17 CFR 229.1121 - (Item 1121) Distribution and pool performance information.

Code of Federal Regulations, 2014 CFR

2014-04-01

... and actual distribution dates for the distribution period. (2) Cash flows received and the sources... shortfalls or carryovers. (iv) The amount of excess cash flow or excess spread and the disposition of excess cash flow. (4) Beginning and ending principal balances of the asset-backed securities. (5) Interest...

17 CFR 229.1121 - (Item 1121) Distribution and pool performance information.

Code of Federal Regulations, 2013 CFR

2013-04-01

... and actual distribution dates for the distribution period. (2) Cash flows received and the sources... shortfalls or carryovers. (iv) The amount of excess cash flow or excess spread and the disposition of excess cash flow. (4) Beginning and ending principal balances of the asset-backed securities. (5) Interest...

Shared Awareness in Times of Crisis: A Framework for Collaboration

DTIC Science & Technology

2011-06-01

also affords a “ dashboard ” perspective allowing for centralization of resources. The U.S. Army’s Knowledge Online portal is one example of a single...labor, energy, materials, information, cash and technology into outputs of higher value • Organization’s values (criteria that managers and...follows: Challenges - Disabilities Inter-Organizational Cross-Organizational Privacy and Security high security (portal) blocks information flow Trust

Hyperproperties

DTIC Science & Technology

2016-01-14

hyperproperty and a liveness hyperproperty. A verification technique for safety hyperproperties is given and is shown to generalize prior tech- niques for...liveness properties are affiliated with specific verification methods. An analogous theory for security policies would be appealing. The fact that security...verified by using invariance arguments. Our verification methodology generalizes prior work on using invariance arguments to verify information-flow

Security analysis of RSA cryptosystem algorithm and it’s properties

DOE Office of Scientific and Technical Information (OSTI.GOV)

Liu, Chenglian; Guo, Yongning, E-mail: guoyn@163.com, E-mail: linjuanliucaihong@qq.com; Lin, Juan, E-mail: guoyn@163.com, E-mail: linjuanliucaihong@qq.com

2014-10-06

The information technology rapidly development and dramatically changed the life style people, in addition to shortening the distance of communication, but also promote the smooth exchange of information flows. However, derivatives to facilitate the relative safety of these issues, since into the digital information age, the majority of the practitioners of engineering and technical personnel and technical workers in terms of technology, information security is increasingly becoming an important issue. The RSA algorithm was published in 1978. It is a kind of very popular and widely application modem cryptosystem in the world. Even though there are lots of articles tomore » discuss about how to break the RSA, but it is still secure today. In this paper, the authors would like to introduce a variant attack to RSA.« less

Control Issues.

ERIC Educational Resources Information Center

Olsen, Florence

2003-01-01

Discusses how the potential effectiveness of Palladium, Microsoft's new approach to computer security, is worrying academics, who say it could allow publishers to dam the free flow of online information. (EV)

17 CFR 229.1101 - (Item 1101) Definitions.

Code of Federal Regulations, 2011 CFR

2011-04-01

... information regarding the asset-backed securities being offered and the structure and basic parameters of the..., anticipated ratings, and other similar information relating to the proposed structure of the offering); (2... flows of a discrete pool of receivables or other financial assets, either fixed or revolving, that by...

17 CFR 229.1101 - (Item 1101) Definitions.

Code of Federal Regulations, 2013 CFR

2013-04-01

... information regarding the asset-backed securities being offered and the structure and basic parameters of the..., anticipated ratings, and other similar information relating to the proposed structure of the offering); (2... flows of a discrete pool of receivables or other financial assets, either fixed or revolving, that by...

17 CFR 229.1101 - (Item 1101) Definitions.

Code of Federal Regulations, 2012 CFR

2012-04-01

... information regarding the asset-backed securities being offered and the structure and basic parameters of the..., anticipated ratings, and other similar information relating to the proposed structure of the offering); (2... flows of a discrete pool of receivables or other financial assets, either fixed or revolving, that by...

17 CFR 229.1101 - (Item 1101) Definitions.

Code of Federal Regulations, 2014 CFR

2014-04-01

... information regarding the asset-backed securities being offered and the structure and basic parameters of the..., anticipated ratings, and other similar information relating to the proposed structure of the offering); (2... flows of a discrete pool of receivables or other financial assets, either fixed or revolving, that by...

Automating Network Node Behavior Characterization by Mining Communication Patterns

DOE Office of Scientific and Technical Information (OSTI.GOV)

Carroll, Thomas E.; Chikkagoudar, Satish; Arthur-Durett, Kristine M.

Enterprise networks of scale are complex, dynamic computing environments that respond to evolv- ing business objectives and requirements. Characteriz- ing system behaviors in these environments is essential for network management and cyber security operations. Characterization of system’s communication is typical and is supported using network flow information (NetFlow). Related work has characterized behavior using theoretical graph metrics; results are often difficult to interpret by enterprise staff. We propose a different approach, where flow information is mapped to sets of tags that contextualize the data in terms of network principals and enterprise concepts. Frequent patterns are then extracted and are expressedmore » as behaviors. Behaviors can be com- pared, identifying systems expressing similar behaviors. We evaluate the approach using flow information collected by a third party.« less

Free Flow of Information Act of 2013

THOMAS, 113th Congress

Rep. Poe, Ted [R-TX-2

2013-05-14

House - 06/14/2013 Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

The Homeland Security Ecosystem: An Analysis of Hierarchical and Ecosystem Models and Their Influence on Decision Makers

DTIC Science & Technology

2012-12-01

flows, diversity, emergence, networks, fusion, strategic planning, information sharing, ecosystem, hierarchy, NJ Regional Operations Intelligence ...Related Information...........................................................................79 viii 3. Production of Disaster Intelligence for... Intelligence for Field Personnel .................80 5. Focused Collection Efforts to Support FEMA and NJ OEM Operations

Sustainable Food Security Measurement: A Systemic Methodology

NASA Astrophysics Data System (ADS)

Findiastuti, W.; Singgih, M. L.; Anityasari, M.

2017-04-01

Sustainable food security measures how a region provides food for its people without endangered the environment. In Indonesia, it was legally measured in Food Security and Vulnerability (FSVA). However, regard to sustainable food security policy, the measurement has not encompassed the environmental aspect. This will lead to lack of environmental aspect information for adjusting the next strategy. This study aimed to assess Sustainable Food security by encompassing both food security and environment aspect using systemic eco-efficiency. Given existing indicator of cereal production level, total emission as environment indicator was generated by constructing Causal Loop Diagram (CLD). Then, a stock-flow diagram was used to develop systemic simulation model. This model was demonstrated for Indonesian five provinces. The result showed there was difference between food security order with and without environmental aspect assessment.

A New Cellular Architecture for Information Retrieval from Sensor Networks through Embedded Service and Security Protocols

PubMed Central

Shahzad, Aamir; Landry, René; Lee, Malrey; Xiong, Naixue; Lee, Jongho; Lee, Changhoon

2016-01-01

Substantial changes have occurred in the Information Technology (IT) sectors and with these changes, the demand for remote access to field sensor information has increased. This allows visualization, monitoring, and control through various electronic devices, such as laptops, tablets, i-Pads, PCs, and cellular phones. The smart phone is considered as a more reliable, faster and efficient device to access and monitor industrial systems and their corresponding information interfaces anywhere and anytime. This study describes the deployment of a protocol whereby industrial system information can be securely accessed by cellular phones via a Supervisory Control And Data Acquisition (SCADA) server. To achieve the study goals, proprietary protocol interconnectivity with non-proprietary protocols and the usage of interconnectivity services are considered in detail. They support the visualization of the SCADA system information, and the related operations through smart phones. The intelligent sensors are configured and designated to process real information via cellular phones by employing information exchange services between the proprietary protocol and non-proprietary protocols. SCADA cellular access raises the issue of security flaws. For these challenges, a cryptography-based security method is considered and deployed, and it could be considered as a part of a proprietary protocol. Subsequently, transmission flows from the smart phones through a cellular network. PMID:27314351

A New Cellular Architecture for Information Retrieval from Sensor Networks through Embedded Service and Security Protocols.

PubMed

Shahzad, Aamir; Landry, René; Lee, Malrey; Xiong, Naixue; Lee, Jongho; Lee, Changhoon

2016-06-14

Substantial changes have occurred in the Information Technology (IT) sectors and with these changes, the demand for remote access to field sensor information has increased. This allows visualization, monitoring, and control through various electronic devices, such as laptops, tablets, i-Pads, PCs, and cellular phones. The smart phone is considered as a more reliable, faster and efficient device to access and monitor industrial systems and their corresponding information interfaces anywhere and anytime. This study describes the deployment of a protocol whereby industrial system information can be securely accessed by cellular phones via a Supervisory Control And Data Acquisition (SCADA) server. To achieve the study goals, proprietary protocol interconnectivity with non-proprietary protocols and the usage of interconnectivity services are considered in detail. They support the visualization of the SCADA system information, and the related operations through smart phones. The intelligent sensors are configured and designated to process real information via cellular phones by employing information exchange services between the proprietary protocol and non-proprietary protocols. SCADA cellular access raises the issue of security flaws. For these challenges, a cryptography-based security method is considered and deployed, and it could be considered as a part of a proprietary protocol. Subsequently, transmission flows from the smart phones through a cellular network.

Fuzzy assessment of health information system users' security awareness.

PubMed

Aydın, Özlem Müge; Chouseinoglou, Oumout

2013-12-01

Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.

End-to-End Verification of Information-Flow Security for C and Assembly Programs

DTIC Science & Technology

2016-04-01

seL4 security verification [18] avoids this issue in the same way. In that work, the authors frame their solution as a restriction that disallows...identical: (σ, σ′1) ∈ TM ∧ (σ, σ′2) ∈ TM =⇒ Ol(σ′1) = Ol(σ′2) The successful security verifications of both seL4 and mCertiKOS provide reasonable...evidence that this restriction on specifications is not a major hindrance for usability. Unlike the seL4 verification, however, our framework runs into a

The Double-System Architecture for Trusted OS

NASA Astrophysics Data System (ADS)

Zhao, Yong; Li, Yu; Zhan, Jing

With the development of computer science and technology, current secure operating systems failed to respond to many new security challenges. Trusted operating system (TOS) is proposed to try to solve these problems. However, there are no mature, unified architectures for the TOS yet, since most of them cannot make clear of the relationship between security mechanism and the trusted mechanism. Therefore, this paper proposes a double-system architecture (DSA) for the TOS to solve the problem. The DSA is composed of the Trusted System (TS) and the Security System (SS). We constructed the TS by establishing a trusted environment and realized related SS. Furthermore, we proposed the Trusted Information Channel (TIC) to protect the information flow between TS and SS. In a word, the double system architecture we proposed can provide reliable protection for the OS through the SS with the supports provided by the TS.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lee, Hsien-Hsin S

The overall objective of this research project is to develop novel architectural techniques as well as system software to achieve a highly secure and intrusion-tolerant computing system. Such system will be autonomous, self-adapting, introspective, with self-healing capability under the circumstances of improper operations, abnormal workloads, and malicious attacks. The scope of this research includes: (1) System-wide, unified introspection techniques for autonomic systems, (2) Secure information-flow microarchitecture, (3) Memory-centric security architecture, (4) Authentication control and its implication to security, (5) Digital right management, (5) Microarchitectural denial-of-service attacks on shared resources. During the period of the project, we developed several architectural techniquesmore » and system software for achieving a robust, secure, and reliable computing system toward our goal.« less

A Weakest Precondition Approach to Robustness

NASA Astrophysics Data System (ADS)

Balliu, Musard; Mastroeni, Isabella

With the increasing complexity of information management computer systems, security becomes a real concern. E-government, web-based financial transactions or military and health care information systems are only a few examples where large amount of information can reside on different hosts distributed worldwide. It is clear that any disclosure or corruption of confidential information in these contexts can result fatal. Information flow controls constitute an appealing and promising technology to protect both data confidentiality and data integrity. The certification of the security degree of a program that runs in untrusted environments still remains an open problem in the area of language-based security. Robustness asserts that an active attacker, who can modify program code in some fixed points (holes), is unable to disclose more private information than a passive attacker, who merely observes unclassified data. In this paper, we extend a method recently proposed for checking declassified non-interference in presence of passive attackers only, in order to check robustness by means of weakest precondition semantics. In particular, this semantics simulates the kind of analysis that can be performed by an attacker, i.e., from public output towards private input. The choice of semantics allows us to distinguish between different attacks models and to characterize the security of applications in different scenarios.

Development of CPR security using impact analysis.

PubMed Central

Salazar-Kish, J.; Tate, D.; Hall, P. D.; Homa, K.

2000-01-01

The HIPAA regulations will require that institutions ensure the prevention of unauthorized access to electronically stored or transmitted patient records. This paper discusses a process for analyzing the impact of security mechanisms on users of computerized patient records through "behind the scenes" electronic access audits. In this way, those impacts can be assessed and refined to an acceptable standard prior to implementation. Through an iterative process of design and evaluation, we develop security algorithms that will protect electronic health information from improper access, alteration or loss, while minimally affecting the flow of work of the user population as a whole. PMID:11079984

A resilient and secure software platform and architecture for distributed spacecraft

NASA Astrophysics Data System (ADS)

Otte, William R.; Dubey, Abhishek; Karsai, Gabor

2014-06-01

A distributed spacecraft is a cluster of independent satellite modules flying in formation that communicate via ad-hoc wireless networks. This system in space is a cloud platform that facilitates sharing sensors and other computing and communication resources across multiple applications, potentially developed and maintained by different organizations. Effectively, such architecture can realize the functions of monolithic satellites at a reduced cost and with improved adaptivity and robustness. Openness of these architectures pose special challenges because the distributed software platform has to support applications from different security domains and organizations, and where information flows have to be carefully managed and compartmentalized. If the platform is used as a robust shared resource its management, configuration, and resilience becomes a challenge in itself. We have designed and prototyped a distributed software platform for such architectures. The core element of the platform is a new operating system whose services were designed to restrict access to the network and the file system, and to enforce resource management constraints for all non-privileged processes Mixed-criticality applications operating at different security labels are deployed and controlled by a privileged management process that is also pre-configuring all information flows. This paper describes the design and objective of this layer.

The Command of Space: A National Vision for American Prosperity and Security

DTIC Science & Technology

2000-03-01

are also made for the president and Congress to advance toward the goal of commanding space. The future requires a national effort to master all...information flows and these are increasingly space dependent. Both a nation’s prosperity and security, now and in the future , are thus linked to...or future adversaries—China—compete with the U.S. China is expected to surpass the size of the U.S. economy in about ten years. While a vision for

A novel wireless local positioning system for airport (indoor) security

NASA Astrophysics Data System (ADS)

Zekavat, Seyed A.; Tong, Hui; Tan, Jindong

2004-09-01

A novel wireless local positioning system (WLPS) for airport (or indoor) security is introduced. This system is used by airport (indoor) security guards to locate all of, or a group of airport employees or passengers within the airport area. WLPS consists of two main parts: (1) a base station that is carried by security personnel; hence, introducing dynamic base station (DBS), and (2) a transponder (TRX) that is mounted on all people (including security personnel) present at the airport; thus, introducing them as active targets. In this paper, we (a) draw a futuristic view of the airport security systems, and the flow of information at the airports, (b) investigate the techniques of extending WLPS coverage area beyond the line-of-sight (LoS), and (c) study the performance of this system via standard transceivers, and direct sequence code division multiple access (DS-CDMA) systems with and without antenna arrays and conventional beamforming (BF).

Patient empowerment by the means of citizen-managed Electronic Health Records: web 2.0 health digital identity scenarios.

PubMed

Falcão-Reis, Filipa; Correia, Manuel E

2010-01-01

With the advent of more sophisticated and comprehensive healthcare information systems, system builders are becoming more interested in patient interaction and what he can do to help to improve his own health care. Information systems play nowadays a crucial and fundamental role in hospital work-flows, thus providing great opportunities to introduce and improve upon "patient empowerment" processes for the personalization and management of Electronic Health Records (EHRs). In this paper, we present a patient's privacy generic control mechanisms scenarios based on the Extended OpenID (eOID), a user centric digital identity provider previously developed by our group, which leverages a secured OpenID 2.0 infrastructure with the recently released Portuguese Citizen Card (CC) for secure authentication in a distributed health information environment. eOID also takes advantage of Oauth assertion based mechanisms to implement patient controlled secure qualified role based access to his EHR, by third parties.

76 FR 34658 - The Internet Assigned Numbers Authority (IANA) Functions

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-14

... raised concerns that short-term contracts create instability in the IANA functions process and would... political sustainability of an Internet that supports the free flow of information, goods, and services... account security and stability issues. Commenters were divided on whether the IANA functions should be...

Helix Project Testbed - Towards the Self-Regenerative Incorruptible Enterprise

DTIC Science & Technology

2011-09-14

hardware implementation with a microkernel in a way that allows information flow properties of the entire construction to be statically verified all the way...secure architectural skeleton. This skeleton couples a critical slice of the low level hardware implementation with a microkernel in a way that

Protection of electronic health records (EHRs) in cloud.

PubMed

Alabdulatif, Abdulatif; Khalil, Ibrahim; Mai, Vu

2013-01-01

EHR technology has come into widespread use and has attracted attention in healthcare institutions as well as in research. Cloud services are used to build efficient EHR systems and obtain the greatest benefits of EHR implementation. Many issues relating to building an ideal EHR system in the cloud, especially the tradeoff between flexibility and security, have recently surfaced. The privacy of patient records in cloud platforms is still a point of contention. In this research, we are going to improve the management of access control by restricting participants' access through the use of distinct encrypted parameters for each participant in the cloud-based database. Also, we implement and improve an existing secure index search algorithm to enhance the efficiency of information control and flow through a cloud-based EHR system. At the final stage, we contribute to the design of reliable, flexible and secure access control, enabling quick access to EHR information.

"Glitch Logic" and Applications to Computing and Information Security

NASA Technical Reports Server (NTRS)

Stoica, Adrian; Katkoori, Srinivas

2009-01-01

This paper introduces a new method of information processing in digital systems, and discusses its potential benefits to computing and information security. The new method exploits glitches caused by delays in logic circuits for carrying and processing information. Glitch processing is hidden to conventional logic analyses and undetectable by traditional reverse engineering techniques. It enables the creation of new logic design methods that allow for an additional controllable "glitch logic" processing layer embedded into a conventional synchronous digital circuits as a hidden/covert information flow channel. The combination of synchronous logic with specific glitch logic design acting as an additional computing channel reduces the number of equivalent logic designs resulting from synthesis, thus implicitly reducing the possibility of modification and/or tampering with the design. The hidden information channel produced by the glitch logic can be used: 1) for covert computing/communication, 2) to prevent reverse engineering, tampering, and alteration of design, and 3) to act as a channel for information infiltration/exfiltration and propagation of viruses/spyware/Trojan horses.

A Metadata Calculus for Securing Information Flows

DTIC Science & Technology

2008-12-01

mechanism to “purchase risk” using a pseudo- currency . Under the assumption that the line of risk credit or the risk available for purchase in the...Communications Conference (MILCOM 2007), pages 192–206. IEEE Com- puter Society, 2007. [11] J.A. Vaughan and S. Zdancewic. A Crypto - graphic Decentralized Label

76 FR 59472 - Self-Regulatory Organizations; International Securities Exchange, Inc., Order Granting Approval...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-26

... documentation to evaluate whether a member has implemented processes that are reasonably designed to prevent the flow of pre-trade order information given the particular structure of the member firm. Additionally... the public interest and are not designed to permit unfair discrimination between customers, issuers...

48 CFR 832.202-4 - Security for Government financing.

Code of Federal Regulations, 2013 CFR

2013-10-01

... appropriate officer of the firm. (b) A cash flow forecast for the remainder of the contract term showing the planned origin and use of cash within the firm or branch performing the contract. (c) Information on financing arrangements disclosing the availability of cash to finance contract performance, the contractor's...

48 CFR 832.202-4 - Security for Government financing.

Code of Federal Regulations, 2011 CFR

2011-10-01

... appropriate officer of the firm. (b) A cash flow forecast for the remainder of the contract term showing the planned origin and use of cash within the firm or branch performing the contract. (c) Information on financing arrangements disclosing the availability of cash to finance contract performance, the contractor's...

Extractable resources

NASA Technical Reports Server (NTRS)

1975-01-01

The use of information from space systems in the operation of extractive industries, particularly in exploration for mineral and fuel resources was reviewed. Conclusions and recommendations reported are based on the fundamental premise that survival of modern industrial society requires a continuing secure flow of resources for energy, construction and manufacturing, and for use as plant foods.

17 CFR 270.3a-7 - Issuers of asset-backed securities.

Code of Federal Regulations, 2011 CFR

2011-04-01

... holders to receive payments that depend primarily on the cash flow from eligible assets; (2) Securities... parties in those eligible assets that principally generate the cash flow needed to pay the fixed-income... the cash flows derived from eligible assets for the benefit of the holders of fixed-income securities...

17 CFR 270.3a-7 - Issuers of asset-backed securities.

Code of Federal Regulations, 2012 CFR

2012-04-01

... holders to receive payments that depend primarily on the cash flow from eligible assets; (2) Securities... parties in those eligible assets that principally generate the cash flow needed to pay the fixed-income... the cash flows derived from eligible assets for the benefit of the holders of fixed-income securities...

17 CFR 270.3a-7 - Issuers of asset-backed securities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... holders to receive payments that depend primarily on the cash flow from eligible assets; (2) Securities... parties in those eligible assets that principally generate the cash flow needed to pay the fixed-income... the cash flows derived from eligible assets for the benefit of the holders of fixed-income securities...

17 CFR 270.3a-7 - Issuers of asset-backed securities.

Code of Federal Regulations, 2013 CFR

2013-04-01

... holders to receive payments that depend primarily on the cash flow from eligible assets; (2) Securities... parties in those eligible assets that principally generate the cash flow needed to pay the fixed-income... the cash flows derived from eligible assets for the benefit of the holders of fixed-income securities...

17 CFR 270.3a-7 - Issuers of asset-backed securities.

Code of Federal Regulations, 2014 CFR

2014-04-01

... holders to receive payments that depend primarily on the cash flow from eligible assets; (2) Securities... parties in those eligible assets that principally generate the cash flow needed to pay the fixed-income... the cash flows derived from eligible assets for the benefit of the holders of fixed-income securities...

Women's Marginalization, Economic Flows, and Environmental Flows: A Classroom Approach.

ERIC Educational Resources Information Center

O'Lear, Shannon

1999-01-01

Discusses environmental security, focusing on the meaning of "security." Defines the global economy as a process in which the security of groups is sought, maintained, or threatened. Illustrates connections among environmental security, the global economy, and abuse of women and children in less economically developed places,…

Quantification and Formalization of Security

DTIC Science & Technology

2010-02-01

Quantification of Information Flow . . . . . . . . . . . . . . . . . . 30 2.4 Language Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . 46...system behavior observed by users holding low clearances. This policy, or a variant of it, is enforced by many pro- gramming language -based mechanisms...illustrates with a particular programming language (while-programs plus probabilistic choice). The model is extended in §2.5 to programs in which

Implications of Multi-Core Architectures on the Development of Multiple Independent Levels of Security (MILS) Compliant Systems

DTIC Science & Technology

2012-10-01

REPORT 3. DATES COVERED (From - To) MAR 2010 – APR 2012 4 . TITLE AND SUBTITLE IMPLICATIONS OF MULT-CORE ARCHITECTURES ON THE DEVELOPMENT OF...Framework for Multicore Information Flow Analysis ...................................... 23 4 4.1 A Hypothetical Reference Architecture... 4 Figure 2: Pentium II Block Diagram

A Quantitative Socio-hydrological Characterization of Water Security in Large-Scale Irrigation Systems

NASA Astrophysics Data System (ADS)

Siddiqi, A.; Muhammad, A.; Wescoat, J. L., Jr.

2017-12-01

Large-scale, legacy canal systems, such as the irrigation infrastructure in the Indus Basin in Punjab, Pakistan, have been primarily conceived, constructed, and operated with a techno-centric approach. The emerging socio-hydrological approaches provide a new lens for studying such systems to potentially identify fresh insights for addressing contemporary challenges of water security. In this work, using the partial definition of water security as "the reliable availability of an acceptable quantity and quality of water", supply reliability is construed as a partial measure of water security in irrigation systems. A set of metrics are used to quantitatively study reliability of surface supply in the canal systems of Punjab, Pakistan using an extensive dataset of 10-daily surface water deliveries over a decade (2007-2016) and of high frequency (10-minute) flow measurements over one year. The reliability quantification is based on comparison of actual deliveries and entitlements, which are a combination of hydrological and social constructs. The socio-hydrological lens highlights critical issues of how flows are measured, monitored, perceived, and experienced from the perspective of operators (government officials) and users (famers). The analysis reveals varying levels of reliability (and by extension security) of supply when data is examined across multiple temporal and spatial scales. The results shed new light on evolution of water security (as partially measured by supply reliability) for surface irrigation in the Punjab province of Pakistan and demonstrate that "information security" (defined as reliable availability of sufficiently detailed data) is vital for enabling water security. It is found that forecasting and management (that are social processes) lead to differences between entitlements and actual deliveries, and there is significant potential to positively affect supply reliability through interventions in the social realm.

Analysis of information flows among individual companies in the KOSDAQ market

NASA Astrophysics Data System (ADS)

Kim, Ho-Yong; Oh, Gabjin

2016-08-01

In this paper, we employ the variance decomposition method to measure the strength and the direction of interconnections among companies in the KOSDAQ (Korean Securities Dealers Automated Quotation) stock market. We analyze the 200 companies listed on the KOSDAQ market from January 2001 to December 2015. We find that the systemic risk, measured by using the interconnections, increases substantially during periods of financial crisis such as the bankruptcy of Lehman brothers and the European financial crisis. In particular, we find that the increases in the aggregated information flows can be used to predict the increment of the market volatility that may occur during a sub-prime financial crisis period.

A Dynamic Three-Dimensional Network Visualization Program for Integration into CyberCIEGE and Other Network Visualization Scenarios

DTIC Science & Technology

2007-06-01

information flow involved in network attacks. This kind of information can be invaluable in learning how to best setup and defend computer networks...administrators, and those interested in learning about securing networks a way to conceptualize this complex system of computing. NTAV3D will provide a three...teaching with visual and other components can make learning more effective” (Baxley et al, 2006). A hyperbox (Alpern and Carter, 1991) is

Shift in Global Tantalum Mine Production, 2000–2014

USGS Publications Warehouse

Bleiwas, Donald I.; Papp, John F.; Yager, Thomas R.

2015-12-10

One of the activities of the U.S. Geological Survey National Minerals Information Center (USGS-NMIC) is to analyze global supply chains and characterize major components of mineral and material flows from ore extraction through processing to first tier products. These analyses support the core mission of the USGS-NMIC as the Federal entity responsible for the collection, analysis, and dissemination of objective, unbiased, factual information on minerals essential to the U.S. economy and national security.

7 CFR 1951.230 - Transfer of security and assumption of loans.

Code of Federal Regulations, 2010 CFR

2010-01-01

... maintenance, and any other project account, including supervised bank accounts. (7) When the property to be... transferor from receiving equity payments when the full account of the FmHA or its successor agency under... Public Law 103-354 442-3, “Balance Sheet,” and budget and cash flow information using Form FmHA or its...

Harnessing the Risk-Related Data Supply Chain: An Information Architecture Approach to Enriching Human System Research and Operations Knowledge

NASA Technical Reports Server (NTRS)

Buquo, Lynn E.; Johnson-Throop, Kathy A.

2011-01-01

An Information Architecture facilitates the understanding and, hence, harnessing of the human system risk-related data supply chain which enhances the ability to securely collect, integrate, and share data assets that improve human system research and operations. By mapping the risk-related data flow from raw data to useable information and knowledge (think of it as a data supply chain), the Human Research Program (HRP) and Space Life Science Directorate (SLSD) are building an information architecture plan to leverage their existing, and often shared, IT infrastructure.

Main control computer security model of closed network systems protection against cyber attacks

NASA Astrophysics Data System (ADS)

Seymen, Bilal

2014-06-01

The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

Pedestrian Detection by Laser Scanning and Depth Imagery

NASA Astrophysics Data System (ADS)

Barsi, A.; Lovas, T.; Molnar, B.; Somogyi, A.; Igazvolgyi, Z.

2016-06-01

Pedestrian flow is much less regulated and controlled compared to vehicle traffic. Estimating flow parameters would support many safety, security or commercial applications. Current paper discusses a method that enables acquiring information on pedestrian movements without disturbing and changing their motion. Profile laser scanner and depth camera have been applied to capture the geometry of the moving people as time series. Procedures have been developed to derive complex flow parameters, such as count, volume, walking direction and velocity from laser scanned point clouds. Since no images are captured from the faces of pedestrians, no privacy issues raised. The paper includes accuracy analysis of the estimated parameters based on video footage as reference. Due to the dense point clouds, detailed geometry analysis has been conducted to obtain the height and shoulder width of pedestrians and to detect whether luggage has been carried or not. The derived parameters support safety (e.g. detecting critical pedestrian density in mass events), security (e.g. detecting prohibited baggage in endangered areas) and commercial applications (e.g. counting pedestrians at all entrances/exits of a shopping mall).

17 CFR 229.1103 - (Item 1103) Transaction summary and risk factors.

Code of Federal Regulations, 2012 CFR

2012-04-01

... if doing so will aid understanding. Consider using diagrams to illustrate the relationships among the parties, the structure of the securities offered (including, for example, the flow of funds or any... securities may be issued. (v) Identify the distribution frequency on the securities. (vi) Summarize the flow...

17 CFR 229.1103 - (Item 1103) Transaction summary and risk factors.

Code of Federal Regulations, 2013 CFR

2013-04-01

... if doing so will aid understanding. Consider using diagrams to illustrate the relationships among the parties, the structure of the securities offered (including, for example, the flow of funds or any... securities may be issued. (v) Identify the distribution frequency on the securities. (vi) Summarize the flow...

17 CFR 229.1103 - (Item 1103) Transaction summary and risk factors.

Code of Federal Regulations, 2014 CFR

2014-04-01

... if doing so will aid understanding. Consider using diagrams to illustrate the relationships among the parties, the structure of the securities offered (including, for example, the flow of funds or any... securities may be issued. (v) Identify the distribution frequency on the securities. (vi) Summarize the flow...

Provable Security of Communication for Protecting Information Flow in Distributed Systems

DTIC Science & Technology

2015-06-01

tensorization  of   extremal  mutual  information  quantities,  which  have  been  of  recent...Control,  and   Computing,  Oct.  2012.   25) T.  Wang,  J.  Sturm,  P.  Cuff,  S.  Kulkarni,  “Condorcet   Voting ...Methods  Avoid  the   Paradoxes  of   Voting  Theory,”  Proc.  of  the  Allerton  Conference  on  Communication,  

A Survey on Security and Privacy in Emerging Sensor Networks: From Viewpoint of Close-Loop.

PubMed

Zhang, Lifu; Zhang, Heng

2016-03-26

Nowadays, as the next generation sensor networks, Cyber-Physical Systems (CPSs) refer to the complex networked systems that have both physical subsystems and cyber components, and the information flow between different subsystems and components is across a communication network, which forms a closed-loop. New generation sensor networks are found in a growing number of applications and have received increasing attention from many inter-disciplines. Opportunities and challenges in the design, analysis, verification and validation of sensor networks co-exists, among which security and privacy are two important ingredients. This paper presents a survey on some recent results in the security and privacy aspects of emerging sensor networks from the viewpoint of the closed-loop. This paper also discusses several future research directions under these two umbrellas.

No information flow using statistical fluctuations and quantum cryptography

NASA Astrophysics Data System (ADS)

Larsson, Jan-Åke

2004-04-01

The communication protocol of Home and Whitaker [

A Quantitative Experimental Study of the Effectiveness of Systems to Identify Network Attackers

ERIC Educational Resources Information Center

Handorf, C. Russell

2016-01-01

This study analyzed the meta-data collected from a honeypot that was run by the Federal Bureau of Investigation for a period of 5 years. This analysis compared the use of existing industry methods and tools, such as Intrusion Detection System alerts, network traffic flow and system log traffic, within the Open Source Security Information Manager…

Business Model for the Security of a Large-Scale PACS, Compliance with ISO/27002:2013 Standard.

PubMed

Gutiérrez-Martínez, Josefina; Núñez-Gaona, Marco Antonio; Aguirre-Meneses, Heriberto

2015-08-01

Data security is a critical issue in an organization; a proper information security management (ISM) is an ongoing process that seeks to build and maintain programs, policies, and controls for protecting information. A hospital is one of the most complex organizations, where patient information has not only legal and economic implications but, more importantly, an impact on the patient's health. Imaging studies include medical images, patient identification data, and proprietary information of the study; these data are contained in the storage device of a PACS. This system must preserve the confidentiality, integrity, and availability of patient information. There are techniques such as firewalls, encryption, and data encapsulation that contribute to the protection of information. In addition, the Digital Imaging and Communications in Medicine (DICOM) standard and the requirements of the Health Insurance Portability and Accountability Act (HIPAA) regulations are also used to protect the patient clinical data. However, these techniques are not systematically applied to the picture and archiving and communication system (PACS) in most cases and are not sufficient to ensure the integrity of the images and associated data during transmission. The ISO/IEC 27001:2013 standard has been developed to improve the ISM. Currently, health institutions lack effective ISM processes that enable reliable interorganizational activities. In this paper, we present a business model that accomplishes the controls of ISO/IEC 27002:2013 standard and criteria of security and privacy from DICOM and HIPAA to improve the ISM of a large-scale PACS. The methodology associated with the model can monitor the flow of data in a PACS, facilitating the detection of unauthorized access to images and other abnormal activities.

Safety and Security Interface Technology Initiative

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

Safety and Security Interface Technology Initiative Mr. Kevin J. Carroll Dr. Robert Lowrie, Dr. Micheal Lehto BWXT Y12 NSC Oak Ridge, TN 37831 865-576-2289/865-241-2772 carrollkj@y12.doe.gov Work Objective. Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. “Supporting Excellence in Operations Through Safety Analysis,” (workshop theme)more » includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is “Safeguards/Security Integration with Safety.” This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security Documentation Integration, Configuration Control, and development of a shared ‘tool box’ of information/successes. Specific Benefits. The expectation or end state resulting from the topical report and associated implementation plan includes: (1) A recommended process for handling the documentation of the security and safety disciplines, including an appropriate change control process and participation by all stakeholders. (2) A means to package security systems with sufficient information to help expedite the flow of that system through the process. In addition, a means to share successes among sites, to include information and safety basis to the extent such information is transportable. (3) Identification of key security systems and associated essential security elements being installed and an arrangement for the sites installing these systems to host an appropriate team to review a specific system and determine what information is exportable. (4) Identification of the security systems’ essential elements and appropriate controls required for testing of these essential elements in the facility. (5) The ability to help refine and improve an agreed to control set at the manufacture stage.« less

Secure and interoperable communication infrastructures for PPDR organisations

NASA Astrophysics Data System (ADS)

Müller, Wilmuth; Marques, Hugo; Pereira, Luis; Rodriguez, Jonathan; Brouwer, Frank; Bouwers, Bert; Politis, Ilias; Lykourgiotis, Asimakis; Ladas, Alexandros; Adigun, Olayinka; Jelenc, David

2016-05-01

The growing number of events affecting public safety and security (PS&S) on a regional scale with potential to grow up to large scale cross border disasters puts an increased pressure on agencies and organisation responsible for PS&S. In order to respond timely and in an adequate manner to such events, Public Protection and Disaster Relief (PPDR) organisations need to cooperate, align their procedures and activities, share the needed information and be interoperable. Existing PPDR/PMR technologies such as TETRA, TETRAPOL or P25, do not currently provide broadband capability nor is expected such technologies to be upgraded in the future. This presents a major limitation in supporting new services and information flows. Furthermore, there is no known standard that addresses interoperability of these technologies. In this contribution the design of a next generation communication infrastructure for PPDR organisations which fulfills the requirements of secure and seamless end-to-end communication and interoperable information exchange within the deployed communication networks is presented. Based on Enterprise Architecture of PPDR organisations, a next generation PPDR network that is backward compatible with legacy communication technologies is designed and implemented, capable of providing security, privacy, seamless mobility, QoS and reliability support for mission-critical Private Mobile Radio (PMR) voice and broadband data services. The designed solution provides a robust, reliable, and secure mobile broadband communications system for a wide variety of PMR applications and services on PPDR broadband networks, including the ability of inter-system, interagency and cross-border operations with emphasis on interoperability between users in PMR and LTE.

A Survey on Security and Privacy in Emerging Sensor Networks: From Viewpoint of Close-Loop

PubMed Central

Zhang, Lifu; Zhang, Heng

2016-01-01

Nowadays, as the next generation sensor networks, Cyber-Physical Systems (CPSs) refer to the complex networked systems that have both physical subsystems and cyber components, and the information flow between different subsystems and components is across a communication network, which forms a closed-loop. New generation sensor networks are found in a growing number of applications and have received increasing attention from many inter-disciplines. Opportunities and challenges in the design, analysis, verification and validation of sensor networks co-exists, among which security and privacy are two important ingredients. This paper presents a survey on some recent results in the security and privacy aspects of emerging sensor networks from the viewpoint of the closed-loop. This paper also discusses several future research directions under these two umbrellas. PMID:27023559

No information flow using statistical fluctuations and quantum cryptography

DOE Office of Scientific and Technical Information (OSTI.GOV)

Larsson, Jan-Aake

2004-04-01

The communication protocol of Home and Whitaker [Phys. Rev. A 67, 022306 (2003)] is examined in some detail, and found to work equally well using a separable state. The protocol is in fact completely classical, based on postselection of suitable experimental runs. The quantum-cryptography protocol proposed in the same publication is also examined, and this protocol uses entanglement, a strictly quantum property of the system. An individual eavesdropping attack on each qubit pair would be detected by the security test proposed in the mentioned paper. However, the key is provided by groups of qubits, and there exists a coherent attack,more » internal to these groups, that will go unnoticed in that security test. A modified test is proposed here that will ensure security, even against such a coherent attack.« less

Knowledge Flow Mesh and Its Dynamics: A Decision Support Environment

DTIC Science & Technology

2008-06-01

paper was the ability of the United States military to achieve dominance through information superiority. The use of intelligent sensors and... Intelligence Agency, National Security Agency, Defense Intelligence Agency, and individual Service intelligence agencies). In fact, these edge entities would... intelligence , design, choice, and implementation. 6. Support variety of decision processes and styles. 7. DSS should be adaptable and flexible. 8. DSS

Efficient packet forwarding using cyber-security aware policies

DOEpatents

Ros-Giralt, Jordi

2017-04-04

For balancing load, a forwarder can selectively direct data from the forwarder to a processor according to a loading parameter. The selective direction includes forwarding the data to the processor for processing, transforming and/or forwarding the data to another node, and dropping the data. The forwarder can also adjust the loading parameter based on, at least in part, feedback received from the processor. One or more processing elements can store values associated with one or more flows into a structure without locking the structure. The stored values can be used to determine how to direct the flows, e.g., whether to process a flow or to drop it. The structure can be used within an information channel providing feedback to a processor.

Efficient packet forwarding using cyber-security aware policies

DOEpatents

Ros-Giralt, Jordi

2017-10-25

For balancing load, a forwarder can selectively direct data from the forwarder to a processor according to a loading parameter. The selective direction includes forwarding the data to the processor for processing, transforming and/or forwarding the data to another node, and dropping the data. The forwarder can also adjust the loading parameter based on, at least in part, feedback received from the processor. One or more processing elements can store values associated with one or more flows into a structure without locking the structure. The stored values can be used to determine how to direct the flows, e.g., whether to process a flow or to drop it. The structure can be used within an information channel providing feedback to a processor.

Risk to Water Security on Small Islands

NASA Astrophysics Data System (ADS)

Holding, S. T.; Allen, D. M.

2013-12-01

The majority of fresh water available on small islands is shallow groundwater that forms a freshwater lens. Freshwater lenses are generally limited in extent and as such are vulnerable to many stressors that impact water security. These include stressors related to climate change, such as sea level rise, as well as those related to human impacts, such as contamination. Traditionally, water security assessments have focussed on indicators that provide a snapshot of the current condition. However, recent work suggests that in order to effectively manage the water system, it is also important to consider uncertain future impacts to the system by evaluating how different stressors might impact water security. In this study, a framework for assessing risk to water security was developed and tested on Andros Island in The Bahamas. The assessment comprises two main components that characterise the water system: numerical modelling studies and a hazard survey. A baseline numerical model of the freshwater lens throughout Andros Island was developed to simulate the morphology of the freshwater lens and estimate the freshwater resources currently available. The model was prepared using SEAWAT, a density-dependent flow and solute transport code. Various stressors were simulated in the model to evaluate the response of the freshwater lens to predicted future shifts in climate patterns, sea level rise, and changes in water use. A hazard survey was also conducted on the island to collect information related to the storage of contaminants, sanitation infrastructure, waste disposal practices and groundwater abstraction rates. The results of the survey form a geo-spatial database of the location and associated hazards to the freshwater lens. The resulting risk framework provides a ranking of overall risk to water security based on information from the numerical modelling and hazard survey. The risk framework is implemented in a Geographic Information System (GIS) and provides a map of the risk to water security throughout Andros Island. It evaluates risk to water security for current and future scenarios and will enable water resource managers to effectively adapt to future impacts on water security.

Increasing operational command and control security by the implementation of device independent quantum key distribution

NASA Astrophysics Data System (ADS)

Bovino, Fabio Antonio; Messina, Angelo

2016-10-01

In a very simplistic way, the Command and Control functions can be summarized as the need to provide the decision makers with an exhaustive, real-time, situation picture and the capability to convey their decisions down to the operational forces. This two-ways data and information flow is vital to the execution of current operations and goes far beyond the border of military operations stretching to Police and disaster recovery as well. The availability of off-the shelf technology has enabled hostile elements to endanger the security of the communication networks by violating the traditional security protocols and devices and hacking sensitive databases. In this paper an innovative approach based to implementing Device Independent Quantum Key Distribution system is presented. The use of this technology would prevent security breaches due to a stolen crypto device placed in an end-to-end communication chain. The system, operating with attenuated laser, is practical and provides the increasing of the distance between the legitimate users.

DOE Office of Scientific and Technical Information (OSTI.GOV)

McKinnon, Archibald D.; Thompson, Seth R.; Doroshchuk, Ruslan A.

mart grid technologies are transforming the electric power grid into a grid with bi-directional flows of both power and information. Operating millions of new smart meters and smart appliances will significantly impact electric distribution systems resulting in greater efficiency. However, the scale of the grid and the new types of information transmitted will potentially introduce several security risks that cannot be addressed by traditional, centralized security techniques. We propose a new bio-inspired cyber security approach. Social insects, such as ants and bees, have developed complex-adaptive systems that emerge from the collective application of simple, light-weight behaviors. The Digital Ants frameworkmore » is a bio-inspired framework that uses mobile light-weight agents. Sensors within the framework use digital pheromones to communicate with each other and to alert each other of possible cyber security issues. All communication and coordination is both localized and decentralized thereby allowing the framework to scale across the large numbers of devices that will exist in the smart grid. Furthermore, the sensors are light-weight and therefore suitable for implementation on devices with limited computational resources. This paper will provide a brief overview of the Digital Ants framework and then present results from test bed-based demonstrations that show that Digital Ants can identify a cyber attack scenario against smart meter deployments.« less

The need for integration of drought monitoring tools for proactive food security management in sub-Saharan Africa

USGS Publications Warehouse

Tadesse, T.; Haile, M.; Senay, G.; Wardlow, B.D.; Knutson, C.L.

2008-01-01

Reducing the impact of drought and famine remains a challenge in sub-Saharan Africa despite ongoing drought relief assistance in recent decades. This is because drought and famine are primarily addressed through a crisis management approach when a disaster occurs, rather than stressing preparedness and risk management. Moreover, drought planning and food security efforts have been hampered by a lack of integrated drought monitoring tools, inadequate early warning systems (EWS), and insufficient information flow within and between levels of government in many sub-Saharan countries. The integration of existing drought monitoring tools for sub-Saharan Africa is essential for improving food security systems to reduce the impacts of drought and famine on society in this region. A proactive approach emphasizing integration requires the collective use of multiple tools, which can be used to detect trends in food availability and provide early indicators at local, national, and regional scales on the likely occurrence of food crises. In addition, improving the ability to monitor and disseminate critical drought-related information using available modern technologies (e.g., satellites, computers, and modern communication techniques) may help trigger timely and appropriate preventive responses and, ultimately, contribute to food security and sustainable development in sub-Saharan Africa. ?? 2008 United Nations.

Risks and responses to universal drinking water security.

PubMed

Hope, Robert; Rouse, Michael

2013-11-13

Risks to universal drinking water security are accelerating due to rapid demographic, climate and economic change. Policy responses are slow, uneven and largely inadequate to address the nature and scale of the global challenges. The challenges relate both to maintaining water security in increasingly fragile supply systems and to accelerating reliable access to the hundreds of millions who remain water-insecure. A conceptual framework illustrates the relationship between institutional, operational and financial risks and drinking water security outcomes. We apply the framework to nine case studies from rural and urban contexts in South Asia and sub-Saharan Africa. Case studies are purposively selected based on established and emerging examples of political, technological or institutional reforms that address water security risks. We find broad evidence that improved information flows reduce institutional costs and promote stronger and more transparent operational performance to increase financial sustainability. However, political barriers need to be overcome in all cases through internal or external interventions that require often decadal time frames and catalytic investments. No single model exists, though there is sufficient evidence to demonstrate that risks to drinking water security can be reduced even in the most difficult and challenging contexts.

Development of a privacy and security policy framework for a multistate comparative effectiveness research network.

PubMed

Kim, Katherine K; McGraw, Deven; Mamo, Laura; Ohno-Machado, Lucila

2013-08-01

Comparative effectiveness research (CER) conducted in distributed research networks (DRNs) is subject to different state laws and regulations as well as institution-specific policies intended to protect privacy and security of health information. The goal of the Scalable National Network for Effectiveness Research (SCANNER) project is to develop and demonstrate a scalable, flexible technical infrastructure for DRNs that enables near real-time CER consistent with privacy and security laws and best practices. This investigation began with an analysis of privacy and security laws and state health information exchange (HIE) guidelines applicable to SCANNER participants from California, Illinois, Massachusetts, and the Federal Veteran's Administration. A 7-member expert panel of policy and technical experts reviewed the analysis and gave input into the framework during 5 meetings held in 2011-2012. The state/federal guidelines were applied to 3 CER use cases: safety of new oral hematologic medications; medication therapy management for patients with diabetes and hypertension; and informational interventions for providers in the treatment of acute respiratory infections. The policy framework provides flexibility, beginning with a use-case approach rather than a one-size-fits-all approach. The policies may vary depending on the type of patient data shared (aggregate counts, deidentified, limited, and fully identified datasets) and the flow of data. The types of agreements necessary for a DRN may include a network-level and data use agreements. The need for flexibility in the development and implementation of policies must be balanced with responsibilities of data stewardship.

Health Information System Role-Based Access Control Current Security Trends and Challenges.

PubMed

de Carvalho Junior, Marcelo Antonio; Bandiera-Paiva, Paulo

2018-01-01

This article objective is to highlight implementation characteristics, concerns, or limitations over role-based access control (RBAC) use on health information system (HIS) using industry-focused literature review of current publishing for that purpose. Based on the findings, assessment for indication of RBAC is obsolete considering HIS authorization control needs. We have selected articles related to our investigation theme "RBAC trends and limitations" in 4 different sources related to health informatics or to the engineering technical field. To do so, we have applied the following search query string: "Role-Based Access Control" OR "RBAC" AND "Health information System" OR "EHR" AND "Trends" OR "Challenges" OR "Security" OR "Authorization" OR "Attacks" OR "Permission Assignment" OR "Permission Relation" OR "Permission Mapping" OR "Constraint". We followed PRISMA applicable flow and general methodology used on software engineering for systematic review. 20 articles were selected after applying inclusion and exclusion criteria resulting contributions from 10 different countries. 17 articles advocate RBAC adaptations. The main security trends and limitations mapped were related to emergency access, grant delegation, and interdomain access control. Several publishing proposed RBAC adaptations and enhancements in order to cope current HIS use characteristics. Most of the existent RBAC studies are not related to health informatics industry though. There is no clear indication of RBAC obsolescence for HIS use.

Bridging the Cyberspace Gap: Washington and Silicon Valley

DTIC Science & Technology

2017-12-21

distant concern, if not an outright impediment. Still, the two sides worked together to advocate for free speech and open access online, reduce...worked to control the destabilizing influence of the internet and the free flow of information through domestic laws and the deployment of filtering...renegotiating the North American Free Trade Agreement does include provisions to “secure commitments not to impose customs duties on digital products

Information Leakage Analysis by Abstract Interpretation

NASA Astrophysics Data System (ADS)

Zanioli, Matteo; Cortesi, Agostino

Protecting the confidentiality of information stored in a computer system or transmitted over a public network is a relevant problem in computer security. The approach of information flow analysis involves performing a static analysis of the program with the aim of proving that there will not be leaks of sensitive information. In this paper we propose a new domain that combines variable dependency analysis, based on propositional formulas, and variables' value analysis, based on polyhedra. The resulting analysis is strictly more accurate than the state of the art abstract interpretation based analyses for information leakage detection. Its modular construction allows to deal with the tradeoff between efficiency and accuracy by tuning the granularity of the abstraction and the complexity of the abstract operators.

Flow Restoration in the Columbia River Basin: An Evaluation of a Flow Restoration Accounting Framework

NASA Astrophysics Data System (ADS)

McCoy, Amy L.; Holmes, S. Rankin; Boisjolie, Brett A.

2018-03-01

Securing environmental flows in support of freshwater biodiversity is an evolving field of practice. An example of a large-scale program dedicated to restoring environmental flows is the Columbia Basin Water Transactions Program in the Pacific Northwest region of North America, which has been restoring flows in dewatered tributary habitats for imperiled salmon species over the past decade. This paper discusses a four-tiered flow restoration accounting framework for tracking the implementation and impacts of water transactions as an effective tool for adaptive management. The flow restoration accounting framework provides compliance and flow accounting information to monitor transaction efficacy. We review the implementation of the flow restoration accounting framework monitoring framework to demonstrate (a) the extent of water transactions that have been implemented over the past decade, (b) the volumes of restored flow in meeting flow targets for restoring habitat for anadromous fish species, and (c) an example of aquatic habitat enhancement that resulted from Columbia Basin Water Transactions Program investments. Project results show that from 2002 to 2015, the Columbia Basin Water Transactions Program has completed more than 450 water rights transactions, restoring approximately 1.59 million megaliters to date, with an additional 10.98 million megaliters of flow protected for use over the next 100 years. This has resulted in the watering of over 2414 stream kilometers within the Columbia Basin. We conclude with a discussion of the insights gained through the implementation of the flow restoration accounting framework. Understanding the approach and efficacy of a monitoring framework applied across a large river basin can be informative to emerging flow-restoration and adaptive management efforts in areas of conservation concern.

Flow Restoration in the Columbia River Basin: An Evaluation of a Flow Restoration Accounting Framework.

PubMed

McCoy, Amy L; Holmes, S Rankin; Boisjolie, Brett A

2018-03-01

Securing environmental flows in support of freshwater biodiversity is an evolving field of practice. An example of a large-scale program dedicated to restoring environmental flows is the Columbia Basin Water Transactions Program in the Pacific Northwest region of North America, which has been restoring flows in dewatered tributary habitats for imperiled salmon species over the past decade. This paper discusses a four-tiered flow restoration accounting framework for tracking the implementation and impacts of water transactions as an effective tool for adaptive management. The flow restoration accounting framework provides compliance and flow accounting information to monitor transaction efficacy. We review the implementation of the flow restoration accounting framework monitoring framework to demonstrate (a) the extent of water transactions that have been implemented over the past decade, (b) the volumes of restored flow in meeting flow targets for restoring habitat for anadromous fish species, and (c) an example of aquatic habitat enhancement that resulted from Columbia Basin Water Transactions Program investments. Project results show that from 2002 to 2015, the Columbia Basin Water Transactions Program has completed more than 450 water rights transactions, restoring approximately 1.59 million megaliters to date, with an additional 10.98 million megaliters of flow protected for use over the next 100 years. This has resulted in the watering of over 2414 stream kilometers within the Columbia Basin. We conclude with a discussion of the insights gained through the implementation of the flow restoration accounting framework. Understanding the approach and efficacy of a monitoring framework applied across a large river basin can be informative to emerging flow-restoration and adaptive management efforts in areas of conservation concern.

A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

ERIC Educational Resources Information Center

Francois, Michael T.

2016-01-01

Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

The Shaping of Managers' Security Objectives through Information Security Awareness Training

ERIC Educational Resources Information Center

Harris, Mark A.

2010-01-01

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

Nuclear Terrorism - Dimensions, Options, and Perspectives in Moldova

NASA Astrophysics Data System (ADS)

Vaseashta, Ashok; Susmann, P.; Braman, Eric W.; Enaki, Nicolae A.

Securing nuclear materials, controlling contraband and preventing proliferation is an international priority to resolve using technology, diplomacy, strategic alliances, and if necessary, targeted military exercises. Nuclear security consists of complementary programs involving international legal and regulatory structure, intelligence and law enforcement agencies, border and customs forces, point and stand-off radiation detectors, personal protection equipment, preparedness for emergency and disaster, and consequence management teams. The strategic goal of UNSCR 1540 and the GICNT is to prevent nuclear materials from finding their way into the hands of our adversaries. This multi-jurisdictional and multi-agency effort demands tremendous coordination, technology assessment, policy development and guidance from several sectors. The overall goal envisions creating a secured environment that controls and protects nuclear materials while maintaining the free flow of commerce and individual liberty on international basis. Integral to such efforts are technologies to sense/detect nuclear material, provide advance information of nuclear smuggling routes, and other advanced means to control nuclear contraband and prevent proliferation. We provide an overview of GICNT and several initiatives supporting such efforts. An overview is provided of technological advances in support of point and stand-off detection and receiving advance information of nuclear material movement from perspectives of the Republic of Moldova.

CrossTalk: The Journal of Defense Software Engineering. Volume 21, Number 9

DTIC Science & Technology

2008-09-01

including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson...SEP 2008 2. REPORT TYPE 3. DATES COVERED 00-00-2008 to 00-00-2008 4. TITLE AND SUBTITLE CrossTalk: The Journal of Defense Software Engineering...The Journal of Defense Software Engineering September 2008 4 10 15 19 24 26 Securing Legacy C Applications Using Dynamic Data Flow Analysis This

Creating National Attraction: Military Intelligence Sharing Building Foreign Military Interdependence

DTIC Science & Technology

2015-05-21

were focused on security of the information, access to desired intelligence, and access to locations favorable to collecting desired intelligence.8 The...obtain a more favorable position in the relationship. For example, a state might threaten defection due to a lack of domestic support for the...administration, the United States worked with Colombia and Mexico to reduce the flow of cocaine and marijuana into the United States.62 This action

A layered trust information security architecture.

PubMed

de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

2014-12-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

77 FR 12623 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National... Information Security Oversight Office no later than Friday, March 16, 2012. The Information Security Oversight... FURTHER INFORMATION CONTACT: David O. Best, Senior Program Analyst, The Information Security Oversight...

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

75 FR 49943 - New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-16

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY: Transportation... INFORMATION CONTACT: Joanna Johnson, Office of Information Technology, TSA-11, Transportation Security...

Develop a solution for protecting and securing enterprise networks from malicious attacks

NASA Astrophysics Data System (ADS)

Kamuru, Harshitha; Nijim, Mais

2014-05-01

In the world of computer and network security, there are myriad ways to launch an attack, which, from the perspective of a network, can usually be defined as "traffic that has huge malicious intent." Firewall acts as one of the measure in order to secure the device from incoming unauthorized data. There are infinite number of computer attacks that no firewall can prevent, such as those executed locally on the machine by a malicious user. From the network's perspective, there are numerous types of attack. All the attacks that degrade the effectiveness of data can be grouped into two types: brute force and precision. The Firewall that belongs to Juniper has the capability to protect against both types of attack. Denial of Service (DoS) attacks are one of the most well-known network security threats under brute force attacks, which is largely due to the high-profile way in which they can affect networks. Over the years, some of the largest, most respected Internet sites have been effectively taken offline by Denial of Service (DOS) attacks. A DoS attack typically has a singular focus, namely, to cause the services running on a particular host or network to become unavailable. Some DoS attacks exploit vulnerabilities in an operating system and cause it to crash, such as the infamous Win nuke attack. Others submerge a network or device with traffic so that there are no more resources to handle legitimate traffic. Precision attacks typically involve multiple phases and often involves a bit more thought than brute force attacks, all the way from reconnaissance to machine ownership. Before a precision attack is launched, information about the victim needs to be gathered. This information gathering typically takes the form of various types of scans to determine available hosts, networks, and ports. The hosts available on a network can be determined by ping sweeps. The available ports on a machine can be located by port scans. Screens cover a wide variety of attack traffic as they are configured on a per-zone basis. Depending on the type of screen being configured, there may be additional settings beyond simply blocking the traffic. Attack prevention is also a native function of any firewall. Juniper Firewall handles traffic on a per-flow basis. We can use flows or sessions as a way to determine whether traffic attempting to traverse the firewall is legitimate. We control the state-checking components resident in Juniper Firewall by configuring "flow" settings. These settings allow you to configure state checking for various conditions on the device. You can use flow settings to protect against TCP hijacking, and to generally ensure that the fire-wall is performing full state processing when desired. We take a case study of attack on a network and perform study of the detection of the malicious packets on a Net screen Firewall. A new solution for securing enterprise networks will be developed here.

[Application of classified protection of information security in the information system of air pollution and health impact monitoring].

PubMed

Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

2018-01-01

To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

14 CFR 1203.201 - Information security objectives.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

14 CFR 1203.201 - Information security objectives.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

Systems Security Engineering

DTIC Science & Technology

2010-08-22

Commission (IEC). “Information technology — Security techniques — Code of practice for information security management ( ISO /IEC 27002 ...Information technology — Security techniques — Information security management systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security...was a draft ISO standard on Systems and software engineering, Systems and software assurance [18]. Created by systems engineers for systems

Access and accounting schemes of wireless broadband

NASA Astrophysics Data System (ADS)

Zhang, Jian; Huang, Benxiong; Wang, Yan; Yu, Xing

2004-04-01

In this paper, two wireless broadband access and accounting schemes were introduced. There are some differences in the client and the access router module between them. In one scheme, Secure Shell (SSH) protocol is used in the access system. The SSH server makes the authentication based on private key cryptography. The advantage of this scheme is the security of the user's information, and we have sophisticated access control. In the other scheme, Secure Sockets Layer (SSL) protocol is used the access system. It uses the technology of public privacy key. Nowadays, web browser generally combines HTTP and SSL protocol and we use the SSL protocol to implement the encryption of the data between the clients and the access route. The schemes are same in the radius sever part. Remote Authentication Dial in User Service (RADIUS), as a security protocol in the form of Client/Sever, is becoming an authentication/accounting protocol for standard access to the Internet. It will be explained in a flow chart. In our scheme, the access router serves as the client to the radius server.

76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-15

...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

Asset securitization and rate of return: A study on letters of guarantee

NASA Astrophysics Data System (ADS)

Wu, Binghui

2018-01-01

Using the theory of asset securitization, we analyze the feasibility of the securitization of letters of guarantee in theory. In the process of constructing the model of rate of return of securities backed by letters of guarantee, we propose two indices: the risk probability of asset-backed securities and the loss rate of asset-backed securities to analyze the cash flow of securities. On the basis of no arbitrage principle, the expression of rate of return of securities backed by letters of guarantee is put forward. In order to study the relationship between the rate of return of securities and other influential factor in the model, a simulation experiment is designed. The experiment results show that (i) an increasing risk probability of cash flow or a short maturity date also make the return rate of securities increase and (ii) the return rate of securities is higher in economic boom than that in economic recession when other parameters remain unchanged.

44 CFR 8.3 - Senior FEMA official responsible for the information security program.

Code of Federal Regulations, 2011 CFR

2011-10-01

... responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.3 Senior FEMA official responsible for the information security program. The Director of the Security...

75 FR 44800 - Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-29

... DEPARTMENT OF HOMELAND SECURITY Notice of Meeting of the Homeland Security Information Network... Security. ACTION: Notice of open meeting. SUMMARY: The Homeland Security Information Network Advisory... (Pub. L. 92-463). The mission of the Homeland Security Information Network Advisory Committee is to...

Systems Security Engineering

DTIC Science & Technology

2010-08-22

practice for information security management ( ISO /IEC 27002 ),” “Information technology — Security techniques — Information security management...systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security techniques — Information security risk management ( ISO /IEC 27005).” from...associated practice aids. Perhaps the most germane discovery from this effort was a draft ISO standard on Systems and software engineering, Systems and

12 CFR 605.501 - Information Security Officer.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 12 Banks and Banking 6 2011-01-01 2011-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

12 CFR 605.501 - Information Security Officer.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

Access and privacy rights using web security standards to increase patient empowerment.

PubMed

Falcão-Reis, Filipa; Costa-Pereira, Altamiro; Correia, Manuel E

2008-01-01

Electronic Health Record (EHR) systems are becoming more and more sophisticated and include nowadays numerous applications, which are not only accessed by medical professionals, but also by accounting and administrative personnel. This could represent a problem concerning basic rights such as privacy and confidentiality. The principles, guidelines and recommendations compiled by the OECD protection of privacy and trans-border flow of personal data are described and considered within health information system development. Granting access to an EHR should be dependent upon the owner of the record; the patient: he must be entitled to define who is allowed to access his EHRs, besides the access control scheme each health organization may have implemented. In this way, it's not only up to health professionals to decide who have access to what, but the patient himself. Implementing such a policy is walking towards patient empowerment which society should encourage and governments should promote. The paper then introduces a technical solution based on web security standards. This would give patients the ability to monitor and control which entities have access to their personal EHRs, thus empowering them with the knowledge of how much of his medical history is known and by whom. It is necessary to create standard data access protocols, mechanisms and policies to protect the privacy rights and furthermore, to enable patients, to automatically track the movement (flow) of their personal data and information in the context of health information systems. This solution must be functional and, above all, user-friendly and the interface should take in consideration some heuristics of usability in order to provide the user with the best tools. The current official standards on confidentiality and privacy in health care, currently being developed within the EU, are explained, in order to achieve a consensual idea of the guidelines that all member states should follow to transfer such principles into national laws. A perspective is given on the state of the art concerning web security standards, which can be used to easily engineer health information systems complying with the patient empowering goals. In conclusion health systems with the characteristics thus described are technically feasible and should be generally implemented and deployed.

A Layered Trust Information Security Architecture

PubMed Central

de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

2014-01-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a... have access to matter revealing Secret or Confidential National Security Information or Restricted Data...

Implementing an Information Security Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to covermore » information security best practices, planning for an information security management system, and implementing security controls for information security.« less

The Use of BS7799 Information Security Standard to Construct Mechanisms for the Management of Medical Organization Information Security

NASA Astrophysics Data System (ADS)

Liu, Shu-Fan; Chueh, Hao-En; Liao, Kuo-Hsiung

According to surveys, 80 % of security related events threatening information in medical organizations is due to improper management. Most research on information security has focused on information and security technology, such as network security and access control; rarely addressing issues at the management issues. The main purpose of this study is to construct a BS7799 based mechanism for the management of information with regard to security as it applies to medical organizations. This study analyzes and identifies the most common events related to information security in medical organizations and categorizes these events as high-risk, transferable-risk, and controlled-risk to facilitate the management of such risk.

Is Seeing Believing? Training Users on Information Security: Evidence from Java Applets

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Figueroa, Norilyz

2017-01-01

Information Security issues are one of the top concerns of CEOs. Accordingly, information systems education and research have addressed security issues. One of the main areas of research is the behavioral issues in Information Security, primarily focusing on users' compliance to information security policies. We contribute to this literature by…

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Establishing Information Security Standards Table of Contents I. Introduction A. Scope B. Preservation of... Security Program B. Objectives III. Development and Implementation of Customer Information Security Program.... Introduction The Interagency Guidelines Establishing Information Security Standards (Guidelines) set forth...

76 FR 67750 - Homeland Security Information Network Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0107] Homeland Security Information Network... Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network Advisory Committee (HSINAC) is necessary and in the...

78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-04

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0005] Homeland Security Information Network... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet... received by the (Homeland Security Information Network Advisory Committee), go to http://www.regulations...

78 FR 34665 - Homeland Security Information Network Advisory Committee (HSINAC); Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-10

... DEPARTMENT OF HOMELAND SECURITY [DHS-2013-0037] Homeland Security Information Network Advisory... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSINAC) will meet... posted beforehand at this link: http://www.dhs.gov/homeland-security-information-network-advisory...

12 CFR 151.40 - What definitions apply to this part?

Code of Federal Regulations, 2012 CFR

2012-01-01

... CONFIRMATION REQUIREMENTS FOR SECURITIES TRANSACTIONS § 151.40 What definitions apply to this part? Asset-backed security means a security that is primarily serviced by the cash flows of a discrete pool of... a finite time period. Asset-backed security includes any rights or other assets designed to ensure...

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

78 FR 71632 - Cooperative Research and Development Agreement (CRADA) Opportunity With the Department of...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-29

...: Background Ensuring cargo security as it flows through supply chains is a challenge faced by industry and... into the supply chain while facilitating the flow of legal commerce. A solution that provides greater security and facilitation of legal commerce is tracking the cargo conveyance as it moves through the supply...

Security Shift in Future Network Architectures

DTIC Science & Technology

2010-11-01

RTO-MP-IST-091 2 - 1 Security Shift in Future Network Architectures Tim Hartog, M.Sc Information Security Dept. TNO Information and...current practice military communication infrastructures are deployed as stand-alone networked information systems. Network -Enabled Capabilities (NEC) and...information architects and security specialists about the separation of network and information security, the consequences of this shift and our view

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 4 2011-10-01 2011-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 4 2014-10-01 2014-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 4 2012-10-01 2012-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 4 2013-10-01 2013-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-23

... Office, --Update of NIST Computer Security Division, and --Information Security and Privacy Advisory... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

Interpreting international governance standards for health IT use within general medical practice.

PubMed

Mahncke, Rachel J; Williams, Patricia A H

2014-01-01

General practices in Australia recognise the importance of comprehensive protective security measures. Some elements of information security governance are incorporated into recommended standards, however the governance component of information security is still insufficiently addressed in practice. The International Organistion for Standardisation (ISO) released a new global standard in May 2013 entitled, ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security. This standard, applicable to organisations of all sizes, offers a framework against which to assess and implement the governance components of information security. The standard demonstrates the relationship between governance and the management of information security, provides strategic principles and processes, and forms the basis for establishing a positive information security culture. An analysis interpretation of this standard for use in Australian general practice was performed. This work is unique as such interpretation for the Australian healthcare environment has not been undertaken before. It demonstrates an application of the standard at a strategic level to inform existing development of an information security governance framework.

Information Security: Computer Hacker Information Available on the Internet

DTIC Science & Technology

1996-06-05

INFORMATION SECURITY Computer Hacker Information Available on the Internet Statement for the Record of...Report Type N/A Dates Covered (from... to) - Title and Subtitle INFORMATION SECURITY Computer Hacker Information Available on the Internet Contract...1996 4. TITLE AND SUBTITLE Information Security: Computer Hacker Information Available on the Internet 5. FUNDING NUMBERS 6. AUTHOR(S) Jack L.

A review of security of electronic health records.

PubMed

Win, Khin Than

The objective of this study is to answer the research question, "Are current information security technologies adequate for electronic health records (EHRs)?" In order to achieve this, the following matters have been addressed in this article: (i) What is information security in the context of EHRs? (ii) Why is information security important for EHRs? and (iii) What are the current technologies for information security available to EHRs? It is concluded that current EHR security technologies are inadequate and urgently require improvement. Further study regarding information security of EHRs is indicated.

49 CFR 1548.19 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an Information... security measures are necessary to respond to a threat assessment, or to a specific threat against civil...

Space Station Information System - Concepts and international issues

NASA Technical Reports Server (NTRS)

Williams, R. B.; Pruett, David; Hall, Dana L.

1987-01-01

The Space Station Information System (SSIS) is outlined in terms of its functions and probable physical facilities. The SSIS includes flight element systems as well as existing and planned institutional systems such as the NASA Communications System, the Tracking and Data Relay Satellite System, and the data and communications networks of the international partners. The SSIS strives to provide both a 'user friendly' environment and a software environment which will allow for software transportability and interoperability across the SSIS. International considerations are discussed as well as project management, software commonality, data communications standards, data security, documentation commonality, transaction management, data flow cross support, and key technologies.

A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

ERIC Educational Resources Information Center

Waddell, Stanie Adolphus

2013-01-01

Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

49 CFR 8.9 - Information Security Review Committee.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 1 2011-10-01 2011-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... Clause 1352.239-73, Security Requirements for Information Technology Resources, is needed, contracting... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339...

49 CFR 8.9 - Information Security Review Committee.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 1 2010-10-01 2010-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

Defining Information Security.

PubMed

Lundgren, Björn; Möller, Niklas

2017-11-15

This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

PubMed

Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

2000-05-01

The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.

6 CFR 27.200 - Information regarding security risk for a chemical facility.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Information regarding security risk for a chemical facility. 27.200 Section 27.200 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information...

78 FR 45003 - Self-Regulatory Organizations; NYSE Arca, Inc.; Notice of Filing of Proposed Rule Change To List...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-25

... securities. Corporate debt securities are fixed-income securities issued by businesses to finance their... fundamental factors such as sales, earnings and cash flow growth; valuation factors such as price/earnings... fundamentals, valuation and technical factors, the security's relative valuation and other qualitative factors...

12 CFR 551.40 - What definitions apply to this part?

Code of Federal Regulations, 2012 CFR

2012-01-01

... AND CONFIRMATION REQUIREMENTS FOR SECURITIES TRANSACTIONS § 551.40 What definitions apply to this part? Asset-backed security means a security that is primarily serviced by the cash flows of a discrete pool... cash within a finite time period. Asset-backed security includes any rights or other assets designed to...

12 CFR 551.40 - What definitions apply to this part?

Code of Federal Regulations, 2014 CFR

2014-01-01

... AND CONFIRMATION REQUIREMENTS FOR SECURITIES TRANSACTIONS § 551.40 What definitions apply to this part? Asset-backed security means a security that is primarily serviced by the cash flows of a discrete pool... cash within a finite time period. Asset-backed security includes any rights or other assets designed to...

12 CFR 551.40 - What definitions apply to this part?

Code of Federal Regulations, 2011 CFR

2011-01-01

... AND CONFIRMATION REQUIREMENTS FOR SECURITIES TRANSACTIONS § 551.40 What definitions apply to this part? Asset-backed security means a security that is primarily serviced by the cash flows of a discrete pool... cash within a finite time period. Asset-backed security includes any rights or other assets designed to...

Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

ERIC Educational Resources Information Center

Imam, Abbas H.

2013-01-01

Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

14 CFR 1203.202 - Responsibilities.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.202 Responsibilities. (a) The Chairperson, NASA Information Security...) Ensuring effective compliance with and implementation of “the Order” and the Information Security Oversight...

14 CFR 1203.202 - Responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.202 Responsibilities. (a) The Chairperson, NASA Information Security...) Ensuring effective compliance with and implementation of “the Order” and the Information Security Oversight...

Introduction

NASA Astrophysics Data System (ADS)

Thoma, Klaus; Hiller, Daniel

Security research as a practical discipline has a long-standing history. Faced with myriad hazards throughout its past, mankind has developed sophisticated means to counter such threats. The latter include natural disasters such as earthquakes, floods and fires, but also encompass man-made hazards such as military aggression, terrorist attacks or threats resulting from the malicious application of technological developments. Since the end of the Cold War major armed conflicts between nations of the Western hemisphere have become highly unlikely and genuinely different security issues have become the focus of concern. The terrorist attacks of 2001 against the United States, the train bombings of Madrid in 2004 and the bombings of London in 2005 were horrific embodiments of a new security environment that has evolved on a global scale. One could list numerous other examples of both executed attacks and successfully deterred attempts from around the world. Our modern industrial societies are interlinked with infrastructure networks, providing citizens with mobility, energy and information flows, which also open the door to a whole new dimension of vulnerabilities. Security research, once anything but a practical discipline with a capacity for reacting to short-term demands, has in the span of only a few years evolved into an entirely new scientific discipline uniting various fields of research. Today, security research (in Europe) encompasses a broad community of natural/engineering and social sciences.

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Part 364—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

75 FR 63499 - Extension of Agency Information Collection Activity Under OMB Review: Sensitive Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-15

... Information Collection Activity Under OMB Review: Sensitive Security Information Threat Assessments AGENCY... Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of... of a party seeking access to sensitive security information (SSI) in a civil proceeding in Federal...

Economic Evaluation of the Information Security Levels Achieved by Electric Energy Providers in North Arctic Region

NASA Astrophysics Data System (ADS)

Sushko, O. P.; Kaznin, A. A.; Babkin, A. V.; Bogdanov, D. A.

2017-10-01

The study we are conducting involves the analysis of information security levels achieved by energy providers operating in the North Arctic Region. We look into whether the energy providers’ current information security levels meet reliability standards and determine what further actions may be needed for upgrading information security in the context of the digital transformation that the world community is undergoing. When developing the information security systems for electric energy providers or selecting the protection means for them, we are governed by the fact that the assets to be protected are process technologies. While information security risk can be assessed using different methods, the evaluation of the economic damage from these risks appears to be a difficult task. The most probable and harmful risks we have identified when evaluating the electric energy providers’ information security will be used by us as variables. To provide the evaluation, it is necessary to calculate the costs relating to elimination of the risks identified. The final stage of the study will involve the development of an operation algorithm for the North Arctic Region’s energy provider’s business information protection security system - a set of information security services, and security software and hardware.

75 FR 65526 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 6636 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-07

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 67484 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... must be submitted to the Information Security Oversight Office (ISOO) no later than Friday, November 11...

76 FR 28099 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-13

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

75 FR 39582 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-09

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

Use of the instream flow incremental methodology: a tool for negotiation

USGS Publications Warehouse

Cavendish, Mary G.; Duncan, Margaret I.

1986-01-01

The resolution of conflicts arising from differing values and water uses requires technical information and negotiating skills. This article outlines the Instream Flow Incremental Methodology (IFIM), developed by the US Fish and Wildlife Service, and demonstrates that its use to quantify flows necessary to protect desired instream values aids negotiation by illustrating areas of agreement and possible compromises between conflicting water interests. Pursuant to a Section 404 permit application to the US Army Corps of Engineers made by City Utilities of Springfield, Missouri, in 1978, IFIM provided the means by which City Utilities, concerned with a secure water supply for a growing population, and those advocating instream values were satisfied that their requirements were met. In tracing the 15-month process, the authors conclude that the application of IFIM, as well as the cooperative stance adopted by the parties involved, were the key ingredients of the successful permit application.

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 1 2010-01-01 2010-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 1 2011-01-01 2011-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Information and Restricted Data. 95.35 Section 95.35 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a...

Approach to estimation of level of information security at enterprise based on genetic algorithm

NASA Astrophysics Data System (ADS)

V, Stepanov L.; V, Parinov A.; P, Korotkikh L.; S, Koltsov A.

2018-05-01

In the article, the way of formalization of different types of threats of information security and vulnerabilities of an information system of the enterprise and establishment is considered. In a type of complexity of ensuring information security of application of any new organized system, the concept and decisions in the sphere of information security are expedient. One of such approaches is the method of a genetic algorithm. For the enterprises of any fields of activity, the question of complex estimation of the level of security of information systems taking into account the quantitative and qualitative factors characterizing components of information security is relevant.

17 CFR 249.1001 - Form SIP, for application for registration as a securities information processor or to amend such...

Code of Federal Regulations, 2011 CFR

2011-04-01

... registration as a securities information processor or to amend such an application or registration. 249.1001..., SECURITIES EXCHANGE ACT OF 1934 Form for Registration of, and Reporting by Securities Information Processors § 249.1001 Form SIP, for application for registration as a securities information processor or to amend...

17 CFR 249.1001 - Form SIP, for application for registration as a securities information processor or to amend such...

Code of Federal Regulations, 2010 CFR

2010-04-01

... registration as a securities information processor or to amend such an application or registration. 249.1001..., SECURITIES EXCHANGE ACT OF 1934 Form for Registration of, and Reporting by Securities Information Processors § 249.1001 Form SIP, for application for registration as a securities information processor or to amend...

46 CFR 503.52 - Senior agency official.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 9 2011-10-01 2011-10-01 false Senior agency official. 503.52 Section 503.52 Shipping FEDERAL MARITIME COMMISSION GENERAL AND ADMINISTRATIVE PROVISIONS PUBLIC INFORMATION Information Security...'s information security program, which includes oversight (self-inspection) and security information...

75 FR 10507 - Information Security Oversight Office; National Industrial Security Program Policy Advisory...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-08

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... individuals planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later...

U.S. Maritime Security: Sustainability Challenges

DTIC Science & Technology

2011-09-01

Security Council ICE Immigration and Customs Enforcement IOC Interagency Operation Center JHOC Joint Harbor Operation Center JIATF-S Joint...maritime threats into nation threats, transnational criminal and piracy threats, environmental destruction, and illegal seaborne immigration (U.S...safe and secure borders, welcome lawful immigrants and visitors and promote the free-flow of commerce (U.S. Department of Homeland Security, 2011

6 CFR 7.27 - Declassification and downgrading.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY INFORMATION Classified Information § 7.27 Declassification and downgrading. (a) Classified... Security Officer. (b) Information shall be declassified or downgraded by the official who authorized the... Secretary of Homeland Security or the Chief Security Officer. (c) It is presumed that information that...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2013 CFR

2013-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2013-01-01 2013-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2014 CFR

2014-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2014-01-01 2014-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

Keep Your Friends Close and Your Enemies Closer: Saudi Arabia, America’s Key Strategic Partner in the Middle East

DTIC Science & Technology

2017-03-31

the United States’ vital interests in the Middle East have grown. The U.S. remains committed to ensuring the unimpeded flow of oil to global markets ...interests in the Middle East have grown. The U.S. remains committed to ensuring the unimpeded flow of oil to global markets and the security of...unimpeded flow of oil to the global market , the security of Israel, and the containment of Iran.1 The United States’ relationship with Saudi Arabia

Aviation security cargo inspection queuing simulation model for material flow and accountability

DOE Office of Scientific and Technical Information (OSTI.GOV)

Olama, Mohammed M; Allgood, Glenn O; Rose, Terri A

Beginning in 2010, the U.S. will require that all cargo loaded in passenger aircraft be inspected. This will require more efficient processing of cargo and will have a significant impact on the inspection protocols and business practices of government agencies and the airlines. In this paper, we develop an aviation security cargo inspection queuing simulation model for material flow and accountability that will allow cargo managers to conduct impact studies of current and proposed business practices as they relate to inspection procedures, material flow, and accountability.

78 FR 26057 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-03

... Information Collection Activity Under OMB Review: Pipeline Corporate Security Review AGENCY: Transportation.... Information Collection Requirement Title: Pipeline Corporate Security Review (PCSR). Type of Request... current industry security practices through its Pipeline Corporate Security Review (PCSR) program. The...

Information Security Management (ISM)

NASA Astrophysics Data System (ADS)

Šalgovičová, Jarmila; Prajová, Vanessa

2012-12-01

Currently, all organizations have to tackle the issue of information security. The paper deals with various aspects of Information Security Management (ISM), including procedures, processes, organizational structures, policies and control processes. Introduction of Information Security Management should be a strategic decision. The concept and implementation of Information Security Management in an organization are determined by the corporate needs and objectives, security requirements, the processes deployed as well as the size and structure of the organization. The implementation of ISM should be carried out to the extent consistent with the needs of the organization.

Information security of power enterprises of North-Arctic region

NASA Astrophysics Data System (ADS)

Sushko, O. P.

2018-05-01

The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

Disaster at a University: A Case Study in Information Security

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Tyks, Jonathan

2012-01-01

Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

Specifying and Verifying Organizational Security Properties in First-Order Logic

NASA Astrophysics Data System (ADS)

Brandt, Christoph; Otten, Jens; Kreitz, Christoph; Bibel, Wolfgang

In certain critical cases the data flow between business departments in banking organizations has to respect security policies known as Chinese Wall or Bell-La Padula. We show that these policies can be represented by formal requirements and constraints in first-order logic. By additionally providing a formal model for the flow of data between business departments we demonstrate how security policies can be applied to a concrete organizational setting and checked with a first-order theorem prover. Our approach can be applied without requiring a deep formal expertise and it therefore promises a high potential of usability in the business.

6 CFR 7.12 - Violations of classified information requirements.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Violations of classified information requirements. 7.12 Section 7.12 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION Administration § 7.12 Violations of classified information...

78 FR 77484 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline System Operator...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-23

... Federal agency for pipeline security, it is important for TSA to have contact information for company... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 1 2011-07-01 2011-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

75 FR 38595 - Guidance to States Regarding Driver History Record Information Security, Continuity of Operation...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-02

... Standards and Technology's (NIST) Computer Security Division maintains a Computer Security Resource Center... Regarding Driver History Record Information Security, Continuity of Operation Planning, and Disaster... (SDLAs) to support their efforts at maintaining the security of information contained in the driver...

14 CFR 1203.409 - Exceptional cases.

Code of Federal Regulations, 2010 CFR

2010-01-01

....409 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM... Information Security Program Committee, Security Division, Washington, DC 20546 for a classification..., to the Director, Information Security Oversight Office, GSA, for a determination. ...

The ISACA Business Model for Information Security: An Integrative and Innovative Approach

NASA Astrophysics Data System (ADS)

von Roessing, Rolf

In recent years, information security management has matured into a professional discipline that covers both technical and managerial aspects in an organisational environment. Information security is increasingly dependent on business-driven parameters and interfaces to a variety of organisational units and departments. In contrast, common security models and frameworks have remained largely technical. A review of extant models ranging from [LaBe73] to more recent models shows that technical aspects are covered in great detail, while the managerial aspects of security are often neglected.Likewise, the business view on organisational security is frequently at odds with the demands of information security personnel or information technology management. In practice, senior and executive level management remain comparatively distant from technical requirements. As a result, information security is generally regarded as a cost factor rather than a benefit to the organisation.

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2014 CFR

2014-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2011 CFR

2011-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2012 CFR

2012-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2013 CFR

2013-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1549.109 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SCREENING PROGRAM Operations § 1549.109 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify certified cargo screening facilities of security concerns. (b) When TSA...

49 CFR 1544.305 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SECURITY: AIR CARRIERS AND COMMERCIAL OPERATORS Threat and Threat Response § 1544.305 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify aircraft operators of...

36 CFR 1256.70 - What controls access to national security-classified information?

Code of Federal Regulations, 2010 CFR

2010-07-01

... national security-classified information? 1256.70 Section 1256.70 Parks, Forests, and Public Property... HISTORICAL MATERIALS Access to Materials Containing National Security-Classified Information § 1256.70 What controls access to national security-classified information? (a) The declassification of and public access...

Automatic Pedestrian Crossing Detection and Impairment Analysis Based on Mobile Mapping System

NASA Astrophysics Data System (ADS)

Liu, X.; Zhang, Y.; Li, Q.

2017-09-01

Pedestrian crossing, as an important part of transportation infrastructures, serves to secure pedestrians' lives and possessions and keep traffic flow in order. As a prominent feature in the street scene, detection of pedestrian crossing contributes to 3D road marking reconstruction and diminishing the adverse impact of outliers in 3D street scene reconstruction. Since pedestrian crossing is subject to wearing and tearing from heavy traffic flow, it is of great imperative to monitor its status quo. On this account, an approach of automatic pedestrian crossing detection using images from vehicle-based Mobile Mapping System is put forward and its defilement and impairment are analyzed in this paper. Firstly, pedestrian crossing classifier is trained with low recall rate. Then initial detections are refined by utilizing projection filtering, contour information analysis, and monocular vision. Finally, a pedestrian crossing detection and analysis system with high recall rate, precision and robustness will be achieved. This system works for pedestrian crossing detection under different situations and light conditions. It can recognize defiled and impaired crossings automatically in the meanwhile, which facilitates monitoring and maintenance of traffic facilities, so as to reduce potential traffic safety problems and secure lives and property.

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.911 Admissibility of restricted data or other national security information. A presiding officer shall not receive any Restricted Data...

10 CFR 2.903 - Protection of restricted data and national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national security information. Nothing in this subpart shall relieve any person from safeguarding Restricted Data or National Security Information in accordance with the applicable provisions of laws of the United States and...

Examining the Relationship between Organization Systems and Information Security Awareness

ERIC Educational Resources Information Center

Tintamusik, Yanarong

2010-01-01

The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

Information Sharing for IT Security Professionals

ERIC Educational Resources Information Center

Petersen, Rodney J.

2008-01-01

Information sharing is a core value for information technology (IT) security professionals. It is also a familiar concept for those who work at institutions of higher education because of their long history of collaboration and openness. Information sharing has become part of the national fabric as IT security professionals attempt to secure cyber…

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.911 Admissibility of restricted data or other national security information. A presiding officer shall not receive any Restricted Data...

12 CFR Appendix B to Part 170 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2014 CFR

2014-01-01

... Security Standards B Appendix B to Part 170 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF... Part 170—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of...

12 CFR Appendix B to Part 170 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2013 CFR

2013-01-01

... Security Standards B Appendix B to Part 170 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF... Part 170—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of...

12 CFR 208.34 - Recordkeeping and confirmation of certain securities transactions effected by State member banks.

Code of Federal Regulations, 2014 CFR

2014-01-01

... primarily by the cash flows of a discrete pool of receivables or other financial assets, either fixed or... security that represents an interest in or is secured by a pool of receivables or other financial assets... interest in or is secured by a pool of receivables or other financial assets that are subject to continuous...

12 CFR 208.34 - Recordkeeping and confirmation of certain securities transactions effected by State member banks.

Code of Federal Regulations, 2013 CFR

2013-01-01

... primarily by the cash flows of a discrete pool of receivables or other financial assets, either fixed or... security that represents an interest in or is secured by a pool of receivables or other financial assets... interest in or is secured by a pool of receivables or other financial assets that are subject to continuous...

12 CFR 208.34 - Recordkeeping and confirmation of certain securities transactions effected by State member banks.

Code of Federal Regulations, 2012 CFR

2012-01-01

... primarily by the cash flows of a discrete pool of receivables or other financial assets, either fixed or... security that represents an interest in or is secured by a pool of receivables or other financial assets... interest in or is secured by a pool of receivables or other financial assets that are subject to continuous...

[How to establish the hospital information system security policies].

PubMed

Gong, Qing-Yue; Shi, Cheng

2008-03-01

It is important to establish the hospital information system security policies. While these security policies are being established, a comprehensive consideration should be given to the acceptable levels of users, IT supporters and hospital managers. We should have a formal policy designing process that is consistently followed by all security policies. Reasons for establishing the security policies and their coverage and applicable objects should be stated clearly. Besides, each policy should define user's responsibilities and penalties of violation. Every organization will need some key policies, such as of information sources usage, remote access, information protection, perimeter security, and baseline host/device security. Security managing procedures are the mechanisms to enforce the policies. An incident-handling procedure is the most important security managing procedure for all organizations.

46 CFR 503.59 - Safeguarding classified information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Information Security Program § 503.59 Safeguarding classified information. (a) All classified information... security; (2) Takes appropriate steps to protect classified information from unauthorized disclosure or... security check; (2) To protect the classified information in accordance with the provisions of Executive...

78 FR 73819 - Information Collection; Financial Information Security Request Form

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-09

... DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Financial Information Security... individuals and organizations on the extension with revision of a currently approved information collection, Financial Information Security Request Form. DATES: Comments must be received in writing on or before...

How ISO/IEC 17799 can be used for base lining information assurance among entities using data mining for defense, homeland security, commercial, and other civilian/commercial domains

NASA Astrophysics Data System (ADS)

Perry, William G.

2006-04-01

One goal of database mining is to draw unique and valid perspectives from multiple data sources. Insights that are fashioned from closely-held data stores are likely to possess a high degree of reliability. The degree of information assurance comes into question, however, when external databases are accessed, combined and analyzed to form new perspectives. ISO/IEC 17799, Information technology-Security techniques-Code of practice for information security management, can be used to establish a higher level of information assurance among disparate entities using data mining in the defense, homeland security, commercial and other civilian/commercial domains. Organizations that meet ISO/IEC information security standards have identified and assessed risks, threats and vulnerabilities and have taken significant proactive steps to meet their unique security requirements. The ISO standards address twelve domains: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management and business continuity management and compliance. Analysts can be relatively confident that if organizations are ISO 17799 compliant, a high degree of information assurance is likely to be a characteristic of the data sets being used. The reverse may be true. Extracting, fusing and drawing conclusions based upon databases with a low degree of information assurance may be wrought with all of the hazards that come from knowingly using bad data to make decisions. Using ISO/IEC 17799 as a baseline for information assurance can help mitigate these risks.

Information security for compliance with select agent regulations.

PubMed

Lewis, Nick; Campbell, Mark J; Baskin, Carole R

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

Information Security for Compliance with Select Agent Regulations

PubMed Central

Lewis, Nick; Campbell, Mark J.

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

78 FR 30319 - Intent to Request Renewal From OMB of One Current Public Collection of Information: Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-22

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration [Docket No. TSA-2002-11602] Intent to Request Renewal From OMB of One Current Public Collection of Information: Security Programs for..., Transportation Security Administration, 601 South 12th Street, Arlington, VA 20598-6011. FOR FURTHER INFORMATION...

Information Security Awareness On-Line Materials Design with Knowledge Maps

ERIC Educational Resources Information Center

Shaw, Ruey-Shiang; Keh, Huan-Chao; Huang, Nan-Ching; Huang, Tien-Chuan

2011-01-01

Information Security Awareness, though known as a primary and important issue in the domain of Information Security, CSI computer crime and security survey showed poor security awareness training in public and private sectors. In many studies, the authors have found that the usage of knowledge maps helps the process of learning and conception…

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability. Contracting Officers are responsible for ensuring that all information technology acquisitions comply with the Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

10 CFR 2.906 - Obligation of parties to avoid introduction of restricted data or national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... data or national security information. 2.906 Section 2.906 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.906 Obligation of parties to avoid introduction of restricted data or national security information. It is the...

22 CFR 9a.1 - Security of certain information and material related to the International Energy Program.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 22 Foreign Relations 1 2011-04-01 2011-04-01 false Security of certain information and material... GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL ENERGY PROGRAMS; RELATED MATERIAL § 9a.1 Security of certain information and material related to the International Energy Program...

10 CFR 2.913 - Review of Restricted Data or other National Security Information received in evidence.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.913 Review of Restricted Data or other National Security Information received in evidence. At the close of the reception of... National Security Information be expunged from the record where such expunction would not prejudice the...

10 CFR 2.907 - Notice of intent to introduce restricted data or national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... security information. 2.907 Section 2.907 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.907 Notice of intent to introduce restricted data or national security information. (a) If, at the time of publication of a notice...

17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

Code of Federal Regulations, 2011 CFR

2011-04-01

... information processors: form of application and amendments. 242.609 Section 242.609 Commodity and Securities....609 Registration of securities information processors: form of application and amendments. (a) An application for the registration of a securities information processor shall be filed on Form SIP (§ 249.1001...

17 CFR 140.20 - Designation of senior official to oversee Commission use of national security information.

Code of Federal Regulations, 2011 CFR

2011-04-01

... to oversee Commission use of national security information. 140.20 Section 140.20 Commodity and... safeguarding of national security information received by the Commission from other agencies, to chair a... suggestions and complaints with respect to the Commission administration of its information security program...

10 CFR 2.908 - Contents of notice of intent to introduce restricted data or other national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... or other national security information. 2.908 Section 2.908 Energy NUCLEAR REGULATORY COMMISSION... Applicable to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.908 Contents of notice of intent to introduce restricted data or other national security information. (a) A...

The Chain-Link Fence Model: A Framework for Creating Security Procedures

ERIC Educational Resources Information Center

Houghton, Robert F.

2013-01-01

A long standing problem in information technology security is how to help reduce the security footprint. Many specific proposals exist to address specific problems in information technology security. Most information technology solutions need to be repeatable throughout the course of an information systems lifecycle. The Chain-Link Fence Model is…

Key Factors in the Success of an Organization's Information Security Culture: A Quantitative Study and Analysis

ERIC Educational Resources Information Center

Pierce, Robert E.

2012-01-01

This research study reviewed relative literature on information security and information security culture within organizations to determine what factors potentially assist an organization in implementing, integrating, and maintaining a successful organizational information security culture. Based on this review of literature, five key factors were…

Incorporating Global Information Security and Assurance in I.S. Education

ERIC Educational Resources Information Center

White, Garry L.; Hewitt, Barbara; Kruck, S. E.

2013-01-01

Over the years, the news media has reported numerous information security incidents. Because of identity theft, terrorism, and other criminal activities, President Obama has made information security a national priority. Not only is information security and assurance an American priority, it is also a global issue. This paper discusses the…

10 CFR 2.908 - Contents of notice of intent to introduce restricted data or other national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... or other national security information. 2.908 Section 2.908 Energy NUCLEAR REGULATORY COMMISSION... Applicable to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.908 Contents of notice of intent to introduce restricted data or other national security information. (a) A...

22 CFR 9a.1 - Security of certain information and material related to the International Energy Program.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 22 Foreign Relations 1 2010-04-01 2010-04-01 false Security of certain information and material... GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL ENERGY PROGRAMS; RELATED MATERIAL § 9a.1 Security of certain information and material related to the International Energy Program...

10 CFR 2.913 - Review of Restricted Data or other National Security Information received in evidence.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.913 Review of Restricted Data or other National Security Information received in evidence. At the close of the reception of... National Security Information be expunged from the record where such expunction would not prejudice the...

10 CFR 2.906 - Obligation of parties to avoid introduction of restricted data or national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... data or national security information. 2.906 Section 2.906 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.906 Obligation of parties to avoid introduction of restricted data or national security information. It is the...

10 CFR 2.907 - Notice of intent to introduce restricted data or national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... security information. 2.907 Section 2.907 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.907 Notice of intent to introduce restricted data or national security information. (a) If, at the time of publication of a notice...

17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

Code of Federal Regulations, 2010 CFR

2010-04-01

... information processors: form of application and amendments. 242.609 Section 242.609 Commodity and Securities....609 Registration of securities information processors: form of application and amendments. (a) An application for the registration of a securities information processor shall be filed on Form SIP (§ 249.1001...

Exploring Factors that Influence Students' Behaviors in Information Security

ERIC Educational Resources Information Center

Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary

2012-01-01

Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept of…

Applications for radio-frequency identification technology in the perioperative setting.

PubMed

Zhao, Tiyu; Zhang, Xiaoxiang; Zeng, Lili; Xia, Shuyan; Hinton, Antentor Othrell; Li, Xiuyun

2014-06-01

We implemented a two-year project to develop a security-gated management system for the perioperative setting using radio-frequency identification (RFID) technology to enhance the management efficiency of the OR. We installed RFID readers beside the entrances to the OR and changing areas to receive and process signals from the RFID tags that we sewed into surgical scrub attire and shoes. The system also required integrating automatic access control panels, computerized lockers, light-emitting diode (LED) information screens, wireless networks, and an information system. By doing this, we are able to control the flow of personnel and materials more effectively, reduce OR costs, optimize the registration and attire-changing process for personnel, and improve management efficiency. We also anticipate this system will improve patient safety by reducing the risk of surgical site infection. Application of security-gated management systems is an important and effective way to help ensure a clean, convenient, and safe management process to manage costs in the perioperative area and promote patient safety. Copyright © 2014 AORN, Inc. Published by Elsevier Inc. All rights reserved.

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and... information contained in those systems. Each system's level of security shall protect the integrity...

75 FR 1566 - National Industrial Security Program Directive No. 1

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-12

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office 32 CFR Part...: Information Security Oversight Office, NARA. ACTION: Proposed rule; correction. SUMMARY: This document... Management System (FDMS) number to the proposed rule for Information Security Oversight Office (ISOO...

6 CFR 7.11 - Components' responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... INFORMATION Administration § 7.11 Components' responsibilities. Each DHS component shall appoint a security... security information; (b) Report violations of the provisions of this regulation to the Chief Security... component acquire adequate security education and training, as required by the DHS classified information...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2014 CFR

2014-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2013 CFR

2013-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2012 CFR

2012-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

Network security system for health and medical information using smart IC card

NASA Astrophysics Data System (ADS)

Kanai, Yoichi; Yachida, Masuyoshi; Yoshikawa, Hiroharu; Yamaguchi, Masahiro; Ohyama, Nagaaki

1998-07-01

A new network security protocol that uses smart IC cards has been designed to assure the integrity and privacy of medical information in communication over a non-secure network. Secure communication software has been implemented as a library based on this protocol, which is called the Integrated Secure Communication Layer (ISCL), and has been incorporated into information systems of the National Cancer Center Hospitals and the Health Service Center of the Tokyo Institute of Technology. Both systems have succeeded in communicating digital medical information securely.

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 7 Agriculture 14 2013-01-01 2013-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 7 Agriculture 14 2014-01-01 2014-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 7 Agriculture 14 2011-01-01 2011-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 7 Agriculture 14 2012-01-01 2012-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

Technical solutions for mitigating security threats caused by health professionals in clinical settings.

PubMed

Fernandez-Aleman, Jose Luis; Belen Sanchez Garcia, Ana; Garcia-Mateos, Gines; Toval, Ambrosio

2015-08-01

The objective of this paper is to present a brief description of technical solutions for health information system security threats caused by inadequate security and privacy practices in healthcare professionals. A literature search was carried out in ScienceDirect, ACM Digital Library and IEEE Digital Library to find papers reporting technical solutions for certain security problems in information systems used in clinical settings. A total of 17 technical solutions were identified: measures for password security, the secure use of e-mail, the Internet, portable storage devices, printers and screens. Although technical safeguards are essential to the security of healthcare organization's information systems, good training, awareness programs and adopting a proper information security policy are particularly important to prevent insiders from causing security incidents.

A cooperative model for IS security risk management in distributed environment.

PubMed

Feng, Nan; Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

Cyber indicators of compromise: a domain ontology for security information and event management

DTIC Science & Technology

2017-03-01

COMPROMISE: A DOMAIN ONTOLOGY FOR SECURITY INFORMATION AND EVENT MANAGEMENT by Marsha D. Rowell March 2017 Thesis Co-Advisors: J. D...to automate this work is Security Information and Event Management (SIEM). In short, SIEM technology works by aggregating log information , and then...Distribution is unlimited. CYBER INDICATORS OF COMPROMISE: A DOMAIN ONTOLOGY FOR SECURITY INFORMATION AND EVENT MANAGEMENT Marsha D. Rowell

Retro-Future

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ferrell, Paul; Hanson, Paige; Ardi, Calvin

2016-11-04

A system for processing network packet capture streams, extracting metadata and generating flow records (via Argus). The system can be used by network security operators and analysts to enable forensic investigations for network security events.

The Impact of the Security Competency on "Self-Efficacy in Information Security" for Effective Health Information Security in Iran.

PubMed

Shahri, Ahmad Bakhtiyari; Ismail, Zuraini; Mohanna, Shahram

2016-11-01

The security effectiveness based on users' behaviors is becoming a top priority of Health Information System (HIS). In the first step of this study, through the review of previous studies 'Self-efficacy in Information Security' (SEIS) and 'Security Competency' (SCMP) were identified as the important factors to transforming HIS users to the first line of defense in the security. Subsequently, a conceptual model was proposed taking into mentioned factors for HIS security effectiveness. Then, this quantitative study used the structural equation modeling to examine the proposed model based on survey data collected from a sample of 263 HIS users from eight hospitals in Iran. The result shows that SEIS is one of the important factors to cultivate of good end users' behaviors toward HIS security effectiveness. However SCMP appears a feasible alternative to providing SEIS. This study also confirms the mediation effects of SEIS on the relationship between SCMP and HIS security effectiveness. The results of this research paper can be used by HIS and IT managers to implement their information security process more effectively.

49 CFR 1520.1 - Scope.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY... of records and information that TSA has determined to be Sensitive Security Information, as defined...

78 FR 19073 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-28

... individual custodians; end-investors providing security-by-security information will require an average of...; end-investors providing security-by-security information will require an average of 146 hours; and... keeping burdens on respondents, including the use of information technologies to automate the collection...

17 CFR 242.600 - NMS security designation and definitions.

Code of Federal Regulations, 2013 CFR

2013-04-01

...) Interrogation device means any securities information retrieval system capable of displaying transaction reports... with respect to such order; and (v) Immediately and automatically displays information that updates the... security; and (ii) Consolidated last sale information for a security. (14) Consolidated last sale...

17 CFR 242.600 - NMS security designation and definitions.

Code of Federal Regulations, 2014 CFR

2014-04-01

...) Interrogation device means any securities information retrieval system capable of displaying transaction reports... with respect to such order; and (v) Immediately and automatically displays information that updates the... security; and (ii) Consolidated last sale information for a security. (14) Consolidated last sale...

17 CFR 242.600 - NMS security designation and definitions.

Code of Federal Regulations, 2011 CFR

2011-04-01

...) Interrogation device means any securities information retrieval system capable of displaying transaction reports... with respect to such order; and (v) Immediately and automatically displays information that updates the... security; and (ii) Consolidated last sale information for a security. (14) Consolidated last sale...

17 CFR 242.600 - NMS security designation and definitions.

Code of Federal Regulations, 2012 CFR

2012-04-01

...) Interrogation device means any securities information retrieval system capable of displaying transaction reports... with respect to such order; and (v) Immediately and automatically displays information that updates the... security; and (ii) Consolidated last sale information for a security. (14) Consolidated last sale...

6 CFR 7.1 - Purpose.

Code of Federal Regulations, 2011 CFR

2011-01-01

... DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION § 7.1 Purpose. The purpose of this part is to ensure that information within the Department of Homeland Security... provisions of Executive Order 12958, as amended, and implementing directives from the Information Security...

46 CFR 503.58 - Appeals of denials of mandatory declassification review requests.

Code of Federal Regulations, 2010 CFR

2010-10-01

... PUBLIC INFORMATION Information Security Program § 503.58 Appeals of denials of mandatory declassification... Security Classification Appeals Panel. The appeal should be addressed to, Executive Secretary, Interagency Security Classification Appeals Panel, Attn: Classification Challenge Appeals, c/o Information Security...

78 FR 69286 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-19

... Clearance and Safeguarding of National Security Information and Restricted Data AGENCY: Nuclear Regulatory... Executive Order 13526, Classified National Security Information. In addition, this direct final rule allowed... licensees (or their designees) to conduct classified [[Page 69287

75 FR 45151 - National Security Division; Agency Information Collection Activities: Proposed Collection...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-02

... DEPARTMENT OF JUSTICE [OMB Number 1124-0006] National Security Division; Agency Information...), National Security Division (NSD), will be submitting the following information collection request to the..., 10th & Constitution Avenue, NW., National Security Division, Counterespionage Section/Registration Unit...

6 CFR 7.1 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-01-01

... DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION § 7.1 Purpose. The purpose of this part is to ensure that information within the Department of Homeland Security... provisions of Executive Order 12958, as amended, and implementing directives from the Information Security...

49 CFR 1.27 - Delegations to the General Counsel.

Code of Federal Regulations, 2012 CFR

2012-10-01

...) (Security and research and development activities), as implemented by 49 CFR part 15 (Protection of Sensitive Security Information), relating to the determination that information is Sensitive Security Information, in consultation and coordination with the Office of Intelligence, Security and Emergency Response...

49 CFR 1.27 - Delegations to the General Counsel.

Code of Federal Regulations, 2013 CFR

2013-10-01

...) (Security and research and development activities), as implemented by 49 CFR part 15 (Protection of Sensitive Security Information), relating to the determination that information is Sensitive Security Information, in consultation and coordination with the Office of Intelligence, Security and Emergency Response...

49 CFR 1.27 - Delegations to the General Counsel.

Code of Federal Regulations, 2014 CFR

2014-10-01

...) (Security and research and development activities), as implemented by 49 CFR part 15 (Protection of Sensitive Security Information), relating to the determination that information is Sensitive Security Information, in consultation and coordination with the Office of Intelligence, Security and Emergency Response...

32 CFR 2001.1 - Purpose and scope.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Telecommunications, automated information systems, and network security 4.1, 4.2 2001.51 Technical security 4.1 2001... National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Scope of Part § 2001...

32 CFR 2001.1 - Purpose and scope.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Telecommunications, automated information systems, and network security 4.1, 4.2 2001.51 Technical security 4.1 2001... National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Scope of Part § 2001...

32 CFR 2001.1 - Purpose and scope.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Telecommunications, automated information systems, and network security 4.1, 4.2 2001.51 Technical security 4.1 2001... National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Scope of Part § 2001...

32 CFR 2001.1 - Purpose and scope.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Telecommunications, automated information systems, and network security 4.1, 4.2 2001.51 Technical security 4.1 2001... National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Scope of Part § 2001...

32 CFR 2001.1 - Purpose and scope.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Telecommunications, automated information systems, and network security 4.1, 4.2 2001.51 Technical security 4.1 2001... National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Scope of Part § 2001...

6 CFR 7.21 - Classification of information, limitations.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Classification of information, limitations. 7.21... NATIONAL SECURITY INFORMATION Classified Information § 7.21 Classification of information, limitations. (a... protection in the interest of national security. (d) Information may be reclassified after it has been...

The Role of Health Care Experience and Consumer Information Efficacy in Shaping Privacy and Security Perceptions of Medical Records: National Consumer Survey Results

PubMed Central

Beckjord, Ellen; Moser, Richard P; Hughes, Penelope; Hesse, Bradford W

2015-01-01

Background Providers’ adoption of electronic health records (EHRs) is increasing and consumers have expressed concerns about the potential effects of EHRs on privacy and security. Yet, we lack a comprehensive understanding regarding factors that affect individuals’ perceptions regarding the privacy and security of their medical information. Objective The aim of this study was to describe national perceptions regarding the privacy and security of medical records and identify a comprehensive set of factors associated with these perceptions. Methods Using a nationally representative 2011-2012 survey, we reported on adults’ perceptions regarding privacy and security of medical records and sharing of health information between providers, and whether adults withheld information from a health care provider due to privacy or security concerns. We used multivariable models to examine the association between these outcomes and sociodemographic characteristics, health and health care experience, information efficacy, and technology-related variables. Results Approximately one-quarter of American adults (weighted n=235,217,323; unweighted n=3959) indicated they were very confident (n=989) and approximately half indicated they were somewhat confident (n=1597) in the privacy of their medical records; we found similar results regarding adults’ confidence in the security of medical records (very confident: n=828; somewhat confident: n=1742). In all, 12.33% (520/3904) withheld information from a health care provider and 59.06% (2100/3459) expressed concerns about the security of both faxed and electronic health information. Adjusting for other characteristics, adults who reported higher quality of care had significantly greater confidence in the privacy and security of their medical records and were less likely to withhold information from their health care provider due to privacy or security concerns. Adults with higher information efficacy had significantly greater confidence in the privacy and security of medical records and less concern about sharing of health information by both fax and electronic means. Individuals’ perceptions of whether their providers use an EHR was not associated with any privacy or security outcomes. Conclusions Although most adults are confident in the privacy and security of their medical records, many express concerns regarding sharing of information between providers; a minority report withholding information from their providers due to privacy and security concerns. Whether individuals thought their provider was using an EHR was not associated with negative privacy/security perceptions or withholding, suggesting the transition to EHRs is not associated with negative perceptions regarding the privacy and security of medical information. However, monitoring to see how this evolves will be important. Given that positive health care experiences and higher information efficacy were associated with more favorable perceptions of privacy and security, efforts should continue to encourage providers to secure medical records, provide patients with a “meaningful choice” in how their data are shared, and enable individuals to access information they need to manage their care. PMID:25843686

The role of health care experience and consumer information efficacy in shaping privacy and security perceptions of medical records: national consumer survey results.

PubMed

Patel, Vaishali; Beckjord, Ellen; Moser, Richard P; Hughes, Penelope; Hesse, Bradford W

2015-04-02

Providers' adoption of electronic health records (EHRs) is increasing and consumers have expressed concerns about the potential effects of EHRs on privacy and security. Yet, we lack a comprehensive understanding regarding factors that affect individuals' perceptions regarding the privacy and security of their medical information. The aim of this study was to describe national perceptions regarding the privacy and security of medical records and identify a comprehensive set of factors associated with these perceptions. Using a nationally representative 2011-2012 survey, we reported on adults' perceptions regarding privacy and security of medical records and sharing of health information between providers, and whether adults withheld information from a health care provider due to privacy or security concerns. We used multivariable models to examine the association between these outcomes and sociodemographic characteristics, health and health care experience, information efficacy, and technology-related variables. Approximately one-quarter of American adults (weighted n=235,217,323; unweighted n=3959) indicated they were very confident (n=989) and approximately half indicated they were somewhat confident (n=1597) in the privacy of their medical records; we found similar results regarding adults' confidence in the security of medical records (very confident: n=828; somewhat confident: n=1742). In all, 12.33% (520/3904) withheld information from a health care provider and 59.06% (2100/3459) expressed concerns about the security of both faxed and electronic health information. Adjusting for other characteristics, adults who reported higher quality of care had significantly greater confidence in the privacy and security of their medical records and were less likely to withhold information from their health care provider due to privacy or security concerns. Adults with higher information efficacy had significantly greater confidence in the privacy and security of medical records and less concern about sharing of health information by both fax and electronic means. Individuals' perceptions of whether their providers use an EHR was not associated with any privacy or security outcomes. Although most adults are confident in the privacy and security of their medical records, many express concerns regarding sharing of information between providers; a minority report withholding information from their providers due to privacy and security concerns. Whether individuals thought their provider was using an EHR was not associated with negative privacy/security perceptions or withholding, suggesting the transition to EHRs is not associated with negative perceptions regarding the privacy and security of medical information. However, monitoring to see how this evolves will be important. Given that positive health care experiences and higher information efficacy were associated with more favorable perceptions of privacy and security, efforts should continue to encourage providers to secure medical records, provide patients with a "meaningful choice" in how their data are shared, and enable individuals to access information they need to manage their care.

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 7 Agriculture 14 2010-01-01 2009-01-01 true Account and security information in UCC cases. 1962.14... Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after receipt of a written... the information, it may be liable for any loss caused the borrower and, in some States, other parties...

Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing

ERIC Educational Resources Information Center

Ilvonen, Ilona

2013-01-01

Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as…

CMMI(Registered) for Services, Version 1.3

DTIC Science & Technology

2010-11-01

ISO 2008b] ISO /IEC 27001 :2005 Information technology – Security techniques – Information Security Management Systems – Requirements [ ISO /IEC 2005...Commission. ISO /IEC 27001 Information Technology – Security Techniques – Information Security Management Systems – Requirements, 2005. http...CMM or International Organization for Standardization ( ISO ) 9001, you will immediately recognize many similarities in their structure and content

The Impact of Information Richness on Information Security Awareness Training Effectiveness

ERIC Educational Resources Information Center

Shaw, R. S.; Chen, Charlie C.; Harris, Albert L.; Huang, Hui-Jou

2009-01-01

In recent years, rapid progress in the use of the internet has resulted in huge losses in many organizations due to lax security. As a result, information security awareness is becoming an important issue to anyone using the Internet. To reduce losses, organizations have made information security awareness a top priority. The three main barriers…

46 CFR 503.53 - Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-10-01

... FEDERAL MARITIME COMMISSION GENERAL AND ADMINISTRATIVE PROVISIONS PUBLIC INFORMATION Information Security... provisions of Executive Order 13526 and directives of the Information Security Oversight Office. The program... and complaints concerning the Commission's information security program; (d) Recommend appropriate...

46 CFR 503.53 - Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-10-01

... FEDERAL MARITIME COMMISSION GENERAL AND ADMINISTRATIVE PROVISIONS PUBLIC INFORMATION Information Security... provisions of Executive Order 12958 and directives of the Information Security Oversight Office. The program... and complaints concerning the Commission's information security program; (d) Recommend appropriate...

75 FR 75207 - Regulation SBSR-Reporting and Dissemination of Security-Based Swap Information

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-02

...In accordance with Section 763 (``Section 763'') and Section 766 (``Section 766'') of Title VII (``Title VII'') of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the ``Dodd-Frank Act''), the Securities and Exchange Commission (``SEC'' or ``Commission'') is proposing Regulation SBSR--Reporting and Dissemination of Security-Based Swap Information (``Regulation SBSR'') under the Securities Exchange Act of 1934 (``Exchange Act'').\\1\\ Proposed Regulation SBSR would provide for the reporting of security- based swap information to registered security-based swap data repositories or the Commission and the public dissemination of security-based swap transaction, volume, and pricing information. Registered security-based swap data repositories would be required to establish and maintain certain policies and procedures regarding how transaction data are reported and disseminated, and participants of registered security-based swap data repositories that are security- based swap dealers or major security-based swap participants would be required to establish and maintain policies and procedures that are reasonably designed to ensure that they comply with applicable reporting obligations. Finally, proposed Regulation SBSR also would require a registered SDR to register with the Commission as a securities information processor on existing Form SIP. ---------------------------------------------------------------------------

A Security Audit Framework to Manage Information System Security

NASA Astrophysics Data System (ADS)

Pereira, Teresa; Santos, Henrique

The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

75 FR 45152 - National Security Division: Agency Information Collection Activities: Proposed Collection...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-02

... DEPARTMENT OF JUSTICE [OMB Number 1124-0004] National Security Division: Agency Information...), National Security Division (NSD), will be submitting the following information collection request to the... write to U.S. Department of Justice, 10th & Constitution Avenue, NW., National Security Division...

6 CFR 7.25 - Identification and markings.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Identification and markings. 7.25 Section 7.25 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION Classified Information § 7.25 Identification and markings. (a) Classified information must be...

77 FR 42752 - New Agency Information Collection Activity Under OMB Review: Generic Clearance for the Collection...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-20

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration New Agency Information... Service Delivery AGENCY: Transportation Security Administration, DHS. ACTION: 30-day Notice. SUMMARY: This notice announces that the Transportation Security Administration (TSA) has forwarded the new Information...

49 CFR 1572.9 - Applicant information required for HME security threat assessment.

Code of Federal Regulations, 2011 CFR

2011-10-01

... threat assessment. 1572.9 Section 1572.9 Transportation Other Regulations Relating to Transportation... TRANSPORTATION SECURITY CREDENTIALING AND SECURITY THREAT ASSESSMENTS Procedures and General Standards § 1572.9 Applicant information required for HME security threat assessment. An applicant must supply the information...

75 FR 29567 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security Customer...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-26

... Information Collection Activity Under OMB Review: Aviation Security Customer Satisfaction Performance... surveying travelers to measure customer satisfaction of aviation security in an effort to more efficiently.... Information Collection Requirement OMB Control Number 1652-0013; Aviation Security Customer Satisfaction...

Detection of complex cyber attacks

NASA Astrophysics Data System (ADS)

Gregorio-de Souza, Ian; Berk, Vincent H.; Giani, Annarita; Bakos, George; Bates, Marion; Cybenko, George; Madory, Doug

2006-05-01

One significant drawback to currently available security products is their inabilty to correlate diverse sensor input. For instance, by only using network intrusion detection data, a root kit installed through a weak username-password combination may go unnoticed. Similarly, an administrator may never make the link between deteriorating response times from the database server and an attacker exfiltrating trusted data, if these facts aren't presented together. Current Security Information Management Systems (SIMS) can collect and represent diverse data but lack sufficient correlation algorithms. By using a Process Query System, we were able to quickly bring together data flowing from many sources, including NIDS, HIDS, server logs, CPU load and memory usage, etc. We constructed PQS models that describe dynamic behavior of complicated attacks and failures, allowing us to detect and differentiate simultaneous sophisticated attacks on a target network. In this paper, we discuss the benefits of implementing such a multistage cyber attack detection system using PQS. We focus on how data from multiple sources can be combined and used to detect and track comprehensive network security events that go unnoticed using conventional tools.

6 CFR 5.7 - Classified information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Classified information. 5.7 Section 5.7 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Freedom of Information Act § 5.7 Classified information. In processing a request for information that is...

6 CFR 7.23 - Emergency release of classified information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Emergency release of classified information. 7... NATIONAL SECURITY INFORMATION Classified Information § 7.23 Emergency release of classified information. (a... notify the DHS Chief Security Officer and the originating agency of the information disclosed. A copy of...

Health information law in the context of minors.

PubMed

Rosenbaum, Sara; Abramson, Susan; MacTaggart, Patricia

2009-01-01

This article presents a legal overview of privacy and autonomy considerations related to children in the context of health information technology adoption and use. All uses of health-related technologies take place within a legal framework that guides health care generally; the privacy laws and autonomy principles long predate health information technology and can be expected to shape its design and use. Furthermore, it is a legal tenet that technology advances shape the law, and this can be expected as health information technology use evolves. Most laws related to health care, medical practice, and the right to privacy are state-based and subject to high variability. As the health information revolution increasingly eliminates the importance of geographic boundaries to health care, interstate tensions can be expected to grow. Health information privacy law is even more complex in the case of children, because the relationship between privacy law and children is itself complex. The law considers minor children to be deserving of special protection against harm and risk exposure, and this concern extends to privacy. Regardless of whether minors can shield health information from parents, it is clear that parents and children have the power to control the flow of information to and among entities. Although information protections may pose a higher standard where information about children is concerned, this fact should not overshadow the extent to which information can be used under existing legal principles. Over time, as the security and safety of information sharing are established, the law may yet evolve to permit a freer flow of information.

5 CFR 2500.11 - Implementation and review.

Code of Federal Regulations, 2011 CFR

2011-01-01

... INFORMATION SECURITY REGULATION § 2500.11 Implementation and review. The Information Security Oversight... information security program. The chairperson shall also be responsible for conducting an active oversight...

5 CFR 2500.11 - Implementation and review.

Code of Federal Regulations, 2010 CFR

2010-01-01

... INFORMATION SECURITY REGULATION § 2500.11 Implementation and review. The Information Security Oversight... information security program. The chairperson shall also be responsible for conducting an active oversight...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

Video calls from lay bystanders to dispatch centers - risk assessment of information security.

PubMed

Bolle, Stein R; Hasvold, Per; Henriksen, Eva

2011-09-30

Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

Video calls from lay bystanders to dispatch centers - risk assessment of information security

PubMed Central

2011-01-01

Background Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Methods Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Results Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Conclusions Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers. PMID:21958387

Communication security in open health care networks.

PubMed

Blobel, B; Pharow, P; Engel, K; Spiegel, V; Krohn, R

1999-01-01

Fulfilling the shared care paradigm, health care networks providing open systems' interoperability in health care are needed. Such communicating and co-operating health information systems, dealing with sensitive personal medical information across organisational, regional, national or even international boundaries, require appropriate security solutions. Based on the generic security model, within the European MEDSEC project an open approach for secure EDI like HL7, EDIFACT, XDT or XML has been developed. The consideration includes both securing the message in an unsecure network and the transport of the unprotected information via secure channels (SSL, TLS etc.). Regarding EDI, an open and widely usable security solution has been specified and practically implemented for the examples of secure mailing and secure file transfer (FTP) via wrapping the sensitive information expressed by the corresponding protocols. The results are currently prepared for standardisation.

A Cooperative Model for IS Security Risk Management in Distributed Environment

PubMed Central

Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively. PMID:24563626

Matching food security analysis to context: the experience of the Somalia food security assessment unit.

PubMed

Hemrich, Günter

2005-06-01

This case study reviews the experience of the Somalia Food Security Assessment Unit (FSAU) of operating a food security information system in the context of a complex emergency. In particular, it explores the linkages between selected features of the protracted crisis environment in Somalia and conceptual and operational aspects of food security information work. The paper specifically examines the implications of context characteristics for the establishment and operations of the FSAU field monitoring component and for the interface with information users and their diverse information needs. It also analyses the scope for linking food security and nutrition analysis and looks at the role of conflict and gender analysis in food security assessment work. Background data on the food security situation in Somalia and an overview of some key features of the FSAU set the scene for the case study. The paper is targeted at those involved in designing, operating and funding food security information activities.

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

PubMed

Bernik, Igor; Prislan, Kaja

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

32 CFR 1633.5 - Securing information.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Securing information. 1633.5 Section 1633.5... CLASSIFICATION § 1633.5 Securing information. The classifying authority is authorized to request and receive information whenever such information will assist in determining the proper classification of a registrant. ...

Information security risk management for computerized health information systems in hospitals: a case study of Iran.

PubMed

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

6 CFR 7.13 - Judicial proceedings.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Judicial proceedings. 7.13 Section 7.13 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION... classified information (see 6 CFR 5.41 through 5.49), required to submit classified information for official...

A Unified Approach to Information Security Compliance

ERIC Educational Resources Information Center

Adler, M. Peter

2006-01-01

The increased number of government-mandated and private contractual information security requirements in recent years has caused higher education security professionals to view information security as another aspect of regulatory or contractual compliance. The existence of fines, penalties, or loss (including bad publicity) has also increased the…

Effect of Organizational Factors on Information Security Implementations

ERIC Educational Resources Information Center

Perez, Rafael G.

2013-01-01

The purpose of this quantitative inferential study is to determine the level of correlation between the organizational factors of information security awareness, balanced security processes, and organizational structure with the size of the estimation gap of information security implementations mediated by the end user intentionality. The study…

75 FR 21012 - Extension of Agency Information Collection Activity Under OMB Review: Highway Corporate Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-22

... Information Collection Activity Under OMB Review: Highway Corporate Security Review (CSR) AGENCY... in the highway and motor carrier industry by way of its Highway Corporate Security Review Program... comments. Information Collection Requirement Title: Corporate Security Review (CSR). Type of Request...

36 CFR 1260.20 - Who is responsible for the declassification of classified national security Executive Branch...

Code of Federal Regulations, 2010 CFR

2010-07-01

... declassification of classified national security Executive Branch information that has been accessioned by NARA... ADMINISTRATION DECLASSIFICATION DECLASSIFICATION OF NATIONAL SECURITY INFORMATION Responsibilities § 1260.20 Who is responsible for the declassification of classified national security Executive Branch information...

44 CFR 8.4 - Mandatory declassification review procedures.

Code of Federal Regulations, 2010 CFR

2010-10-01

... AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.4 Mandatory... information is inadequate, the Office of Security shall notify him or her that no further action will be taken...) to the Security Division. Information no longer requiring protection under E.O. 12356 shall be...

17 CFR 229.1113 - (Item 1113) Structure of the transaction.

Code of Federal Regulations, 2011 CFR

2011-04-01

... securities, and within each class, with respect to cash flows, credit enhancement or other support and any... narrative discussion of the allocation and priority structure of pool cash flows, present the flow of funds... any requirements directing cash flows from the pool assets (such as to reserve accounts, cash...

17 CFR 229.1113 - (Item 1113) Structure of the transaction.

Code of Federal Regulations, 2012 CFR

2012-04-01

... securities, and within each class, with respect to cash flows, credit enhancement or other support and any... narrative discussion of the allocation and priority structure of pool cash flows, present the flow of funds... any requirements directing cash flows from the pool assets (such as to reserve accounts, cash...

17 CFR 229.1113 - (Item 1113) Structure of the transaction.

Code of Federal Regulations, 2013 CFR

2013-04-01

... securities, and within each class, with respect to cash flows, credit enhancement or other support and any... narrative discussion of the allocation and priority structure of pool cash flows, present the flow of funds... any requirements directing cash flows from the pool assets (such as to reserve accounts, cash...

17 CFR 229.1113 - (Item 1113) Structure of the transaction.

Code of Federal Regulations, 2014 CFR

2014-04-01

... securities, and within each class, with respect to cash flows, credit enhancement or other support and any... narrative discussion of the allocation and priority structure of pool cash flows, present the flow of funds... any requirements directing cash flows from the pool assets (such as to reserve accounts, cash...

Information Security: A Scientometric Study of the Profile, Structure, and Dynamics of an Emerging Scholarly Specialty

ERIC Educational Resources Information Center

Olijnyk, Nicholas Victor

2014-01-01

The central aim of the current research is to explore and describe the profile, dynamics, and structure of the information security specialty. This study's objectives are guided by four research questions: 1. What are the salient features of information security as a specialty? 2. How has the information security specialty emerged and evolved from…

Why information security belongs on the CFO's agenda.

PubMed

Quinnild, James; Fusile, Jeff; Smith, Cindy

2006-02-01

Healthcare financial executives need to understand the complex and growing role of information security in supporting the business of health care. The biggest security gaps in healthcare organizations occur in strategy and centralization, business executive preparation, and protected health information. CFOs should collaborate with the CIO in engaging a comprehensive framework to develop, implement, communicate, and maintain an enterprisewide information security strategy.

Implementing healthcare information security: standards can help.

PubMed

Orel, Andrej; Bernik, Igor

2013-01-01

Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

Research on information security in big data era

NASA Astrophysics Data System (ADS)

Zhou, Linqi; Gu, Weihong; Huang, Cheng; Huang, Aijun; Bai, Yongbin

2018-05-01

Big data is becoming another hotspot in the field of information technology after the cloud computing and the Internet of Things. However, the existing information security methods can no longer meet the information security requirements in the era of big data. This paper analyzes the challenges and a cause of data security brought by big data, discusses the development trend of network attacks under the background of big data, and puts forward my own opinions on the development of security defense in technology, strategy and product.

A First Step Towards Network Security Virtualization: From Concept to Prototype

DTIC Science & Technology

2015-10-01

ec2 security groups. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network- security.html. [3] Jeffrey R. Ballard, Ian Rae, and Aditya...20] Matthew L. Meola Michael J. Freedman Jennifer Rexford Nate Foster, Rob Harrison and David Walker. Frenetic: A High-Level Langauge for OpenFlow

28 CFR 17.1 - Purpose.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Administration DEPARTMENT OF JUSTICE CLASSIFIED NATIONAL SECURITY INFORMATION AND ACCESS TO CLASSIFIED... Comp., p. 391) and implementing directives from the Information Security Oversight Office of the... Security Information and the criteria for access to this information. Accordingly, this part is a revision...

48 CFR 339.7100 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7100 Definitions. As... with OMB Circular A-130, Management of Federal Information Resources, Appendix 3 (Security of Federal Automated Information Resources), security commensurate with the risk and magnitude of harm resulting from...

48 CFR 1804.470-2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... ADMINISTRATIVE MATTERS Safeguarding Classified Information Within Industry 1804.470-2 Policy. NASA IT security...) 2810, Security of Information Technology; NASA Procedural Requirements (NPR) 2810, Security of Information Technology; and interim policy updates in the form of NASA Information Technology Requirements...

28 CFR 17.1 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Administration DEPARTMENT OF JUSTICE CLASSIFIED NATIONAL SECURITY INFORMATION AND ACCESS TO CLASSIFIED... Comp., p. 391) and implementing directives from the Information Security Oversight Office of the... Security Information and the criteria for access to this information. Accordingly, this part is a revision...

Analyzing Cases of Resilience Success and Failure - A Research Study

DTIC Science & Technology

2012-12-01

controls [NIST 2012, NIST 2008] ISO 27002 and ISO 27004 Guidelines for initiating, implementing, maintaining, and improving information security...Commission ( ISO /IEC). Information technology—Security techniques—Code of practice for information security management ( ISO /IEC 27002 :2005). ISO /IEC, 2005...security management system and controls or groups of controls [ ISO /IEC 2005, ISO /IEC 2009] CIS Security Metrics Outcome and practice metrics measuring

5 CFR 1312.12 - Security Program Review Committee.

Code of Federal Regulations, 2011 CFR

2011-01-01

... CLASSIFICATION, DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Classification and Declassification of National Security Information § 1312.12 Security Program Review Committee. The... 5 Administrative Personnel 3 2011-01-01 2011-01-01 false Security Program Review Committee. 1312...

5 CFR 1312.12 - Security Program Review Committee.

Code of Federal Regulations, 2010 CFR

2010-01-01

... CLASSIFICATION, DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Classification and Declassification of National Security Information § 1312.12 Security Program Review Committee. The... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Security Program Review Committee. 1312...

49 CFR 1520.5 - Sensitive security information.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Sensitive security information. 1520.5 Section 1520.5 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF...

14 CFR 11.35 - Does FAA include sensitive security information and proprietary information in the Federal Docket...

Code of Federal Regulations, 2010 CFR

2010-01-01

... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...

14 CFR 11.35 - Does FAA include sensitive security information and proprietary information in the Federal Docket...

Code of Federal Regulations, 2014 CFR

2014-01-01

... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...

14 CFR 11.35 - Does FAA include sensitive security information and proprietary information in the Federal Docket...

Code of Federal Regulations, 2012 CFR

2012-01-01

... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...

14 CFR 11.35 - Does FAA include sensitive security information and proprietary information in the Federal Docket...

Code of Federal Regulations, 2013 CFR

2013-01-01

... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...

14 CFR 11.35 - Does FAA include sensitive security information and proprietary information in the Federal Docket...

Code of Federal Regulations, 2011 CFR

2011-01-01

... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...

44 CFR 8.3 - Senior FEMA official responsible for the information security program.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 44 Emergency Management and Assistance 1 2010-10-01 2010-10-01 false Senior FEMA official... Senior FEMA official responsible for the information security program. The Director of the Security Division, has been designated as the senior official to direct and administer the FEMA information security...

Institutionalization of Information Security: Case of the Indonesian Banking Sector

ERIC Educational Resources Information Center

Nasution, Muhamad Faisal Fariduddin Attar

2012-01-01

This study focuses on the institutionalization of information security in the banking sector. This study is important to pursue since it explicates the internalization of information security governance and practices and how such internalization develops an organizational resistance towards security breach. The study argues that information…

Developing an Undergraduate Information Systems Security Track

ERIC Educational Resources Information Center

Sharma, Aditya; Murphy, Marianne C.; Rosso, Mark A.; Grant, Donna

2013-01-01

Information Systems Security as a specialized area of study has mostly been taught at the graduate level. This paper highlights the efforts of establishing an Information Systems (IS) Security track at the undergraduate level. As there were many unanswered questions and concerns regarding the Security curriculum, focus areas, the benefit of…

78 FR 10211 - Agency Information Collection Activities; Submission for OMB Review; Comment Request; Securities...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-13

... for OMB Review; Comment Request; Securities Lending by Employee Benefit Plans ACTION: Notice. SUMMARY...) sponsored information collection request (ICR) titled, ``Securities Lending by Employee Benefit Plans,'' [email protected] . Authority: 44 U.S.C. 3507(a)(1)(D). SUPPLEMENTARY INFORMATION: The Securities Lending by...

77 FR 25686 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-01

... NIST Computer Security Division. Note that agenda items may change without notice because of possible... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB...

76 FR 63811 - Structural Reforms To Improve the Security of Classified Networks and the Responsible Sharing and...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-13

... Structural Reforms To Improve the Security of Classified Networks and the Responsible Sharing and... classified national security information (classified information) on computer networks, it is hereby ordered as follows: Section 1. Policy. Our Nation's security requires classified information to be shared...

Managing security risks for inter-organisational information systems: a multiagent collaborative model

NASA Astrophysics Data System (ADS)

Feng, Nan; Wu, Harris; Li, Minqiang; Wu, Desheng; Chen, Fuzan; Tian, Jin

2016-09-01

Information sharing across organisations is critical to effectively managing the security risks of inter-organisational information systems. Nevertheless, few previous studies on information systems security have focused on inter-organisational information sharing, and none have studied the sharing of inferred beliefs versus factual observations. In this article, a multiagent collaborative model (MACM) is proposed as a practical solution to assess the risk level of each allied organisation's information system and support proactive security treatment by sharing beliefs on event probabilities as well as factual observations. In MACM, for each allied organisation's information system, we design four types of agents: inspection agent, analysis agent, control agent, and communication agent. By sharing soft findings (beliefs) in addition to hard findings (factual observations) among the organisations, each organisation's analysis agent is capable of dynamically predicting its security risk level using a Bayesian network. A real-world implementation illustrates how our model can be used to manage security risks in distributed information systems and that sharing soft findings leads to lower expected loss from security risks.

Harnessing the Risk-Related Data Supply Chain: An Information Architecture Approach to Enriching Human System Research and Operations Knowledge

NASA Technical Reports Server (NTRS)

Buquo, Lynn; Johnson-Throop, Kathy

2010-01-01

NASA's Human Research Program (HRP) and Space Life Sciences Directorate (SLSD), not unlike many NASA organizations today, struggle with the inherent inefficiencies caused by dependencies on heterogeneous data systems and silos of data and information spread across decentralized discipline domains. The capture of operational and research-based data/information (both in-flight and ground-based) in disparate IT systems impedes the extent to which that data/information can be efficiently and securely shared, analyzed, and enriched into knowledge that directly and more rapidly supports HRP's research-focused human system risk mitigation efforts and SLSD s operationally oriented risk management efforts. As a result, an integrated effort is underway to more fully understand and document how specific sets of risk-related data/information are generated and used and in what IT systems that data/information currently resides. By mapping the risk-related data flow from raw data to useable information and knowledge (think of it as the data supply chain), HRP and SLSD are building an information architecture plan to leverage their existing, shared IT infrastructure. In addition, it is important to create a centralized structured tool to represent risks including attributes such as likelihood, consequence, contributing factors, and the evidence supporting the information in all these fields. Representing the risks in this way enables reasoning about the risks, e.g. revisiting a risk assessment when a mitigation strategy is unavailable, updating a risk assessment when new information becomes available, etc. Such a system also provides a concise way to communicate the risks both within the organization as well as with collaborators. Understanding and, hence, harnessing the human system risk-related data supply chain enhances both organizations' abilities to securely collect, integrate, and share data assets that improve human system research and operations.

32 CFR 2700.1 - References.

Code of Federal Regulations, 2011 CFR

2011-07-01

... INFORMATION REGULATIONS Introduction § 2700.1 References. (a) Executive Order 12065, “National Security Information,” June 28, 1978, (hereinafter E.O. 12065). (b) Information Security Oversight Office, Directive No. 1, “National Security Information,” October 2, 1978, (hereinafter ISOO Directive No. 1). ...

78 FR 5116 - NASA Information Security Protection

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-24

... 2700-AD61 NASA Information Security Protection AGENCY: National Aeronautics and Space Administration... implement the provisions of Executive Order (E.O.) 13526, Classified National Security Information, and... Information, that establishes the Agency's requirements for the proper implementation and management of a...

75 FR 45154 - National Security Division; Agency Information Collection Activities:

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-02

... DEPARTMENT OF JUSTICE [OMB Number 1124-0003] National Security Division; Agency Information Collection Activities: Proposed Collection; Comments Requested ACTION: 60-Day Notice of Information...), National Security Division (NSD), will be submitting the following information collection request to the...

76 FR 39261 - Tennessee Valley Authority Procedures

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-06

... classified national security information. DATES: Effective Date: July 6, 2011. FOR FURTHER INFORMATION CONTACT: Mark R. Winter, Senior Information Security Specialist, 1101 Market Street (MP 3C), Tennessee..., Classified National Security Information, was published in the Federal Register. This order prescribes a...

76 FR 34886 - General Services Administration Acquisition Regulation; Implementation of Information Technology...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-15

... Acquisition Regulation; Implementation of Information Technology Security Provision AGENCY: Office of... information technology (IT) supplies, services and systems with security requirements. DATES: Effective Date... effective date that include information technology (IT) supplies, services and systems with security...

Gross anatomy of network security

NASA Technical Reports Server (NTRS)

Siu, Thomas J.

2002-01-01

Information security involves many branches of effort, including information assurance, host level security, physical security, and network security. Computer network security methods and implementations are given a top-down description to permit a medically focused audience to anchor this information to their daily practice. The depth of detail of network functionality and security measures, like that of the study of human anatomy, can be highly involved. Presented at the level of major gross anatomical systems, this paper will focus on network backbone implementation and perimeter defenses, then diagnostic tools, and finally the user practices (the human element). Physical security measures, though significant, have been defined as beyond the scope of this presentation.

Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing

DTIC Science & Technology

2010-07-01

Cloud computing , an emerging form of computing in which users have access to scalable, on-demand capabilities that are provided through Internet... cloud computing , (2) the information security implications of using cloud computing services in the Federal Government, and (3) federal guidance and...efforts to address information security when using cloud computing . The complete report is titled Information Security: Federal Guidance Needed to

An Information Security Control Assessment Methodology for Organizations

ERIC Educational Resources Information Center

Otero, Angel R.

2014-01-01

In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

31 CFR 2.2 - Access to classified information by historical researchers, former Treasury Presidential and Vice...

Code of Federal Regulations, 2010 CFR

2010-07-01

... Treasury NATIONAL SECURITY INFORMATION § 2.2 Access to classified information by historical researchers... security; and (2) Receipt of the individual's written agreement to safeguard classified information... granting of a security clearance for access to classified information. (d) Treasury personnel will...

Contextualizing Secure Information System Design: A Socio-Technical Approach

ERIC Educational Resources Information Center

Charif, Abdul Rahim

2017-01-01

Secure Information Systems (SIS) design paradigms have evolved in generations to adapt to IS security needs. However, modern IS are still vulnerable and are far from secure. The development of an underlying IS cannot be reduced to "technological fixes" neither is the design of SIS. Technical security cannot ensure IS security.…

10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 2 2012-01-01 2012-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security facility...

10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 2 2014-01-01 2014-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security facility...

10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 2 2013-01-01 2013-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security facility...

10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 2 2010-01-01 2010-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security facility...

10 CFR 76.119 - Security facility approval and safeguarding of National Security Information and Restricted Data.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 2 2011-01-01 2011-01-01 false Security facility approval and safeguarding of National Security Information and Restricted Data. 76.119 Section 76.119 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.119 Security facility...

Situational Awareness of Network System Roles (SANSR)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Huffer, Kelly M; Reed, Joel W

In a large enterprise it is difficult for cyber security analysts to know what services and roles every machine on the network is performing (e.g., file server, domain name server, email server). Using network flow data, already collected by most enterprises, we developed a proof-of-concept tool that discovers the roles of a system using both clustering and categorization techniques. The tool's role information would allow cyber analysts to detect consequential changes in the network, initiate incident response plans, and optimize their security posture. The results of this proof-of-concept tool proved to be quite accurate on three real data sets. Wemore » will present the algorithms used in the tool, describe the results of preliminary testing, provide visualizations of the results, and discuss areas for future work. Without this kind of situational awareness, cyber analysts cannot quickly diagnose an attack or prioritize remedial actions.« less

Nuclear reactor downcomer flow deflector

DOEpatents

Gilmore, Charles B [Greensburg, PA; Altman, David A [Pittsburgh, PA; Singleton, Norman R [Murrysville, PA

2011-02-15

A nuclear reactor having a coolant flow deflector secured to a reactor core barrel in line with a coolant inlet nozzle. The flow deflector redirects incoming coolant down an annulus between the core barrel and the reactor vessel. The deflector has a main body with a front side facing the fluid inlet nozzle and a rear side facing the core barrel. The rear side of the main body has at least one protrusion secured to the core barrel so that a gap exists between the rear side of the main body adjacent the protrusion and the core barrel. Preferably, the protrusion is a relief that circumscribes the rear side of the main body.

Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs

NASA Astrophysics Data System (ADS)

Kurnianto, Ari; Isnanto, Rizal; Widodo, Aris Puji

2018-02-01

Information security is a problem effected business process of an organization, so it needs special concern. Information security assessment which is good and has international standard is done using Information Security Management System (ISMS) ISO/IEC 27001:2013. In this research, the high level assessment has been done using ISO/IEC 27001:2013 to observe the strength of information secuity in Ministry of Internal Affairs. The research explains about the assessment of information security management which is built using PHP. The input data use primary and secondary data which passed observation. The process gets maturity using the assessment of ISO/IEC 27001:2013. GAP Analysis observes the condition now a days and then to get recommendation and road map. The result of this research gets all of the information security process which has not been already good enough in Ministry of Internal Affairs, gives recommendation and road map to improve part of all information system being running. It indicates that ISO/IEC 27001:2013 is good used to rate maturity of information security management. As the next analyzation, this research use Clause and Annex in ISO/IEC 27001:2013 which is suitable with condition of Data Center and Data Recovery Center, so it gets optimum result and solving problem of the weakness information security.

NASA Space Safety Standards and Procedures for Human Rating Requirements

NASA Technical Reports Server (NTRS)

Shivers, C. Herbert

2009-01-01

The National Aeronautics and Space Administration of the United States of America (NASA) has arguably led this planet in space exploration and certainly has been one of two major leaders in those endeavors. NASA governance is institutionalized and managed in a series documents arranged in a hierarchy and flowing down to the work levels. A document tree of NASA s documentation in its totality would likely overwhelm and not be very informative. Taken in segments related to the various business topics and focusing in those segments, however, provides a logical and understandable relationship and flow of requirements and processes. That is the nature of this chapter, a selection of NASA documentation pertaining to space exploration and a description of how those documents together form the plan by which NASA business for space exploration is conducted. Information presented herein is taken from NASA publications and is available publicly and no information herein is protected by copyright or security regulations. While NASA documents are the source of information presented herein, any and all views expressed herein and any misrepresentations of NASA data that may occur herein are those of the author and should not be considered NASA official positions or statements, nor should NASA endorsement of anything presented in this work be assumed.

Analysis of information security management systems at 5 domestic hospitals with more than 500 beds.

PubMed

Park, Woo-Sung; Seo, Sun-Won; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

2010-06-01

The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS.

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation

PubMed Central

2016-01-01

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model—ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it’s recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes. PMID:27655001

Concepts for a standard based cross-organisational information security management system in the context of a nationwide EHR.

PubMed

Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald

2013-01-01

Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).

50 CFR 300.220 - Confidentiality of information.

Code of Federal Regulations, 2010 CFR

2010-10-01

... met: (i) The employee has a need for confidential information to further the Department of Commerce's...) Homeland and national security activities. Confidential information may be made accessible to Federal... agency only if: (i) Providing the information promotes homeland security or national security purposes...

76 FR 81827 - Declassification of National Security Information

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-29

... prompt decision on the appeal. (b) [Reserved] Sec. 1260.82 What actions must NARA take with information... Declassification of National Security Information AGENCY: National Archives and Records Administration. ACTION... related to declassification of classified national security information in records transferred to NARA's...

78 FR 71631 - Committee Name: Homeland Security Information Network Advisory Committee (HSINAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-29

... Network Advisory Committee (HSINAC) AGENCY: Operation Coordination and Planning/Office of Chief.... SUMMARY: The Homeland Security Information Network Advisory Council (HSINAC) will meet December 17, 2013... , Phone: 202-343-4212. SUPPLEMENTARY INFORMATION: The Homeland Security Information Network Advisory...

14 CFR 1274.937 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2012 CFR

2012-01-01

... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be responsible...

14 CFR 1274.937 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2013 CFR

2013-01-01

... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be responsible...

14 CFR 1274.937 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2011 CFR

2011-01-01

... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be responsible...

10 CFR 95.39 - External transmission of documents and material.

Code of Federal Regulations, 2013 CFR

2013-01-01

... Procedures Plan for the protection of classified information. (e) Security of classified information in... Section 95.39 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.39 External...

10 CFR 95.39 - External transmission of documents and material.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Procedures Plan for the protection of classified information. (e) Security of classified information in... Section 95.39 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.39 External...

10 CFR 95.39 - External transmission of documents and material.

Code of Federal Regulations, 2014 CFR

2014-01-01

... Procedures Plan for the protection of classified information. (e) Security of classified information in... Section 95.39 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.39 External...

10 CFR 95.39 - External transmission of documents and material.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Procedures Plan for the protection of classified information. (e) Security of classified information in... Section 95.39 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.39 External...

10 CFR 95.39 - External transmission of documents and material.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Procedures Plan for the protection of classified information. (e) Security of classified information in... Section 95.39 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.39 External...

14 CFR 1274.937 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2010 CFR

2010-01-01

... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be responsible...

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 1 2014-01-01 2014-01-01 false Admissibility of restricted data or other national security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION AGENCY RULES OF PRACTICE AND... National Security Information § 2.911 Admissibility of restricted data or other national security...

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 1 2013-01-01 2013-01-01 false Admissibility of restricted data or other national security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION AGENCY RULES OF PRACTICE AND... National Security Information § 2.911 Admissibility of restricted data or other national security...

10 CFR 2.903 - Protection of restricted data and national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 1 2010-01-01 2010-01-01 false Protection of restricted data and national security... Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national security information. Nothing in this subpart shall relieve any person from safeguarding Restricted Data or...

75 FR 39920 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-13

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, August...

Ethical Hacking in Information Security Curricula

ERIC Educational Resources Information Center

Trabelsi, Zouheir; McCoey, Margaret

2016-01-01

Teaching offensive security (ethical hacking) is becoming a necessary component of information security curricula with a goal of developing better security professionals. The offensive security components extend curricula beyond system defense strategies. This paper identifies and discusses the learning outcomes achieved as a result of hands-on…

Information Systems, Security, and Privacy.

ERIC Educational Resources Information Center

Ware, Willis H.

1984-01-01

Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

49 CFR 8.31 - Industrial security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 1 2011-10-01 2011-10-01 false Industrial security. 8.31 Section 8.31.../ACCESS Access to Information § 8.31 Industrial security. (a) Background. The National Industrial Security... classified pursuant to Executive Order 12356 of April 2, 1982, National Security Information, or its...

5 CFR 1312.31 - Security violations.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 5 Administrative Personnel 3 2013-01-01 2013-01-01 false Security violations. 1312.31 Section 1312..., DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified Information § 1312.31 Security violations. (a) A security violation notice is issued by the United...

49 CFR 8.31 - Industrial security.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 49 Transportation 1 2012-10-01 2012-10-01 false Industrial security. 8.31 Section 8.31.../ACCESS Access to Information § 8.31 Industrial security. (a) Background. The National Industrial Security... classified pursuant to Executive Order 12356 of April 2, 1982, National Security Information, or its...

49 CFR 1548.11 - Training and knowledge for individuals with security-related duties.

Code of Federal Regulations, 2013 CFR

2013-10-01

...; (2) Applicable Security Directives and Information Circulars; (3) The approved airport security... Directives and Information Circulars; (4) The approved airport security program(s) applicable to their... security-related duties. 1548.11 Section 1548.11 Transportation Other Regulations Relating to...

49 CFR 1548.11 - Training and knowledge for individuals with security-related duties.

Code of Federal Regulations, 2014 CFR

2014-10-01

...; (2) Applicable Security Directives and Information Circulars; (3) The approved airport security... Directives and Information Circulars; (4) The approved airport security program(s) applicable to their... security-related duties. 1548.11 Section 1548.11 Transportation Other Regulations Relating to...

49 CFR 1548.11 - Training and knowledge for individuals with security-related duties.

Code of Federal Regulations, 2012 CFR

2012-10-01

...; (2) Applicable Security Directives and Information Circulars; (3) The approved airport security... Directives and Information Circulars; (4) The approved airport security program(s) applicable to their... security-related duties. 1548.11 Section 1548.11 Transportation Other Regulations Relating to...

49 CFR 1548.11 - Training and knowledge for individuals with security-related duties.

Code of Federal Regulations, 2011 CFR

2011-10-01

...; (2) Applicable Security Directives and Information Circulars; (3) The approved airport security... Directives and Information Circulars; (4) The approved airport security program(s) applicable to their... security-related duties. 1548.11 Section 1548.11 Transportation Other Regulations Relating to...

Agents Based e-Commerce and Securing Exchanged Information

NASA Astrophysics Data System (ADS)

Al-Jaljouli, Raja; Abawajy, Jemal

Mobile agents have been implemented in e-Commerce to search and filter information of interest from electronic markets. When the information is very sensitive and critical, it is important to develop a novel security protocol that can efficiently protect the information from malicious tampering as well as unauthorized disclosure or at least detect any malicious act of intruders. In this chapter, we describe robust security techniques that ensure a sound security of information gathered throughout agent’s itinerary against various security attacks, as well as truncation attacks. A sound security protocol is described, which implements the various security techniques that would jointly prevent or at least detect any malicious act of intruders. We reason about the soundness of the protocol usingSymbolic Trace Analyzer (STA), a formal verification tool that is based on symbolic techniques. We analyze the protocol in key configurations and show that it is free of flaws. We also show that the protocol fulfils the various security requirements of exchanged information in MAS, including data-integrity, data-confidentiality, data-authenticity, origin confidentiality and data non-repudiability.

Information security risk management for computerized health information systems in hospitals: a case study of Iran

PubMed Central

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Contingency Measures § 1542.303 Security Directives and Information Circulars. (a) TSA may issue an... Security Directive by submitting data, views, or arguments in writing to TSA. TSA may amend the Security...

When trust defies common security sense.

PubMed

Williams, Patricia A H

2008-09-01

Primary care medical practices fail to recognize the seriousness of security threats to their patient and practice information. This can be attributed to a lack of understanding of security concepts, underestimation of potential threats and the difficulty in configuration of security technology countermeasures. To appreciate the factors contributing to such problems, research into general practitioner security practice and perceptions of security was undertaken. The investigation focused on demographics, actual practice, issues and barriers, and practitioner perception. Poor implementation, lack of relevant knowledge and inconsistencies between principles and practice were identified as key themes. Also the results revealed an overwhelming reliance on trust in staff and in computer information systems. This clearly identified that both cultural and technical attributes contribute to the deficiencies in information security practice. The aim of this research is to understand user needs and problems when dealing with information security practice.

Safe teleradiology: information assurance as project planning methodology

NASA Astrophysics Data System (ADS)

Collmann, Jeff R.; Alaoui, Adil; Nguyen, Dan; Lindisch, David

2003-05-01

This project demonstrates use of OCTAVE, an information security risk assessment method, as an approach to the safe design and planning of a teleradiology system. By adopting this approach to project planning, we intended to provide evidence that including information security as an intrinsic component of project planning improves information assurance and that using information assurance as a planning tool produces and improves the general system management plan. Several considerations justify this approach to planning a safe teleradiology system. First, because OCTAVE was designed as a method for retrospectively assessing and proposing enhancements for the security of existing information management systems, it should function well as a guide to prospectively designing and deploying a secure information system such as teleradiology. Second, because OCTAVE provides assessment and planning tools for use primarily by interdisciplinary teams from user organizations, not consultants, it should enhance the ability of such teams at the local level to plan safe information systems. Third, from the perspective of sociological theory, OCTAVE explicitly attempts to enhance organizational conditions identified as necessary to safely manage complex technologies. Approaching information system design from the perspective of information security risk management proactively integrates health information assurance into a project"s core. This contrasts with typical approaches that perceive "security" as a secondary attribute to be "added" after designing the system and with approaches that identify information assurance only with security devices and user training. The perspective of health information assurance embraces so many dimensions of a computerized health information system"s design that one may successfully deploy a method for retrospectively assessing information security risk as a prospective planning tool. From a sociological perspective, this approach enhances the general conditions as well as establishes specific policies and procedures for reliable performance of health information assurance.

Final report for the Multiprotocol Label Switching (MPLS) control plane security LDRD project.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Torgerson, Mark Dolan; Michalski, John T.; Tarman, Thomas David

2003-09-01

As rapid Internet growth continues, global communications becomes more dependent on Internet availability for information transfer. Recently, the Internet Engineering Task Force (IETF) introduced a new protocol, Multiple Protocol Label Switching (MPLS), to provide high-performance data flows within the Internet. MPLS emulates two major aspects of the Asynchronous Transfer Mode (ATM) technology. First, each initial IP packet is 'routed' to its destination based on previously known delay and congestion avoidance mechanisms. This allows for effective distribution of network resources and reduces the probability of congestion. Second, after route selection each subsequent packet is assigned a label at each hop, whichmore » determines the output port for the packet to reach its final destination. These labels guide the forwarding of each packet at routing nodes more efficiently and with more control than traditional IP forwarding (based on complete address information in each packet) for high-performance data flows. Label assignment is critical in the prompt and accurate delivery of user data. However, the protocols for label distribution were not adequately secured. Thus, if an adversary compromises a node by intercepting and modifying, or more simply injecting false labels into the packet-forwarding engine, the propagation of improperly labeled data flows could create instability in the entire network. In addition, some Virtual Private Network (VPN) solutions take advantage of this 'virtual channel' configuration to eliminate the need for user data encryption to provide privacy. VPN's relying on MPLS require accurate label assignment to maintain user data protection. This research developed a working distributive trust model that demonstrated how to deploy confidentiality, authentication, and non-repudiation in the global network label switching control plane. Simulation models and laboratory testbed implementations that demonstrated this concept were developed, and results from this research were transferred to industry via standards in the Optical Internetworking Forum (OIF).« less

17 CFR 240.14d-6 - Disclosure of tender offer information to security holders.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Disclosure of tender offer information to security holders. 240.14d-6 Section 240.14d-6 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934 Rules and...

Methods of Organizational Information Security

NASA Astrophysics Data System (ADS)

Martins, José; Dos Santos, Henrique

The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant dimensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foundation of norms focused on technologies, in processes and taking into consideration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the development of a method of security of information for an organization in a conflicting environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of "Network centric warfare", "Information superiority" and "Information warfare" especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.

48 CFR 1352.239-72 - Security requirements for information technology resources.

Code of Federal Regulations, 2011 CFR

2011-10-01

... information technology resources. 1352.239-72 Section 1352.239-72 Federal Acquisition Regulations System... Clauses 1352.239-72 Security requirements for information technology resources. As prescribed in 48 CFR 1339.270(b), insert the following clause: Security Requirements for Information Technology Resources...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 47 Telecommunication 3 2011-10-01 2011-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 47 Telecommunication 3 2010-10-01 2010-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security...

48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 6 2013-10-01 2013-10-01 false Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 6 2011-10-01 2011-10-01 false Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

48 CFR 1352.239-72 - Security requirements for information technology resources.

Code of Federal Regulations, 2013 CFR

2013-10-01

... information technology resources. 1352.239-72 Section 1352.239-72 Federal Acquisition Regulations System... Clauses 1352.239-72 Security requirements for information technology resources. As prescribed in 48 CFR 1339.270(b), insert the following clause: Security Requirements for Information Technology Resources...

48 CFR 1352.239-72 - Security requirements for information technology resources.

Code of Federal Regulations, 2012 CFR

2012-10-01

... information technology resources. 1352.239-72 Section 1352.239-72 Federal Acquisition Regulations System... Clauses 1352.239-72 Security requirements for information technology resources. As prescribed in 48 CFR 1339.270(b), insert the following clause: Security Requirements for Information Technology Resources...

48 CFR 1352.239-72 - Security requirements for information technology resources.

Code of Federal Regulations, 2014 CFR

2014-10-01

... information technology resources. 1352.239-72 Section 1352.239-72 Federal Acquisition Regulations System... Clauses 1352.239-72 Security requirements for information technology resources. As prescribed in 48 CFR 1339.270(b), insert the following clause: Security Requirements for Information Technology Resources...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security... 47 Telecommunication 3 2013-10-01 2013-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

47 CFR 64.5111 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Proprietary Network Information. § 64.5111 Notification of customer proprietary network information security... 47 Telecommunication 3 2013-10-01 2013-10-01 false Notification of customer proprietary network information security breaches. 64.5111 Section 64.5111 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

47 CFR 64.5111 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Proprietary Network Information. § 64.5111 Notification of customer proprietary network information security... 47 Telecommunication 3 2014-10-01 2014-10-01 false Notification of customer proprietary network information security breaches. 64.5111 Section 64.5111 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security... 47 Telecommunication 3 2014-10-01 2014-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security... 47 Telecommunication 3 2012-10-01 2012-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

48 CFR 1352.239-72 - Security requirements for information technology resources.

Code of Federal Regulations, 2010 CFR

2010-10-01

... information technology resources. 1352.239-72 Section 1352.239-72 Federal Acquisition Regulations System... Clauses 1352.239-72 Security requirements for information technology resources. As prescribed in 48 CFR 1339.270(b), insert the following clause: Security Requirements for Information Technology Resources...

Sharing Vital Signs between mobile phone applications.

PubMed

Karlen, Walter; Dumont, Guy A; Scheffer, Cornie

2014-01-01

We propose a communication library, ShareVitalSigns, for the standardized exchange of vital sign information between health applications running on mobile platforms. The library allows an application to request one or multiple vital signs from independent measurement applications on the Android OS. Compatible measurement applications are automatically detected and can be launched from within the requesting application, simplifying the work flow for the user and reducing typing errors. Data is shared between applications using intents, a passive data structure available on Android OS. The library is accompanied by a test application which serves as a demonstrator. The secure exchange of vital sign information using a standardized library like ShareVitalSigns will facilitate the integration of measurement applications into diagnostic and other high level health monitoring applications and reduce errors due to manual entry of information.

Explore Awareness of Information Security: Insights from Cognitive Neuromechanism.

PubMed

Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

2015-01-01

With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment.

Explore Awareness of Information Security: Insights from Cognitive Neuromechanism

PubMed Central

Han, Dongmei; Han, Tianlin; Dai, Xingyun

2015-01-01

With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment. PMID:26587017

Interactions between Financial and Environmental Networks in OECD Countries.

PubMed

Ruzzenenti, Franco; Joseph, Andreas; Ticci, Elisa; Vozzella, Pietro; Gabbi, Giampaolo

2015-01-01

We analysed a multiplex of financial and environmental networks between OECD countries from 2002 to 2010. Foreign direct investments and portfolio investment showing the flows in equity securities, short-term, long-term and total debt, these securities represent the financial layers; emissions of NOx, PM10, SO2, CO2 equivalent and the water footprint associated with international trade represent the environmental layers. We present a new measure of cross-layer correlations between flows in different layers based on reciprocity. For the assessment of results, we implement a null model for this measure based on the exponential random graph theory. We find that short-term financial flows are more correlated with environmental flows than long-term investments. Moreover, the correlations between reverse financial and environmental flows (i.e. the flows of different layers going in opposite directions) are generally stronger than correlations between synergic flows (flows going in the same direction). This suggests a trade-off between financial and environmental layers, where, more financialised countries display higher correlations between outgoing financial flows and incoming environmental flows than from lower financialised countries. Five countries are identified as hubs in this finance-environment multiplex: The United States, France, Germany, Belgium-Luxembourg and United Kingdom.

Interactions between Financial and Environmental Networks in OECD Countries

PubMed Central

Ruzzenenti, Franco; Joseph, Andreas; Ticci, Elisa; Vozzella, Pietro; Gabbi, Giampaolo

2015-01-01

We analysed a multiplex of financial and environmental networks between OECD countries from 2002 to 2010. Foreign direct investments and portfolio investment showing the flows in equity securities, short-term, long-term and total debt, these securities represent the financial layers; emissions of NO x, PM10, SO 2, CO 2 equivalent and the water footprint associated with international trade represent the environmental layers. We present a new measure of cross-layer correlations between flows in different layers based on reciprocity. For the assessment of results, we implement a null model for this measure based on the exponential random graph theory. We find that short-term financial flows are more correlated with environmental flows than long-term investments. Moreover, the correlations between reverse financial and environmental flows (i.e. the flows of different layers going in opposite directions) are generally stronger than correlations between synergic flows (flows going in the same direction). This suggests a trade-off between financial and environmental layers, where, more financialised countries display higher correlations between outgoing financial flows and incoming environmental flows than from lower financialised countries. Five countries are identified as hubs in this finance-environment multiplex: The United States, France, Germany, Belgium-Luxembourg and United Kingdom. PMID:26375393

17 CFR 240.14c-101 - Schedule 14C. Information required in information statement.

Code of Federal Regulations, 2014 CFR

2014-04-01

... separate copy of the annual report to security holders, information statement, or Notice of Internet... annual reports to security holders, information statements, or Notices of Internet Availability of Proxy... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Schedule 14C. Information...

17 CFR 240.14c-101 - Schedule 14C. Information required in information statement.

Code of Federal Regulations, 2013 CFR

2013-04-01

... separate copy of the annual report to security holders, information statement, or Notice of Internet... annual reports to security holders, information statements, or Notices of Internet Availability of Proxy... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Schedule 14C. Information...

17 CFR 240.14c-101 - Schedule 14C. Information required in information statement.

Code of Federal Regulations, 2012 CFR

2012-04-01

... separate copy of the annual report to security holders, information statement, or Notice of Internet... annual reports to security holders, information statements, or Notices of Internet Availability of Proxy... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Schedule 14C. Information...

Measuring the Effectiveness of Information Security Training: A Comparative Analysis of Computer-Based Training and Instructor-Based Training

ERIC Educational Resources Information Center

Kim, Philip

2010-01-01

Financial institutions are increasingly finding difficulty defending against information security risks and threats, as they are often the number one target for information thieves. An effective information security training and awareness program can be a critical component of protecting an organization's information assets. Many financial…

75 FR 9437 - Acxiom Corporation, Including Workers Whose Wages Are Reported Through May and Spey Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-02

..., Including Workers Whose Wages Are Reported Through May and Spey Information Security Team, Chicago, IL..., applicable to workers of Acxiom Corporation, Information Security Team, Downers Grove, Illinois. The notice... clients. New information shows that the correct location of the Information Security Team was located at...

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 2 2011-01-01 2011-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 2 2013-01-01 2013-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 2 2012-01-01 2012-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 2 2010-01-01 2010-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

78 FR 48076 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-07

... facility's involvement with classified information and may include a Facility Security Officer Orientation... procedures and duties applicable to the employee's job. (g) Refresher Briefings. The licensee or other.... (j) Records reflecting an individual's initial and refresher security orientations and security...

78 FR 48037 - Facility Security Clearance and Safeguarding of National Security Information and Restricted Data

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-07

... facility's involvement with classified information and may include a Facility Security Officer Orientation... procedures and duties applicable to the employee's job. (g) Refresher Briefings. The licensee or other.... (j) Records reflecting an individual's initial and refresher security orientations and security...

75 FR 73117 - New Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security Review

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-29

... Collection Activity Under OMB Review: Pipeline Corporate Security Review AGENCY: Transportation Security.... Information Collection Requirement Title: Pipeline Corporate Security Review (PCSR). Type of Request: New collection. OMB Control Number: Not yet assigned. Form(s): Pipeline Corporate Security Review (PCSR) Protocol...

28 CFR 17.13 - National Security Division; interpretation of Executive Orders.

Code of Federal Regulations, 2010 CFR

2010-07-01

... for National Security, who shall refer such questions to the Office of Legal Counsel, as appropriate... 28 Judicial Administration 1 2010-07-01 2010-07-01 false National Security Division... NATIONAL SECURITY INFORMATION AND ACCESS TO CLASSIFIED INFORMATION Administration § 17.13 National Security...

The personal health record paradox: health care professionals' perspectives and the information ecology of personal health record systems in organizational and clinical settings.

PubMed

Nazi, Kim M

2013-04-04

Despite significant consumer interest and anticipated benefits, overall adoption of personal health records (PHRs) remains relatively low. Understanding the consumer perspective is necessary, but insufficient by itself. Consumer PHR use also has broad implications for health care professionals and organizational delivery systems; however, these have received less attention. An exclusive focus on the PHR as a tool for consumer empowerment does not adequately take into account the social and organizational context of health care delivery, and the reciprocal nature of patient engagement. The purpose of this study was to examine the experiences of physicians, nurses, and pharmacists at the Department of Veterans Affairs (VA) using an organizationally sponsored PHR to develop insights into the interaction of technology and processes of health care delivery. The conceptual framework for the study draws on an information ecology perspective, which recognizes that a vibrant dynamic exists among technologies, people, practices, and values, accounting for both the values and norms of the participants and the practices of the local setting. The study explores the experiences and perspectives of VA health care professionals related to patient use of the My HealtheVet PHR portal and secure messaging systems. In-depth interviews were conducted with 30 VA health care professionals engaged in providing direct patient care who self-reported that they had experiences with at least 1 of 4 PHR features. Interviews were transcribed, coded, and analyzed to identify inductive themes. Organizational documents and artifacts were reviewed and analyzed to trace the trajectory of secure messaging implementation as part of the VA Patient Aligned Care Team (PACT) model. Study findings revealed a variety of factors that have facilitated or inhibited PHR adoption, use, and endorsement of patient use by health care professionals. Health care professionals' accounts and analysis of organizational documents revealed a multidimensional dynamic between the trajectory of secure messaging implementation and its impact on organizational actors and their use of technology, influencing workflow, practices, and the flow of information. In effect, secure messaging was the missing element of complex information ecology and its implementation acted as a catalyst for change. Secure messaging was found to have important consequences for access, communication, patient self-report, and patient/provider relationships. Study findings have direct implications for the development and implementation of PHR systems to ensure adequate training and support for health care professionals, alignment with clinical workflow, and features that enable information sharing and communication. Study findings highlight the importance of clinician endorsement and engagement, and the need to further examine both intended and unintended consequences of use. This research provides an integral step toward better understanding the social and organizational context and impact of PHR and secure messaging use in clinical practice settings.

78 FR 24461 - Agency Information Collection Activities; Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-25

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities; Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages [email protected] . (SSA), Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107...

76 FR 11835 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-03

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages [email protected] . (SSA) Social Security Administration, DCBFM, Attn: Reports Clearance Officer, 1333...

76 FR 817 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-06

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages [email protected] . (SSA), Social Security Administration, DCBFM, Attn: Reports Clearance Officer, 1333...

77 FR 40401 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-09

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages [email protected] . (SSA) Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107...

75 FR 69515 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-12

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages requiring..., E-mail address: [email protected] . (SSA) Social Security Administration, DCBFM, Attn...

77 FR 35739 - Agency Information Collection Activities: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-14

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Comment Request The Social Security Administration (SSA) publishes a list of information collection packages requiring...: 202-395-6974, Email address: [email protected] . (SSA), Social Security Administration...

78 FR 39055 - Agency Information Collection Activities: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-28

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Comment Request The Social Security Administration (SSA) publishes a list of information collection packages requiring... address: [email protected] . (SSA) Social Security Administration, DCRDP, Attn: Reports...

77 FR 62593 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-15

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages [email protected] . (SSA) Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107...

77 FR 33546 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-06

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages requiring...: 202-395-6974, Email address: [email protected] ; (SSA), Social Security Administration...

75 FR 43609 - Agency Information Collection Activities: Emergency Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Emergency Request The Social Security Administration (SSA) publishes a list of information collection packages requiring...) Social Security Administration, DCBFM, Attn: Reports Clearance Officer, 1340 Annex Building, 6401...

78 FR 56264 - Agency Information Collection Activities: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-12

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Comment Request The Social Security Administration (SSA) publishes a list of information collection packages requiring..., Email address: [email protected] . (SSA), Social Security Administration, DCRDP, Attn: Reports...

78 FR 26843 - Agency Information Collection Activities; Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-08

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities; Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages [email protected] . (SSA) Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107...

78 FR 59411 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-26

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages [email protected] . (SSA), Social Security Administration, DCRDP, Attn: Reports Clearance Director, 107...

76 FR 52043 - Agency Information Collection Activities: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-19

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Comment Request The Social Security Administration (SSA) publishes a list of information collection packages requiring.... E-mail address: [email protected] . (SSA) Social Security Administration, DCBFM. Attn...

Privacy and security of patient data in the pathology laboratory.

PubMed

Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

Information technology security system engineering methodology

NASA Technical Reports Server (NTRS)

Childs, D.

2003-01-01

A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

Power Grid Maintenance Scheduling Intelligence Arrangement Supporting System Based on Power Flow Forecasting

NASA Astrophysics Data System (ADS)

Xie, Chang; Wen, Jing; Liu, Wenying; Wang, Jiaming

With the development of intelligent dispatching, the intelligence level of network control center full-service urgent need to raise. As an important daily work of network control center, the application of maintenance scheduling intelligent arrangement to achieve high-quality and safety operation of power grid is very important. By analyzing the shortages of the traditional maintenance scheduling software, this paper designs a power grid maintenance scheduling intelligence arrangement supporting system based on power flow forecasting, which uses the advanced technologies in maintenance scheduling, such as artificial intelligence, online security checking, intelligent visualization techniques. It implements the online security checking of maintenance scheduling based on power flow forecasting and power flow adjusting based on visualization, in order to make the maintenance scheduling arrangement moreintelligent and visual.

Aerial secure display by use of polarization-processing display with retarder film and retro-reflector

NASA Astrophysics Data System (ADS)

Ito, Shusei; Uchida, Keitaro; Mizushina, Haruki; Suyama, Shiro; Yamamoto, Hirotsugu

2017-02-01

Security is one of the big issues in automated teller machine (ATM). In ATM, two types of security have to be maintained. One is to secure displayed information. The other is to secure screen contamination. This paper gives a solution for these two security issues. In order to secure information against peeping at the screen, we utilize visual cryptography for displayed information and limit the viewing zone. Furthermore, an aerial information screen with aerial imaging by retro-reflection, named AIRR enables users to avoid direct touch on the information screen. The purpose of this paper is to propose an aerial secure display technique that ensures security of displayed information as well as security against contamination problem on screen touch. We have developed a polarization-processing display that is composed of a backlight, a polarizer, a background LCD panel, a gap, a half-wave retarder, and a foreground LCD panel. Polarization angle is rotated with the LCD panels. We have constructed a polarization encryption code set. Size of displayed images are designed to limit the viewing position. Furthermore, this polarization-processing display has been introduced into our aerial imaging optics, which employs a reflective polarizer and a retro-reflector covered with a quarter-wave retarder. Polarization-modulated light forms the real image over the reflective polarizer. We have successfully formed aerial information screen that shows the secret image with a limited viewing position. This is the first realization of aerial secure display by use of polarization-processing display with retarder-film and retro-reflector.

39 CFR 267.4 - Information security standards.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 39 Postal Service 1 2013-07-01 2013-07-01 false Information security standards. 267.4 Section 267.4 Postal Service UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of...

39 CFR 267.4 - Information security standards.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 39 Postal Service 1 2012-07-01 2012-07-01 false Information security standards. 267.4 Section 267.4 Postal Service UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of...

39 CFR 267.4 - Information security standards.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 39 Postal Service 1 2014-07-01 2014-07-01 false Information security standards. 267.4 Section 267.4 Postal Service UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of...

39 CFR 267.4 - Information security standards.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 39 Postal Service 1 2011-07-01 2011-07-01 false Information security standards. 267.4 Section 267.4 Postal Service UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of...

39 CFR 267.4 - Information security standards.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 39 Postal Service 1 2010-07-01 2010-07-01 false Information security standards. 267.4 Section 267.4 Postal Service UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.4 Information security standards. (a) The Postal Service will operate under a uniform set of...

6 CFR 5.24 - Classified information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Classified information. 5.24 Section 5.24 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Privacy Act § 5.24 Classified information. In processing a request for access to a record...

48 CFR 2452.239-71 - Information Technology Virus Security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

48 CFR 2452.239-71 - Information Technology Virus Security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 6 2013-10-01 2013-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

48 CFR 2452.239-71 - Information Technology Virus Security.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

48 CFR 1252.239-71 - Information technology security plan and accreditation.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Information technology... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and...

48 CFR 1252.239-71 - Information technology security plan and accreditation.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Information technology... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and...

48 CFR 1252.239-71 - Information technology security plan and accreditation.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Information technology... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and...

48 CFR 2452.239-71 - Information Technology Virus Security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 6 2011-10-01 2011-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

48 CFR 1252.239-71 - Information technology security plan and accreditation.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 5 2012-10-01 2012-10-01 false Information technology... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and...

48 CFR 1252.239-71 - Information technology security plan and accreditation.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information technology... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and...

48 CFR 2452.239-71 - Information Technology Virus Security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

76 FR 9041 - Intent To Request Approval From OMB of One New Public Collection of Information: Security Program...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-16

... measure their effectiveness. Through its voluntary Corporate Security Review (CSR) Program, TSA's Highway... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Intent To Request Approval From OMB of One New Public Collection of Information: Security Program for Hazardous Materials Motor...

Federal Government Information Systems Security Management and Governance Are Pacing Factors for Innovation

ERIC Educational Resources Information Center

Edwards, Gregory

2011-01-01

Security incidents resulting from human error or subversive actions have caused major financial losses, reduced business productivity or efficiency, and threatened national security. Some research suggests that information system security frameworks lack emphasis on human involvement as a significant cause for security problems in a rapidly…

10 CFR 95.49 - Security of automatic data processing (ADP) systems.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 2 2010-01-01 2010-01-01 false Security of automatic data processing (ADP) systems. 95.49 Section 95.49 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.49 Security of...

49 CFR 1520.9 - Restrictions on the disclosure of SSI.

Code of Federal Regulations, 2010 CFR

2010-10-01

... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.9 Restrictions on the disclosure of SSI. (a) Duty to... infrastructure information under section 214 of the Homeland Security Act, any covered person who is a Federal...

Incentive Issues in Information Security Management

ERIC Educational Resources Information Center

Lee, Chul Ho

2012-01-01

This dissertation studies three incentive issues in information security management. The first essay studies contract issues between a firm that outsources security functions and a managed security service provider (MSSP) that provides security functions to the firm. Since MSSP and firms cannot observe each other's actions, both can suffer…

5 CFR 1312.8 - Standard identification and markings.

Code of Federal Regulations, 2011 CFR

2011-01-01

... CLASSIFICATION, DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Classification and Declassification of National Security Information § 1312.8 Standard identification and markings... or event for declassification that corresponds to the lapse of the information's national security...

75 FR 29797 - Agency Information Collection Activities: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-27

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Comment Request The Social Security Administration (SSA) publishes a list of information collection packages requiring... . (SSA) Social Security Administration, DCBFM, Attn: Director, Center for Reports Clearance, 1333 Annex...

76 FR 62630 - Information Security Regulations

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-11

... CENTRAL INTELLIGENCE AGENCY 32 CFR Part 1902 Information Security Regulations AGENCY: Central Intelligence Agency. ACTION: Final rule. SUMMARY: The Central Intelligence agency is removing certain information security regulations which have become outdated. The Executive Order upon which the regulations...

5 CFR 1312.8 - Standard identification and markings.

Code of Federal Regulations, 2010 CFR

2010-01-01

... CLASSIFICATION, DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Classification and Declassification of National Security Information § 1312.8 Standard identification and markings... or event for declassification that corresponds to the lapse of the information's national security...

75 FR 39611 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-09

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages requiring...-6974, E-mail address: [email protected] . (SSA) Social Security Administration, DCBFM, Attn...

75 FR 4606 - Agency Information Collection Activities: Proposed Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-28

... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages requiring...: 202-395-6974, E-mail address: [email protected] . (SSA), Social Security Administration...

76 FR 40768 - Occupational Information Development Advisory Panel Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-11

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2011-0044] Occupational Information Development Advisory Panel Meeting AGENCY: Social Security Administration (SSA). ACTION: Notice of upcoming panel... addressed to the Occupational Information Development Advisory Panel, Social Security Administration, 6401...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s or business associate's workforce in relation to the protection of that information...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s workforce in relation to the protection of that information. Authentication means the...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s workforce in relation to the protection of that information. Authentication means the...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s workforce in relation to the protection of that information. Authentication means the...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s or business associate's workforce in relation to the protection of that information...

Developing a Security Metrics Scorecard for Healthcare Organizations.

PubMed

Elrefaey, Heba; Borycki, Elizabeth; Kushniruk, Andrea

2015-01-01

In healthcare, information security is a key aspect of protecting a patient's privacy and ensuring systems availability to support patient care. Security managers need to measure the performance of security systems and this can be achieved by using evidence-based metrics. In this paper, we describe the development of an evidence-based security metrics scorecard specific to healthcare organizations. Study participants were asked to comment on the usability and usefulness of a prototype of a security metrics scorecard that was developed based on current research in the area of general security metrics. Study findings revealed that scorecards need to be customized for the healthcare setting in order for the security information to be useful and usable in healthcare organizations. The study findings resulted in the development of a security metrics scorecard that matches the healthcare security experts' information requirements.

Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds

PubMed Central

Park, Woo-Sung; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

2010-01-01

Objectives The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. Methods The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. Results With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. Conclusions The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS. PMID:21818429

12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for.... Definitions II. Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of...

12 CFR Appendix F to Part 225 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for.... Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B...

39 CFR 267.5 - National Security Information.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 39 Postal Service 1 2012-07-01 2012-07-01 false National Security Information. 267.5 Section 267.5 Postal Service UNITED STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.5 National Security Information. (a) Purpose and scope. The purpose of this section is to provide...