Business and Economic News; Dow Jones Quotes (market prices for stocks and other securities); Financial and Investment Services; General News and Information Services. Examples…

Portfolio Management

NASA Technical Reports Server (NTRS)

Duncan, Sharon L.

2011-01-01

Enterprise Business Information Services Division (EBIS) supports the Laboratory and its functions through the implementation and support of business information systems on behalf of its business community. EBIS Five Strategic Focus Areas: (1) Improve project estimating, planning and delivery capability (2) Improve maintainability and sustainability of EBIS Application Portfolio (3) Leap forward in IT Leadership (4) Comprehensive Talent Management (5) Continuous IT Security Program. Portfolio Management is a strategy in which software applications are managed as assets

Strengthening Rehabilitation in Health Systems Worldwide by Integrating Information on Functioning in National Health Information Systems.

PubMed

Stucki, Gerold; Bickenbach, Jerome; Melvin, John

2017-09-01

A complete understanding of the experience of health requires information relevant not merely to the health indicators of mortality and morbidity but also to functioning-that is, information about what it means to live in a health state, "the lived experience of health." Not only is functioning information relevant to healthcare and the overall objectives of person-centered healthcare but to the successful operation of all components of health systems.In light of population aging and major epidemiological trends, the health strategy of rehabilitation, whose aim has always been to optimize functioning and minimize disability, will become a key health strategy. The increasing prominence of the rehabilitative strategy within the health system drives the argument for the integration of functioning information as an essential component in national health information systems.Rehabilitation professionals and researchers have long recognized in WHO's International Classification of Functioning, Disability and Health the best prospect for an internationally recognized, sufficiently complete and powerful information reference for the documentation of functioning information. This paper opens the discussion of the promise of integrating the ICF as an essential component in national health systems to secure access to functioning information for rehabilitation, across health systems and countries.

Crossing the quality chasm: the role of information technology departments.

PubMed

Weir, Charlene R; Hicken, Bret L; Rappaport, Hank Steven; Nebeker, Jonathan R

2006-01-01

Integrating information technology (IT) into medical settings is considered essential to transforming hospitals into 21st-century health care institutions. Yet the role of IT departments in maximizing the effectiveness of information systems is not well understood. This article reports a 3-round Delphi panel of Veterans Administration personnel experienced with provider order entry electronic systems. In round 1, 35 administrative, clinical, and IT personnel answered 10 open-ended questions about IT strategies and structures that best support successful transformation. In round 2, panelists rated item importance and ranked proposed strategies. In round 3, panelists received aggregate feedback and rerated the items. Four domains emerged from round 1: IT organization, IT performance monitoring, user-support activities, and core IT responsibilities (eg, computer security, training). In rounds 2 and 3, IT performance monitoring was rated the most important, closely followed by clinical support. Strategies associated with each domain are identified and discussed.

75 FR 43528 - Seeking Public Comment on Draft National Health Security Strategy Biennial Implementation Plan

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of the Secretary Seeking Public Comment on Draft National Health Security Strategy Biennial Implementation Plan AGENCY: Department of Health and Human... Interim Implementation Guide for the National Health Security Strategy of the United States of America...

Strategy to Enhance International Supply Chain Security

DTIC Science & Technology

2007-07-01

airports as part of the effort to secure air passenger travel . The security assessment crew traveling by air, land or sea cannot be considered only a... travel security issue. The assessment of a container ship’s crew or of a driver moving a truck into the secure area of a port are also supply chain...threats through its traveler screening and worker credentialing programs. The strategy to secure the supply chain reflects the larger security

Potential impact of HITECH security regulations on medical imaging.

PubMed

Prior, Fred; Ingeholm, Mary Lou; Levine, Betty A; Tarbox, Lawrence

2009-01-01

Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act (ARRA) of 2009 [1] include a provision commonly referred to as the "Health Information Technology for Economic and Clinical Health Act" or "HITECH Act" that is intended to promote the electronic exchange of health information to improve the quality of health care. Subtitle D of the HITECH Act includes key amendments to strengthen the privacy and security regulations issued under the Health Insurance Portability and Accountability Act (HIPAA). The HITECH act also states that "the National Coordinator" must consult with the National Institute of Standards and Technology (NIST) in determining what standards are to be applied and enforced for compliance with HIPAA. This has led to speculation that NIST will recommend that the government impose the Federal Information Security Management Act (FISMA) [2], which was created by NIST for application within the federal government, as requirements to the public Electronic Health Records (EHR) community in the USA. In this paper we will describe potential impacts of FISMA on medical image sharing strategies such as teleradiology and outline how a strict application of FISMA or FISMA-based regulations could have significant negative impacts on information sharing between care providers.

Privacy in confidential administrative micro data: implementing statistical disclosure control in a secure computing environment.

PubMed

Hochfellner, Daniela; Müller, Dana; Schmucker, Alexandra

2014-12-01

The demand for comprehensive and innovative data is constantly growing in social science. In particular, micro data from various social security agencies become more and more attractive. In contrast to survey data, administrative data offer a census with highly reliable information but are restricted in their usage. To make them accessible for researchers, data or research output either have to be anonymized or released after disclosure review procedures have been used. This article discusses the trade-off between maintaining a high capability of research potential while protecting private information, by exploiting the data disclosure portfolio and the adopted disclosure strategies of the Research Data Center of the German Federal Employment Agency. © The Author(s) 2014.

Business continuity strategies for cyber defence: battling time and information overload.

PubMed

Streufert, John

2010-11-01

Can the same numbers and letters which are the life blood of modern business and government computer systems be harnessed to protect computers from attack against known information security risks? For the past seven years, Foreign Service officers and technicians of the US Government have sought to maintain diplomatic operations in the face of rising cyber attacks and test the hypothesis that an ounce of prevention is worth a pound of cure. As eight out of ten attacks leverage known computer security vulnerabilities or configuration setting weaknesses, a pound of cure would seem to be easy to come by. Yet modern security tools present an unusually consequential threat to business continuity - too much rather than too little information on cyber problems is presented, harking back to a phenomenon cited by social scientists in the 1960s called 'information overload'. Experience indicates that the longer the most serious cyber problems go untreated, the wider the attack surface adversaries can find. One technique used at the Department of State, called 'risk scoring', resulted in an 89 per cent overall reduction in measured risk over 12 months for the Department of State's servers and personal computers. Later refinements of risk scoring enabled technicians to correct unique security threats with unprecedented speed. This paper explores how the use of metrics, special care in presenting information to technicians and executives alike, as well as tactical use of organisational incentives can result in stronger cyber defences protecting modern organisations.

10 CFR 37.43 - General security program requirements.

Code of Federal Regulations, 2014 CFR

2014-01-01

... overall security strategy to ensure the integrated and effective functioning of the security program required by this subpart. The security plan must, at a minimum: (i) Describe the measures and strategies... lessons learned; (iii) Relevant results of NRC inspections; and (iv) Relevant results of the licensee's...

Promoting exercise behaviour in a secure mental health setting: Healthcare assistant perspectives.

PubMed

Kinnafick, Florence-Emilie; Papathomas, Anthony; Regoczi, Dora

2018-05-30

Individuals with severe mental illness engage in significantly less amounts of physical activity than the general population. A secure mental health setting can exacerbate barriers to exercise, and facilitate physical inactivity and sedentary behaviour. Healthcare assistants are intimately involved in the daily lives of patients and, therefore, should be considered integral to exercise promotion in secure mental health settings. Our aim was to explore healthcare assistants' perceptions of exercise and their attitudes to exercise promotion for adult patients in a secure mental health hospital. Qualitative semi-structured interviews were conducted with 11 healthcare assistants from a large UK-based secure mental health hospital. Topics included healthcare assistants' personal experiences of exercise within a secure facility, their perceptions of exercise as an effective treatment tool for mental health, and their perceived roles and responsibilities for exercise promotion. Thematic analysis was used to analyse the data. Three main themes were identified: (i) exercise is multi-beneficial to patients, (ii) perceived barriers to effective exercise promotion, and (iii) strategies for effectives exercise promotion. Healthcare assistants considered exercise to hold patient benefits. However, core organizational and individual barriers limited healthcare assistants' exercise promotion efforts. An informal approach to exercise promotion was deemed most effective to some, whereas others committed to more formal strategies including compulsory sessions. With education and organizational support, we propose healthcare assistants are well placed to identify individual needs for exercise promotion. Their consultation could lead to more efficacious, person-sensitive interventions. © 2018 Australian College of Mental Health Nurses Inc.

Evaluation of the awareness and effectiveness of IT security programs in a large publicly funded health care system.

PubMed

Hepp, Shelanne L; Tarraf, Rima C; Birney, Arden; Arain, Mubashir Aslam

2017-01-01

Electronic health records are becoming increasingly common in the health care industry. Although information technology (IT) poses many benefits to improving health care and ease of access to information, there are also security and privacy risks. Educating health care providers is necessary to ensure proper use of health information systems and IT and reduce undesirable outcomes. This study evaluated employees' awareness and perceptions of the effectiveness of two IT educational training modules within a large publicly funded health care system in Canada. Semi-structured interviews and focus groups included a variety of professional roles within the organisation. Participants also completed a brief demographic data sheet. With the consent of participants, all interviews and focus groups were audio recorded. Thematic analysis and descriptive statistics were used to evaluate the effectiveness of the IT security training modules. Five main themes emerged: (i) awareness of the IT training modules, (ii) the content of modules, (iii) staff perceptions about differences between IT security and privacy issues, (iv) common breaches of IT security and privacy, and (v) challenges and barriers to completing the training program. Overall, nonclinical staff were more likely to be aware of the training modules than were clinical staff. We found e-learning was a feasible way to educate a large number of employees. However, health care providers required a module on IT security and privacy that was relatable and applicable to their specific roles. Strategies to improve staff education and mitigate against IT security and privacy risks are discussed. Future research should focus on integrating health IT competencies into the educational programs for health care professionals.

Looking Through the Fog: United States National Security Strategy, National Military Strategy, Air Force Doctrine and the Impacts to ISR (1990-2012)

DTIC Science & Technology

2013-06-01

notwithstanding any other provision of law , no person shall be subject to a penalty for failing to comply with a collection of information if it does not...attempt to reconcile the complex organizational ecosystem that constitutes the DOD ISR enterprise. The modern enterprise remains a reflection of...rights. 3. The Western Hemisphere – must control insurgencies, support NAFTA arrangements, and work with non-govt organizations to support

Addressing security, collaboration, and usability with tactical edge mobile devices and strategic cloud-based systems

NASA Astrophysics Data System (ADS)

Graham, Christopher J.

2012-05-01

Success in the future battle space is increasingly dependent on rapid access to the right information. Faced with a shrinking budget, the Government has a mandate to improve intelligence productivity, quality, and reliability. To achieve increased ISR effectiveness, leverage of tactical edge mobile devices via integration with strategic cloud-based infrastructure is the single, most likely candidate area for dramatic near-term impact. This paper discusses security, collaboration, and usability components of this evolving space. These three paramount tenets outlined below, embody how mission information is exchanged securely, efficiently, with social media cooperativeness. Tenet 1: Complete security, privacy, and data integrity, must be ensured within the net-centric battle space. This paper discusses data security on a mobile device, data at rest on a cloud-based system, authorization and access control, and securing data transport between entities. Tenet 2: Lack of collaborative information sharing and content reliability jeopardizes mission objectives and limits the end user capability. This paper discusses cooperative pairing of mobile devices and cloud systems, enabling social media style interaction via tagging, meta-data refinement, and sharing of pertinent data. Tenet 3: Fielded mobile solutions must address usability and complexity. Simplicity is a powerful paradigm on mobile platforms, where complex applications are not utilized, and simple, yet powerful, applications flourish. This paper discusses strategies for ensuring mobile applications are streamlined and usable at the tactical edge through focused features sets, leveraging the power of the back-end cloud, minimization of differing HMI concepts, and directed end-user feedback.teInput=

Austrian Security Strategy: Need For Reformulation Due To Security Developments

DTIC Science & Technology

2016-02-14

migration from Africa and the Middle East, and reality has overtaken the security strategy. The terrorist attacks in Paris and the sexual assaults on women...legitimate use of physical force” i.e., a state is a system based on the legitimate “relation of domination of man over man.”6, 7 Strategy is...called peace dividend to stimulate the economy and invest in infrastructure projects. Modern security policy must be assessed in all areas, since

77 FR 74488 - Agency Information Collection Activities: Consideration of Deferred Action for Childhood Arrivals...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-14

... burden and associated response time should be directed to: DHS, USCIS, Office of Policy and Strategy... the burden in terms of time and money incurred by applicants for the following aspects of this... service. The average time required and money expended to secure secondary evidence such as an affidavit...

78 FR 13370 - Agency Information Collection Activities: Consideration of Deferred Action for Childhood Arrivals...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-27

... may be submitted to: DHS, USCIS, Office of Policy and Strategy, Chief, Regulatory Coordination... estimates on the burden in terms of time and money incurred by applicants for the following aspects of this... service. The average time required and money expended to secure secondary evidence such as an affidavit...

A Safe School's Top 10 Needs

ERIC Educational Resources Information Center

Brunner, Judy; Lewis, Dennis

2005-01-01

An environment of safety in the school seldom comes down to any one particular component or plan; it is a combination of strategies and ideas that makes a school safe and secure for everyone. In this article, the authors provide practical information to educators who are already working to capacity in terms of time allocation and monetary…

Identification and Access Management: An Action Research Approach to Develop a Training Strategy for Higher Education

ERIC Educational Resources Information Center

San Nicolas-Rocca, Tonia

2010-01-01

Identification and access management has been among the top security issues facing institutions of higher education. Most institutions of higher education require end users to provide usernames and passwords to gain access to personally identifiable information (PII). This leaves universities vulnerable to unauthorized access and unauthorized…

The Wicked Problem of Information Sharing in Homeland Security - A Leadership Perspective

DTIC Science & Technology

2014-06-01

filled environment. One such coping strategy termed emotion work, describes how analysts manage their feelings to display a public face or bodily ...in many aspects of Western culture but 56 Jeff Conklin, Dialogue Mapping : Building Shared...effective, whether modifications should be 60 Conklin, Dialogue Mapping : Building Shared Understanding

A Secure and Efficient Threshold Group Signature Scheme

NASA Astrophysics Data System (ADS)

Zhang, Yansheng; Wang, Xueming; Qiu, Gege

The paper presents a secure and efficient threshold group signature scheme aiming at two problems of current threshold group signature schemes: conspiracy attack and inefficiency. Scheme proposed in this paper takes strategy of separating designed clerk who is responsible for collecting and authenticating each individual signature from group, the designed clerk don't participate in distribution of group secret key and has his own public key and private key, designed clerk needs to sign part information of threshold group signature after collecting signatures. Thus verifier has to verify signature of the group after validating signature of the designed clerk. This scheme is proved to be secure against conspiracy attack at last and is more efficient by comparing with other schemes.

Confidence-Building Measures in Philippine Security.

DTIC Science & Technology

1998-05-01

service or government agency. STRATEGY RESEARCH PROJECT i CONFIDENCE-BUILDING MEASURES IN PHILIPPINE SECURITY BY LIEUTENANT COLONEL RAMON G...WAR COLLEGE, CARLISLE BARRACKS, PA 17013-5050 rimo*’^»®*raBl USAWC STRATEGY RESEARCH PROJECT CONFIDENCE-BUILDING MEASURES IN PHILIPPINE...Colonel Ramon Santos, Philippine Army TITLE: Confidence-Building Measures in Philippine Security FORMAT: Strategy Research Project DATE: 1

Security Analysis of Selected AMI Failure Scenarios Using Agent Based Game Theoretic Simulation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Schlicher, Bob G; Sheldon, Frederick T

Information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. We concentrated our analysis on the Advanced Metering Infrastructure (AMI) functional domain which the National Electric Sector Cyber security Organization Resource (NESCOR) working group has currently documented 29 failure scenarios. The strategy for the game was developed by analyzing five electric sector representative failure scenarios contained in the AMI functional domain. From thesemore » five selected scenarios, we characterize them into three specific threat categories affecting confidentiality, integrity and availability (CIA). The analysis using our ABGT simulation demonstrates how to model the AMI functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the AMI network with respect to CIA.« less

The EGS Data Collaboration Platform: Enabling Scientific Discovery

DOE Office of Scientific and Technical Information (OSTI.GOV)

Weers, Jonathan D; Johnston, Henry; Huggins, Jay V

Collaboration in the digital age has been stifled in recent years. Reasonable responses to legitimate security concerns have created a virtual landscape of silos and fortified castles incapable of sharing information efficiently. This trend is unfortunately opposed to the geothermal scientific community's migration toward larger, more collaborative projects. To facilitate efficient sharing of information between team members from multiple national labs, universities, and private organizations, the 'EGS Collab' team has developed a universally accessible, secure data collaboration platform and has fully integrated it with the U.S. Department of Energy's (DOE) Geothermal Data Repository (GDR) and the National Geothermal Data Systemmore » (NGDS). This paper will explore some of the challenges of collaboration in the modern digital age, highlight strategies for active data management, and discuss the integration of the EGS Collab data management platform with the GDR to enable scientific discovery through the timely dissemination of information.« less

Israel security in the 21st century: Risks and opportunities. Research report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Eisenkot, G.

Unlike the United States which publicizes its national security strategy and national military strategy in official public documents, Israel, does not produce such documents for the general public. This may appear paradoxical in that the State of Israel, from its very inception, has invested enormous energy in its security. Nevertheless, Israel has no detailed security doctrine approved and updated by the Cabinet, the Knesset (Israel`s parliament) or the General Staff. The lack of an official, published, security doctrine does not imply that Israel lacks a coherent political and military strategy based on doctrine-like concepts. Israel`s political and military successes aremore » proof to the contrary. Our purpose, then, is to identify a number of the critical Security Principles that have shaped Israeli strategy. This will provide us the foundation for our main discussion which is the risks and challenges to Israeli security in the 21st century and possible responses to those challenges.« less

Notes on two multiparty quantum secret sharing schemes

NASA Astrophysics Data System (ADS)

Gao, Gan

In the paper [H. Abulkasim et al., Int. J. Quantum Inform. 15 (2017) 1750023], Abulkasim et al. proposed a quantum secret sharing scheme based on Bell states. We study the security of the multiparty case in the proposed scheme and detect that it is not secure. In the paper [Y. Du and W. Bao, Opt. Commun. 308 (2013) 159], Du and Bao listed Gao’s scheme and gave a attack strategy on the listed scheme. We point out that their listing scheme is not the genuine Gao’s scheme and their research method is not advisable.

A cognitive and economic decision theory for examining cyber defense strategies.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bier, Asmeret Brooke

Cyber attacks pose a major threat to modern organizations. Little is known about the social aspects of decision making among organizations that face cyber threats, nor do we have empirically-grounded models of the dynamics of cooperative behavior among vulnerable organizations. The effectiveness of cyber defense can likely be enhanced if information and resources are shared among organizations that face similar threats. Three models were created to begin to understand the cognitive and social aspects of cyber cooperation. The first simulated a cooperative cyber security program between two organizations. The second focused on a cyber security training program in which participantsmore » interact (and potentially cooperate) to solve problems. The third built upon the first two models and simulates cooperation between organizations in an information-sharing program.« less

Integrated Cognitive-neuroscience Architectures for Understanding Sensemaking (ICArUS): Phase 2 Challenge Problem Design and Test Specification

DTIC Science & Technology

2014-11-01

intelligence. No. Title of Case Study P U Pc Pt Ft Pa 1 Clinical vs. Actuarial Geospatial Profiling Strategies X X 2 Route Security in Baghdad X...support. Information Sciences , 176, 1570-1589. Burns, K. (2005). Mental models and normal errors. In Montgomery, H., Lipshitz, & Brehmer, B. (eds...utilities. Information Sciences , 179, 1599-1607. Davis, M. (1997). Game Theory: A Nontechnical Introduction. New York: Dover. Edwards, W. (1982

Mission Assurance Modeling and Simulation: A Cyber Security Roadmap

NASA Technical Reports Server (NTRS)

Gendron, Gerald; Roberts, David; Poole, Donold; Aquino, Anna

2012-01-01

This paper proposes a cyber security modeling and simulation roadmap to enhance mission assurance governance and establish risk reduction processes within constrained budgets. The term mission assurance stems from risk management work by Carnegie Mellon's Software Engineering Institute in the late 19905. By 2010, the Defense Information Systems Agency revised its cyber strategy and established the Program Executive Officer-Mission Assurance. This highlights a shift from simply protecting data to balancing risk and begins a necessary dialogue to establish a cyber security roadmap. The Military Operations Research Society has recommended a cyber community of practice, recognizing there are too few professionals having both cyber and analytic experience. The authors characterize the limited body of knowledge in this symbiotic relationship. This paper identifies operational and research requirements for mission assurance M&S supporting defense and homeland security. M&S techniques are needed for enterprise oversight of cyber investments, test and evaluation, policy, training, and analysis.

SCA security verification on wireless sensor network node

NASA Astrophysics Data System (ADS)

He, Wei; Pizarro, Carlos; de la Torre, Eduardo; Portilla, Jorge; Riesgo, Teresa

2011-05-01

Side Channel Attack (SCA) differs from traditional mathematic attacks. It gets around of the exhaustive mathematic calculation and precisely pin to certain points in the cryptographic algorithm to reveal confidential information from the running crypto-devices. Since the introduction of SCA by Paul Kocher et al [1], it has been considered to be one of the most critical threats to the resource restricted but security demanding applications, such as wireless sensor networks. In this paper, we focus our work on the SCA-concerned security verification on WSN (wireless sensor network). A detailed setup of the platform and an analysis of the results of DPA (power attack) and EMA (electromagnetic attack) is presented. The setup follows the way of low-cost setup to make effective SCAs. Meanwhile, surveying the weaknesses of WSNs in resisting SCA attacks, especially for the EM attack. Finally, SCA-Prevention suggestions based on Differential Security Strategy for the FPGA hardware implementation in WSN will be given, helping to get an improved compromise between security and cost.

Collaborating toward improving food security in Nunavut.

PubMed

Wakegijig, Jennifer; Osborne, Geraldine; Statham, Sara; Issaluk, Michelle Doucette

2013-01-01

Community members, Aboriginal organizations, public servants and academics have long been describing a desperate situation of food insecurity in the Eastern Canadian Arctic. The Nunavut Food Security Coalition, a partnership of Inuit Organizations and the Government of Nunavut, is collaborating to develop a territorial food security strategy to address pervasive food insecurity in the context of poverty reduction. The Nunavut Food Security Coalition has carried out this work using a community consultation model. The research was collected through community visits, stakeholder consultation and member checking at the Nunavut Food Security Symposium. In this paper, we describe a continuous course of action, based on community engagement and collective action, that has led to sustained political interest in and public mobilization around the issue of food insecurity in Nunavut. The process described in this article is a unique collaboration between multiple organizations that has led to the development of a sustainable partnership that will inform policy development while representing the voice of Nunavummiut.

Collaborating toward improving food security in Nunavut

PubMed Central

Wakegijig, Jennifer; Osborne, Geraldine; Statham, Sara; Issaluk, Michelle Doucette

2013-01-01

Background Community members, Aboriginal organizations, public servants and academics have long been describing a desperate situation of food insecurity in the Eastern Canadian Arctic. Objective The Nunavut Food Security Coalition, a partnership of Inuit Organizations and the Government of Nunavut, is collaborating to develop a territorial food security strategy to address pervasive food insecurity in the context of poverty reduction. Design The Nunavut Food Security Coalition has carried out this work using a community consultation model. The research was collected through community visits, stakeholder consultation and member checking at the Nunavut Food Security Symposium. Results In this paper, we describe a continuous course of action, based on community engagement and collective action, that has led to sustained political interest in and public mobilization around the issue of food insecurity in Nunavut. Conclusions The process described in this article is a unique collaboration between multiple organizations that has led to the development of a sustainable partnership that will inform policy development while representing the voice of Nunavummiut. PMID:23984307

Writing a group practice business plan.

PubMed

Reiboldt, J M

1999-07-01

A business plan offers group practices a blueprint to accomplish a variety of goals, such as securing capital, marketing the practice's services, recruiting new employees, developing a strategic plan or a budget, or planning for growth. A business plan should be informative, specific, and visionary. Elements that every business plan should address are a mission statement, strategy, planning, management information, and action scheme. A business plan should include certain information in a prescribed order. By writing a realistic business plan, group practices can work more efficiently and minimize the risk of not meeting their financial projections.

Financial Strategies Moderate Weather Impacts on Food Security Outcomes

NASA Astrophysics Data System (ADS)

Brown, M. E.; Niles, M.

2016-12-01

Global food security relies on local agricultural capacity as well as the financial ability to import food from elsewhere. Climate change is likely to affect the ability to grow sufficient food to meet the needs of a growing population in low income countries where population expansion is the greatest. This paper presents an analysis of 2095 household surveys from 12 food insecure countries in West Africa, East Africa and Asia from the Climate Change, Agriculture, and Food Security (CCAFS) program conducted from 2010-2012. Using a multi-level hierarchical random effects model, we estimated the number of months a household was food insecure with information on the rainfall anomaly the year prior to the survey, agricultural input use, cash income, and community group membership. We found that when the rainfall was either one standard deviation above or below the mean, the number of months households experience food insecurity increased by 74%. When there is a significant weather anomaly, agricultural credit and cash income, but not agricultural inputs or social capital, are found to be critical factors reducing food insecurity. This highlights the ongoing and critical importance of risk reduction strategies such as crop insurance, government safety nets, and credit for maintaining food security in the face of climate change.

Design principles in the development of (public) health information infrastructures.

PubMed

Neame, Roderick

2012-01-01

In this article the author outlines the key issues in the development of a regional health information infrastructure suitable for public health data collections. A set of 10 basic design and development principles as used and validated in the development of the successful New Zealand National Health Information Infrastructure in 1993 are put forward as a basis for future developments. The article emphasises the importance of securing clinical input into any health data that is collected, and suggests strategies whereby this may be achieved, including creating an information economy alongside the care economy. It is suggested that the role of government in such developments is to demonstrate leadership, to work with the sector to develop data, messaging and security standards, to establish key online indexes, to develop data warehouses and to create financial incentives for adoption of the infrastructure and the services it delivers to users. However experience suggests that government should refrain from getting involved in local care services data infrastructure, technology and management issues.

US-CERT Control System Center Input/Output (I/O) Conceputal Design

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

2005-02-01

This document was prepared for the US-CERT Control Systems Center of the National Cyber Security Division (NCSD) of the Department of Homeland Security (DHS). DHS has been tasked under the Homeland Security Act of 2002 to coordinate the overall national effort to enhance the protection of the national critical infrastructure. Homeland Security Presidential Directive HSPD-7 directs the federal departments to identify and prioritize critical infrastructure and protect it from terrorist attack. The US-CERT National Strategy for Control Systems Security was prepared by the NCSD to address the control system security component addressed in the National Strategy to Secure Cyberspace andmore » the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. The US-CERT National Strategy for Control Systems Security identified five high-level strategic goals for improving cyber security of control systems; the I/O upgrade described in this document supports these goals. The vulnerability assessment Test Bed, located in the Information Operations Research Center (IORC) facility at Idaho National Laboratory (INL), consists of a cyber test facility integrated with multiple test beds that simulate the nation's critical infrastructure. The fundamental mission of the Test Bed is to provide industry owner/operators, system vendors, and multi-agency partners of the INL National Security Division a platform for vulnerability assessments of control systems. The Input/Output (I/O) upgrade to the Test Bed (see Work Package 3.1 of the FY-05 Annual Work Plan) will provide for the expansion of assessment capabilities within the IORC facility. It will also provide capabilities to connect test beds within the Test Range and other Laboratory resources. This will allow real time I/O data input and communication channels for full replications of control systems (Process Control Systems [PCS], Supervisory Control and Data Acquisition Systems [SCADA], and components). This will be accomplished through the design and implementation of a modular infrastructure of control system, communications, networking, computing and associated equipment, and measurement/control devices. The architecture upgrade will provide a flexible patching system providing a quick ''plug and play''configuration through various communication paths to gain access to live I/O running over specific protocols. This will allow for in-depth assessments of control systems in a true-to-life environment. The full I/O upgrade will be completed through a two-phased approach. Phase I, funded by DHS, expands the capabilities of the Test Bed by developing an operational control system in two functional areas, the Science & Technology Applications Research (STAR) Facility and the expansion of various portions of the Test Bed. Phase II (see Appendix A), funded by other programs, will complete the full I/O upgrade to the facility.« less

Genetically Guided Statin Therapy

DTIC Science & Technology

2017-03-01

prevent cardiovascular disease . Long-term adherence is a challenge, due, in part, to statin intolerance due to musculoskeletal side effects. In objective...Statins, cholesterol, LDL, cardiovascular disease , genetic-informed strategy, statin prescription, statin adherence 16. SECURITY CLASSIFICATION OF: 17...28 Mar 2017. 1.0 SUMMARY Statins are well established for lowering cholesterol and preventing cardiovascular disease . High rates of statin

Establishing Viable and Effective Information-Warfare Capability in Developing Nations Based on the U.S. Model

DTIC Science & Technology

2012-12-01

include law enforcement and intelligence capabilities in the lineup . However, national security strategy reflects the first four only. Figure 1...Term Joint Doctrine Identification Air Force Doctrine Identification Army Doctrine Identification Navy Doctrine Identification EW...59 Ibid., 39. 34 Term Joint Doctrine Identification Air Force Doctrine Identification Army Doctrine Identification Navy

Perspective on 2015 DoD Cyber Strategy

DTIC Science & Technology

2015-09-29

Testimony View document details Support RAND Browse Reports & Bookstore Make a charitable contribution Limited Electronic Distribution Rights This...AGING PUBLIC SAFETY SCIENCE AND TECHNOLOGY TERRORISM AND HOMELAND SECURITY Report Documentation Page Form ApprovedOMB No. 0704-0188 Public reporting ...Directorate for Information Operations and Reports , 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware

Under Siege: Schools as the New Battleground. Strategies To Protect Students, Staff, and Facilities.

ERIC Educational Resources Information Center

Agron, Joe, Ed.

1999-01-01

This American School and University supplement theme issue provides information from experts in the security industry concerning school violence and its prevention. Articles address the lessons learned from recent school shootings that may help reduce future occurrences, the need for a greater adherence to order in schools to set the stage for a…

SecureMA: protecting participant privacy in genetic association meta-analysis.

PubMed

Xie, Wei; Kantarcioglu, Murat; Bush, William S; Crawford, Dana; Denny, Joshua C; Heatherly, Raymond; Malin, Bradley A

2014-12-01

Sharing genomic data is crucial to support scientific investigation such as genome-wide association studies. However, recent investigations suggest the privacy of the individual participants in these studies can be compromised, leading to serious concerns and consequences, such as overly restricted access to data. We introduce a novel cryptographic strategy to securely perform meta-analysis for genetic association studies in large consortia. Our methodology is useful for supporting joint studies among disparate data sites, where privacy or confidentiality is of concern. We validate our method using three multisite association studies. Our research shows that genetic associations can be analyzed efficiently and accurately across substudy sites, without leaking information on individual participants and site-level association summaries. Our software for secure meta-analysis of genetic association studies, SecureMA, is publicly available at http://github.com/XieConnect/SecureMA. Our customized secure computation framework is also publicly available at http://github.com/XieConnect/CircuitService. © The Author 2014. Published by Oxford University Press. All rights reserved. For Permissions, please e-mail: journals.permissions@oup.com.

A Security Strategy for Cyber Threats on Neighbor Discovery in 6Lowpan Networks

DTIC Science & Technology

2017-12-01

NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA THESIS Approved for public release. Distribution is unlimited. A SECURITY...STRATEGY FOR CYBER THREATS ON NEIGHBOR DISCOVERY IN 6LOWPAN NETWORKS by Cheng Hai Ang December 2017 Thesis Advisor: Preetha Thulasiraman...REPORT TYPE AND DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE A SECURITY STRATEGY FOR CYBER THREATS ON NEIGHBOR DISCOVERY IN 6LOWPAN

Practices in security and confidentiality of HIV/AIDS patients' information: A national survey among staff at HIV outpatient clinics in Vietnam.

PubMed

Khac Hai, Nguyen; Lawpoolsri, Saranath; Jittamala, Podjanee; Thi Thu Huong, Phan; Kaewkungwal, Jaranit

2017-01-01

Breach of confidentiality or invasion of privacy from the collection and use of medical records, particularly those of patients with HIV/AIDS or other diseases sensitive to stigmatization, should be prevented by all related stakeholders in healthcare settings. The main focus of this study was to assess practices regarding security and confidentiality of HIV-related information among staff at HIV outpatient clinics (HIV-OPCs) in Vietnam. A descriptive cross-sectional study was conducted at all 312 HIV-OPCs across the country using an online survey technique. In general, the staff practices for securing and protecting patient information were at acceptable levels. Most staff had proper measures and practices for maintaining data security; however, the protection of patient confidentiality, particularly for data access, sharing, and transfer still required improvement. Most HIV-OPC staff had good or moderate knowledge and positive perceptions towards security and confidentiality issues. Staff who were not trained in the practice of security measures differed significantly from those who were trained (OR: 3.74; 95%CI: 1.44-9.67); staff needing improved knowledge levels differed significantly from those with good (OR: 5.20; 95%CI: 2.39-11.32) and moderate knowledge levels (OR: 5.10; 95%CI: 2.36-11.00); and staff needing improved perception levels differed significantly from those with good (i.e., with 100% proper practices) and moderate perception levels (OR: 5.67; 95%CI: 2.93-10.95). Staff who were not trained in the protection of data confidentiality differed significantly from those who were trained (OR: 2.18; 95%CI: 1.29-3.65). Training is an important factor to help raise the levels of proper practices regarding confidentiality and security, to improve knowledge and raise awareness about change among staff. The operation and management of HIV treatment and care in Vietnam are currently transitioning from separate healthcare clinics (HIV-OPC) into units integrated into general hospitals/healthcare facilities. The findings of this study highlight topics that could be used for improving management and operation of information system and revising guidelines and regulations on protection measures/strategies for data security and confidentiality of HIV/AIDS patients by Vietnam health authorities or other countries facing similar situations. Secure infrastructure and secure measures for data access and use are very important, worthwhile investments. The provision of continuous training and active enforcement and monitoring of the practices of healthcare personnel might lead to an improved understanding and acknowledegement of the importance of national policies/guidelines regarding HIV-related patient information.

Global hunger: a challenge to agricultural, food, and nutritional sciences.

PubMed

Wu, Shiuan-Huei; Ho, Chi-Tang; Nah, Sui-Lin; Chau, Chi-Fai

2014-01-01

Hunger has been a concern for generations and has continued to plague hundreds of millions of people around the world. Although many efforts have been devoted to reduce hunger, challenges such as growing competitions for natural resources, emerging climate changes and natural disasters, poverty, illiteracy, and diseases are posing threats to food security and intensifying the hunger crisis. Concerted efforts of scientists to improve agricultural and food productivity, technology, nutrition, and education are imperative to facilitate appropriate strategies for defeating hunger and malnutrition. This paper provides some aspects of world hunger issues and summarizes the efforts and measures aimed to alleviate food problems from the food and nutritional sciences perspectives. The prospects and constraints of some implemented strategies for alleviating hunger and achieving sustainable food security are also discussed. This comprehensive information source could provide insights into the development of a complementary framework for dealing with the global hunger issue.

Water Security Toolkit User Manual: Version 1.3 | Science ...

EPA Pesticide Factsheets

User manual: Data Product/Software The Water Security Toolkit (WST) is a suite of tools that help provide the information necessary to make good decisions resulting in the minimization of further human exposure to contaminants, and the maximization of the effectiveness of intervention strategies. WST assists in the evaluation of multiple response actions in order to select the most beneficial consequence management strategy. It includes hydraulic and water quality modeling software and optimization methodologies to identify: (1) sensor locations to detect contamination, (2) locations in the network in which the contamination was introduced, (3) hydrants to remove contaminated water from the distribution system, (4) locations in the network to inject decontamination agents to inactivate, remove or destroy contaminants, (5) locations in the network to take grab sample to confirm contamination or cleanup and (6) valves to close in order to isolate contaminated areas of the network.

Security-Oriented and Load-Balancing Wireless Data Routing Game in the Integration of Advanced Metering Infrastructure Network in Smart Grid

DOE Office of Scientific and Technical Information (OSTI.GOV)

He, Fulin; Cao, Yang; Zhang, Jun Jason

Ensuring flexible and reliable data routing is indispensable for the integration of Advanced Metering Infrastructure (AMI) networks, we propose a secure-oriented and load-balancing wireless data routing scheme. A novel utility function is designed based on security routing scheme. Then, we model the interactive security-oriented routing strategy among meter data concentrators or smart grid meters as a mixed-strategy network formation game. Finally, such problem results in a stable probabilistic routing scheme with proposed distributed learning algorithm. One contributions is that we studied that different types of applications affect the routing selection strategy and the strategy tendency. Another contributions is that themore » chosen strategy of our mixed routing can adaptively to converge to a new mixed strategy Nash equilibrium (MSNE) during the learning process in the smart grid.« less

Maternal Strategies to Access Food Differ by Food Security Status.

PubMed

Gorman, Kathleen S; McCurdy, Karen; Kisler, Tiffani; Metallinos-Katsaras, Elizabeth

2017-01-01

Household food insecurity is associated with health and behavior risk. Much less is known about how food insecurity is related to strategies that adults use in accessing food: how and where they shop, use of alternative food sources, and their ability to manage resources. To examine how maternal behaviors, including shopping, accessing alternative sources of food, and managing resources, are related to household food security status (HHFSS). Cross-sectional study collecting survey data on HHFSS, shopping behaviors, use of alternative food sources, and managing resources obtained from low-income mothers of preschool-aged children. One hundred sixty-four low-income mothers of young children (55% Hispanic) from two communities in Rhode Island. HHFSS was measured using 10 items from the 18-item Core Food Security Module to assess adult food security. Mothers were surveyed about where, when, and how often they shopped; the strategies they use when shopping; their use of alternative sources of food, including federal, state, and local assistance; and their ability to manage their resources. Analysis of variance and χ 2 analyses assessed the associations between demographic variables, shopping, accessing alternative food sources, and managing resources, and HHFSS. Multivariate logistic regression assessed the associations between HHFSS and maternal demographic variables, food shopping, strategies, alternative sources of food, and ability to manage resources. Maternal age and language spoken at home were significantly associated with HHFSS; food insecurity was 10% more likely among older mothers (adjusted odds ratio [aOR] 1.10, 95% CI 1.03 to 1.17) and 2.5 times more likely among Spanish-speaking households (compared with non-Spanish speaking [aOR 3.57, 95% CI 1.25 to 10.18]). Food insecurity was more likely among mothers reporting more informal strategies (aOR 1.98, 95% CI 1.28 to 3.01; P<0.05) and perceiving greater inability to manage resources (aOR 1.60, 95% CI 1.30 to 1.98; P<0.05). The results suggest that low-income mothers use a variety of strategies to feed their families and that the strategies they use vary by HHFSS. Community nutrition programs and providers will need to consider these strategies when counseling families at risk for food insecurity and provide guidance to minimize the influence on healthy food choices. Copyright © 2017 Academy of Nutrition and Dietetics. Published by Elsevier Inc. All rights reserved.

Maternal Strategies to Access Food Differ by Food Security Status

PubMed Central

Gorman, Kathleen S.; McCurdy, Karen; Kisler, Tiffani; Metallinos-Katsaras, Elizabeth

2016-01-01

Background Household food insecurity is associated with health and behavior risk. Much less is known about how food insecurity is related to strategies that adults use in accessing food: how and where they shop, use of alternative food sources and their ability to manage resources. Objective To examine how maternal behaviors including shopping, accessing alternative sources of food and managing resources are related to household food security status (HHFSS). Design Cross-sectional study collecting survey data on HHFSS, shopping behaviors, use of alternative food sources and managing resources obtained from low income mothers of preschoolers. Participants 164 low-income mothers of young children (55% Hispanic) from two communities in Rhode Island. Measures HHFSS was measured using ten items from the 18-item Core Food Security Module to assess adult food security. Mothers were surveyed about where, when and how often they shopped; the strategies they use when shopping; their use of alternative sources of food including federal, state and local assistance; and their ability to manage their resources. Statistical analyses Analysis of Variance and Chi-square analyses assessed the associations between demographic variables, shopping, accessing alternative food sources and managing resources, and HHFSS. Multivariate logistic regression assessed the associations between HHFSS and maternal demographic variables, food shopping strategies, alternative sources of food and ability to manage resources. Results Maternal age and language spoken at home were significantly associated with HHFSS; food insecurity was 10% more likely among older mothers (AOR=1.10; 95% CI 1.03-1.17) and 2.5 times more likely among Spanish speaking households (compared to non-Spanish speaking-AOR=3.57; 95% CI 1.25-10.18). Food insecurity was more likely among mothers reporting more informal strategies (AOR=1.98; 95% CI 1.28-3.01, p<.05) and perceiving greater inability to manage resources (AOR=1.60; 95% CI 1.30-1.98, p<.05). Conclusions The results suggest that low-income mothers use a variety of strategies in order to feed their families and that the strategies they use vary by HHFSS. Community nutrition programs and providers will need to consider these strategies when counseling families at risk for food insecurity and provide guidance to minimize the impact on healthy food choices. PMID:27614689

Physical-enhanced secure strategy in an OFDM-PON.

PubMed

Zhang, Lijia; Xin, Xiangjun; Liu, Bo; Yu, Jianjun

2012-01-30

The physical layer of optical access network is vulnerable to various attacks. As the dramatic increase of users and network capacity, the issue of physical-layer security becomes more and more important. This paper proposes a physical-enhanced secure strategy for orthogonal frequency division multiplexing passive optical network (OFDM-PON) by employing frequency domain chaos scrambling. The Logistic map is adopted for the chaos mapping. The chaos scrambling strategy can dynamically allocate the scrambling matrices for different OFDM frames according to the initial condition, which enhance the confidentiality of the physical layer. A mathematical model of this secure system is derived firstly, which achieves a secure transmission at physical layer in OFDM-PON. The results from experimental implementation using Logistic mapped chaos scrambling are also given to further demonstrate the efficiency of this secure strategy. An 10.125 Gb/s 64QAM-OFDM data with Logistic mapped chaos scrambling are successfully transmitted over 25-km single mode fiber (SMF), and the experimental results show that proposed security scheme can protect the system from eavesdropper and attacker, while keep a good performance for the legal ONU.

The 2015 National Security Strategy: Authorities, Changes, Issues for Congress

DTIC Science & Technology

2016-02-26

climate change ;  ensure access to shared spaces (expanding cyberspace and including outer space and air and maritime security); and  increase global...hand, one could conclude that these, along with confronting climate change , convey both a wider range of national security challenges in terms of...The 2015 National Security Strategy: Authorities, Changes , Issues for Congress Nathan J. Lucas, Coordinator Section Research Manager Kathleen

China’s Energy Security: The Grand Hedging Strategy

DTIC Science & Technology

2010-05-01

spotlight. The key to sustaining this dynamic economic growth is access to petroleum resources. The central question of this monograph is as follows...Is China’s energy security strategy liberal-institutionalist or realist-mercantilist? Using a qualitative case study methodology that explores the...dependent variable -- energy security -- using three independent variables (cost of supply, reliability of supply, and security of supply), China’s

Focusing America’s National Powers

DTIC Science & Technology

2006-04-14

governments with market economies. 15. SUBJECT TERMS National Security, National Powers, Sources of Power, National Security Council, National Security... Strategy , Six-phased Campaign Plan, JIACG, DIME 16. SECURITY CLASSIFICATION OF: Unclassified 17. LIMITATION OF ABSTRACT 18. NUMBER OF PAGES 19a. NAME...satisfaction of the requirements of a Master of Science Degree in Joint Campaign Planning and Strategy . The contents of this paper reflect my own

Energy Security Strategies: An Analysis of Tanzania and Mozambique

DTIC Science & Technology

2016-06-01

prioritizes domestic consumption or export of energy resources. The strategy a government chooses affects the overall energy security of that country...This thesis seeks to explain why countries pursue energy strategies that focus on domestic consumption of indigenous energy resources instead of...energy strategy that either prioritizes domestic consumption or export of energy resources. The strategy a government chooses affects the overall

Reexamination of quantum bit commitment: The possible and the impossible

DOE Office of Scientific and Technical Information (OSTI.GOV)

D'Ariano, Giacomo Mauro; Kretschmann, Dennis; Institut fuer Mathematische Physik, Technische Universitaet Braunschweig, Mendelssohnstrasse 3, 38106 Braunschweig

2007-09-15

Bit commitment protocols whose security is based on the laws of quantum mechanics alone are generally held to be impossible. We give a strengthened and explicit proof of this result. We extend its scope to a much larger variety of protocols, which may have an arbitrary number of rounds, in which both classical and quantum information is exchanged, and which may include aborts and resets. Moreover, we do not consider the receiver to be bound to a fixed 'honest' strategy, so that 'anonymous state protocols', which were recently suggested as a possible way to beat the known no-go results, aremore » also covered. We show that any concealing protocol allows the sender to find a cheating strategy, which is universal in the sense that it works against any strategy of the receiver. Moreover, if the concealing property holds only approximately, the cheat goes undetected with a high probability, which we explicitly estimate. The proof uses an explicit formalization of general two-party protocols, which is applicable to more general situations, and an estimate about the continuity of the Stinespring dilation of a general quantum channel. The result also provides a natural characterization of protocols that fall outside the standard setting of unlimited available technology and thus may allow secure bit commitment. We present such a protocol whose security, perhaps surprisingly, relies on decoherence in the receiver's laboratory.« less

Global water risks and national security: Building resilience (Invited)

NASA Astrophysics Data System (ADS)

Pulwarty, R. S.

2013-12-01

The UN defines water security as the capacity of a population to safeguard sustainable access to adequate quantities of acceptable quality water for sustaining livelihoods, human well-being, and socio-economic development, for ensuring protection against water-borne pollution and water-related disasters, and for preserving ecosystems in a climate of peace and political stability. This definition highlights complex and interconnected challenges and underscores the centrality of water for environmental services and human aactivities. Global risks are expressed at the national level. The 2010 Quadrennial Defense Review and the 2010 National Security Strategy identify climate change as likely to trigger outcomes that will threaten U.S. security including how freshwater resources can become a security issue. Impacts will be felt on the National Security interest through water, food and energy security, and critical infrastructure. This recognition focuses the need to consider the rates of change in climate extremes, in the context of more traditional political, economic, and social indicators that inform security analyses. There is a long-standing academic debate over the extent to which resource constraints and environmental challenges lead to inter-state conflict. It is generally recognized that water resources as a security issue to date exists mainly at the substate level and has not led to physical conflict between nation states. In conflict and disaster zones, threats to water security increase through inequitable and difficult access to water supply and related services, which may aggravate existing social fragility, tensions, violence, and conflict. This paper will (1) Outline the dimensions of water security and its links to national security (2) Analyze water footprints and management risks for key basins in the US and around the world, (3) map the link between global water security and national concerns, drawing lessons from the drought of 2012 and elsewhere, and (3) Identify preventable risks, public leadership and private innovation needed for developing adaptive water resource management institutions that take advantage of climate and hydrologic information and changes. The presentation will conclude with a preliminary framework for assessing and implementing water security measures given insecure conditions introduced by a changing climate and in the context of national security.

Strengthening health security at the Hajj mass gatherings: characteristics of the infectious diseases surveillance systems operational during the 2015 Hajj.

PubMed

Alotaibi, Badriah M; Yezli, Saber; Bin Saeed, Abdul-Aziz A; Turkestani, Abdulhafeez; Alawam, Amnah H; Bieh, Kingsley L

2017-05-01

Hajj is one of the largest and the most ethnically and culturally diverse mass gatherings worldwide. The use of appropriate surveillance systems ensures timely information management for effective planning and response to infectious diseases threats during the pilgrimage. The literature describes infectious diseases prevention and control strategies for Hajj but with limited information on the operations and characteristics of the existing Hajj infectious diseases surveillance systems. We reviewed documents, including guidelines and reports from the Saudi Ministry of Health's database, to describe the characteristics of the infectious diseases surveillance systems that were operational during the 2015 Hajj, highlighting best practices and gaps and proposing strategies for strengthening and improvement. Using Pubmed and Embase online search engines and a combination of search terms including, 'mass gatherings' 'Olympics' 'surveillance' 'Hajj' 'health security', we explored the existing literature and highlighted some lessons learnt from other international mass gatherings. A regular indicator-based infectious disease surveillance system generates routine reports from health facilities within the Kingdom to the regional and central public health directorates all year round. During Hajj, enhanced indicator-based notifiable diseases surveillance systems complement the existing surveillance tool to ensure timely reporting of event information for appropriate action by public health officials. There is need to integrate the existing Hajj surveillance data management systems and to implement syndromic surveillance as an early warning system for infectious disease control during Hajj. International engagement is important to strengthen Hajj infectious diseases surveillance and to prevent disease transmission and globalization of infectious agents which could undermine global health security. © International Society of Travel Medicine, 2017. Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com

The International Criminal Court as a Component of U.S. National Security Strategy

DTIC Science & Technology

2012-04-21

Security Strategy 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER LTC Jonathan R. Hirsch, U.S. Army...98) Prescribed by ANSI Std. Z39.18 USAWC CIVILIAN RESEARCH PROJECT THE INTERNATIONAL CRIMINAL COURT AS A COMPONENT OF U.S...Security Strategy FORMAT: Civilian Research Project DATE: 21 April 2012 WORD COUNT: 11,629 PAGES: 46 KEY TERMS: Lawfare, Contractor

Infant Emotion Regulation: Relations to Bedtime Emotional Availability, Attachment Security, and Temperament

PubMed Central

Kim, Bo-Ram; Stifter, Cynthia A.; Philbrook, Lauren E.; Teti, Douglas M.

2014-01-01

The present study examines the influences of mothers’ emotional availability towards their infants during bedtime, infant attachment security, and interactions between bedtime parenting and attachment with infant temperamental negative affectivity, on infants’ emotion regulation strategy use at 12 and 18 months. Infants’ emotion regulation strategies were assessed during a frustration task that required infants to regulate their emotions in the absence of parental support. Whereas emotional availability was not directly related to infants’ emotion regulation strategies, infant attachment security had direct relations with infants’ orienting towards the environment and tension reduction behaviors. Both maternal emotional availability and security of the mother-infant attachment relationship interacted with infant temperamental negative affectivity to predict two strategies that were less adaptive in regulating frustration. PMID:24995668

A study on the integrity and authentication of weather observation data using Identity Based Encryption.

PubMed

Seo, Jung Woo; Lee, Sang Jin

2016-01-01

Weather information provides a safe working environment by contributing to the economic activity of the nation, and plays role of the prevention of natural disasters, which can cause large scaled casualties and damage of property. Especially during times of war, weather information plays a more important role than strategy, tactics and information about trends of the enemy. Also, it plays an essential role for the taking off and landing of fighter jet and the sailing of warships. If weather information, which plays a major role in national security and economy, gets misused for cyber terrorism resulting false weather information, it could be a huge threat for national security and the economy. We propose a plan to safely transmit the measured value from meteorological sensors through a meteorological telecommunication network in order to guarantee the confidentiality and integrity of the data despite cyber-attacks. Also, such a plan allows one to produce reliable weather forecasts by performing mutual authentication through authentication devices. To make sure of this, one can apply an Identity Based Signature to ensure the integrity of measured data, and transmit the encrypted weather information with mutual authentication about the authentication devices. There are merits of this research: It is not necessary to manage authentication certificates unlike the Public Key Infrastructure methodology, and it provides a powerful security measure with the capability to be realized in a small scale computing environment, such as the meteorological observation system due to the low burden on managing keys.

77 FR 45354 - Notification of Single Source Cooperative Agreement Award for Project Hope

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-31

... Support of National Health Security Strategy (2009) and Implementation Plan (2012) and Homeland Security... Directive-21 (2007) and the National Health Security Strategy (2009) and Implementation Plan (2012). In the... of a Health Affairs thematic issue that will identify, explore and propose policy options for...

National Security Strategy

DTIC Science & Technology

2010-05-01

classrooms and to build a digital workforce for the 21st century. Strengthening Partnerships: Neither government nor the private sector nor individual...don’t lie beyond our reach. They exist in our laboratories and universities; in our fields and our factories; in the imaginations of our entrepreneurs ...the Right to Access Information: The emergence of tech- nologies such as the Internet, wireless networks, mobile smart -phones, investigative forensics

Telemedicine and security. Confidentiality, integrity, and availability: a Canadian perspective.

PubMed

Jennett, P; Watanabe, M; Igras, E; Premkumar, K; Hall, W

1996-01-01

The health care system is undergoing major reform, characterized by organized delivery systems (regionalization, decentralization, devolution, etc); shifts in care delivery sites; changing health provider roles; increasing consumer responsibilities; and accountability. Rapid advances in information technology and telecommunications have led to a new type of information infrastructure which can play a major role in this reform. Compatible health information systems are now being integrated and connected across institutional, regional, and sectorial boundaries. In the near future, these information systems will readily be accessed and shared by health providers, researchers, policy makers, health consumers, and the public. SECURITY is a critical characteristic of any health information system. This paper will address three fields associated with SECURITY: confidentiality, integrity, and availability. These will be defined and examined as they relate to specific aspects of Telemedicine, such as electronic integrated records and clinical databases; electronic transfer of documents; as well as data storage and disposal. The guiding principles, standards, and safeguards being considered and put in place to ensure that telemedicine information intrastructures can protect and benefit all stakeholders' rights and needs in both primary and secondary uses of information will be reviewed. Implemented, proposed, and tested institutional, System, and Network solutions will be discussed; for example, encryption-decryption methods; data transfer standards; individual and terminal access and entry I.D. and password levels; smart card access and PIN number control; data loss prevention strategies; interference alerts; information access keys; algorithm safeguards; and active marketing to users of standards and principles. Issues such as policy, implementation, and ownership will be addressed.

Borrowing to save: a critique of recent proposals to partially privatize Social Security.

PubMed

Dattalo, Patrick

2007-07-01

Concern over Social Security's forecasted long-run deficit is occurring at a time when the program has a short-term surplus. One proposed strategy to address this forecasted deficit is to allow the investment of a portion of payroll taxes into private savings accounts (PSAs). The author analyzes recent proposals for PSAs and concludes that PSAs are more likely to be a problem than a solution. Paradoxically, PSAs require the government to borrow to encourage current workers to save. The author recommends resources to help social workers remain informed about proposed program reforms and prepared to advocate for the concept of social insurance.

The consequences of coping with stalking-results from the first qualitative study on stalking in Denmark.

PubMed

Johansen, Katrine Bindesbøl Holm; Tjørnhøj-Thomsen, Tine

2016-11-01

The purpose of this article is to explore: (1) how victims of stalking experience the phenomenon in their daily life, (2) how the nature of stalking informs the victim's internal coping strategies, and (3) how the victims' internal coping strategies negatively affect their daily life and well-being. Qualitative semi-structured interviews were conducted with 25 victims of stalking. Thematic content analysis was employed, and themes were primarily identified inductively and broad into dialogue with concepts, such as Foucault's panopticism. The results of the study indicate that rather than the stalkers' harassment itself; it is the unpredictability of the stalkers' potential actions that inform the victims' primary coping strategy-self-regulation. Self-regulation consists of various strategies victims employ to avoid the stalker. Our analysis shows that self-regulation as a coping strategy has social and psychological consequences for the victims, leading to various degrees of social isolation and apprehension. We conclude that it is necessary to consider how professionals advise victims to cope with their situation as how legal measures should focus on the security of victims.

The design and implementation of hydrographical information management system (HIMS)

NASA Astrophysics Data System (ADS)

Sui, Haigang; Hua, Li; Wang, Qi; Zhang, Anming

2005-10-01

With the development of hydrographical work and information techniques, the large variety of hydrographical information including electronic charts, documents and other materials are widely used, and the traditional management mode and techniques are unsuitable for the development of the Chinese Marine Safety Administration Bureau (CMSAB). How to manage all kinds of hydrographical information has become an important and urgent problem. A lot of advanced techniques including GIS, RS, spatial database management and VR techniques are introduced for solving these problems. Some design principles and key techniques of the HIMS including the mixed mode base on B/S, C/S and stand-alone computer mode, multi-source & multi-scale data organization and management, multi-source data integration and diverse visualization of digital chart, efficient security control strategies are illustrated in detail. Based on the above ideas and strategies, an integrated system named Hydrographical Information Management System (HIMS) was developed. And the HIMS has been applied in the Shanghai Marine Safety Administration Bureau and obtained good evaluation.

The 2015 National Security Strategy: Authorities, Changes, Issues for Congress

DTIC Science & Technology

2016-04-05

Strategy: Authorities, Changes, Issues for Congress Congressional Research Service 3  reverse the spread of nuclear and biological weapons and...secure nuclear materials;  advance peace, security, and opportunity in the greater Middle East;  invest in the capacity of strong and capable...and norms on issues ranging from maritime security to trade and human rights.” 6 On Russia, the document says, “... we will continue to impose

Organizational and physician perspectives about facilitating handheld computer use in clinical practice: results of a cross-site qualitative study.

PubMed

McAlearney, Ann Scheck; Schweikhart, Sharon B; Medow, Mitchell A

2005-01-01

To describe strategies that organizations select to support physicians' use of handheld computers (HHCs) in clinical practice and to explore issues about facilitating HHC use. A multidisciplinary team used focus groups and interviews with clinical, administrative, and information technology (IT) staff to gather data from 161 informants at seven sites. Transcripts were coded using a combination of deductive and inductive approaches to both answer research questions and identify patterns and themes that emerged in the data. Answers to questions about strategies for HHC support and themes about (1) how to facilitate physician adoption and use and (2) organizational concerns. Three main organizational strategies for HHC support were characterized among sites: (1) active support for broad-based use, (2) active support for niche use, and (3) basic support for individual physician users. Three high-level themes emerged around how to best facilitate physician adoption and use of HHCs: (1) improving usability and usefulness, (2) promoting HHCs and device use, and (3) providing training and support. However, four major themes also emerged related to organizations' concerns about HHC use: (1) security-related concerns, (2) economic concerns, (3) technical concerns, and (4) strategic concerns. An organizational approach to HHC support that involves individualized attention to existing and potential physician users rather than one-size-fits-all, organization-wide implementation efforts was an important facilitator promoting physician use of HHCs. Health care organizations interested in supporting HHC use must consider issues related to security, economics, and IT strategy that may not be prominent concerns for physician users.

Managing the Aviation Insider Threat

DTIC Science & Technology

2010-12-01

World Airport NSAS National Strategy for Aviation Security OIS Office of Intelligence SIDA Security Identification Display Area STA Security...Security of the secured area”, 1542.205, “Security of the security identification display area ( SIDA )”, and 1542.209, “Fingerprint-based criminal

A symmetrical image encryption scheme in wavelet and time domain

NASA Astrophysics Data System (ADS)

Luo, Yuling; Du, Minghui; Liu, Junxiu

2015-02-01

There has been an increasing concern for effective storages and secure transactions of multimedia information over the Internet. Then a great variety of encryption schemes have been proposed to ensure the information security while transmitting, but most of current approaches are designed to diffuse the data only in spatial domain which result in reducing storage efficiency. A lightweight image encryption strategy based on chaos is proposed in this paper. The encryption process is designed in transform domain. The original image is decomposed into approximation and detail components using integer wavelet transform (IWT); then as the more important component of the image, the approximation coefficients are diffused by secret keys generated from a spatiotemporal chaotic system followed by inverse IWT to construct the diffused image; finally a plain permutation is performed for diffusion image by the Logistic mapping in order to reduce the correlation between adjacent pixels further. Experimental results and performance analysis demonstrate the proposed scheme is an efficient, secure and robust encryption mechanism and it realizes effective coding compression to satisfy desirable storage.

A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

ERIC Educational Resources Information Center

Francois, Michael T.

2016-01-01

Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

The Shaping of Managers' Security Objectives through Information Security Awareness Training

ERIC Educational Resources Information Center

Harris, Mark A.

2010-01-01

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

Optical image encryption using multilevel Arnold transform and noninterferometric imaging

NASA Astrophysics Data System (ADS)

Chen, Wen; Chen, Xudong

2011-11-01

Information security has attracted much current attention due to the rapid development of modern technologies, such as computer and internet. We propose a novel method for optical image encryption using multilevel Arnold transform and rotatable-phase-mask noninterferometric imaging. An optical image encryption scheme is developed in the gyrator transform domain, and one phase-only mask (i.e., phase grating) is rotated and updated during image encryption. For the decryption, an iterative retrieval algorithm is proposed to extract high-quality plaintexts. Conventional encoding methods (such as digital holography) have been proven vulnerably to the attacks, and the proposed optical encoding scheme can effectively eliminate security deficiency and significantly enhance cryptosystem security. The proposed strategy based on the rotatable phase-only mask can provide a new alternative for data/image encryption in the noninterferometric imaging.

Resolving Alliance Ruptures from an Attachment-Informed Perspective.

PubMed

Miller-Bottome, Madeleine; Talia, Alessandro; Safran, Jeremy D; Muran, J Christopher

2018-04-01

In this article, we examine how the different attachment patterns enable or hinder the resolution of ruptures in the therapeutic alliance. We try to show that secure and insecure patients alike may experience ruptures in the therapeutic alliance, but that their ability to participate in resolving such ruptures differ markedly. Recent findings with the Patient Attachment Coding System (PACS) show that attachment classifications manifest in psychotherapy as distinct ways of communicating about present internal experience. Secure patients disclose their present experience openly and invite attunement from the therapist, while insecure patients either minimize their contributions to the dialogue (avoidant) or the contributions of the therapist (preoccupied). Using examples from session transcripts, we demonstrate how secure patients are particularly responsive to resolution strategies that focus on here-and-now experience, while insecure patients' characteristic ways of communicating pose significant challenges to the resolution process.

Achieving food security in times of crisis.

PubMed

Swaminathan, M S

2010-11-30

In spite of several World Food Summits during the past decade, the number of people going to bed hungry is increasing and now exceeds one billion. Food security strategies should therefore be revisited. Food security systems should begin with local communities who can develop and manage community gene, seed, grain and water banks. At the national level, access to balanced diet and clean drinking water should become a basic human right. Implementation of the right to food will involve concurrent attention to production, procurement, preservation and public distribution. Higher production in perpetuity should be achieved through an ever-green revolution based on the principles of conservation and climate-resilient farming. This will call for a blend of traditional ecological prudence with frontier technologies, particularly biotechnology and information communication technologies. Copyright © 2010. Published by Elsevier B.V.

Infant emotion regulation: relations to bedtime emotional availability, attachment security, and temperament.

PubMed

Kim, Bo-Ram; Stifter, Cynthia A; Philbrook, Lauren E; Teti, Douglas M

2014-11-01

The present study examines the influences of mothers' emotional availability toward their infants during bedtime, infant attachment security, and interactions between bedtime parenting and attachment with infant temperamental negative affectivity, on infants' emotion regulation strategy use at 12 and 18 months. Infants' emotion regulation strategies were assessed during a frustration task that required infants to regulate their emotions in the absence of parental support. Whereas emotional availability was not directly related to infants' emotion regulation strategies, infant attachment security had direct relations with infants' orienting toward the environment and tension reduction behaviors. Both maternal emotional availability and security of the mother-infant attachment relationship interacted with infant temperamental negative affectivity to predict two strategies that were less adaptive in regulating frustration. Copyright © 2014 Elsevier Inc. All rights reserved.

Implementation of Strategies to Leverage Public and Private Resources for National Security Workforce Development

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

2009-04-01

This report documents implementation strategies to leverage public and private resources for the development of an adequate national security workforce as part of the National Security Preparedness Project (NSPP), being performed under a U.S. Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. There are numerous efforts across the United States to develop a properly skilled and trained national security workforce. Some of these efforts are the result of the leveraging of public and private dollars. As budget dollars decrease and the demand for a properly skilled and trained national security workforce increases, it will become even more important tomore » leverage every education and training dollar. This report details some of the efforts that have been implemented to leverage public and private resources, as well as implementation strategies to further leverage public and private resources.« less

Peace-enforcement: Mission, strategy, and doctrine. Monograph report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kohler, J.B.

This monograph examines a new military mission-peace-enforcement. It does so through a five part strategic process that links national interests and national security strategy to tactical operations. it asserts that US national security strategy is evolving as a result of the end of the Cold War and that a new strategy will lead to new military missions. The monograph first describes a limited spectrum of military operations that comprise a peace-enforcement mission. Next, it reviews enduring US national interests then analyzes evolving national security strategy to determine if these elements of strategy support the need for a peace-enforcement mission. Themore » monograph then examines national military strategy, operational level strategy and joint guidance, and finally, US tactical doctrine to determine if peace-enforcement is a mission the US military can execute today. The monograph concludes that national interests and evolving national security strategy will emphasize promotion of democracy and stability in lieu of Cold War deterrence. The national military strategy partially supports this shift; support should increase as the Clinton administration clarifies its policy and solidifies the shift from containment. Lastly, the monograph finds there is sufficient operational and tactical level guidance to conduct the mission and recommends formal acceptance of the peace-enforcement mission into joint doctrine.« less

Assessing the Effect of Marine Reserves on Household Food Security in Kenyan Coral Reef Fishing Communities

PubMed Central

Darling, Emily S.

2014-01-01

Measuring the success or failure of natural resource management is a key challenge to evaluate the impact of conservation for ecological, economic and social outcomes. Marine reserves are a popular tool for managing coastal ecosystems and resources yet surprisingly few studies have quantified the social-economic impacts of marine reserves on food security despite the critical importance of this outcome for fisheries management in developing countries. Here, I conducted semi-structured household surveys with 113 women heads-of-households to investigate the influence of two old, well-enforced, no-take marine reserves on food security in four coastal fishing communities in Kenya, East Africa. Multi-model information-theoretic inference and matching methods found that marine reserves did not influence household food security, as measured by protein consumption, diet diversity and food coping strategies. Instead, food security was strongly influenced by fishing livelihoods and household wealth: fishing families and wealthier households were more food secure than non-fishing and poorer households. These findings highlight the importance of complex social and economic landscapes of livelihoods, urbanization, power and gender dynamics that can drive the outcomes of marine conservation and management. PMID:25422888

Assessing the effect of marine reserves on household food security in Kenyan coral reef fishing communities.

PubMed

Darling, Emily S

2014-01-01

Measuring the success or failure of natural resource management is a key challenge to evaluate the impact of conservation for ecological, economic and social outcomes. Marine reserves are a popular tool for managing coastal ecosystems and resources yet surprisingly few studies have quantified the social-economic impacts of marine reserves on food security despite the critical importance of this outcome for fisheries management in developing countries. Here, I conducted semi-structured household surveys with 113 women heads-of-households to investigate the influence of two old, well-enforced, no-take marine reserves on food security in four coastal fishing communities in Kenya, East Africa. Multi-model information-theoretic inference and matching methods found that marine reserves did not influence household food security, as measured by protein consumption, diet diversity and food coping strategies. Instead, food security was strongly influenced by fishing livelihoods and household wealth: fishing families and wealthier households were more food secure than non-fishing and poorer households. These findings highlight the importance of complex social and economic landscapes of livelihoods, urbanization, power and gender dynamics that can drive the outcomes of marine conservation and management.

The cyber security threat stops in the boardroom.

PubMed

Scully, Tim

The attitude that 'it won't happen to me' still prevails in the boardrooms of industry when senior executives consider the threat of targeted cyber intrusions. Not much has changed in the commercial world of cyber security over the past few years; hackers are not being challenged to find new ways to steal companies' intellectual property and confidential information. The consequences of even major security breaches seem not to be felt by the leaders of victim companies. Why is this so? Surely IT security practitioners are seeking new ways to detect and prevent targeted intrusions into companies' networks? Are the consequences of targeted intrusions so insignificant that the captains of industry tolerate them? Or do only others feel the pain of their failure? This paper initially explores the failure of cyber security in industry and contends that, while industry leaders should not be alone in accepting responsibility for this failure, they must take the initiative to make life harder for cyber threat actors. They cannot wait for government leadership on policy, strategy or coordination. The paper then suggests some measures that a CEO can adopt to build a new corporate approach to cyber security.

The population health record: concepts, definition, design, and implementation.

PubMed

Friedman, Daniel J; Parrish, R Gibson

2010-01-01

In 1997, the American Medical Informatics Association proposed a US information strategy that included a population health record (PopHR). Despite subsequent progress on the conceptualization, development, and implementation of electronic health records and personal health records, minimal progress has occurred on the PopHR. Adapting International Organization for Standarization electronic health records standards, we define the PopHR as a repository of statistics, measures, and indicators regarding the state of and influences on the health of a defined population, in computer processable form, stored and transmitted securely, and accessible by multiple authorized users. The PopHR is based upon an explicit population health framework and a standardized logical information model. PopHR purpose and uses, content and content sources, functionalities, business objectives, information architecture, and system architecture are described. Barriers to implementation and enabling factors and a three-stage implementation strategy are delineated.

A layered trust information security architecture.

PubMed

de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

2014-12-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

77 FR 12623 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National... Information Security Oversight Office no later than Friday, March 16, 2012. The Information Security Oversight... FURTHER INFORMATION CONTACT: David O. Best, Senior Program Analyst, The Information Security Oversight...

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

75 FR 49943 - New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-16

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY: Transportation... INFORMATION CONTACT: Joanna Johnson, Office of Information Technology, TSA-11, Transportation Security...

Practices in security and confidentiality of HIV/AIDS patients’ information: A national survey among staff at HIV outpatient clinics in Vietnam

PubMed Central

Khac Hai, Nguyen; Lawpoolsri, Saranath; Jittamala, Podjanee; Thi Thu Huong, Phan

2017-01-01

Introduction Breach of confidentiality or invasion of privacy from the collection and use of medical records, particularly those of patients with HIV/AIDS or other diseases sensitive to stigmatization, should be prevented by all related stakeholders in healthcare settings. The main focus of this study was to assess practices regarding security and confidentiality of HIV-related information among staff at HIV outpatient clinics (HIV-OPCs) in Vietnam. Methods A descriptive cross-sectional study was conducted at all 312 HIV-OPCs across the country using an online survey technique. Results In general, the staff practices for securing and protecting patient information were at acceptable levels. Most staff had proper measures and practices for maintaining data security; however, the protection of patient confidentiality, particularly for data access, sharing, and transfer still required improvement. Most HIV-OPC staff had good or moderate knowledge and positive perceptions towards security and confidentiality issues. Staff who were not trained in the practice of security measures differed significantly from those who were trained (OR: 3.74; 95%CI: 1.44–9.67); staff needing improved knowledge levels differed significantly from those with good (OR: 5.20; 95%CI: 2.39–11.32) and moderate knowledge levels (OR: 5.10; 95%CI: 2.36–11.00); and staff needing improved perception levels differed significantly from those with good (i.e., with 100% proper practices) and moderate perception levels (OR: 5.67; 95%CI: 2.93–10.95). Staff who were not trained in the protection of data confidentiality differed significantly from those who were trained (OR: 2.18; 95%CI: 1.29–3.65). Conclusions Training is an important factor to help raise the levels of proper practices regarding confidentiality and security, to improve knowledge and raise awareness about change among staff. The operation and management of HIV treatment and care in Vietnam are currently transitioning from separate healthcare clinics (HIV-OPC) into units integrated into general hospitals/healthcare facilities. The findings of this study highlight topics that could be used for improving management and operation of information system and revising guidelines and regulations on protection measures/strategies for data security and confidentiality of HIV/AIDS patients by Vietnam health authorities or other countries facing similar situations. Secure infrastructure and secure measures for data access and use are very important, worthwhile investments. The provision of continuous training and active enforcement and monitoring of the practices of healthcare personnel might lead to an improved understanding and acknowledegement of the importance of national policies/guidelines regarding HIV-related patient information. PMID:29136017

[Application of classified protection of information security in the information system of air pollution and health impact monitoring].

PubMed

Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

2018-01-01

To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

Information Control: Preserving the Advantage

DTIC Science & Technology

2015-06-01

sanitary laboratory for US forces to exploit technical solutions with minimal resistance, inevitably leading to potent and promising results on the...parity, eventually forcing decision makers to pursue bilateral and multilateral agreements in space law. See McDougall, 272. 21 James Clay Moltz, The...the discussions of human nature, control, and strategy outlined in Chapter 1. 12 James Clay Moltz, The Politics of Space Security: Strategic Restraint

International Cooperation in Acquisition, Technology and Logistics (IC in AT&L) Handbook

DTIC Science & Technology

2012-05-01

Information exchanges, for instance, may lead to a cooperative RD&A project . Figure 1-1 illustrates this “ building block” concept of international...support the National Security Strategy, including the need to strengthen alliances and build partnerships. CWP projects are selected for their... projects : prime contractor (with international teaming of subcontractors), consortium and joint venture. The selection of the best industrial

Networking and Information Technology Research and Development. Supplement to the President’s Budget for FY 2002

DTIC Science & Technology

2001-07-01

Web-based applications to improve health data systems and quality of care; innovative strategies for data collection in clinical settings; approaches...research to increase interoperability and integration of software in distributed systems ; protocols and tools for data annotation and management; and...Generation National Defense and National Security Systems .......................... 27 Improved Health Care Systems for All Citizens

Strategy for a transparent, accessible, and sustainable national claims database.

PubMed

Gelburd, Robin

2015-03-01

The article outlines the strategy employed by FAIR Health, Inc, an independent nonprofit, to maintain a national database of over 18 billion private health insurance claims to support consumer education, payer and provider operations, policy makers, and researchers with standard and customized data sets on an economically self-sufficient basis. It explains how FAIR Health conducts all operations in-house, including data collection, security, validation, information organization, product creation, and transmission, with a commitment to objectivity and reliability in data and data products. It also describes the data elements available to researchers and the diverse studies that FAIR Health data facilitate.

Spousal Coping Strategies in the Shadow of Terrorism.

PubMed

Shechory-Bitton, Mally; Cohen-Louck, Keren

2017-11-01

The present study focuses on spousal differences in reaction to ongoing exposure to terror and security threats. Sixty-eight married couples with children living in a region exposed to ongoing security threats were evaluated. All participants completed questionnaires on objective exposure (number of incidents) and subjective exposure (sense of fear) to terrorism and security threats, posttraumatic stress disorder (PTSD) symptoms, and their coping strategies with this ongoing exposure. Mothers reported higher levels of fear and PTSD symptoms, although their objective levels of exposure did not differ from those of their husbands. Similarities were found in coping strategies adopted by mothers and fathers to cope with life in the shadow of terrorism. Both mothers and fathers integrated emotion- and problem-focused coping strategies, with greater use of the latter. These similarities partially contradict research findings suggesting gender differences in coping with exposure to security threats. The results support the need for further research into investigating the role of dyadic coping in the context of prolonged exposure to security threats.

14 CFR 1203.201 - Information security objectives.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

14 CFR 1203.201 - Information security objectives.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

Spatial downscaling of soil prediction models based on weighted generalized additive models in smallholder farm settings.

PubMed

Xu, Yiming; Smith, Scot E; Grunwald, Sabine; Abd-Elrahman, Amr; Wani, Suhas P; Nair, Vimala D

2017-09-11

Digital soil mapping (DSM) is gaining momentum as a technique to help smallholder farmers secure soil security and food security in developing regions. However, communications of the digital soil mapping information between diverse audiences become problematic due to the inconsistent scale of DSM information. Spatial downscaling can make use of accessible soil information at relatively coarse spatial resolution to provide valuable soil information at relatively fine spatial resolution. The objective of this research was to disaggregate the coarse spatial resolution soil exchangeable potassium (K ex ) and soil total nitrogen (TN) base map into fine spatial resolution soil downscaled map using weighted generalized additive models (GAMs) in two smallholder villages in South India. By incorporating fine spatial resolution spectral indices in the downscaling process, the soil downscaled maps not only conserve the spatial information of coarse spatial resolution soil maps but also depict the spatial details of soil properties at fine spatial resolution. The results of this study demonstrated difference between the fine spatial resolution downscaled maps and fine spatial resolution base maps is smaller than the difference between coarse spatial resolution base maps and fine spatial resolution base maps. The appropriate and economical strategy to promote the DSM technique in smallholder farms is to develop the relatively coarse spatial resolution soil prediction maps or utilize available coarse spatial resolution soil maps at the regional scale and to disaggregate these maps to the fine spatial resolution downscaled soil maps at farm scale.

Defining a risk-informed framework for whole-of-government lessons learned: A Canadian perspective.

PubMed

Friesen, Shaye K; Kelsey, Shelley; Legere, J A Jim

Lessons learned play an important role in emergency management (EM) and organizational agility. Virtually all aspects of EM can derive benefit from a lessons learned program. From major security events to exercises, exploiting and applying lessons learned and "best practices" is critical to organizational resilience and adaptiveness. A robust lessons learned process and methodology provides an evidence base with which to inform decisions, guide plans, strengthen mitigation strategies, and assist in developing tools for operations. The Canadian Safety and Security Program recently supported a project to define a comprehensive framework that would allow public safety and security partners to regularly share event response best practices, and prioritize recommendations originating from after action reviews. This framework consists of several inter-locking elements: a comprehensive literature review/environmental scan of international programs; a survey to collect data from end users and management; the development of a taxonomy for organizing and structuring information; a risk-informed methodology for selecting, prioritizing, and following through on recommendations; and standardized templates and tools for tracking recommendations and ensuring implementation. This article discusses the efforts of the project team, which provided "best practice" advice and analytical support to ensure that a systematic approach to lessons learned was taken by the federal community to improve prevention, preparedness, and response activities. It posits an approach by which one might design a systematic process for information sharing and event response coordination-an approach that will assist federal departments to institutionalize a cross-government lessons learned program.

Systems Security Engineering

DTIC Science & Technology

2010-08-22

Commission (IEC). “Information technology — Security techniques — Code of practice for information security management ( ISO /IEC 27002 ...Information technology — Security techniques — Information security management systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security...was a draft ISO standard on Systems and software engineering, Systems and software assurance [18]. Created by systems engineers for systems

Execution of a self-directed risk assessment methodology to address HIPAA data security requirements

NASA Astrophysics Data System (ADS)

Coleman, Johnathan

2003-05-01

This paper analyzes the method and training of a self directed risk assessment methodology entitled OCTAVE (Operationally Critical Threat Asset and Vulnerability Evaluation) at over 170 DOD medical treatment facilities. It focuses specifically on how OCTAVE built interdisciplinary, inter-hierarchical consensus and enhanced local capabilities to perform Health Information Assurance. The Risk Assessment Methodology was developed by the Software Engineering Institute at Carnegie Mellon University as part of the Defense Health Information Assurance Program (DHIAP). The basis for its success is the combination of analysis of organizational practices and technological vulnerabilities. Together, these areas address the core implications behind the HIPAA Security Rule and can be used to develop Organizational Protection Strategies and Technological Mitigation Plans. A key component of OCTAVE is the inter-disciplinary composition of the analysis team (Patient Administration, IT staff and Clinician). It is this unique composition of analysis team members, along with organizational and technical analysis of business practices, assets and threats, which enables facilities to create sound and effective security policies. The Risk Assessment is conducted in-house, and therefore the process, results and knowledge remain within the organization, helping to build consensus in an environment of differing organizational and disciplinary perspectives on Health Information Assurance.

Extended outlook: description, utilization, and daily applications of cloud technology in radiology.

PubMed

Gerard, Perry; Kapadia, Neil; Chang, Patricia T; Acharya, Jay; Seiler, Michael; Lefkovitz, Zvi

2013-12-01

The purpose of this article is to discuss the concept of cloud technology, its role in medical applications and radiology, the role of the radiologist in using and accessing these vast resources of information, and privacy concerns and HIPAA compliance strategies. Cloud computing is the delivery of shared resources, software, and information to computers and other devices as a metered service. This technology has a promising role in the sharing of patient medical information and appears to be particularly suited for application in radiology, given the field's inherent need for storage and access to large amounts of data. The radiology cloud has significant strengths, such as providing centralized storage and access, reducing unnecessary repeat radiologic studies, and potentially allowing radiologic second opinions more easily. There are significant cost advantages to cloud computing because of a decreased need for infrastructure and equipment by the institution. Private clouds may be used to ensure secure storage of data and compliance with HIPAA. In choosing a cloud service, there are important aspects, such as disaster recovery plans, uptime, and security audits, that must be considered. Given that the field of radiology has become almost exclusively digital in recent years, the future of secure storage and easy access to imaging studies lies within cloud computing technology.

NorthAm Fest : fostering a North American continent approach to countering terrorism.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gerdes, Dick; Moore, Judy Hennessey; Whitley, John B.

2004-12-01

On September 14-16, 2004, the Advanced Concepts Group of Sandia National Laboratories in conjunction with the University of Texas at El Paso and the North American Institute hosted a workshop (fest) designed to explore the concept of a North American continental approach to countering terrorism. The fest began with the basic premise that the successful defense of North America against the threat of terrorism will require close collaboration among the North American allies--Canada, Mexico and the U.S.--as well as a powerful set of information collection and analysis tools and deterrence strategies. The NorthAm Fest recast the notion of ''homeland defense''more » as a tri-national effort to protect the North American continent against an evolving threat that respects no borders. This is a report of the event summarizing the ideas explored. The fest examined the uniqueness of dealing with terrorism from a tri-national North American viewpoint, the role and possible features of joint security systems, concepts for ideal continental security systems for North America, and the challenges and opportunities for such systems to become reality. The following issues were identified as most important for the advancement of this concept. (1) The three countries share a set of core values--democracy, prosperity and security--which form the basis for joint interactions and allow for the development of a culture of cooperation without affecting the sovereignty of the members. (2) The creation of a continental defensive strategy will require a set of strategic guidelines and that smart secure borders play a pivotal role. (3) Joint security systems will need to operate from a set of complementary but not identical policies and procedures. (4) There is a value in joint task forces for response and shared information systems for the prevention of attacks. (5) The private sector must play a critical role in cross-border interactions. Finally, participants envisioned a ''Tri-National Security Laboratory'' to develop and test new counter-terrorism technologies and processes. The fest was an important first step in developing a tri-national approach to continental security and very different approaches to countering terrorism were explored. Participants came to the conclusion that continental security would be easier to achieve if the focus were on broader security issues, such as transnational crime, with terrorism being only a part of the focus. A series of fledgling relationships were begun between individuals and organizations through which actions can occur. A first commitment is the publication by a set of participants representing the three countries of a joint paper outlining the elements of a Continental Security approach.« less

Interrelatedness of child health, protection and well-being: an application of the SAFE model in Rwanda.

PubMed

Betancourt, Theresa S; Williams, Timothy P; Kellner, Sarah E; Gebre-Medhin, Joy; Hann, Katrina; Kayiteshonga, Yvonne

2012-05-01

This study examines the core components of children's basic security and well-being in order to examine issues central to improving child protection in Rwanda. Sources of data included 15 focus groups with adults, 7 focus groups with children ages 10-17, and 11 key informant interviews with child protection stakeholders, including representatives from international NGOs, community-based groups, and the Rwandan Government, all of which took place in April and May of 2010. Participants painted a complex picture of threats to children's basic security in Rwanda. Three key themes were pervasive across all interviews: (1) deterioration of social and community cohesion in post-genocide Rwanda; (2) the cascading effects of poverty; and (3) the impact of caregiver illness and death on the caregiving environment. Consistent with the SAFE (Safety/freedom from harm; Access to basic physiological needs and healthcare; Family and connection to others; Education and economic security) model of child protection, participants rarely elaborated on a child protection threat independent of other basic security needs and rights. Findings suggest a need for integrated approaches to child protection that recognize this interrelatedness and extend beyond issue-specific child protection responses. This study contributes to a growing body of work highlighting the interrelated nature of child protection threats and the implications of adaptive and dangerous survival strategies that children and families engage in to meet their basic security needs. Analysis of this interrelatedness provides a roadmap for improving policies and implementing integrated and robust child protection strategies in Rwanda and other settings. Copyright © 2012 Elsevier Ltd. All rights reserved.

76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-15

...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

Fuzzy portfolio model with fuzzy-input return rates and fuzzy-output proportions

NASA Astrophysics Data System (ADS)

Tsaur, Ruey-Chyn

2015-02-01

In the finance market, a short-term investment strategy is usually applied in portfolio selection in order to reduce investment risk; however, the economy is uncertain and the investment period is short. Further, an investor has incomplete information for selecting a portfolio with crisp proportions for each chosen security. In this paper we present a new method of constructing fuzzy portfolio model for the parameters of fuzzy-input return rates and fuzzy-output proportions, based on possibilistic mean-standard deviation models. Furthermore, we consider both excess or shortage of investment in different economic periods by using fuzzy constraint for the sum of the fuzzy proportions, and we also refer to risks of securities investment and vagueness of incomplete information during the period of depression economics for the portfolio selection. Finally, we present a numerical example of a portfolio selection problem to illustrate the proposed model and a sensitivity analysis is realised based on the results.

Ultrathin Nonlinear Metasurface for Optical Image Encoding.

PubMed

Walter, Felicitas; Li, Guixin; Meier, Cedrik; Zhang, Shuang; Zentgraf, Thomas

2017-05-10

Security of optical information is of great importance in modern society. Many cryptography techniques based on classical and quantum optics have been widely explored in the linear optical regime. Nonlinear optical encryption in which encoding and decoding involve nonlinear frequency conversions represents a new strategy for securing optical information. Here, we demonstrate that an ultrathin nonlinear photonic metasurface, consisting of meta-atoms with 3-fold rotational symmetry, can be used to hide optical images under illumination with a fundamental wave. However, the hidden image can be read out from second harmonic generation (SHG) waves. This is achieved by controlling the destructive and constructive interferences of SHG waves from two neighboring meta-atoms. In addition, we apply this concept to obtain gray scale SHG imaging. Nonlinear metasurfaces based on space variant optical interference open new avenues for multilevel image encryption, anticounterfeiting, and background free image reconstruction.

Strategies for online test security.

PubMed

Hart, Leigh; Morgan, Lesley

2009-01-01

As online courses continue to increase, maintaining academic integrity in student evaluation is a challenge. The authors review several strategies, with varying degrees of cost and technology, to improve test security in the online classroom.

44 CFR 8.3 - Senior FEMA official responsible for the information security program.

Code of Federal Regulations, 2011 CFR

2011-10-01

... responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.3 Senior FEMA official responsible for the information security program. The Director of the Security...

75 FR 44800 - Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-29

... DEPARTMENT OF HOMELAND SECURITY Notice of Meeting of the Homeland Security Information Network... Security. ACTION: Notice of open meeting. SUMMARY: The Homeland Security Information Network Advisory... (Pub. L. 92-463). The mission of the Homeland Security Information Network Advisory Committee is to...

Systems Security Engineering

DTIC Science & Technology

2010-08-22

practice for information security management ( ISO /IEC 27002 ),” “Information technology — Security techniques — Information security management...systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security techniques — Information security risk management ( ISO /IEC 27005).” from...associated practice aids. Perhaps the most germane discovery from this effort was a draft ISO standard on Systems and software engineering, Systems and

12 CFR 605.501 - Information Security Officer.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 12 Banks and Banking 6 2011-01-01 2011-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

12 CFR 605.501 - Information Security Officer.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

A Layered Trust Information Security Architecture

PubMed Central

de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

2014-01-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a... have access to matter revealing Secret or Confidential National Security Information or Restricted Data...

Implementing an Information Security Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to covermore » information security best practices, planning for an information security management system, and implementing security controls for information security.« less

The Use of BS7799 Information Security Standard to Construct Mechanisms for the Management of Medical Organization Information Security

NASA Astrophysics Data System (ADS)

Liu, Shu-Fan; Chueh, Hao-En; Liao, Kuo-Hsiung

According to surveys, 80 % of security related events threatening information in medical organizations is due to improper management. Most research on information security has focused on information and security technology, such as network security and access control; rarely addressing issues at the management issues. The main purpose of this study is to construct a BS7799 based mechanism for the management of information with regard to security as it applies to medical organizations. This study analyzes and identifies the most common events related to information security in medical organizations and categorizes these events as high-risk, transferable-risk, and controlled-risk to facilitate the management of such risk.

The Balloon Effect and Mexican Homeland Security: What it Means to be the Weakest Link in the Americas’ Security Chain

DTIC Science & Technology

2011-12-01

in the Social Sciences (George & Bennett, 2005), the main challenges of this thesis are: 9  To test the hypothesis of whether the implications of...Americas´ security chain;  To test whether the new concept of balloon-effect counter-pressure coming from the Mexican strategy is influencing latent...balloon effects against U.S. homeland security;  To test whether those balloon effects created by the Mexican strategy inside Mexico are a

Experiences with the implementation of Individual Placement and Support for people with severe mental illness: a qualitative study among stakeholders.

PubMed

Vukadin, Miljana; Schaafsma, Frederieke G; Westerman, Marjan J; Michon, Harry W C; Anema, Johannes R

2018-05-24

Individual Placement and Support (IPS) is an evidence-based approach to help people with severe mental illness achieve competitive employment. This article provides insight into an organizational and a financial implementation strategy for IPS in the Netherlands by exploring the perceived facilitators and barriers among participating stakeholders. The goal of this multifaceted strategy was to improve IPS implementation by improving the collaboration between all organizations involved, and realising secured IPS funding with a 'pay for performance' element. A qualitative, explorative study among practitioners (n = 8) and decision makers (n = 7) in mental health care and vocational rehabilitation was performed using semi-structured interviews to collect rich information about the possible facilitators and barriers with regard to the organizational and financial implementation strategy for IPS. Important perceived facilitators were the key principles of the IPS model, regular meetings of stakeholders in mental health care and vocational rehabilitation, stakeholders' experienced ownership of IPS and collaboration, the mandate and influence of the decision makers involved and secured IPS funding. Important perceived barriers included the experienced rigidity of the IPS model fidelity scale and lack of independent fidelity reviewers, the temporary and fragmented character of the secured funding, lack of communication between decision makers and practitioners and negative attitudes and beliefs among mental health clinicians. Changes in legislation were experienced as a facilitator as well as a barrier. The results of this study suggest that the collaboration and IPS funding were experienced as improved by applying an organizational and a financial implementation strategy. However, considerable effort is still necessary to overcome the remaining barriers identified and to make the implementation of IPS a success in practice.

Is Seeing Believing? Training Users on Information Security: Evidence from Java Applets

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Figueroa, Norilyz

2017-01-01

Information Security issues are one of the top concerns of CEOs. Accordingly, information systems education and research have addressed security issues. One of the main areas of research is the behavioral issues in Information Security, primarily focusing on users' compliance to information security policies. We contribute to this literature by…

Rewritable phosphorescent paper by the control of competing kinetic and thermodynamic self-assembling events

NASA Astrophysics Data System (ADS)

Kishimura, Akihiro; Yamashita, Takashi; Yamaguchi, Kentaro; Aida, Takuzo

2005-07-01

Security inks have become of increasing importance. They are composed of invisible substances that provide printed images that are not able to be photocopied, and are readable only under special environments. Here we report a novel photoluminescent ink for rewritable media that dichroically emits phosphorescence due to a structural bistability of the self-assembled luminophor. Long-lasting images have been developed by using conventional thermal printers, which are readable only on exposure to ultraviolet light, and more importantly, are thermally erasable for rewriting. Although thermally rewritable printing media have already been developed using visible dyes and cholesteric liquid crystals, security inks that allow rewriting of invisible printed images are unprecedented. We realized this unique feature by the control of kinetic and thermodynamic processes that compete with one another in the self-assembly of the luminophor. This strategy can provide an important step towards the next-generation security technology for information handling.

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Establishing Information Security Standards Table of Contents I. Introduction A. Scope B. Preservation of... Security Program B. Objectives III. Development and Implementation of Customer Information Security Program.... Introduction The Interagency Guidelines Establishing Information Security Standards (Guidelines) set forth...

76 FR 67750 - Homeland Security Information Network Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0107] Homeland Security Information Network... Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network Advisory Committee (HSINAC) is necessary and in the...

78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-04

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0005] Homeland Security Information Network... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet... received by the (Homeland Security Information Network Advisory Committee), go to http://www.regulations...

78 FR 34665 - Homeland Security Information Network Advisory Committee (HSINAC); Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-10

... DEPARTMENT OF HOMELAND SECURITY [DHS-2013-0037] Homeland Security Information Network Advisory... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSINAC) will meet... posted beforehand at this link: http://www.dhs.gov/homeland-security-information-network-advisory...

Tenure security, social relations and contract choice: Endogenous matching in the Chinese land rental market

NASA Astrophysics Data System (ADS)

Ma, Xianlei; Zhou, Yuepeng; Shi, Xiaoping

2017-04-01

In China, land rental transactions have increased considerably since the 1990s, but there exists a high degree of segmentation and informal features. The rental transactions between partners with close social relations and the use of informal contracts remain a common phenomenon in many regions, which strongly reduce the potential of the land rental market to enhance productivity and equity. The current literature postulates that the insecurity of land property rights may restrict land transactions between members of same social relations. Studies conducted in China show that the land rentals between partners with closer social relations prefer informal contracts because these contracts are self-enforced based on trust and reputation. However, little literature has jointly examined the effect of land tenure security and social relations on joint decisions of partner and contract choice in the Chinese land rental market. Based on household data collected in Jiangxi and Liaoning provinces in 2015, this paper aims to examine the relationship between land tenure security perceptions, social relation and land rental contract choices in China. We differentiate between formal and informal contracts of land rental activities because they have different enforcement mechanisms and thus different risk-sharing strategy. With regards to social relations, we differ among relatives, villagers living in the same village and strangers according to social distance. In order to reduce estimation bias without accounting for endogenous matching between landlords and tenants, we investigate the joint partner and contract choices in the land rental market using a nested logit framework. The paper contributes to the literature on the effect of tenure security and social relations on land rental contracts by (i) taking into account endogenous matching between landlords and tenants, and estimating the joint decisions of partner and contract choice, and (ii) examining the effect of perceived tenure security, instead of de jure rights, on households' contract choice. The empirical results show that landlords are more likely to rent out land to tenants who live in the same village, instead of relatives and strangers. This kind of partner matching is based on consideration of both land tenure security and flexibility of rental relationships. Insecure land tenure encourages landlords to select informal contracts, because informal contracts seem to protect better protection than formal contracts as landlords are willing to match villagers. Policy implications are twofold based on our findings: 1) Land tenure reforms should put more emphasis on enhancing households' perception on tenure security and further reducing land market segmentation; 2) Measures that may be taken to stabilize rental contractual relationships may focus on the improvement of rural pension system and unemployment insurance for rural-urban migrants. Key Words: land rental market; contract choice; tenure security, social relations

Strategies for Supporting Physician-Scientists in Faculty Roles: A Narrative Review With Key Informant Consultations.

PubMed

Lingard, Lorelei; Zhang, Peter; Strong, Michael; Steele, Margaret; Yoo, John; Lewis, James

2017-10-01

Physician-scientists are a population in decline globally. Solutions to reverse this decline often have focused on the training pipeline. Less attention has been paid to reducing attrition post training, when physician-scientists take up faculty roles. However, this period is a known time of vulnerability because of the pressures of clinical duties and the long timeline to securing independent research funding. This narrative review explored existing knowledge regarding how best to support physician-scientists for success in their faculty roles. The authors searched the Medline, Embase, ERIC, and Cochrane Library databases for articles published from 2000 to 2016 on this topic and interviewed key informants in 2015 to solicit their input on the review results. The authors reviewed 78 articles and interviewed 16 key informants. From the literature, they developed a framework of organizational (facilitate mentorship, foster community, value the physician-scientist role, minimize financial barriers) and individual (develop professional and research skills) strategies for supporting physician-scientists. They also outlined key knowledge gaps representing topics either rarely or never addressed in the reviewed articles (percent research time, structural hypocrisy, objective assessment, group metrics, professional identity). The key informants confirmed the identified strategies and discussed how the gaps were particularly important and impactful. This framework offers a basis for assessing an organization's existing support strategies, identifying outstanding needs, and developing targeted programming. The identified gaps require attention, as they threaten to undermine the benefits of existing support strategies.

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

[The comparative evaluation of level of security culture in medical organizations].

PubMed

Roitberg, G E; Kondratova, N V; Galanina, E V

2016-01-01

The study was carried out on the basis of clinic “Medicine” in 2014-2015 concerning security culture. The sampling included 465 filled HSPSC questionnaires. The comparative analysis of received was implemented. The “Zubovskaia district hospital” Having no accreditation according security standards and group of clinics from USA functioning for many years in the system of patient security support were selected as objects for comparison. The evaluation was implemented concerning dynamics of security culture in organization at implementation of strategies of security of patients during 5 years and comparison of obtained results with USA clinics was made. The study results demonstrated that in conditions of absence of implemented standards of security in medical organization total evaluation of security remains extremely low. The study of security culture using HSPSC questionnaire is an effective tool for evaluating implementation of various strategies of security ofpatient. The functioning in the system of international standards of quality, primarily JCI standards, permits during several years to achieve high indices of security culture.

Emerging Science And Technologies: Securing The Nation Through Dicovery and Innovation

DTIC Science & Technology

2013-04-01

potential material for use in quantum computing and spintronics. R&D in the area of advanced carbon-based materials has the potential to revolutionize...seem to involve a dual-approach strategy. First, the vast majority of our sensory input information does not reach the level of consciousness ...WHITE PAPER | 17 Relevant technology areas that support Protection of the Intelligence Enterprise include: Quantum Computing and Associated

Sustainable Development: A Strategy for Regaining Control of Northern Mali

DTIC Science & Technology

2014-06-01

informal attempts to conduct evasive maneuvers to achieve desired end results. The Project for National Security Reform argued that at times “… end runs...recognizing the internal borders that France established in the early twentieth century . Still, Model II optimally assigns projects based on... Project Design 4. In the end , Model I allocated the projects while addressing the following supplemental research questions posed in chapters I and

Central Asia’s Shrinking Connectivity Gap: Implications for U.S. Strategy

DTIC Science & Technology

2014-11-01

strategic research and analysis to influence policy debate and bridge the gap between military and academia. The Center for Strategic Leadership and...War College External Research Associates Program. Information on this program is available on our website, www.StrategicStudies Institute.army.mil...update the national security community on the research of our analysts, recent and forthcoming publications, and upcoming confer- ences sponsored by

An Updated Version of the U.S. Air Force Multi-Attribute Task Battery (AF-MATB)

DTIC Science & Technology

2014-08-01

assessing human performance in a controlled multitask environment. The most recent release of AF-MATB contains numerous improvements and additions...Strategic Behavior, MATB, Multitasking , Task Battery, Simulator, Multi-Attribute Task Battery, Automation 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF...performance and multitasking strategy. As a result, a specific Information Throughput (IT) Mode was designed to customize the task to fit the Human

Practical UXO Classification: Enhanced Data Processing Strategies for Technology Transition - Fort Ord: Dynamic and Cued Metalmapper Processing and Classification

DTIC Science & Technology

2017-06-06

OMB No. 0704-0188 Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for...Geophysical Mapping, Electromagnetic Induction, Instrument Verification Strip, Time Domain Electromagnetic, Unexploded Ordnance 16. SECURITY...Munitions Response QA Quality Assurance QC Quality Control ROC Receiver Operating Characteristic RTK Real- time Kinematic s Second SNR

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

Security Shift in Future Network Architectures

DTIC Science & Technology

2010-11-01

RTO-MP-IST-091 2 - 1 Security Shift in Future Network Architectures Tim Hartog, M.Sc Information Security Dept. TNO Information and...current practice military communication infrastructures are deployed as stand-alone networked information systems. Network -Enabled Capabilities (NEC) and...information architects and security specialists about the separation of network and information security, the consequences of this shift and our view

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 4 2011-10-01 2011-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 4 2014-10-01 2014-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 4 2012-10-01 2012-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 4 2013-10-01 2013-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-23

... Office, --Update of NIST Computer Security Division, and --Information Security and Privacy Advisory... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

Interpreting international governance standards for health IT use within general medical practice.

PubMed

Mahncke, Rachel J; Williams, Patricia A H

2014-01-01

General practices in Australia recognise the importance of comprehensive protective security measures. Some elements of information security governance are incorporated into recommended standards, however the governance component of information security is still insufficiently addressed in practice. The International Organistion for Standardisation (ISO) released a new global standard in May 2013 entitled, ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security. This standard, applicable to organisations of all sizes, offers a framework against which to assess and implement the governance components of information security. The standard demonstrates the relationship between governance and the management of information security, provides strategic principles and processes, and forms the basis for establishing a positive information security culture. An analysis interpretation of this standard for use in Australian general practice was performed. This work is unique as such interpretation for the Australian healthcare environment has not been undertaken before. It demonstrates an application of the standard at a strategic level to inform existing development of an information security governance framework.

Strategies for converting to a DBMS environment

NASA Technical Reports Server (NTRS)

Durban, D. M.

1984-01-01

The conversion to data base management systems processing techniques consists of three different strategies - one for each of the major stages in the development process. Each strategy was chosen for its approach in bringing about a smooth evolutionary type transition from one mode of operation to the next. The initial strategy of the indoctrination stage consisted of: (1) providing maximum access to current administrative data as soon as possible; (2) select and developing small prototype systems; (3) establishing a user information center as a central focal point for user training and assistance; and (4) developing a training program for programmers, management and ad hoc users in DBMS application and utilization. Security, the rate of the data dictionary, and data base tuning and capacity planning, and the development of a change of attitude in an automated office are issues meriting consideration.

Secure relay selection based on learning with negative externality in wireless networks

NASA Astrophysics Data System (ADS)

Zhao, Caidan; Xiao, Liang; Kang, Shan; Chen, Guiquan; Li, Yunzhou; Huang, Lianfen

2013-12-01

In this paper, we formulate relay selection into a Chinese restaurant game. A secure relay selection strategy is proposed for a wireless network, where multiple source nodes send messages to their destination nodes via several relay nodes, which have different processing and transmission capabilities as well as security properties. The relay selection utilizes a learning-based algorithm for the source nodes to reach their best responses in the Chinese restaurant game. In particular, the relay selection takes into account the negative externality of relay sharing among the source nodes, which learn the capabilities and security properties of relay nodes according to the current signals and the signal history. Simulation results show that this strategy improves the user utility and the overall security performance in wireless networks. In addition, the relay strategy is robust against the signal errors and deviations of some user from the desired actions.

Information Security: Computer Hacker Information Available on the Internet

DTIC Science & Technology

1996-06-05

INFORMATION SECURITY Computer Hacker Information Available on the Internet Statement for the Record of...Report Type N/A Dates Covered (from... to) - Title and Subtitle INFORMATION SECURITY Computer Hacker Information Available on the Internet Contract...1996 4. TITLE AND SUBTITLE Information Security: Computer Hacker Information Available on the Internet 5. FUNDING NUMBERS 6. AUTHOR(S) Jack L.

A review of security of electronic health records.

PubMed

Win, Khin Than

The objective of this study is to answer the research question, "Are current information security technologies adequate for electronic health records (EHRs)?" In order to achieve this, the following matters have been addressed in this article: (i) What is information security in the context of EHRs? (ii) Why is information security important for EHRs? and (iii) What are the current technologies for information security available to EHRs? It is concluded that current EHR security technologies are inadequate and urgently require improvement. Further study regarding information security of EHRs is indicated.

Goals, Strategies

Science.gov Websites

stability Science & Innovation Collaboration Careers Community Environment Science & Innovation . Provide a safe, secure, and effective stockpile Protect against the nuclear threat Counter emerging excellence STRATEGY We will create a modern workplace that is environmentally responsible, safe, and secure

Strategic Pivot Toward the Asia-Pacific: Implications for USMC

DTIC Science & Technology

2013-03-01

S) AND ADDRESS(ES) Dr. Gabriel Marcella Department of National Security and Strategy 8. PERFORMING ORGANIZATION REPORT NUMBER 9...Gabriel Marcella Department of National Security and Strategy Project Adviser This manuscript is submitted in partial fulfillment of the

49 CFR 1548.19 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an Information... security measures are necessary to respond to a threat assessment, or to a specific threat against civil...

Impact of climate change on crop yield and role of model for achieving food security.

PubMed

Kumar, Manoj

2016-08-01

In recent times, several studies around the globe indicate that climatic changes are likely to impact the food production and poses serious challenge to food security. In the face of climate change, agricultural systems need to adapt measures for not only increasing food supply catering to the growing population worldwide with changing dietary patterns but also to negate the negative environmental impacts on the earth. Crop simulation models are the primary tools available to assess the potential consequences of climate change on crop production and informative adaptive strategies in agriculture risk management. In consideration with the important issue, this is an attempt to provide a review on the relationship between climate change impacts and crop production. It also emphasizes the role of crop simulation models in achieving food security. Significant progress has been made in understanding the potential consequences of environment-related temperature and precipitation effect on agricultural production during the last half century. Increased CO2 fertilization has enhanced the potential impacts of climate change, but its feasibility is still in doubt and debates among researchers. To assess the potential consequences of climate change on agriculture, different crop simulation models have been developed, to provide informative strategies to avoid risks and understand the physical and biological processes. Furthermore, they can help in crop improvement programmes by identifying appropriate future crop management practises and recognizing the traits having the greatest impact on yield. Nonetheless, climate change assessment through model is subjected to a range of uncertainties. The prediction uncertainty can be reduced by using multimodel, incorporating crop modelling with plant physiology, biochemistry and gene-based modelling. For devloping new model, there is a need to generate and compile high-quality field data for model testing. Therefore, assessment of agricultural productivity to sustain food security for generations is essential to maintain a collective knowledge and resources for preventing negative impact as well as managing crop practises.

A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

ERIC Educational Resources Information Center

Waddell, Stanie Adolphus

2013-01-01

Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

49 CFR 8.9 - Information Security Review Committee.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 1 2011-10-01 2011-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... Clause 1352.239-73, Security Requirements for Information Technology Resources, is needed, contracting... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339...

49 CFR 8.9 - Information Security Review Committee.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 1 2010-10-01 2010-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

Defining Information Security.

PubMed

Lundgren, Björn; Möller, Niklas

2017-11-15

This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

PubMed

Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

2000-05-01

The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.

Streamlined Approach for Environmental Restoration Plan for Corrective Action Unit 574: Neptune, Nevada National Security Site, Nevada

DOE Office of Scientific and Technical Information (OSTI.GOV)

NSTec Environmental Restoration

2011-08-31

This Streamlined Approach for Environmental Restoration (SAFER) Plan identifies the activities required for closure of Corrective Action Unit (CAU) 574, Neptune. CAU 574 is included in the Federal Facility Agreement and Consent Order (FFACO) (1996 [as amended March 2010]) and consists of the following two Corrective Action Sites (CASs) located in Area 12 of the Nevada National Security Site: (1) CAS 12-23-10, U12c.03 Crater (Neptune); (2) CAS 12-45-01, U12e.05 Crater (Blanca). This plan provides the methodology for the field activities that will be performed to gather the necessary information for closure of the two CASs. There is sufficient information andmore » process knowledge regarding the expected nature and extent of potential contaminants to recommend closure of CAU 574 using the SAFER process. Based on historical documentation, personnel interviews, site process knowledge, site visits, photographs, field screening, analytical results, the results of the data quality objective (DQO) process (Section 3.0), and an evaluation of corrective action alternatives (Appendix B), closure in place with administrative controls is the expected closure strategy for CAU 574. Additional information will be obtained by conducting a field investigation to verify and support the expected closure strategy and provide a defensible recommendation that no further corrective action is necessary. This will be presented in a Closure Report that will be prepared and submitted to the Nevada Division of Environmental Protection (NDEP) for review and approval.« less

Cooperative Monitoring Center Occasional Paper/8: Cooperative Border Security for Jordan: Assessment and Options

DOE Office of Scientific and Technical Information (OSTI.GOV)

Qojas, M.

1999-03-01

This document is an analysis of options for unilateral and cooperative action to improve the security of Jordan's borders. Sections describe the current political, economic, and social interactions along Jordan's borders. Next, the document discusses border security strategy for cooperation among neighboring countries and the adoption of confidence-building measures. A practical cooperative monitoring system would consist of hardware for early warning, command and control, communications, and transportation. Technical solutions can expand opportunities for the detection and identification of intruders. Sensors (such as seismic, break-wire, pressure-sensing, etc.) can warn border security forces of intrusion and contribute to the identification of themore » intrusion and help formulate the response. This document describes conceptual options for cooperation, offering three scenarios that relate to three hypothetical levels (low, medium, and high) of cooperation. Potential cooperative efforts under a low cooperation scenario could include information exchanges on military equipment and schedules to prevent misunderstandings and the establishment of protocols for handling emergency situations or unusual circumstances. Measures under a medium cooperation scenario could include establishing joint monitoring groups for better communications, with hot lines and scheduled meetings. The high cooperation scenario describes coordinated responses, joint border patrols, and sharing border intrusion information. Finally, the document lists recommendations for organizational, technical, and operational initiatives that could be applicable to the current situation.« less

Secure Fusion Estimation for Bandwidth Constrained Cyber-Physical Systems Under Replay Attacks.

PubMed

Chen, Bo; Ho, Daniel W C; Hu, Guoqiang; Yu, Li; Bo Chen; Ho, Daniel W C; Guoqiang Hu; Li Yu; Chen, Bo; Ho, Daniel W C; Hu, Guoqiang; Yu, Li

2018-06-01

State estimation plays an essential role in the monitoring and supervision of cyber-physical systems (CPSs), and its importance has made the security and estimation performance a major concern. In this case, multisensor information fusion estimation (MIFE) provides an attractive alternative to study secure estimation problems because MIFE can potentially improve estimation accuracy and enhance reliability and robustness against attacks. From the perspective of the defender, the secure distributed Kalman fusion estimation problem is investigated in this paper for a class of CPSs under replay attacks, where each local estimate obtained by the sink node is transmitted to a remote fusion center through bandwidth constrained communication channels. A new mathematical model with compensation strategy is proposed to characterize the replay attacks and bandwidth constrains, and then a recursive distributed Kalman fusion estimator (DKFE) is designed in the linear minimum variance sense. According to different communication frameworks, two classes of data compression and compensation algorithms are developed such that the DKFEs can achieve the desired performance. Several attack-dependent and bandwidth-dependent conditions are derived such that the DKFEs are secure under replay attacks. An illustrative example is given to demonstrate the effectiveness of the proposed methods.

6 CFR 27.200 - Information regarding security risk for a chemical facility.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Information regarding security risk for a chemical facility. 27.200 Section 27.200 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information...

Determination of non-market values to inform conservation strategies for the threatened Alistana-Sanabresa cattle breed.

PubMed

Martin-Collado, D; Diaz, C; Drucker, A G; Carabaño, M J; Zander, K K

2014-08-01

Livestock breed-related public good functions are often used to justify support for endangered breed conservation despite the fact that little is known about such non-market values. We show how stated preference techniques can be used to assess the non-market values that people place on livestock breeds. Through the application of a case study choice experiment survey in Zamora province, Spain, the total economic value (TEV) of the threatened Alistana-Sanabresa (AS) cattle breed was investigated. An analysis of the relative importance of the non-market components of its TEV and an assessment of the socio-economic variables that influence people's valuation of such components is used to inform conservation strategy design. Overall, the findings reveal that the AS breed had significant non-market values associated with it and that the value that respondents placed on each specific public good function also varied significantly. Functions related with indirect use cultural and existence values were much more highly valued than landscape maintenance values. These high cultural and existence values (totalling over 80% of TEV) suggest that an AS in situ conservation strategy will be required to secure such values. As part of such a strategy, incentive mechanisms will be needed to permit farmers to capture some of these public good values and thus be able to afford to maintain breed population numbers at socially desirable levels. One such mechanism could be related to the development of breed-related agritourism initiatives, with a view to enhancing private good values and providing an important addition to continued direct support. Where linked with cultural dimensions, niche product market development, including through improving AS breed-related product quality and brand recognition may also have a role to play as part of such an overall conservation and use strategy. We conclude that livestock breed conservation strategies with the highest potential to maximise societal welfare would be those that secure the breed-related functions that people value most, with appropriate in situ conservation interventions and strategies being identified accordingly.

Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

ERIC Educational Resources Information Center

Imam, Abbas H.

2013-01-01

Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

14 CFR 1203.202 - Responsibilities.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.202 Responsibilities. (a) The Chairperson, NASA Information Security...) Ensuring effective compliance with and implementation of “the Order” and the Information Security Oversight...

14 CFR 1203.202 - Responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.202 Responsibilities. (a) The Chairperson, NASA Information Security...) Ensuring effective compliance with and implementation of “the Order” and the Information Security Oversight...

Addressing cargo security with strategies involving private sector.

DOT National Transportation Integrated Search

2008-12-01

The public and private sectors contributing to goods movement agree that cargo security has : not been addressed nearly as much as physical and vessel security. Addressing cargo security : will require additional operational data that is not currentl...

India’s Emerging Security Strategy, Missile Defense, and Arms Control

DTIC Science & Technology

2004-06-01

and contemplate a security strategy. Starting in July 1998, a series of negotiations between Foreign Minister Jaswant Singh and US envoy Strobe...arms control.46 The Singh -Talbott discussions eventually led to the reaffirmation of civilian command-and-control and a doctrine of “minimum...Council (NSC), including Prime Minister Vajpayee, Minister of Foreign Affairs Singh , and Minister of Defense Fernandes, and appointed a National Security

Century of the Seas: Unlocking Indian Maritime Strategy in the 21st Century

DTIC Science & Technology

2017-09-01

Ensuring Secure Seas. Finally, this thesis examines India’s economic policies, specifically maritime trade, as well as domestic politics, to see how...they engage and shape Indian maritime strategy. These findings present a combined analysis of economic , security, and political factors mentioned above...Ensuring Secure Seas. Finally, this thesis examines India’s economic policies, specifically maritime trade, as well as domestic politics, to see how

The Role of Cultural Understanding and Language Training in Unconventional Warfare

DTIC Science & Technology

2004-12-01

National Security Strategy (NSS), while acknowledging the dangers posed by non-military actions which can affect economic, financial, social and...security by causing direct or indirect consequences on the country’s economic and social life” (Security Strategy, 1999, Chapter 4). Among Romania’s...we rely on our allies help to defend our national integrity” (Iliescu, 2004, Pro memoria ). As a direct result of the progress in achieving its

Measuring Transnational Organized Crime Threats to US National Security

DTIC Science & Technology

2016-05-26

typology is not designed to score TOC networks, so it is not an obvious choice, but it could be easily modified by the TMWG to rank-order TOC networks...States Strategy to Combat Transnational Organized Crime (SCTOC). The strategy identified Transnational Organized Crime ( TOC ) as a national security...identify the TOC groups that present the national security threat defined in the SCTOC? A literature review of existing organized crime assessments

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Part 364—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

75 FR 63499 - Extension of Agency Information Collection Activity Under OMB Review: Sensitive Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-15

... Information Collection Activity Under OMB Review: Sensitive Security Information Threat Assessments AGENCY... Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of... of a party seeking access to sensitive security information (SSI) in a civil proceeding in Federal...

Economic Evaluation of the Information Security Levels Achieved by Electric Energy Providers in North Arctic Region

NASA Astrophysics Data System (ADS)

Sushko, O. P.; Kaznin, A. A.; Babkin, A. V.; Bogdanov, D. A.

2017-10-01

The study we are conducting involves the analysis of information security levels achieved by energy providers operating in the North Arctic Region. We look into whether the energy providers’ current information security levels meet reliability standards and determine what further actions may be needed for upgrading information security in the context of the digital transformation that the world community is undergoing. When developing the information security systems for electric energy providers or selecting the protection means for them, we are governed by the fact that the assets to be protected are process technologies. While information security risk can be assessed using different methods, the evaluation of the economic damage from these risks appears to be a difficult task. The most probable and harmful risks we have identified when evaluating the electric energy providers’ information security will be used by us as variables. To provide the evaluation, it is necessary to calculate the costs relating to elimination of the risks identified. The final stage of the study will involve the development of an operation algorithm for the North Arctic Region’s energy provider’s business information protection security system - a set of information security services, and security software and hardware.

75 FR 65526 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 6636 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-07

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 67484 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... must be submitted to the Information Security Oversight Office (ISOO) no later than Friday, November 11...

76 FR 28099 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-13

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

75 FR 39582 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-09

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

A taxonomy and discussion of software attack technologies

NASA Astrophysics Data System (ADS)

Banks, Sheila B.; Stytz, Martin R.

2005-03-01

Software is a complex thing. It is not an engineering artifact that springs forth from a design by simply following software coding rules; creativity and the human element are at the heart of the process. Software development is part science, part art, and part craft. Design, architecture, and coding are equally important activities and in each of these activities, errors may be introduced that lead to security vulnerabilities. Therefore, inevitably, errors enter into the code. Some of these errors are discovered during testing; however, some are not. The best way to find security errors, whether they are introduced as part of the architecture development effort or coding effort, is to automate the security testing process to the maximum extent possible and add this class of tools to the tools available, which aids in the compilation process, testing, test analysis, and software distribution. Recent technological advances, improvements in computer-generated forces (CGFs), and results in research in information assurance and software protection indicate that we can build a semi-intelligent software security testing tool. However, before we can undertake the security testing automation effort, we must understand the scope of the required testing, the security failures that need to be uncovered during testing, and the characteristics of the failures. Therefore, we undertook the research reported in the paper, which is the development of a taxonomy and a discussion of software attacks generated from the point of view of the security tester with the goal of using the taxonomy to guide the development of the knowledge base for the automated security testing tool. The representation for attacks and threat cases yielded by this research captures the strategies, tactics, and other considerations that come into play during the planning and execution of attacks upon application software. The paper is organized as follows. Section one contains an introduction to our research and a discussion of the motivation for our work. Section two contains a presents our taxonomy of software attacks and a discussion of the strategies employed and general weaknesses exploited for each attack. Section three contains a summary and suggestions for further research.

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 1 2010-01-01 2010-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 1 2011-01-01 2011-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

America Promises to Come Back: Our New National Security Strategy

DTIC Science & Technology

1991-10-23

Captain Larry Seaquist, U.S. Navy, Office of the Principal Deputy Under Secretary of Defense (Strategy and Resources); Vice Admiral James Service...to be primarily based on U.S. forces in being. Under the new national security strategy, deterrence of the Soviet threat will largely be based upon a...Cheney’s IISS remarks were followed by I. Lewis "Scooter" Libby, Principal Deputy Under Secretary of Defense (Strategy and Resources), who provided

Parents' experience of hospitalization: different strategies for feeling secure.

PubMed

Kristensson-Hallström, I; Elander, G

1997-01-01

Twenty parents of boys (ages 2-14 years) hospitalized for hypospadias repair in a pediatric surgery department in Sweden, were interviewed concerning their experience when their child was hospitalized. A qualitative analysis of the interviews indicated that the most important issue to the parents was finding security at the hospital. Parents manifested one of three different strategies that enabled them to feel secure at the hospital; (a) relinquishing the care of their children to the nursing staff; (b) obtaining a measure of control over their children's care; and (c) relying on knowing their child best. The parental strategy adopted to feel secure was found to correspond with the way parents experienced the hospitalization. Differences were found in their children's experiences of pain and the alleviation of the pain during the hospitalization.

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Information and Restricted Data. 95.35 Section 95.35 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a...

Approach to estimation of level of information security at enterprise based on genetic algorithm

NASA Astrophysics Data System (ADS)

V, Stepanov L.; V, Parinov A.; P, Korotkikh L.; S, Koltsov A.

2018-05-01

In the article, the way of formalization of different types of threats of information security and vulnerabilities of an information system of the enterprise and establishment is considered. In a type of complexity of ensuring information security of application of any new organized system, the concept and decisions in the sphere of information security are expedient. One of such approaches is the method of a genetic algorithm. For the enterprises of any fields of activity, the question of complex estimation of the level of security of information systems taking into account the quantitative and qualitative factors characterizing components of information security is relevant.

17 CFR 249.1001 - Form SIP, for application for registration as a securities information processor or to amend such...

Code of Federal Regulations, 2011 CFR

2011-04-01

... registration as a securities information processor or to amend such an application or registration. 249.1001..., SECURITIES EXCHANGE ACT OF 1934 Form for Registration of, and Reporting by Securities Information Processors § 249.1001 Form SIP, for application for registration as a securities information processor or to amend...

17 CFR 249.1001 - Form SIP, for application for registration as a securities information processor or to amend such...

Code of Federal Regulations, 2010 CFR

2010-04-01

... registration as a securities information processor or to amend such an application or registration. 249.1001..., SECURITIES EXCHANGE ACT OF 1934 Form for Registration of, and Reporting by Securities Information Processors § 249.1001 Form SIP, for application for registration as a securities information processor or to amend...

Assumptions and Grand Strategy

DTIC Science & Technology

2011-01-01

Germany; The Continuity of Change,” in National Security Cultures: Patterns of Global Governance, ed. Emil Kirchner and James Sperling (London...Britain in an Age of Uncertainty: The National Security Strategy (October 2010), 10. 25. Carl von Clausewitz, On War, edited and translated by Michael E

Security policy speculation of user uploaded images on content sharing sites

NASA Astrophysics Data System (ADS)

Iyapparaja, M.; Tiwari, Maneesh

2017-11-01

Innovation is developing step by step tremendously. As there are numerous social locales where information likes pictures, sound, video and so forth are shared by the client to each other. In concentrate to all exercises on social locales, there is need of protection to pictures. Because of this reason, I utilized Adaptive protection strategy forecast instrument to give security to the pictures. Issue identified with pictures is the huge issue in social locales like Facebook, twitter and so on. So here the part of a social thought, security to pictures, metadata and so on is produced. To conquer this issue we produced an answer which is 2 systems which understanding to a background marked by the pictures gives appropriated answer for them. Here we give an arrangement to the specific sort of pictures by characterizing them and in addition giving protection to pictures which are transferred agreement to a calculation that we utilized. Consequently as indicated by this arrangement expectation pictures take after a similar approach on up and coming pictures and give successful security to them.

46 CFR 503.52 - Senior agency official.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 9 2011-10-01 2011-10-01 false Senior agency official. 503.52 Section 503.52 Shipping FEDERAL MARITIME COMMISSION GENERAL AND ADMINISTRATIVE PROVISIONS PUBLIC INFORMATION Information Security...'s information security program, which includes oversight (self-inspection) and security information...

75 FR 10507 - Information Security Oversight Office; National Industrial Security Program Policy Advisory...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-08

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... individuals planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later...

Building a Foreign Military Sales Construction Delivery Strategy Decision Support System

DTIC Science & Technology

1991-09-01

DSS, formulates it into a computer model and produces solutions using information and expert heuristics. Using the Expert Systeic Process to Build a DSS...computer model . There are five stages in the development of an expert system. They are: 1) Identify and characterize the important aspects of the problem...and Steven A. Hidreth. U.S. Security Assistance: The Political Process. Massachusetts: Heath and Company, 1985. 19. Guirguis , Amir A., Program

Changing the Game: Human Security as Grand Strategy

DTIC Science & Technology

2014-06-01

convergence of multiple vulnerabilities in the en- vironment of the individual. LITERATURE REVIEW A growing body of literature exists that embraces...complexities of tomorrow. Decrements in the capacities of today to effectively deal with the com- plexities of tomorrow should then inform the targeted...Seek” against “The World As It Is.”14 Closing the decrement between “The World As It Is” and “The World We Seek” involves continued progress and

Joint Force Quarterly. Number 31, Summer 2002

DTIC Science & Technology

2002-09-01

College of the Armed Forces COL Timothy S. Heinemann, USA ■ U.S. Army Command and General Staff College CAPT Chester E. Helms, USN ■ Naval War College...Announcing the next event in the 2002– 2003 symposia program Pacific Symposium Towards a Durable Security Strategy (Co-sponsored with U.S. Pacific...Command) March 25–27, 2003 Information on symposia is available via the National Defense University World Wide Web server. Access by addressing

Optimal space-time attacks on system state estimation under a sparsity constraint

NASA Astrophysics Data System (ADS)

Lu, Jingyang; Niu, Ruixin; Han, Puxiao

2016-05-01

System state estimation in the presence of an adversary that injects false information into sensor readings has attracted much attention in wide application areas, such as target tracking with compromised sensors, secure monitoring of dynamic electric power systems, secure driverless cars, and radar tracking and detection in the presence of jammers. From a malicious adversary's perspective, the optimal strategy for attacking a multi-sensor dynamic system over sensors and over time is investigated. It is assumed that the system defender can perfectly detect the attacks and identify and remove sensor data once they are corrupted by false information injected by the adversary. With this in mind, the adversary's goal is to maximize the covariance matrix of the system state estimate by the end of attack period under a sparse attack constraint such that the adversary can only attack the system a few times over time and over sensors. The sparsity assumption is due to the adversary's limited resources and his/her intention to reduce the chance of being detected by the system defender. This becomes an integer programming problem and its optimal solution, the exhaustive search, is intractable with a prohibitive complexity, especially for a system with a large number of sensors and over a large number of time steps. Several suboptimal solutions, such as those based on greedy search and dynamic programming are proposed to find the attack strategies. Examples and numerical results are provided in order to illustrate the effectiveness and the reduced computational complexities of the proposed attack strategies.

Multi-agent modelling of climate outlooks and food security on a community garden scheme in Limpopo, South Africa.

PubMed

Bharwani, Sukaina; Bithell, Mike; Downing, Thomas E; New, Mark; Washington, Richard; Ziervogel, Gina

2005-11-29

Seasonal climate outlooks provide one tool to help decision-makers allocate resources in anticipation of poor, fair or good seasons. The aim of the 'Climate Outlooks and Agent-Based Simulation of Adaptation in South Africa' project has been to investigate whether individuals, who adapt gradually to annual climate variability, are better equipped to respond to longer-term climate variability and change in a sustainable manner. Seasonal climate outlooks provide information on expected annual rainfall and thus can be used to adjust seasonal agricultural strategies to respond to expected climate conditions. A case study of smallholder farmers in a village in Vhembe district, Limpopo Province, South Africa has been used to examine how such climate outlooks might influence agricultural strategies and how this climate information can be improved to be more useful to farmers. Empirical field data has been collected using surveys, participatory approaches and computer-based knowledge elicitation tools to investigate the drivers of decision-making with a focus on the role of climate, market and livelihood needs. This data is used in an agent-based social simulation which incorporates household agents with varying adaptation options which result in differing impacts on crop yields and thus food security, as a result of using or ignoring the seasonal outlook. Key variables are the skill of the forecast, the social communication of the forecast and the range of available household and community-based risk coping strategies. This research provides a novel approach for exploring adaptation within the context of climate change.

Security and privacy qualities of medical devices: an analysis of FDA postmarket surveillance.

PubMed

Kramer, Daniel B; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R

2012-01-01

Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients' stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware.

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

PubMed Central

Kramer, Daniel B.; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R.

2012-01-01

Background Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware. PMID:22829874

6 CFR 7.27 - Declassification and downgrading.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY INFORMATION Classified Information § 7.27 Declassification and downgrading. (a) Classified... Security Officer. (b) Information shall be declassified or downgraded by the official who authorized the... Secretary of Homeland Security or the Chief Security Officer. (c) It is presumed that information that...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2013 CFR

2013-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2013-01-01 2013-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2014 CFR

2014-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2014-01-01 2014-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

78 FR 26057 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-03

... Information Collection Activity Under OMB Review: Pipeline Corporate Security Review AGENCY: Transportation.... Information Collection Requirement Title: Pipeline Corporate Security Review (PCSR). Type of Request... current industry security practices through its Pipeline Corporate Security Review (PCSR) program. The...

Security Systems Consideration: A Total Security Approach

NASA Astrophysics Data System (ADS)

Margariti, S. V.; Meletiou, G.; Stergiou, E.; Vasiliadis, D. C.; Rizos, G. E.

2007-12-01

The "safety" problem for protection systems is to determine in a given situation whether a subject can acquire a particular right to an object. Security and audit operation face the process of securing the application on computing and network environment; however, storage security has been somewhat overlooked due to other security solutions. This paper identifies issues for data security, threats and attacks, summarizes security concepts and relationships, and also describes storage security strategies. It concludes with recommended storage security plan for a total security solution.

NATO Transformation and Operational Support in the Canadian Forces: Part 1: The Political Dimension

DTIC Science & Technology

2010-11-01

David Rudd; DRDC CORA TR 2010-244; R & D pour la défense Canada –CARO; Novembre 2010. Contexte: L’Organisation du Traité de l’Atlantique Nord (OTAN...Alliance as a tool through which it pursues a globalized security strategy. 13 At the 2010 Munich Conference on Security Policy, Defense Secretary... 13 National Security Strategy May 2010, p. 41. http://www.whitehouse.gov/sites/default/files

India’s Evolving Nuclear Force and Its Implications for U.S. Strategy in the Asia-Pacific

DTIC Science & Technology

2016-06-01

concerning the role of ground forces in achieving national security objectives. The Strategic Studies Institute publishes national security and...international audience, and honor Soldiers—past and present. STRATEGIC STUDIES INSTITUTE The Strategic Studies Institute (SSI) is part of the U.S...Army War College and is the strategic-level study agent for issues related to national security and military strategy with emphasis on geostrategic

Emergency Support Function 15: Communication Synchronization during Defense Support of Civil Authorities Operations

DTIC Science & Technology

2015-06-12

Security Strategy to integrate government security agency participation for increased national security.33 Morris , Morris , and Jones posit ICA occurs...New National Strategy Takes Whole-of-Government Approach,” American Forces Press Services (Washington, DC: DoD News, 2010), 1. 34 John C. Morris ...Elizabeth D. Morris , and Dale M. Jones, “Reaching for the Philosopher’s Stone: Contingent Coordination and the Military’s Response to Hurricane Katrina

Operating in the Gray Zone: An Alternative Paradigm for U.S. Military Strategy

DTIC Science & Technology

2016-04-01

labeling, or re-labeling, may have been to draw the attention of busy policymakers to rapidly emerging security issues , it has evolved into something... issues affecting the national security community. The Peacekeeping and Stability Operations Institute provides subject matter expertise, technical...SSI) is part of the U.S. Army War College and is the strategic-level study agent for issues related to national security and military strategy with

Information Security Management (ISM)

NASA Astrophysics Data System (ADS)

Šalgovičová, Jarmila; Prajová, Vanessa

2012-12-01

Currently, all organizations have to tackle the issue of information security. The paper deals with various aspects of Information Security Management (ISM), including procedures, processes, organizational structures, policies and control processes. Introduction of Information Security Management should be a strategic decision. The concept and implementation of Information Security Management in an organization are determined by the corporate needs and objectives, security requirements, the processes deployed as well as the size and structure of the organization. The implementation of ISM should be carried out to the extent consistent with the needs of the organization.

Information security of power enterprises of North-Arctic region

NASA Astrophysics Data System (ADS)

Sushko, O. P.

2018-05-01

The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

Competitive Strategies

DTIC Science & Technology

1988-05-27

Competitive Strategies Individual Essay 6. PERFORMING ORG. REPORT NUMBER 7. AUTHOR(@) S. CONTRACT OR GRANT NUMBER( e ) Robert M. Davis, LTC, AD S...DO FOe 1473 emIotN or, Nov es IS OBSOLETE -JA I Unclassifi fed SECURITY CLASSIFICATION OF THIS PA7. E (Whrn Does Entered) Unclassified SECURITY...focus within the Department of Defense to provide technical and tactical leverage over the Soviets. Competitive Strategies are a management tool which

Disaster at a University: A Case Study in Information Security

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Tyks, Jonathan

2012-01-01

Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

Colleges and universities: survival in the information age

NASA Astrophysics Data System (ADS)

Huff, Warren D.

2000-07-01

Coping with information technology (IT) planning is one of the more important, expensive, time-consuming and potentially disastrous exercises an academic institution can undertake. Those institutions that are successful in establishing administrative and academic frameworks within which rapid technological change and adaptation can occur will survive and those who stubbornly adhere to archaic styles of management and decision-making will not. IT strategies, priorities and plans must be driven by and integrated with on-going academic planning. Cross-department/unit collaboration must be encouraged and facilitated by university resources and processes. Long-range planning and identification of reasonable and attainable goals requires a leadership and governance structure in which all major stakeholders participate in setting information technology strategies, priorities, plans, standards and performance measures. A successful technology funding strategy must ensure budgeting for adequate network facilities, including assets and the people and processes to support them. Accompanying these administrative procedures should be an open dialogue on the issues brought about by apparent conflicts between University wide standardization of basic policy, procedures and technologies and the pedagogical and research initiatives which address unique collegiate or departmental needs. Network capabilities should be integrated, timely, accurate, secure and easily accessible to all who need it.

6 CFR 7.12 - Violations of classified information requirements.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Violations of classified information requirements. 7.12 Section 7.12 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION Administration § 7.12 Violations of classified information...

78 FR 77484 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline System Operator...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-23

... Federal agency for pipeline security, it is important for TSA to have contact information for company... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 1 2011-07-01 2011-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

75 FR 38595 - Guidance to States Regarding Driver History Record Information Security, Continuity of Operation...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-02

... Standards and Technology's (NIST) Computer Security Division maintains a Computer Security Resource Center... Regarding Driver History Record Information Security, Continuity of Operation Planning, and Disaster... (SDLAs) to support their efforts at maintaining the security of information contained in the driver...

14 CFR 1203.409 - Exceptional cases.

Code of Federal Regulations, 2010 CFR

2010-01-01

....409 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM... Information Security Program Committee, Security Division, Washington, DC 20546 for a classification..., to the Director, Information Security Oversight Office, GSA, for a determination. ...

The ISACA Business Model for Information Security: An Integrative and Innovative Approach

NASA Astrophysics Data System (ADS)

von Roessing, Rolf

In recent years, information security management has matured into a professional discipline that covers both technical and managerial aspects in an organisational environment. Information security is increasingly dependent on business-driven parameters and interfaces to a variety of organisational units and departments. In contrast, common security models and frameworks have remained largely technical. A review of extant models ranging from [LaBe73] to more recent models shows that technical aspects are covered in great detail, while the managerial aspects of security are often neglected.Likewise, the business view on organisational security is frequently at odds with the demands of information security personnel or information technology management. In practice, senior and executive level management remain comparatively distant from technical requirements. As a result, information security is generally regarded as a cost factor rather than a benefit to the organisation.

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2014 CFR

2014-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2011 CFR

2011-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2012 CFR

2012-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2013 CFR

2013-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1549.109 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SCREENING PROGRAM Operations § 1549.109 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify certified cargo screening facilities of security concerns. (b) When TSA...

49 CFR 1544.305 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SECURITY: AIR CARRIERS AND COMMERCIAL OPERATORS Threat and Threat Response § 1544.305 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify aircraft operators of...

36 CFR 1256.70 - What controls access to national security-classified information?

Code of Federal Regulations, 2010 CFR

2010-07-01

... national security-classified information? 1256.70 Section 1256.70 Parks, Forests, and Public Property... HISTORICAL MATERIALS Access to Materials Containing National Security-Classified Information § 1256.70 What controls access to national security-classified information? (a) The declassification of and public access...

Investigation on Covert Channel Attacks and Countermeasures in the Cloud

DTIC Science & Technology

2017-03-29

ahead of the game and continue improving our security systems. Thus, investigating novel attack strategies and tactics is crucial to shaping the...step to stay ahead of the game and continue improving our security systems. Thus, investigating novel attack strategies and tactics is crucial to

Crime Control Strategies in School: Chicanas'/os' Perceptions and Criminalization

ERIC Educational Resources Information Center

Portillos, Edwardo L.; Gonzalez, Juan Carlos; Peguero, Anthony A.

2012-01-01

High schools throughout the United States experience problems with violence, drugs, and crime. School administrators have responded with policies and strategies designed to prevent school violence such as zero tolerance approaches, partnerships with law enforcement agencies, security camera installations, and hiring additional security personnel…

Improving the Security of the U.S. Aeronautical Domain: Adopting an Intelligence-Led, Risk-Based Strategy and Partnership

DTIC Science & Technology

2010-12-01

Methodology RMAT Risk Management Assessment Tool SIDA Security Identification Display Area SIGINT Signals Intelligence SO18 Aviation Security...aircraft operate (§ 1542.203); • Provide detection and physical security measures for the “Security Identification Display Area” ( SIDA ), i.e., the area

Security Metrics: A Solution in Search of a Problem

ERIC Educational Resources Information Center

Rosenblatt, Joel

2008-01-01

Computer security is one of the most complicated and challenging fields in technology today. A security metrics program provides a major benefit: looking at the metrics on a regular basis offers early clues to changes in attack patterns or environmental factors that may require changes in security strategy. The term "security metrics"…

Autonomous Information Unit for Fine-Grain Data Access Control and Information Protection in a Net-Centric System

NASA Technical Reports Server (NTRS)

Chow, Edward T.; Woo, Simon S.; James, Mark; Paloulian, George K.

2012-01-01

As communication and networking technologies advance, networks will become highly complex and heterogeneous, interconnecting different network domains. There is a need to provide user authentication and data protection in order to further facilitate critical mission operations, especially in the tactical and mission-critical net-centric networking environment. The Autonomous Information Unit (AIU) technology was designed to provide the fine-grain data access and user control in a net-centric system-testing environment to meet these objectives. The AIU is a fundamental capability designed to enable fine-grain data access and user control in the cross-domain networking environments, where an AIU is composed of the mission data, metadata, and policy. An AIU provides a mechanism to establish trust among deployed AIUs based on recombining shared secrets, authentication and verify users with a username, X.509 certificate, enclave information, and classification level. AIU achieves data protection through (1) splitting data into multiple information pieces using the Shamir's secret sharing algorithm, (2) encrypting each individual information piece using military-grade AES-256 encryption, and (3) randomizing the position of the encrypted data based on the unbiased and memory efficient in-place Fisher-Yates shuffle method. Therefore, it becomes virtually impossible for attackers to compromise data since attackers need to obtain all distributed information as well as the encryption key and the random seeds to properly arrange the data. In addition, since policy can be associated with data in the AIU, different user access and data control strategies can be included. The AIU technology can greatly enhance information assurance and security management in the bandwidth-limited and ad hoc net-centric environments. In addition, AIU technology can be applicable to general complex network domains and applications where distributed user authentication and data protection are necessary. AIU achieves fine-grain data access and user control, reducing the security risk significantly, simplifying the complexity of various security operations, and providing the high information assurance across different network domains.

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.911 Admissibility of restricted data or other national security information. A presiding officer shall not receive any Restricted Data...

10 CFR 2.903 - Protection of restricted data and national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national security information. Nothing in this subpart shall relieve any person from safeguarding Restricted Data or National Security Information in accordance with the applicable provisions of laws of the United States and...

Examining the Relationship between Organization Systems and Information Security Awareness

ERIC Educational Resources Information Center

Tintamusik, Yanarong

2010-01-01

The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

Information Sharing for IT Security Professionals

ERIC Educational Resources Information Center

Petersen, Rodney J.

2008-01-01

Information sharing is a core value for information technology (IT) security professionals. It is also a familiar concept for those who work at institutions of higher education because of their long history of collaboration and openness. Information sharing has become part of the national fabric as IT security professionals attempt to secure cyber…

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.911 Admissibility of restricted data or other national security information. A presiding officer shall not receive any Restricted Data...

12 CFR Appendix B to Part 170 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2014 CFR

2014-01-01

... Security Standards B Appendix B to Part 170 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF... Part 170—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of...

12 CFR Appendix B to Part 170 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2013 CFR

2013-01-01

... Security Standards B Appendix B to Part 170 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF... Part 170—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of...

Specifying Skill-Based Training Strategies and Devices: A Model Description

DTIC Science & Technology

1990-06-01

Technical Report 897 Specifying Skill-Based Training N Strategies and Devices: A Model Description I Paui J. Sticha and Mark Schlager Human Resources...unlimied 90 ’ Technical Report 897 Specifying Skill-Based Training Strategies and Devices: A Model Description Paul J. Sticha and Mark Schlager Human...SECURITY CLASSIFICATION OF THIS PAGE Form Approved REPORT DOCUMENTATION PAGE FMNo o7 ote la. REPORT SECURITY CLASSIFICATION lb. RESTRICTWE MARKINGS

[How to establish the hospital information system security policies].

PubMed

Gong, Qing-Yue; Shi, Cheng

2008-03-01

It is important to establish the hospital information system security policies. While these security policies are being established, a comprehensive consideration should be given to the acceptable levels of users, IT supporters and hospital managers. We should have a formal policy designing process that is consistently followed by all security policies. Reasons for establishing the security policies and their coverage and applicable objects should be stated clearly. Besides, each policy should define user's responsibilities and penalties of violation. Every organization will need some key policies, such as of information sources usage, remote access, information protection, perimeter security, and baseline host/device security. Security managing procedures are the mechanisms to enforce the policies. An incident-handling procedure is the most important security managing procedure for all organizations.

46 CFR 503.59 - Safeguarding classified information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Information Security Program § 503.59 Safeguarding classified information. (a) All classified information... security; (2) Takes appropriate steps to protect classified information from unauthorized disclosure or... security check; (2) To protect the classified information in accordance with the provisions of Executive...

78 FR 73819 - Information Collection; Financial Information Security Request Form

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-09

... DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Financial Information Security... individuals and organizations on the extension with revision of a currently approved information collection, Financial Information Security Request Form. DATES: Comments must be received in writing on or before...

Validation of the Malaysian Coping Strategy Instrument to measure household food insecurity in Kelantan, Malaysia.

PubMed

Sulaiman, Norhasmah; Shariff, Zalilah Mohd; Jalil, Rohana Abdul; Taib, Mohd Nasir Mohd; Kandiah, Mirnalini; Samah, Asnarulkhadi Abu

2011-12-01

Food insecurity occurs whenever people are not able to access enough food at all times for an active and healthy life or when adequate and safe food acquired by socially acceptable ways is not available. To validate the Malaysian Coping Strategy Instrument (MCSI) to measure household food insecurity in Kelantan, Malaysia. A cross-sectional study was conducted on 301 nonpregnant, nonlactating Malay women, aged between 19 and 49 years, living in rural and urban areas. The respondents were interviewed with the use of a structured questionnaire to obtain information on their demographic and socioeconomic characteristics, household food security, and dietary intake. Demographic and socioeconomic characteristics (household size, number of children, number of children attending school, household income, and per capita income) were significantly associated with household food-security status in rural and urban areas. Energy intake, fat intake, percentage of energy from fat, and number of servings of meat,fish, or poultry and legumes were significantly associated with household food-security status in rural areas. The dietary diversity score was significantly associated with household food-security status in rural and urban areas. Validating the MCSI in other areas of Malaysia as well as in similar settings elsewhere in the world before it is used to measure household food insecurity in the population is strongly recommended. In this study, the MCSI was found to be a reliable and valid measure of household food insecurity based on criterion-related validity, particularly in terms of demographic and socioeconomic characteristics and dietary diversity.

How ISO/IEC 17799 can be used for base lining information assurance among entities using data mining for defense, homeland security, commercial, and other civilian/commercial domains

NASA Astrophysics Data System (ADS)

Perry, William G.

2006-04-01

One goal of database mining is to draw unique and valid perspectives from multiple data sources. Insights that are fashioned from closely-held data stores are likely to possess a high degree of reliability. The degree of information assurance comes into question, however, when external databases are accessed, combined and analyzed to form new perspectives. ISO/IEC 17799, Information technology-Security techniques-Code of practice for information security management, can be used to establish a higher level of information assurance among disparate entities using data mining in the defense, homeland security, commercial and other civilian/commercial domains. Organizations that meet ISO/IEC information security standards have identified and assessed risks, threats and vulnerabilities and have taken significant proactive steps to meet their unique security requirements. The ISO standards address twelve domains: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management and business continuity management and compliance. Analysts can be relatively confident that if organizations are ISO 17799 compliant, a high degree of information assurance is likely to be a characteristic of the data sets being used. The reverse may be true. Extracting, fusing and drawing conclusions based upon databases with a low degree of information assurance may be wrought with all of the hazards that come from knowingly using bad data to make decisions. Using ISO/IEC 17799 as a baseline for information assurance can help mitigate these risks.

Successful public-private partnerships: The NYPD shield model.

PubMed

Amadeo, Vincent; Iannone, Stephen

2017-12-01

This article will identify the challenges that post 9/11 law enforcement faces regarding privatepublic partnerships and describe in detail the NYPD Shield programme, created to combat those challenges. Recommendations made by the 911 Commission included the incorporation of the private sector into future homeland security strategies. One such strategy is NYPD Shield. This programme is a nationally recognized award-winning public-private partnership dedicated to providing counterterrorism training and information sharing with government agencies, non-government organizations, private businesses, and the community. Information is shared through several platforms that include a dedicated website, instruction of counterterrorism training curricula, e-mail alerts, intelligence assessments and the hosting of quarterly conferences. This article also details how the NYPD Shield is providing its successful template to other law enforcement agencies enabling them to initiate similar programmes in their respective jurisdictions, and in doing so joining a National Shield Network.

A Computer Security Course in the Undergraduate Computer Science Curriculum.

ERIC Educational Resources Information Center

Spillman, Richard

1992-01-01

Discusses the importance of computer security and considers criminal, national security, and personal privacy threats posed by security breakdown. Several examples are given, including incidents involving computer viruses. Objectives, content, instructional strategies, resources, and a sample examination for an experimental undergraduate computer…

78 FR 30319 - Intent to Request Renewal From OMB of One Current Public Collection of Information: Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-22

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration [Docket No. TSA-2002-11602] Intent to Request Renewal From OMB of One Current Public Collection of Information: Security Programs for..., Transportation Security Administration, 601 South 12th Street, Arlington, VA 20598-6011. FOR FURTHER INFORMATION...

Information Security Awareness On-Line Materials Design with Knowledge Maps

ERIC Educational Resources Information Center

Shaw, Ruey-Shiang; Keh, Huan-Chao; Huang, Nan-Ching; Huang, Tien-Chuan

2011-01-01

Information Security Awareness, though known as a primary and important issue in the domain of Information Security, CSI computer crime and security survey showed poor security awareness training in public and private sectors. In many studies, the authors have found that the usage of knowledge maps helps the process of learning and conception…

77 FR 26564 - Advisory Committee on Commercial Operations of Customs and Border Protection (COAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-04

... National Strategy for Global Supply Chain Security. The work of the Trade Facilitation Subcommittee... Strategy for Global Supply Chain Security as it relates to the Committee's effort to solicit, consolidate... chain management project. The Anti-Dumping/Countervailing Duties Subcommittee work on educational...

Beyond Iraq: The Lessons of a Hard Place

DTIC Science & Technology

2007-07-01

Hegemony or Survival, widely read since Venezuelan President Huga Chavez called attention to it in his UN General Assembly speech in the fall of 2006, Noam ... Chomsky makes a sport of attacking the 2002 National Security Strategy upon which the 2004 NMS is based. 39. 2006 National Security Strategy

Poverty, household food insecurity and nutrition: coping strategies in an informal settlement in the Vaal Triangle, South Africa.

PubMed

Oldewage-Theron, Wilna H; Dicks, Emsie G; Napier, Carin E

2006-09-01

The objective of this study was to determine household food security and coping strategies of an informal settlement in the Vaal Triangle. A survey study design was used. Pre-tested socio-demographic questionnaires were administered to 357 randomly selected caregivers and 149 children aged 9-13 years old. A validated quantified food frequency questionnaire (QFFQ) and 24-h recall were used to measure dietary intake and food consumption patterns and the Cornell hunger scale to determine coping strategies. Data were statistically analysed for means and standard deviations. The results indicated that the majority of caregivers (68.8%) had an income of

Obtaining waivers of parental consent: A strategy endorsed by gay, bisexual, and queer adolescent males for health prevention research.

PubMed

Flores, Dalmacio; McKinney, Ross; Arscott, Joyell; Barroso, Julie

Requiring parental consent in studies with sexual minority youth (SMY) can sometimes be problematic as participants may have yet to disclose their sexual orientation, may not feel comfortable asking parents' permission, and may promote a self-selection bias. We discuss rationale for waiving parental consent, strategies to secure waivers from review boards, and present participants' feedback on research without parents' permission. We share our institutional review board proposal in which we made a case that excluding SMY from research violates ethical research principles, does not recognize their autonomy, and limits collection of sexuality data. Standard consent policies may inadvertently exclude youth who are at high risk for negative health outcomes or may potentially put them at risk because of forced disclosure of sexual orientation. Securing a waiver addresses these concerns and allows for rich data, which is critical for providers to have a deeper understanding of their unique sexual health needs. To properly safeguard and encourage research informed by SMY, parental consent waivers may be necessary. Copyright © 2017 Elsevier Inc. All rights reserved.

Improving HIV/AIDS Knowledge Management Using EHRs

PubMed Central

Malmberg, Erik D.; Phan, Thao M.; Harmon, Glynn; Nauert, Richard F.

2012-01-01

Background A primary goal for the development of EHRs and EHR-related technologies should be to facilitate greater knowledge management for improving individual and community health outcomes associated with HIV / AIDS. Most of the current developments of EHR have focused on providing data for research, patient care and prioritization of healthcare provider resources in other areas. More attention should be paid to using information from EHRs to assist local, state, national, and international entities engaged in HIV / AIDS care, research and prevention strategies. Unfortunately the technology and standards for HIV-specific reporting modules are still being developed. Methods: A literature search and review supplemented by the author’s own experiences with electronic health records and HIV / AIDS prevention strategies will be used. This data was used to identify both opportunities and challenges for improving public health informatics primarily through the use of latest innovations in EHRs. Qualitative analysis and suggestions are offered for how EHRs can support knowledge management and prevention strategies associated with HIV infection. Results: EHR information, including demographics, medical history, medication and allergies, immunization status, and other vital statistics can help public health practitioners to more quickly identify at-risk populations or environments; allocate scarce resources in the most efficient way; share information about successful, evidenced-based prevention strategies; and increase longevity and quality of life. Conclusion: Local, state, and federal entities need to work more collaboratively with NGOs, community-based organizations, and the private sector to eliminate barriers to implementation including cost, interoperability, accessibility, and information security. PMID:23569643

Improving HIV/AIDS Knowledge Management Using EHRs.

PubMed

Malmberg, Erik D; Phan, Thao M; Harmon, Glynn; Nauert, Richard F

2012-01-01

A primary goal for the development of EHRs and EHR-related technologies should be to facilitate greater knowledge management for improving individual and community health outcomes associated with HIV / AIDS. Most of the current developments of EHR have focused on providing data for research, patient care and prioritization of healthcare provider resources in other areas. More attention should be paid to using information from EHRs to assist local, state, national, and international entities engaged in HIV / AIDS care, research and prevention strategies. Unfortunately the technology and standards for HIV-specific reporting modules are still being developed. A literature search and review supplemented by the author's own experiences with electronic health records and HIV / AIDS prevention strategies will be used. This data was used to identify both opportunities and challenges for improving public health informatics primarily through the use of latest innovations in EHRs. Qualitative analysis and suggestions are offered for how EHRs can support knowledge management and prevention strategies associated with HIV infection. EHR information, including demographics, medical history, medication and allergies, immunization status, and other vital statistics can help public health practitioners to more quickly identify at-risk populations or environments; allocate scarce resources in the most efficient way; share information about successful, evidenced-based prevention strategies; and increase longevity and quality of life. Local, state, and federal entities need to work more collaboratively with NGOs, community-based organizations, and the private sector to eliminate barriers to implementation including cost, interoperability, accessibility, and information security.

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability. Contracting Officers are responsible for ensuring that all information technology acquisitions comply with the Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

Combating terrorism : linking threats to strategies and resources testimony

DOT National Transportation Integrated Search

2000-07-26

This is the statement of Norman J. Rabkin, Director, National Security Preparedness Issues, National Security and International Affairs division before the Subcommittee on National Security, Veterans Affairs, and International Relations, Committee on...

Joint Operations 2030 - Phase III Report: The JO 2030 Capability Set (Operations interarmees 2030 - Rapport Phase III: L’ensemble capacitaire JO 2030)

DTIC Science & Technology

2011-04-01

a ‘strategy as process’ manner to develop capabilities that are flexible, adaptable and robust. 3.4 Future structures The need for agile...to develop models of the future security environment 3.4.10 Planning Under Deep Uncertainty Future structures The need for agile, flexible and... Organisation NEC Network Enabled Capability NGO Non Government Organisation NII Networking and Information Infrastructure PVO Private Voluntary

First to Fight in the Next Fight?: The Marine Expeditionary Brigade and a Return to an Expeditionary Marine Corps Strategy

DTIC Science & Technology

2010-01-01

masses of small communications devices. The close-in covert autonomous disposable aircraft ( CICADA ) could provide an expansive network of secure short... CICADAs , the loss of a few nodes could still be compensated for by electronics seeking usable signals from other nearby nodes with network encryption...engine for basic first responder medical information, using a wireless connection, possibly from CICADA , to seek advice from medical personnel, and

Operational Level Information Sharing Between the U.S. Navy and Southeast Asia Maritime Institutions

DTIC Science & Technology

2017-06-09

material for the case study. The Seventh Fleet lessons learned and media documentary of the multinational search for Malaysia Airlines flight MH370...transnational partners.3 2 In its 2015 Asia-Pacific Maritime Security Strategy, the U.S. Department of Defense outlined a framework to manage these...Southeast Asia maritime region—and particularly in the SCS—is too extensive for the U.S., or any single stakeholder, to manage unilaterally.8 The

10 CFR 2.906 - Obligation of parties to avoid introduction of restricted data or national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... data or national security information. 2.906 Section 2.906 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.906 Obligation of parties to avoid introduction of restricted data or national security information. It is the...

22 CFR 9a.1 - Security of certain information and material related to the International Energy Program.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 22 Foreign Relations 1 2011-04-01 2011-04-01 false Security of certain information and material... GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL ENERGY PROGRAMS; RELATED MATERIAL § 9a.1 Security of certain information and material related to the International Energy Program...

10 CFR 2.913 - Review of Restricted Data or other National Security Information received in evidence.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.913 Review of Restricted Data or other National Security Information received in evidence. At the close of the reception of... National Security Information be expunged from the record where such expunction would not prejudice the...

10 CFR 2.907 - Notice of intent to introduce restricted data or national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... security information. 2.907 Section 2.907 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.907 Notice of intent to introduce restricted data or national security information. (a) If, at the time of publication of a notice...

17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

Code of Federal Regulations, 2011 CFR

2011-04-01

... information processors: form of application and amendments. 242.609 Section 242.609 Commodity and Securities....609 Registration of securities information processors: form of application and amendments. (a) An application for the registration of a securities information processor shall be filed on Form SIP (§ 249.1001...

17 CFR 140.20 - Designation of senior official to oversee Commission use of national security information.

Code of Federal Regulations, 2011 CFR

2011-04-01

... to oversee Commission use of national security information. 140.20 Section 140.20 Commodity and... safeguarding of national security information received by the Commission from other agencies, to chair a... suggestions and complaints with respect to the Commission administration of its information security program...

10 CFR 2.908 - Contents of notice of intent to introduce restricted data or other national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... or other national security information. 2.908 Section 2.908 Energy NUCLEAR REGULATORY COMMISSION... Applicable to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.908 Contents of notice of intent to introduce restricted data or other national security information. (a) A...

The Chain-Link Fence Model: A Framework for Creating Security Procedures

ERIC Educational Resources Information Center

Houghton, Robert F.

2013-01-01

A long standing problem in information technology security is how to help reduce the security footprint. Many specific proposals exist to address specific problems in information technology security. Most information technology solutions need to be repeatable throughout the course of an information systems lifecycle. The Chain-Link Fence Model is…

Key Factors in the Success of an Organization's Information Security Culture: A Quantitative Study and Analysis

ERIC Educational Resources Information Center

Pierce, Robert E.

2012-01-01

This research study reviewed relative literature on information security and information security culture within organizations to determine what factors potentially assist an organization in implementing, integrating, and maintaining a successful organizational information security culture. Based on this review of literature, five key factors were…

Incorporating Global Information Security and Assurance in I.S. Education

ERIC Educational Resources Information Center

White, Garry L.; Hewitt, Barbara; Kruck, S. E.

2013-01-01

Over the years, the news media has reported numerous information security incidents. Because of identity theft, terrorism, and other criminal activities, President Obama has made information security a national priority. Not only is information security and assurance an American priority, it is also a global issue. This paper discusses the…

10 CFR 2.908 - Contents of notice of intent to introduce restricted data or other national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... or other national security information. 2.908 Section 2.908 Energy NUCLEAR REGULATORY COMMISSION... Applicable to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.908 Contents of notice of intent to introduce restricted data or other national security information. (a) A...

22 CFR 9a.1 - Security of certain information and material related to the International Energy Program.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 22 Foreign Relations 1 2010-04-01 2010-04-01 false Security of certain information and material... GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL ENERGY PROGRAMS; RELATED MATERIAL § 9a.1 Security of certain information and material related to the International Energy Program...

10 CFR 2.913 - Review of Restricted Data or other National Security Information received in evidence.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.913 Review of Restricted Data or other National Security Information received in evidence. At the close of the reception of... National Security Information be expunged from the record where such expunction would not prejudice the...

10 CFR 2.906 - Obligation of parties to avoid introduction of restricted data or national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... data or national security information. 2.906 Section 2.906 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.906 Obligation of parties to avoid introduction of restricted data or national security information. It is the...

10 CFR 2.907 - Notice of intent to introduce restricted data or national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... security information. 2.907 Section 2.907 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.907 Notice of intent to introduce restricted data or national security information. (a) If, at the time of publication of a notice...

17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

Code of Federal Regulations, 2010 CFR

2010-04-01

... information processors: form of application and amendments. 242.609 Section 242.609 Commodity and Securities....609 Registration of securities information processors: form of application and amendments. (a) An application for the registration of a securities information processor shall be filed on Form SIP (§ 249.1001...

Exploring Factors that Influence Students' Behaviors in Information Security

ERIC Educational Resources Information Center

Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary

2012-01-01

Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept of…

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and... information contained in those systems. Each system's level of security shall protect the integrity...

Beyond Conflict and Kinetics: Airpower Strategy for Human Security Operations

DTIC Science & Technology

2014-08-26

America to a leadership role of the international community while dramatically altering its security environment. After World War II, American security...health, environmental, personal, community , and political security. At the same time it stopped short of providing a finite definition, instead...seven areas of human security are economic, food, health, environmental, personal, community and political security. These components are a “universal

75 FR 1566 - National Industrial Security Program Directive No. 1

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-12

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office 32 CFR Part...: Information Security Oversight Office, NARA. ACTION: Proposed rule; correction. SUMMARY: This document... Management System (FDMS) number to the proposed rule for Information Security Oversight Office (ISOO...

6 CFR 7.11 - Components' responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... INFORMATION Administration § 7.11 Components' responsibilities. Each DHS component shall appoint a security... security information; (b) Report violations of the provisions of this regulation to the Chief Security... component acquire adequate security education and training, as required by the DHS classified information...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2014 CFR

2014-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2013 CFR

2013-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2012 CFR

2012-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

Network security system for health and medical information using smart IC card

NASA Astrophysics Data System (ADS)

Kanai, Yoichi; Yachida, Masuyoshi; Yoshikawa, Hiroharu; Yamaguchi, Masahiro; Ohyama, Nagaaki

1998-07-01

A new network security protocol that uses smart IC cards has been designed to assure the integrity and privacy of medical information in communication over a non-secure network. Secure communication software has been implemented as a library based on this protocol, which is called the Integrated Secure Communication Layer (ISCL), and has been incorporated into information systems of the National Cancer Center Hospitals and the Health Service Center of the Tokyo Institute of Technology. Both systems have succeeded in communicating digital medical information securely.

Attachment and Family Processes in Children's Psychological Adjustment in Middle Childhood.

PubMed

Demby, Kimberly P; Riggs, Shelley A; Kaminski, Patricia L

2017-03-01

This study examined the links between parent-child attachment, whole family interaction patterns, and child emotional adjustment and adaptability in a sample of 86 community families with children between the ages of 8 and 11 years. Family interactions were observed and coded with the System for Coding Interactions and Family Functioning (SCIFF; Lindahl, 2001). Both parents and each target child completed the appropriate form of the Behavior Assessment System for Children-2nd Edition (BASC-2; Reynolds & Kamphaus, 2004). Target children also completed the Children's Coping Strategies Questionnaire (CCSQ; Yunger, Corby, & Perry, 2005). Hierarchical multiple regressions indicated that Secure mother-child attachment was a robust predictor of children's emotional symptoms, but father-child attachment strategies were not significant independent predictors. Positive Affect in family interactions significantly increased the amount of variance accounted for in children's emotional symptoms. In addition, Family Cohesion and Positive Affect moderated the relationship between father-child attachment and children's emotional symptoms. When data from all BASC-2 informants (mother, father, child) were considered simultaneously and multidimensional constructs were modeled, mother-child security directly predicted children's adjustment and adaptive skills, but the influence of father-child security was fully mediated through positive family functioning. Results of the current study support the utility of considering dyadic attachment and family interaction patterns conjointly when conceptualizing and fostering positive emotional and behavioral outcomes in children. © 2015 Family Process Institute.

FEMA Urban Search and Rescue Teams: Considering an Improved Strategy for an Evolving Homeland Security Enterprise

DTIC Science & Technology

2012-09-01

and Rescue (US&R) teams be used more effectively and efficiently in the Homeland Security Enterprise ( HSE )? 1. Are there other strategies that would...allow the FEMA US&R resources to be more adaptable in the HSE ? 2. What other disciplines could be integrated with the FEMA US&R task forces to...consideration of the questions: 1. Can the FEMA US&R teams be used more effectively in the Homeland Security Enterprise ( HSE )? 2. Are there other

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 7 Agriculture 14 2013-01-01 2013-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 7 Agriculture 14 2014-01-01 2014-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 7 Agriculture 14 2011-01-01 2011-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 7 Agriculture 14 2012-01-01 2012-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

Technical solutions for mitigating security threats caused by health professionals in clinical settings.

PubMed

Fernandez-Aleman, Jose Luis; Belen Sanchez Garcia, Ana; Garcia-Mateos, Gines; Toval, Ambrosio

2015-08-01

The objective of this paper is to present a brief description of technical solutions for health information system security threats caused by inadequate security and privacy practices in healthcare professionals. A literature search was carried out in ScienceDirect, ACM Digital Library and IEEE Digital Library to find papers reporting technical solutions for certain security problems in information systems used in clinical settings. A total of 17 technical solutions were identified: measures for password security, the secure use of e-mail, the Internet, portable storage devices, printers and screens. Although technical safeguards are essential to the security of healthcare organization's information systems, good training, awareness programs and adopting a proper information security policy are particularly important to prevent insiders from causing security incidents.

A cooperative model for IS security risk management in distributed environment.

PubMed

Feng, Nan; Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

Cyber indicators of compromise: a domain ontology for security information and event management

DTIC Science & Technology

2017-03-01

COMPROMISE: A DOMAIN ONTOLOGY FOR SECURITY INFORMATION AND EVENT MANAGEMENT by Marsha D. Rowell March 2017 Thesis Co-Advisors: J. D...to automate this work is Security Information and Event Management (SIEM). In short, SIEM technology works by aggregating log information , and then...Distribution is unlimited. CYBER INDICATORS OF COMPROMISE: A DOMAIN ONTOLOGY FOR SECURITY INFORMATION AND EVENT MANAGEMENT Marsha D. Rowell

The Impact of the Security Competency on "Self-Efficacy in Information Security" for Effective Health Information Security in Iran.

PubMed

Shahri, Ahmad Bakhtiyari; Ismail, Zuraini; Mohanna, Shahram

2016-11-01

The security effectiveness based on users' behaviors is becoming a top priority of Health Information System (HIS). In the first step of this study, through the review of previous studies 'Self-efficacy in Information Security' (SEIS) and 'Security Competency' (SCMP) were identified as the important factors to transforming HIS users to the first line of defense in the security. Subsequently, a conceptual model was proposed taking into mentioned factors for HIS security effectiveness. Then, this quantitative study used the structural equation modeling to examine the proposed model based on survey data collected from a sample of 263 HIS users from eight hospitals in Iran. The result shows that SEIS is one of the important factors to cultivate of good end users' behaviors toward HIS security effectiveness. However SCMP appears a feasible alternative to providing SEIS. This study also confirms the mediation effects of SEIS on the relationship between SCMP and HIS security effectiveness. The results of this research paper can be used by HIS and IT managers to implement their information security process more effectively.

49 CFR 1520.1 - Scope.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY... of records and information that TSA has determined to be Sensitive Security Information, as defined...

78 FR 19073 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-28

... individual custodians; end-investors providing security-by-security information will require an average of...; end-investors providing security-by-security information will require an average of 146 hours; and... keeping burdens on respondents, including the use of information technologies to automate the collection...

17 CFR 242.600 - NMS security designation and definitions.

Code of Federal Regulations, 2013 CFR

2013-04-01

...) Interrogation device means any securities information retrieval system capable of displaying transaction reports... with respect to such order; and (v) Immediately and automatically displays information that updates the... security; and (ii) Consolidated last sale information for a security. (14) Consolidated last sale...

17 CFR 242.600 - NMS security designation and definitions.

Code of Federal Regulations, 2014 CFR

2014-04-01

...) Interrogation device means any securities information retrieval system capable of displaying transaction reports... with respect to such order; and (v) Immediately and automatically displays information that updates the... security; and (ii) Consolidated last sale information for a security. (14) Consolidated last sale...

17 CFR 242.600 - NMS security designation and definitions.

Code of Federal Regulations, 2011 CFR

2011-04-01

...) Interrogation device means any securities information retrieval system capable of displaying transaction reports... with respect to such order; and (v) Immediately and automatically displays information that updates the... security; and (ii) Consolidated last sale information for a security. (14) Consolidated last sale...

17 CFR 242.600 - NMS security designation and definitions.

Code of Federal Regulations, 2012 CFR

2012-04-01

...) Interrogation device means any securities information retrieval system capable of displaying transaction reports... with respect to such order; and (v) Immediately and automatically displays information that updates the... security; and (ii) Consolidated last sale information for a security. (14) Consolidated last sale...

6 CFR 7.1 - Purpose.

Code of Federal Regulations, 2011 CFR

2011-01-01

... DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION § 7.1 Purpose. The purpose of this part is to ensure that information within the Department of Homeland Security... provisions of Executive Order 12958, as amended, and implementing directives from the Information Security...

46 CFR 503.58 - Appeals of denials of mandatory declassification review requests.

Code of Federal Regulations, 2010 CFR

2010-10-01

... PUBLIC INFORMATION Information Security Program § 503.58 Appeals of denials of mandatory declassification... Security Classification Appeals Panel. The appeal should be addressed to, Executive Secretary, Interagency Security Classification Appeals Panel, Attn: Classification Challenge Appeals, c/o Information Security...

78 FR 69286 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-19

... Clearance and Safeguarding of National Security Information and Restricted Data AGENCY: Nuclear Regulatory... Executive Order 13526, Classified National Security Information. In addition, this direct final rule allowed... licensees (or their designees) to conduct classified [[Page 69287

75 FR 45151 - National Security Division; Agency Information Collection Activities: Proposed Collection...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-02

... DEPARTMENT OF JUSTICE [OMB Number 1124-0006] National Security Division; Agency Information...), National Security Division (NSD), will be submitting the following information collection request to the..., 10th & Constitution Avenue, NW., National Security Division, Counterespionage Section/Registration Unit...

6 CFR 7.1 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-01-01

... DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION § 7.1 Purpose. The purpose of this part is to ensure that information within the Department of Homeland Security... provisions of Executive Order 12958, as amended, and implementing directives from the Information Security...

49 CFR 1.27 - Delegations to the General Counsel.

Code of Federal Regulations, 2012 CFR

2012-10-01

...) (Security and research and development activities), as implemented by 49 CFR part 15 (Protection of Sensitive Security Information), relating to the determination that information is Sensitive Security Information, in consultation and coordination with the Office of Intelligence, Security and Emergency Response...

49 CFR 1.27 - Delegations to the General Counsel.

Code of Federal Regulations, 2013 CFR

2013-10-01

...) (Security and research and development activities), as implemented by 49 CFR part 15 (Protection of Sensitive Security Information), relating to the determination that information is Sensitive Security Information, in consultation and coordination with the Office of Intelligence, Security and Emergency Response...

49 CFR 1.27 - Delegations to the General Counsel.

Code of Federal Regulations, 2014 CFR

2014-10-01

...) (Security and research and development activities), as implemented by 49 CFR part 15 (Protection of Sensitive Security Information), relating to the determination that information is Sensitive Security Information, in consultation and coordination with the Office of Intelligence, Security and Emergency Response...

32 CFR 2001.1 - Purpose and scope.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Telecommunications, automated information systems, and network security 4.1, 4.2 2001.51 Technical security 4.1 2001... National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Scope of Part § 2001...

32 CFR 2001.1 - Purpose and scope.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Telecommunications, automated information systems, and network security 4.1, 4.2 2001.51 Technical security 4.1 2001... National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Scope of Part § 2001...

32 CFR 2001.1 - Purpose and scope.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Telecommunications, automated information systems, and network security 4.1, 4.2 2001.51 Technical security 4.1 2001... National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Scope of Part § 2001...

32 CFR 2001.1 - Purpose and scope.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Telecommunications, automated information systems, and network security 4.1, 4.2 2001.51 Technical security 4.1 2001... National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Scope of Part § 2001...

32 CFR 2001.1 - Purpose and scope.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Telecommunications, automated information systems, and network security 4.1, 4.2 2001.51 Technical security 4.1 2001... National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Scope of Part § 2001...

Security Approaches in Using Tablet Computers for Primary Data Collection in Clinical Research

PubMed Central

Wilcox, Adam B.; Gallagher, Kathleen; Bakken, Suzanne

2013-01-01

Next-generation tablets (iPads and Android tablets) may potentially improve the collection and management of clinical research data. The widespread adoption of tablets, coupled with decreased software and hardware costs, has led to increased consideration of tablets for primary research data collection. When using tablets for the Washington Heights/Inwood Infrastructure for Comparative Effectiveness Research (WICER) project, we found that the devices give rise to inherent security issues associated with the potential use of cloud-based data storage approaches. This paper identifies and describes major security considerations for primary data collection with tablets; proposes a set of architectural strategies for implementing data collection forms with tablet computers; and discusses the security, cost, and workflow of each strategy. The paper briefly reviews the strategies with respect to their implementation for three primary data collection activities for the WICER project. PMID:25848559

Security approaches in using tablet computers for primary data collection in clinical research.

PubMed

Wilcox, Adam B; Gallagher, Kathleen; Bakken, Suzanne

2013-01-01

Next-generation tablets (iPads and Android tablets) may potentially improve the collection and management of clinical research data. The widespread adoption of tablets, coupled with decreased software and hardware costs, has led to increased consideration of tablets for primary research data collection. When using tablets for the Washington Heights/Inwood Infrastructure for Comparative Effectiveness Research (WICER) project, we found that the devices give rise to inherent security issues associated with the potential use of cloud-based data storage approaches. This paper identifies and describes major security considerations for primary data collection with tablets; proposes a set of architectural strategies for implementing data collection forms with tablet computers; and discusses the security, cost, and workflow of each strategy. The paper briefly reviews the strategies with respect to their implementation for three primary data collection activities for the WICER project.

6 CFR 7.21 - Classification of information, limitations.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Classification of information, limitations. 7.21... NATIONAL SECURITY INFORMATION Classified Information § 7.21 Classification of information, limitations. (a... protection in the interest of national security. (d) Information may be reclassified after it has been...

The Role of Health Care Experience and Consumer Information Efficacy in Shaping Privacy and Security Perceptions of Medical Records: National Consumer Survey Results

PubMed Central

Beckjord, Ellen; Moser, Richard P; Hughes, Penelope; Hesse, Bradford W

2015-01-01

Background Providers’ adoption of electronic health records (EHRs) is increasing and consumers have expressed concerns about the potential effects of EHRs on privacy and security. Yet, we lack a comprehensive understanding regarding factors that affect individuals’ perceptions regarding the privacy and security of their medical information. Objective The aim of this study was to describe national perceptions regarding the privacy and security of medical records and identify a comprehensive set of factors associated with these perceptions. Methods Using a nationally representative 2011-2012 survey, we reported on adults’ perceptions regarding privacy and security of medical records and sharing of health information between providers, and whether adults withheld information from a health care provider due to privacy or security concerns. We used multivariable models to examine the association between these outcomes and sociodemographic characteristics, health and health care experience, information efficacy, and technology-related variables. Results Approximately one-quarter of American adults (weighted n=235,217,323; unweighted n=3959) indicated they were very confident (n=989) and approximately half indicated they were somewhat confident (n=1597) in the privacy of their medical records; we found similar results regarding adults’ confidence in the security of medical records (very confident: n=828; somewhat confident: n=1742). In all, 12.33% (520/3904) withheld information from a health care provider and 59.06% (2100/3459) expressed concerns about the security of both faxed and electronic health information. Adjusting for other characteristics, adults who reported higher quality of care had significantly greater confidence in the privacy and security of their medical records and were less likely to withhold information from their health care provider due to privacy or security concerns. Adults with higher information efficacy had significantly greater confidence in the privacy and security of medical records and less concern about sharing of health information by both fax and electronic means. Individuals’ perceptions of whether their providers use an EHR was not associated with any privacy or security outcomes. Conclusions Although most adults are confident in the privacy and security of their medical records, many express concerns regarding sharing of information between providers; a minority report withholding information from their providers due to privacy and security concerns. Whether individuals thought their provider was using an EHR was not associated with negative privacy/security perceptions or withholding, suggesting the transition to EHRs is not associated with negative perceptions regarding the privacy and security of medical information. However, monitoring to see how this evolves will be important. Given that positive health care experiences and higher information efficacy were associated with more favorable perceptions of privacy and security, efforts should continue to encourage providers to secure medical records, provide patients with a “meaningful choice” in how their data are shared, and enable individuals to access information they need to manage their care. PMID:25843686

The role of health care experience and consumer information efficacy in shaping privacy and security perceptions of medical records: national consumer survey results.

PubMed

Patel, Vaishali; Beckjord, Ellen; Moser, Richard P; Hughes, Penelope; Hesse, Bradford W

2015-04-02

Providers' adoption of electronic health records (EHRs) is increasing and consumers have expressed concerns about the potential effects of EHRs on privacy and security. Yet, we lack a comprehensive understanding regarding factors that affect individuals' perceptions regarding the privacy and security of their medical information. The aim of this study was to describe national perceptions regarding the privacy and security of medical records and identify a comprehensive set of factors associated with these perceptions. Using a nationally representative 2011-2012 survey, we reported on adults' perceptions regarding privacy and security of medical records and sharing of health information between providers, and whether adults withheld information from a health care provider due to privacy or security concerns. We used multivariable models to examine the association between these outcomes and sociodemographic characteristics, health and health care experience, information efficacy, and technology-related variables. Approximately one-quarter of American adults (weighted n=235,217,323; unweighted n=3959) indicated they were very confident (n=989) and approximately half indicated they were somewhat confident (n=1597) in the privacy of their medical records; we found similar results regarding adults' confidence in the security of medical records (very confident: n=828; somewhat confident: n=1742). In all, 12.33% (520/3904) withheld information from a health care provider and 59.06% (2100/3459) expressed concerns about the security of both faxed and electronic health information. Adjusting for other characteristics, adults who reported higher quality of care had significantly greater confidence in the privacy and security of their medical records and were less likely to withhold information from their health care provider due to privacy or security concerns. Adults with higher information efficacy had significantly greater confidence in the privacy and security of medical records and less concern about sharing of health information by both fax and electronic means. Individuals' perceptions of whether their providers use an EHR was not associated with any privacy or security outcomes. Although most adults are confident in the privacy and security of their medical records, many express concerns regarding sharing of information between providers; a minority report withholding information from their providers due to privacy and security concerns. Whether individuals thought their provider was using an EHR was not associated with negative privacy/security perceptions or withholding, suggesting the transition to EHRs is not associated with negative perceptions regarding the privacy and security of medical information. However, monitoring to see how this evolves will be important. Given that positive health care experiences and higher information efficacy were associated with more favorable perceptions of privacy and security, efforts should continue to encourage providers to secure medical records, provide patients with a "meaningful choice" in how their data are shared, and enable individuals to access information they need to manage their care.

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 7 Agriculture 14 2010-01-01 2009-01-01 true Account and security information in UCC cases. 1962.14... Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after receipt of a written... the information, it may be liable for any loss caused the borrower and, in some States, other parties...

Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing

ERIC Educational Resources Information Center

Ilvonen, Ilona

2013-01-01

Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…

CMMI(Registered) for Services, Version 1.3

DTIC Science & Technology

2010-11-01

ISO 2008b] ISO /IEC 27001 :2005 Information technology – Security techniques – Information Security Management Systems – Requirements [ ISO /IEC 2005...Commission. ISO /IEC 27001 Information Technology – Security Techniques – Information Security Management Systems – Requirements, 2005. http...CMM or International Organization for Standardization ( ISO ) 9001, you will immediately recognize many similarities in their structure and content

The Impact of Information Richness on Information Security Awareness Training Effectiveness

ERIC Educational Resources Information Center

Shaw, R. S.; Chen, Charlie C.; Harris, Albert L.; Huang, Hui-Jou

2009-01-01

In recent years, rapid progress in the use of the internet has resulted in huge losses in many organizations due to lax security. As a result, information security awareness is becoming an important issue to anyone using the Internet. To reduce losses, organizations have made information security awareness a top priority. The three main barriers…

Information security system quality assessment through the intelligent tools

NASA Astrophysics Data System (ADS)

Trapeznikov, E. V.

2018-04-01

The technology development has shown the automated system information security comprehensive analysis necessity. The subject area analysis indicates the study relevance. The research objective is to develop the information security system quality assessment methodology based on the intelligent tools. The basis of the methodology is the information security assessment model in the information system through the neural network. The paper presents the security assessment model, its algorithm. The methodology practical implementation results in the form of the software flow diagram are represented. The practical significance of the model being developed is noted in conclusions.

46 CFR 503.53 - Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-10-01

... FEDERAL MARITIME COMMISSION GENERAL AND ADMINISTRATIVE PROVISIONS PUBLIC INFORMATION Information Security... provisions of Executive Order 13526 and directives of the Information Security Oversight Office. The program... and complaints concerning the Commission's information security program; (d) Recommend appropriate...

46 CFR 503.53 - Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-10-01

... FEDERAL MARITIME COMMISSION GENERAL AND ADMINISTRATIVE PROVISIONS PUBLIC INFORMATION Information Security... provisions of Executive Order 12958 and directives of the Information Security Oversight Office. The program... and complaints concerning the Commission's information security program; (d) Recommend appropriate...

Dominion. A game exploring information exploitation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hobbs, Jacob Aaron

FlipIt is a game theoretic framework published in 2012[1] to investigate optimal strategies for managing security resources in response to Advanced Persistent Threats. It is a two-player game wherein a resource is controlled by exactly one player at any time. A player may move at any time to capture the resource, incurring a move cost, and is informed of the last time their opponent has moved only upon completing their move. Thus, moves may be wasted and takeover is considered \\stealthy", with regard to the other player. The game is played for an unlimited period of time, and the goalmore » of each player is to maximize the amount of time they are in control of the resource minus their total move cost, normalized by the current length of play. Marten Van Dijk and others[1] provided an analysis of various player strategies and proved optimal results for certain subclasses of players. We extend their work by providing a reformulation of the original game, wherein the optimal player strategies can be solved exactly, rather than only for certain subclasses. We call this reformulation Dominion, and place it within a broader framework of stealthy move games. We de ne Dominion to occur over a nite time scale (from 0 to 1), and give each player a certain number of moves to make within the time frame. Their expected score in this new scenario is the expected amount of time they have control, and the point of the game is to dominate as much of the unit interval as possible. We show how Dominion can be treated as a two player, simultaneous, constant sum, unit square game, where the gradient of the bene t curves for the players are linear and possibly discontinuous. We derive Nash equilibria for a basic version of Dominion, and then further explore the roles of information asymmetry in its variants. We extend these results to FlipIt and other cyber security applications.« less

Security Management Strategies for Protecting Your Library's Network.

ERIC Educational Resources Information Center

Ives, David J.

1996-01-01

Presents security procedures for protecting a library's computer system from potential threats by patrons or personnel, and describes how security can be breached. A sidebar identifies four areas of concern in security management: the hardware, the operating system, the network, and the user interface. A selected bibliography of sources on…

Security: Progress and Challenges

ERIC Educational Resources Information Center

Luker, Mark A.

2004-01-01

The Homepage column in the March/April 2003 issue of "EDUCAUSE Review" explained the national implication of security vulnerabilities in higher education and the role of the EDUCAUSE/Internet2 Computer and Network Security Task Force in representing the higher education sector in the development of the National Strategy to Secure Cyberspace. Among…

75 FR 75207 - Regulation SBSR-Reporting and Dissemination of Security-Based Swap Information

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-02

...In accordance with Section 763 (``Section 763'') and Section 766 (``Section 766'') of Title VII (``Title VII'') of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the ``Dodd-Frank Act''), the Securities and Exchange Commission (``SEC'' or ``Commission'') is proposing Regulation SBSR--Reporting and Dissemination of Security-Based Swap Information (``Regulation SBSR'') under the Securities Exchange Act of 1934 (``Exchange Act'').\\1\\ Proposed Regulation SBSR would provide for the reporting of security- based swap information to registered security-based swap data repositories or the Commission and the public dissemination of security-based swap transaction, volume, and pricing information. Registered security-based swap data repositories would be required to establish and maintain certain policies and procedures regarding how transaction data are reported and disseminated, and participants of registered security-based swap data repositories that are security- based swap dealers or major security-based swap participants would be required to establish and maintain policies and procedures that are reasonably designed to ensure that they comply with applicable reporting obligations. Finally, proposed Regulation SBSR also would require a registered SDR to register with the Commission as a securities information processor on existing Form SIP. ---------------------------------------------------------------------------

Rx for low cash yields.

PubMed

Tobe, Chris

2003-10-01

Certain strategies can offer not-for-profit hospitals potentially greater investment yields while maintaining stability and principal safety. Treasury inflation-indexed securities can offer good returns, low volatility, and inflation protection. "Enhanced cash" strategies offer liquidity and help to preserve capital. Stable value "wrappers" allow hospitals to pursue higher-yielding fixed-income securities without an increase in volatility.

Infants and Toddlers: Soothing and Comforting Babies

ERIC Educational Resources Information Center

Honig, Alice Sterling

2004-01-01

Babies thrive on security. In early months, secure feelings stem from being warm, cuddled closely, and comfortable in their tummies (and in having clean bottoms!). In this article, the author discusses how to soothe infants and toddlers. The strategies to help ease babies' distress are described. Some of the recommended strategies include: (1) to…

A Security Audit Framework to Manage Information System Security

NASA Astrophysics Data System (ADS)

Pereira, Teresa; Santos, Henrique

The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

75 FR 45152 - National Security Division: Agency Information Collection Activities: Proposed Collection...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-02

... DEPARTMENT OF JUSTICE [OMB Number 1124-0004] National Security Division: Agency Information...), National Security Division (NSD), will be submitting the following information collection request to the... write to U.S. Department of Justice, 10th & Constitution Avenue, NW., National Security Division...

6 CFR 7.25 - Identification and markings.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Identification and markings. 7.25 Section 7.25 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION Classified Information § 7.25 Identification and markings. (a) Classified information must be...

77 FR 42752 - New Agency Information Collection Activity Under OMB Review: Generic Clearance for the Collection...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-20

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration New Agency Information... Service Delivery AGENCY: Transportation Security Administration, DHS. ACTION: 30-day Notice. SUMMARY: This notice announces that the Transportation Security Administration (TSA) has forwarded the new Information...

49 CFR 1572.9 - Applicant information required for HME security threat assessment.

Code of Federal Regulations, 2011 CFR

2011-10-01

... threat assessment. 1572.9 Section 1572.9 Transportation Other Regulations Relating to Transportation... TRANSPORTATION SECURITY CREDENTIALING AND SECURITY THREAT ASSESSMENTS Procedures and General Standards § 1572.9 Applicant information required for HME security threat assessment. An applicant must supply the information...

75 FR 29567 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security Customer...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-26

... Information Collection Activity Under OMB Review: Aviation Security Customer Satisfaction Performance... surveying travelers to measure customer satisfaction of aviation security in an effort to more efficiently.... Information Collection Requirement OMB Control Number 1652-0013; Aviation Security Customer Satisfaction...

6 CFR 5.7 - Classified information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Classified information. 5.7 Section 5.7 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Freedom of Information Act § 5.7 Classified information. In processing a request for information that is...

6 CFR 7.23 - Emergency release of classified information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Emergency release of classified information. 7... NATIONAL SECURITY INFORMATION Classified Information § 7.23 Emergency release of classified information. (a... notify the DHS Chief Security Officer and the originating agency of the information disclosed. A copy of...

Codimension-Two Bifurcation, Chaos and Control in a Discrete-Time Information Diffusion Model

NASA Astrophysics Data System (ADS)

Ren, Jingli; Yu, Liping

2016-12-01

In this paper, we present a discrete model to illustrate how two pieces of information interact with online social networks and investigate the dynamics of discrete-time information diffusion model in three types: reverse type, intervention type and mutualistic type. It is found that the model has orbits with period 2, 4, 6, 8, 12, 16, 20, 30, quasiperiodic orbit, and undergoes heteroclinic bifurcation near 1:2 point, a homoclinic structure near 1:3 resonance point and an invariant cycle bifurcated by period 4 orbit near 1:4 resonance point. Moreover, in order to regulate information diffusion process and information security, we give two control strategies, the hybrid control method and the feedback controller of polynomial functions, to control chaos, flip bifurcation, 1:2, 1:3 and 1:4 resonances, respectively, in the two-dimensional discrete system.

5 CFR 2500.11 - Implementation and review.

Code of Federal Regulations, 2011 CFR

2011-01-01

... INFORMATION SECURITY REGULATION § 2500.11 Implementation and review. The Information Security Oversight... information security program. The chairperson shall also be responsible for conducting an active oversight...

5 CFR 2500.11 - Implementation and review.

Code of Federal Regulations, 2010 CFR

2010-01-01

... INFORMATION SECURITY REGULATION § 2500.11 Implementation and review. The Information Security Oversight... information security program. The chairperson shall also be responsible for conducting an active oversight...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

Video calls from lay bystanders to dispatch centers - risk assessment of information security.

PubMed

Bolle, Stein R; Hasvold, Per; Henriksen, Eva

2011-09-30

Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

Video calls from lay bystanders to dispatch centers - risk assessment of information security

PubMed Central

2011-01-01

Background Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Methods Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Results Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Conclusions Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers. PMID:21958387

Securing the Internet frontier.

PubMed

Morrissey, J

1996-10-21

Just as in the Wild West, security strategies are being mobilized for the untamed Internet frontier. Technology developed by settlers from the banking and merchandising industries is being retooled for healthcare, where security-conscious industries see a big market opportunity.

Communication security in open health care networks.

PubMed

Blobel, B; Pharow, P; Engel, K; Spiegel, V; Krohn, R

1999-01-01

Fulfilling the shared care paradigm, health care networks providing open systems' interoperability in health care are needed. Such communicating and co-operating health information systems, dealing with sensitive personal medical information across organisational, regional, national or even international boundaries, require appropriate security solutions. Based on the generic security model, within the European MEDSEC project an open approach for secure EDI like HL7, EDIFACT, XDT or XML has been developed. The consideration includes both securing the message in an unsecure network and the transport of the unprotected information via secure channels (SSL, TLS etc.). Regarding EDI, an open and widely usable security solution has been specified and practically implemented for the examples of secure mailing and secure file transfer (FTP) via wrapping the sensitive information expressed by the corresponding protocols. The results are currently prepared for standardisation.

A Cooperative Model for IS Security Risk Management in Distributed Environment

PubMed Central

Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively. PMID:24563626

DNA-Cryptography-Based Obfuscated Systolic Finite Field Multiplier for Secure Cryptosystem in Smart Grid

NASA Astrophysics Data System (ADS)

Chen, Shaobo; Chen, Pingxiuqi; Shao, Qiliang; Basha Shaik, Nazeem; Xie, Jiafeng

2017-05-01

The elliptic curve cryptography (ECC) provides much stronger security per bits compared to the traditional cryptosystem, and hence it is an ideal role in secure communication in smart grid. On the other side, secure implementation of finite field multiplication over GF(2 m ) is considered as the bottle neck of ECC. In this paper, we present a novel obfuscation strategy for secure implementation of systolic field multiplier for ECC in smart grid. First, for the first time, we propose a novel obfuscation technique to derive a novel obfuscated systolic finite field multiplier for ECC implementation. Then, we employ the DNA cryptography coding strategy to obfuscate the field multiplier further. Finally, we obtain the area-time-power complexity of the proposed field multiplier to confirm the efficiency of the proposed design. The proposed design is highly obfuscated with low overhead, suitable for secure cryptosystem in smart grid.

Security Strategy of the Bureau of Diplomatic Security.

DTIC Science & Technology

2011-06-10

Williams, M.A. , Member John A. Dyson, MBA , Member Gregory Scott Hospodor, Ph.D Accepted this 10th day of June 2011 by...ACRONYMS AAR After Action Review ASOS Advance Security Overseas Seminar ATA Antiterrorism Assistance Program BRSO Regional Security Officer Course ...BSAC Basic Special Agent Course DS Bureau of Diplomatic Security FACT Foreign Affairs Counter Threat FAH Foreign Affairs Handbook FAM Foreign

Matching food security analysis to context: the experience of the Somalia food security assessment unit.

PubMed

Hemrich, Günter

2005-06-01

This case study reviews the experience of the Somalia Food Security Assessment Unit (FSAU) of operating a food security information system in the context of a complex emergency. In particular, it explores the linkages between selected features of the protracted crisis environment in Somalia and conceptual and operational aspects of food security information work. The paper specifically examines the implications of context characteristics for the establishment and operations of the FSAU field monitoring component and for the interface with information users and their diverse information needs. It also analyses the scope for linking food security and nutrition analysis and looks at the role of conflict and gender analysis in food security assessment work. Background data on the food security situation in Somalia and an overview of some key features of the FSAU set the scene for the case study. The paper is targeted at those involved in designing, operating and funding food security information activities.

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

PubMed

Bernik, Igor; Prislan, Kaja

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

Information security requirements in patient-centred healthcare support systems.

PubMed

Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

2013-01-01

Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

32 CFR 1633.5 - Securing information.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Securing information. 1633.5 Section 1633.5... CLASSIFICATION § 1633.5 Securing information. The classifying authority is authorized to request and receive information whenever such information will assist in determining the proper classification of a registrant. ...

Information security risk management for computerized health information systems in hospitals: a case study of Iran.

PubMed

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

Children's perceptions of emotion regulation strategy effectiveness: links with attachment security.

PubMed

Waters, Sara F; Thompson, Ross A

2016-08-01

Six- and nine-year-old children (N = 97) heard illustrated stories evoking anger in a story character and provided evaluations of the effectiveness of eight anger regulation strategies. Half the stories involved the child's mother as social partner and the other half involved a peer. Attachment security was assessed via the Security Scale. Children reported greater effectiveness for seeking support from adults and peers in the peer context than the mother context, but perceived venting as more effective with mothers. Children with higher security scores were more likely to endorse problem solving and less likely to endorse aggression in both social contexts than those with lower security scores. Early evidence for gender differences was found in that boys endorsed the effectiveness of distraction while girls endorsed venting their emotion.

6 CFR 7.13 - Judicial proceedings.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Judicial proceedings. 7.13 Section 7.13 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION... classified information (see 6 CFR 5.41 through 5.49), required to submit classified information for official...

A Unified Approach to Information Security Compliance

ERIC Educational Resources Information Center

Adler, M. Peter

2006-01-01

The increased number of government-mandated and private contractual information security requirements in recent years has caused higher education security professionals to view information security as another aspect of regulatory or contractual compliance. The existence of fines, penalties, or loss (including bad publicity) has also increased the…

Effect of Organizational Factors on Information Security Implementations

ERIC Educational Resources Information Center

Perez, Rafael G.

2013-01-01

The purpose of this quantitative inferential study is to determine the level of correlation between the organizational factors of information security awareness, balanced security processes, and organizational structure with the size of the estimation gap of information security implementations mediated by the end user intentionality. The study…

75 FR 21012 - Extension of Agency Information Collection Activity Under OMB Review: Highway Corporate Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-22

... Information Collection Activity Under OMB Review: Highway Corporate Security Review (CSR) AGENCY... in the highway and motor carrier industry by way of its Highway Corporate Security Review Program... comments. Information Collection Requirement Title: Corporate Security Review (CSR). Type of Request...

36 CFR 1260.20 - Who is responsible for the declassification of classified national security Executive Branch...

Code of Federal Regulations, 2010 CFR

2010-07-01

... declassification of classified national security Executive Branch information that has been accessioned by NARA... ADMINISTRATION DECLASSIFICATION DECLASSIFICATION OF NATIONAL SECURITY INFORMATION Responsibilities § 1260.20 Who is responsible for the declassification of classified national security Executive Branch information...

44 CFR 8.4 - Mandatory declassification review procedures.

Code of Federal Regulations, 2010 CFR

2010-10-01

... AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.4 Mandatory... information is inadequate, the Office of Security shall notify him or her that no further action will be taken...) to the Security Division. Information no longer requiring protection under E.O. 12356 shall be...

Information Security: A Scientometric Study of the Profile, Structure, and Dynamics of an Emerging Scholarly Specialty

ERIC Educational Resources Information Center

Olijnyk, Nicholas Victor

2014-01-01

The central aim of the current research is to explore and describe the profile, dynamics, and structure of the information security specialty. This study's objectives are guided by four research questions: 1. What are the salient features of information security as a specialty? 2. How has the information security specialty emerged and evolved from…

Implementing healthcare information security: standards can help.

PubMed

Orel, Andrej; Bernik, Igor

2013-01-01

Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

28 CFR 17.1 - Purpose.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Administration DEPARTMENT OF JUSTICE CLASSIFIED NATIONAL SECURITY INFORMATION AND ACCESS TO CLASSIFIED... Comp., p. 391) and implementing directives from the Information Security Oversight Office of the... Security Information and the criteria for access to this information. Accordingly, this part is a revision...

48 CFR 339.7100 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7100 Definitions. As... with OMB Circular A-130, Management of Federal Information Resources, Appendix 3 (Security of Federal Automated Information Resources), security commensurate with the risk and magnitude of harm resulting from...

48 CFR 1804.470-2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... ADMINISTRATIVE MATTERS Safeguarding Classified Information Within Industry 1804.470-2 Policy. NASA IT security...) 2810, Security of Information Technology; NASA Procedural Requirements (NPR) 2810, Security of Information Technology; and interim policy updates in the form of NASA Information Technology Requirements...

28 CFR 17.1 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Administration DEPARTMENT OF JUSTICE CLASSIFIED NATIONAL SECURITY INFORMATION AND ACCESS TO CLASSIFIED... Comp., p. 391) and implementing directives from the Information Security Oversight Office of the... Security Information and the criteria for access to this information. Accordingly, this part is a revision...

Analyzing Cases of Resilience Success and Failure - A Research Study

DTIC Science & Technology

2012-12-01

controls [NIST 2012, NIST 2008] ISO 27002 and ISO 27004 Guidelines for initiating, implementing, maintaining, and improving information security...Commission ( ISO /IEC). Information technology—Security techniques—Code of practice for information security management ( ISO /IEC 27002 :2005). ISO /IEC, 2005...security management system and controls or groups of controls [ ISO /IEC 2005, ISO /IEC 2009] CIS Security Metrics Outcome and practice metrics measuring

5 CFR 1312.12 - Security Program Review Committee.

Code of Federal Regulations, 2011 CFR

2011-01-01

... CLASSIFICATION, DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Classification and Declassification of National Security Information § 1312.12 Security Program Review Committee. The... 5 Administrative Personnel 3 2011-01-01 2011-01-01 false Security Program Review Committee. 1312...

5 CFR 1312.12 - Security Program Review Committee.

Code of Federal Regulations, 2010 CFR

2010-01-01

... CLASSIFICATION, DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Classification and Declassification of National Security Information § 1312.12 Security Program Review Committee. The... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Security Program Review Committee. 1312...

49 CFR 1520.5 - Sensitive security information.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Sensitive security information. 1520.5 Section 1520.5 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF...

Integrating Fingerprint Verification into the Smart Card-Based Healthcare Information System

NASA Astrophysics Data System (ADS)

Moon, Daesung; Chung, Yongwha; Pan, Sung Bum; Park, Jin-Won

2009-12-01

As VLSI technology has been improved, a smart card employing 32-bit processors has been released, and more personal information such as medical, financial data can be stored in the card. Thus, it becomes important to protect personal information stored in the card. Verification of the card holder's identity using a fingerprint has advantages over the present practices of Personal Identification Numbers (PINs) and passwords. However, the computational workload of fingerprint verification is much heavier than that of the typical PIN-based solution. In this paper, we consider three strategies to implement fingerprint verification in a smart card environment and how to distribute the modules of fingerprint verification between the smart card and the card reader. We first evaluate the number of instructions of each step of a typical fingerprint verification algorithm, and estimate the execution time of several cryptographic algorithms to guarantee the security/privacy of the fingerprint data transmitted in the smart card with the client-server environment. Based on the evaluation results, we analyze each scenario with respect to the security level and the real-time execution requirements in order to implement fingerprint verification in the smart card with the client-server environment.

14 CFR 11.35 - Does FAA include sensitive security information and proprietary information in the Federal Docket...

Code of Federal Regulations, 2010 CFR

2010-01-01

... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...

14 CFR 11.35 - Does FAA include sensitive security information and proprietary information in the Federal Docket...

Code of Federal Regulations, 2014 CFR

2014-01-01

... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...

14 CFR 11.35 - Does FAA include sensitive security information and proprietary information in the Federal Docket...

Code of Federal Regulations, 2012 CFR

2012-01-01

... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...