32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

PubMed

Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

2000-05-01

The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and... information contained in those systems. Each system's level of security shall protect the integrity...

A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

ERIC Educational Resources Information Center

Waddell, Stanie Adolphus

2013-01-01

Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

An Integrative Behavioral Model of Information Security Policy Compliance

PubMed Central

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized. PMID:24971373

An integrative behavioral model of information security policy compliance.

PubMed

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized.

Expanding Protection Motivation Theory: The Role of Individual Experience in Information Security Policy Compliance

ERIC Educational Resources Information Center

Mutchler, Leigh Ann

2012-01-01

The purpose of the present study is to make contributions to the area of behavioral information security in the field of Information Systems and to assist in the improved development of Information Security Policy instructional programs to increase the policy compliance of individuals. The role of an individual's experience in the context of…

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

Homeland Security and Information.

ERIC Educational Resources Information Center

Relyea, Harold C.

2002-01-01

Reviews the development of two similar policy concepts, national security and internal security, before exploring the new phrase homeland security that has become popular since the September 11 terrorist attacks. Discusses the significance of each for information policy and practice. (Author/LRW)

29 CFR 14.2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Labor SECURITY REGULATIONS Introduction to Security Regulations § 14.2 Policy. The interests of the...) Safeguarding national security information. Some official information within the Federal Government is directly..., therefore, be subject to security constraints, and limited in term of its distribution. (b) Exemption from...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

12 CFR 403.1 - General policies and definitions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... information requires, in the interest of national security, protection against unauthorized disclosure... SAFEGUARDING OF NATIONAL SECURITY INFORMATION § 403.1 General policies and definitions. (a) This regulation of..., declassification, and safeguarding of national security information and material of the United States. This...

78 FR 64024 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office [NARA-2014-001] National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and... submitted to the Information Security Oversight Office (ISOO) no later than Friday, November 8, 2013. ISOO...

78 FR 38077 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office [NARA-13-0030] National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and... submitted to the Information Security Oversight Office (ISOO) no later than Friday, July 12, 2013. ISOO will...

32 CFR 2700.11 - Basic policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... government information with the need to protect certain national security information from disclosure, these... Defense Other Regulations Relating to National Defense OFFICE FOR MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Original Classification § 2700.11 Basic policy. (a) General. It is the policy of OMSN...

50 CFR 540.1 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 50 Wildlife and Fisheries 9 2011-10-01 2011-10-01 false Policy. 540.1 Section 540.1 Wildlife and Fisheries MARINE MAMMAL COMMISSION INFORMATION SECURITY § 540.1 Policy. It is the policy of the Marine... security information. [44 FR 55381, Sept. 26, 1979] ...

50 CFR 540.1 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 50 Wildlife and Fisheries 7 2010-10-01 2010-10-01 false Policy. 540.1 Section 540.1 Wildlife and Fisheries MARINE MAMMAL COMMISSION INFORMATION SECURITY § 540.1 Policy. It is the policy of the Marine... security information. [44 FR 55381, Sept. 26, 1979] ...

77 FR 63893 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-17

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... meeting to discuss National Industrial Security Program policy matters. DATES: The meeting will be held on...

78 FR 9431 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-08

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... meeting to discuss National Industrial Security Program policy matters. DATES: The meeting will be held on...

48 CFR 3004.470-2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... unclassified information. MD 4300.1, entitled Information Technology Systems Security, and the DHS Sensitive Systems Handbook, prescribe the policies and procedures on security for Information Technology resources... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive Information...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

77 FR 12623 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National... Information Security Oversight Office no later than Friday, March 16, 2012. The Information Security Oversight... FURTHER INFORMATION CONTACT: David O. Best, Senior Program Analyst, The Information Security Oversight...

76 FR 8753 - Final Information Quality Guidelines Policy

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-15

... DEPARTMENT OF HOMELAND SECURITY Final Information Quality Guidelines Policy AGENCY: Department of Homeland Security. ACTION: Notice and request for public comment on Final Information Quality Guidelines. SUMMARY: These guidelines should be used to ensure and maximize the quality of disseminated information...

48 CFR 1804.470-2 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 1804.470-2 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND SPACE ADMINISTRATION GENERAL...) 2810, Security of Information Technology; NASA Procedural Requirements (NPR) 2810, Security of Information Technology; and interim policy updates in the form of NASA Information Technology Requirements...

48 CFR 1804.470-2 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 1804.470-2 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND SPACE ADMINISTRATION GENERAL...) 2810, Security of Information Technology; NASA Procedural Requirements (NPR) 2810, Security of Information Technology; and interim policy updates in the form of NASA Information Technology Requirements...

14 CFR 1203.600 - Policy.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM Declassification and Downgrading § 1203.600 Policy. Information shall be declassified or downgraded as soon as national security considerations permit. NASA reviews of classified information shall be coordinated with...

14 CFR 1203.600 - Policy.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM Declassification and Downgrading § 1203.600 Policy. Information shall be declassified or downgraded as soon as national security considerations permit. NASA reviews of classified information shall be coordinated with...

49 CFR 806.2 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-10-01

... SECURITY INFORMATION POLICY AND GUIDELINES, IMPLEMENTING REGULATIONS § 806.2 Applicability. This rule supplements Executive Order 12065 within the Board with regard to national security information. It establishes general policies and certain procedures for the classification and declassification of information...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

29 CFR 14.2 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 29 Labor 1 2011-07-01 2011-07-01 false Policy. 14.2 Section 14.2 Labor Office of the Secretary of Labor SECURITY REGULATIONS Introduction to Security Regulations § 14.2 Policy. The interests of the... Information Act (5 U.S.C. 552) and in the current public information policies of the executive branch. (a...

29 CFR 14.2 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 29 Labor 1 2012-07-01 2012-07-01 false Policy. 14.2 Section 14.2 Labor Office of the Secretary of Labor SECURITY REGULATIONS Introduction to Security Regulations § 14.2 Policy. The interests of the... Information Act (5 U.S.C. 552) and in the current public information policies of the executive branch. (a...

29 CFR 14.2 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 29 Labor 1 2014-07-01 2013-07-01 true Policy. 14.2 Section 14.2 Labor Office of the Secretary of Labor SECURITY REGULATIONS Introduction to Security Regulations § 14.2 Policy. The interests of the... Information Act (5 U.S.C. 552) and in the current public information policies of the executive branch. (a...

A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

ERIC Educational Resources Information Center

Francois, Michael T.

2016-01-01

Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

Graphs for information security control in software defined networks

NASA Astrophysics Data System (ADS)

Grusho, Alexander A.; Abaev, Pavel O.; Shorgin, Sergey Ya.; Timonina, Elena E.

2017-07-01

Information security control in software defined networks (SDN) is connected with execution of the security policy rules regulating information accesses and protection against distribution of the malicious code and harmful influences. The paper offers a representation of a security policy in the form of hierarchical structure which in case of distribution of resources for the solution of tasks defines graphs of admissible interactions in a networks. These graphs define commutation tables of switches via the SDN controller.

National Security and Information Technology: The New Regulatory Option?

ERIC Educational Resources Information Center

Irwin, Manley R.

1987-01-01

Summarizes recent developments in information technology research and development, telecommunication services, telephone manufacturing, telecommunication networks, information processing, and U.S. import/export policy. It is concluded that government regulation as a policy strategy depends on how one defines national security. (Author/CLB)

75 FR 33811 - Office of the National Coordinator for Health Information Technology; HIT Policy Committee's...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-15

... DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of the National Coordinator for Health Information Technology; HIT Policy Committee's Privacy & Security Tiger Team Meeting; Notice of Meeting AGENCY: Office of... of Committee: HIT Policy Committee's Privacy & Security Tiger Team. General Function of the Committee...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

Is Seeing Believing? Training Users on Information Security: Evidence from Java Applets

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Figueroa, Norilyz

2017-01-01

Information Security issues are one of the top concerns of CEOs. Accordingly, information systems education and research have addressed security issues. One of the main areas of research is the behavioral issues in Information Security, primarily focusing on users' compliance to information security policies. We contribute to this literature by…

Information security risk management for computerized health information systems in hospitals: a case study of Iran.

PubMed

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

46 CFR 503.56 - General declassification and downgrading policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... INFORMATION Information Security Program § 503.56 General declassification and downgrading policy. (a) The... Order 12958, only over that information originally classified by the Commission under previous Executive... Commission Security Officer, and such others as the Chairman may designate. Commission personnel may not...

Verification of Security Policy Enforcement in Enterprise Systems

NASA Astrophysics Data System (ADS)

Gupta, Puneet; Stoller, Scott D.

Many security requirements for enterprise systems can be expressed in a natural way as high-level access control policies. A high-level policy may refer to abstract information resources, independent of where the information is stored; it controls both direct and indirect accesses to the information; it may refer to the context of a request, i.e., the request’s path through the system; and its enforcement point and enforcement mechanism may be unspecified. Enforcement of a high-level policy may depend on the system architecture and the configurations of a variety of security mechanisms, such as firewalls, host login permissions, file permissions, DBMS access control, and application-specific security mechanisms. This paper presents a framework in which all of these can be conveniently and formally expressed, a method to verify that a high-level policy is enforced, and an algorithm to determine a trusted computing base for each resource.

Toward a Theory of Employee Compliance with Information Security Policies: A Grounded Theory Methodology

ERIC Educational Resources Information Center

Sikolia, David Wafula

2013-01-01

User non-compliance with information security policies in organizations due to negligence or ignorance is reported as a key data security problem for organizations. The violation of the confidentiality, integrity and availability of organizational data has led to losses in millions of dollars for organizations in terms of money and time spent…

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 1 2011-07-01 2011-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

Information security risk management for computerized health information systems in hospitals: a case study of Iran

PubMed Central

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

EMRlog method for computer security for electronic medical records with logic and data mining.

PubMed

Martínez Monterrubio, Sergio Mauricio; Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system.

EMRlog Method for Computer Security for Electronic Medical Records with Logic and Data Mining

PubMed Central

Frausto Solis, Juan; Monroy Borja, Raúl

2015-01-01

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system. PMID:26495300

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2012 CFR

2012-10-01

...)(i) Standard: Security management process. Implement policies and procedures to prevent, detect... this subpart for the entity. (3)(i) Standard: Workforce security. Implement policies and procedures to...) Standard: Information access management. Implement policies and procedures for authorizing access to...

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2011 CFR

2011-10-01

...)(i) Standard: Security management process. Implement policies and procedures to prevent, detect... this subpart for the entity. (3)(i) Standard: Workforce security. Implement policies and procedures to...) Standard: Information access management. Implement policies and procedures for authorizing access to...

Online Patron Records and Privacy: Service vs. Security.

ERIC Educational Resources Information Center

Fouty, Kathleen G.

1993-01-01

Examines issues regarding the privacy of information contained in patron databases that have resulted from online circulation systems. Topics discussed include library policies to protect information in patron records; ensuring compliance with policies; limiting the data collected; security authorizations; and creating and modifying patron…

49 CFR 806.1 - General policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... SECURITY INFORMATION POLICY AND GUIDELINES, IMPLEMENTING REGULATIONS § 806.1 General policy. (a) The interests of the United States and its citizens are best served by making information regarding the affairs... the Freedom of Information Act and in the current public information policies of the executive branch...

77 FR 76076 - Information Security Oversight Office; State, Local, Tribal, and Private Sector Policy Advisory...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-26

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; State, Local, Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC) AGENCY: National Archives and Records....m. to 12:00 noon. ADDRESSES: National Archives and Records Administration, 700 Pennsylvania Avenue...

Cost-Benefit Analysis of Confidentiality Policies for Advanced Knowledge Management Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

May, D

Knowledge Discovery (KD) processes can create new information within a Knowledge Management (KM) system. In many domains, including government, this new information must be secured against unauthorized disclosure. Applying an appropriate confidentiality policy achieves this. However, it is not evident which confidentiality policy to apply, especially when the goals of sharing and disseminating knowledge have to be balanced with the requirements to secure knowledge. This work proposes to solve this problem by developing a cost-benefit analysis technique for examining the tradeoffs between securing and sharing discovered knowledge.

17 CFR 202.9 - Small entity enforcement penalty reduction policy.

Code of Federal Regulations, 2010 CFR

2010-04-01

... penalty reduction policy. 202.9 Section 202.9 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION INFORMAL AND OTHER PROCEDURES § 202.9 Small entity enforcement penalty reduction policy. The Commission's policy with respect to whether to reduce or assess civil money penalties against a small entity...

76 FR 63811 - Structural Reforms To Improve the Security of Classified Networks and the Responsible Sharing and...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-13

... Structural Reforms To Improve the Security of Classified Networks and the Responsible Sharing and... classified national security information (classified information) on computer networks, it is hereby ordered as follows: Section 1. Policy. Our Nation's security requires classified information to be shared...

Semantic policy and adversarial modeling for cyber threat identification and avoidance

NASA Astrophysics Data System (ADS)

DeFrancesco, Anton; McQueary, Bruce

2009-05-01

Today's enterprise networks undergo a relentless barrage of attacks from foreign and domestic adversaries. These attacks may be perpetrated with little to no funding, but may wreck incalculable damage upon the enterprises security, network infrastructure, and services. As more services come online, systems that were once in isolation now provide information that may be combined dynamically with information from other systems to create new meaning on the fly. Security issues are compounded by the potential to aggregate individual pieces of information and infer knowledge at a higher classification than any of its constituent parts. To help alleviate these challenges, in this paper we introduce the notion of semantic policy and discuss how it's use is evolving from a robust approach to access control to preempting and combating attacks in the cyber domain, The introduction of semantic policy and adversarial modeling to network security aims to ask 'where is the network most vulnerable', 'how is the network being attacked', and 'why is the network being attacked'. The first aspect of our approach is integration of semantic policy into enterprise security to augment traditional network security with an overall awareness of policy access and violations. This awareness allows the semantic policy to look at the big picture - analyzing trends and identifying critical relations in system wide data access. The second aspect of our approach is to couple adversarial modeling with semantic policy to move beyond reactive security measures and into a proactive identification of system weaknesses and areas of vulnerability. By utilizing Bayesian-based methodologies, the enterprise wide meaning of data and semantic policy is applied to probability and high-level risk identification. This risk identification will help mitigate potential harm to enterprise networks by enabling resources to proactively isolate, lock-down, and secure systems that are most vulnerable.

48 CFR 3042.1502 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Performance Information 3042.1502 Policy. (a) Components shall use the Contractor Performance System (CPS) for... 48 Federal Acquisition Regulations System 7 2010-10-01 2010-10-01 false Policy. 3042.1502 Section 3042.1502 Federal Acquisition Regulations System DEPARTMENT OF HOMELAND SECURITY, HOMELAND SECURITY...

Welfare, Liberty, and Security for All? U.S. Sex Education Policy and the 1996 Title V Section 510 of the Social Security Act.

PubMed

Lerner, Justin E; Hawkins, Robert L

2016-07-01

When adolescents delay (meaning they wait until after middle school) engaging in sexual intercourse, they use condoms at higher rates and have fewer sexual partners than those who have sex earlier, thus resulting in a lower risk for unintended pregnancies and sexually transmitted infections. The 1996 Section 510 of Title V of the Social Security Act (often referred to as A-H) is a policy that promotes abstinence-only-until-marriage education (AOE) within public schools. Using Stone's (2012) policy analysis framework, this article explores how A-H limits welfare, liberty, and security among adolescents due to the poor empirical outcomes of AOE policy. We recommend incorporating theory-informed comprehensive sex education in addition to theory-informed abstinence education that utilizes Fishbein and Ajzen's (2010) reasoned action model within schools in order to begin to address adolescent welfare, liberty, and security.

75 FR 69688 - Agency Information Collection Activities: Regulation on Agency Protests

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-15

... Protests AGENCY: Office of Chief Procurement Officer, Acquisition Policy and Legislation Office, DHS... Department of Homeland Security, Office of Chief Procurement Officer, Acquisition Policy and Legislation..., Acquisition Policy and Legislation Office, DHS Attn.: Camara Francis, Department of Homeland Security, Office...

75 FR 75207 - Regulation SBSR-Reporting and Dissemination of Security-Based Swap Information

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-02

...In accordance with Section 763 (``Section 763'') and Section 766 (``Section 766'') of Title VII (``Title VII'') of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the ``Dodd-Frank Act''), the Securities and Exchange Commission (``SEC'' or ``Commission'') is proposing Regulation SBSR--Reporting and Dissemination of Security-Based Swap Information (``Regulation SBSR'') under the Securities Exchange Act of 1934 (``Exchange Act'').\\1\\ Proposed Regulation SBSR would provide for the reporting of security- based swap information to registered security-based swap data repositories or the Commission and the public dissemination of security-based swap transaction, volume, and pricing information. Registered security-based swap data repositories would be required to establish and maintain certain policies and procedures regarding how transaction data are reported and disseminated, and participants of registered security-based swap data repositories that are security- based swap dealers or major security-based swap participants would be required to establish and maintain policies and procedures that are reasonably designed to ensure that they comply with applicable reporting obligations. Finally, proposed Regulation SBSR also would require a registered SDR to register with the Commission as a securities information processor on existing Form SIP. ---------------------------------------------------------------------------

Policy revision in health enterprise information security: P3WG final report

NASA Astrophysics Data System (ADS)

Sostrom, Kristen; Collmann, Jeff R.

2003-05-01

Health information management policies usually address the use of paper records with little or no mention of electronic health records. Information Technology (IT) policies often ignore the health care business needs and operational use of the information stored in its systems. Representatives from the Telemedicine & Advanced Technology Research Center (TATRC), TRICARE and Offices of the Surgeon General of each Military Service, collectively referred to as the Policies, Procedures and Practices Work Group (P3WG) examined military policies and regulations relating to computer-based information systems and medical records management. Using an interdisciplinary and interservice QA approach they compared existing military policies with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to identify gaps and discrepancies. The final report, including a plain English explanation of the individual standards and relevance to the Department of Defense (DoD), a comparative analysis and recommendations, will feed in to the security management process and HIPAA implementation efforts at multiple levels within the DoD. In light of High Reliability Theory, this process models how large enterprises may coordinate policy revision and reform across broad organizational and work domains, building consensus on key policy reforms among military stakeholders across different disciplines, levels of command hierarchy and services.

75 FR 881 - Meeting of Advisory Committee on International Communications and Information Policy

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-06

... development issues, international spectrum requirements and harmonization, cyber-security, and data protection... will discuss key issues of importance to U.S. communications policy interests including future... Bureau of Diplomatic Security to enhance the Department's security by tracking visitor traffic and to...

An Information Policy for the Information Age.

ERIC Educational Resources Information Center

Blake, Virgil; Surprenant, Thomas

1988-01-01

Discusses recent federal information policies that pose a threat to access to information. A short-lived policy for protection of sensitive but unclassified information is criticized, and the Computer Security Act of 1987, currently under consideration in Congress, is described. Involvement by the library and information community in developing…

Insider Threat and Information Security Management

NASA Astrophysics Data System (ADS)

Coles-Kemp, Lizzie; Theoharidou, Marianthi

The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.

32 CFR 2400.5 - Basic policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... basis for classifying information. The policy of the Office of Science and Technology Policy is to make...

32 CFR 2400.5 - Basic policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... basis for classifying information. The policy of the Office of Science and Technology Policy is to make...

32 CFR 2400.5 - Basic policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... basis for classifying information. The policy of the Office of Science and Technology Policy is to make...

32 CFR 2400.5 - Basic policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... basis for classifying information. The policy of the Office of Science and Technology Policy is to make...

32 CFR 2400.5 - Basic policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... basis for classifying information. The policy of the Office of Science and Technology Policy is to make...

Evaluating Factors of Security Policy on Information Security Effectiveness in Developing Nations: A Case of Nigeria

ERIC Educational Resources Information Center

Okolo, Nkiru Benjamin

2016-01-01

Information systems of today face more potential security infringement than ever before. The regular susceptibility of data to breaches is a function of systems users' disinclination to follow appropriate security measures. A well-secured system maintains integrity, confidentiality, and availability, while providing appropriate and consistent…

Using K-12 Lessons Learned about How to Balance Accessibility and Test Security to Inform Licensure, Credentialing, and Certification Exam Policies

ERIC Educational Resources Information Center

Lazarus, Sheryl S.; van den Heuvel, Jill R.; Thurlow, Martha L.

2017-01-01

This paper explores how to balance test security and accessibility on licensure, credentialing, and certification exams. It examines K-12 test security policies related to educational assessments across states to discover lessons learned about how to meet accessibility needs of individuals with disabilities while minimizing test security risks. It…

48 CFR 1804.470-2 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Policy. 1804.470-2 Section... ADMINISTRATIVE MATTERS Safeguarding Classified Information Within Industry 1804.470-2 Policy. NASA IT security policies and procedures for unclassified information and IT are prescribed in NASA Policy Directive (NPD...

48 CFR 1804.470-2 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Policy. 1804.470-2 Section... ADMINISTRATIVE MATTERS Safeguarding Classified Information Within Industry 1804.470-2 Policy. NASA IT security policies and procedures for unclassified information and IT are prescribed in NASA Policy Directive (NPD...

Access control based on attribute certificates for medical intranet applications.

PubMed

Mavridis, I; Georgiadis, C; Pangalos, G; Khair, M

2001-01-01

Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy.

Development of an Internet Security Policy for health care establishments.

PubMed

Ilioudis, C; Pangalos, G

2000-01-01

The Internet provides unprecedented opportunities for interaction and data sharing among health care providers, patients and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality and integrity of information. This paper defines the basic security requirements that must be addressed in order to use the Internet to safely transmit patient and/or other sensitive Health Care information. It describes a suitable Internet Security Policy for Health Care Establishments and provides the set of technical measures that are needed for its implementation. The proposed security policy and technical approaches have been based on an extensive study of the related recommendations from the security and standard groups both in EU amid USA and our related work and experience. The results have been utilized in the framework of the Intranet Health Clinic project, where the use of the Internet for the transmission of sensitive Health Care information is of vital importance.

Information Security Management (ISM)

NASA Astrophysics Data System (ADS)

Šalgovičová, Jarmila; Prajová, Vanessa

2012-12-01

Currently, all organizations have to tackle the issue of information security. The paper deals with various aspects of Information Security Management (ISM), including procedures, processes, organizational structures, policies and control processes. Introduction of Information Security Management should be a strategic decision. The concept and implementation of Information Security Management in an organization are determined by the corporate needs and objectives, security requirements, the processes deployed as well as the size and structure of the organization. The implementation of ISM should be carried out to the extent consistent with the needs of the organization.

Three Essays on Information Security Policies

ERIC Educational Resources Information Center

Yang, Yubao

2011-01-01

Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

Information Management and the Biological Warfare Threat

DTIC Science & Technology

2002-03-01

24 2. Scientific-Security Paradigm Interaction........................................ 25 3. Business - Security Paradigm...policies of openness and guardedness and discuss the three paradigms (scientific, business , security ) as a developing factor for information sharing...Trade Center. 3. Business - Security Paradigm Interaction Gene patenting (discussed previously) is utilized by business to protect their

Special Reports; Homeland Security and Information Management; The Development of Electronic Government in the United States: The Federal Policy Experience; Digital Rights Management: Why Libraries Should Be Major Players; The Current State and Future Promise of Portal Applications; Recruitment and Retention: A Professional Concern.

ERIC Educational Resources Information Center

Relyea, Harold C.; Halchin, L. Elaine; Hogue, Henry B.; Agnew, Grace; Martin, Mairead; Schottlaender, Brian E. C.; Jackson, Mary E.

2003-01-01

Theses five reports address five special issues: the effects of the September 11 attacks on information management, including homeland security, Web site information removal, scientific and technical information, and privacy concerns; federal policy for electronic government information; digital rights management and libraries; library Web portal…

Information Security - Data Loss Prevention Procedure

EPA Pesticide Factsheets

The purpose of this procedure is to extend and provide specificity to the Environmental Protection Agency (EPA) Information Security Policy regarding data loss prevention and digital rights management.

Federal Information Security and Data Breach Notification Laws

DTIC Science & Technology

2009-01-29

The following report describes information security and data breach notification requirements included in the Privacy Act, the Federal Information...information for unauthorized purposes. Data breach notification laws typically require covered entities to implement a breach notification policy, and...Feinstein), S. 495 (Leahy), and S. 1178 (Inouye)--were reported favorably out of Senate committees. Those bills include information security and data

Health Security and Risk Aversion.

PubMed

Herington, Jonathan

2016-09-01

Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy. © 2016 John Wiley & Sons Ltd.

A computer science approach to managing security in health care.

PubMed

Asirelli, P; Braccini, G; Caramella, D; Coco, A; Fabbrini, F

2002-09-01

The security of electronic medical information is very important for health care organisations, which have to ensure confidentiality, integrity and availability of the information provided. This paper will briefly outline the legal measures adopted by the European Community, Italy and the United States to regulate the use and disclosure of medical records. It will then go on to highlight how information technology can help to address these issues with special reference to the management of organisation policies. To this end, we will present a modelling example for the security policy of a radiological department.

75 FR 51609 - Classified National Security Information Program for State, Local, Tribal, and Private Sector...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-23

... within that agency. Sec. 2. Policy Direction. With policy guidance from the National Security Advisor and... of other agencies and representatives of SLTPS entities, as nominated by any Committee member and...

Overview of Computer Security Certification and Accreditation. Final Report.

ERIC Educational Resources Information Center

Ruthberg, Zella G.; Neugent, William

Primarily intended to familiarize ADP (automatic data processing) policy and information resource managers with the approach to computer security certification and accreditation found in "Guideline to Computer Security Certification and Accreditation," Federal Information Processing Standards Publications (FIPS-PUB) 102, this overview…

77 FR 10781 - Proposed Extension of Information Collection Request Submitted for Public Comment; Affordable...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-23

... DEPARTMENT OF LABOR Employee Benefits Security Administration Proposed Extension of Information... Review Procedures for Non-Grandfathered Plans AGENCY: Employee Benefits Security Administration..., Office of Policy and Research, Employee Benefits Security Administration, U.S. Department of Labor, 200...

A Framework for an Institutional High Level Security Policy for the Processing of Medical Data and their Transmission through the Internet

PubMed Central

Pangalos, George

2001-01-01

Background The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. Objective To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. Methods We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. Results We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. Conclusions The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented. PMID:11720956

A framework for an institutional high level security policy for the processing of medical data and their transmission through the Internet.

PubMed

Ilioudis, C; Pangalos, G

2001-01-01

The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented.

48 CFR 539.7001 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Additional Requirements for Purchases Not in Support of... Information Security Management Act (FISMA) describes Federal agency security responsibilities as including... behalf of an agency.” (b) Employees responsible for or procuring information technology supplies...

48 CFR 539.7001 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Additional Requirements for Purchases Not in Support of... Information Security Management Act (FISMA) describes Federal agency security responsibilities as including... behalf of an agency.” (b) Employees responsible for or procuring information technology supplies...

48 CFR 539.7001 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Additional Requirements for Purchases Not in Support of... Information Security Management Act (FISMA) describes Federal agency security responsibilities as including... behalf of an agency.” (b) Employees responsible for or procuring information technology supplies...

48 CFR 539.7001 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Additional Requirements for Purchases Not in Support of... Information Security Management Act (FISMA) describes Federal agency security responsibilities as including... behalf of an agency.” (b) Employees responsible for or procuring information technology supplies...

Reviewing and reforming policy in health enterprise information security

NASA Astrophysics Data System (ADS)

Sostrom, Kristen; Collmann, Jeff R.

2001-08-01

Health information management policies usually address the use of paper records with little or no mention of electronic health records. Information Technology (IT) policies often ignore the health care business needs and operational use of the information stored in its systems. Representatives from the Telemedicine & Advanced Technology Research Center, TRICARE and Offices of the Surgeon General of each Military Service, collectively referred to as the Policies, Procedures and Practices Work Group (P3WG), examined military policies and regulations relating to computer-based information systems and medical records management. Using a system of templates and matrices created for the purpose, P3WG identified gaps and discrepancies in DoD and service compliance with the proposed Health Insurance Portability and Accountability Act (HIPAA) Security Standard. P3WG represents an unprecedented attempt to coordinate policy review and revision across all military health services and the Office of Health Affairs. This method of policy reform can identify where changes need to be made to integrate health management policy and IT policy in to an organizational policy that will enable compliance with HIPAA standards. The process models how large enterprises may coordinate policy revision and reform across broad organizational and work domains.

Access Control based on Attribute Certificates for Medical Intranet Applications

PubMed Central

Georgiadis, Christos; Pangalos, George; Khair, Marie

2001-01-01

Background Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. Objectives To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. Methods We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Results Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Conclusions Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy. PMID:11720951

Security measures required for HIPAA privacy.

PubMed

Amatayakul, M

2000-01-01

HIPAA security requirements include administrative, physical, and technical services and mechanisms to safeguard confidentiality, availability, and integrity of health information. Security measures, however, must be implemented in the context of an organization's privacy policies. Because HIPAA's proposed privacy rules are flexible and scalable to account for the nature of each organization's business, size, and resources, each organization will be determining its own privacy policies within the context of the HIPAA requirements and its security capabilities. Security measures cannot be implemented in a vacuum.

New Frameworks for Detecting and Minimizing Information Leakage in Anonymized Network Data

DTIC Science & Technology

2011-10-01

researcher the exact extent to which a particular utility is affected by the anonymization. For instance, Karr et al.’s use of the Kullback - Leibler ...technical, legal, policy, and privacy issues limit the ability of operators to produce data sets for information security testing . In an effort to...technical, legal, policy, and privacy issues limit the ability of operators to produce datasets for information security testing . In an effort to help

75 FR 37819 - Proposed Information Quality Guidelines Policy

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-30

... DEPARTMENT OF HOMELAND SECURITY Proposed Information Quality Guidelines Policy ACTION: Notice and request for public comment on Proposed Information Quality Guidelines. SUMMARY: These guidelines should be used to ensure and maximize the quality of disseminated information. The Department's guidelines are...

17 CFR 200.13b - Director of the Office of Public Affairs, Policy Evaluation, and Research.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Director of the Office of Public Affairs, Policy Evaluation, and Research. 200.13b Section 200.13b Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management General...

32 CFR 2400.2 - Purpose.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General... § 2400.1 that information of the Office of Science and Technology Policy (OSTP) relating to national...

32 CFR 2400.2 - Purpose.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General... § 2400.1 that information of the Office of Science and Technology Policy (OSTP) relating to national...

32 CFR 2400.2 - Purpose.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General... § 2400.1 that information of the Office of Science and Technology Policy (OSTP) relating to national...

32 CFR 2400.2 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General... § 2400.1 that information of the Office of Science and Technology Policy (OSTP) relating to national...

32 CFR 2400.2 - Purpose.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General... § 2400.1 that information of the Office of Science and Technology Policy (OSTP) relating to national...

Security breaches: tips for assessing and limiting your risks.

PubMed

Coons, Leeanne R

2011-01-01

As part of their compliance planning, medical practices should undergo a risk assessment to determine any vulnerability within the practice relative to security breaches. Practices should also implement safeguards to limit their risks. Such safeguards include facility access controls, information and electronic media management, use of business associate agreements, and education and enforcement. Implementation of specific policies and procedures to address security incidents is another critical step that medical practices should take as part of their security incident prevention plan. Medical practices should not only develop policies and procedures to prevent, detect, contain, and correct security violations, but should make sure that such policies and procedures are actually implemented in their everyday operations.

Information Assurance and Cyber Defence (Assurance de l’information et cyberdefense)

DTIC Science & Technology

2010-11-01

project is that knowledge exchange in a timely fashion is highly significant. Authentication and Authorisation of Users and Services in Federated...Detection, Protection and Countermeasures; • Security Models and Architectures; • Security Policies, Evaluation, Authorisation and Access Control; and...Evaluation, Authorisation and Access Control • Network and Information Security Awareness The topics for the symposium had been established

Toward Privacy-preserving Content Access Control for Information Centric Networking

DTIC Science & Technology

2014-03-01

REPORT Toward Privacy-preserving Content Access Control for Information Centric Networking 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: Information...regardless the security mechanisms provided by different content hosting servers. However, using ABE has a drawback that the enforced content access...Encryption (ABE) is a flexible approach to enforce the content access policies regardless the security mechanisms provided by different content hosting

Privacy, confidentiality, and security in information systems of state health agencies.

PubMed

O'Brien, D G; Yasnoff, W A

1999-05-01

To assess the employment and status of privacy, confidentiality, security and fair information practices in electronic information systems of U.S. state health agencies. A survey instrument was developed and administered to key contacts within the state health agencies of each of the 50 U.S. states, Puerto Rico and the District of Columbia. About a third of U.S. state health agencies have no written policies in place regarding privacy and confidentiality in electronic information systems. The doctrines of fair information practice often seemed to be ignored. One quarter of the agencies reported at least one security breach during the past two years, and 16% experienced a privacy and confidentiality related transgression. Most of the breaches were committed by personnel from within the agencies. These results raise questions about the integrity of existing privacy, confidentiality and security measures in the information systems of U.S. state health agencies. Recommendations include the development and vigorous enforcement of written privacy and confidentiality policies, increased personnel training, and expanded implementation of security measures such as encryption and system firewalls. A discussion of the current status of U.S. privacy, confidentiality and security issues is offered.

Looming Discontinuities in U.S. Military Strategy and Defense Planning: Colliding RMAs Necessitate a New Strategy

DTIC Science & Technology

2011-01-01

CARE INFRASTRUCTURE AND TRANSPORTATION INTERNATIONAL AFFAIRS LAW AND BUSINESS NATIONAL SECURITY POPULATION AND AGING PUBLIC SAFETY SCIENCE AND...research was conducted within the International Security and Defense Policy Center of the RAND National Defense Research Institute, a federally funded...Marine Corps, the defense agencies, and the defense Intelligence Community. For more information on the International Security and Defense Policy

22 CFR 9a.2 - General policy.

Code of Federal Regulations, 2010 CFR

2010-04-01

... important element of our national security. The effectiveness of the Agreement depends significantly upon... 22 Foreign Relations 1 2010-04-01 2010-04-01 false General policy. 9a.2 Section 9a.2 Foreign Relations DEPARTMENT OF STATE GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL...

Usable SPACE: Security, Privacy, and Context for the Mobile User

NASA Astrophysics Data System (ADS)

Jutla, Dawn

Users breach the security of data within many financial applications daily as human and/or business expediency to access and use information wins over corporate security policy guidelines. Recognizing that changing user context often requires different security mechanisms, we discuss end-to-end solutions combining several security and context mechanisms for relevant security control and information presentation in various mobile user situations. We illustrate key concepts using Dimitri Kanevskys (IBM Research) early 2000s patented inventions for voice security and classification.

46 CFR 503.56 - General declassification and downgrading policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... INFORMATION Information Security Program § 503.56 General declassification and downgrading policy. (a) The... Order 13526, only over that information originally classified by the Commission under previous Executive... declassify information originally classified by other agencies. (b) The Commission does not now have original...

The Making of a National Information Policy: Examining the Legislative Components and the Social Factors that Influence the Development of Information Policy in Israel.

ERIC Educational Resources Information Center

Rabina, Debbie L.

2000-01-01

Discusses the development of a national information policy in Israel. Topics include political climate; security concerns; censorship; lack of openness; progress in the peace process; technical innovativeness; a desire to join the international community; and legislation, including privacy protection, freedom of information, and copyright.…

From the Weakest Link to the Best Defense: Exploring the Factors That Affect Employee Intention to Comply with Information Security Policies

ERIC Educational Resources Information Center

Aurigemma, Salvatore

2013-01-01

Information and information systems have become embedded in the fabric of contemporary organizations throughout the world. As the reliance on information technology has increased, so too have the threats and costs associated with protecting organizational information resources. To combat potential information security threats, organizations rely…

5 Key Ways Your Electronic Data May Be at Risk

ERIC Educational Resources Information Center

Titus, Aaron

2008-01-01

This article describes five organizational policies and behavior that put personal information in jeopardy. These are: (1) Inadequate security for old data; (2) Shadow systems and unregulated servers; (3) Unsophisticated privacy policies; (4) Improper use of Social Security numbers; and (5) Unsanitized old hard drives. Although the academic…

Study of the Use of Ada in Trusted Computing Bases (TCBs) to be Certified at, or Below, the B3 Level

DTIC Science & Technology

1989-04-01

of th . Each M class, fran Cl throh B3, is described. nTe tor ajor steadings of TcBs, Security policy , Acxntability, Ass-ranre, and D Mnt.Iticn, am...the system’s security policy . Data - Information with a specific physical representation. Discreticnary A C Itrol - A means of restricting access to...including hardware firmware, and software - the cambination of which is responsible for enforcing a security policy . A TCB consists of one or more

Defining Information Security.

PubMed

Lundgren, Björn; Möller, Niklas

2017-11-15

This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

Notification: Follow-up Review of EPA’s Classification of National Security Information

EPA Pesticide Factsheets

Project #OPE-FY15-0057, July 20, 2015. The EPA OIG plans to begin preliminary research on the OARM actions taken to improve policies and procedures related to the classification of national security information.

32 CFR 223.4 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... dissemination of unclassified information pertaining to security measures, including security plans, procedures... security by significantly increasing the likelihood of the illegal production of nuclear weapons or the... the public or the common defense and security. (d) This part and title 10 of the Code of Federal...

32 CFR 223.4 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... dissemination of unclassified information pertaining to security measures, including security plans, procedures... security by significantly increasing the likelihood of the illegal production of nuclear weapons or the... the public or the common defense and security. (d) This part and title 10 of the Code of Federal...

Retail E-Commerce Security Status among Fortune 500 Corporations

ERIC Educational Resources Information Center

Zhao, Jensen J.; Zhao, Sherry Y.

2012-01-01

The authors assessed the "Fortune 500" corporations' retail e-commerce security to identify their strengths and weaknesses for improvement. They used online content analysis, information security auditing, and network security mapping for data collection and analysis. The findings indicate that most sites posted security policies; however, only…

The effects of a social media policy on pharmacy students' facebook security settings.

PubMed

Williams, Jennifer; Feild, Carinda; James, Kristina

2011-11-10

To examine how students entering a doctor of pharmacy (PharmD) program used Facebook privacy settings before and after the college's social media policy was presented to them. The Facebook profiles of all entering first-year pharmacy students across 4 campuses of a college of pharmacy were evaluated. Ten dichotomous variables of interest were viewed and recorded for each student's Facebook account at 3 time points: before the start of the semester, after presentation of the college's social media policy, and at the end of the semester. Data on whether a profile could be found and what portions of the profile were viewable also were collected. After introduction of the policy, a significant number of students increased their security settings (made information not visible to the public) related to Facebook walls, information pages, and links. Making pharmacy students aware of a college's social media policy had a positive impact on their behaviors regarding online security and privacy.

The Effects of a Social Media Policy on Pharmacy Students’ Facebook Security Settings

PubMed Central

Feild, Carinda; James, Kristina

2011-01-01

Objective. To examine how students entering a doctor of pharmacy (PharmD) program used Facebook privacy settings before and after the college's social media policy was presented to them. Methods. The Facebook profiles of all entering first-year pharmacy students across 4 campuses of a college of pharmacy were evaluated. Ten dichotomous variables of interest were viewed and recorded for each student's Facebook account at 3 time points: before the start of the semester, after presentation of the college's social media policy, and at the end of the semester. Data on whether a profile could be found and what portions of the profile were viewable also were collected. Results. After introduction of the policy, a significant number of students increased their security settings (made information not visible to the public) related to Facebook walls, information pages, and links. Conclusions. Making pharmacy students aware of a college's social media policy had a positive impact on their behaviors regarding online security and privacy. PMID:22171105

75 FR 62399 - Office of the National Coordinator for Health Information Technology; HIT Standards Committee...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-08

..., implementation, and privacy and security. HIT Standards Committee Schedule for the Assessment of HIT Policy... recommendations received from the HIT Policy Committee regarding health information technology standards...), section 3003. Erin Poetter, Office of Policy and Planning, Office of the National Coordinator for Health...

Development of a privacy and security policy framework for a multistate comparative effectiveness research network.

PubMed

Kim, Katherine K; McGraw, Deven; Mamo, Laura; Ohno-Machado, Lucila

2013-08-01

Comparative effectiveness research (CER) conducted in distributed research networks (DRNs) is subject to different state laws and regulations as well as institution-specific policies intended to protect privacy and security of health information. The goal of the Scalable National Network for Effectiveness Research (SCANNER) project is to develop and demonstrate a scalable, flexible technical infrastructure for DRNs that enables near real-time CER consistent with privacy and security laws and best practices. This investigation began with an analysis of privacy and security laws and state health information exchange (HIE) guidelines applicable to SCANNER participants from California, Illinois, Massachusetts, and the Federal Veteran's Administration. A 7-member expert panel of policy and technical experts reviewed the analysis and gave input into the framework during 5 meetings held in 2011-2012. The state/federal guidelines were applied to 3 CER use cases: safety of new oral hematologic medications; medication therapy management for patients with diabetes and hypertension; and informational interventions for providers in the treatment of acute respiratory infections. The policy framework provides flexibility, beginning with a use-case approach rather than a one-size-fits-all approach. The policies may vary depending on the type of patient data shared (aggregate counts, deidentified, limited, and fully identified datasets) and the flow of data. The types of agreements necessary for a DRN may include a network-level and data use agreements. The need for flexibility in the development and implementation of policies must be balanced with responsibilities of data stewardship.

12 CFR Appendix C to Part 1720 - Policy Guidance; Safety and Soundness Standards for Information

Code of Federal Regulations, 2014 CFR

2014-01-01

... Standards for Information C Appendix C to Part 1720 Banks and Banking OFFICE OF FEDERAL HOUSING ENTERPRISE..., App. C Appendix C to Part 1720—Policy Guidance; Safety and Soundness Standards for Information A... for Information 1. Information Security Program. 2. Objectives. C—Development and Implementation of...

12 CFR Appendix C to Part 1720 - Policy Guidance; Safety and Soundness Standards for Information

Code of Federal Regulations, 2012 CFR

2012-01-01

... for Information C Appendix C to Part 1720 Banks and Banking OFFICE OF FEDERAL HOUSING ENTERPRISE..., App. C Appendix C to Part 1720—Policy Guidance; Safety and Soundness Standards for Information A... for Information 1. Information Security Program. 2. Objectives. C—Development and Implementation of...

12 CFR Appendix C to Part 1720 - Policy Guidance; Safety and Soundness Standards for Information

Code of Federal Regulations, 2010 CFR

2010-01-01

... for Information C Appendix C to Part 1720 Banks and Banking OFFICE OF FEDERAL HOUSING ENTERPRISE..., App. C Appendix C to Part 1720—Policy Guidance; Safety and Soundness Standards for Information A... for Information 1. Information Security Program. 2. Objectives. C—Development and Implementation of...

17 CFR 229.302 - (Item 302) Supplementary financial information.

Code of Federal Regulations, 2010 CFR

2010-04-01

... paragraphs 9-34 of Statement of Financial Accounting Standards (“SFAS”) No. 69, “Disclosures about Oil and... financial information. 229.302 Section 229.302 Commodity and Securities Exchanges SECURITIES AND EXCHANGE... 1934 AND ENERGY POLICY AND CONSERVATION ACT OF 1975-REGULATION S-K Financial Information § 229.302...

Automated Information Security Will Not Improve until Effectively Supported by IRM.

ERIC Educational Resources Information Center

Chick, Morey J.

1989-01-01

The first of two articles on the nature of the growing problem of automated information systems security, especially in the federal government, this article presents a brief history of the problem and describes the need for integrating security activities into overall policies and programs to help reduce system vulnerabilities and risks. (23…

22 CFR 9a.2 - General policy.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Relations DEPARTMENT OF STATE GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL... important element of our national security. The effectiveness of the Agreement depends significantly upon the provision and exchange of information and material by participants in advisory bodies created by...

Technical solutions for mitigating security threats caused by health professionals in clinical settings.

PubMed

Fernandez-Aleman, Jose Luis; Belen Sanchez Garcia, Ana; Garcia-Mateos, Gines; Toval, Ambrosio

2015-08-01

The objective of this paper is to present a brief description of technical solutions for health information system security threats caused by inadequate security and privacy practices in healthcare professionals. A literature search was carried out in ScienceDirect, ACM Digital Library and IEEE Digital Library to find papers reporting technical solutions for certain security problems in information systems used in clinical settings. A total of 17 technical solutions were identified: measures for password security, the secure use of e-mail, the Internet, portable storage devices, printers and screens. Although technical safeguards are essential to the security of healthcare organization's information systems, good training, awareness programs and adopting a proper information security policy are particularly important to prevent insiders from causing security incidents.

Security Policy and Infrastructure in the Context of a Multi-Centeric Information System Dedicated to Autism Spectrum Disorder.

PubMed

Ben Said, Mohamed; Robel, Laurence; Golse, Bernard; Jais, Jean Philippe

2017-01-01

Autism spectrum disorders (ASD) are complex neuro-developmental disorders affecting children in their early age. The diagnosis of ASD relies on multidisciplinary investigations, in psychiatry, neurology, genetics, electrophysiology, neuro-imagery, audiology and ophthalmology. In order to support clinicians, researchers and public health decision makers, we designed an information system dedicated to ASD, called TEDIS. TEDIS was designed to manage systematic, exhaustive and continuous multi-centric patient data collection via secured Internet connections. In this paper, we present the security policy and security infrastructure we developed to protect ASD' patients' clinical data and patients' privacy. We tested our system on 359 ASD patient records in a local secured intranet environment and showed that the security system is functional, with a consistent, transparent and safe encrypting-decrypting behavior. It is ready for deployment in the nine ASD expert assessment centers in the Ile de France district.

Components of a Course on National Security Policy.

ERIC Educational Resources Information Center

Quester, George H.

1987-01-01

Describes the components of a course on the formation of national security policy. Includes information on the amount of emphasis and instructional approach to take with each component of the course. Components include the nature of strategy, the role of war in international politics, disarmament and arms control, nuclear weapons and nuclear war,…

Computer Network Security- The Challenges of Securing a Computer Network

NASA Technical Reports Server (NTRS)

Scotti, Vincent, Jr.

2011-01-01

This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

The Department of Defense Information Security Process: A Study of Change Acceptance and Past-Performance-Based Outsourcing

ERIC Educational Resources Information Center

Hackney, Dennis W. G.

2011-01-01

Subchapter III of Chapter 35 of Title 44, United States Code, Federal Information Security Management Act of 2002; Department of Defense (DoD) Directive 8500.01E, Information Assurance, October 24, 2002; DoD Directive 8100.1, Global Information Grid Overarching Policy, September 19, 2002; and DoD Instruction 8500.2, Information Assurance…

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2013 CFR

2013-10-01

... REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health... accordance with § 164.306: (1)(i) Standard: Security management process. Implement policies and procedures to... to the confidentiality, integrity, and availability of electronic protected health information held...

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2014 CFR

2014-10-01

... REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health... accordance with § 164.306: (1)(i) Standard: Security management process. Implement policies and procedures to... to the confidentiality, integrity, and availability of electronic protected health information held...

An Agile Enterprise Regulation Architecture for Health Information Security Management

PubMed Central

Chen, Ying-Pei; Hsieh, Sung-Huai; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

2010-01-01

Abstract Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital. PMID:20815748

An agile enterprise regulation architecture for health information security management.

PubMed

Chen, Ying-Pei; Hsieh, Sung-Huai; Cheng, Po-Hsun; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

2010-09-01

Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital.

Strengthening Data Confidentiality and Integrity Protection in the Context of a Multi-Centric Information System Dedicated to Autism Spectrum Disorder.

PubMed

Ben Said, Mohamed; Robel, Laurence; Golse, Bernard; Jais, Jean Philippe

2017-01-01

Autism spectrum disorders (ASD) are complex neuro-developmental disorders affecting children in early age. Diagnosis relies on multidisciplinary investigations, in psychiatry, neurology, genetics, electrophysiology, neuro-imagery, audiology, and ophthalmology. To support clinicians, researchers, and public health decision makers, we developed an information system dedicated to ASD, called TEDIS. It was designed to manage systematic, exhaustive and continuous multi-centric patient data collection via secured internet connections. TEDIS will be deployed in nine ASD expert assessment centers in Ile-DeFrance district. We present security policy and infrastructure developed in context of TEDIS to protect patient privacy and clinical information. TEDIS security policy was organized around governance, ethical and organisational chart-agreement, patients consents, controlled user access, patients' privacy protection, constrained patients' data access. Security infrastructure was enriched by further technical solutions to reinforce ASD patients' privacy protection. Solutions were tested on local secured intranet environment and showed fluid functionality with consistent, transparent and safe encrypting-decrypting results.

A study on an information security system of a regional collaborative medical platform.

PubMed

Zhao, Junping; Peng, Kun; Leng, Jinchang; Sun, Xiaowei; Zhang, Zhenjiang; Xue, Wanguo; Ren, Lianzhong

2010-01-01

The objective of this study was to share the experience of building an information security system for a regional collaborative medical platform (RCMP) and discuss the lessons learned from practical projects. Safety measures are analyzed from the perspective of system engineering. We present the essential requirements, critical architectures, and policies for system security of regional collaborative medical platforms.

SPAN security policies and guidelines

NASA Technical Reports Server (NTRS)

Sisson, Patricia L.; Green, James L.

1989-01-01

A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment.

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

Ownership, Privacy, Confidentiality, and Security Data.

ERIC Educational Resources Information Center

Staman, E. Michael

1986-01-01

One of the areas most often neglected by those responsible for information systems in colleges and universities relates to ownership, privacy, confidentiality, and security of data. Background information and definitions are provided, and a suggested environment is described. Model recommendations for institutional policy are offered. (MLW)

44 CFR 8.1 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.1 Purpose. (a) Section 5.3(b) of Executive Order (EO) 12356, “National Security Information” requires agencies to promulgate implementing policies and regulations. To...

Geographic Information Office

USGS Publications Warehouse

,

2004-01-01

The Geographic Information Office (GIO) is the principal information office for U.S. Geological Survey (USGS), focused on: Information Policy and Services, Information Technology, Science Information, Information Security, and the Federal Geographic Data Committee/Geospatial One Stop.

32 CFR 2400.17 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification... prescribed in § 2400.9 of this part despite the passage of time. The Office of Science and Technology Policy...

32 CFR 2400.17 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification... prescribed in § 2400.9 of this part despite the passage of time. The Office of Science and Technology Policy...

32 CFR 2400.17 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification... prescribed in § 2400.9 of this part despite the passage of time. The Office of Science and Technology Policy...

32 CFR 2400.17 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification... prescribed in § 2400.9 of this part despite the passage of time. The Office of Science and Technology Policy...

32 CFR 2400.17 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification... prescribed in § 2400.9 of this part despite the passage of time. The Office of Science and Technology Policy...

12 CFR Appendix C to Part 1720 - Policy Guidance; Safety and Soundness Standards for Information

Code of Federal Regulations, 2013 CFR

2013-01-01

... Information Security Program 1. Involve the Board of Directors. 2. Assess Risk. 3. Manage and Control Risk. 4. Oversee Service Provider Arrangements. 5. Adjust the Program. 6. Report to the Board. 7. Implementation. A...—Development and Implementation of Information Security Program 1. Involve the Board of Directors. The board of...

New institutional mechanisms to bridge the information gap between climate science and public policy decisions

NASA Astrophysics Data System (ADS)

Rogers, W.; Gulledge, J. M.

2010-12-01

Many decision makers lack actionable scientific information needed to prepare for future challenges associated with climate change. Although the scope and quality of available scientific information has increased dramatically in recent years, this information does not always reach - or is not presented in a form that is useful to - decision makers who need it. The producer (i.e. scientists) community tends to be stovepiped, even though consumers (i.e. decision makers) often need interdisciplinary science and analysis. Consumers, who may also be stovepiped in various agencies or subject areas, may lack familiarity with or access to these separate communities, as well as the tools or time to navigate scientific information and disciplines. Closing the communication gap between these communities could be facilitated by institutionalizing processes designed for this purpose. We recommend a variety of mainstreaming policies within the consumer community, as well as mechanisms to generate a strong demand signal that will resonate more strongly with the producer community. We also recommend institutional reforms and methods of incentivizing policy-oriented scientific analysis within the producer community. Our recommendations focus on improving information flow to national security and foreign policy decision makers, but many are relevant to public policy writ large. Recommendations for Producers 1. The scientific community should formally encourage collaborations between natural and social scientists and reward publications in interdisciplinary outlets Incentives could include research funding and honorary awards recognizing service to public policy. 2. Academic merit review should reward research grants and publications targeted at interdisciplinary and/or policy-oriented audiences. Reforms of merit review may require new policies and engaged institutional leadership. Recommendations for Consumers 1. Congress should amend Title VI of the National Defense Education Act to encourage the development of multidisciplinary educational programs on the national security implications of climate change. 2. Federal agencies should establish funding programs to encourage producers to provide scientific information tailored to consumer needs. 3. The Department of State should appoint climate advisors to serve within the regional bureaus and on the policy and planning staff. 4. Federal agencies, the Department of Education, and the National Science Foundation should develop programs to stimulate new interdisciplinary research partnerships and training of a new generation of interdisciplinary climate change risk thinkers, assessors and managers. 5. Federal agencies should encourage Senior Executive Service decision makers to participate in science policy certi¬fication workshops and include science and technology policy as a core curricu¬lum component of the SES Federal Candidate Development Program. These recommendations are described in detail in a report published by the Center for a New American Security: Rogers, W. and J. Gulledge (2010) Lost in Translation: Closing the Gap Between Climate Science and National Security Policy (available online: http://cnas.org/node/4391)

Are personal health records safe? A review of free web-accessible personal health record privacy policies.

PubMed

Carrión Señor, Inmaculada; Fernández-Alemán, José Luis; Toval, Ambrosio

2012-08-23

Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users' concerns regarding the privacy and security of their personal health information. To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users' accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low.

Are Personal Health Records Safe? A Review of Free Web-Accessible Personal Health Record Privacy Policies

PubMed Central

Fernández-Alemán, José Luis; Toval, Ambrosio

2012-01-01

Background Several obstacles prevent the adoption and use of personal health record (PHR) systems, including users’ concerns regarding the privacy and security of their personal health information. Objective To analyze the privacy and security characteristics of PHR privacy policies. It is hoped that identification of the strengths and weaknesses of the PHR systems will be useful for PHR users, health care professionals, decision makers, and designers. Methods We conducted a systematic review using the principal databases related to health and computer science to discover the Web-based and free PHR systems mentioned in published articles. The privacy policy of each PHR system selected was reviewed to extract its main privacy and security characteristics. Results The search of databases and the myPHR website provided a total of 52 PHR systems, of which 24 met our inclusion criteria. Of these, 17 (71%) allowed users to manage their data and to control access to their health care information. Only 9 (38%) PHR systems permitted users to check who had accessed their data. The majority of PHR systems used information related to the users’ accesses to monitor and analyze system use, 12 (50%) of them aggregated user information to publish trends, and 20 (83%) used diverse types of security measures. Finally, 15 (63%) PHR systems were based on regulations or principles such as the US Health Insurance Portability and Accountability Act (HIPAA) and the Health on the Net Foundation Code of Conduct (HONcode). Conclusions Most privacy policies of PHR systems do not provide an in-depth description of the security measures that they use. Moreover, compliance with standards and regulations in PHR systems is still low. PMID:22917868

Policy reconciliation for access control in dynamic cross-enterprise collaborations

NASA Astrophysics Data System (ADS)

Preuveneers, D.; Joosen, W.; Ilie-Zudor, E.

2018-03-01

In dynamic cross-enterprise collaborations, different enterprises form a - possibly temporary - business relationship. To integrate their business processes, enterprises may need to grant each other limited access to their information systems. Authentication and authorization are key to secure information handling. However, access control policies often rely on non-standardized attributes to describe the roles and permissions of their employees which convolutes cross-organizational authorization when business relationships evolve quickly. Our framework addresses the managerial overhead of continuous updates to access control policies for enterprise information systems to accommodate disparate attribute usage. By inferring attribute relationships, our framework facilitates attribute and policy reconciliation, and automatically aligns dynamic entitlements during the evaluation of authorization decisions. We validate our framework with a Industry 4.0 motivating scenario on networked production where such dynamic cross-enterprise collaborations are quintessential. The evaluation reveals the capabilities and performance of our framework, and illustrates the feasibility of liberating the security administrator from manually provisioning and aligning attributes, and verifying the consistency of access control policies for cross-enterprise collaborations.

49 CFR 806.4 - Mandatory review for declassification.

Code of Federal Regulations, 2010 CFR

2010-10-01

... TRANSPORTATION SAFETY BOARD NATIONAL SECURITY INFORMATION POLICY AND GUIDELINES, IMPLEMENTING REGULATIONS § 806.4... 3-501 of E.O. 12065 must be in writing and should be addressed to: National Security Oversight... specified by section 3-501 of E.O. 12065. If the request does not reasonably describe the information sought...

Redefining Security. A Report by the Joint Security Commission

DTIC Science & Technology

1994-02-28

security policies. This report offers recommendations on developing new strategies for achieving security within our infor-mation systems, including...better, and we outline methods of improving government and industry personnel security poli- cies. We offer recommendations on developing new strategies ... strategies , sufficient funding, and management attention if our comput- ers and networks are to protect the confidentiality, integrity, and availability of

Applying the take-grant protection model

NASA Technical Reports Server (NTRS)

Bishop, Matt

1990-01-01

The Take-Grant Protection Model has in the past been used to model multilevel security hierarchies and simple protection systems. The models are extended to include theft of rights and sharing information, and additional security policies are examined. The analysis suggests that in some cases the basic rules of the Take-Grant Protection Model should be augmented to represent the policy properly; when appropriate, such modifications are made and their efforts with respect to the policy and its Take-Grant representation are discussed.

A security mediator for health care information.

PubMed Central

Wiederhold, G.; Bilello, M.; Sarathy, V.; Qian, X.

1996-01-01

The TIHI (Trusted Interoperation of Healthcare Information) project addresses a security issue that arises when some information is being shared among collaborating enterprises, although not all enterprise information is sharable. It assumes that protection exists to prevent intrusion by adversaries through secure transmission and firewalls. The TIHI system design provides a gateway, owned by the enterprise security officer, to mediate queries and responses. The latter are typically transmitted via the Internet. The enterprise policy is determined by rules provided to the mediator. We show examples of typical rules. The problem and our solution, although developed in a healthcare context, is equally valid among collaborating enterprises. PMID:8947640

Fifty Years of Social Security: Past Achievements and Future Challenges. An Information Paper Prepared for Use by the Special Committee on Aging. United States Senate, Ninety-Ninth Congress, First Session.

ERIC Educational Resources Information Center

Congress of the U.S., Washington, DC. Senate Special Committee on Aging.

This document contains six essays examining the history and impact of the social security program on America's economic and social development. "Social Security: The Cornerstone of American Social Welfare Policy," by Malcolm H. Morrison, presents brief background information on the system and discusses the basic principles of social…

32 CFR 2400.3 - Applicability.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General Provisions § 2400.3 Applicability. This Regulation governs the Office of Science and Technology Policy...

32 CFR 2400.25 - Access.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Safeguarding.... (c) The Director, Office of Science and Technology Policy may create special access programs to...

32 CFR 2400.25 - Access.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Safeguarding.... (c) The Director, Office of Science and Technology Policy may create special access programs to...

32 CFR 2400.25 - Access.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Safeguarding.... (c) The Director, Office of Science and Technology Policy may create special access programs to...

32 CFR 2400.3 - Applicability.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General Provisions § 2400.3 Applicability. This Regulation governs the Office of Science and Technology Policy...

32 CFR 2400.3 - Applicability.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General Provisions § 2400.3 Applicability. This Regulation governs the Office of Science and Technology Policy...

32 CFR 2400.3 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General Provisions § 2400.3 Applicability. This Regulation governs the Office of Science and Technology Policy...

32 CFR 2400.25 - Access.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Safeguarding.... (c) The Director, Office of Science and Technology Policy may create special access programs to...

32 CFR 2400.3 - Applicability.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General Provisions § 2400.3 Applicability. This Regulation governs the Office of Science and Technology Policy...

32 CFR 2400.25 - Access.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Safeguarding.... (c) The Director, Office of Science and Technology Policy may create special access programs to...

Security & Privacy Policy - Naval Oceanography Portal

Science.gov Websites

Notice: This is a U.S. Government Web Site 1. This is a World Wide Web site for official information information on this Web site are strictly prohibited and may be punishable under the Computer Fraud and Abuse Information Act (FOIA) | External Link Disclaimer This is an official U.S. Navy web site. Security &

75 FR 15991 - Designation of Greece for the Visa Waiver Program

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-31

... of Homeland Security, in consultation with the Secretary of State, designated Greece as a country... Security, Office of Policy, (202) 282-8732. SUPPLEMENTARY INFORMATION: I. Background A. The Visa Waiver... of Homeland Security (the Secretary), in consultation with the Secretary of State, may designate...

50 CFR 540.1 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 50 Wildlife and Fisheries 11 2013-10-01 2013-10-01 false Policy. 540.1 Section 540.1 Wildlife and Fisheries MARINE MAMMAL COMMISSION INFORMATION SECURITY § 540.1 Policy. It is the policy of the Marine Mammal Commission to act in accordance with Executive Order 12356 in matters relating to national...

A Citizen's Guide to U.S. Foreign Policy: Election '88. Nonpartisan Briefs on 18 Key Issues.

ERIC Educational Resources Information Center

Hoepli, Nancy, Ed.; And Others

In order to make informed voting decisions citizens need background information on complex foreign policy issues facing the United States. This guide presents current issues and provides information to help citizens cast a thoughtful vote. The guide is divided into six main headings: Leadership; Security; Economic and Social Issues; Critical…

12 CFR Appendix C to Part 1720 - Policy Guidance; Safety and Soundness Standards for Information

Code of Federal Regulations, 2011 CFR

2011-01-01

... implementation and reviewing reports from management. 2. Assess Risk. Each Enterprise shall: a. Identify... control risks. 3. Manage and Control Risk. Each Enterprise shall: a. Design its information security... security program. The frequency and nature of such tests should be determined by the Enterprise's risk...

32 CFR 2400.9 - Classification requirements.

Code of Federal Regulations, 2014 CFR

2014-07-01

....9 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY... unauthorized disclosure as determined by the Director, Office of Science and Technology Policy. Each such...

32 CFR 2400.23 - Prohibition.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... 12356 and Directive No. 1, or this regulation: (a) The Office of Science and Technology Policy shall...

32 CFR 2400.23 - Prohibition.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... 12356 and Directive No. 1, or this regulation: (a) The Office of Science and Technology Policy shall...

32 CFR 2400.23 - Prohibition.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... 12356 and Directive No. 1, or this regulation: (a) The Office of Science and Technology Policy shall...

32 CFR 2400.23 - Prohibition.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... 12356 and Directive No. 1, or this regulation: (a) The Office of Science and Technology Policy shall...

32 CFR 2400.9 - Classification requirements.

Code of Federal Regulations, 2011 CFR

2011-07-01

....9 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY... unauthorized disclosure as determined by the Director, Office of Science and Technology Policy. Each such...

32 CFR 2400.9 - Classification requirements.

Code of Federal Regulations, 2012 CFR

2012-07-01

....9 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY... unauthorized disclosure as determined by the Director, Office of Science and Technology Policy. Each such...

32 CFR 2400.9 - Classification requirements.

Code of Federal Regulations, 2010 CFR

2010-07-01

....9 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY... unauthorized disclosure as determined by the Director, Office of Science and Technology Policy. Each such...

32 CFR 2400.23 - Prohibition.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... 12356 and Directive No. 1, or this regulation: (a) The Office of Science and Technology Policy shall...

32 CFR 2400.9 - Classification requirements.

Code of Federal Regulations, 2013 CFR

2013-07-01

....9 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY... unauthorized disclosure as determined by the Director, Office of Science and Technology Policy. Each such...

76 FR 28843 - Meeting of Advisory Committee on International Communications and Information Policy

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-18

... channel for regular consultation and coordination on major economic, social and legal issues and problems in international communications and information policy, especially as these issues and problems... the building. Personal data is requested pursuant to Pub. L. 99-399 (Omnibus Diplomatic Security and...

76 FR 41826 - State, Local, Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-15

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office State, Local, Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC) AGENCY: National Archives and Records... Information Program for State, Local, Tribal, and Private Sector Entities. DATES: The meeting will be held on...

MedBlock: Efficient and Secure Medical Data Sharing Via Blockchain.

PubMed

Fan, Kai; Wang, Shangyang; Ren, Yanhui; Li, Hui; Yang, Yintang

2018-06-21

With the development of electronic information technology, electronic medical records (EMRs) have been a common way to store the patients' data in hospitals. They are stored in different hospitals' databases, even for the same patient. Therefore, it is difficult to construct a summarized EMR for one patient from multiple hospital databases due to the security and privacy concerns. Meanwhile, current EMRs systems lack a standard data management and sharing policy, making it difficult for pharmaceutical scientists to develop precise medicines based on data obtained under different policies. To solve the above problems, we proposed a blockchain-based information management system, MedBlock, to handle patients' information. In this scheme, the distributed ledger of MedBlock allows the efficient EMRs access and EMRs retrieval. The improved consensus mechanism achieves consensus of EMRs without large energy consumption and network congestion. In addition, MedBlock also exhibits high information security combining the customized access control protocols and symmetric cryptography. MedBlock can play an important role in the sensitive medical information sharing.

Network information security in a phase III Integrated Academic Information Management System (IAIMS).

PubMed

Shea, S; Sengupta, S; Crosswell, A; Clayton, P D

1992-01-01

The developing Integrated Academic Information System (IAIMS) at Columbia-Presbyterian Medical Center provides data sharing links between two separate corporate entities, namely Columbia University Medical School and The Presbyterian Hospital, using a network-based architecture. Multiple database servers with heterogeneous user authentication protocols are linked to this network. "One-stop information shopping" implies one log-on procedure per session, not separate log-on and log-off procedures for each server or application used during a session. These circumstances provide challenges at the policy and technical levels to data security at the network level and insuring smooth information access for end users of these network-based services. Five activities being conducted as part of our security project are described: (1) policy development; (2) an authentication server for the network; (3) Kerberos as a tool for providing mutual authentication, encryption, and time stamping of authentication messages; (4) a prototype interface using Kerberos services to authenticate users accessing a network database server; and (5) a Kerberized electronic signature.

Barriers to Securing Data on Bluetooth®-Enabled Mobile Devices: A Phenomenological Study

ERIC Educational Resources Information Center

Hines, Natasha

2015-01-01

Company data on mobile devices is vulnerable and subject to unauthorized access. The general problem is that information security incidents compromise the integrity and authenticity of electronic data. The specific problem is that organizational security policies, procedures, and training do not adequately address the vulnerabilities associated…

32 CFR 264.4 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... purposes only. 2. This information shall be accorded substantially the same degree of security protection... 413(a) of the Mutual Security Act of 1954, as amended (22 U.S.C. 1933(a)), and pursuant to the... the Mutual Security Program, to relieve the Department of Defense of administrative burdens, and to...

Protecting the Privacy and Security of Your Health Information

MedlinePlus

... Access to Medical Records Privacy, Security, and HIPAA Laws, Regulation, and Policy Scientific Initiatives Standards & Technology Usability ... care providers and professionals, and the government. Federal laws require many of the key persons and organizations ...

A Security Audit Framework to Manage Information System Security

NASA Astrophysics Data System (ADS)

Pereira, Teresa; Santos, Henrique

The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

The Terry-Wiseman Security Policy Model and Examples of Its Use

DTIC Science & Technology

1990-03-01

Wiseman Security Policy Model and Examples of Its Use Author: C L Harrold Date: March 1990 Abstract This paper presents a model of security for computer ...Evolution of the Model 7. Summary and References Annex: An Overviev , of the Z N-,,tion Ace5sston For N?.1S (tRA&1DTIC TM-, [ U mr, ),inced El ,v l I...a computer . The files, objects or register locations in which the information may be stored are modelled by the black boxes. The robots model the

Security Economics and European Policy

NASA Astrophysics Data System (ADS)

Anderson, Ross; Böhme, Rainer; Clayton, Richard; Moor, Tyler

In September 2007, we were awarded a contract by the European Network and Information Security Agency (ENISA) to investigate failures in the market for secure electronic communications within the European Union, and come up with policy recommendations. In the process, we spoke to a large number of stakeholders, and held a consultative meeting in December 2007 in Brussels to present draft proposals, which established most had wide stakeholder support. The formal outcome of our work was a detailed report, “Security Economics and the Internal Market”, published by ENISA in March 2008. This paper presents a much abridged version: in it, we present the recommendations we made, along with a summary of our reasoning.

The Current Mind-Set of Federal Information Security Decision-Makers on the Value of Governance: An Informative Study

ERIC Educational Resources Information Center

Stroup, Jay Walter

2014-01-01

Understanding the mind-set or perceptions of organizational leaders and decision-makers is important to ascertaining the trends and priorities in policy and governance of the organization. This study finds that a significant shift in the mind-set of government IT and information security leaders has started and will likely result in placing a…

32 CFR 2400.8 - Limitations on delegation of original classification authority.

Code of Federal Regulations, 2014 CFR

2014-07-01

... OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Original Classification § 2400.8 Limitations on delegation of...

32 CFR 2400.8 - Limitations on delegation of original classification authority.

Code of Federal Regulations, 2010 CFR

2010-07-01

... OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Original Classification § 2400.8 Limitations on delegation of...

32 CFR 2400.8 - Limitations on delegation of original classification authority.

Code of Federal Regulations, 2012 CFR

2012-07-01

... OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Original Classification § 2400.8 Limitations on delegation of...

32 CFR 2400.8 - Limitations on delegation of original classification authority.

Code of Federal Regulations, 2013 CFR

2013-07-01

... OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Original Classification § 2400.8 Limitations on delegation of...

32 CFR 2400.8 - Limitations on delegation of original classification authority.

Code of Federal Regulations, 2011 CFR

2011-07-01

... OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Original Classification § 2400.8 Limitations on delegation of...

Space-Derived Transparency: Players, Policies, Implications, and Synergies

NASA Astrophysics Data System (ADS)

Kinnan, C. J.

2001-06-01

Space-derived transparency will become a common means of monitoring, preventing, and mitigating crises, verifying compliance with treaties and law, and enabling confidence and security building measures. Democratization and globalization, the proliferation of information technologies, the availability of commercial space high-resolution imagery, and the growing influence of NGOs invite this question: What is (space-derived) transparency and what effect does it have on US security policy? Three camps have emerged in the debate -Horaeists who seek to build a transnational society through complete transparency; Preservationists, mostly military, who fear the threat to national security, want to deny most space-derived information to non-traditional/non-state actors; and Synergists who seek to capitalize on the best of both camps. There is evidence suggesting that space-derived transparency is an inevitable trend and will resist even the best means of preservationist control. Space-derived transparency may change the dynamic of the security environment by introducing new players into the policy fomentation and implementation process. These players, if not properly schooled in imagery analysis or the potential effects of their use of misinterpreted space-derived imagery, could force policy makers to make fast, ill-considered decisions in order to respond to incidents. In some cases this fast response will defuse potential crises and in other situations these rushed decisions might result in policies without considering the potential consequences, which could turn incidents into crises. Space-derived transparency is a step forward into the future for each camp . . . the challenge for the United States lies in forging synergies in an increasingly transparent world while maintaining the balance between openness and security.

Attribute based encryption for secure sharing of E-health data

NASA Astrophysics Data System (ADS)

Charanya, R.; Nithya, S.; Manikandan, N.

2017-11-01

Distributed computing is one of the developing innovations in IT part and information security assumes a real part. It includes sending gathering of remote server and programming that permit the unified information and online access to PC administrations. Distributed computing depends on offering of asset among different clients are additionally progressively reallocated on interest. Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. The reasons for security and protection issues, which rise on the grounds that the health information possessed by distinctive clients are put away in some cloud servers rather than under their own particular control”z. To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed. In this paper, in order to make ehealth data’s more secure we use multi party in cloud computing system. Where the health data is encrypted using attributes and key policy. And the user with a particular attribute and key policy alone will be able to decrypt the health data after it is verified by “key distribution centre” and the “secure data distributor”. This technique can be used in medical field for secure storage of patient details and limiting to particular doctor access. To make data’s scalable secure we need to encrypt the health data before outsourcing.

Automated Detection of Privacy Sensitive Conditions in C-CDAs: Security Labeling Services at the Department of Veterans Affairs

PubMed Central

Bouhaddou, Omar; Davis, Mike; Donahue, Margaret; Mallia, Anthony; Griffin, Stephania; Teal, Jennifer; Nebeker, Jonathan

2016-01-01

Care coordination across healthcare organizations depends upon health information exchange. Various policies and laws govern permissible exchange, particularly when the information includes privacy sensitive conditions. The Department of Veterans Affairs (VA) privacy policy has required either blanket consent or manual sensitivity review prior to exchanging any health information. The VA experience has been an expensive, administratively demanding burden on staffand Veterans alike, particularly for patients without privacy sensitive conditions. Until recently, automatic sensitivity determination has not been feasible. This paper proposes a policy-driven algorithmic approach (Security Labeling Service or SLS) to health information exchange that automatically detects the presence or absence of specific privacy sensitive conditions and then, to only require a Veteran signed consent for release when actually present. The SLS was applied successfully to a sample of real patient Consolidated-Clinical Document Architecture(C-CDA) documents. The SLS identified standard terminology codes by both parsing structured entries and analyzing textual information using Natural Language Processing (NLP). PMID:28269828

Automated Detection of Privacy Sensitive Conditions in C-CDAs: Security Labeling Services at the Department of Veterans Affairs.

PubMed

Bouhaddou, Omar; Davis, Mike; Donahue, Margaret; Mallia, Anthony; Griffin, Stephania; Teal, Jennifer; Nebeker, Jonathan

2016-01-01

Care coordination across healthcare organizations depends upon health information exchange. Various policies and laws govern permissible exchange, particularly when the information includes privacy sensitive conditions. The Department of Veterans Affairs (VA) privacy policy has required either blanket consent or manual sensitivity review prior to exchanging any health information. The VA experience has been an expensive, administratively demanding burden on staffand Veterans alike, particularly for patients without privacy sensitive conditions. Until recently, automatic sensitivity determination has not been feasible. This paper proposes a policy-driven algorithmic approach (Security Labeling Service or SLS) to health information exchange that automatically detects the presence or absence of specific privacy sensitive conditions and then, to only require a Veteran signed consent for release when actually present. The SLS was applied successfully to a sample of real patient Consolidated-Clinical Document Architecture(C-CDA) documents. The SLS identified standard terminology codes by both parsing structured entries and analyzing textual information using Natural Language Processing (NLP).

NASA Automatic Information Security Handbook

NASA Technical Reports Server (NTRS)

1993-01-01

This handbook details the Automated Information Security (AIS) management process for NASA. Automated information system security is becoming an increasingly important issue for all NASA managers and with rapid advancements in computer and network technologies and the demanding nature of space exploration and space research have made NASA increasingly dependent on automated systems to store, process, and transmit vast amounts of mission support information, hence the need for AIS systems and management. This handbook provides the consistent policies, procedures, and guidance to assure that an aggressive and effective AIS programs is developed, implemented, and sustained at all NASA organizations and NASA support contractors.

Confidentiality, privacy, and security of genetic and genomic test information in electronic health records: points to consider.

PubMed

McGuire, Amy L; Fisher, Rebecca; Cusenza, Paul; Hudson, Kathy; Rothstein, Mark A; McGraw, Deven; Matteson, Stephen; Glaser, John; Henley, Douglas E

2008-07-01

As clinical genetics evolves, and we embark down the path toward more personalized and effective health care, the amount, detail, and complexity of genetic/genomic test information within the electronic health record will increase. This information should be appropriately protected to secure the trust of patients and to support interoperable electronic health information exchange. This article discusses characteristics of genetic/genomic test information, including predictive capability, immutability, and uniqueness, which should be considered when developing policies about information protection. Issues related to "genetic exceptionalism"; i.e., whether genetic/genomic test information should be treated differently from other medical information for purposes of data access and permissible use, are also considered. These discussions can help guide policy that will facilitate the biological and clinical resource development to support the introduction of this information into health care.

Standards Setting and Federal Information Policy: The Escrowed Encryption Standard (EES).

ERIC Educational Resources Information Center

Gegner, Karen E.; Veeder, Stacy B.

1994-01-01

Examines the standards process used for developing the Escrowed Encryption Standard (EES) and its possible impact on national communication and information policies. Discusses the balance between national security and law enforcement concerns versus privacy rights and economic competitiveness in the area of foreign trade and export controls. (67…

32 CFR 2400.29 - Accountability and control.

Code of Federal Regulations, 2010 CFR

2010-07-01

....29 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY... serve as Top Secret Control Officer (TSCO) for the Office of Science and Technology Policy and will be...

32 CFR 2400.29 - Accountability and control.

Code of Federal Regulations, 2011 CFR

2011-07-01

....29 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY... serve as Top Secret Control Officer (TSCO) for the Office of Science and Technology Policy and will be...

32 CFR 2400.29 - Accountability and control.

Code of Federal Regulations, 2012 CFR

2012-07-01

....29 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY... serve as Top Secret Control Officer (TSCO) for the Office of Science and Technology Policy and will be...

32 CFR 2400.29 - Accountability and control.

Code of Federal Regulations, 2013 CFR

2013-07-01

....29 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY... serve as Top Secret Control Officer (TSCO) for the Office of Science and Technology Policy and will be...

32 CFR 2400.29 - Accountability and control.

Code of Federal Regulations, 2014 CFR

2014-07-01

....29 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY... serve as Top Secret Control Officer (TSCO) for the Office of Science and Technology Policy and will be...

Managing Network Security Policies in Tactical Manet’s Using Drama

DTIC Science & Technology

2010-08-04

Cheng, M. Raykova, A. Poylisher, S. Alexander, M. Eiger, S. M. Bellovin, “ The Zodiac Policy Subsystem: A Policy-Based Management System for a High...hour per response, including the time for reviewing instructions, searching data sources, gathering and maintaining the data needed, and completing and...reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information

Telecommunications Policy Research Conference. Computer and Communications Security Section. Papers.

ERIC Educational Resources Information Center

Telecommunications Policy Research Conference, Inc., Washington, DC.

In his paper, "European Needs and Attitudes towards Information Security," Richard I. Polis notes that the needs for security in computer systems, telecommunications, and media are rather uniform throughout Western Europe, and are seen as being significantly different from the needs in the United States. Recognition of these needs is,…

Information Security in the 1990s: Keeping the Locks on.

ERIC Educational Resources Information Center

Kovac, Ron J.

1999-01-01

As the Internet proliferates, it drastically increases an institution's level of data insecurity. Hacker attacks can result in denial of service, data corruption or erasure, and passive theft (via spoofing, splicing, or session stealing). To ensure data security, a firewall (screening software program) and a security policy should be implemented.…

Scientific Openness and National Security at the National Laboratories

NASA Astrophysics Data System (ADS)

McTague, John

2000-04-01

The possible loss to the People's Republic of China of important U.S. nuclear-weapons-related information has aroused concern about interactions of scientists employed by the national laboratories with foreign nationals. As a result, the National Academies assembled a committee to examine the roles of the national laboratories, the contribution of foreign interactions to the fulfillment of those roles, the risks and benefits of scientific openness in this context, and the merits and liabilities of the specific policies being implemented or proposed with respect to contacts with foreign nationals. The committee concluded that there are many aspects of the work at the laboratories that benefit from or even demand the opportunity for foreign interactions. The committee recommended five principles for guiding policy: (1) Maintain balance. Policy governing international dialogue by laboratory staff should seek to encourage international engagement in some areas, while tightly controlling it in others. (2) Educate staff. Security procedures should be clear, easy to follow, and serve an understandable purpose. (3) Streamline procedures. Good science is compatible with good security if there is intelligent line management both at the labs and in Washington, which applies effective tools for security in a sensible fashion. (4) Focus efforts. DOE should focus its efforts governing tightened security for information. The greatest attention should obviously be provided to the protection of classified information by appropriate physical and cybersecurity measures, and by personnel procedures and training. (5) Beware of prejudice against foreigners. Over the past half-century foreign-born individuals have contributed broadly and profoundly to national security through their work at the national laboratories.

U.S. Army War College Guide to National Security Issues. Volume 2. National Security Policy and Strategy

DTIC Science & Technology

2012-06-01

1998 National War College paper entitled “U.S. National Se- curity Structure: A New Model for the 21st Century” defines the national security community ...fueled by revolu- tions in communications and information management, the emergence of a truly global market and world economy, the primacy of economic...collection of information is estimated to average 1 hour per response, including the time for reviewing instructions , searching existing data sources

Controlled information destruction: the final frontier in preserving information security for every organisation

NASA Astrophysics Data System (ADS)

Curiac, Daniel-Ioan; Pachia, Mihai

2015-05-01

Information security represents the cornerstone of every data processing system that resides in an organisation's trusted network, implementing all necessary protocols, mechanisms and policies to be one step ahead of possible threats. Starting from the need to strengthen the set of security services, in this article we introduce a new and innovative process named controlled information destruction (CID) that is meant to secure sensitive data that are no longer needed for the organisation's future purposes but would be very damaging if revealed. The disposal of this type of data has to be controlled carefully in order to delete not only the information itself but also all its splinters spread throughout the network, thus denying any possibility of recovering the information after its alleged destruction. This process leads to a modified model of information assurance and also reconfigures the architecture of any information security management system. The scheme we envisioned relies on a reshaped information lifecycle, which reveals the impact of the CID procedure directly upon the information states.

76 FR 7595 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-10

... SECURITIES AND EXCHANGE COMMISSION Proposed Collection; Comment Request Upon Written Request, Copies Available From: U.S. Securities and Exchange Commission, Office of Investor Education and Advocacy... distribution, the maintenance of policies regarding information barriers between their affiliates, and the...

[NASA/DOD Aerospace Knowledge Diffusion Research Project. Paper 18:] Scientific and Technical Information (STI) policy and the competitive position of the US aerospace industry

NASA Technical Reports Server (NTRS)

Hernon, Peter; Pinelli, Thomas E.

1992-01-01

With its contribution to trade, its coupling with national security, and its symbolism of U.S. technological strength, the U.S. aerospace industry holds a unique position in the Nation's industrial structure. Federal science and technology policy and Federal scientific and technical information (STI) policy loom important as strategic contributions to the U.S. aerospace industry's leading competitive position. However, three fundamental policy problems exist. First, the United States lacks a coherent STI policy and a unified approach to the development of such a policy. Second, policymakers fail to understand the relationship of STI to science and technology policy. Third, STI is treated as a part of general information policy, without any recognition of its uniqueness. This paper provides an overview of the Federal information policy structure as it relates to STI and frames the policy issues that require resolution.

NASA/DOD Aerospace Knowledge Diffusion Research Project. Paper 18: Scientific and Technical Information (STI) policy and the competitive position of the US aerospace industry

NASA Technical Reports Server (NTRS)

Hernon, Peter; Pinelli, Thomas E.

1992-01-01

With its contribution to trade, its coupling with national security, and its symbolism of U.S. technological strength, the U.S. aerospace industry holds a unique position in the Nation's industrial structure. Federal science and technology policy and Federal scientific and technical information (STI) policy loom important as strategic contributions to the U.S. aerospace industry's leading competitive position. However, three fundamental policy problems exist. First, the United States lacks a coherent STI policy and a unified approach to the development of such a policy. Second, policymakers fail to understand the relationship of STI to science and technology policy. Third, STI is treated as a part of general information policy, without any recognition of its uniqueness. This paper provides an overview of the Federal information policy structure as it relates to STI and frames the policy issues that require resolution.

Trust and Privacy Solutions Based on Holistic Service Requirements.

PubMed

Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

2015-12-24

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens' information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing.

Trust and Privacy Solutions Based on Holistic Service Requirements

PubMed Central

Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

2015-01-01

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens’ information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing. PMID:26712752

Transboundary Water: Improving Methodologies and Developing Integrated Tools to Support Water Security

NASA Technical Reports Server (NTRS)

Hakimdavar, Raha; Wood, Danielle; Eylander, John; Peters-Lidard, Christa; Smith, Jane; Doorn, Brad; Green, David; Hummel, Corey; Moore, Thomas C.

2018-01-01

River basins for which transboundary coordination and governance is a factor are of concern to US national security, yet there is often a lack of sufficient data-driven information available at the needed time horizons to inform transboundary water decision-making for the intelligence, defense, and foreign policy communities. To address this need, a two-day workshop entitled Transboundary Water: Improving Methodologies and Developing Integrated Tools to Support Global Water Security was held in August 2017 in Maryland. The committee that organized and convened the workshop (the Organizing Committee) included representatives from the National Aeronautics and Space Administration (NASA), the US Army Corps of Engineers Engineer Research and Development Center (ERDC), and the US Air Force. The primary goal of the workshop was to advance knowledge on the current US Government and partners' technical information needs and gaps to support national security interests in relation to transboundary water. The workshop also aimed to identify avenues for greater communication and collaboration among the scientific, intelligence, defense, and foreign policy communities. The discussion around transboundary water was considered in the context of the greater global water challenges facing US national security.

75 FR 80082 - State, Local, Tribal, And Private Sector Policy Advisory Committee (SLTPS-PAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-21

..., Tribal, And Private Sector Policy Advisory Committee (SLTPS-PAC) AGENCY: Information Security Oversight... State, Local, Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC). The SLTPS-PAC will..., Tribal, and Private Sector Entities, as specified in Executive Order 13549 and its implementing directive...

32 CFR 2400.26 - Access by historical researchers and former Presidential appointees.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Safeguarding § 2400.26 Access by historical researchers and... be granted only if the Director, Office of Science and Technology Policy: (1) Determines in writing...

32 CFR 2400.26 - Access by historical researchers and former Presidential appointees.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Safeguarding § 2400.26 Access by historical researchers and... be granted only if the Director, Office of Science and Technology Policy: (1) Determines in writing...

32 CFR 2400.26 - Access by historical researchers and former Presidential appointees.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Safeguarding § 2400.26 Access by historical researchers and... be granted only if the Director, Office of Science and Technology Policy: (1) Determines in writing...

32 CFR 2400.26 - Access by historical researchers and former Presidential appointees.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Safeguarding § 2400.26 Access by historical researchers and... be granted only if the Director, Office of Science and Technology Policy: (1) Determines in writing...

32 CFR 2400.26 - Access by historical researchers and former Presidential appointees.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Safeguarding § 2400.26 Access by historical researchers and... be granted only if the Director, Office of Science and Technology Policy: (1) Determines in writing...

The Paradox of German Foreign and Security Policy: With Respect to National Energy Security

DTIC Science & Technology

2009-05-21

analysis from an historical perspective and first published post- materialist theory. It builds on Maslow ‟s hierarchy of needs and seeks to explain how...and maintaining the data needed , and completing and reviewing this collection of information. Send comments regarding this burden estimate or any...policy. Being strategically prepared when market forces fail to balance contradictory interests becomes a necessity for many countries. Based on Germany

A systematic literature review on security and privacy of electronic health record systems: technical perspectives.

PubMed

Rezaeibagha, Fatemeh; Win, Khin Than; Susilo, Willy

Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.

Concepts for a standard based cross-organisational information security management system in the context of a nationwide EHR.

PubMed

Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald

2013-01-01

Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).

Insecure times? Workers' perceived job and labor market security in 23 OECD countries.

PubMed

Hipp, Lena

2016-11-01

By examining the association between employees' perceptions of job security and central labor market policies and characteristics, this paper seeks to understand the mechanisms through which institutions generate confidence and positive expectations among individuals regarding their economic future. The analyses distinguish between different facets of perceived job security and different institutional mechanisms. My multilevel analyses of a data set that contains information on 12,431 individuals and 23 countries show that some labor market policies and characteristics are more likely than others to provide workers with subjective security. Unemployment assistance in particular is an effective means of reducing workers' worries about job loss. Dismissal protection, by contrast, only unleashes its psychologically protective effects under certain conditions. The paper's main conclusion is that the effectiveness of policies varies and that different types of labor market institutions serve as complements rather than as substitutes. Copyright © 2016 Elsevier Inc. All rights reserved.

78 FR 40204 - ProShare Advisors LLC, et al.; Notice of Application

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-03

... receive securities from, the series in connection with the purchase and redemption of Creation Units; and... Inside Information Policy. In accordance with the Code of Ethics \\13\\ and Inside Information Policy of.... \\13\\ The Adviser has also adopted or will adopt a code of ethics pursuant to Rule 17j-1 under the Act...

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

NASA Technical Reports Server (NTRS)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

Information-Flow-Based Access Control for Web Browsers

NASA Astrophysics Data System (ADS)

Yoshihama, Sachiko; Tateishi, Takaaki; Tabuchi, Naoshi; Matsumoto, Tsutomu

The emergence of Web 2.0 technologies such as Ajax and Mashup has revealed the weakness of the same-origin policy[1], the current de facto standard for the Web browser security model. We propose a new browser security model to allow fine-grained access control in the client-side Web applications for secure mashup and user-generated contents. We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege of scripts in the event-driven programming model.

Mobile Security: A Systems Engineering Framework for Implementing Bring Your Own Device (BYOD) Security through the Combination of Policy Management and Technology

ERIC Educational Resources Information Center

Zahadat, Nima

2016-01-01

With the rapid increase of smartphones and tablets, security concerns have also been on the rise. Traditionally, Information Technology (IT) departments set up devices, apply security, and monitor them. Such approaches do not apply to today's mobile devices due to a phenomenon called Bring Your Own Device or BYOD. Employees find it desirable to…

76 FR 21414 - Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-15

... SECURITIES AND EXCHANGE COMMISSION Submission for OMB Review; Comment Request Upon Written Request, Copies Available From: U.S. Securities and Exchange Commission, Office of Investor Education and Advocacy... information barriers between their affiliates, and the maintenance a written policy regarding general...

32 CFR 154.65 - General.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Department of Defense OFFICE OF THE SECRETARY OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY... privacy, it is Department of Defense policy that such personal information shall be handled with the... personnel, contractor employees, and other persons affiliated with the Department of Defense, for access to...

10 CFR 37.7 - Communications.

Code of Federal Regulations, 2014 CFR

2014-01-01

... regulations in this part may be sent as follows: (a) By mail addressed to: ATTN: Document Control Desk... Management Programs; or Director, Division of Security Policy, Office of Nuclear Security and Incident... electronic submission, for example, Electronic Information Exchange, or CD-ROM. Electronic submissions must...

48 CFR 3004.470-1 - Scope.

Code of Federal Regulations, 2010 CFR

2010-10-01

... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive Information Within Industry 3004.470-1 Scope. This section implements DHS's policies for assuring the security of unclassified facilities, Information Technology (IT) resources, and sensitive information during the...

Implementation of data security and data privacy provisions will bring sweeping changes to laboratory service providers.

PubMed

Boothe, J F

2000-01-01

The Health Insurance Portability and Accountability Act included substantial changes involving handling of health information by establishing national standards for electronic transactions, data privacy, and data security. The first final rule for electronic transaction standards was published August 17, 2000. The remaining final rules are expected to be published in Winter 2000. Providers, such as clinical laboratories, will have 26 months from the data of publication to comply. The civil monetary fines for noncompliance are substantial. This article will review the key provisions of the data security and data privacy proposed rules. These provisions will touch virtually every aspect of electronic claims submissions, electronic data transactions, and the electronic storage of medical information. The proposed rules will require a coordinated approach by providers to develop the policies and procedures, and the technical and physical infrastructure to protect health information. Moreover, providers will need to identify a privacy officer, to review existing privacy policies to compare the proposed rule with any existing state laws to determine which may be more stringent, and to develop new policies to address the particular requirements of the final rule.

Strategy for IT Security

NASA Technical Reports Server (NTRS)

Santiago, S. Scott; Moyles, Thomas J. (Technical Monitor)

2001-01-01

This viewgraph presentation provides information on the importance of information technology (IT) security (ITS) to NASA's mission. Several points are made concerning the subject. In order for ITS to be successful, it must be supported by management. NASA, while required by law to keep the public informed of its pursuits, must take precautions due to possible IT-based incursions by computer hackers and other malignant persons. Fear is an excellent motivation for establishing and maintaining a robust ITS policy. The ways in which NASA ITS personnel continually increase security are manifold, however a great deal relies upon the active involvement of the entire NASA community.

Cleared DoD Employees at Risk - Report 2 A Study of Barriers to Seeking Help

DTIC Science & Technology

2002-01-01

PERSEREC examined the relationship between DoD security policy and federally mandated employee assistance programs ( EAPs ) for civilians and...counseling/referral services for military personnel to identify any barriers for cleared DoD employees to using these programs . The study, based largely on...appendices that provides background information for the interested reader on such topics as the EAP movement, military counseling/referral programs , and DoD personnel security policies and programs .

EPPS: Efficient and Privacy-Preserving Personal Health Information Sharing in Mobile Healthcare Social Networks

PubMed Central

Jiang, Shunrong; Zhu, Xiaoyan; Wang, Liangmin

2015-01-01

Mobile healthcare social networks (MHSNs) have emerged as a promising next-generation healthcare system, which will significantly improve the quality of life. However, there are many security and privacy concerns before personal health information (PHI) is shared with other parities. To ensure patients’ full control over their PHI, we propose a fine-grained and scalable data access control scheme based on attribute-based encryption (ABE). Besides, policies themselves for PHI sharing may be sensitive and may reveal information about underlying PHI or about data owners or recipients. In our scheme, we let each attribute contain an attribute name and its value and adopt the Bloom filter to efficiently check attributes before decryption. Thus, the data privacy and policy privacy can be preserved in our proposed scheme. Moreover, considering the fact that the computational cost grows with the complexity of the access policy and the limitation of the resource and energy in a smart phone, we outsource ABE decryption to the cloud while preventing the cloud from learning anything about the content and access policy. The security and performance analysis is carried out to demonstrate that our proposed scheme can achieve fine-grained access policies for PHI sharing in MHSNs. PMID:26404300

EPPS: Efficient and Privacy-Preserving Personal Health Information Sharing in Mobile Healthcare Social Networks.

PubMed

Jiang, Shunrong; Zhu, Xiaoyan; Wang, Liangmin

2015-09-03

Mobile healthcare social networks (MHSNs) have emerged as a promising next-generation healthcare system, which will significantly improve the quality of life. However, there are many security and privacy concerns before personal health information (PHI) is shared with other parities. To ensure patients' full control over their PHI, we propose a fine-grained and scalable data access control scheme based on attribute-based encryption (ABE). Besides, policies themselves for PHI sharing may be sensitive and may reveal information about underlying PHI or about data owners or recipients. In our scheme, we let each attribute contain an attribute name and its value and adopt the Bloom filter to efficiently check attributes before decryption. Thus, the data privacy and policy privacy can be preserved in our proposed scheme. Moreover, considering the fact that the computational cost grows with the complexity of the access policy and the limitation of the resource and energy in a smart phone, we outsource ABE decryption to the cloud while preventing the cloud from learning anything about the content and access policy. The security and performance analysis is carried out to demonstrate that our proposed scheme can achieve fine-grained access policies for PHI sharing in MHSNs.

Implementing Information Assurance - Beyond Process

DTIC Science & Technology

2009-01-01

disabled or properly configured. Tools and scripts are available to expedite the configuration process on some platforms, For example, approved Windows...in the System Security Plan (SSP) or Information Security Plan (lSP). Any PPSs not required for operation by the system must be disabled , This...Services must be disabled , Implementing an 1M capability within the boundary carries many policy and documentation requirements. Usemame and passwords

3 CFR 13556 - Executive Order 13556 of November 4, 2010. Controlled Unclassified Information

Code of Federal Regulations, 2011 CFR

2011-01-01

.... Controlled Unclassified Information 13556 Order 13556 Presidential Documents Executive Orders Executive Order... information, such as information that involves privacy, security, proprietary business interests, and law... safeguarding of documents, led to unclear or unnecessarily restrictive dissemination policies, and created...

Homeland Security and Information Control: A Model of Asymmetric Information Flows.

ERIC Educational Resources Information Center

Maxwell, Terrence A.

2003-01-01

Summarizes some of the activities the United States government has undertaken to control the dissemination of information since 2001. It also explores, through a conceptual model of information flows, potential impacts and discontinuities between policy purposes and outcomes. (AEF)

78 FR 52808 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-26

.... Please direct your written comments to Thomas Bayer, Chief Information Officer, Securities and Exchange....) (``Securities Act''). The primary purpose of the registration process is to provide disclosure of financial and... policy-making roles. The Commission estimates that there are 162 initial registration statements and 29...

12 CFR 12.7 - Securities trading policies and procedures.

Code of Federal Regulations, 2010 CFR

2010-01-01

... registered broker/dealers; (ii) Execute transactions in securities for customers; or (iii) Process orders for... investment recommendations or decisions for the accounts of customers; (ii) Participate in the determination of the recommendations or decisions; or (iii) In connection with their duties, obtain information...

17 CFR 200.13 - Chief Operating Officer.

Code of Federal Regulations, 2012 CFR

2012-04-01

...; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management General Organization... Financial Management, the Office of FOIA, Records Management, and Security, and the Office of Information... management improvements, telecommunications and information technology policies, and other government-wide...

17 CFR 200.13 - Chief Operating Officer.

Code of Federal Regulations, 2013 CFR

2013-04-01

...; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management General Organization... Financial Management, the Office of FOIA, Records Management, and Security, and the Office of Information... management improvements, telecommunications and information technology policies, and other government-wide...

Information Assurance in Saudi Organizations - An Empirical Study

NASA Astrophysics Data System (ADS)

Nabi, Syed Irfan; Mirza, Abdulrahman A.; Alghathbar, Khaled

This paper presents selective results of a survey conducted to find out the much needed insight into the status of information security in Saudi Arabian organizations. The purpose of this research is to give the state of information assurance in the Kingdom and to better understand the prevalent ground realities. The survey covered technical aspects of information security, risk management and information assurance management. The results provide deep insights in to the existing level of information assurance in various sectors that can be helpful in better understanding the intricate details of the prevalent information security in the Kingdom. Also, the results can be very useful for information assurance policy makers in the government as well as private sector organizations. There are few empirical studies on information assurance governance available in literature, especially about the Middle East and Saudi Arabia, therefore, the results are invaluable for information security researchers in improving the understanding of information assurance in this region and the Kingdom.

Critical Infrastructure Protection II, The International Federation for Information Processing, Volume 290.

NASA Astrophysics Data System (ADS)

Papa, Mauricio; Shenoi, Sujeet

The information infrastructure -- comprising computers, embedded devices, networks and software systems -- is vital to day-to-day operations in every sector: information and telecommunications, banking and finance, energy, chemicals and hazardous materials, agriculture, food, water, public health, emergency services, transportation, postal and shipping, government and defense. Global business and industry, governments, indeed society itself, cannot function effectively if major components of the critical information infrastructure are degraded, disabled or destroyed. Critical Infrastructure Protection II describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated, yet practical, solutions that will help secure information, computer and network assets in the various critical infrastructure sectors. Areas of coverage include: - Themes and Issues - Infrastructure Security - Control Systems Security - Security Strategies - Infrastructure Interdependencies - Infrastructure Modeling and Simulation This book is the second volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection. The book contains a selection of twenty edited papers from the Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection held at George Mason University, Arlington, Virginia, USA in the spring of 2008.

International Food Aid Programs: Background and Issues

DTIC Science & Technology

2010-02-03

D. Ho Analyst in Agricultural Policy Charles E. Hanrahan Senior Specialist in Agricultural Policy February 3, 2010 Congressional Research Service...U.S. Treasury. 10 In United States agricultural policy , “monetization” is a P.L. 480 provision (Section 203) first included in the Food Security Act...Contact Information Melissa D. Ho Analyst in Agricultural Policy mho@crs.loc.gov, 7-5342 Charles E. Hanrahan Senior Specialist in Agricultural

32 CFR 1902.13 - Declassification and downgrading policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Declassification and downgrading policy. 1902.13 Section 1902.13 National Defense Other Regulations Relating to National Defense CENTRAL INTELLIGENCE AGENCY INFORMATION SECURITY REGULATIONS Declassification and Downgrading § 1902.13 Declassification and...

32 CFR 1902.13 - Declassification and downgrading policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Declassification and downgrading policy. 1902.13 Section 1902.13 National Defense Other Regulations Relating to National Defense CENTRAL INTELLIGENCE AGENCY INFORMATION SECURITY REGULATIONS Declassification and Downgrading § 1902.13 Declassification and...

44 CFR 334.2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... information developed by the intelligence community and policy statements of the President. (d) Emergency... made on the economy in a full range of possible national security emergencies. Similarly, DOD planning... and agencies and with state and local governments and, therefore, is responsible for developing a...

32 CFR 2400.36 - Declassification.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Declassification. 2400.36 Section 2400.36 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.36 - Declassification.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Declassification. 2400.36 Section 2400.36 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.24 - Downgrading.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Downgrading. 2400.24 Section 2400.24 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.24 - Downgrading.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Downgrading. 2400.24 Section 2400.24 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.24 - Downgrading.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Downgrading. 2400.24 Section 2400.24 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.36 - Declassification.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Declassification. 2400.36 Section 2400.36 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.36 - Declassification.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Declassification. 2400.36 Section 2400.36 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.24 - Downgrading.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Downgrading. 2400.24 Section 2400.24 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.24 - Downgrading.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Downgrading. 2400.24 Section 2400.24 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.36 - Declassification.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Declassification. 2400.36 Section 2400.36 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

17 CFR 160.30 - Procedures to safeguard customer records and information.

Code of Federal Regulations, 2010 CFR

2010-04-01

... customer records and information. 160.30 Section 160.30 Commodity and Securities Exchanges COMMODITY... Date § 160.30 Procedures to safeguard customer records and information. Every futures commission... physical safeguards for the protection of customer records and information. These policies and procedures...

32 CFR 2001.43 - Storage.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Security Policy Board. (b) Requirements for physical protection—(1) Top Secret. Top Secret information... of the alarm annunciation. (2) Secret. Secret information shall be stored in the same manner as Top.... Confidential information shall be stored in the same manner as prescribed for Top Secret or Secret information...

Digital watermarking for secure and adaptive teleconferencing

NASA Astrophysics Data System (ADS)

Vorbrueggen, Jan C.; Thorwirth, Niels

2002-04-01

The EC-sponsored project ANDROID aims to develop a management system for secure active networks. Active network means allowing the network's customers to execute code (Java-based so-called proxylets) on parts of the network infrastructure. Secure means that the network operator nonetheless retains full control over the network and its resources, and that proxylets use ANDROID-developed facilities to provide secure applications. Management is based on policies and allows autonomous, distributed decisions and actions to be taken. Proxylets interface with the system via policies; among actions they can take is controlling execution of other proxylets or redirection of network traffic. Secure teleconferencing is used as the application to demonstrate the approach's advantages. A way to control a teleconference's data streams is to use digital watermarking of the video, audio and/or shared-whiteboard streams, providing an imperceptible and inseparable side channel that delivers information from originating or intermediate stations to downstream stations. Depending on the information carried by the watermark, these stations can take many different actions. Examples are forwarding decisions based on security classifications (possibly time-varying) at security boundaries, set-up and tear-down of virtual private networks, intelligent and adaptive transcoding, recorder or playback control (e.g., speaking off the record), copyright protection, and sender authentication.

77 FR 41204 - State, Local, Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-12

..., Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC) AGENCY: Information Security Oversight..., announcement is made for the committee meeting of the State, Local, Tribal, and Private Sector Policy Advisory..., Local, Tribal, and Private Sector Entities. DATES: The meeting will be held on July 25, 2012, 10:00 a.m...

The Use of Fuzzy Cognitive Modelling to Manage Information Security Audit of Information Portals of Regional Executive Authorities

NASA Astrophysics Data System (ADS)

Rytov, M. Yu; Leksikov, E. V.; Sakalo, V. I.; Kovalev, P. A.

2017-01-01

At the moment the domestic policy of the Russian Federation is being formed in difficult conditions of a foreign policy situation. The regional policy is built on the platform of alignment of social and economic development indices. To maintain the activity of regional social and economic systems is important for the management system of executive authorities (EA), including regional ones. To ensure feasibility of public administration, it is necessary to have vitally active social and economic systems.

Indirect effect of management support on users' compliance behaviour towards information security policies.

PubMed

Humaidi, Norshima; Balakrishnan, Vimala

2018-01-01

Health information systems are innovative products designed to improve the delivery of effective healthcare, but they are also vulnerable to breaches of information security, including unauthorised access, use, disclosure, disruption, modification or destruction, and duplication of passwords. Greater openness and multi-connectedness between heterogeneous stakeholders within health networks increase the security risk. The focus of this research was on the indirect effects of management support (MS) on user compliance behaviour (UCB) towards information security policies (ISPs) among health professionals in selected Malaysian public hospitals. The aim was to identify significant factors and provide a clearer understanding of the nature of compliance behaviour in the health sector environment. Using a survey design and stratified random sampling method, self-administered questionnaires were distributed to 454 healthcare professionals in three hospitals. Drawing on theories of planned behaviour, perceived behavioural control (self-efficacy (SE) and MS components) and the trust factor, an information system security policies compliance model was developed to test three related constructs (MS, SE and perceived trust (PT)) and their relationship to UCB towards ISPs. Results showed a 52.8% variation in UCB through significant factors. Partial least squares structural equation modelling demonstrated that all factors were significant and that MS had an indirect effect on UCB through both PT and SE among respondents to this study. The research model based on the theory of planned behaviour in combination with other human and organisational factors has made a useful contribution towards explaining compliance behaviour in relation to organisational ISPs, with trust being the most significant factor. In adopting a multidimensional approach to management-user interactions via multidisciplinary concepts and theories to evaluate the association between the integrated management-user values and the nature of compliance towards ISPs among selected health professionals, this study has made a unique contribution to the literature.

78 FR 73202 - Review and Revision of the National Critical Infrastructure Security and Resilience (NCISR...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-05

...This Request for Information (RFI) notice informs the public that the Department of Homeland Security's (DHS) Science and Technology Directorate (S&T) is currently developing a National Critical Infrastructure Security and Resilience Research and Development Plan (NCISR R&D Plan) to conform to the requirements of Presidential Policy Directive 21, Critical Infrastructure Security and Resilience. As part of a comprehensive national review process, DHS solicits public comment on issues or language in the NCISR R&D Plan that need to be included. Critical infrastructure includes both cyber and physical components, systems, and networks for the sixteen established ``critical infrastructures''.

78 FR 73915 - Notice of Request for Extension of Currently Approved Information Collection

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-09

..., Enterprise Information Security & Policy. [FR Doc. 2013-29218 Filed 12-6-13; 8:45 am] BILLING CODE 8120-08-P ... TENNESSEE VALLEY AUTHORITY Notice of Request for Extension of Currently Approved Information... Currently Approved Information Collection. SUMMARY: The information collection described below will be...

Regulation, Privacy and Security: Chairman's Opening Remarks

PubMed Central

Gabrieli, E.R.

1979-01-01

Medical privacy is a keystone of a free democratic society. To conserve the right of the patient to medical privacy, computerization of the medical data must be regulated. This paper enumerates some steps to be taken urgently for the protection of computerized sensitive medical data. A computer-oriented medical lexicon is urgently needed for accurate coding. Health industry standards should be drafted. The goals of various data centers must be sharply defined to avoid conflicts of interest. Medical privacy should be studied further, and medical data centers should consider cost-effectiveness. State boards for medical privacy should be created to monitor data security procedures. There is a need for purposeful decentralization. A national medical information policy should be drafted, and a national clinical information board should implement the nation's medical information policy.

Women’s Role in Disaster Management and Implications for National Security

DTIC Science & Technology

2017-07-11

management policies, plans and decision making processes,” available at http://www.unisdr.org/we/ inform /publications/1037. Beijing Agenda for Global...1 WOMEN’S ROLE IN DISASTER MANAGEMENT AND IMPLICATIONS FOR NATIONAL SECURITY By Jessica Ear Introduction Disasters are increasing in...frequency and intensity. For those lacking control and access to services and resources such as education and information , disaster risks are even

Health care data security: one size does not fit all.

PubMed

Krohn, R

2001-11-01

In the wake of the Internet, E-commerce, and particularly the Health Insurance Portability and Accountability Act, data security has risen to the top of health care information technology priorities. What is the correct mix of data security tools, policies, and technologies for the doctor, the hospital, the insurer, the vendor, and everyone else who does business in the health care industry?

Security policies and trust in ubiquitous computing.

PubMed

Joshi, Anupam; Finin, Tim; Kagal, Lalana; Parker, Jim; Patwardhan, Anand

2008-10-28

Ubiquitous environments comprise resource-constrained mobile and wearable devices and computational elements embedded in everyday artefacts. These are connected to each other using both infrastructure-based as well as short-range ad hoc networks. Limited Internet connectivity limits the use of conventional security mechanisms such as public key infrastructures and other forms of server-centric authentication. Under these circumstances, peer-to-peer interactions are well suited for not just information interchange, but also managing security and privacy. However, practical solutions for protecting mobile devices, preserving privacy, evaluating trust and determining the reliability and accuracy of peer-provided data in such interactions are still in their infancy. Our research is directed towards providing stronger assurances of the reliability and trustworthiness of information and services, and the use of declarative policy-driven approaches to handle the open and dynamic nature of such systems. This paper provides an overview of some of the challenges and issues, and points out directions for progress.

Interleaving Semantic Web Reasoning and Service Discovery to Enforce Context-Sensitive Security and Privacy Policies

DTIC Science & Technology

2005-07-01

policies in pervasive computing environments. In this context, the owner of information sources (e.g. user, sensor, application, or organization...work in decentralized trust management and semantic web technologies . Section 3 introduces an Information Disclosure Agent architecture for...Norman Sadeh July 2005 CMU-ISRI-05-113 School of Computer Science, Carnegie Mellon University 5000 Forbes Avenue, Pittsburgh, PA, 15213

Security Concerns in Telecommuting within the Information Technology Industry

ERIC Educational Resources Information Center

Chithambo, Loyce Maosa

2011-01-01

Since the availability of remote access technology, most companies have adopted telecommuting as part of business operations. Although some research has identified policies and procedures when individuals telecommute, limited research exists about existing policies and procedures for telecommuters. The purpose of this qualitative descriptive…

44 CFR 5.81 - Statement of policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 44 Emergency Management and Assistance 1 2010-10-01 2010-10-01 false Statement of policy. 5.81 Section 5.81 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL PRODUCTION OR DISCLOSURE OF INFORMATION Subpoenas or Other Legal Demands for...

32 CFR 2400.6 - Classification levels.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Classification levels. 2400.6 Section 2400.6 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.15 - Classification guides.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Classification guides. 2400.15 Section 2400.15 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.6 - Classification levels.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Classification levels. 2400.6 Section 2400.6 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.1 - Authority.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Authority. 2400.1 Section 2400.1 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General...

32 CFR 2400.34 - Classification.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Classification. 2400.34 Section 2400.34 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Foreign...

32 CFR 2400.1 - Authority.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Authority. 2400.1 Section 2400.1 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General...

32 CFR 2400.37 - Mandatory review.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Mandatory review. 2400.37 Section 2400.37 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.34 - Classification.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Classification. 2400.34 Section 2400.34 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Foreign...

32 CFR 2400.1 - Authority.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Authority. 2400.1 Section 2400.1 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General...

32 CFR 2400.34 - Classification.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Classification. 2400.34 Section 2400.34 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Foreign...

32 CFR 2400.6 - Classification levels.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Classification levels. 2400.6 Section 2400.6 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.37 - Mandatory review.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Mandatory review. 2400.37 Section 2400.37 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.1 - Authority.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Authority. 2400.1 Section 2400.1 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General...

32 CFR 2400.15 - Classification guides.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Classification guides. 2400.15 Section 2400.15 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.37 - Mandatory review.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Mandatory review. 2400.37 Section 2400.37 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.34 - Classification.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Classification. 2400.34 Section 2400.34 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Foreign...

32 CFR 2400.15 - Classification guides.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Classification guides. 2400.15 Section 2400.15 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.37 - Mandatory review.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Mandatory review. 2400.37 Section 2400.37 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.15 - Classification guides.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Classification guides. 2400.15 Section 2400.15 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.6 - Classification levels.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Classification levels. 2400.6 Section 2400.6 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.37 - Mandatory review.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Mandatory review. 2400.37 Section 2400.37 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.1 - Authority.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Authority. 2400.1 Section 2400.1 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General...

32 CFR 2400.6 - Classification levels.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Classification levels. 2400.6 Section 2400.6 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.15 - Classification guides.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Classification guides. 2400.15 Section 2400.15 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.34 - Classification.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Classification. 2400.34 Section 2400.34 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Foreign...

TANTAMOUNT TO FRAUD?: EXPLORING NON-DISCLOSURE OF GENETIC INFORMATION IN LIFE INSURANCE APPLICATIONS AS GROUNDS FOR POLICY RESCISSION.

PubMed

Prince, Anya E R

2016-01-01

Many genetic counselors recommend that individuals secure desired insurance policies, such as life insurance, prior to undergoing predictive genetic testing. It has been argued, however, that this practice is "tantamount to fraud" and that failure to disclose genetic test results, or conspiring to secure a policy before testing, opens an individual up to legal recourse. This debate traps affected individuals in a Catch-22. If they apply for life insurance and disclose a genetic test result, they may be denied. If they apply without disclosing the information, they may have committed fraud. The consequences of life insurance fraud are significant: If fraud is found on an application, a life insurer can rescind the policy, in some cases even after the individual has passed away. Such a rescission could leave family members or beneficiaries without the benefits of the life insurance policy payment after the individual's death and place them in in economic difficulty. Although it is clear that lying in response to a direct question about genetic testing would be tantamount to fraud, few, if any, life insurance applications currently include broad questions about genetic testing. This paper investigates whether non-disclosure of unasked for genetic information constitutes fraud and explores varying types of insurance questions that could conceivably be interpreted as seeking genetic information. Life insurance applicants generally have no duty to disclose unasked for information, including genetic information, on an application. However, given the complexities of genetic information, individuals may be exposed to fraud and rescission of their life insurance policy despite honest attempts to truthfully and completely answer all application questions.

75 FR 11207 - Policy Statement on Obtaining and Retaining Beneficial Ownership Information for Anti-Money...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-10

... Retaining Beneficial Ownership Information for Anti-Money Laundering Purposes AGENCY: Securities and...-money laundering purposes. DATES: Effective Date: March 5, 2010. FOR FURTHER INFORMATION CONTACT... retaining beneficial ownership information for anti-money laundering purposes. This guidance is being issued...

A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms

NASA Astrophysics Data System (ADS)

Hassan, Ahmed A.; Bahgat, Waleed M.

2010-01-01

Security policies have different components; firewall, active directory, and IDS are some examples of these components. Enforcement of network security policies to low level security mechanisms faces some essential difficulties. Consistency, verification, and maintenance are the major ones of these difficulties. One approach to overcome these difficulties is to automate the process of translation of high level security policy into low level security mechanisms. This paper introduces a framework of an automation process that translates a high level security policy into low level security mechanisms. The framework is described in terms of three phases; in the first phase all network assets are categorized according to their roles in the network security and relations between them are identified to constitute the network security model. This proposed model is based on organization based access control (OrBAC). However, the proposed model extend the OrBAC model to include not only access control policy but also some other administrative security policies like auditing policy. Besides, the proposed model enables matching of each rule of the high level security policy with the corresponding ones of the low level security policy. Through the second phase of the proposed framework, the high level security policy is mapped into the network security model. The second phase could be considered as a translation of the high level security policy into an intermediate model level. Finally, the intermediate model level is translated automatically into low level security mechanism. The paper illustrates the applicability of proposed approach through an application example.

32 CFR 299.5 - Procedures.

Code of Federal Regulations, 2013 CFR

2013-07-01

... PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICE (NSA/CSS) FREEDOM OF INFORMATION ACT PROGRAM § 299.5 Procedures. (a) Requests for copies of records of the NSA/CSS shall be delivered to the Director... Director of Policy, if so designated, shall endeavor to respond to a direct request to NSA/CSS within 20...

32 CFR 299.5 - Procedures.

Code of Federal Regulations, 2012 CFR

2012-07-01

... PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICE (NSA/CSS) FREEDOM OF INFORMATION ACT PROGRAM § 299.5 Procedures. (a) Requests for copies of records of the NSA/CSS shall be delivered to the Director... Director of Policy, if so designated, shall endeavor to respond to a direct request to NSA/CSS within 20...

Annual Report and Crime Summary, 1992.

ERIC Educational Resources Information Center

Johnson County Community Coll., Overland Park, KS. Dept. of Safety and Security.

In accordance with the Student Right-to-Know and Campus Security Act of 1990, the Safety and Security Department of Johnson County Community College (JCCC), in Kansas, prepared this report providing information on crime statistics and departmental policies. Introductory sections of the annual report feature an overview of the department's mission,…

Identifying the Enemy: Social Categorization and National Security Policy

ERIC Educational Resources Information Center

Unsworth, Kristene

2010-01-01

This dissertation seeks to understand the interplay between informal articulations of social categories and formal instantiations of those categories in official language. Specifically, it explores the process of social categorization as it is used to identify threats to national security. The research employed a qualitative, document-based,…

77 FR 64120 - Agency Information Collection Activities: Petition for CNMI-Only Nonimmigrant Transition Worker...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-18

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services [OMB Control Number 1615.... SUMMARY: The Department of Homeland Security (DHS), U.S. Citizenship and Immigration Services (USCIS) will... Coordination Division, Office of Policy and Strategy, U.S. Citizenship and Immigration Services, Department of...

77 FR 55484 - Agency Information Collection Activities: Request to Enforce Affidavit of Financial Support and...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-10

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services [OMB Control Number 1615... Security (DHS), U.S. Citizenship and Immigration Services (USCIS) will be submitting the following... Coordination Division, Office of Policy and Strategy, U.S. Citizenship and Immigration Services, Department of...

Dynamic and adaptive policy models for coalition operations

NASA Astrophysics Data System (ADS)

Verma, Dinesh; Calo, Seraphin; Chakraborty, Supriyo; Bertino, Elisa; Williams, Chris; Tucker, Jeremy; Rivera, Brian; de Mel, Geeth R.

2017-05-01

It is envisioned that the success of future military operations depends on the better integration, organizationally and operationally, among allies, coalition members, inter-agency partners, and so forth. However, this leads to a challenging and complex environment where the heterogeneity and dynamism in the operating environment intertwines with the evolving situational factors that affect the decision-making life cycle of the war fighter. Therefore, the users in such environments need secure, accessible, and resilient information infrastructures where policy-based mechanisms adopt the behaviours of the systems to meet end user goals. By specifying and enforcing a policy based model and framework for operations and security which accommodates heterogeneous coalitions, high levels of agility can be enabled to allow rapid assembly and restructuring of system and information resources. However, current prevalent policy models (e.g., rule based event-condition-action model and its variants) are not sufficient to deal with the highly dynamic and plausibly non-deterministic nature of these environments. Therefore, to address the above challenges, in this paper, we present a new approach for policies which enables managed systems to take more autonomic decisions regarding their operations.

How ISO/IEC 17799 can be used for base lining information assurance among entities using data mining for defense, homeland security, commercial, and other civilian/commercial domains

NASA Astrophysics Data System (ADS)

Perry, William G.

2006-04-01

One goal of database mining is to draw unique and valid perspectives from multiple data sources. Insights that are fashioned from closely-held data stores are likely to possess a high degree of reliability. The degree of information assurance comes into question, however, when external databases are accessed, combined and analyzed to form new perspectives. ISO/IEC 17799, Information technology-Security techniques-Code of practice for information security management, can be used to establish a higher level of information assurance among disparate entities using data mining in the defense, homeland security, commercial and other civilian/commercial domains. Organizations that meet ISO/IEC information security standards have identified and assessed risks, threats and vulnerabilities and have taken significant proactive steps to meet their unique security requirements. The ISO standards address twelve domains: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management and business continuity management and compliance. Analysts can be relatively confident that if organizations are ISO 17799 compliant, a high degree of information assurance is likely to be a characteristic of the data sets being used. The reverse may be true. Extracting, fusing and drawing conclusions based upon databases with a low degree of information assurance may be wrought with all of the hazards that come from knowingly using bad data to make decisions. Using ISO/IEC 17799 as a baseline for information assurance can help mitigate these risks.

International Security Institutions, Domestic Politics, and Institutional Legitimacy

ERIC Educational Resources Information Center

Chapman, Terrence L.

2007-01-01

Scholars have devoted considerable attention to the informational role of international institutions. However, several questions about the informational aspects of institutional behavior remain underexplored: What determines how audiences respond to institutional decisions? Through what channels does information provision affect foreign policy? To…

76 FR 10384 - Agency Information Collection Activities: Regulation on Agency Protests

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-24

... Protests AGENCY: Office of Chief Procurement Officer, Acquisition Policy and Legislation Office, DHS... Department of Homeland Security, Office of Chief Procurement Officer, Acquisition Policy and Legislation... comments were received by DHS. DHS would also like to correct the Total Burden Cost (capital/startup): $4...

32 CFR 1285.2 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... information concerning the activities of its Government. DLA policy is to conduct its activities in an open... activities in an open manner consistent with the need for security and adherence to other requirements of law..., where a public reading room also serves as an activity's library, restricted publications may be...

32 CFR 1285.2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... information concerning the activities of its Government. DLA policy is to conduct its activities in an open... activities in an open manner consistent with the need for security and adherence to other requirements of law..., where a public reading room also serves as an activity's library, restricted publications may be...

32 CFR 2400.35 - Duration of classification.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Duration of classification. 2400.35 Section 2400.35 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY...

32 CFR 2400.11 - Duration of classification.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Duration of classification. 2400.11 Section 2400.11 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY...

32 CFR 2400.4 - Atomic Energy Material.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Atomic Energy Material. 2400.4 Section 2400.4 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.11 - Duration of classification.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Duration of classification. 2400.11 Section 2400.11 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY...

32 CFR 2400.4 - Atomic Energy Material.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Atomic Energy Material. 2400.4 Section 2400.4 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.35 - Duration of classification.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Duration of classification. 2400.35 Section 2400.35 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY...

32 CFR 2400.35 - Duration of classification.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Duration of classification. 2400.35 Section 2400.35 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY...

32 CFR 2400.10 - Presumption of damage.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Presumption of damage. 2400.10 Section 2400.10 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.10 - Presumption of damage.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Presumption of damage. 2400.10 Section 2400.10 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.11 - Duration of classification.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Duration of classification. 2400.11 Section 2400.11 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY...

32 CFR 2400.10 - Presumption of damage.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Presumption of damage. 2400.10 Section 2400.10 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.35 - Duration of classification.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Duration of classification. 2400.35 Section 2400.35 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY...

32 CFR 2400.4 - Atomic Energy Material.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Atomic Energy Material. 2400.4 Section 2400.4 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.10 - Presumption of damage.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Presumption of damage. 2400.10 Section 2400.10 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.11 - Duration of classification.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Duration of classification. 2400.11 Section 2400.11 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY...

32 CFR 2400.4 - Atomic Energy Material.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Atomic Energy Material. 2400.4 Section 2400.4 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.10 - Presumption of damage.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Presumption of damage. 2400.10 Section 2400.10 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.4 - Atomic Energy Material.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Atomic Energy Material. 2400.4 Section 2400.4 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM...

32 CFR 2400.35 - Duration of classification.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Duration of classification. 2400.35 Section 2400.35 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY...

32 CFR 2400.11 - Duration of classification.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Duration of classification. 2400.11 Section 2400.11 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY...

78 FR 17471 - Privacy Act of 1974

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-21

... (TIN), Address, Tax Return/Account Information IV. Electronic transmission specifics such as sender's... unclassified (SBU) information that is being transmitted in violation of IRS security policy that requires an...] IV. Information Return Master File (IRMF) [Treasury/IRS 22.061] V. CADE Individual Master File (IMF...

Survey of Collaboration Technologies in Multi-level Security Environments

DTIC Science & Technology

2014-04-28

infrastructure or resources. In this research program, the security implications of the US Air Force GeoBase (the US The problem is that in many cases...design structure. ORA uses a Java interface for ease of use, and a C++ computational backend . The current version ORA1.2 software is available on the...information: culture, policy, governance, economics and resources, and technology and infrastructure . This plan, the DoD Information Sharing

12 CFR 12.7 - Securities trading policies and procedures.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 12 Banks and Banking 1 2014-01-01 2014-01-01 false Securities trading policies and procedures. 12... RECORDKEEPING AND CONFIRMATION REQUIREMENTS FOR SECURITIES TRANSACTIONS § 12.7 Securities trading policies and procedures. (a) Policies and procedures; reports of securities trading. A national bank effecting securities...

12 CFR 12.7 - Securities trading policies and procedures.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 1 2013-01-01 2013-01-01 false Securities trading policies and procedures. 12... RECORDKEEPING AND CONFIRMATION REQUIREMENTS FOR SECURITIES TRANSACTIONS § 12.7 Securities trading policies and procedures. (a) Policies and procedures; reports of securities trading. A national bank effecting securities...

12 CFR 12.7 - Securities trading policies and procedures.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 12 Banks and Banking 1 2012-01-01 2012-01-01 false Securities trading policies and procedures. 12... RECORDKEEPING AND CONFIRMATION REQUIREMENTS FOR SECURITIES TRANSACTIONS § 12.7 Securities trading policies and procedures. (a) Policies and procedures; reports of securities trading. A national bank effecting securities...

A Framework for Resilient Remote Monitoring

DTIC Science & Technology

2014-08-01

of low-level observables are availa- ble, audited , and recorded. This establishes the need for a re- mote monitoring framework that can integrate with...Security, WS-Policy, SAML, XML Signature, and XML Encryption. Pearson Higher Education, 2004. [3] OMG, “Common Secure Interoperability Protocol...www.darpa.mil/Our_Work/I2O/Programs/Integrated_Cyb er_Analysis_System_%28ICAS%29.aspx. [8] D. Miller and B. Pearson , Security information and event man

48 CFR 1032.7002 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

... classified information or national security; (b) Where a contract otherwise requires the electronic... process electronic payment submissions through the Treasury Internet Payment Platform or successor system...

Text messaging to communicate with public health audiences: how the HIPAA Security Rule affects practice.

PubMed

Karasz, Hilary N; Eiden, Amy; Bogan, Sharon

2013-04-01

Text messaging is a powerful communication tool for public health purposes, particularly because of the potential to customize messages to meet individuals' needs. However, using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is written with flexibility to account for changing technologies. In practice, however, the rule leads to uncertainty about how to make text messaging policy decisions. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule.

What if? The one question every administrator should ask. Use HIPAA rules as a blueprint for broader safety, security.

PubMed

Redling, Bob

2007-08-01

Are you doing enough to control security and privacy at your practice? Could you cope if your organization suffered a disaster that destroyed facilities, business documents and patient records? Although Health Insurance Portability and Accountability Act (HIPAA) security and privacy rules focus on patient health information, they also point the way to a more comprehensive approach to managing risk. By using HIPAA rules as a blueprint, you can design policies and procedures to address everything from safeguarding financial information to protecting the personal safety of patients, physicians and staff.

Hyperproperties

DTIC Science & Technology

2016-01-14

hyperproperty and a liveness hyperproperty. A verification technique for safety hyperproperties is given and is shown to generalize prior tech- niques for...liveness properties are affiliated with specific verification methods. An analogous theory for security policies would be appealing. The fact that security...verified by using invariance arguments. Our verification methodology generalizes prior work on using invariance arguments to verify information-flow

75 FR 28672 - Bureau of International Security and Nonproliferation; Lifting of Nonproliferation Measures...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-21

...: Effective Date: May 21, 2010. FOR FURTHER INFORMATION CONTACT: Pamela K. Durham, Office of Missile Threat... in the foreign policy or national security interests of the United States to remove the restrictions..., their sub-units and successors: 1. D. Mendeleyev University of Chemical Technology of Russia 2. Moscow...

77 FR 50521 - Agency Information Collection Activities: Under Section 245A of the INA, Form I-687; Extension...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-21

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services [OMB Control Number 1615... Homeland Security (DHS), U.S. Citizenship and Immigration Services (USCIS) will be submitting the following... Coordination Division, Office of Policy and Strategy, U.S. Citizenship and Immigration Services, Department of...

Health Information Security in Hospitals: the Application of Security Safeguards.

PubMed

Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

2016-02-01

A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

Theft of information in the take-grant protection model

NASA Technical Reports Server (NTRS)

Bishop, Matt

1989-01-01

Questions of information flow are in many ways more important than questions of access control, because the goal of many security policies is to thwart the unauthorized release of information, not merely the illicit obtaining of access rights to that information. The Take-Grant Protection Model is a theoretical tool for examining such issues because conditions necessary and sufficient for information to flow between two objects, and for rights to objects to be obtained or stolen, are known. These results are extended by examining the question of information flow from an object the owner of which is unwilling to release that information. Necessary and sufficient conditions for such theft of information to occur are derived, and bounds on the number of subjects that must take action for the theft to occur are presented. To emphasize the usefulness of these results, the security policies of complete isolation, transfer of rights with the cooperation of an owner, and transfer of information (but not rights) with the cooperation of the owner are presented; the last is used to model a simple reference monitor guarding a resource.

Technology and Policy: Looking to the Future

NASA Astrophysics Data System (ADS)

Sylvester, Kory

2009-05-01

As the proper scope and nature of arms control continues to be debated, it is certain that technical capabilities and advice will play a significant role. While national priorities and strategic objectives and broader perspectives of international security and foreign policy will ultimately dictate, technical expertise and assessment is critical to the identification, development and evaluation of alternatives. Strategic linkages between arms control, nonproliferation, and homeland security have perhaps never been so intertwined. Incomplete information and strongly held but disparate views about the potential of science and technology to amplify threats as readily as they mitigate them creates a highly dynamic environment for policymakers. To contribute meaningfully scientists and engineers will have to remain engaged with national security debates and think about the strategic and policy environment in which technical questions are posed to them, and how to identify and frame the important questions that aren't.

15 CFR 742.15 - Encryption items.

Code of Federal Regulations, 2011 CFR

2011-01-01

... information of the public and private sector is protected. Consistent with our international obligations as a... information, and thereby may be used by persons abroad to harm U.S. national security, foreign policy and law... encryption hardware, are controlled because of this functional capacity to encrypt information, and not...

Living with nuclear weapons

DOE Office of Scientific and Technical Information (OSTI.GOV)

Carnesale, A.; Doty, P.; Hoffmann, S.

1983-01-01

At Harvard President Derek Bok's request, six Harvard professors explain nuclear arms issues to help citizens understand all sides of the national security debates. The goal is to encourage public participation in policy formulation. The book emphasizes that escapism will not improve security; that idealistic plans to eliminate nuclear weapons are a form of escapism. Learning to live with nuclear weapons, they suggest, requires an understanding of the current nuclear predicament and the implications of alternative weapons and policy choices. After reviewing these matters, they emphasize that informed persons will continue to disagree, but that knowledge will improve understanding andmore » appreciation of their differences and improve the quality of policy debates. 54 references, 5 figures, 2 tables. (DCK)« less

Security of electronic medical information and patient privacy: what you need to know.

PubMed

Andriole, Katherine P

2014-12-01

The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.

Food Security, Decision Making and the Use of Remote Sensing in Famine Early Warning Systems

NASA Technical Reports Server (NTRS)

Brown, Molly E.

2008-01-01

Famine early warning systems use remote sensing in combination with socio-economic and household food economy analysis to provide timely and rigorous information on emerging food security crises. The Famine Early Warning Systems Network (FEWS NET) is the US Agency for International Development's decision support system in 20 African countries, as well as in Guatemala, Haiti and Afghanistan. FEWS NET provides early and actionable policy guidance for the US Government and its humanitarian aid partners. As we move into an era of climate change where weather hazards will become more frequent and severe, understanding how to provide quantitative and actionable scientific information for policy makers using biophysical data is critical for an appropriate and effective response.

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing

PubMed Central

Měsíček, Libor; Choi, Jongsun

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely. PMID:29796233

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing.

PubMed

Ko, Hoon; Měsíček, Libor; Choi, Jongsun; Hwang, Seogchan

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely.

Clinicians, security and information technology support services in practice settings--a pilot study.

PubMed

Fernando, Juanita

2010-01-01

This case study of 9 information technology (IT) support staff in 3 Australian (Victoria) public hospitals juxtaposes their experiences at the user-level of eHealth security in the Natural Hospital Environment with that previously reported by 26 medical, nursing and allied healthcare clinicians. IT support responsibilities comprised the entire hospital, of which clinician eHealth security needs were only part. IT staff believed their support tasks were often fragmented while work responsibilities were hampered by resources shortages. They perceived clinicians as an ongoing security risk to private health information. By comparison clinicians believed IT staff would not adequately support the private and secure application of eHealth for patient care. Preliminary data analysis suggests the tension between these cohorts manifests as an eHealth environment where silos of clinical work are disconnected from silos of IT support work. The discipline-based silos hamper health privacy outcomes. Privacy and security policies, especially those influencing the audit process, will benefit by further research of this phenomenon.

75 FR 41142 - Proposed Information Collection; Comment Request; Report of Requests for Restrictive Trade...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-15

... information is also used to identify trends in such boycott activity and to assist in carrying out U.S. policy... information technology. Comments submitted in response to this notice will be summarized and/or included in... DEPARTMENT OF COMMERCE Bureau of Industry and Security Proposed Information Collection; Comment...

32 CFR 216.2 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-07-01

... service in the Department of Homeland Security. The policies herein also affect the Departments of... and Health Review Commission, the National Commission on Libraries and Information Science, the...

32 CFR 2001.51 - Technical security.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Surveillance Countermeasures and TEMPEST necessary to detect or deter exploitation of classified information..., TEMPEST Countermeasures for Facilities, and SPB Issuance 6-97, National Policy on Technical Surveillance...

32 CFR 2001.51 - Technical security.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Surveillance Countermeasures and TEMPEST necessary to detect or deter exploitation of classified information..., TEMPEST Countermeasures for Facilities, and SPB Issuance 6-97, National Policy on Technical Surveillance...

32 CFR 2001.51 - Technical security.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Surveillance Countermeasures and TEMPEST necessary to detect or deter exploitation of classified information..., TEMPEST Countermeasures for Facilities, and SPB Issuance 6-97, National Policy on Technical Surveillance...

32 CFR 2001.51 - Technical security.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Surveillance Countermeasures and TEMPEST necessary to detect or deter exploitation of classified information..., TEMPEST Countermeasures for Facilities, and SPB Issuance 6-97, National Policy on Technical Surveillance...

32 CFR 2001.51 - Technical security.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Surveillance Countermeasures and TEMPEST necessary to detect or deter exploitation of classified information..., TEMPEST Countermeasures for Facilities, and SPB Issuance 6-97, National Policy on Technical Surveillance...

Information security: where computer science, economics and psychology meet.

PubMed

Anderson, Ross; Moore, Tyler

2009-07-13

Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.

Federally funded sterilization: time to rethink policy?

PubMed

Borrero, Sonya; Zite, Nikki; Creinin, Mitchell D

2012-10-01

In the 1970s, concern about coercive sterilization of low-income and minority women in the United States led the US Department of Health, Education, and Welfare to create strict regulations for federally funded sterilization procedures. Although these policies were instituted to secure informed consent and protect women from involuntary sterilization, there are significant data indicating that these policies may not, in fact, ensure that consent is truly informed and, further, may prevent many low-income women from getting a desired sterilization procedure. Given the alarmingly high rates of unintended pregnancy in the United States, especially among low-income populations, we feel that restrictive federal sterilization policies should be reexamined and modified to simultaneously ensure informed decision-making and honor women's reproductive choices.

Federally Funded Sterilization: Time to Rethink Policy?

PubMed Central

Zite, Nikki; Creinin, Mitchell D.

2012-01-01

In the 1970s, concern about coercive sterilization of low-income and minority women in the United States led the US Department of Health, Education, and Welfare to create strict regulations for federally funded sterilization procedures. Although these policies were instituted to secure informed consent and protect women from involuntary sterilization, there are significant data indicating that these policies may not, in fact, ensure that consent is truly informed and, further, may prevent many low-income women from getting a desired sterilization procedure. Given the alarmingly high rates of unintended pregnancy in the United States, especially among low-income populations, we feel that restrictive federal sterilization policies should be reexamined and modified to simultaneously ensure informed decision-making and honor women’s reproductive choices. PMID:22897531

Safe teleradiology: information assurance as project planning methodology

NASA Astrophysics Data System (ADS)

Collmann, Jeff R.; Alaoui, Adil; Nguyen, Dan; Lindisch, David

2003-05-01

This project demonstrates use of OCTAVE, an information security risk assessment method, as an approach to the safe design and planning of a teleradiology system. By adopting this approach to project planning, we intended to provide evidence that including information security as an intrinsic component of project planning improves information assurance and that using information assurance as a planning tool produces and improves the general system management plan. Several considerations justify this approach to planning a safe teleradiology system. First, because OCTAVE was designed as a method for retrospectively assessing and proposing enhancements for the security of existing information management systems, it should function well as a guide to prospectively designing and deploying a secure information system such as teleradiology. Second, because OCTAVE provides assessment and planning tools for use primarily by interdisciplinary teams from user organizations, not consultants, it should enhance the ability of such teams at the local level to plan safe information systems. Third, from the perspective of sociological theory, OCTAVE explicitly attempts to enhance organizational conditions identified as necessary to safely manage complex technologies. Approaching information system design from the perspective of information security risk management proactively integrates health information assurance into a project"s core. This contrasts with typical approaches that perceive "security" as a secondary attribute to be "added" after designing the system and with approaches that identify information assurance only with security devices and user training. The perspective of health information assurance embraces so many dimensions of a computerized health information system"s design that one may successfully deploy a method for retrospectively assessing information security risk as a prospective planning tool. From a sociological perspective, this approach enhances the general conditions as well as establishes specific policies and procedures for reliable performance of health information assurance.

Leveraging Trade Agreements to Meet U.S. Security Aims

DTIC Science & Technology

2016-04-08

TO MEET U.S. SECURITY AIMS 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) Sd. PROJECT NUMBER LTC Allysa A. Kropp (USARNG) Se. TASK NUMBER 5f...Sanctions Programs and Country Information,” under “Resource Center, Financial Sanctions, Programs ,” https’.//wwiv.treasurv.gov/resource center/sanctions... Program , and economic integration of former adversaries through U.S. trade policy.7 In the National Security Strategy, President Obama underscored the

21 CFR 1301.91 - Employee responsibility to report drug diversion.

Code of Federal Regulations, 2010 CFR

2010-04-01

... diversion from his employer by a fellow employee has an obligation to report such information to a responsible security official of the employer. The employer shall treat such information as confidential and.... The employer shall inform all employees concerning this policy. [40 FR 17143, Apr. 17, 1975] ...

Exploring Public Health's roles and limitations in advancing food security in British Columbia.

PubMed

Seed, Barbara A; Lang, Tim M; Caraher, Martin J; Ostry, Aleck S

2014-07-22

This research analyzes the roles and limitations of Public Health in British Columbia in advancing food security through the integration of food security initiatives into its policies and programs. It asks the question, can Public Health advance food security? If so, how, and what are its limitations? This policy analysis merges findings from 38 key informant interviews conducted with government and civil society stakeholders involved in the development of food security initiatives, along with an examination of relevant documents. The Population Health Template is used to delineate and analyze Public Health roles in food security. Public Health was able to advance food security in some ways, such as the adoption of food security as a core public health program. Public Health's leadership role in food security is constrained by a restricted mandate, limited ability to collaborate across a wide range of sectors and levels, as well as internal conflict within Public Health between Food Security and Food Protection programs. Public Health has a role in advancing food security, but it also faces limitations. As the limitations are primarily systemic and institutional, recommendations to overcome them are not simple but, rather, require movement toward embracing the determinants of health and regulatory pluralism. The results also suggest that the historic role of Public Health in food security remains salient today.

78 FR 41959 - State, Local, Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC); Notice of Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-12

...] State, Local, Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC); Notice of Meeting AGENCY... Classified National Security Information Program for State, Local, Tribal, and Private Sector Entities. FOR..., announcement is made for the following committee meeting. Name of Committee: State, Local, Tribal, and Private...

Operating Policies and Procedures of Computer Data-Base Systems.

ERIC Educational Resources Information Center

Anderson, David O.

Speaking on the operating policies and procedures of computer data bases containing information on students, the author divides his remarks into three parts: content decisions, data base security, and user access. He offers nine recommended practices that should increase the data base's usefulness to the user community: (1) the cost of developing…

Community College Contributions. Executive Summary. Policy Brief 2013-01PB

ERIC Educational Resources Information Center

Mullin, Christopher M.; Phillippe, Kent

2013-01-01

This executive summary provides background information on unemployment rates, the need for new jobs, and the role community colleges have in securing opportunities for a stronger middle class and more prosperous nation. The summary is the introduction to the "Community College Contributions. Policy Brief 2013-01PB." [For the full report,…

77 FR 33522 - Self-Regulatory Organizations; Financial Industry Regulatory Authority, Inc.; Notice of Filing of...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-06

... transaction to customers who then trade on the basis of the information. The Front Running Policy is limited... member receives a customer's block order relating to both an option or security future and the underlying security and the member, in furtherance of facilitating the customer's block order, positions the other...

34 CFR 303.522 - Identification and coordination of resources.

Code of Federal Regulations, 2011 CFR

2011-07-01

... information on the funding sources in paragraph (a)(1) of this section, if a legislative or policy change is... include— (1) Title V of the Social Security Act (relating to Maternal and Child Health); (2) Title XIX of the Social Security Act (relating to the general Medicaid Program, and EPSDT); (3) The Head Start Act...

Development and Analysis of Security Policies in Security Enhanced Android

DTIC Science & Technology

2012-12-01

Privilege - Escalation Attacks on Android ,” Proc. 19th Annual...Services, Bethesda, MD, 2011, pp. 239–252. 98 [43] L. Davi, et al. “ Privilege Escalation Attacks on Android ,” Proc. 13th Int. Conf. on Information...TaintDroid. XManDroid dynamically analyzes applications’ transitive permission usage in order to prevent application-level privilege escalation attacks

34 CFR 303.522 - Identification and coordination of resources.

Code of Federal Regulations, 2010 CFR

2010-07-01

... information on the funding sources in paragraph (a)(1) of this section, if a legislative or policy change is... include— (1) Title V of the Social Security Act (relating to Maternal and Child Health); (2) Title XIX of the Social Security Act (relating to the general Medicaid Program, and EPSDT); (3) The Head Start Act...

17 CFR 229.512 - (Item 512) Undertakings.

Code of Federal Regulations, 2011 CFR

2011-04-01

... INSTRUCTIONS FOR FILING FORMS UNDER SECURITIES ACT OF 1933, SECURITIES EXCHANGE ACT OF 1934 AND ENERGY POLICY... deviation from the low or high end of the estimated maximum offering range may be reflected in the form of... the registration statement is on Form S-8 (§ 239.16b of this chapter), and the information required to...

17 CFR 229.512 - (Item 512) Undertakings.

Code of Federal Regulations, 2012 CFR

2012-04-01

... INSTRUCTIONS FOR FILING FORMS UNDER SECURITIES ACT OF 1933, SECURITIES EXCHANGE ACT OF 1934 AND ENERGY POLICY... deviation from the low or high end of the estimated maximum offering range may be reflected in the form of... the registration statement is on Form S-8 (§ 239.16b of this chapter), and the information required to...

17 CFR 229.512 - (Item 512) Undertakings.

Code of Federal Regulations, 2014 CFR

2014-04-01

... INSTRUCTIONS FOR FILING FORMS UNDER SECURITIES ACT OF 1933, SECURITIES EXCHANGE ACT OF 1934 AND ENERGY POLICY... deviation from the low or high end of the estimated maximum offering range may be reflected in the form of... the registration statement is on Form S-8 (§ 239.16b of this chapter), and the information required to...

Text Messaging to Communicate With Public Health Audiences: How the HIPAA Security Rule Affects Practice

PubMed Central

Karasz, Hilary N.; Eiden, Amy; Bogan, Sharon

2013-01-01

Text messaging is a powerful communication tool for public health purposes, particularly because of the potential to customize messages to meet individuals’ needs. However, using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is written with flexibility to account for changing technologies. In practice, however, the rule leads to uncertainty about how to make text messaging policy decisions. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule. PMID:23409902

10 CFR 95.18 - Key personnel.

Code of Federal Regulations, 2011 CFR

2011-01-01

... INFORMATION AND RESTRICTED DATA Physical Security § 95.18 Key personnel. The senior management official and... Clearance. Other key management officials, as determined by the CSA, must be granted an access authorization... organization's policies or practices in the performance of activities involving classified information. This...

32 CFR 236.3 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... DEFENSE (DOD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE (CS/IA... systems. (b) Increase the Government and DIB situational awareness of the extent and severity of cyber...

32 CFR 236.3 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... DEFENSE (DOD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE (CS/IA... systems. (b) Increase the Government and DIB situational awareness of the extent and severity of cyber...

Privacy and security compliance in the E-healthcare marketplace.

PubMed

Lutes, M

2000-03-01

Complying with security and privacy regulations proposed by HHS in response to the Health Insurance Portability and Accountability Act (HIPAA) will require healthcare managers to address both internal and external business interactions and initiatives. The proposed regulations mandate certain procedures regarding administration, physical safeguards, technical security for data integrity and confidentiality, and technical security against unauthorized access. In particular, the proposed regulations require organizations to contractually ensure that vendors adhere to the regulations. Healthcare organizations also must implement training procedures for staff members who have contact with protected health information and designate a privacy officer to guard against improper disclosure of such information. Documented policies for organizational decision making are vital to an organization's efforts to implement procedures for compliance with the regulations.

Security for Telecommuting and Broadband Communications: Recommendations of the National Institute of Standards and Technology

NASA Astrophysics Data System (ADS)

Kuhn, D. R.; Tracy, Miles C.; Frankel, Sheila E.

2002-08-01

This document is intended to assist those responsible - users, system administrators, and management - for telecommuting security, by providing introductory information about broadband communication security and policy, security of home office systems, and considerations for system administrators in the central office. It addresses concepts relating to the selection, deployment, and management of broadband communications for a telecommuting user. This document is not intended to provide a mandatory framework for telecommuting or home office broadband communication environments, but rather to present suggested approaches to the topic.

Trust and Reputation Management for Critical Infrastructure Protection

NASA Astrophysics Data System (ADS)

Caldeira, Filipe; Monteiro, Edmundo; Simões, Paulo

Today's Critical Infrastructures (CI) depend of Information and Communication Technologies (ICT) to deliver their services with the required level of quality and availability. ICT security plays a major role in CI protection and risk prevention for single and also for interconnected CIs were cascading effects might occur because of the interdependencies that exist among different CIs. This paper addresses the problem of ICT security in interconnected CIs. Trust and reputation management using the Policy Based Management paradigm is the proposed solution to be applied at the CI interconnection points for information exchange. The proposed solution is being applied to the Security Mediation Gateway being developed in the European FP7 MICIE project, to allow for information exchange among interconnected CIs.

Ethics in Public Health Research

PubMed Central

Myers, Julie; Frieden, Thomas R.; Bherwani, Kamal M.; Henning, Kelly J.

2008-01-01

Public health agencies increasingly use electronic means to acquire, use, maintain, and store personal health information. Electronic data formats can improve performance of core public health functions, but potentially threaten privacy because they can be easily duplicated and transmitted to unauthorized people. Although such security breaches do occur, electronic data can be better secured than paper records, because authentication, authorization, auditing, and accountability can be facilitated. Public health professionals should collaborate with law and information technology colleagues to assess possible threats, implement updated policies, train staff, and develop preventive engineering measures to protect information. Tightened physical and electronic controls can prevent misuse of data, minimize the risk of security breaches, and help maintain the reputation and integrity of public health agencies. PMID:18382010

32 CFR 236.3 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... DEFENSE (DoD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE (CS/IA... systems. (b) Increase the Government and DIB situational awareness of the extent and severity of cyber...

Information Assurance and Forensic Readiness

NASA Astrophysics Data System (ADS)

Pangalos, Georgios; Katos, Vasilios

Egalitarianism and justice are amongst the core attributes of a democratic regime and should be also secured in an e-democratic setting. As such, the rise of computer related offenses pose a threat to the fundamental aspects of e-democracy and e-governance. Digital forensics are a key component for protecting and enabling the underlying (e-)democratic values and therefore forensic readiness should be considered in an e-democratic setting. This position paper commences from the observation that the density of compliance and potential litigation activities is monotonically increasing in modern organizations, as rules, legislative regulations and policies are being constantly added to the corporate environment. Forensic practices seem to be departing from the niche of law enforcement and are becoming a business function and infrastructural component, posing new challenges to the security professionals. Having no a priori knowledge on whether a security related event or corporate policy violation will lead to litigation, we advocate that computer forensics need to be applied to all investigatory, monitoring and auditing activities. This would result into an inflation of the responsibilities of the Information Security Officer. After exploring some commonalities and differences between IS audit and computer forensics, we present a list of strategic challenges the organization and, in effect, the IS security and audit practitioner will face.

Supporting the Information-Centric 2001 Quadrennial Defense Review: The Case for an Information Service

DTIC Science & Technology

2002-04-01

Northeast Asia and the Persian Gulf region, leaving those areas temporarily uncovered. Pitts added that “The simple truth is that America’s air ...quently grounded, again the Air Force was struck with the impact of its own narrow- minded policies . With no launch vehicle to launch the DSCS III...Realist Tradition in the United States Foreign Policy .” Lecture. Dept of International Security and Military Studies. Air Command and Staff College

Protecting the confidentiality and security of personal health information in low- and middle-income countries in the era of SDGs and Big Data.

PubMed

Beck, Eduard J; Gill, Wayne; De Lay, Paul R

2016-01-01

As increasing amounts of personal information are being collected through a plethora of electronic modalities by statutory and non-statutory organizations, ensuring the confidentiality and security of such information has become a major issue globally. While the use of many of these media can be beneficial to individuals or populations, they can also be open to abuse by individuals or statutory and non-statutory organizations. Recent examples include collection of personal information by national security systems and the development of national programs like the Chinese Social Credit System. In many low- and middle-income countries, an increasing amount of personal health information is being collected. The collection of personal health information is necessary, in order to develop longitudinal medical records and to monitor and evaluate the use, cost, outcome, and impact of health services at facility, sub-national, and national levels. However, if personal health information is not held confidentially and securely, individuals with communicable or non-communicable diseases (NCDs) may be reluctant to use preventive or therapeutic health services, due to fear of being stigmatized or discriminated against. While policymakers and other stakeholders in these countries recognize the need to develop and implement policies for protecting the privacy, confidentiality and security of personal health information, to date few of these countries have developed, let alone implemented, coherent policies. The global HIV response continues to emphasize the importance of collecting HIV-health information, recently re-iterated by the Fast Track to End AIDS by 2030 program and the recent changes in the Guidelines on When to Start Antiretroviral Therapy and on Pre-exposure Prophylaxis for HIV . The success of developing HIV treatment cascades in low- and middle-income countries will require the development of National Health Identification Systems. The success of programs like Universal Health Coverage, under the recently ratified Sustainable Development Goals is also contingent on the availability of personal health information for communicable and non-communicable diseases. Guidance for countries to develop and implement their own guidelines for protecting HIV-information formed the basis of identifying a number of fundamental principles, governing the areas of privacy, confidentiality and security. The use of individual-level data must balance maximizing the benefits from their most effective and fullest use, and minimizing harm resulting from their malicious or inadvertent release. These general principles are described in this paper, as along with a bibliography referring to more detailed technical information. A country assessment tool and user's manual, based on these principles, have been developed to support countries to assess the privacy, confidentiality, and security of personal health information at facility, data warehouse/repository, and national levels. The successful development and implementation of national guidance will require strong collaboration at local, regional, and national levels, and this is a pre-condition for the successful implementation of a range of national and global programs. This paper is a call for action for stakeholders in low- and middle-income countries to develop and implement such coherent policies and provides fundamental principles governing the areas of privacy, confidentiality, and security of personal health information being collected in low- and middle-income countries.

Semantically Enriched Data Access Policies in eHealth.

PubMed

Drozdowicz, Michał; Ganzha, Maria; Paprzycki, Marcin

2016-11-01

Internet of Things (IoT) requires novel solutions to facilitate autonomous, though controlled, resource access. Access policies have to facilitate interactions between heterogeneous entities (devices and humans). Here, we focus our attention on access control in eHealth. We propose an approach based on enriching policies, based on well-known and widely-used eXtensible Access Control Markup Language, with semantics. In the paper we describe an implementation of a Policy Information Point integrated with the HL7 Security and Privacy Ontology.

14 CFR 413.13 - Complete application.

Code of Federal Regulations, 2013 CFR

2013-01-01

... information required by this chapter, the FAA requires other information necessary for a determination that public health and safety, safety of property, and national security and foreign policy interests of the United States are protected during the conduct of a licensed or permitted activity, an applicant must...

14 CFR 413.13 - Complete application.

Code of Federal Regulations, 2012 CFR

2012-01-01

... information required by this chapter, the FAA requires other information necessary for a determination that public health and safety, safety of property, and national security and foreign policy interests of the United States are protected during the conduct of a licensed or permitted activity, an applicant must...

76 FR 46297 - HIT Policy Committee's Workgroup Meetings; Notice of Meetings

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-02

... with the Federal Health IT Strategic Plan and that includes recommendations on the areas in which... site for additional information or revised schedules as it becomes available. Contact Person: Judy...., meaningful use, information exchange, privacy and security, quality measures, governance, or adoption...

32 CFR 651.13 - Classified actions.

Code of Federal Regulations, 2011 CFR

2011-07-01

... ENVIRONMENTAL ANALYSIS OF ARMY ACTIONS (AR 200-2) National Environmental Policy Act and the Decision Process § 651.13 Classified actions. (a) For proposed actions and NEPA analyses involving classified information, AR 380-5 (Department of the Army Information Security Program) will be followed. (b) Classification...

32 CFR 651.13 - Classified actions.

Code of Federal Regulations, 2012 CFR

2012-07-01

... ENVIRONMENTAL ANALYSIS OF ARMY ACTIONS (AR 200-2) National Environmental Policy Act and the Decision Process § 651.13 Classified actions. (a) For proposed actions and NEPA analyses involving classified information, AR 380-5 (Department of the Army Information Security Program) will be followed. (b) Classification...

32 CFR 651.13 - Classified actions.

Code of Federal Regulations, 2014 CFR

2014-07-01

... ENVIRONMENTAL ANALYSIS OF ARMY ACTIONS (AR 200-2) National Environmental Policy Act and the Decision Process § 651.13 Classified actions. (a) For proposed actions and NEPA analyses involving classified information, AR 380-5 (Department of the Army Information Security Program) will be followed. (b) Classification...

32 CFR 651.13 - Classified actions.

Code of Federal Regulations, 2013 CFR

2013-07-01

... ENVIRONMENTAL ANALYSIS OF ARMY ACTIONS (AR 200-2) National Environmental Policy Act and the Decision Process § 651.13 Classified actions. (a) For proposed actions and NEPA analyses involving classified information, AR 380-5 (Department of the Army Information Security Program) will be followed. (b) Classification...

Information Security Risk Assessment in Hospitals.

PubMed

Ayatollahi, Haleh; Shagerdi, Ghazal

2017-01-01

To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

School Safety and Security Best Practices Approved by the Commissioner of Education. Information Brief. Report.

ERIC Educational Resources Information Center

Florida State Legislature, Tallahassee. Office of Program Policy Analysis and Government Accountability.

The 2001 Florida Legislature passed Ch. 2001-125, Laws of Florida, Section 40, which is often referred to as the Safe Passage Act. It requires all school districts to conduct a self-assessment of their school safety and security using best practices developed by the Office of Program Policy Analysis and Government Accountability (OPPAGA). It also…

78 FR 60335 - U.S. Global Investors, Inc., et al.; Notice of Application

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-01

... securities into, and receive securities from, the series in connection with the purchase and redemption of... with the Code of Ethics \\12\\ and Inside Information Policy of the Adviser and Sub-Advisers, personnel... Adviser has also adopted or will adopt a code of ethics pursuant to Rule 17j-1 under the Act and Rule 204A...

78 FR 37614 - Guggenheim Funds Investment Advisors, LLC, et al.; Notice of Application

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-21

... securities into, and receive securities from, the series in connection with the purchase and redemption of... of Ethics \\12\\ and Inside Information Policy of the Adviser and Sub- Advisers, personnel of those... adopted or will adopt a code of ethics pursuant to Rule 17j-1 under the Act and Rule 204A-1 under the...

12 CFR 344.8 - Securities trading policies and procedures.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 12 Banks and Banking 4 2011-01-01 2011-01-01 false Securities trading policies and procedures. 344.8 Section 344.8 Banks and Banking FEDERAL DEPOSIT INSURANCE CORPORATION REGULATIONS AND STATEMENTS... Securities trading policies and procedures. (a) Policies and procedures. Every bank effecting securities...

12 CFR 344.8 - Securities trading policies and procedures.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 5 2013-01-01 2013-01-01 false Securities trading policies and procedures. 344.8 Section 344.8 Banks and Banking FEDERAL DEPOSIT INSURANCE CORPORATION REGULATIONS AND STATEMENTS... Securities trading policies and procedures. (a) Policies and procedures. Every bank effecting securities...

12 CFR 344.8 - Securities trading policies and procedures.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 12 Banks and Banking 5 2014-01-01 2014-01-01 false Securities trading policies and procedures. 344.8 Section 344.8 Banks and Banking FEDERAL DEPOSIT INSURANCE CORPORATION REGULATIONS AND STATEMENTS... Securities trading policies and procedures. (a) Policies and procedures. Every bank effecting securities...

12 CFR 344.8 - Securities trading policies and procedures.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 12 Banks and Banking 5 2012-01-01 2012-01-01 false Securities trading policies and procedures. 344.8 Section 344.8 Banks and Banking FEDERAL DEPOSIT INSURANCE CORPORATION REGULATIONS AND STATEMENTS... Securities trading policies and procedures. (a) Policies and procedures. Every bank effecting securities...

12 CFR 344.8 - Securities trading policies and procedures.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 4 2010-01-01 2010-01-01 false Securities trading policies and procedures. 344.8 Section 344.8 Banks and Banking FEDERAL DEPOSIT INSURANCE CORPORATION REGULATIONS AND STATEMENTS... Securities trading policies and procedures. (a) Policies and procedures. Every bank effecting securities...

E-Commerce and Security Governance in Developing Countries

NASA Astrophysics Data System (ADS)

Sanayei, Ali.; Rajabion, Lila

Security is very often mentioned as one of the preconditions for the faster growth of e-commerce. Without a secure and reliable internet, customer will continue to be reluctant to provide confidential information online, such as credit card number. Moreover, organizations of all types and sizes around the world rely heavily on technologies of electronic commerce (e-commerce) for conducting their day-to-day business transaction. Providing organizations with a secure e-commerce environment is a major issue and challenging one especially in Middle Eastern countries. Without secure e-commerce, it is almost impossible to take advantage of the opportunities offered by e-commerce technologies. E-commerce can create opportunities for small entrepreneurs in Middle Eastern countries. This requires removing infrastructure blockages in telecommunications and logistics alongside the governance of e-commerce with policies on consumer protection, security of transactions, privacy of records and intellectual property. In this paper, we will explore the legal implications of e-commerce security governance by establishing who is responsible for ensuring compliance with this discipline, demonstrating the value to be derived from information security governance, the methodology of applying information security governance, and liability for non-compliance with this discipline. Our main focus will be on analyzing the importance and implication of e-commerce security governance in developing countries.

Department of the Navy For Policy

Science.gov Websites

Policy DEPARTMENT OF THE NAVY For Policy Search this site... Search Policy Security Skip navigation links Security Expand Security Deputy Under Secretary of the Navy (Policy) Roles and Responsibilities: - Policy Page Content Deputy Under Secretary of the Navy (Policy) Roles and Responsibilities: Enterprise OPM

DoDs Policies, Procedures, and Practices for Information Security Management of Covered Systems (REDACTED)

DTIC Science & Technology

2016-08-15

this report in response to the requirements of the Cybersecurity Act of 2015, section 406, December 18 , 2015. Results The DoD has policies, procedures...Inspector General prepared this report in response to the requirements of the Cybersecurity Act of 2015, section 406, December 18 , 2015. See Appendix...December 18 , 2015, and includes a requirement for Federal Inspectors General to generate a report describing agency policies, procedures, and

32 CFR Appendix A to Part 806 - References

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Department of Defense (Continued) DEPARTMENT OF THE AIR FORCE ADMINISTRATION AIR FORCE FREEDOM OF..., Air Force Security and Policy Review Program AFI 36-2603, Air Force Board for Correction of Military... Responsibility AFI 36-2907, Unfavorable Information File (UIF) Program AFPD 37-1, Air Force Information...

32 CFR Appendix A to Part 806 - References

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Department of Defense (Continued) DEPARTMENT OF THE AIR FORCE ADMINISTRATION AIR FORCE FREEDOM OF..., Air Force Security and Policy Review Program AFI 36-2603, Air Force Board for Correction of Military... Responsibility AFI 36-2907, Unfavorable Information File (UIF) Program AFPD 37-1, Air Force Information...

77 FR 26815 - Agency Information Collection Activities: Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-07

... submitted to the Office of Management and Budget (OMB) for review, as required by the Paperwork Reduction..., non-profit institutions, businesses, or other for-profit. Small Businesses or Organizations Affected... that of TVA's salary policy employees. Michael T. Tallent, Director, Enterprise Information Security...

A game-theoretical approach to multimedia social networks security.

PubMed

Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

2014-01-01

The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders.

A Game-Theoretical Approach to Multimedia Social Networks Security

PubMed Central

Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

2014-01-01

The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders. PMID:24977226

Leadership Matters: Prime Minister Koizumi’s Role in the Normalization of Japan’s Post-9/11 Security Policy

DTIC Science & Technology

2008-12-01

normalization of Japan’s post-9/11 security policy and discuss why it took his specific brand of leadership to allow Japan’s security policy to...security policy and discuss why it took his specific brand of leadership to allow Japan’s security policy to expand. vi THIS PAGE INTENTIONALLY LEFT...performance will demonstrate that institutional reasons alone will not make the position of prime minister stronger or more effective . The literature

The Climate Disruption Challenge for Water Security in a Growing World

NASA Astrophysics Data System (ADS)

Paxton, L. J.; Nix, M.; Ihde, A.; MacDonald, L. H.; Parker, C.; Schaefer, R. K.; Weiss, M.; Babin, S. M.; Swartz, W. H.; Schloman, J.

2012-12-01

Climate disruption, the increasingly large and erratic departures of weather and climate from the benign conditions of the last one hundred years, is the greatest challenge to the long-term stability of world governments. Population growth, food and water security, energy supplies, and economic factors are, to some degree, within the control of governance and policy and all of these are impacted by climate disruption. Climate disruption, on the other hand, is not amenable to direct modification on the short timescales that commonly dictate governmental policy and human response. Global average temperatures will continue to increase even if there were immediate, profound changes in emission scenarios. Policy makers are faced with the very practical and immediate problem of determining what can one reasonably do to ameliorate the impact of climate disruption. The issue from a policy viewpoint is: how does one make effective policy when faced with a situation in which there are varied viewpoints in competition. How does one establish a consensus for action? What information "speaks" to policy makers? Water security is one such issue and provides an important, immediate, and tangible device to use when we examine how one can determine what policies can be effectively pursued. The Global Assimilation of Information for Action (GAIA) project creates a support environment to address the impact of climate disruption on global, national, regional, and/or local interests. The basic research community is concerned with the scientific aspects of predicting climate change in terms of environmental parameters such as rainfall, temperature and humidity while decision makers must deal with planning for a world that may be very different from the one we have grown accustomed to. Decision makers must deal with the long-term impacts on public health, agriculture, economic productivity, security, extreme weather, etc in an environment that has come to focus on short-term issues. To complicate matters, the information available from the climate studies community is couched in terms of model projections with "uncertainties" and a choice of emission scenarios that are often expressed in terms of the results of computer simulations and model output. GAIA develops actionable information and explores the interactions of policy and practice. Part of this framework is the development of "games". These realistic games include the elements of both agent-based and role simulation games in which subject matter experts interact in a realistic scenario to explore courses of action and their outcomes based on realistic, projected environments. We will present examples of some of the past work done at APL and examples of collaborative or competitive games that could be used to explore climate disruption in terms of social, political, and economic impacts. These games provide immediate, "tactile" experience of the implications of a choice of policy. In this talk we will suggest how this tool can be applied to problems like the Colorado River Basin or the Brahmaputra.

DefenseLink Feature: Travels with Gates

Science.gov Websites

. Gates and U.S. Secretary of State Condoleezza Rice (right) discuss issues at the Kremlin in Moscow Freedom of Information Privacy & Security External Link Disclaimer Web Policy Contact Us

Technology Security and Antiboycott Act

THOMAS, 112th Congress

Rep. Berman, Howard L. [D-CA-28

2011-05-26

House - 06/20/2011 Referred to the Subcommittee on Technology, Information Policy, Intergovernmental Relations and Procurement Reform . (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

Breaking the cyber-security dilemma: aligning security needs and removing vulnerabilities.

PubMed

Dunn Cavelty, Myriam

2014-09-01

Current approaches to cyber-security are not working. Rather than producing more security, we seem to be facing less and less. The reason for this is a multi-dimensional and multi-faceted security dilemma that extends beyond the state and its interaction with other states. It will be shown how the focus on the state and "its" security crowds out consideration for the security of the individual citizen, with detrimental effects on the security of the whole system. The threat arising from cyberspace to (national) security is presented as possible disruption to a specific way of life, one building on information technologies and critical functions of infrastructures, with relatively little consideration for humans directly. This non-focus on people makes it easier for state actors to militarize cyber-security and (re-)assert their power in cyberspace, thereby overriding the different security needs of human beings in that space. Paradoxically, the use of cyberspace as a tool for national security, both in the dimension of war fighting and the dimension of mass-surveillance, has detrimental effects on the level of cyber-security globally. A solution out of this dilemma is a cyber-security policy that is decidedly anti-vulnerability and at the same time based on strong considerations for privacy and data protection. Such a security would have to be informed by an ethics of the infosphere that is based on the dignity of information related to human beings.

Integrated secure solution for electronic healthcare records sharing

NASA Astrophysics Data System (ADS)

Yao, Yehong; Zhang, Chenghao; Sun, Jianyong; Jin, Jin; Zhang, Jianguo

2007-03-01

The EHR is a secure, real-time, point-of-care, patient-centric information resource for healthcare providers. Many countries and regional districts have set long-term goals to build EHRs, and most of EHRs are usually built based on the integration of different information systems with different information models and platforms. A number of hospitals in Shanghai are also piloting the development of an EHR solution based on IHE XDS/XDS-I profiles with a service-oriented architecture (SOA). The first phase of the project targets the Diagnostic Imaging domain and allows seamless sharing of images and reports across the multiple hospitals. To develop EHRs for regional coordinated healthcare, some factors should be considered in designing architecture, one of which is security issue. In this paper, we present some approaches and policies to improve and strengthen the security among the different hospitals' nodes, which are compliant with the security requirements defined by IHE IT Infrastructure (ITI) Technical Framework. Our security solution includes four components: Time Sync System (TSS), Digital Signature Manage System (DSMS), Data Exchange Control Component (DECC) and Single Sign-On (SSO) System. We give a design method and implementation strategy of these security components, and then evaluate the performance and overheads of the security services or features by integrating the security components into an image-based EHR system.

U.S. National Security Strategy - The Magnitude of Second and Third-Order Effects on Smaller Nations: The Cases of Lebanon During the Cold War and Pakistan During the Global War on Terrorism

DTIC Science & Technology

2004-03-19

informal management style used during the war years was not suited to the longer-term security issues of the post-war era. As US grand strategy became...Eisenhower Doctrine in 1957. THE CASE OF LEBANON Each of the above mentioned security policies were products of American diplomacy aimed at managing the...consisting of its East and West entities, found itself a principle player in the American-led security alliance structure designed to check Soviet

Strategic Arguments and Tactical Battles over Federal Information Policy.

ERIC Educational Resources Information Center

Sherwood, Diane E.

1990-01-01

Examines public agency attempts to disseminate information in ways that satisfy constituencies, Office of Management and Budget (OMB), and the private sector. The Securities and Exchange Commission's release of EDGAR, the Patent and Trademark Office's recent lawsuit, and Department of Defense problems with Fedlog are cited. Statements and policy…

Risk-Based Models for Managing Data Privacy in Healthcare

ERIC Educational Resources Information Center

AL Faresi, Ahmed

2011-01-01

Current research in health care lacks a systematic investigation to identify and classify various sources of threats to information privacy when sharing health data. Identifying and classifying such threats would enable the development of effective information security risk monitoring and management policies. In this research I put the first step…

76 FR 54998 - Request for Information on Consumer Financial Products and Services Offered to Servicemembers

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-06

... public disclosure. Sensitive personal information such as account numbers or Social Security numbers... in person and online? 4. What programs, policies, accommodations, or benefits do financial service... protections and fraud protections. 5. What unique assistance, if any, is currently offered by financial...

32 CFR 286h.3 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... classified information shall be made through existing security channels in accordance with DoD 5220.22-R;1 DoD 5220.22-M;2 and DoD 5200.1-R, 3 which are implementing publications for safeguarding classified... Acquisition Regulation Supplement (DFARS) 215.1003(a). (5) Planning, programming, and budgetary information...

32 CFR 811.2 - Release of visual information materials.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Section 811.2 National Defense Department of Defense (Continued) DEPARTMENT OF THE AIR FORCE SALES AND SERVICES RELEASE, DISSEMINATION, AND SALE OF VISUAL INFORMATION MATERIALS § 811.2 Release of visual... Security and Policy Review Program. (b) The Secretary of the Air Force for Legislative Liaison (SAF/LL...

Security practices and regulatory compliance in the healthcare industry.

PubMed

Kwon, Juhee; Johnson, M Eric

2013-01-01

Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). Hospitals in the highest level of compliance were significantly managing third parties' breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption.

Security practices and regulatory compliance in the healthcare industry

PubMed Central

Kwon, Juhee; Johnson, M Eric

2013-01-01

Objective Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. Design We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. Measurement We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. Results Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). Conclusions Hospitals in the highest level of compliance were significantly managing third parties’ breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption. PMID:22955497