32 CFR 2800.4 - General information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... STATES SECURITY PROCEDURES § 2800.4 General information. (a) Staff Security Officer/Top Secret Control... Staff Security Officer will serve as Top Secret Control Officer and Assistant Top Secret Control Officer... responsible for the overall supervision of the Top Secret Control program. They will maintain positive control...

Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Architecture Lab Test Report

NASA Technical Reports Server (NTRS)

Iannicca, Dennis C.; McKim, James H.; Stewart, David H.; Thadhani, Suresh K.; Young, Daniel P.

2015-01-01

NASA Glenn Research Center, in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the FAA and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the current GRC prototype CNPC architecture as a demonstration platform. The security controls were integrated into a lab test bed mock-up of the Mobile IPv6 architecture currently being used for NASA flight testing, and a series of network tests were conducted to evaluate the security overhead of the controls compared to the baseline CNPC link without any security. The aim of testing was to evaluate the performance impact of the additional security control overhead when added to the Mobile IPv6 architecture in various modes of operation. The statistics collected included packet captures at points along the path to gauge packet size as the sample data traversed the CNPC network, round trip latency, jitter, and throughput. The effort involved a series of tests of the baseline link, a link with Robust Header Compression (ROHC) and without security controls, a link with security controls and without ROHC, and finally a link with both ROHC and security controls enabled. The effort demonstrated that ROHC is both desirable and necessary to offset the additional expected overhead of applying security controls to the CNPC link.

10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 2 2012-01-01 2012-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material control...

10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 2 2011-01-01 2011-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material control...

10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 2 2014-01-01 2014-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material control...

10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 2 2013-01-01 2013-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material control...

76 FR 67019 - Tenth Meeting: RTCA Special Committee 224, Airport Security Access Control

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-28

... 224, Airport Security Access Control AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Notice of RTCA Special Committee 224, Airport Security Access Control. SUMMARY: The... (Pub. L. 92-463, 5 U.S.C., App.), notice is hereby given for a Special Committee 224, Airport Security...

Research and realization of info-net security controlling system

NASA Astrophysics Data System (ADS)

Xu, Tao; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-03-01

The thesis introduces some relative concepts about Network Cybernetics, and we design and realize a new info-net security controlling system based on Network Cybernetics. The system can control the endpoints, safely save files, encrypt communication, supervise actions of users and show security conditions, in order to realize full-scale security management. At last, we simulate the functions of the system. The results show, the system can ensure the controllability of users and devices, and supervise them real-time. The system can maximize the security of the network and users.

OVERALL view OF CONTROL BUILDING AND SECURITY GATE. view TO ...

Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

OVERALL view OF CONTROL BUILDING AND SECURITY GATE. view TO EAST. - Plattsburgh Air Force Base, Security Police Entry Control Building, Off Perimeter Road in Weapons Storage Area, Plattsburgh, Clinton County, NY

OVERALL VIEW OF CONTROL BUILDING AND SECURITY GATE. VIEW TO ...

Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

OVERALL VIEW OF CONTROL BUILDING AND SECURITY GATE. VIEW TO NORTH. - Plattsburgh Air Force Base, Security Police Entry Control Building, Off Perimeter Road in SAC Alert Area, Plattsburgh, Clinton County, NY

MYSEA: The Monterey Security Architecture

DTIC Science & Technology

2009-01-01

Security and Protection, Organization and Design General Terms: Design; Security Keywords: access controls, authentication, information flow controls...Applicable environments include: mil- itary coalitions, agencies and organizations responding to security emergencies, and mandated sharing in business ...network architecture affords users the abil- ity to securely access information across networks at dif- ferent classifications using standardized

A security architecture for health information networks.

PubMed

Kailar, Rajashekar; Muralidhar, Vinod

2007-10-11

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

A Security Architecture for Health Information Networks

PubMed Central

Kailar, Rajashekar

2007-01-01

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today’s healthcare enterprise. Recent work on ‘nationwide health information network’ architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately. PMID:18693862

Cyber Security Assessment Report: Adventium Labs

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

2007-12-31

Major control system components often have life spans of 15-20 years. Many systems in our Nation's critical infrastructure were installed before the Internet became a reality and security was a concern. Consequently, control systems are generally insecure. Security is now being included in the development of new control system devices; however, legacy control systems remain vulnerable. Most efforts to secure control systems are aimed at protecting network borers, but if an intruder gets inside the network these systems are vulnerable to a cyber attack.

76 FR 59481 - Ninth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-26

... Control Systems (Update to DO-230B): Agenda October 20, 2011 Welcome/Introductions/Administrative Remarks... 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems. SUMMARY...

76 FR 50811 - Eighth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-16

... Control Systems (Update to DO-230B): Agenda September 15, 2011 Welcome/Introductions/Administrative... Committee 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems. SUMMARY...

21 CFR 1301.75 - Physical security controls for practitioners.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 21 Food and Drugs 9 2012-04-01 2012-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION....75 Physical security controls for practitioners. (a) Controlled substances listed in Schedule I shall...

21 CFR 1301.75 - Physical security controls for practitioners.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION....75 Physical security controls for practitioners. (a) Controlled substances listed in Schedule I shall...

21 CFR 1301.75 - Physical security controls for practitioners.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 21 Food and Drugs 9 2011-04-01 2011-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION....75 Physical security controls for practitioners. (a) Controlled substances listed in Schedule I shall...

21 CFR 1301.75 - Physical security controls for practitioners.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 21 Food and Drugs 9 2013-04-01 2013-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION....75 Physical security controls for practitioners. (a) Controlled substances listed in Schedule I shall...

21 CFR 1301.75 - Physical security controls for practitioners.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 21 Food and Drugs 9 2014-04-01 2014-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION....75 Physical security controls for practitioners. (a) Controlled substances listed in Schedule I shall...

17 CFR 229.308 - (Item 308) Internal control over financial reporting.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 2 2012-04-01 2012-04-01 false (Item 308) Internal control over financial reporting. 229.308 Section 229.308 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION STANDARD INSTRUCTIONS FOR FILING FORMS UNDER SECURITIES ACT OF 1933, SECURITIES EXCHANGE ACT OF 1934 AND ENERGY POLICY AND...

17 CFR 229.308 - (Item 308) Internal control over financial reporting.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 2 2013-04-01 2013-04-01 false (Item 308) Internal control over financial reporting. 229.308 Section 229.308 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION STANDARD INSTRUCTIONS FOR FILING FORMS UNDER SECURITIES ACT OF 1933, SECURITIES EXCHANGE ACT OF 1934 AND ENERGY POLICY AND...

17 CFR 229.308 - (Item 308) Internal control over financial reporting.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 3 2014-04-01 2014-04-01 false (Item 308) Internal control over financial reporting. 229.308 Section 229.308 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION STANDARD INSTRUCTIONS FOR FILING FORMS UNDER SECURITIES ACT OF 1933, SECURITIES EXCHANGE ACT OF 1934 AND ENERGY POLICY AND...

17 CFR 229.308 - (Item 308) Internal control over financial reporting.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 2 2011-04-01 2011-04-01 false (Item 308) Internal control over financial reporting. 229.308 Section 229.308 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION STANDARD INSTRUCTIONS FOR FILING FORMS UNDER SECURITIES ACT OF 1933, SECURITIES EXCHANGE ACT OF 1934 AND ENERGY POLICY AND...

76 FR 38742 - Seventh Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-01

... Control Systems (Update to DO-230B): Agenda July 15, 2011 Welcome/Introductions/Administrative Remarks... Committee 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to...

Providing security for automated process control systems at hydropower engineering facilities

NASA Astrophysics Data System (ADS)

Vasiliev, Y. S.; Zegzhda, P. D.; Zegzhda, D. P.

2016-12-01

This article suggests the concept of a cyberphysical system to manage computer security of automated process control systems at hydropower engineering facilities. According to the authors, this system consists of a set of information processing tools and computer-controlled physical devices. Examples of cyber attacks on power engineering facilities are provided, and a strategy of improving cybersecurity of hydropower engineering systems is suggested. The architecture of the multilevel protection of the automated process control system (APCS) of power engineering facilities is given, including security systems, control systems, access control, encryption, secure virtual private network of subsystems for monitoring and analysis of security events. The distinctive aspect of the approach is consideration of interrelations and cyber threats, arising when SCADA is integrated with the unified enterprise information system.

77 FR 71474 - Seventeenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-30

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the seventeenth meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

78 FR 31627 - Twenty-Second Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-24

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the twenty-second meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

78 FR 7850 - Nineteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-04

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the nineteenth meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

77 FR 2343 - Eleventh Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-17

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the eleventh meeting of RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held...

78 FR 22025 - Twenty First Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-12

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the twenty first meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

77 FR 25525 - Thirteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems.

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-30

... Committee 224, Airport Security Access Control Systems. AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the thirteenth meeting of RTCA Special Committee 224, Airport Security Access Control Systems DATES: The meeting will be...

77 FR 15448 - Twelfth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-15

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the twelfth meeting of RTCA Special Committee 224, Airport Security Access Control Systems DATES: The meeting will be...

Water security evaluation in Yellow River basin

NASA Astrophysics Data System (ADS)

Jiang, Guiqin; He, Liyuan; Jing, Juan

2018-03-01

Water security is an important basis for making water security protection strategy, which concerns regional economic and social sustainable development. In this paper, watershed water security evaluation index system including 3 levels of 5 criterion layers (water resources security, water ecological security and water environment security, water disasters prevention and control security and social economic security) and 24 indicators were constructed. The entropy weight method was used to determine the weights of the indexes in the system. The water security index of 2000, 2005, 2010 and 2015 in Yellow River basin were calculated by linear weighting method based on the relative data. Results show that the water security conditions continue to improve in Yellow River basin but still in a basic security state. There is still a long way to enhance the water security in Yellow River basin, especially the water prevention and control security, the water ecological security and water environment security need to be promoted vigorously.

17 CFR 240.17Ad-13 - Annual study and evaluation of internal accounting control.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Annual study and evaluation of internal accounting control. 240.17Ad-13 Section 240.17Ad-13 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934 Rules and Regulations Under the Securities...

17 CFR 240.17Ad-13 - Annual study and evaluation of internal accounting control.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Annual study and evaluation of internal accounting control. 240.17Ad-13 Section 240.17Ad-13 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934 Rules and Regulations Under the Securities...

17 CFR 240.17Ad-13 - Annual study and evaluation of internal accounting control.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Annual study and evaluation of internal accounting control. 240.17Ad-13 Section 240.17Ad-13 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934 Rules and Regulations Under the Securities...

17 CFR 240.17Ad-13 - Annual study and evaluation of internal accounting control.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Annual study and evaluation of internal accounting control. 240.17Ad-13 Section 240.17Ad-13 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934 Rules and Regulations Under the Securities...

33 CFR 106.265 - Security measures for restricted areas.

Code of Federal Regulations, 2010 CFR

2010-07-01

...) Telecommunications; (iii) Power distribution system; (iv) Access points for ventilation and air-conditioning systems... security areas within the OCS facility; (6) Protect security and surveillance equipment and systems; and (7... security and surveillance equipment and systems and their controls, and lighting system controls; and (3...

36 CFR 1256.70 - What controls access to national security-classified information?

Code of Federal Regulations, 2010 CFR

2010-07-01

... national security-classified information? 1256.70 Section 1256.70 Parks, Forests, and Public Property... HISTORICAL MATERIALS Access to Materials Containing National Security-Classified Information § 1256.70 What controls access to national security-classified information? (a) The declassification of and public access...

Report: EPA’s Office of Environmental Information Should Improve Ariel Rios and Potomac Yard Computer Room Security Controls

EPA Pesticide Factsheets

Report #12-P-0879, September 26, 2012. The security posture and in-place environmental control review of the computer rooms in the Ariel Rios and Potomac Yard buildings revealed numerous security and environmental control deficiencies.

A Novel Reference Security Model with the Situation Based Access Policy for Accessing EPHR Data.

PubMed

Gope, Prosanta; Amin, Ruhul

2016-11-01

Electronic Patient Health Record (EPHR) systems may facilitate a patient not only to share his/her health records securely with healthcare professional but also to control his/her health privacy, in a convenient and easy way even in case of emergency. In order to fulfill these requirements, it is greatly desirable to have the access control mechanism which can efficiently handle every circumstance without negotiating security. However, the existing access control mechanisms used in healthcare to regulate and restrict the disclosure of patient data are often bypassed in case of emergencies. In this article, we propose a way to securely share EPHR data under any situation including break-the-glass (BtG) without compromising its security. In this regard, we design a reference security model, which consists of a multi-level data flow hierarchy, and an efficient access control framework based on the conventional Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) policies.

The adoption of IT security standards in a healthcare environment.

PubMed

Gomes, Rui; Lapão, Luís Velez

2008-01-01

Security is a vital part of daily life to Hospitals that need to ensure that the information is adequately secured. In Portugal, more CIOs are seeking that their hospital IS departments are properly protecting information assets from security threats. It is imperative to take necessary measures to ensure risk management and business continuity. Security management certification provides just such a guarantee, increasing patient and partner confidence. This paper introduces one best practice for implementing four security controls in a hospital datacenter infrastructure (ISO27002), and describes the security assessment for implementing such controls.

Security Encryption Scheme for Communication of Web Based Control Systems

NASA Astrophysics Data System (ADS)

Robles, Rosslin John; Kim, Tai-Hoon

A control system is a device or set of devices to manage, command, direct or regulate the behavior of other devices or systems. The trend in most systems is that they are connected through the Internet. Traditional Supervisory Control and Data Acquisition Systems (SCADA) is connected only in a limited private network Since the internet Supervisory Control and Data Acquisition Systems (SCADA) facility has brought a lot of advantages in terms of control, data viewing and generation. Along with these advantages, are security issues regarding web SCADA, operators are pushed to connect Control Systems through the internet. Because of this, many issues regarding security surfaced. In this paper, we discuss web SCADA and the issues regarding security. As a countermeasure, a web SCADA security solution using crossed-crypto-scheme is proposed to be used in the communication of SCADA components.

Report: EPA’s Radiation and Indoor Environments National Laboratory Should Improve Its Computer Room Security Controls

EPA Pesticide Factsheets

Report #12-P-0847, September 21, 2012.Our review of the security posture and in-place environmental controls of EPA’s Radiation and Indoor Environments National Laboratory computer room disclosed an array of security and environmental control deficiencies.

Arms Control and National Security: An Introduction. Advance Edition.

ERIC Educational Resources Information Center

Arms Control Association, Washington, DC.

Suitable for use with high school students, this booklet on arms control and national security provides background information, describes basic concepts, reviews recent history, and offers suggestions for further reading. The first section, on American attitudes toward national security and arms control, defines five types of limits on weapons…

Security Controls Hurt Research, NAS Warns.

ERIC Educational Resources Information Center

Kolata, Gina

1982-01-01

A National Academy of Sciences (NAS) report found no evidence that leaks of technical information from universities or other research centers have damaged national security. However, in areas where control is warranted, decisions should be based on criteria. These criteria and issues related to security control and technological transfer are…

Access control based on attribute certificates for medical intranet applications.

PubMed

Mavridis, I; Georgiadis, C; Pangalos, G; Khair, M

2001-01-01

Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy.

33 CFR 104.265 - Security measures for access control.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security measures for access... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Requirements § 104.265 Security... security measures to: (1) Deter the unauthorized introduction of dangerous substances and devices...

Safe-haven locking device

DOEpatents

Williams, J.V.

1984-04-26

Disclosed is a locking device for eliminating external control of a secured space formed by fixed and movable barriers. The locking device uses externally and internally controlled locksets and a movable strike, operable from the secured side of the movable barrier, to selectively engage either lockset. A disengagement device, for preventing forces from being applied to the lock bolts is also disclosed. In this manner, a secured space can be controlled from the secured side as a safe-haven. 4 figures.

Graphs for information security control in software defined networks

NASA Astrophysics Data System (ADS)

Grusho, Alexander A.; Abaev, Pavel O.; Shorgin, Sergey Ya.; Timonina, Elena E.

2017-07-01

Information security control in software defined networks (SDN) is connected with execution of the security policy rules regulating information accesses and protection against distribution of the malicious code and harmful influences. The paper offers a representation of a security policy in the form of hierarchical structure which in case of distribution of resources for the solution of tasks defines graphs of admissible interactions in a networks. These graphs define commutation tables of switches via the SDN controller.

33 CFR 105.255 - Security measures for access control.

Code of Federal Regulations, 2010 CFR

2010-07-01

... and facilities; (4) Granting access to only those responding to the security incident or threat... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security measures for access... SECURITY MARITIME SECURITY MARITIME SECURITY: FACILITIES Facility Security Requirements § 105.255 Security...

21 CFR 1301.72 - Physical security controls for non-practitioners; narcotic treatment programs and compounders for...

Code of Federal Regulations, 2011 CFR

2011-04-01

... 21 Food and Drugs 9 2011-04-01 2011-04-01 false Physical security controls for non-practitioners... security controls for non-practitioners; narcotic treatment programs and compounders for narcotic treatment... shall have the following specifications or the equivalent: 30 man-minutes against surreptitious entry...

21 CFR 1301.72 - Physical security controls for non-practitioners; narcotic treatment programs and compounders for...

Code of Federal Regulations, 2012 CFR

2012-04-01

... 21 Food and Drugs 9 2012-04-01 2012-04-01 false Physical security controls for non-practitioners... security controls for non-practitioners; narcotic treatment programs and compounders for narcotic treatment... shall have the following specifications or the equivalent: 30 man-minutes against surreptitious entry...

21 CFR 1301.72 - Physical security controls for non-practitioners; narcotic treatment programs and compounders for...

Code of Federal Regulations, 2010 CFR

2010-04-01

... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Physical security controls for non-practitioners... security controls for non-practitioners; narcotic treatment programs and compounders for narcotic treatment... shall have the following specifications or the equivalent: 30 man-minutes against surreptitious entry...

21 CFR 1301.72 - Physical security controls for non-practitioners; narcotic treatment programs and compounders for...

Code of Federal Regulations, 2013 CFR

2013-04-01

... 21 Food and Drugs 9 2013-04-01 2013-04-01 false Physical security controls for non-practitioners... security controls for non-practitioners; narcotic treatment programs and compounders for narcotic treatment... shall have the following specifications or the equivalent: 30 man-minutes against surreptitious entry...

Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety

DOT National Transportation Integrated Search

1998-05-01

Given the paramount importance of computer security of Air Traffic Control (ATC) systems, Congress asked the General Accounting Office to determine (1) whether the Fedcral Aviation Administration (FAA) is effectively managing physical security at ATC...

33 CFR 104.405 - Format of the Vessel Security Plan (VSP).

Code of Federal Regulations, 2010 CFR

2010-07-01

...) Communications; (9) Security systems and equipment maintenance; (10) Security measures for access control... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Format of the Vessel Security... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Plan (VSP) § 104.405 Format of the...

Main control computer security model of closed network systems protection against cyber attacks

NASA Astrophysics Data System (ADS)

Seymen, Bilal

2014-06-01

The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

The Use of BS7799 Information Security Standard to Construct Mechanisms for the Management of Medical Organization Information Security

NASA Astrophysics Data System (ADS)

Liu, Shu-Fan; Chueh, Hao-En; Liao, Kuo-Hsiung

According to surveys, 80 % of security related events threatening information in medical organizations is due to improper management. Most research on information security has focused on information and security technology, such as network security and access control; rarely addressing issues at the management issues. The main purpose of this study is to construct a BS7799 based mechanism for the management of information with regard to security as it applies to medical organizations. This study analyzes and identifies the most common events related to information security in medical organizations and categorizes these events as high-risk, transferable-risk, and controlled-risk to facilitate the management of such risk.

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew A.

2014-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to the communication among the military branches legionnaires. With advanced persistent threats (APT's) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning, and configuration of network devices i.e. routers and IDS's/IPS's. In addition, I will be completing security assessments on software and hardware, vulnerability assessments and reporting, and conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew

2013-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere was heightened from Airports to the communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning and configuration of network devices i.e. routers and IDSsIPSs. In addition I will be completing security assessments on software and hardware, vulnerability assessments and reporting, conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, policies and procedures.

Dynamic Key Management Schemes for Secure Group Access Control Using Hierarchical Clustering in Mobile Ad Hoc Networks

NASA Astrophysics Data System (ADS)

Tsaur, Woei-Jiunn; Pai, Haw-Tyng

2008-11-01

The applications of group computing and communication motivate the requirement to provide group access control in mobile ad hoc networks (MANETs). The operation in MANETs' groups performs a decentralized manner and accommodated membership dynamically. Moreover, due to lack of centralized control, MANETs' groups are inherently insecure and vulnerable to attacks from both within and outside the groups. Such features make access control more challenging in MANETs. Recently, several researchers have proposed group access control mechanisms in MANETs based on a variety of threshold signatures. However, these mechanisms cannot actually satisfy MANETs' dynamic environments. This is because the threshold-based mechanisms cannot be achieved when the number of members is not up to the threshold value. Hence, by combining the efficient elliptic curve cryptosystem, self-certified public key cryptosystem and secure filter technique, we construct dynamic key management schemes based on hierarchical clustering for securing group access control in MANETs. Specifically, the proposed schemes can constantly accomplish secure group access control only by renewing the secure filters of few cluster heads, when a cluster head joins or leaves a cross-cluster. In such a new way, we can find that the proposed group access control scheme can be very effective for securing practical applications in MANETs.

Access Control based on Attribute Certificates for Medical Intranet Applications

PubMed Central

Georgiadis, Christos; Pangalos, George; Khair, Marie

2001-01-01

Background Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. Objectives To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. Methods We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Results Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Conclusions Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy. PMID:11720951

33 CFR 106.405 - Format and content of the Facility Security Plan (FSP).

Code of Federal Regulations, 2010 CFR

2010-07-01

...; (9) Security systems and equipment maintenance; (10) Security measures for access control; (11... Facility Security Plan (FSP). 106.405 Section 106.405 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES...

Secure public cloud platform for medical images sharing.

PubMed

Pan, Wei; Coatrieux, Gouenou; Bouslimi, Dalel; Prigent, Nicolas

2015-01-01

Cloud computing promises medical imaging services offering large storage and computing capabilities for limited costs. In this data outsourcing framework, one of the greatest issues to deal with is data security. To do so, we propose to secure a public cloud platform devoted to medical image sharing by defining and deploying a security policy so as to control various security mechanisms. This policy stands on a risk assessment we conducted so as to identify security objectives with a special interest for digital content protection. These objectives are addressed by means of different security mechanisms like access and usage control policy, partial-encryption and watermarking.

17 CFR 240.17i-4 - Internal risk management control system requirements for supervised investment bank holding...

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Internal risk management control system requirements for supervised investment bank holding companies. 240.17i-4 Section 240.17i-4 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934...

17 CFR 240.17i-4 - Internal risk management control system requirements for supervised investment bank holding...

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Internal risk management control system requirements for supervised investment bank holding companies. 240.17i-4 Section 240.17i-4 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934...

A threat intelligence framework for access control security in the oil industry

NASA Astrophysics Data System (ADS)

Alaskandrani, Faisal T.

The research investigates the problem raised by the rapid development in the technology industry giving security concerns in facilities built by the energy industry containing diverse platforms. The difficulty of continuous updates to network security architecture and assessment gave rise to the need to use threat intelligence frameworks to better assess and address networks security issues. Focusing on access control security to the ICS and SCADA systems that is being utilized to carry out mission critical and life threatening operations. The research evaluates different threat intelligence frameworks that can be implemented in the industry seeking the most suitable and applicable one that address the issue and provide more security measures. The validity of the result is limited to the same environment that was researched as well as the technologies being utilized. The research concludes that it is possible to utilize a Threat Intelligence framework to prioritize security in Access Control Measures in the Oil Industry.

Semi-quantum communication: protocols for key agreement, controlled secure direct communication and dialogue

NASA Astrophysics Data System (ADS)

Shukla, Chitra; Thapliyal, Kishore; Pathak, Anirban

2017-12-01

Semi-quantum protocols that allow some of the users to remain classical are proposed for a large class of problems associated with secure communication and secure multiparty computation. Specifically, first-time semi-quantum protocols are proposed for key agreement, controlled deterministic secure communication and dialogue, and it is shown that the semi-quantum protocols for controlled deterministic secure communication and dialogue can be reduced to semi-quantum protocols for e-commerce and private comparison (socialist millionaire problem), respectively. Complementing with the earlier proposed semi-quantum schemes for key distribution, secret sharing and deterministic secure communication, set of schemes proposed here and subsequent discussions have established that almost every secure communication and computation tasks that can be performed using fully quantum protocols can also be performed in semi-quantum manner. Some of the proposed schemes are completely orthogonal-state-based, and thus, fundamentally different from the existing semi-quantum schemes that are conjugate coding-based. Security, efficiency and applicability of the proposed schemes have been discussed with appropriate importance.

Effortful control mediates relations between children's attachment security and their regard for rules of conduct

PubMed Central

Nordling, Jamie Koenig; Boldt, Lea J.; O'Bleness, Jessica; Kochanska, Grazyna

2015-01-01

Although attachment security has been associated with children's rule-compatible conduct, the mechanism through which attachment influences early regard for rules is not well established. We hypothesized that effortful control would mediate the link between security and indicators of children's emerging regard for rules (discomfort following rule violations, internalization of parents' and experimenter's rules, few externalizing behaviors). In a longitudinal study, the Attachment Q-Set was completed by parents, effortful control was observed, and Regard for Rules was observed and rated by parents. The proposed model fit the data well: Children's security to mothers predicted their effortful control, which in turn had a direct link to a greater Regard for Rules. Children's security with fathers did not predict effortful control. The mother-child relationship appears particularly important for positive developmental cascades of self-regulation and socialization. PMID:27158193

Auditing Albaha University Network Security using in-house Developed Penetration Tool

NASA Astrophysics Data System (ADS)

Alzahrani, M. E.

2018-03-01

Network security becomes very important aspect in any enterprise/organization computer network. If important information of the organization can be accessed by anyone it may be used against the organization for further own interest. Thus, network security comes into it roles. One of important aspect of security management is security audit. Security performance of Albaha university network is relatively low (in term of the total controls outlined in the ISO 27002 security control framework). This paper proposes network security audit tool to address issues in Albaha University network. The proposed penetration tool uses Nessus and Metasploit tool to find out the vulnerability of a site. A regular self-audit using inhouse developed tool will increase the overall security and performance of Albaha university network. Important results of the penetration test are discussed.

Agent of opportunity risk mitigation: people, engineering, and security efficacy.

PubMed

Graham, Margaret E; Tunik, Michael G; Farmer, Brenna M; Bendzans, Carly; McCrillis, Aileen M; Nelson, Lewis S; Portelli, Ian; Smith, Silas; Goldberg, Judith D; Zhang, Meng; Rosenberg, Sheldon D; Goldfrank, Lewis R

2010-12-01

Agents of opportunity (AO) are potentially harmful biological, chemical, radiological, and pharmaceutical substances commonly used for health care delivery and research. AOs are present in all academic medical centers (AMC), creating vulnerability in the health care sector; AO attributes and dissemination methods likely predict risk; and AMCs are inadequately secured against a purposeful AO dissemination, with limited budgets and competing priorities. We explored health care workers' perceptions of AMC security and the impact of those perceptions on AO risk. Qualitative methods (survey, interviews, and workshops) were used to collect opinions from staff working in a medical school and 4 AMC-affiliated hospitals concerning AOs and the risk to hospital infrastructure associated with their uncontrolled presence. Secondary to this goal, staff perception concerning security, or opinions about security behaviors of others, were extracted, analyzed, and grouped into themes. We provide a framework for depicting the interaction of staff behavior and access control engineering, including the tendency of staff to "defeat" inconvenient access controls. In addition, 8 security themes emerged: staff security behavior is a significant source of AO risk; the wide range of opinions about "open" front-door policies among AMC staff illustrates a disparity of perceptions about the need for security; interviewees expressed profound skepticism concerning the effectiveness of front-door access controls; an AO risk assessment requires reconsideration of the security levels historically assigned to areas such as the loading dock and central distribution sites, where many AOs are delivered and may remain unattended for substantial periods of time; researchers' view of AMC security is influenced by the ongoing debate within the scientific community about the wisdom of engaging in bioterrorism research; there was no agreement about which areas of the AMC should be subject to stronger access controls; security personnel play dual roles of security and customer service, creating the negative perception that neither role is done well; and budget was described as an important factor in explaining the state of security controls. We determined that AMCs seeking to reduce AO risk should assess their institutionally unique AO risks, understand staff security perceptions, and install access controls that are responsive to the staff's tendency to defeat them. The development of AO attribute fact sheets is desirable for AO risk assessment; new funding and administrative or legislative tools to improve AMC security are required; and security practices and methods that are convenient and effective should be engineered.

47 CFR 87.395 - Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA).

Code of Federal Regulations, 2012 CFR

2012-10-01

... and Air Navigation Aids (Short Title: SCATANA). 87.395 Section 87.395 Telecommunication FEDERAL... Communications § 87.395 Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA). (a) The Plan for the Security Control of Air Traffic and Air Navigation Aids (SCATANA) is...

47 CFR 87.395 - Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA).

Code of Federal Regulations, 2014 CFR

2014-10-01

... and Air Navigation Aids (Short Title: SCATANA). 87.395 Section 87.395 Telecommunication FEDERAL... Communications § 87.395 Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA). (a) The Plan for the Security Control of Air Traffic and Air Navigation Aids (SCATANA) is...

47 CFR 87.395 - Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA).

Code of Federal Regulations, 2013 CFR

2013-10-01

... and Air Navigation Aids (Short Title: SCATANA). 87.395 Section 87.395 Telecommunication FEDERAL... Communications § 87.395 Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA). (a) The Plan for the Security Control of Air Traffic and Air Navigation Aids (SCATANA) is...

47 CFR 87.395 - Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA).

Code of Federal Regulations, 2011 CFR

2011-10-01

... and Air Navigation Aids (Short Title: SCATANA). 87.395 Section 87.395 Telecommunication FEDERAL... Communications § 87.395 Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA). (a) The Plan for the Security Control of Air Traffic and Air Navigation Aids (SCATANA) is...

47 CFR 87.395 - Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA).

Code of Federal Regulations, 2010 CFR

2010-10-01

... and Air Navigation Aids (Short Title: SCATANA). 87.395 Section 87.395 Telecommunication FEDERAL... Communications § 87.395 Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA). (a) The Plan for the Security Control of Air Traffic and Air Navigation Aids (SCATANA) is...

A Hierarchical Security Architecture for Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Quanyan Zhu; Tamer Basar

2011-08-01

Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.

Communication Security for Control Systems in Smart Grid

NASA Astrophysics Data System (ADS)

Robles, Rosslin John; Kim, Tai-Hoon

As an example of Control System, Supervisory Control and Data Acquisition systems can be relatively simple, such as one that monitors environmental conditions of a small office building, or incredibly complex, such as a system that monitors all the activity in a nuclear power plant or the activity of a municipal water system. SCADA systems are basically Process Control Systems, designed to automate systems such as traffic control, power grid management, waste processing etc. Connecting SCADA to the Internet can provide a lot of advantages in terms of control, data viewing and generation. SCADA infrastructures like electricity can also be a part of a Smart Grid. Connecting SCADA to a public network can bring a lot of security issues. To answer the security issues, a SCADA communication security solution is proposed.

17 CFR 240.15c3-4 - Internal risk management control systems for OTC derivatives dealers.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Internal risk management control systems for OTC derivatives dealers. 240.15c3-4 Section 240.15c3-4 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934 Rules and Regulations Under the...

Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Flight Test Report

NASA Technical Reports Server (NTRS)

Iannicca, Dennis C.; Ishac, Joseph A.; Shalkhauser, Kurt A.

2015-01-01

NASA Glenn Research Center (GRC), in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the Federal Aviation Administration (FAA) and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the GRC prototype CNPC architecture as a demonstration platform. The proposed security controls were integrated into the GRC flight test system aboard our S-3B Viking surrogate aircraft and several network tests were conducted during a flight on November 15th, 2014 to determine whether the controls were working properly within the flight environment. The flight test was also the first to integrate Robust Header Compression (ROHC) as a means of reducing the additional overhead introduced by the security controls and Mobile IPv6. The effort demonstrated the complete end-to-end secure CNPC link in a relevant flight environment.

Distributed Secure Coordinated Control for Multiagent Systems Under Strategic Attacks.

PubMed

Feng, Zhi; Wen, Guanghui; Hu, Guoqiang

2017-05-01

This paper studies a distributed secure consensus tracking control problem for multiagent systems subject to strategic cyber attacks modeled by a random Markov process. A hybrid stochastic secure control framework is established for designing a distributed secure control law such that mean-square exponential consensus tracking is achieved. A connectivity restoration mechanism is considered and the properties on attack frequency and attack length rate are investigated, respectively. Based on the solutions of an algebraic Riccati equation and an algebraic Riccati inequality, a procedure to select the control gains is provided and stability analysis is studied by using Lyapunov's method.. The effect of strategic attacks on discrete-time systems is also investigated. Finally, numerical examples are provided to illustrate the effectiveness of theoretical analysis.

DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert S. Anderson; Mark Schanfein; Trond Bjornard

2011-07-01

Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is tomore » provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.« less

Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hadley, Mark D.; Clements, Samuel L.

2009-01-01

Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets aremore » considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.« less

Programmable Logic Controllers for Research on the Cyber Security of Industrial Power Plants

DTIC Science & Technology

2017-02-12

group . 15. SUBJECT TERMS Industrial control systems, cyber security 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF a. REPORT b. ABSTRACT c. THIS...currently valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS. 1. REPORT DATE (00-MM-YYYY) ,2. REPORT TYPE 3. DATES COVERED...From- To) 12/02/2017 Final 15 August 2015 - 12 February 2017 4. TITLE AND SUBTITLE Sa. CONTRACT NUMBER Programmable Logic Controllers for Research

Survey of methods for secure connection to the internet

NASA Astrophysics Data System (ADS)

Matsui, Shouichi

1994-04-01

This paper describes a study of a security method of protecting inside network computers against outside miscreants and unwelcome visitors and a control method when these computers are connected with the Internet. In the present Internet, a method to encipher all data cannot be used, so that it is necessary to utilize PEM (Privacy Enhanced Mail) capable of the encipherment and conversion of secret information. For preventing miscreant access by eavesdropping password, one-time password is effective. The most cost-effective method is a firewall system. This system lies between the outside and inside network. By limiting computers that directly communicate with the Internet, control is centralized and inside network security is protected. If the security of firewall systems is strictly controlled under correct setting, security within the network can be secured even in open networks such as the Internet.

Cyber secure systems approach for NPP digital control systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

McCreary, T. J.; Hsu, A.

2006-07-01

Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant andmore » distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from an intruder attempting to disrupt network communications by entering the system from an attached utility network or utilizing a modem connected to a control system PC that is in turn connected to a publicly accessible phone; 2)Threat from a user connecting an unauthorized computer to the control network; 3)Threat from a security attack when an unauthorized user gains access to a PC connected to the plant network;. 4)Threat from internal disruption (by plant staff, whether, malicious or otherwise) by unauthorized usage of files or file handling media that opens the system to security threat (as typified in current situation in most control rooms). The plant I and C system cyber security design and the plant specific procedures should adequately demonstrate protection from the four pertinent classes of cyber security attacks. The combination of these features should demonstrate that the system is not vulnerable to any analyzed cyber security attacks either from internal sources or through network connections. The authors will provide configurations that will demonstrate the Cyber Security Zone. (authors)« less

US-CERT Control System Center Input/Output (I/O) Conceputal Design

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

2005-02-01

This document was prepared for the US-CERT Control Systems Center of the National Cyber Security Division (NCSD) of the Department of Homeland Security (DHS). DHS has been tasked under the Homeland Security Act of 2002 to coordinate the overall national effort to enhance the protection of the national critical infrastructure. Homeland Security Presidential Directive HSPD-7 directs the federal departments to identify and prioritize critical infrastructure and protect it from terrorist attack. The US-CERT National Strategy for Control Systems Security was prepared by the NCSD to address the control system security component addressed in the National Strategy to Secure Cyberspace andmore » the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. The US-CERT National Strategy for Control Systems Security identified five high-level strategic goals for improving cyber security of control systems; the I/O upgrade described in this document supports these goals. The vulnerability assessment Test Bed, located in the Information Operations Research Center (IORC) facility at Idaho National Laboratory (INL), consists of a cyber test facility integrated with multiple test beds that simulate the nation's critical infrastructure. The fundamental mission of the Test Bed is to provide industry owner/operators, system vendors, and multi-agency partners of the INL National Security Division a platform for vulnerability assessments of control systems. The Input/Output (I/O) upgrade to the Test Bed (see Work Package 3.1 of the FY-05 Annual Work Plan) will provide for the expansion of assessment capabilities within the IORC facility. It will also provide capabilities to connect test beds within the Test Range and other Laboratory resources. This will allow real time I/O data input and communication channels for full replications of control systems (Process Control Systems [PCS], Supervisory Control and Data Acquisition Systems [SCADA], and components). This will be accomplished through the design and implementation of a modular infrastructure of control system, communications, networking, computing and associated equipment, and measurement/control devices. The architecture upgrade will provide a flexible patching system providing a quick ''plug and play''configuration through various communication paths to gain access to live I/O running over specific protocols. This will allow for in-depth assessments of control systems in a true-to-life environment. The full I/O upgrade will be completed through a two-phased approach. Phase I, funded by DHS, expands the capabilities of the Test Bed by developing an operational control system in two functional areas, the Science & Technology Applications Research (STAR) Facility and the expansion of various portions of the Test Bed. Phase II (see Appendix A), funded by other programs, will complete the full I/O upgrade to the facility.« less

32 CFR 245.6 - Abbreviations and acronyms.

Code of Federal Regulations, 2010 CFR

2010-07-01

...—Domestic Event Network DHS—Department of Homeland Security DND—Department of National Defence (Canada) DoD...) MISCELLANEOUS PLAN FOR THE EMERGENCY SECURITY CONTROL OF AIR TRAFFIC (ESCAT) Explanation of Terms, Acronyms and... Order ESCAT—Emergency Security Control of Air Traffic FAA—Federal Aviation Administration IFR—Instrument...

Arms Control and Nonproliferation: A Catalog of Treaties and Agreements

DTIC Science & Technology

2007-08-09

security and control over nuclear weapons and fissile materials. These projects provided Russia with bullet-proof Kevlar blankets, secure canisters ...U.S. security concerns. The United States and Soviet Union began to sign agreements limiting their strategic offensive nuclear weapons in the early...U.S.-Russian relationship. At the same time, however, the two sides began to cooperate on securing and eliminating Soviet-era nuclear , chemical, and

Digitally Controlled ’Programmable’ Active Filters.

DTIC Science & Technology

1985-12-01

Advisor: Sherif Michael Approved for public release; distribution is unlimited. U - ~ .%~ ~ % %’.4 ~ -. 4-. " %’ -. .4. z. . 4, ,4°*-4° -o - ’ SECURITY ...CLASSIFICATION O THI PAGE ff ,’- -""" REPORT DOCUMENTATION PAGE Ia REPORT SECURITY CLASSIFICATION lb. RESTRICTIVE MARKINGS 2a SECURITY CLASSIFICATION...ELEMENT NO. NO NO. ACCESSION NO. S 11 TITLE (Include Security ClassWfication) , DIGITALLY CONTROLLED "PROGRAMMABLE" ACTIVE FILTERS 1 PERSONAL AUTHOR

33 CFR 101.405 - Maritime Security (MARSEC) Directives.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Maritime Security (MARSEC... SECURITY MARITIME SECURITY MARITIME SECURITY: GENERAL Control Measures for Security § 101.405 Maritime... necessary to respond to a threat assessment or to a specific threat against the maritime elements of the...

Cyber Security Testing and Training Programs for Industrial Control Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Daniel Noyes

2012-03-01

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall securitymore » posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.« less

Taking Steps to Protect Against the Insider Threat

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pope, Noah Gale; Williams, Martha; Lewis, Joel

2015-10-16

Research reactors are required (in accordance with the Safeguards Agreement between the State and the IAEA) to maintain a system of nuclear material accounting and control for reporting quantities of nuclear material received, shipped, and held on inventory. Enhancements to the existing accounting and control system can be made at little additional cost to the facility, and these enhancements can make nuclear material accounting and control useful for nuclear security. In particular, nuclear material accounting and control measures can be useful in protecting against an insider who is intent on unauthorized removal or misuse of nuclear material or misuse ofmore » equipment. An enhanced nuclear material accounting and control system that responds to nuclear security is described in NSS-25G, Use of Nuclear Material Accounting and Control for Nuclear Security Purposes at Facilities, which is scheduled for distribution by the IAEA Department of Nuclear Security later this year. Accounting and control measures that respond to the insider threat are also described in NSS-33, Establishing a System for Control of Nuclear Material for Nuclear Security Purposes at a Facility During Storage, Use and Movement, and in NSS-41, Preventive and Protective Measures against Insider Threats (originally issued as NSS-08), which are available in draft form. This paper describes enhancements to existing material control and accounting systems that are specific to research reactors, and shows how they are important to nuclear security and protecting against an insider.« less

A Network Access Control Framework for 6LoWPAN Networks

PubMed Central

Oliveira, Luís M. L.; Rodrigues, Joel J. P. C.; de Sousa, Amaro F.; Lloret, Jaime

2013-01-01

Low power over wireless personal area networks (LoWPAN), in particular wireless sensor networks, represent an emerging technology with high potential to be employed in critical situations like security surveillance, battlefields, smart-grids, and in e-health applications. The support of security services in LoWPAN is considered a challenge. First, this type of networks is usually deployed in unattended environments, making them vulnerable to security attacks. Second, the constraints inherent to LoWPAN, such as scarce resources and limited battery capacity, impose a careful planning on how and where the security services should be deployed. Besides protecting the network from some well-known threats, it is important that security mechanisms be able to withstand attacks that have not been identified before. One way of reaching this goal is to control, at the network access level, which nodes can be attached to the network and to enforce their security compliance. This paper presents a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes. PMID:23334610

32 CFR 2700.42 - Responsibility for safeguarding classified information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... responsibility. (b) Security and Top Secret Control Officers. The Director, OMSN, and the Status Liaison Officer, Saipan, are assigned specific security responsibilities as Security Officer and Top Secret Control Officer. (c) Handling. All documents bearing the terms “Top Secret,” “Secret” and “Confidential” shall be...

10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... significance (Category III), and for protection of Restricted Data, National Security Information, Safeguards... 10 Energy 2 2010-01-01 2010-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED...

33 CFR 106.260 - Security measures for access control.

Code of Federal Regulations, 2013 CFR

2013-07-01

... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental... unattended spaces that adjoin areas to which OCS facility personnel and visitors have access; (9) Ensure OCS...

33 CFR 106.260 - Security measures for access control.

Code of Federal Regulations, 2012 CFR

2012-07-01

... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental... unattended spaces that adjoin areas to which OCS facility personnel and visitors have access; (9) Ensure OCS...

33 CFR 106.260 - Security measures for access control.

Code of Federal Regulations, 2011 CFR

2011-07-01

... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental... unattended spaces that adjoin areas to which OCS facility personnel and visitors have access; (9) Ensure OCS...

33 CFR 106.260 - Security measures for access control.

Code of Federal Regulations, 2014 CFR

2014-07-01

... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental... unattended spaces that adjoin areas to which OCS facility personnel and visitors have access; (9) Ensure OCS...

33 CFR 106.260 - Security measures for access control.

Code of Federal Regulations, 2010 CFR

2010-07-01

... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental... unattended spaces that adjoin areas to which OCS facility personnel and visitors have access; (9) Ensure OCS...

Cyber-Physical Attack-Resilient Wide-Area Monitoring, Protection, and Control for the Power Grid

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ashok, Aditya; Govindarasu, Manimaran; Wang, Jianhui

Cyber security and resiliency of Wide-Area Monitoring, Protection and Control (WAMPAC) applications is critically important to ensure secure, reliable, and economic operation of the bulk power system. WAMPAC relies heavily on the security of measurements and control commands transmitted over wide-area communication networks for real-time operational, protection, and control functions. Also, the current “N-1 security criteria” for grid operation is inadequate to address malicious cyber events and therefore it is important to fundamentally redesign WAMPAC and to enhance Energy Management System (EMS) applications to make them attack-resilient. In this paper, we propose an end-to-end defense-in-depth architecture for attack-resilient WAMPAC thatmore » addresses resilience at both the infrastructure layer and the application layers. Also, we propose an attack-resilient cyber-physical security framework that encompasses the entire security life cycle including risk assessment, attack prevention, attack detection, attack mitigation, and attack resilience. The overarching objective of this paper is to provide a broad scope that comprehensively describes most of the major research issues and potential solutions in the context of cyber-physical security of WAMPAC for the power grid.« less

Information-Flow-Based Access Control for Web Browsers

NASA Astrophysics Data System (ADS)

Yoshihama, Sachiko; Tateishi, Takaaki; Tabuchi, Naoshi; Matsumoto, Tsutomu

The emergence of Web 2.0 technologies such as Ajax and Mashup has revealed the weakness of the same-origin policy[1], the current de facto standard for the Web browser security model. We propose a new browser security model to allow fine-grained access control in the client-side Web applications for secure mashup and user-generated contents. We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege of scripts in the event-driven programming model.

India’s Emerging Security Strategy, Missile Defense, and Arms Control

DTIC Science & Technology

2004-06-01

and contemplate a security strategy. Starting in July 1998, a series of negotiations between Foreign Minister Jaswant Singh and US envoy Strobe...arms control.46 The Singh -Talbott discussions eventually led to the reaffirmation of civilian command-and-control and a doctrine of “minimum...Council (NSC), including Prime Minister Vajpayee, Minister of Foreign Affairs Singh , and Minister of Defense Fernandes, and appointed a National Security

Controlled Secure Direct Communication with Seven-Qubit Entangled States

NASA Astrophysics Data System (ADS)

Wang, Shu-Kai; Zha, Xin-Wei; Wu, Hao

2018-01-01

In this paper, a new controlled secure direct communication protocol based on a maximally seven-qubit entangled state is proposed. the outcomes of measurement is performed by the sender and the controller, the receiver can obtain different secret messages in a deterministic way with unit successful probability.In this scheme,by using entanglement swapping, no qubits carrying secret messages are transmitted.Therefore, the protocol is completely secure.

Building a Secure Library System.

ERIC Educational Resources Information Center

Benson, Allen C.

1998-01-01

Presents tips for building a secure library system to guard against threats like hackers, viruses, and theft. Topics include: determining what is at risk; recovering from disasters; developing security policies; developing front-end security; securing menu systems; accessing control programs; protecting against damage from viruses; developing…

Crosstalk: The Journal of Defense Software Engineering. Volume 22, Number 3

DTIC Science & Technology

2009-04-01

international standard for information security management systems like ISO /IEC 27001 :2005 [1] existed. Since that time, the organization has developed control...of ISO /IEC 27001 and the desire to make decisions based on business value and risk has prompted Ford’s IT Security and Controls organi- zation to begin...their conventional application security operation.u References 1. ISO /IEC 27001 :2005. “Information Technology – Security Techniques – Information

How to implement security controls for an information security program at CBRN facilities

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in anmore » easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.« less

Cyber Security and Resilient Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert S. Anderson

2009-07-01

The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments tomore » date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the next generation fighter jets or nuclear material safeguards systems in complex nuclear fuel cycle facilities. It is the intent of this paper to describe the cyber security programs that are currently in place, the experiences and successes achieved in industry including outreach and training, and suggestions about how other sectors and organizations can leverage this national expertise to help their monitoring and control systems become more secure.« less

A game-theoretical approach to multimedia social networks security.

PubMed

Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

2014-01-01

The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders.

A Game-Theoretical Approach to Multimedia Social Networks Security

PubMed Central

Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

2014-01-01

The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders. PMID:24977226

CAS. Controlled Access Security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Martinez, B.; Pomeroy, G.

1989-12-01

The Security Alarm System is a data acquisition and control system which collects data from intrusion sensors and displays the information in a real-time environment for operators. The Access Control System monitors and controls the movement of personnel with the use of card readers and biometrics hand readers.

IT Security Support for Spaceport Command and Control System

NASA Technical Reports Server (NTRS)

McLain, Jeffrey

2013-01-01

During the fall 2013 semester, I worked at the Kennedy Space Center as an IT Security Intern in support of the Spaceport Command and Control System under the guidance of the IT Security Lead Engineer. Some of my responsibilities included assisting with security plan documentation collection, system hardware and software inventory, and malicious code and malware scanning. Throughout the semester, I had the opportunity to work on a wide range of security related projects. However, there are three projects in particular that stand out. The first project I completed was updating a large interactive spreadsheet that details the SANS Institutes Top 20 Critical Security Controls. My task was to add in all of the new commercial of the shelf (COTS) software listed on the SANS website that can be used to meet their Top 20 controls. In total, there are 153 unique security tools listed by SANS that meet one or more of their 20 controls. My second project was the creation of a database that will allow my mentor to keep track of the work done by the contractors that report to him in a more efficient manner by recording events as they occur throughout the quarter. Lastly, I expanded upon a security assessment of the Linux machines being used on center that I began last semester. To do this, I used a vulnerability and configuration tool that scans hosts remotely through the network and presents the user with an abundance of information detailing each machines configuration. The experience I gained from working on each of these projects has been invaluable, and I look forward to returning in the spring semester to continue working with the IT Security team.

5 CFR 1312.31 - Security violations.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 5 Administrative Personnel 3 2013-01-01 2013-01-01 false Security violations. 1312.31 Section 1312..., DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified Information § 1312.31 Security violations. (a) A security violation notice is issued by the United...

6. LAUNCH CONTROL SUPPORT BUILDING. INTERIOR OF SECURITY OFFICE. VIEW ...

Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

6. LAUNCH CONTROL SUPPORT BUILDING. INTERIOR OF SECURITY OFFICE. VIEW TO WEST. - Minuteman III ICBM Launch Control Facility November-1, 1.5 miles North of New Raymer & State Highway 14, New Raymer, Weld County, CO

7. LAUNCH CONTROL SUPPORT BUILDING. INTERIOR OF SECURITY OFFICE. VIEW ...

Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

7. LAUNCH CONTROL SUPPORT BUILDING. INTERIOR OF SECURITY OFFICE. VIEW TO NORTH. - Minuteman III ICBM Launch Control Facility November-1, 1.5 miles North of New Raymer & State Highway 14, New Raymer, Weld County, CO

75 FR 14179 - Agency Information Collection Activities: Form I-9 CNMI; Revision to an Existing Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-24

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services [OMB Control No. 1615... Employment Eligibility Verification; OMB Control No. 1615- 0112. The Department of Homeland Security, U.S..., should be directed to the Department of Homeland Security (DHS), and to the Office of Management and...

48 CFR 1552.235-78 - Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997).

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Data Security for Toxic... Acquisition Regulations System ENVIRONMENTAL PROTECTION AGENCY CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Texts of Provisions and Clauses 1552.235-78 Data Security for Toxic Substances Control Act...

48 CFR 1552.235-78 - Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997).

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Data Security for Toxic... Acquisition Regulations System ENVIRONMENTAL PROTECTION AGENCY CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Texts of Provisions and Clauses 1552.235-78 Data Security for Toxic Substances Control Act...

48 CFR 1552.235-78 - Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997).

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 6 2011-10-01 2011-10-01 false Data Security for Toxic... Acquisition Regulations System ENVIRONMENTAL PROTECTION AGENCY CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Texts of Provisions and Clauses 1552.235-78 Data Security for Toxic Substances Control Act...

48 CFR 1552.235-78 - Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997).

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Data Security for Toxic... Acquisition Regulations System ENVIRONMENTAL PROTECTION AGENCY CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Texts of Provisions and Clauses 1552.235-78 Data Security for Toxic Substances Control Act...

48 CFR 1552.235-78 - Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997).

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 6 2013-10-01 2013-10-01 false Data Security for Toxic... Acquisition Regulations System ENVIRONMENTAL PROTECTION AGENCY CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Texts of Provisions and Clauses 1552.235-78 Data Security for Toxic Substances Control Act...

Controlled quantum secure direct communication by entanglement distillation or generalized measurement

NASA Astrophysics Data System (ADS)

Tan, Xiaoqing; Zhang, Xiaoqian

2016-05-01

We propose two controlled quantum secure communication schemes by entanglement distillation or generalized measurement. The sender Alice, the receiver Bob and the controllers David and Cliff take part in the whole schemes. The supervisors David and Cliff can control the information transmitted from Alice to Bob by adjusting the local measurement angles θ _4 and θ _3. Bob can verify his secret information by classical one-way function after communication. The average amount of information is analyzed and compared for these two methods by MATLAB. The generalized measurement is a better scheme. Our schemes are secure against some well-known attacks because classical encryption and decoy states are used to ensure the security of the classical channel and the quantum channel.

From Fault-Diagnosis and Performance Recovery of a Controlled System to Chaotic Secure Communication

NASA Astrophysics Data System (ADS)

Hsu, Wen-Teng; Tsai, Jason Sheng-Hong; Guo, Fang-Cheng; Guo, Shu-Mei; Shieh, Leang-San

Chaotic systems are often applied to encryption on secure communication, but they may not provide high-degree security. In order to improve the security of communication, chaotic systems may need to add other secure signals, but this may cause the system to diverge. In this paper, we redesign a communication scheme that could create secure communication with additional secure signals, and the proposed scheme could keep system convergence. First, we introduce the universal state-space adaptive observer-based fault diagnosis/estimator and the high-performance tracker for the sampled-data linear time-varying system with unanticipated decay factors in actuators/system states. Besides, robustness, convergence in the mean, and tracking ability are given in this paper. A residual generation scheme and a mechanism for auto-tuning switched gain is also presented, so that the introduced methodology is applicable for the fault detection and diagnosis (FDD) for actuator and state faults to yield a high tracking performance recovery. The evolutionary programming-based adaptive observer is then applied to the problem of secure communication. Whenever the tracker induces a large control input which might not conform to the input constraint of some physical systems, the proposed modified linear quadratic optimal tracker (LQT) can effectively restrict the control input within the specified constraint interval, under the acceptable tracking performance. The effectiveness of the proposed design methodology is illustrated through tracking control simulation examples.

Security and SCADA protocols

DOE Office of Scientific and Technical Information (OSTI.GOV)

Igure, V. M.; Williams, R. D.

2006-07-01

Supervisory control and data acquisition (SCADA) networks have replaced discrete wiring for many industrial processes, and the efficiency of the network alternative suggests a trend toward more SCADA networks in the future. This paper broadly considers SCADA to include distributed control systems (DCS) and digital control systems. These networks offer many advantages, but they also introduce potential vulnerabilities that can be exploited by adversaries. Inter-connectivity exposes SCADA networks to many of the same threats that face the public internet and many of the established defenses therefore show promise if adapted to the SCADA differences. This paper provides an overview ofmore » security issues in SCADA networks and ongoing efforts to improve the security of these networks. Initially, a few samples from the range of threats to SCADA network security are offered. Next, attention is focused on security assessment of SCADA communication protocols. Three challenges must be addressed to strengthen SCADA networks. Access control mechanisms need to be introduced or strengthened, improvements are needed inside of the network to enhance security and network monitoring, and SCADA security management improvements and policies are needed. This paper discusses each of these challenges. This paper uses the Profibus protocol as an example to illustrate some of the vulnerabilities that arise within SCADA networks. The example Profibus security assessment establishes a network model and an attacker model before proceeding to a list of example attacks. (authors)« less

Tailoring NIST Security Controls for the Ground System: Selection and Implementation -- Recommendations for Information System Owners

NASA Technical Reports Server (NTRS)

Takamura, Eduardo; Mangum, Kevin

2016-01-01

The National Aeronautics and Space Administration (NASA) invests millions of dollars in spacecraft and ground system development, and in mission operations in the pursuit of scientific knowledge of the universe. In recent years, NASA sent a probe to Mars to study the Red Planet's upper atmosphere, obtained high resolution images of Pluto, and it is currently preparing to find new exoplanets, rendezvous with an asteroid, and bring a sample of the asteroid back to Earth for analysis. The success of these missions is enabled by mission assurance. In turn, mission assurance is backed by information assurance. The information systems supporting NASA missions must be reliable as well as secure. NASA - like every other U.S. Federal Government agency - is required to manage the security of its information systems according to federal mandates, the most prominent being the Federal Information Security Management Act (FISMA) of 2002 and the legislative updates that followed it. Like the management of enterprise information technology (IT), federal information security management takes a "one-size fits all" approach for protecting IT systems. While this approach works for most organizations, it does not effectively translate into security of highly specialized systems such as those supporting NASA missions. These systems include command and control (C&C) systems, spacecraft and instrument simulators, and other elements comprising the ground segment. They must be carefully configured, monitored and maintained, sometimes for several years past the missions' initially planned life expectancy, to ensure the ground system is protected and remains operational without any compromise of its confidentiality, integrity and availability. Enterprise policies, processes, procedures and products, if not effectively tailored to meet mission requirements, may not offer the needed security for protecting the information system, and they may even become disruptive to mission operations. Certain protective measures for the general enterprise may not be as efficient within the ground segment. This is what the authors have concluded through observations and analysis of patterns identified from the various security assessments performed on NASA missions such as MAVEN, OSIRIS-REx, New Horizons and TESS, to name a few. The security audits confirmed that the framework for managing information system security developed by the National Institute of Standards and Technology (NIST) for the federal government, and adopted by NASA, is indeed effective. However, the selection of the technical, operational and management security controls offered by the NIST model - and how they are implemented - does not always fit the nature and the environment where the ground system operates in even though there is no apparent impact on mission success. The authors observed that unfit controls, that is, controls that are not necessarily applicable or sufficiently effective in protecting the mission systems, are often selected to facilitate compliance with security requirements and organizational expectations even if the selected controls offer minimum or non-existent protection. This paper identifies some of the standard security controls that can in fact protect the ground system, and which of them offer little or no benefit at all. It offers multiple scenarios from real security audits in which the controls are not effective without, of course, disclosing any sensitive information about the missions assessed. In addition to selection and implementation of controls, the paper also discusses potential impact of recent legislation such as the Federal Information Security Modernization Act (FISMA) of 2014 - aimed at the enterprise - on the ground system, and offers other recommendations to Information System Owners (ISOs).

75 FR 73117 - New Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security Review

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-29

... Collection Activity Under OMB Review: Pipeline Corporate Security Review AGENCY: Transportation Security.... Information Collection Requirement Title: Pipeline Corporate Security Review (PCSR). Type of Request: New collection. OMB Control Number: Not yet assigned. Form(s): Pipeline Corporate Security Review (PCSR) Protocol...

NASA guidelines for assuring the adequacy and appropriateness of security safeguards in sensitive applications

NASA Technical Reports Server (NTRS)

Tompkins, F. G.

1984-01-01

The Office of Management and Budget (OMB) Circular A-71, transmittal Memorandum No. 1, requires that each agency establish a management control process to assure that appropriate administrative, physical and technical safeguards are incorporated into all new computer applications. In addition to security specifications, the management control process should assure that the safeguards are adequate for the application. The security activities that should be integral to the system development process are examined. The software quality assurance process to assure that adequate and appropriate controls are incorporated into sensitive applications is also examined. Security for software packages is also discussed.

A Pilot Examination of the Methods Used to Counteract Insider Threat Security Risks Associated with the Use of Radioactive Materials in the Research and Clinical Setting.

PubMed

Tsenov, B G; Emery, R J; Whitehead, L W; Gonzalez, J Reingle; Gemeinhardt, G L

2018-03-01

While many organizations maintain multiple layers of security control methodologies to prevent outsiders from gaining unauthorized access, persons such as employees or contractors who have been granted legitimate access can represent an "insider threat" risk. Interestingly, some of the most notable radiological events involving the purposeful contamination or exposure of individuals appear to have been perpetrated by insiders. In the academic and medical settings, radiation safety professionals focus their security efforts on (1) ensuring controls are in place to prevent unauthorized access or removal of sources, and (2) increasing security controls for the unescorted accessing of large sources of radioactivity (known as "quantities of concern"). But these controls may not completely address the threat insiders represent when radioactive materials below these quantities are present. The goal of this research project was to characterize the methodologies currently employed to counteract the insider security threat for the misuse or purposeful divergence of radioactive materials used in the academic and medical settings. A web-based survey was used to assess how practicing radiation safety professionals in academic and medical settings anticipate, evaluate, and control insider threat security risks within their institutions. While all respondents indicated that radioactive sources are being used in amounts below quantities of concern, only 6 % consider insider threat security issues as part of the protocol review for the use of general radioactive materials. The results of this survey identify several opportunities for improvement for institutions to address security gaps.

Security of medical multimedia.

PubMed

Tzelepi, S; Pangalos, G; Nikolacopoulou, G

2002-09-01

The application of information technology to health care has generated growing concern about the privacy and security of medical information. Furthermore, data and communication security requirements in the field of multimedia are higher. In this paper we describe firstly the most important security requirements that must be fulfilled by multimedia medical data, and the security measures used to satisfy these requirements. These security measures are based mainly on modern cryptographic and watermarking mechanisms as well as on security infrastructures. The objective of our work is to complete this picture, exploiting the capabilities of multimedia medical data to define and implement an authorization model for regulating access to the data. In this paper we describe an extended role-based access control model by considering, within the specification of the role-permission relationship phase, the constraints that must be satisfied in order for the holders of the permission to use those permissions. The use of constraints allows role-based access control to be tailored to specifiy very fine-grained and flexible content-, context- and time-based access control policies. Other restrictions, such as role entry restriction also can be captured. Finally, the description of system architecture for a secure DBMS is presented.

SNAP-Ed (Supplemental Nutrition Assistance Program-Education) Increases Long-Term Food Security among Indiana Households with Children in a Randomized Controlled Study.

PubMed

Rivera, Rebecca L; Maulding, Melissa K; Abbott, Angela R; Craig, Bruce A; Eicher-Miller, Heather A

2016-11-01

Food insecurity is negatively associated with US children's dietary intake and health. The Supplemental Nutrition Assistance Program-Education (SNAP-Ed) aims to alleviate food insecurity by offering nutrition, budgeting, and healthy lifestyle education to low-income individuals and families. The objective of this study was to evaluate the long-term impact of the Indiana SNAP-Ed on food security among households with children. A randomized, controlled, parallel study design with SNAP-Ed as an intervention was carried out during a 4- to 10-wk intervention period. Intervention group participants received the first 4 Indiana SNAP-Ed curriculum lessons. Study participants (n = 575) were adults aged ≥18 y from low-income Indiana households with ≥1 child living in the household. Both treatment groups completed an assessment before and after the intervention period and 1 y after recruitment. The 18-item US Household Food Security Survey Module was used to classify the primary outcomes of food security for the household and adults and children in the household. A linear mixed model was used to compare intervention with control group effects over time on food security. Mean ± SEM changes in household food security score and food security score among household adults from baseline to 1-y follow-up were 1.2 ± 0.4 and 0.9 ± 0.3 units lower, respectively, in the intervention group than in the control group (P < 0.01). The mean change in food security score from baseline to 1-y follow-up among household children was not significantly different in the intervention group compared with the control group. SNAP-Ed improved food security over a longitudinal time frame among low-income Indiana households with children in this study. SNAP-Ed may be a successful intervention to improve food security. © 2016 American Society for Nutrition.

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a... have access to matter revealing Secret or Confidential National Security Information or Restricted Data...

10 CFR 95.49 - Security of automatic data processing (ADP) systems.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 2 2010-01-01 2010-01-01 false Security of automatic data processing (ADP) systems. 95.49 Section 95.49 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.49 Security of...

7 CFR 274.11 - Issuance and inventory record retention, and forms security.

Code of Federal Regulations, 2010 CFR

2010-01-01

... processed within the State agency. The State agency shall use numbers, batching, inventory control logs, or...) Secure storage; (iii) Access limited to authorized personnel; (iv) Bulk inventory control records; (v... validation of inventory controls and records by parties not otherwise involved in maintaining control records...

12 CFR 1204.8 - How are records secured?

Code of Federal Regulations, 2010 CFR

2010-01-01

... § 1204.8 How are records secured? (a) What controls must FHFA have in place? Each FHFA office must establish administrative and physical controls to prevent unauthorized access to its systems of records... stringency of these controls should correspond to the sensitivity of the records that the controls protect...

Digital watermarking for secure and adaptive teleconferencing

NASA Astrophysics Data System (ADS)

Vorbrueggen, Jan C.; Thorwirth, Niels

2002-04-01

The EC-sponsored project ANDROID aims to develop a management system for secure active networks. Active network means allowing the network's customers to execute code (Java-based so-called proxylets) on parts of the network infrastructure. Secure means that the network operator nonetheless retains full control over the network and its resources, and that proxylets use ANDROID-developed facilities to provide secure applications. Management is based on policies and allows autonomous, distributed decisions and actions to be taken. Proxylets interface with the system via policies; among actions they can take is controlling execution of other proxylets or redirection of network traffic. Secure teleconferencing is used as the application to demonstrate the approach's advantages. A way to control a teleconference's data streams is to use digital watermarking of the video, audio and/or shared-whiteboard streams, providing an imperceptible and inseparable side channel that delivers information from originating or intermediate stations to downstream stations. Depending on the information carried by the watermark, these stations can take many different actions. Examples are forwarding decisions based on security classifications (possibly time-varying) at security boundaries, set-up and tear-down of virtual private networks, intelligent and adaptive transcoding, recorder or playback control (e.g., speaking off the record), copyright protection, and sender authentication.

Fatigue Behavior of a Cross-Ply Metal Matrix Composite at Elevated Temperature Under Strain Controlled Mode.

DTIC Science & Technology

1994-12-01

1991. 114 22. Nimmer, R. P. et al. "Fiber Array Geometry Effects Upon Composite Transverse Tensile Behavior," Titanium Aluminide Composites. February... Titanium , Silicon Carbide, Strain Control Mode 17. SECURITY CLASSIFICATION I18. SECURITY CLASSIFICATION 19. SECURITY CLASSIFIKATION 20. LIMITATION OF...ends. Boyum was the first to examine fully reversed (R=-l) fatigue of a titanium composite under the load control mode, at both room and elevated

17 CFR 240.17Ad-13 - Annual study and evaluation of internal accounting control.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Annual study and evaluation of internal accounting control. 240.17Ad-13 Section 240.17Ad-13 Commodity and Securities Exchanges SECURITIES... System, the Office of the Comptroller of the Currency or the Federal Deposit Insurance Corporation...

DOE Office of Scientific and Technical Information (OSTI.GOV)

Witzke, Edward L.

In 2014, the United States Department of Defense started tra nsitioning the way it performs risk management and accreditation of informatio n systems to a process entitled Risk Management Framework for DoD Information Technology or RMF for DoD IT. There are many more security and privacy contro ls (and control enhancements) from which to select in RMF, than there w ere in the previous Information Assurance process. This report is an attempt t o clarify the way security controls and enhancements are selected. After a brief overview and comparison of RMF for DoD I T with the previously used process,more » this report looks at the determination of systems as National Security Systems (NSS). Once deemed to be an NSS, this report addr esses the categorization of the information system with respect to impact level s of the various security objectives and the selection of an initial baseline o f controls. Next, the report describes tailoring the controls through the use of overl ays and scoping considerations. Finally, the report discusses organizatio n-defined values for tuning the security controls to the needs of the information system.« less

IT Security Support for the Spaceport Command Control System Development

NASA Technical Reports Server (NTRS)

Varise, Brian

2014-01-01

My job title is IT Security support for the Spaceport Command & Control System Development. As a cyber-security analyst it is my job to ensure NASA's information stays safe from cyber threats, such as, viruses, malware and denial-of-service attacks by establishing and enforcing system access controls. Security is very important in the world of technology and it is used everywhere from personal computers to giant networks ran by Government agencies worldwide. Without constant monitoring analysis, businesses, public organizations and government agencies are vulnerable to potential harmful infiltration of their computer information system. It is my responsibility to ensure authorized access by examining improper access, reporting violations, revoke access, monitor information request by new programming and recommend improvements. My department oversees the Launch Control System and networks. An audit will be conducted for the LCS based on compliance with the Federal Information Security Management Act (FISMA) and The National Institute of Standards and Technology (NIST). I recently finished analyzing the SANS top 20 critical controls to give cost effective recommendations on various software and hardware products for compliance. Upon my completion of this internship, I will have successfully completed my duties as well as gain knowledge that will be helpful to my career in the future as a Cyber Security Analyst.

An E-Hospital Security Architecture

NASA Astrophysics Data System (ADS)

Tian, Fang; Adams, Carlisle

In this paper, we introduce how to use cryptography in network security and access control of an e-hospital. We first define the security goal of the e-hospital system, and then we analyze the current application system. Our idea is proposed on the system analysis and the related regulations of patients' privacy protection. The security of the whole application system is strengthened through layered security protection. Three security domains in the e-hospital system are defined according to their sensitivity level, and for each domain, we propose different security protections. We use identity based cryptography to establish secure communication channel in the backbone network and policy based cryptography to establish secure communication channel between end users and the backbone network. We also use policy based cryptography in the access control of the application system. We use a symmetric key cryptography to protect the real data in the database. The identity based and policy based cryptography are all based on elliptic curve cryptography—a public key cryptography.

33 CFR 106.205 - Company Security Officer (CSO).

Code of Federal Regulations, 2013 CFR

2013-07-01

...) Methods of conducting audits, inspection, control, and monitoring; and (7) Techniques for security... security related communications; (7) Knowledge of current security threats and patterns; (8) Recognition and detection of dangerous substances and devices; (9) Recognition of characteristics and behavioral...

33 CFR 106.205 - Company Security Officer (CSO).

Code of Federal Regulations, 2014 CFR

2014-07-01

...) Methods of conducting audits, inspection, control, and monitoring; and (7) Techniques for security... security related communications; (7) Knowledge of current security threats and patterns; (8) Recognition and detection of dangerous substances and devices; (9) Recognition of characteristics and behavioral...

33 CFR 106.205 - Company Security Officer (CSO).

Code of Federal Regulations, 2012 CFR

2012-07-01

...) Methods of conducting audits, inspection, control, and monitoring; and (7) Techniques for security... security related communications; (7) Knowledge of current security threats and patterns; (8) Recognition and detection of dangerous substances and devices; (9) Recognition of characteristics and behavioral...

5 CFR 1312.22 - Responsibilities.

Code of Federal Regulations, 2012 CFR

2012-01-01

... computer systems meeting the appropriate security criteria. (a) EOP Security Officer. In cooperation with..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified... duty by employees will do much to ensure the adequate security of classified information in the...

5 CFR 1312.22 - Responsibilities.

Code of Federal Regulations, 2013 CFR

2013-01-01

... computer systems meeting the appropriate security criteria. (a) EOP Security Officer. In cooperation with..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified... duty by employees will do much to ensure the adequate security of classified information in the...

5 CFR 1312.22 - Responsibilities.

Code of Federal Regulations, 2011 CFR

2011-01-01

... computer systems meeting the appropriate security criteria. (a) EOP Security Officer. In cooperation with..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified... duty by employees will do much to ensure the adequate security of classified information in the...

5 CFR 1312.22 - Responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... computer systems meeting the appropriate security criteria. (a) EOP Security Officer. In cooperation with..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified... duty by employees will do much to ensure the adequate security of classified information in the...

5 CFR 1312.22 - Responsibilities.

Code of Federal Regulations, 2014 CFR

2014-01-01

... computer systems meeting the appropriate security criteria. (a) EOP Security Officer. In cooperation with..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified... duty by employees will do much to ensure the adequate security of classified information in the...

Credit BG. Northeast and northwest facades of Building 4496 (Security ...

Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

Credit BG. Northeast and northwest facades of Building 4496 (Security Facility) as seen when looking south (178°) from entrance to secured area. The Control Tower (Building 4500) appears in background. The Security Facility is part of the secured Building 4505 complex - Edwards Air Force Base, North Base, Security Facility, Northeast of A Street, Boron, Kern County, CA

Increasing security in inter-chip communication

DOE Office of Scientific and Technical Information (OSTI.GOV)

Edwards, Nathan J.; Hamlet, Jason; Bauer, Todd

An apparatus for increasing security in inter-chip communication includes a sending control module, a communication bus, and a receiving control module. The communication bus is coupled between the sending control module and the receiving control module. The sending control module operates to send data on the communication bus, disable the communication bus when threats are detected, or both.

Increasing security in inter-chip communication

DOEpatents

Edwards, Nathan J; Hamlet, Jason; Bauer, Todd; Helinski, Ryan

2014-10-28

An apparatus for increasing security in inter-chip communication includes a sending control module, a communication bus, and a receiving control module. The communication bus is coupled between the sending control module and the receiving control module. The sending control module operates to send data on the communication bus, disable the communication bus when threats are detected, or both.

INcreasing Security and Protection through Infrastructure REsilience: The INSPIRE Project

NASA Astrophysics Data System (ADS)

D'Antonio, Salvatore; Romano, Luigi; Khelil, Abdelmajid; Suri, Neeraj

The INSPIRE project aims at enhancing the European potential in the field of security by ensuring the protection of critical information infrastructures through (a) the identification of their vulnerabilities and (b) the development of innovative techniques for securing networked process control systems. To increase the resilience of such systems INSPIRE will develop traffic engineering algorithms, diagnostic processes and self-reconfigurable architectures along with recovery techniques. Hence, the core idea of the INSPIRE project is to protect critical information infrastructures by appropriately configuring, managing, and securing the communication network which interconnects the distributed control systems. A working prototype will be implemented as a final demonstrator of selected scenarios. Controls/Communication Experts will support project partners in the validation and demonstration activities. INSPIRE will also contribute to standardization process in order to foster multi-operator interoperability and coordinated strategies for securing lifeline systems.

5 CFR 1312.31 - Security violations.

Code of Federal Regulations, 2010 CFR

2010-01-01

... States Secret Service when an office/division fails to properly secure classified information. Upon... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Security violations. 1312.31 Section 1312..., DOWNGRADING, DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of...

49 CFR 1580.107 - Chain of custody and control requirements.

Code of Federal Regulations, 2010 CFR

2010-10-01

... businesses, housing, schools, and hospitals. (4) Any information regarding threats to the facility. (5) Other...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY MARITIME AND LAND TRANSPORTATION SECURITY RAIL TRANSPORTATION SECURITY Freight Rail Including Freight Railroad Carriers, Rail Hazardous Materials...

FAA computer security : concerns remain due to personnel and other continuing weaknesses

DOT National Transportation Integrated Search

2000-08-01

FAA has a history of computer security weaknesses in a number of areas, including its physical security management at facilities that house air traffic control (ATC) systems, systems security for both operational and future systems, management struct...

Secure, Autonomous, Intelligent Controller for Integrating Distributed Sensor Webs

NASA Technical Reports Server (NTRS)

Ivancic, William D.

2007-01-01

This paper describes the infrastructure and protocols necessary to enable near-real-time commanding, access to space-based assets, and the secure interoperation between sensor webs owned and controlled by various entities. Select terrestrial and aeronautics-base sensor webs will be used to demonstrate time-critical interoperability between integrated, intelligent sensor webs both terrestrial and between terrestrial and space-based assets. For this work, a Secure, Autonomous, Intelligent Controller and knowledge generation unit is implemented using Virtual Mission Operation Center technology.

76 FR 35275 - Export Control Reform Initiative: Strategic Trade Authorization License Exception

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-16

.... The Export Control Reform Initiative is designed to enhance U.S. national security and strengthen the... Security 15 CFR Parts 732, 738, 740, et al. Export Control Reform Initiative: Strategic Trade Authorization... Parts 732, 738, 740, 743, and 774 [Docket No. 100923470-1230-03] RIN 0694-AF03 Export Control Reform...

27 CFR 73.12 - What security controls must I use for identification codes and passwords?

Code of Federal Regulations, 2010 CFR

2010-04-01

... 27 Alcohol, Tobacco Products and Firearms 2 2010-04-01 2010-04-01 false What security controls... controls must I use for identification codes and passwords? If you use electronic signatures based upon use of identification codes in combination with passwords, you must employ controls to ensure their...

Mechanical code comparator

DOEpatents

Peter, Frank J.; Dalton, Larry J.; Plummer, David W.

2002-01-01

A new class of mechanical code comparators is described which have broad potential for application in safety, surety, and security applications. These devices can be implemented as micro-scale electromechanical systems that isolate a secure or otherwise controlled device until an access code is entered. This access code is converted into a series of mechanical inputs to the mechanical code comparator, which compares the access code to a pre-input combination, entered previously into the mechanical code comparator by an operator at the system security control point. These devices provide extremely high levels of robust security. Being totally mechanical in operation, an access control system properly based on such devices cannot be circumvented by software attack alone.

76 FR 68242 - Self-Regulatory Organizations; Chicago Mercantile Exchange, Inc.; Order Approving Proposed Rule...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-03

... securities and funds which are in the custody or control of such clearing agency or for which it is... assure the safeguarding of securities and funds which are in its custody or control or for which it is... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-65655; File No. SR-CME-2011-07] Self-Regulatory...

Information Assurance and Cyber Defence (Assurance de l’information et cyberdefense)

DTIC Science & Technology

2010-11-01

project is that knowledge exchange in a timely fashion is highly significant. Authentication and Authorisation of Users and Services in Federated...Detection, Protection and Countermeasures; • Security Models and Architectures; • Security Policies, Evaluation, Authorisation and Access Control; and...Evaluation, Authorisation and Access Control • Network and Information Security Awareness The topics for the symposium had been established

Toward Privacy-preserving Content Access Control for Information Centric Networking

DTIC Science & Technology

2014-03-01

REPORT Toward Privacy-preserving Content Access Control for Information Centric Networking 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: Information...regardless the security mechanisms provided by different content hosting servers. However, using ABE has a drawback that the enforced content access...Encryption (ABE) is a flexible approach to enforce the content access policies regardless the security mechanisms provided by different content hosting

DOE`s nation-wide system for access control can solve problems for the federal government

DOE Office of Scientific and Technical Information (OSTI.GOV)

Callahan, S.; Tomes, D.; Davis, G.

1996-07-01

The U.S. Department of Energy`s (DOE`s) ongoing efforts to improve its physical and personnel security systems while reducing its costs, provide a model for federal government visitor processing. Through the careful use of standardized badges, computer databases, and networks of automated access control systems, the DOE is increasing the security associated with travel throughout the DOE complex, and at the same time, eliminating paperwork, special badging, and visitor delays. The DOE is also improving badge accountability, personnel identification assurance, and access authorization timeliness and accuracy. Like the federal government, the DOE has dozens of geographically dispersed locations run by manymore » different contractors operating a wide range of security systems. The DOE has overcome these obstacles by providing data format standards, a complex-wide virtual network for security, the adoption of a standard high security system, and an open-systems-compatible link for any automated access control system. If the location`s level of security requires it, positive visitor identification is accomplished by personal identification number (PIN) and/or by biometrics. At sites with automated access control systems, this positive identification is integrated into the portals.« less

Lemnos interoperable security project.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Halbgewachs, Ronald D.

2010-03-01

With the Lemnos framework, interoperability of control security equipment is straightforward. To obtain interoperability between proprietary security appliance units, one or both vendors must now write cumbersome 'translation code.' If one party changes something, the translation code 'breaks.' The Lemnos project is developing and testing a framework that uses widely available security functions and protocols like IPsec - to form a secure communications channel - and Syslog, to exchange security log messages. Using this model, security appliances from two or more different vendors can clearly and securely exchange information, helping to better protect the total system. Simplify regulatory compliance inmore » a complicated security environment by leveraging the Lemnos framework. As an electric utility, are you struggling to implement the NERC CIP standards and other regulations? Are you weighing the misery of multiple management interfaces against committing to a ubiquitous single-vendor solution? When vendors build their security appliances to interoperate using the Lemnos framework, it becomes practical to match best-of-breed offerings from an assortment of vendors to your specific control systems needs. The Lemnos project is developing and testing a framework that uses widely available open-source security functions and protocols like IPsec and Syslog to create a secure communications channel between appliances in order to exchange security data.« less

Inhibitory Control Mediates the Association between Perceived Stress and Secure Relationship Quality.

PubMed

Herd, Toria; Li, Mengjiao; Maciejewski, Dominique; Lee, Jacob; Deater-Deckard, Kirby; King-Casas, Brooks; Kim-Spoon, Jungmeen

2018-01-01

Past research has demonstrated negative associations between exposure to stressors and quality of interpersonal relationships among children and adolescents. Nevertheless, underlying mechanisms of this association remain unclear. Chronic stress has been shown to disrupt prefrontal functioning in the brain, including inhibitory control abilities, and evidence is accumulating that inhibitory control may play an important role in secure interpersonal relationship quality, including peer problems and social competence. In this prospective longitudinal study, we examine whether changes in inhibitory control, measured at both behavioral and neural levels, mediate the association between stress and changes in secure relationship quality with parents and peers. The sample included 167 adolescents (53% males) who were first recruited at age 13 or 14 years and assessed annually three times. Adolescents' inhibitory control was measured by their behavioral performance and brain activities, and adolescents self-reported perceived stress levels and relationship quality with mothers, fathers, and peers. Results suggest that behavioral inhibitory control mediates the association between perceived stress and adolescent's secure relationship quality with their mothers and fathers, but not their peers. In contrast, given that stress was not significantly correlated with neural inhibitory control, we did not further test the mediation path. Our results highlight the role of inhibitory control as a process through which stressful life experiences are related to impaired secure relationship quality between adolescents and their mothers and fathers.

Inhibitory Control Mediates the Association between Perceived Stress and Secure Relationship Quality

PubMed Central

Herd, Toria; Li, Mengjiao; Maciejewski, Dominique; Lee, Jacob; Deater-Deckard, Kirby; King-Casas, Brooks; Kim-Spoon, Jungmeen

2018-01-01

Past research has demonstrated negative associations between exposure to stressors and quality of interpersonal relationships among children and adolescents. Nevertheless, underlying mechanisms of this association remain unclear. Chronic stress has been shown to disrupt prefrontal functioning in the brain, including inhibitory control abilities, and evidence is accumulating that inhibitory control may play an important role in secure interpersonal relationship quality, including peer problems and social competence. In this prospective longitudinal study, we examine whether changes in inhibitory control, measured at both behavioral and neural levels, mediate the association between stress and changes in secure relationship quality with parents and peers. The sample included 167 adolescents (53% males) who were first recruited at age 13 or 14 years and assessed annually three times. Adolescents’ inhibitory control was measured by their behavioral performance and brain activities, and adolescents self-reported perceived stress levels and relationship quality with mothers, fathers, and peers. Results suggest that behavioral inhibitory control mediates the association between perceived stress and adolescent’s secure relationship quality with their mothers and fathers, but not their peers. In contrast, given that stress was not significantly correlated with neural inhibitory control, we did not further test the mediation path. Our results highlight the role of inhibitory control as a process through which stressful life experiences are related to impaired secure relationship quality between adolescents and their mothers and fathers. PMID:29535664

15 CFR 750.3 - Review of license applications by BIS and other government agencies and departments.

Code of Federal Regulations, 2013 CFR

2013-01-01

... items controlled for national security, missile technology, nuclear nonproliferation, and chemical and... primarily with items controlled for national security, nuclear nonproliferation, missile technology...

15 CFR 750.3 - Review of license applications by BIS and other government agencies and departments.

Code of Federal Regulations, 2012 CFR

2012-01-01

... items controlled for national security, missile technology, nuclear nonproliferation, and chemical and... primarily with items controlled for national security, nuclear nonproliferation, missile technology...

15 CFR 750.3 - Review of license applications by BIS and other government agencies and departments.

Code of Federal Regulations, 2014 CFR

2014-01-01

... items controlled for national security, missile technology, nuclear nonproliferation, and chemical and... primarily with items controlled for national security, nuclear nonproliferation, missile technology...

33 CFR 101.400 - Enforcement.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 33 Navigation and Navigable Waters 1 2011-07-01 2011-07-01 false Enforcement. 101.400 Section 101.400 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: GENERAL Control Measures for Security § 101.400 Enforcement. (a) The rules and...

78 FR 51266 - International Security Advisory Board (ISAB) Meeting Notice

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-20

... DEPARTMENT OF STATE [Public Notice 8419] International Security Advisory Board (ISAB) Meeting.... App Sec. 10(a)(2), the Department of State announces a meeting of the International Security Advisory... all aspects of arms control, disarmament, political-military affairs, international security and...

5. SOUTH ELEVATION OF BUILDING 8965 (SECURITY POLICE ENTRY CONTROL ...

Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

5. SOUTH ELEVATION OF BUILDING 8965 (SECURITY POLICE ENTRY CONTROL BUILDING). - Loring Air Force Base, Alert Area, Southeastern portion of base, east of southern end of runway, Limestone, Aroostook County, ME

6. SOUTHWEST CORNER OF BUILDING 8965 (SECURITY POLICE ENTRY CONTROL ...

Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

6. SOUTHWEST CORNER OF BUILDING 8965 (SECURITY POLICE ENTRY CONTROL BUILDING). - Loring Air Force Base, Alert Area, Southeastern portion of base, east of southern end of runway, Limestone, Aroostook County, ME

7. SOUTHEAST CORNER OF BUILDING 8965 (SECURITY POLICE ENTRY CONTROL ...

Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

7. SOUTHEAST CORNER OF BUILDING 8965 (SECURITY POLICE ENTRY CONTROL BUILDING). - Loring Air Force Base, Alert Area, Southeastern portion of base, east of southern end of runway, Limestone, Aroostook County, ME

Food security is related to adult type 2 diabetes control over time in a United States safety net primary care clinic population.

PubMed

Shalowitz, M U; Eng, J S; McKinney, C O; Krohn, J; Lapin, B; Wang, C-H; Nodine, E

2017-05-15

Successful Type 2 diabetes management requires adopting a high nutrient-density diet made up of food items that both meet dietary needs and preferences and can be feasibly obtained on a regular basis. However, access to affordable, nutrient-dense foods often is lacking in poorer neighbourhoods. Therefore, low food security should directly impair glucose control, even when patients have full access to and utilize comprehensive medical management. The present study sought to determine whether food security is related longitudinally to glucose control, over-and-above ongoing medication management, among Type 2 diabetes patients receiving comprehensive care at a Midwestern multi-site federally qualified health centre (FQHC). In this longitudinal observational study, we completed a baseline assessment of patients' food security (using the US Household Food Security Module), demographics (via Census items), and diabetes history/management (using a structured clinical encounter form) when patients began receiving diabetes care at the health centre. We then recorded those patients' A1C levels several times during a 24-month follow-up period. Three hundred and ninety-nine patients (56% with low food security) had a baseline A1c measurement; a subsample of 336 (median age=52 years; 56% female; 60% Hispanic, 27% African American, and 9% White) also had at least one follow-up A1c measurement. Patients with lower (vs higher) food security were more likely to be on insulin and have higher A1c levels at baseline. Moreover, the disparity in glucose control by food security status persisted throughout the next 2 years. Although results were based on one multi-site FQHC, potentially limiting their generalizability, they seem to suggest that among Type 2 diabetes patients, low food security directly impairs glucose control-even when patients receive full access to comprehensive medical management-thereby increasing their long-term risks of high morbidity, early mortality, and high health-care utilization and cost.

Recommended Practice for Securing Control System Modems

DOE Office of Scientific and Technical Information (OSTI.GOV)

James R. Davidson; Jason L. Wright

2008-01-01

This paper addresses an often overlooked “backdoor” into critical infrastructure control systems created by modem connections. A modem’s connection to the public telephone system is similar to a corporate network connection to the Internet. By tracing typical attack paths into the system, this paper provides the reader with an analysis of the problem and then guides the reader through methods to evaluate existing modem security. Following the analysis, a series of methods for securing modems is provided. These methods are correlated to well-known networking security methods.

Model-Driven Configuration of SELinux Policies

NASA Astrophysics Data System (ADS)

Agreiter, Berthold; Breu, Ruth

The need for access control in computer systems is inherent. However, the complexity to configure such systems is constantly increasing which affects the overall security of a system negatively. We think that it is important to define security requirements on a non-technical level while taking the application domain into respect in order to have a clear and separated view on security configuration (i.e. unblurred by technical details). On the other hand, security functionality has to be tightly integrated with the system and its development process in order to provide comprehensive means of enforcement. In this paper, we propose a systematic approach based on model-driven security configuration to leverage existing operating system security mechanisms (SELinux) for realising access control. We use UML models and develop a UML profile to satisfy these needs. Our goal is to exploit a comprehensive protection mechanism while rendering its security policy manageable by a domain specialist.

33 CFR 104.215 - Vessel Security Officer (VSO).

Code of Federal Regulations, 2011 CFR

2011-07-01

... procedures, including scenario-based response training; (4) Crowd management and control techniques; (5) Operations of security equipment and systems; and (6) Testing and calibration of security equipment and...

17 CFR 229.308 - (Item 308) Internal control over financial reporting.

Code of Federal Regulations, 2010 CFR

2010-04-01

... over financial reporting. 229.308 Section 229.308 Commodity and Securities Exchanges SECURITIES AND... § 229.308 (Item 308) Internal control over financial reporting. (a) Management's annual report on internal control over financial reporting. Provide a report of management on the registrant's internal...

17 CFR 38.255 - Risk controls for trading.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Risk controls for trading. 38.255 Section 38.255 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION DESIGNATED CONTRACT MARKETS Prevention of Market Disruption § 38.255 Risk controls for trading. The designated...

17 CFR 38.255 - Risk controls for trading.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 1 2014-04-01 2014-04-01 false Risk controls for trading. 38.255 Section 38.255 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION DESIGNATED CONTRACT MARKETS Prevention of Market Disruption § 38.255 Risk controls for trading. The designated...

Structuring Homeland Security

DTIC Science & Technology

2002-04-09

20 AIRPORT SECURITY .............................................................................................. 20...using an existing command and control structure. Since September 11, 2001 airport security has been of heightened importance to the American public...In order to use Reserves to provide airport security the airports themselves should be made federal property. This would allow greater flexibility for

75 FR 29567 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security Customer...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-26

... Information Collection Activity Under OMB Review: Aviation Security Customer Satisfaction Performance... surveying travelers to measure customer satisfaction of aviation security in an effort to more efficiently.... Information Collection Requirement OMB Control Number 1652-0013; Aviation Security Customer Satisfaction...

A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms

NASA Astrophysics Data System (ADS)

Hassan, Ahmed A.; Bahgat, Waleed M.

2010-01-01

Security policies have different components; firewall, active directory, and IDS are some examples of these components. Enforcement of network security policies to low level security mechanisms faces some essential difficulties. Consistency, verification, and maintenance are the major ones of these difficulties. One approach to overcome these difficulties is to automate the process of translation of high level security policy into low level security mechanisms. This paper introduces a framework of an automation process that translates a high level security policy into low level security mechanisms. The framework is described in terms of three phases; in the first phase all network assets are categorized according to their roles in the network security and relations between them are identified to constitute the network security model. This proposed model is based on organization based access control (OrBAC). However, the proposed model extend the OrBAC model to include not only access control policy but also some other administrative security policies like auditing policy. Besides, the proposed model enables matching of each rule of the high level security policy with the corresponding ones of the low level security policy. Through the second phase of the proposed framework, the high level security policy is mapped into the network security model. The second phase could be considered as a translation of the high level security policy into an intermediate model level. Finally, the intermediate model level is translated automatically into low level security mechanism. The paper illustrates the applicability of proposed approach through an application example.

Orchestrating BMD Control in Extended BPEL

DTIC Science & Technology

2008-05-21

Orchestration of secure WebMail , Technical Report ISE-TR-06-08, George Mason University, Fairfax, VA, August 2006. [9] E. Christensen, F. Curbera...methods to access and dissemination control, securing circuit switched (SS7) and IP based telecommunication (VoIP) systems, multimedia, security ...decorating the Business Process Execution Language (BPEL) with Quality of Service (QoS), Measures of Performance (MoP), Measures of Effectiveness (MoE

Beyond a series of security nets: Applying STAMP & STPA to port security

DOE PAGES

Williams, Adam D.

2015-11-17

Port security is an increasing concern considering the significant role of ports in global commerce and today’s increasingly complex threat environment. Current approaches to port security mirror traditional models of accident causality -- ‘a series of security nets’ based on component reliability and probabilistic assumptions. Traditional port security frameworks result in isolated and inconsistent improvement strategies. Recent work in engineered safety combines the ideas of hierarchy, emergence, control and communication into a new paradigm for understanding port security as an emergent complex system property. The ‘System-Theoretic Accident Model and Process (STAMP)’ is a new model of causality based on systemsmore » and control theory. The associated analysis process -- System Theoretic Process Analysis (STPA) -- identifies specific technical or procedural security requirements designed to work in coordination with (and be traceable to) overall port objectives. This process yields port security design specifications that can mitigate (if not eliminate) port security vulnerabilities related to an emphasis on component reliability, lack of coordination between port security stakeholders or economic pressures endemic in the maritime industry. As a result, this article aims to demonstrate how STAMP’s broader view of causality and complexity can better address the dynamic and interactive behaviors of social, organizational and technical components of port security.« less

Beyond a series of security nets: Applying STAMP & STPA to port security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Williams, Adam D.

Port security is an increasing concern considering the significant role of ports in global commerce and today’s increasingly complex threat environment. Current approaches to port security mirror traditional models of accident causality -- ‘a series of security nets’ based on component reliability and probabilistic assumptions. Traditional port security frameworks result in isolated and inconsistent improvement strategies. Recent work in engineered safety combines the ideas of hierarchy, emergence, control and communication into a new paradigm for understanding port security as an emergent complex system property. The ‘System-Theoretic Accident Model and Process (STAMP)’ is a new model of causality based on systemsmore » and control theory. The associated analysis process -- System Theoretic Process Analysis (STPA) -- identifies specific technical or procedural security requirements designed to work in coordination with (and be traceable to) overall port objectives. This process yields port security design specifications that can mitigate (if not eliminate) port security vulnerabilities related to an emphasis on component reliability, lack of coordination between port security stakeholders or economic pressures endemic in the maritime industry. As a result, this article aims to demonstrate how STAMP’s broader view of causality and complexity can better address the dynamic and interactive behaviors of social, organizational and technical components of port security.« less

Cox report and the US-China arms control technical exchange program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Di Capua, M S

The ACE program furthered the national security interests of the US by promoting technical approaches to the implementation and verification of arms control treaties that the international community embraces. The Cox Committee report suggests that uncontrolled interactions were taking place between US and Chinese nuclear weapons scientists in the course of the ACE program. On the contrary, elaborate controls were in place at the very beginning and remained in place to control the interactions and protect US national security information. The ACE program payoff to national security was just beginning and its suspension, resulting from the Cox reports allegations, ismore » a setback to US-China progress on arms control.« less

21 CFR 1301.73 - Physical security controls for non-practitioners; compounders for narcotic treatment programs...

Code of Federal Regulations, 2011 CFR

2011-04-01

... 21 Food and Drugs 9 2011-04-01 2011-04-01 false Physical security controls for non-practitioners... and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS... such as walls or partitions, by traffic control lines or restricted space designation. The employee...

17 CFR 37.405 - Risk controls for trading.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 1 2014-04-01 2014-04-01 false Risk controls for trading. 37.405 Section 37.405 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION SWAP EXECUTION FACILITIES Monitoring of Trading and Trade Processing § 37.405 Risk controls for trading. The swap...

Cheating in OSCEs: The Impact of Simulated Security Breaches on OSCE Performance.

PubMed

Gotzmann, Andrea; De Champlain, André; Homayra, Fahmida; Fotheringham, Alexa; de Vries, Ingrid; Forgie, Melissa; Pugh, Debra

2017-01-01

Construct: Valid score interpretation is important for constructs in performance assessments such as objective structured clinical examinations (OSCEs). An OSCE is a type of performance assessment in which a series of standardized patients interact with the student or candidate who is scored by either the standardized patient or a physician examiner. In high-stakes examinations, test security is an important issue. Students accessing unauthorized test materials can create an unfair advantage and lead to examination scores that do not reflect students' true ability level. The purpose of this study was to assess the impact of various simulated security breaches on OSCE scores. Seventy-six 3rd-year medical students participated in an 8-station OSCE and were randomized to either a control group or to 1 of 2 experimental conditions simulating test security breaches: station topic (i.e., providing a list of station topics prior to the examination) or egregious security breach (i.e., providing detailed content information prior to the examination). Overall total scores were compared for the 3 groups using both a one-way between-subjects analysis of variance and a repeated measure analysis of variance to compare the checklist, rating scales, and oral question subscores across the three conditions. Overall total scores were highest for the egregious security breach condition (81.8%), followed by the station topic condition (73.6%), and they were lowest for the control group (67.4%). This trend was also found with checklist subscores only (79.1%, 64.9%, and 60.3%, respectively for the security breach, station topic, and control conditions). Rating scale subscores were higher for both the station topic and egregious security breach conditions compared to the control group (82.6%, 83.1%, and 77.6%, respectively). Oral question subscores were significantly higher for the egregious security breach condition (88.8%) followed by the station topic condition (64.3%), and they were the lowest for the control group (48.6%). This simulation of different OSCE security breaches demonstrated that student performance is greatly advantaged by having prior access to test materials. This has important implications for medical educators as they develop policies and procedures regarding the safeguarding and reuse of test content.

ICS security in maritime transportation : a white paper examining the security and resiliency of critical transportation infrastructure

DOT National Transportation Integrated Search

2013-07-29

The John A. Volpe National Transportation Systems Center was asked by the Office of Security of the Maritime Administration to examine the issue of industrial control systems (ICS) security in the Maritime Transportation System (MTS), and to develop ...

19 CFR 19.47 - Security.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 19 Customs Duties 1 2014-04-01 2014-04-01 false Security. 19.47 Section 19.47 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY CUSTOMS WAREHOUSES, CONTAINER STATIONS AND CONTROL OF MERCHANDISE THEREIN Container Stations § 19.47 Security. The...

19 CFR 19.47 - Security.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 19 Customs Duties 1 2012-04-01 2012-04-01 false Security. 19.47 Section 19.47 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY CUSTOMS WAREHOUSES, CONTAINER STATIONS AND CONTROL OF MERCHANDISE THEREIN Container Stations § 19.47 Security. The...

19 CFR 19.47 - Security.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 19 Customs Duties 1 2010-04-01 2010-04-01 false Security. 19.47 Section 19.47 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY CUSTOMS WAREHOUSES, CONTAINER STATIONS AND CONTROL OF MERCHANDISE THEREIN Container Stations § 19.47 Security. The...

19 CFR 19.47 - Security.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 19 Customs Duties 1 2013-04-01 2013-04-01 false Security. 19.47 Section 19.47 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY CUSTOMS WAREHOUSES, CONTAINER STATIONS AND CONTROL OF MERCHANDISE THEREIN Container Stations § 19.47 Security. The...

19 CFR 19.47 - Security.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 19 Customs Duties 1 2011-04-01 2011-04-01 false Security. 19.47 Section 19.47 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY CUSTOMS WAREHOUSES, CONTAINER STATIONS AND CONTROL OF MERCHANDISE THEREIN Container Stations § 19.47 Security. The...

10 CFR 20.1801 - Security of stored material.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 1 2014-01-01 2014-01-01 false Security of stored material. 20.1801 Section 20.1801 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Storage and Control of Licensed Material § 20.1801 Security of stored material. The licensee shall secure from unauthorized...

10 CFR 20.1801 - Security of stored material.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 1 2010-01-01 2010-01-01 false Security of stored material. 20.1801 Section 20.1801 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Storage and Control of Licensed Material § 20.1801 Security of stored material. The licensee shall secure from unauthorized...

10 CFR 20.1801 - Security of stored material.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 1 2011-01-01 2011-01-01 false Security of stored material. 20.1801 Section 20.1801 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Storage and Control of Licensed Material § 20.1801 Security of stored material. The licensee shall secure from unauthorized...

10 CFR 20.1801 - Security of stored material.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 1 2012-01-01 2012-01-01 false Security of stored material. 20.1801 Section 20.1801 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Storage and Control of Licensed Material § 20.1801 Security of stored material. The licensee shall secure from unauthorized...

10 CFR 20.1801 - Security of stored material.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 1 2013-01-01 2013-01-01 false Security of stored material. 20.1801 Section 20.1801 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Storage and Control of Licensed Material § 20.1801 Security of stored material. The licensee shall secure from unauthorized...

GEMSS: privacy and security for a medical Grid.

PubMed

Middleton, S E; Herveg, J A M; Crazzolara, F; Marvin, D; Poullet, Y

2005-01-01

The GEMSS project is developing a secure Grid infrastructure through which six medical simulations services can be invoked. We examine the legal and security framework within which GEMSS operates. We provide a legal qualification to the operations performed upon patient data, in view of EU directive 95/46, when using medical applications on the GEMSS Grid. We identify appropriate measures to ensure security and describe the legal rationale behind our choice of security technology. Our legal analysis demonstrates there must be an identified controller (typically a hospital) of patient data. The controller must then choose a processor (in this context a Grid service provider) that provides sufficient guarantees with respect to the security of their technical and organizational data processing procedures. These guarantees must ensure a level of security appropriate to the risks, with due regard to the state of the art and the cost of their implementation. Our security solutions are based on a public key infrastructure (PKI), transport level security and end-to-end security mechanisms in line with the web service (WS Security, WS Trust and SecureConversation) security specifications. The GEMSS infrastructure ensures a degree of protection of patient data that is appropriate for the health care sector, and is in line with the European directives. We hope that GEMSS will become synonymous with high security data processing, providing a framework by which GEMSS service providers can provide the security guarantees required by hospitals with regard to the processing of patient data.

Computation and Communication Evaluation of an Authentication Mechanism for Time-Triggered Networked Control Systems

PubMed Central

Martins, Goncalo; Moondra, Arul; Dubey, Abhishek; Bhattacharjee, Anirban; Koutsoukos, Xenofon D.

2016-01-01

In modern networked control applications, confidentiality and integrity are important features to address in order to prevent against attacks. Moreover, network control systems are a fundamental part of the communication components of current cyber-physical systems (e.g., automotive communications). Many networked control systems employ Time-Triggered (TT) architectures that provide mechanisms enabling the exchange of precise and synchronous messages. TT systems have computation and communication constraints, and with the aim to enable secure communications in the network, it is important to evaluate the computational and communication overhead of implementing secure communication mechanisms. This paper presents a comprehensive analysis and evaluation of the effects of adding a Hash-based Message Authentication (HMAC) to TT networked control systems. The contributions of the paper include (1) the analysis and experimental validation of the communication overhead, as well as a scalability analysis that utilizes the experimental result for both wired and wireless platforms and (2) an experimental evaluation of the computational overhead of HMAC based on a kernel-level Linux implementation. An automotive application is used as an example, and the results show that it is feasible to implement a secure communication mechanism without interfering with the existing automotive controller execution times. The methods and results of the paper can be used for evaluating the performance impact of security mechanisms and, thus, for the design of secure wired and wireless TT networked control systems. PMID:27463718

Computation and Communication Evaluation of an Authentication Mechanism for Time-Triggered Networked Control Systems.

PubMed

Martins, Goncalo; Moondra, Arul; Dubey, Abhishek; Bhattacharjee, Anirban; Koutsoukos, Xenofon D

2016-07-25

In modern networked control applications, confidentiality and integrity are important features to address in order to prevent against attacks. Moreover, network control systems are a fundamental part of the communication components of current cyber-physical systems (e.g., automotive communications). Many networked control systems employ Time-Triggered (TT) architectures that provide mechanisms enabling the exchange of precise and synchronous messages. TT systems have computation and communication constraints, and with the aim to enable secure communications in the network, it is important to evaluate the computational and communication overhead of implementing secure communication mechanisms. This paper presents a comprehensive analysis and evaluation of the effects of adding a Hash-based Message Authentication (HMAC) to TT networked control systems. The contributions of the paper include (1) the analysis and experimental validation of the communication overhead, as well as a scalability analysis that utilizes the experimental result for both wired and wireless platforms and (2) an experimental evaluation of the computational overhead of HMAC based on a kernel-level Linux implementation. An automotive application is used as an example, and the results show that it is feasible to implement a secure communication mechanism without interfering with the existing automotive controller execution times. The methods and results of the paper can be used for evaluating the performance impact of security mechanisms and, thus, for the design of secure wired and wireless TT networked control systems.

Secure Control Systems for the Energy Sector

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smith, Rhett; Campbell, Jack; Hadley, Mark

2012-03-31

Schweitzer Engineering Laboratories (SEL) will conduct the Hallmark Project to address the need to reduce the risk of energy disruptions because of cyber incidents on control systems. The goals is to develop solutions that can be both applied to existing control systems and designed into new control systems to add the security measures needed to mitigate energy network vulnerabilities. The scope of the Hallmark Project contains four primary elements: 1. Technology transfer of the Secure Supervisory Control and Data Acquisition (SCADA) Communications Protocol (SSCP) from Pacific Northwest National Laboratories (PNNL) to Schweitzer Engineering Laboratories (SEL). The project shall use thismore » technology to develop a Federal Information Processing Standard (FIPS) 140-2 compliant original equipment manufacturer (OEM) module to be called a Cryptographic Daughter Card (CDC) with the ability to directly connect to any PC enabling that computer to securely communicate across serial to field devices. Validate the OEM capabilities with another vendor. 2. Development of a Link Authenticator Module (LAM) using the FIPS 140-2 validated Secure SCADA Communications Protocol (SSCP) CDC module with a central management software kit. 3. Validation of the CDC and Link Authenticator modules via laboratory and field tests. 4. Creation of documents that record the impact of the Link Authenticator to the operators of control systems and on the control system itself. The information in the documents can assist others with technology deployment and maintenance.« less

Usable SPACE: Security, Privacy, and Context for the Mobile User

NASA Astrophysics Data System (ADS)

Jutla, Dawn

Users breach the security of data within many financial applications daily as human and/or business expediency to access and use information wins over corporate security policy guidelines. Recognizing that changing user context often requires different security mechanisms, we discuss end-to-end solutions combining several security and context mechanisms for relevant security control and information presentation in various mobile user situations. We illustrate key concepts using Dimitri Kanevskys (IBM Research) early 2000s patented inventions for voice security and classification.

Secure real-time wireless video streaming in the aeronautical telecommunications network

NASA Astrophysics Data System (ADS)

Czernik, Pawel; Olszyna, Jakub

2010-09-01

As Air Traffic Control Systems move from a voice only environment to one in which clearances are issued via data link, there is a risk that an unauthorized entity may attempt to masquerade as either the pilot or controller. In order to protect against this and related attacks, air-ground communications must be secured. The challenge is to add security in an environment in which bandwidth is limited. The Aeronautical Telecommunications Network (ATN) is an enabling digital network communications technology that addresses capacity and efficiency issues associated with current aeronautical voice communication systems. Equally important, the ATN facilitates migration to free flight, where direct computer-to-computer communication will automate air traffic management, minimize controller and pilot workload, and improve overall aircraft routing efficiency. Protecting ATN communications is critical since safety-of-flight is seriously affected if an unauthorized entity, a hacker for example, is able to penetrate an otherwise reliable communications system and accidentally or maliciously introduce erroneous information that jeopardizes the overall safety and integrity of a given airspace. However, an ATN security implementation must address the challenges associated with aircraft mobility, limited bandwidth communication channels, and uninterrupted operation across organizational and geopolitical boundaries. This paper provides a brief overview of the ATN, the ATN security concept, and begins a basic introduction to the relevant security concepts of security threats, security services and security mechanisms. Security mechanisms are further examined by presenting the fundamental building blocks of symmetric encipherment, asymmetric encipherment, and hash functions. The second part of this paper presents the project of cryptographiclly secure wireless communication between Unmanned Aerial Vehicles (UAV) and the ground station in the ATM system, based on the ARM9 processor development kid and Embedded Linux operation system.

77 FR 64150 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-18

...) requires an annual study and evaluation of internal accounting controls under the Securities Exchange Act... an annual report on the adequacy of their internal accounting controls from an independent accountant... service only their own companies' securities. [[Page 64151

32 CFR 2800.6 - Delegation of classification and declassification authority.

Code of Federal Regulations, 2010 CFR

2010-07-01

.... 12065: (i) Staff Security Officer/Top Secret Control Officer. (ii) Assistant Staff Security Officer/Assistant Top Secret Control Officer. ... to originally classify and declassify information as “SECRET” and/or “CONFIDENTIAL”: (a) Chief of...

Security for safety critical space borne systems

NASA Technical Reports Server (NTRS)

Legrand, Sue

1987-01-01

The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

Fingerprinting Reverse Proxies Using Timing Analysis of TCP Flows

DTIC Science & Technology

2013-09-01

bayes classifier,” in Cloud Computing Security , ser. CCSW ’09. New York City, NY: ACM, 2009, pp. 31–42. [30] J. Zhang, R. Perdisci, W. Lee, U. Sarfraz...FSM Finite State Machine HTML Hypertext Markup Language HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure ICMP Internet Control...This hidden traffic concept supports network access control, security protection through obfuscation, and performance boosts at the Internet facing

49 CFR 1544.221 - Carriage of prisoners under the control of armed law enforcement officers.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRCRAFT OPERATOR SECURITY: AIR CARRIERS AND COMMERCIAL OPERATORS Operations § 1544.221 Carriage... custody of an armed law enforcement officer aboard an aircraft for which screening is required unless, in...

12 CFR 701.20 - Suretyship and guaranty.

Code of Federal Regulations, 2010 CFR

2010-01-01

... which the federal credit union has perfected its security interest (for example, if the collateral is a printed security, the federal credit union must have obtained physical control of the security, and, if... security interest); and (2) That has a market value, at the close of each business day, equal to 100...

33 CFR 101.420 - Right to appeal.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Right to appeal. 101.420 Section 101.420 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: GENERAL Control Measures for Security § 101.420 Right to appeal. (a) Any person directly...

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Information and Restricted Data. 95.35 Section 95.35 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2010 CFR

2010-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2014 CFR

2014-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2012 CFR

2012-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2013 CFR

2013-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2011 CFR

2011-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

48 CFR 1852.204-76 - Security requirements for unclassified information technolocgy resources.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Officer for approval by the Network Security Configuration Control Board (NSCCB); (ii) Comply with the... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Security requirements for... CONTRACT CLAUSES Texts of Provisions and Clauses 1852.204-76 Security requirements for unclassified...

An Encryption Scheme for Communication Internet SCADA Components

NASA Astrophysics Data System (ADS)

Robles, Rosslin John; Kim, Tai-Hoon

The trend in most systems is that they are connected through the Internet. Traditional Supervisory Control and Data Acquisition Systems (SCADA) is connected only in a limited private network. SCADA is considered a critical infrastructure, and connecting to the internet is putting the society on jeopardy, some operators hold back on connecting it to the internet. But since the internet Supervisory Control and Data Acquisition Systems (SCADA) facility has brought a lot of advantages in terms of control, data viewing and generation. Along with these advantages, are security issues regarding web SCADA, operators are pushed to connect Supervisory Control and Data Acquisition Systems (SCADA) through the internet. Because of this, many issues regarding security surfaced. In this paper, we discuss web SCADA and the issues regarding security. As a countermeasure, a web SCADA security solution using crossed-crypto-scheme is proposed to be used in the communication of SCADA components.

78 FR 37371 - Wassenaar Arrangement 2012 Plenary Agreements Implementation: Commerce Control List, Definitions...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-20

...The Bureau of Industry and Security (BIS) maintains, as part of its Export Administration Regulations (EAR), the Commerce Control List (CCL), which identifies certain of the items subject to Department of Commerce jurisdiction. This final rule revises the CCL to implement changes made to the Wassenaar Arrangement's List of Dual-Use Goods and Technologies (Wassenaar List) maintained and agreed to by governments participating in the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (Wassenaar Arrangement, or WA) at the December 2012 WA Plenary Meeting (the Plenary). The Wassenaar Arrangement advocates implementation of effective export controls on strategic items with the objective of improving regional and international security and stability. This rule harmonizes the CCL with the changes made to the WA List at the Plenary by revising ECCNs controlled for national security reasons in each category of the CCL, except category 8, as well as amending the General Software Note, WA reporting requirements, and definitions section in the EAR. BIS is adding unilateral controls to the CCL for specific software and technology for aviation control systems, which the WA agreements removed from the WA List, i.e., EAR national security controls.

75 FR 1455 - Custody of Funds or Securities of Clients by Investment Advisers

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-11

... the internal controls relating to the custody of those assets from an independent public accountant... must obtain or receive an internal control report within six months of the effective date. Section III... securities (SIFMA(AMG) Letter), requiring an internal control report only instead of both the report and a...

Secure videoconferencing equipment switching system and method

DOEpatents

Dirks, David H; Gomes, Diane; Stewart, Corbin J; Fischer, Robert A

2013-04-30

Examples of systems described herein include videoconferencing systems having audio/visual components coupled to a codec. The codec may be configured by a control system. Communication networks having different security levels may be alternately coupled to the codec following appropriate configuration by the control system. The control system may also be coupled to the communication networks.

75 FR 39259 - Proposed Data Collections Submitted for Public Comment and Recommendations

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-08

... DEPARTMENT OF HEALTH AND HUMAN SERVICES Centers for Disease Control and Prevention [60Day-10-0636... Disease Control and Prevention (CDC) Secure Communications Network (Epi-X) (OMB No. 0929-0636 exp. 12/31... Secure Communication Network (Epi-X) OMB Control No. 0920-0636. This IC is being revised to improve the...

Information risk and security modeling

NASA Astrophysics Data System (ADS)

Zivic, Predrag

2005-03-01

This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

Nuclear Power Plant Cyber Security Discrete Dynamic Event Tree Analysis (LDRD 17-0958) FY17 Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wheeler, Timothy A.; Denman, Matthew R.; Williams, R. A.

Instrumentation and control of nuclear power is transforming from analog to modern digital assets. These control systems perform key safety and security functions. This transformation is occurring in new plant designs as well as in the existing fleet of plants as the operation of those plants is extended to 60 years. This transformation introduces new and unknown issues involving both digital asset induced safety issues and security issues. Traditional nuclear power risk assessment tools and cyber security assessment methods have not been modified or developed to address the unique nature of cyber failure modes and of cyber security threat vulnerabilities.more » iii This Lab-Directed Research and Development project has developed a dynamic cyber-risk in- formed tool to facilitate the analysis of unique cyber failure modes and the time sequencing of cyber faults, both malicious and non-malicious, and impose those cyber exploits and cyber faults onto a nuclear power plant accident sequence simulator code to assess how cyber exploits and cyber faults could interact with a plants digital instrumentation and control (DI&C) system and defeat or circumvent a plants cyber security controls. This was achieved by coupling an existing Sandia National Laboratories nuclear accident dynamic simulator code with a cyber emulytics code to demonstrate real-time simulation of cyber exploits and their impact on automatic DI&C responses. Studying such potential time-sequenced cyber-attacks and their risks (i.e., the associated impact and the associated degree of difficulty to achieve the attack vector) on accident management establishes a technical risk informed framework for developing effective cyber security controls for nuclear power.« less

Isolation of Signaling Molecules Involved in Angiogenic Pathways Mediated Alpha v Integrins

DTIC Science & Technology

2004-05-01

67 16. PRICE CODE 17. SECURITY CLASSIFICATION 18. SECURITY CLASSIFICATION 19. SECURITY CLASSIFICATION 20. UMITATION OF ABSTRACT OF REPORT OF THIS PAGE... comparison to the controls (Figure 7C). Penetratin or the VVISYSMPD peptide alone were used as negative controls and had no effect under identical...A., O’Connor, W., King , K., Overholser, J., Hooper, A., Pytowski, B., Witte, L. et al., 1999. Antivascular endothelial growth factor receptor (fetal

Strategic Paralysis: An Airpower Theory for the Present

DTIC Science & Technology

1992-05-01

Approved for public release, distribution unlimited 13. SUPPLEMENTARY NOTES 14. ABSTRACT 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17...Control as: �The role that encompasses all actions taken to secure and control the aerospace environment and to deny the use of that environment to the...destruction is to damage one�s own future prosperity, and, by sowing the seeds of revenge, to jeopardize one�s future security .�48 This is a hauntingly

31 CFR 306.113 - Cases not requiring bonds of indemnity.

Code of Federal Regulations, 2010 CFR

2010-07-01

... the security was in the custody or control of the United States, or a duly authorized agent thereof... GOVERNING U.S. SECURITIES Relief for Loss, Theft, Destruction, Mutilation, or Defacement of Securities § 306... relief for the loss, theft, destruction, mutilation, or defacement of registered securities in any of the...

77 FR 65215 - In the Matter of Licensee Identified in Attachment 1 and all Other Persons Who Obtain Safeguards...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-25

... a computing environment that has adequate computer security controls in place to prevent... NRC intends to issue a security Order to this Licensee in the near future. The Order will require compliance with specific Additional Security Measures to enhance the security for certain radioactive...

Securing medical research: a cybersecurity point of view.

PubMed

Schneier, Bruce

2012-06-22

The problem of securing biological research data is a difficult and complicated one. Our ability to secure data on computers is not robust enough to ensure the security of existing data sets. Lessons from cryptography illustrate that neither secrecy measures, such as deleting technical details, nor national solutions, such as export controls, will work.

Determination of ISRA Framework Using Delphi Methodology for Small and Midsized Enterprises

ERIC Educational Resources Information Center

Shah, Ashish

2017-01-01

Unfathomable a few decades ago, the velocity of revolution in information technology (IT) security is accelerating. Small and midsized enterprises (SMEs) continue to make IT security a highest priority and foster security controls to safeguard their environments from adverse effects. Information technology security professionals must rely on one…

DOE Office of Scientific and Technical Information (OSTI.GOV)

Halbgewachs, Ronald D.; Chavez, Adrian R.

Process Control System (PCS) and Industrial Control System (ICS) security is critical to our national security. But there are a number of technological, economic, and educational impediments to PCS owners implementing effective security on their systems. Sandia National Laboratories has performed the research and development of the OPSAID (Open PCS Security Architecture for Interoperable Design), a project sponsored by the US Department of Energy Office of Electricity Delivery and Energy Reliability (DOE/OE), to address this issue. OPSAID is an open-source architecture for PCS/ICS security that provides a design basis for vendors to build add-on security devices for legacy systems, whilemore » providing a path forward for the development of inherently-secure PCS elements in the future. Using standardized hardware, a proof-of-concept prototype system was also developed. This report describes the improvements and capabilities that have been added to OPSAID since an initial report was released. Testing and validation of this architecture has been conducted in another project, Lemnos Interoperable Security Project, sponsored by DOE/OE and managed by the National Energy Technology Laboratory (NETL).« less

Safety and Security Interface Technology Initiative

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

Safety and Security Interface Technology Initiative Mr. Kevin J. Carroll Dr. Robert Lowrie, Dr. Micheal Lehto BWXT Y12 NSC Oak Ridge, TN 37831 865-576-2289/865-241-2772 carrollkj@y12.doe.gov Work Objective. Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. “Supporting Excellence in Operations Through Safety Analysis,” (workshop theme)more » includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is “Safeguards/Security Integration with Safety.” This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security Documentation Integration, Configuration Control, and development of a shared ‘tool box’ of information/successes. Specific Benefits. The expectation or end state resulting from the topical report and associated implementation plan includes: (1) A recommended process for handling the documentation of the security and safety disciplines, including an appropriate change control process and participation by all stakeholders. (2) A means to package security systems with sufficient information to help expedite the flow of that system through the process. In addition, a means to share successes among sites, to include information and safety basis to the extent such information is transportable. (3) Identification of key security systems and associated essential security elements being installed and an arrangement for the sites installing these systems to host an appropriate team to review a specific system and determine what information is exportable. (4) Identification of the security systems’ essential elements and appropriate controls required for testing of these essential elements in the facility. (5) The ability to help refine and improve an agreed to control set at the manufacture stage.« less

Secure Base Priming Diminishes Conflict-Based Anger and Anxiety

PubMed Central

Koren, Tamara; Bartholomew, Kim

2016-01-01

This study examines the impact of a visual representation of a secure base (i.e. a secure base prime) on attenuating experimentally produced anger and anxiety. Specifically, we examined the assuaging of negative emotions through exposure to an image of a mother-infant embrace or a heterosexual couple embracing. Subjects seated at a computer terminal rated their affect (Pre Affect) using the Affect Adjective Checklist (AAC) then listened to two sets of intense two person conflicts. After the first conflict exposure they rated affect again (Post 1 AAC). Following the second exposure they saw a blank screen (control condition), pictures of everyday objects (distraction condition) or a photo of two people embracing (Secure Base Prime condition). They then reported emotions using the Post 2 AAC. Compared to either control or distraction subjects, Secure Base Prime (SBP) subjects reported significantly less anger and anxiety. These results were then replicated using an internet sample with control, SBP and two new controls: Smiling Man (to control for expression of positive affect) and Cold Mother (an unsmiling mother with infant). The SBP amelioration of anger and anxiety was replicated with the internet sample. No control groups produced this effect, which was generated only by a combination of positive affect in a physically embracing dyad. The results are discussed in terms of attachment theory and research on spreading activation. PMID:27606897

Controlled information destruction: the final frontier in preserving information security for every organisation

NASA Astrophysics Data System (ADS)

Curiac, Daniel-Ioan; Pachia, Mihai

2015-05-01

Information security represents the cornerstone of every data processing system that resides in an organisation's trusted network, implementing all necessary protocols, mechanisms and policies to be one step ahead of possible threats. Starting from the need to strengthen the set of security services, in this article we introduce a new and innovative process named controlled information destruction (CID) that is meant to secure sensitive data that are no longer needed for the organisation's future purposes but would be very damaging if revealed. The disposal of this type of data has to be controlled carefully in order to delete not only the information itself but also all its splinters spread throughout the network, thus denying any possibility of recovering the information after its alleged destruction. This process leads to a modified model of information assurance and also reconfigures the architecture of any information security management system. The scheme we envisioned relies on a reshaped information lifecycle, which reveals the impact of the CID procedure directly upon the information states.

The Infrastructure Necessary to Support a Sustainable Material Protection, Control and Accounting (MPC&A) Program in Russia

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bachner, Katherine M.; Mladineo, Stephen V.

The NNSA Material Protection, Control, and Accounting (MPC&A) program has been engaged for fifteen years in upgrading the security of nuclear materials in Russia. Part of the effort has been to establish the conditions necessary to ensure the long-term sustainability of nuclear security. A sustainable program of nuclear security requires the creation of an indigenous infrastructure, starting with sustained high level government commitment. This includes organizational development, training, maintenance, regulations, inspections, and a strong nuclear security culture. The provision of modern physical protection, control, and accounting equipment to the Russian Federation alone is not sufficient. Comprehensive infrastructure projects support themore » Russian Federation's ability to maintain the risk reduction achieved through upgrades to the equipment. To illustrate the contributions to security, and challenges of implementation, this paper discusses the history and next steps for an indigenous Tamper Indication Device (TID) program, and a Radiation Portal Monitoring (RPM) program.« less

Via generalized function projective synchronization in nonlinear Schrödinger equation for secure communication

NASA Astrophysics Data System (ADS)

Zhao, L. W.; Du, J. G.; Yin, J. L.

2018-05-01

This paper proposes a novel secured communication scheme in a chaotic system by applying generalized function projective synchronization of the nonlinear Schrödinger equation. This phenomenal approach guarantees a secured and convenient communication. Our study applied the Melnikov theorem with an active control strategy to suppress chaos in the system. The transmitted information signal is modulated into the parameter of the nonlinear Schrödinger equation in the transmitter and it is assumed that the parameter of the receiver system is unknown. Based on the Lyapunov stability theory and the adaptive control technique, the controllers are designed to make two identical nonlinear Schrödinger equation with the unknown parameter asymptotically synchronized. The numerical simulation results of our study confirmed the validity, effectiveness and the feasibility of the proposed novel synchronization method and error estimate for a secure communication. The Chaos masking signals of the information communication scheme, further guaranteed a safer and secured information communicated via this approach.

75 FR 30866 - Proposed Collection; Comment Request for Review of a Revised Information Collection: (OMB Control...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-02

... information collection, ``We Need Important Information About Your Eligibility for Social Security Disability Benefits'' (OMB Control No. 3206-0216; Form RI 98-7), is used by OPM to verify receipt of Social Security...

33 CFR 105.260 - Security measures for restricted areas.

Code of Federal Regulations, 2010 CFR

2010-07-01

...; (7) Control the entry, parking, loading and unloading of vehicles; (8) Control the movement and...) Using security personnel, automatic intrusion detection devices, surveillance equipment, or surveillance systems to detect unauthorized entry or movement within restricted areas; (7) Directing the parking...

33 CFR 105.260 - Security measures for restricted areas.

Code of Federal Regulations, 2011 CFR

2011-07-01

...; (7) Control the entry, parking, loading and unloading of vehicles; (8) Control the movement and...) Using security personnel, automatic intrusion detection devices, surveillance equipment, or surveillance systems to detect unauthorized entry or movement within restricted areas; (7) Directing the parking...

Bluetooth based chaos synchronization using particle swarm optimization and its applications to image encryption.

PubMed

Yau, Her-Terng; Hung, Tzu-Hsiang; Hsieh, Chia-Chun

2012-01-01

This study used the complex dynamic characteristics of chaotic systems and Bluetooth to explore the topic of wireless chaotic communication secrecy and develop a communication security system. The PID controller for chaos synchronization control was applied, and the optimum parameters of this PID controller were obtained using a Particle Swarm Optimization (PSO) algorithm. Bluetooth was used to realize wireless transmissions, and a chaotic wireless communication security system was developed in the design concept of a chaotic communication security system. The experimental results show that this scheme can be used successfully in image encryption.

Session Types for Access and Information Flow Control

NASA Astrophysics Data System (ADS)

Capecchi, Sara; Castellani, Ilaria; Dezani-Ciancaglini, Mariangiola; Rezk, Tamara

We consider a calculus for multiparty sessions with delegation, enriched with security levels for session participants and data. We propose a type system that guarantees both session safety and a form of access control. Moreover, this type system ensures secure information flow, including controlled forms of declassification. In particular, the type system prevents leaks that could result from an unrestricted use of the control constructs of the calculus, such as session opening, selection, branching and delegation. We illustrate the use of our type system with a number of examples, which reveal an interesting interplay between the constraints used in security type systems and those used in session types to ensure properties like communication safety and session fidelity.

Aviation security : vulnerabilities still exist in the aviation security system

DOT National Transportation Integrated Search

2000-04-06

The testimony today discusses the Federal Aviation Administration's (FAA) efforts to implement and improve security in two key areas: air traffic control computer systems and airport passenger screening checkpoints. Computer systems-and the informati...

An Analysis of Federal Airport and Air Carrier Employee Access Control, Screening. and Training Regulations

DTIC Science & Technology

1998-03-01

traveling public, air carriers, and persons employed by or conducting business at public airports. 14. SUBJECT TERMS Airport Security , Federal...26 4. Sterile Area 28 5. Exclusive Area 28 E. SECURITY ALERT LEVELS 29 F. AIRPORT SECURITY TOOLS 30 1. Electronic Detection System 31 a... Security Coordinator ASP Airport Security Program BIS Biometrie Identification System CCTV Closed Circuit Television CJIS Criminal Justice Information

Investigative Operations: Use of Covert Testing to Identify Security Vulnerabilities and Fraud, Waste, and Abuse

DTIC Science & Technology

2007-11-14

including evaluations of controls over radioactive materials and security at America’s borders, airport security , sales of sensitive and surplus...officers. The details of this March 2006 report are classified; however, TSA has authorized this limited discussion. Airport Security Testing Sale of...of covert security vulnerability testing of numerous airports across the country. During these covert tests, our investigators passed through airport

Strengthening the Security of ESA Ground Data Systems

NASA Astrophysics Data System (ADS)

Flentge, Felix; Eggleston, James; Garcia Mateos, Marc

2013-08-01

A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.

Key on demand (KoD) for software-defined optical networks secured by quantum key distribution (QKD).

PubMed

Cao, Yuan; Zhao, Yongli; Colman-Meixner, Carlos; Yu, Xiaosong; Zhang, Jie

2017-10-30

Software-defined optical networking (SDON) will become the next generation optical network architecture. However, the optical layer and control layer of SDON are vulnerable to cyberattacks. While, data encryption is an effective method to minimize the negative effects of cyberattacks, secure key interchange is its major challenge which can be addressed by the quantum key distribution (QKD) technique. Hence, in this paper we discuss the integration of QKD with WDM optical networks to secure the SDON architecture by introducing a novel key on demand (KoD) scheme which is enabled by a novel routing, wavelength and key assignment (RWKA) algorithm. The QKD over SDON with KoD model follows two steps to provide security: i) quantum key pools (QKPs) construction for securing the control channels (CChs) and data channels (DChs); ii) the KoD scheme uses RWKA algorithm to allocate and update secret keys for different security requirements. To test our model, we define a security probability index which measures the security gain in CChs and DChs. Simulation results indicate that the security performance of CChs and DChs can be enhanced by provisioning sufficient secret keys in QKPs and performing key-updating considering potential cyberattacks. Also, KoD is beneficial to achieve a positive balance between security requirements and key resource usage.

77 FR 2341 - Delegation by the Secretary of State to the Under Secretary for Arms Control and International...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-17

... Under Secretary for Arms Control and International Security of Authority To Submit Reports Regarding the... by law, I hereby delegate to the Under Secretary for Arms Control and International Security the... Resolution); with the Director of National Intelligence, at the direction of the President, preparing the...

17 CFR 229.308T - (Item 308T) Internal control over financial reporting.

Code of Federal Regulations, 2010 CFR

2010-04-01

... over financial reporting. 229.308T Section 229.308T Commodity and Securities Exchanges SECURITIES AND... § 229.308T (Item 308T) Internal control over financial reporting. Note to Item 308T: This is a special... internal control over financial reporting. Provide a report of management on the registrant's internal...

DOE Office of Scientific and Technical Information (OSTI.GOV)

Knipper, W.

This presentation builds on our response to events that pose, or have the potential to pose, a serious security or law enforcement risk and must be responded to and controlled in a clear a decisive fashion. We will examine some common concepts in the command and control of security-centric events.

Network Access Control List Situation Awareness

ERIC Educational Resources Information Center

Reifers, Andrew

2010-01-01

Network security is a large and complex problem being addressed by multiple communities. Nevertheless, current theories in networking security appear to overestimate network administrators' ability to understand network access control lists (NACLs), providing few context specific user analyses. Consequently, the current research generally seems to…

76 FR 61563 - Voluntary Surrender of Certificate of Registration

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-05

... 21 CFR Part 1301 Administrative practice and procedure, Drug traffic control, Security measures. 21 CFR Part 1309 Administrative practice and procedure, Drug traffic control, Exports, Imports, Security... DEPARTMENT OF JUSTICE Drug Enforcement Administration 21 CFR Parts 1301 and 1309 [Docket No. DEA...

Access Control Is More than Security.

ERIC Educational Resources Information Center

Fickes, Michael

2002-01-01

Describes the University of New Mexico's photo identification LOBO card system, which performs both security and validation tasks. It is used in conjunction with several C-CURE 800 Integrated Security Management Systems supplied by Software House of Lexington, Massachusetts. (EV)

Report: Information Security Series: Security Practices Safe Drinking Water Information System

EPA Pesticide Factsheets

Report #2006-P-00021, March 30, 2006. We found that the Office of Water (OW) substantially complied with many of the information security controls reviewed and had implemented practices to ensure production servers are monitored.

A Security Framework for Online Distance Learning and Training.

ERIC Educational Resources Information Center

Furnell, S. M.; Onions, P. D.; Bleimann, U.; Gojny, U.; Knahl, M.; Roder, H. F.; Sanders, P. W.

1998-01-01

Presents a generic reference model for online distance learning and discusses security issues for each stage (enrollment, study, completion, termination, suspension). Discusses a security framework (authentication and accountability, access control, intrusion detection, network communications, nonrepudiation, learning resources provider…

Privacy, security and access with sensitive health information.

PubMed

Croll, Peter

2010-01-01

This chapter gives an educational overview of: * Confidentiality issues and the challenges faced; * The fundamental differences between privacy and security; * The different access control mechanisms; * The challenges of Internet security; * How 'safety and quality' relate to all the above.

Assessment of Arms, Ammunition, and Explosives Accountability and Control; Security Assistance; and Sustainment for the Afghan National Security Forces

DTIC Science & Technology

2008-10-24

COMMANDER, U.S. ARMY MATERIAL COMMAND LOGISTICS SUPPORT ACTIVITY Department of Defense Office of Inspector General Report No. SPO-2009...report the serial numbers of weapons it controlled to the DoD SA/LW Registry maintained by the U.S. Army Material Command Logistics Support... Material Command Logistics Support Activity assist the Combined Security Transition Command- Afghanistan in reporting serial numbers for U.S.-supplied

Securely and Flexibly Sharing a Biomedical Data Management System

PubMed Central

Wang, Fusheng; Hussels, Phillip; Liu, Peiya

2011-01-01

Biomedical database systems need not only to address the issues of managing complex data, but also to provide data security and access control to the system. These include not only system level security, but also instance level access control such as access of documents, schemas, or aggregation of information. The latter is becoming more important as multiple users can share a single scientific data management system to conduct their research, while data have to be protected before they are published or IP-protected. This problem is challenging as users’ needs for data security vary dramatically from one application to another, in terms of who to share with, what resources to be shared, and at what access level. We develop a comprehensive data access framework for a biomedical data management system SciPort. SciPort provides fine-grained multi-level space based access control of resources at not only object level (documents and schemas), but also space level (resources set aggregated in a hierarchy way). Furthermore, to simplify the management of users and privileges, customizable role-based user model is developed. The access control is implemented efficiently by integrating access privileges into the backend XML database, thus efficient queries are supported. The secure access approach we take makes it possible for multiple users to share the same biomedical data management system with flexible access management and high data security. PMID:21625285

You Should Be the Specialist! Weak Mental Rotation Performance in Aviation Security Screeners - Reduced Performance Level in Aviation Security with No Gender Effect.

PubMed

Krüger, Jenny K; Suchan, Boris

2016-01-01

Aviation security screeners analyze a large number of X-ray images per day and seem to be experts in mentally rotating diverse kinds of visual objects. A robust gender-effect that men outperform women in the Vandenberg & Kuse mental rotation task has been well documented over the last years. In addition it has been shown that training can positively influence the overall task-performance. Considering this, the aim of the present study was to investigate whether security screeners show better performance in the Mental Rotation Test (MRT) independently of gender. Forty-seven security screeners of both sexes from two German airports were examined with a computer based MRT. Their performance was compared to a large sample of control subjects. The well-known gender-effect favoring men on mental rotation was significant within the control group. However, the security screeners did not show any sex differences suggesting an effect of training and professional performance. Surprisingly this specialized group showed a lower level of overall MRT performance than the control participants. Possible aviation related influences such as secondary effects of work-shift or expertise which can cumulatively cause this result are discussed.

Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

PubMed

Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

2000-05-01

The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.

Information Technology Security Professionals' Knowledge and Use Intention Based on UTAUT Model

ERIC Educational Resources Information Center

Kassa, Woldeloul

2016-01-01

Information technology (IT) security threats and vulnerabilities have become a major concern for organizations in the United States. However, there has been little research on assessing the effect of IT security professionals' knowledge on the use of IT security controls. This study examined the unified theory of acceptance and use of technology…

How Attitude toward the Behavior, Subjective Norm, and Perceived Behavioral Control Affects Information Security Behavior Intention

ERIC Educational Resources Information Center

Johnson, David P.

2017-01-01

The education sector is at high risk for information security (InfoSec) breaches and in need of improved security practices. Achieving data protections cannot be through technical means alone. Addressing the human behavior factor is required. Security education, training, and awareness (SETA) programs are an effective method of addressing human…

Technical cooperation on nuclear security between the United States and China : review of the past and opportunities for the future.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pregenzer, Arian Leigh

2011-12-01

The United States and China are committed to cooperation to address the challenges of the next century. Technical cooperation, building on a long tradition of technical exchange between the two countries, can play an important role. This paper focuses on technical cooperation between the United States and China in the areas of nonproliferation, arms control and other nuclear security topics. It reviews cooperation during the 1990s on nonproliferation and arms control under the U.S.-China Arms Control Exchange, discusses examples of ongoing activities under the Peaceful Uses of Technology Agreement to enhance security of nuclear and radiological material, and suggests opportunitiesmore » for expanding technical cooperation between the defense nuclear laboratories of both countries to address a broader range of nuclear security topics.« less

Type-Based Access Control in Data-Centric Systems

NASA Astrophysics Data System (ADS)

Caires, Luís; Pérez, Jorge A.; Seco, João Costa; Vieira, Hugo Torres; Ferrão, Lúcio

Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.

Cyber Security for the Spaceport Command and Control System: Vulnerability Management and Compliance Analysis

NASA Technical Reports Server (NTRS)

Gunawan, Ryan A.

2016-01-01

With the rapid development of the Internet, the number of malicious threats to organizations is continually increasing. In June of 2015, the United States Office of Personnel Management (OPM) had a data breach resulting in the compromise of millions of government employee records. The National Aeronautics and Space Administration (NASA) is not exempt from these attacks. Cyber security is becoming a critical facet to the discussion of moving forward with projects. The Spaceport Command and Control System (SCCS) project at the Kennedy Space Center (KSC) aims to develop the launch control system for the next generation launch vehicle in the coming decades. There are many ways to increase the security of the network it uses, from vulnerability management to ensuring operating system images are compliant with securely configured baselines recommended by the United States Government.

48 CFR 5.102 - Availability of solicitations.

Code of Federal Regulations, 2010 CFR

2010-10-01

...) Disclosure would compromise the national security (e.g., would result in disclosure of classified information, or information subject to export controls) or create other security risks. The fact that access to... information that requires additional controls to monitor access and distribution (e.g., technical data...

75 FR 32140 - Voluntary Surrender of Certificate of Registration

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-07

... 21 CFR Part 1301 Administrative practice and procedure, Drug traffic control, Security measures. 21 CFR Part 1309 Administrative practice and procedure, Drug traffic control, Exports, Imports, Security... DEPARTMENT OF JUSTICE Drug Enforcement Administration 21 CFR Parts 1301, 1309 [Docket No. DEA-304P...

45 CFR 2508.9 - What officials are responsible for the security, management and control of Corporation record...

Code of Federal Regulations, 2014 CFR

2014-10-01

... responsible for monitoring the security standards set forth in this regulation. (b) A designated official... records at all times and for insuring that such records are secured in appropriate containers whenever not...

45 CFR 2508.9 - What officials are responsible for the security, management and control of Corporation record...

Code of Federal Regulations, 2011 CFR

2011-10-01

... responsible for monitoring the security standards set forth in this regulation. (b) A designated official... records at all times and for insuring that such records are secured in appropriate containers whenever not...

45 CFR 2508.9 - What officials are responsible for the security, management and control of Corporation record...

Code of Federal Regulations, 2013 CFR

2013-10-01

... responsible for monitoring the security standards set forth in this regulation. (b) A designated official... records at all times and for insuring that such records are secured in appropriate containers whenever not...

45 CFR 2508.9 - What officials are responsible for the security, management and control of Corporation record...

Code of Federal Regulations, 2012 CFR

2012-10-01

... responsible for monitoring the security standards set forth in this regulation. (b) A designated official... records at all times and for insuring that such records are secured in appropriate containers whenever not...

45 CFR 2508.9 - What officials are responsible for the security, management and control of Corporation record...

Code of Federal Regulations, 2010 CFR

2010-10-01

... responsible for monitoring the security standards set forth in this regulation. (b) A designated official... records at all times and for insuring that such records are secured in appropriate containers whenever not...

49 CFR 40.351 - What confidentiality requirements apply to service agents?

Code of Federal Regulations, 2013 CFR

2013-10-01

... confidentiality and security measures to ensure that confidential employee records are not available to unauthorized persons. This includes protecting the physical security of records, access controls, and computer security measures to safeguard confidential data in electronic data bases. ...

49 CFR 40.351 - What confidentiality requirements apply to service agents?

Code of Federal Regulations, 2014 CFR

2014-10-01

... confidentiality and security measures to ensure that confidential employee records are not available to unauthorized persons. This includes protecting the physical security of records, access controls, and computer security measures to safeguard confidential data in electronic data bases. ...

49 CFR 40.351 - What confidentiality requirements apply to service agents?

Code of Federal Regulations, 2012 CFR

2012-10-01

... confidentiality and security measures to ensure that confidential employee records are not available to unauthorized persons. This includes protecting the physical security of records, access controls, and computer security measures to safeguard confidential data in electronic data bases. ...

49 CFR 40.351 - What confidentiality requirements apply to service agents?

Code of Federal Regulations, 2011 CFR

2011-10-01

... confidentiality and security measures to ensure that confidential employee records are not available to unauthorized persons. This includes protecting the physical security of records, access controls, and computer security measures to safeguard confidential data in electronic data bases. ...

Review of Supervisory Control and Data Acquisition (SCADA) Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Reva Nickelson; Briam Johnson; Ken Barnes

2004-01-01

A review using open source information was performed to obtain data related to Supervisory Control and Data Acquisition (SCADA) systems used to supervise and control domestic electric power generation, transmission, and distribution. This report provides the technical details for the types of systems used, system disposal, cyber and physical security measures, network connections, and a gap analysis of SCADA security holes.

17 CFR 210.2-02T - Accountants' reports and attestation reports on internal control over financial reporting.

Code of Federal Regulations, 2010 CFR

2010-04-01

... attestation reports on internal control over financial reporting. 210.2-02T Section 210.2-02T Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION FORM AND CONTENT OF AND REQUIREMENTS FOR FINANCIAL... attestation reports on internal control over financial reporting. (a) The requirements of § 210.2-02(f) shall...

Supervisory Control and Data Acquisition (SCADA) Systems and Cyber-Security: Best Practices to Secure Critical Infrastructure

ERIC Educational Resources Information Center

Morsey, Christopher

2017-01-01

In the critical infrastructure world, many critical infrastructure sectors use a Supervisory Control and Data Acquisition (SCADA) system. The sectors that use SCADA systems are the electric power, nuclear power and water. These systems are used to control, monitor and extract data from the systems that give us all the ability to light our homes…

Population growth and global security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mumford, S.

A new threat to international and domestic security has emerged in the past three decades: uncontrolled world population growth. Current world population growth control efforts are ineffective. Unchecked growth will threaten global security by depleting food, energy, and other resources. Immigration is another complicating factor that is straining the carrying capacity of some overpopulated regions. Barriers to effective action include the desire of decision-makers to avoid the controversy of abortion and the role of the Catholic church in lobbying against birth control. (3 graphs, 12 photos, 2 tables)

System Control for the Transitional DCS.

DTIC Science & Technology

1979-05-01

Avenue I . NUMBER OF PAGES Reston, VA 22090 300 14. MONITORING AGENCY NAME & ADDRESS(if different from Controlling Office) IS. SECURITY CLASS. (of this...adjusting the routing in the AUTOVON Network. DD FORMj 73 1473 EOITION OF I NOV 65 IS OBSOLETE YV_, UNCLASSIFIED [ L.j 29.? .’ SECURITY CLASSIFICATION OF THIS...PAGE ("en Data Entered) SECURIT’, 1.LASSIPrICATIO04 OP THIS PAGE(Wbmn Deta.Entered) SECURITY CLASIIPICATIOM OF U* PAGE(nem" Data Entoewl I I I SYSTEM

An Evolving Digital Telecommunications Industry and Its Impact on the Operational Environment of the Nationwide Emergency Telecommunication System (NETS).

DTIC Science & Technology

1985-03-01

005 4-, /nImII 1 liIm ulnli iiliiii I I UNCLASSIFIED SECURITY CLASSIFICATION OF TNIS PAGE ("on Data Bnter6t0 REPORT DOCUMENTATION PAGE READ...II different from ControllIng Office) 15. SECURITY CLASS (of thin report) Unclassified IS. OECLASSIFICATION/ DOWNGRADING SCMEDULE 1. DISTRIBUTION...EDITION OF I NOV 65 IS OBSOLETE UNCLASSIFIED N0102LF-0146601 1 UNCLASSIFIED SECURITY CLASSIFICATION OF THIS PAGE (When Dote wrteed) ,IA UNCLASSIFIED

Addressing Software Security

NASA Technical Reports Server (NTRS)

Bailey, Brandon

2015-01-01

Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

XNDM: An Experimental Network Data Manager.

DTIC Science & Technology

1981-06-01

return this copy. Retain or destroy. t t , UNCLASSIFIED SECURITY CLASSIFICATION OF THIS PAGE fWln Dtet Entred) READ INSTRUCTIONSREPORT DOCUMENTATION...MONITORING AGENCY NAME & AODRESS(IE’ different Irom Controlling Office) 15 SECURITY CLASS, (I this report) UNCLASSIFIED Same Is DECLASSIFICATION...DD JAN% 1473 EDITION OF I NOV 65 IS OBSOLETE UNCLASSIFIED SECURITY CLASSIFICATION OF THIS PAGE ("hen Date Entered) -: o . <. UNCLASSIFIED SECURITY

Logistics Composite Model (LCOM) Workbook

DTIC Science & Technology

1976-06-01

nc;-J to e UNCLASSIFIED SECURITY CLASSIFICATION OF THIS PAGE (When Dots Ew.ervol. REPORT DOCUMENTATION PAGE READ INSTRUCTIONS BEFORE COMPLETING FORM I...Controlling Office) 15. SECURITY CLASS. (of this report) Unclassified 158. DECLASSIFICATIONDOWNGRADING SCHEDULE 16. DISTRIBUTION STATEMENT (of this Report...ID SECURITY CLASSIFICATION OF THIS PAGE (When Des Entered) K7 UNCLASSIFIED SECURITY CLASSIFICATION OF THIS PAGE(Whon Dal Entore o l Logic networks

Flexible Energy Scheduling Tool for Integrating Variable Generation | Grid

Science.gov Websites

, security-constrained economic dispatch, and automatic generation control programs. DOWNLOAD PAPER Electric commitment, security-constrained economic dispatch, and automatic generation control sub-models. Each sub resolutions and operating strategies can be explored. FESTIV produces not only economic metrics but also

Report: EPA Should Improve Management Practices and Security Controls for Its Network Directory Service System and Related Servers

EPA Pesticide Factsheets

Report #12-P-0836, September 20, 2012. EPA's OEI is not managing key system management documentation, system administration functions, the granting and monitoring of privileged accounts, and the application of security controls associated with its DSS.

15 CFR Supplement No. 2 to Part 730 - Technical Advisory Committees

Code of Federal Regulations, 2011 CFR

2011-01-01

... (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS GENERAL..., materials, or supplies, including technology, software, and other information, that are subject to export controls, or are being considered for such controls because of their significance to the national security...

75 FR 69673 - Agency Forms Undergoing Paperwork Reduction Act Review

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-15

... DEPARTMENT OF HEALTH AND HUMAN SERVICES Centers for Disease Control and Prevention [30-Day 11-0636... Project Centers for Disease Control and Prevention (CDC) Secure Communications Network (Epi-X) (OMB No... Secure Communication Network (Epi-X))--Revision--Office of Public Health Preparedness and Response (OPHPR...

Implementing healthcare information security: standards can help.

PubMed

Orel, Andrej; Bernik, Igor

2013-01-01

Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

A systematic literature review on security and privacy of electronic health record systems: technical perspectives.

PubMed

Rezaeibagha, Fatemeh; Win, Khin Than; Susilo, Willy

Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.

The Security Factor in School Renovations.

ERIC Educational Resources Information Center

Fickes, Michael

1998-01-01

Discusses how one Indiana high school used its renovation as an opportunity to reevaluate the school's security design. Security considerations in the building's external and internal environment include lighting, directional signage, parking, access control technology, and issues regarding the use of closed circuit television. (GR)

10 CFR 95.39 - External transmission of documents and material.

Code of Federal Regulations, 2013 CFR

2013-01-01

... Procedures Plan for the protection of classified information. (e) Security of classified information in... Section 95.39 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.39 External...

10 CFR 95.39 - External transmission of documents and material.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Procedures Plan for the protection of classified information. (e) Security of classified information in... Section 95.39 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.39 External...

10 CFR 95.39 - External transmission of documents and material.

Code of Federal Regulations, 2014 CFR

2014-01-01

... Procedures Plan for the protection of classified information. (e) Security of classified information in... Section 95.39 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.39 External...

10 CFR 95.39 - External transmission of documents and material.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Procedures Plan for the protection of classified information. (e) Security of classified information in... Section 95.39 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.39 External...

10 CFR 95.39 - External transmission of documents and material.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Procedures Plan for the protection of classified information. (e) Security of classified information in... Section 95.39 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.39 External...

Examining Cyber Command Structures

DTIC Science & Technology

2015-03-01

domains, cyber, command and control, USCYBERCOM, combatant command, cyber force PAGES 65 16. PRICE CODE 17. SECURITY 18. SECURITY 19. SECURITY 20...USCYBERCOM, argue for the creation of a stand-alone cyber force.11 They claim that the military’s tradition-oriented and inelastic nature make the

Information Security Management (ISM)

NASA Astrophysics Data System (ADS)

Šalgovičová, Jarmila; Prajová, Vanessa

2012-12-01

Currently, all organizations have to tackle the issue of information security. The paper deals with various aspects of Information Security Management (ISM), including procedures, processes, organizational structures, policies and control processes. Introduction of Information Security Management should be a strategic decision. The concept and implementation of Information Security Management in an organization are determined by the corporate needs and objectives, security requirements, the processes deployed as well as the size and structure of the organization. The implementation of ISM should be carried out to the extent consistent with the needs of the organization.

Security model for picture archiving and communication systems.

PubMed

Harding, D B; Gac, R J; Reynolds, C T; Romlein, J; Chacko, A K

2000-05-01

The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement comprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both non-performance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model.

Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids

PubMed Central

Zhang, Liping; Tang, Shanyu; Luo, He

2016-01-01

In a smart grid, the power service provider enables the expected power generation amount to be measured according to current power consumption, thus stabilizing the power system. However, the data transmitted over smart grids are not protected, and then suffer from several types of security threats and attacks. Thus, a robust and efficient authentication protocol should be provided to strength the security of smart grid networks. As the Supervisory Control and Data Acquisition system provides the security protection between the control center and substations in most smart grid environments, we focus on how to secure the communications between the substations and smart appliances. Existing security approaches fail to address the performance-security balance. In this study, we suggest a mitigation authentication protocol based on Elliptic Curve Cryptography with privacy protection by using a tamper-resistant device at the smart appliance side to achieve a delicate balance between performance and security of smart grids. The proposed protocol provides some attractive features such as identity protection, mutual authentication and key agreement. Finally, we demonstrate the completeness of the proposed protocol using the Gong-Needham- Yahalom logic. PMID:27007951

Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids.

PubMed

Zhang, Liping; Tang, Shanyu; Luo, He

2016-01-01

In a smart grid, the power service provider enables the expected power generation amount to be measured according to current power consumption, thus stabilizing the power system. However, the data transmitted over smart grids are not protected, and then suffer from several types of security threats and attacks. Thus, a robust and efficient authentication protocol should be provided to strength the security of smart grid networks. As the Supervisory Control and Data Acquisition system provides the security protection between the control center and substations in most smart grid environments, we focus on how to secure the communications between the substations and smart appliances. Existing security approaches fail to address the performance-security balance. In this study, we suggest a mitigation authentication protocol based on Elliptic Curve Cryptography with privacy protection by using a tamper-resistant device at the smart appliance side to achieve a delicate balance between performance and security of smart grids. The proposed protocol provides some attractive features such as identity protection, mutual authentication and key agreement. Finally, we demonstrate the completeness of the proposed protocol using the Gong-Needham-Yahalom logic.

SPCC- Software Elements for Security Partition Communication Controller

NASA Astrophysics Data System (ADS)

Herpel, H. J.; Willig, G.; Montano, G.; Tverdyshev, S.; Eckstein, K.; Schoen, M.

2016-08-01

Future satellite missions like Earth Observation, Telecommunication or any other kind are likely to be exposed to various threats aiming at exploiting vulnerabilities of the involved systems and communications. Moreover, the growing complexity of systems coupled with more ambitious types of operational scenarios imply increased security vulnerabilities in the future. In the paper we will describe an architecture and software elements to ensure high level of security on-board a spacecraft. First the threats to the Security Partition Communication Controller (SPCC) will be addressed including the identification of specific vulnerabilities to the SPCC. Furthermore, appropriate security objectives and security requirements are identified to be counter the identified threats. The security evaluation of the SPCC will be done in accordance to the Common Criteria (CC). The Software Elements for SPCC has been implemented on flight representative hardware which consists of two major elements: the I/O board and the SPCC board. The SPCC board provides the interfaces with ground while the I/O board interfaces with typical spacecraft equipment busses. Both boards are physically interconnected by a high speed spacewire (SpW) link.

A Hybrid Authentication and Authorization Process for Control System Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Manz, David O.; Edgar, Thomas W.; Fink, Glenn A.

2010-08-25

Convergence of control system and IT networks require that security, privacy, and trust be addressed. Trust management continues to plague traditional IT managers and is even more complex when extended into control system networks, with potentially millions of entities, a mission that requires 100% availability. Yet these very networks necessitate a trusted secure environment where controllers and managers can be assured that the systems are secure and functioning properly. We propose a hybrid authentication management protocol that addresses the unique issues inherent within control system networks, while leveraging the considerable research and momentum in existing IT authentication schemes. Our hybridmore » authentication protocol for control systems provides end device to end device authentication within a remote station and between remote stations and control centers. Additionally, the hybrid protocol is failsafe and will not interrupt communication or control of vital systems in a network partition or device failure. Finally, the hybrid protocol is resilient to transitory link loss and can operate in an island mode until connectivity is reestablished.« less

An access control model with high security for distributed workflow and real-time application

NASA Astrophysics Data System (ADS)

Han, Ruo-Fei; Wang, Hou-Xiang

2007-11-01

The traditional mandatory access control policy (MAC) is regarded as a policy with strict regulation and poor flexibility. The security policy of MAC is so compelling that few information systems would adopt it at the cost of facility, except some particular cases with high security requirement as military or government application. However, with the increasing requirement for flexibility, even some access control systems in military application have switched to role-based access control (RBAC) which is well known as flexible. Though RBAC can meet the demands for flexibility but it is weak in dynamic authorization and consequently can not fit well in the workflow management systems. The task-role-based access control (T-RBAC) is then introduced to solve the problem. It combines both the advantages of RBAC and task-based access control (TBAC) which uses task to manage permissions dynamically. To satisfy the requirement of system which is distributed, well defined with workflow process and critically for time accuracy, this paper will analyze the spirit of MAC, introduce it into the improved T&RBAC model which is based on T-RBAC. At last, a conceptual task-role-based access control model with high security for distributed workflow and real-time application (A_T&RBAC) is built, and its performance is simply analyzed.

System Control for the Transitional DCS. Appendices.

DTIC Science & Technology

1978-12-01

the deployment of the AN/TTC-39 circuit switch. This is a hybrid analog/digital switch providing the following services: o Non- secure analog telephone...service. o Non- secure 16 Kb/s digital telephone service. o Secure 16 Kb/s digital telephone service with automatic key distribution and end to end... security . o Analog circuits to support current inventory 50 Kb/sec and 9.6 Kb/sec secure digital communications. In the deployment model for this study

Facilitating Secure Sharing of Personal Health Data in the Cloud.

PubMed

Thilakanathan, Danan; Calvo, Rafael A; Chen, Shiping; Nepal, Surya; Glozier, Nick

2016-05-27

Internet-based applications are providing new ways of promoting health and reducing the cost of care. Although data can be kept encrypted in servers, the user does not have the ability to decide whom the data are shared with. Technically this is linked to the problem of who owns the data encryption keys required to decrypt the data. Currently, cloud service providers, rather than users, have full rights to the key. In practical terms this makes the users lose full control over their data. Trust and uptake of these applications can be increased by allowing patients to feel in control of their data, generally stored in cloud-based services. This paper addresses this security challenge by providing the user a way of controlling encryption keys independently of the cloud service provider. We provide a secure and usable system that enables a patient to share health information with doctors and specialists. We contribute a secure protocol for patients to share their data with doctors and others on the cloud while keeping complete ownership. We developed a simple, stereotypical health application and carried out security tests, performance tests, and usability tests with both students and doctors (N=15). We developed the health application as an app for Android mobile phones. We carried out the usability tests on potential participants and medical professionals. Of 20 participants, 14 (70%) either agreed or strongly agreed that they felt safer using our system. Using mixed methods, we show that participants agreed that privacy and security of health data are important and that our system addresses these issues. We presented a security protocol that enables patients to securely share their eHealth data with doctors and nurses and developed a secure and usable system that enables patients to share mental health information with doctors.

Distributed clinical data sharing via dynamic access-control policy transformation.

PubMed

Rezaeibagha, Fatemeh; Mu, Yi

2016-05-01

Data sharing in electronic health record (EHR) systems is important for improving the quality of healthcare delivery. Data sharing, however, has raised some security and privacy concerns because healthcare data could be potentially accessible by a variety of users, which could lead to privacy exposure of patients. Without addressing this issue, large-scale adoption and sharing of EHR data are impractical. The traditional solution to the problem is via encryption. Although encryption can be applied to access control, it is not applicable for complex EHR systems that require multiple domains (e.g. public and private clouds) with various access requirements. This study was carried out to address the security and privacy issues of EHR data sharing with our novel access-control mechanism, which captures the scenario of the hybrid clouds and need of access-control policy transformation, to provide secure and privacy-preserving data sharing among different healthcare enterprises. We introduce an access-control mechanism with some cryptographic building blocks and present a novel approach for secure EHR data sharing and access-control policy transformation in EHR systems for hybrid clouds. We propose a useful data sharing system for healthcare providers to handle various EHR users who have various access privileges in different cloud environments. A systematic study has been conducted on data sharing in EHR systems to provide a solution to the security and privacy issues. In conclusion, we introduce an access-control method for privacy protection of EHRs and EHR policy transformation that allows an EHR access-control policy to be transformed from a private cloud to a public cloud. This method has never been studied previously in the literature. Furthermore, we provide a protocol to demonstrate policy transformation as an application scenario. Copyright © 2016 Elsevier Ireland Ltd. All rights reserved.

Security in Father-child Relationship and Behavior Problems in Sexually Abused Children.

PubMed

Parent-Boursier, Claudel; Hébert, Martine

2015-01-01

While the influence of mother-child relationships on children's recovery following sexual abuse has been documented, less is known about the possible contribution of father-child relationships on outcomes. The present study explored the contribution of children's perception of security in their relationship to the father on internalizing and externalizing behavior problems, while controlling for sociodemographic variables and variables associated with the mother-child relationship. Participants were 142 children who disclosed sexual abuse involving a perpetrator other than the biological father. Regression analyses indicated that children's perception of security to fathers contributed to the prediction of parental reports of children's behavior problems, even after controlling for maternal psychological distress and perception of security to mothers.

Verification of Security Policy Enforcement in Enterprise Systems

NASA Astrophysics Data System (ADS)

Gupta, Puneet; Stoller, Scott D.

Many security requirements for enterprise systems can be expressed in a natural way as high-level access control policies. A high-level policy may refer to abstract information resources, independent of where the information is stored; it controls both direct and indirect accesses to the information; it may refer to the context of a request, i.e., the request’s path through the system; and its enforcement point and enforcement mechanism may be unspecified. Enforcement of a high-level policy may depend on the system architecture and the configurations of a variety of security mechanisms, such as firewalls, host login permissions, file permissions, DBMS access control, and application-specific security mechanisms. This paper presents a framework in which all of these can be conveniently and formally expressed, a method to verify that a high-level policy is enforced, and an algorithm to determine a trusted computing base for each resource.

Automatic Learning of Fine Operating Rules for Online Power System Security Control.

PubMed

Sun, Hongbin; Zhao, Feng; Wang, Hao; Wang, Kang; Jiang, Weiyong; Guo, Qinglai; Zhang, Boming; Wehenkel, Louis

2016-08-01

Fine operating rules for security control and an automatic system for their online discovery were developed to adapt to the development of smart grids. The automatic system uses the real-time system state to determine critical flowgates, and then a continuation power flow-based security analysis is used to compute the initial transfer capability of critical flowgates. Next, the system applies the Monte Carlo simulations to expected short-term operating condition changes, feature selection, and a linear least squares fitting of the fine operating rules. The proposed system was validated both on an academic test system and on a provincial power system in China. The results indicated that the derived rules provide accuracy and good interpretability and are suitable for real-time power system security control. The use of high-performance computing systems enables these fine operating rules to be refreshed online every 15 min.

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

NASA Technical Reports Server (NTRS)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

Secure NFV Orchestration Over an SDN-Controlled Optical Network With Time-Shared Quantum Key Distribution Resources

NASA Astrophysics Data System (ADS)

Aguado, Alejandro; Hugues-Salas, Emilio; Haigh, Paul Anthony; Marhuenda, Jaume; Price, Alasdair B.; Sibson, Philip; Kennard, Jake E.; Erven, Chris; Rarity, John G.; Thompson, Mark Gerard; Lord, Andrew; Nejabati, Reza; Simeonidou, Dimitra

2017-04-01

We demonstrate, for the first time, a secure optical network architecture that combines NFV orchestration and SDN control with quantum key distribution (QKD) technology. A novel time-shared QKD network design is presented as a cost-effective solution for practical networks.

5 CFR 3201.103 - Prohibition on acquisition, ownership, or control of securities of FDIC-insured depository...

Code of Federal Regulations, 2011 CFR

2011-01-01

... that is insured by the Federal Deposit Insurance Corporation (FDIC); (2) A bank holding company that is... control of securities of FDIC-insured depository institutions and certain holding companies. 3201.103 Section 3201.103 Administrative Personnel FEDERAL DEPOSIT INSURANCE CORPORATION SUPPLEMENTAL STANDARDS OF...

76 FR 34577 - Wassenaar Arrangement 2010 Plenary Agreements Implementation: Commerce Control List, Definitions...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-14

... DEPARTMENT OF COMMERCE Bureau of Industry and Security 15 CFR Parts 740, 743, and 774 [Docket No. 110124056-1301-02] RIN 0694-AF11 Wassenaar Arrangement 2010 Plenary Agreements Implementation: Commerce Control List, Definitions, Reports; Correction AGENCY: Bureau of Industry and Security, Commerce. ACTION...

15 CFR 750.3 - Review of license applications by BIS and other government agencies and departments.

Code of Federal Regulations, 2010 CFR

2010-01-01

... items controlled for national security, missile technology, nuclear nonproliferation, and chemical and... primarily with items controlled for national security, nuclear nonproliferation, missile technology... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false Review of license applications by BIS...

15 CFR 750.3 - Review of license applications by BIS and other government agencies and departments.

Code of Federal Regulations, 2011 CFR

2011-01-01

... items controlled for national security, missile technology, nuclear nonproliferation, and chemical and... primarily with items controlled for national security, nuclear nonproliferation, missile technology... 15 Commerce and Foreign Trade 2 2011-01-01 2011-01-01 false Review of license applications by BIS...

33 CFR 104.270 - Security measures for restricted areas.

Code of Federal Regulations, 2010 CFR

2010-07-01

... surveillance equipment and systems and their controls and lighting system controls; (3) Ventilation and air-conditioning systems and other similar spaces; (4) Spaces with access to potable water tanks, pumps, or... security and surveillance equipment and systems; and (6) Protect cargo and vessel stores from tampering. (b...

78 FR 44951 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-25

... following information collections: Securities of Insured Nonmember Banks, OMB Control No. 3064-0030... Counsel, Legal Support & Expert Services, OMB Control No. 3064-0122. No comments were received. The FDIC... collections of information: 1. Title: Securities of Insured Nonmember Banks. OMB Number: 3064-0030. Form...

5 CFR 3201.103 - Prohibition on acquisition, ownership, or control of securities of FDIC-insured depository...

Code of Federal Regulations, 2010 CFR

2010-01-01

...-split, involuntary stock dividend, merger, acquisition, or other change in corporate ownership, exercise... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Prohibition on acquisition, ownership, or... acquisition, ownership, or control of securities of FDIC-insured depository institutions and certain holding...

Command and Control Across Space and Cyberspace Domains

DTIC Science & Technology

2016-02-16

debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”16).17 From Joint...Third, push control (if not command) to the theater or operational level. Returning to the inbound ICBM scenario proposed by Maj Gen Zabel and detailed

78 FR 46851 - Controlled Group Regulation Examples

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-02

.... Investment Company Z, which keeps its books and makes its returns on the basis of the calendar year, at the... that illustrate the controlled group rules related to regulated investment companies (RICs). These... Government securities or the securities of other regulated investment companies) of any one issuer, (ii) the...

78 FR 69090 - Proposed Data Collections Submitted for Public Comment and Recommendations

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-18

... DEPARTMENT OF HEALTH AND HUMAN SERVICES Centers for Disease Control and Prevention [60 Day-14-0636... Prevention (CDC) Secure Public Health Emergency Response Communications Network (Epi-X) (OMB Control No. 0920... uncertainty with potential negative impacts on public health response operations. Secure communications with...

Integration of Control Algorithms for Quadrotor UAV’s Using an Indoor Sensor Environment

DTIC Science & Technology

2011-09-01

PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY CLASSIFICATION OF THIS PAGE Unclassified 19. SECURITY...gorgeous wife, Maggie, thank you for your loving support and continuous study snacks . xvi THIS PAGE INTENTIONALLY LEFT BLANK 1 I

32 CFR 245.6 - Abbreviations and acronyms.

Code of Federal Regulations, 2011 CFR

2011-07-01

...—Domestic Event Network DHS—Department of Homeland Security DND—Department of National Defence (Canada) DoD... (NORAD) NORAD—North American Aerospace Defense Command PACAF—Pacific Air Forces SCA—Security Control Authorization SEADS—Southeast Air Defense Sector (NORAD) SUA—Special Use Airspace TSA—Transportation Security...

32 CFR 245.1 - Purpose.

Code of Federal Regulations, 2014 CFR

2014-07-01

... (DOT/FAA), Department of Homeland Security/Transportation Security Administration (DHS/TSA), and Department of Defense (DoD) authorities for the security control of civil and military air traffic. It... 32 National Defense 2 2014-07-01 2014-07-01 false Purpose. 245.1 Section 245.1 National Defense...

32 CFR 245.1 - Purpose.

Code of Federal Regulations, 2011 CFR

2011-07-01

... (DOT/FAA), Department of Homeland Security/Transportation Security Administration (DHS/TSA), and Department of Defense (DoD) authorities for the security control of civil and military air traffic. It... 32 National Defense 2 2011-07-01 2011-07-01 false Purpose. 245.1 Section 245.1 National Defense...

32 CFR 245.6 - Abbreviations and acronyms.

Code of Federal Regulations, 2012 CFR

2012-07-01

...—Domestic Event Network DHS—Department of Homeland Security DND—Department of National Defence (Canada) DoD... (NORAD) NORAD—North American Aerospace Defense Command PACAF—Pacific Air Forces SCA—Security Control Authorization SEADS—Southeast Air Defense Sector (NORAD) SUA—Special Use Airspace TSA—Transportation Security...

32 CFR 245.1 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-07-01

... (DOT/FAA), Department of Homeland Security/Transportation Security Administration (DHS/TSA), and Department of Defense (DoD) authorities for the security control of civil and military air traffic. It... 32 National Defense 2 2010-07-01 2010-07-01 false Purpose. 245.1 Section 245.1 National Defense...

32 CFR 245.6 - Abbreviations and acronyms.

Code of Federal Regulations, 2014 CFR

2014-07-01

...—Domestic Event Network DHS—Department of Homeland Security DND—Department of National Defence (Canada) DoD... (NORAD) NORAD—North American Aerospace Defense Command PACAF—Pacific Air Forces SCA—Security Control Authorization SEADS—Southeast Air Defense Sector (NORAD) SUA—Special Use Airspace TSA—Transportation Security...

32 CFR 245.1 - Purpose.

Code of Federal Regulations, 2013 CFR

2013-07-01

... (DOT/FAA), Department of Homeland Security/Transportation Security Administration (DHS/TSA), and Department of Defense (DoD) authorities for the security control of civil and military air traffic. It... 32 National Defense 2 2013-07-01 2013-07-01 false Purpose. 245.1 Section 245.1 National Defense...

32 CFR 245.1 - Purpose.

Code of Federal Regulations, 2012 CFR

2012-07-01

... (DOT/FAA), Department of Homeland Security/Transportation Security Administration (DHS/TSA), and Department of Defense (DoD) authorities for the security control of civil and military air traffic. It... 32 National Defense 2 2012-07-01 2012-07-01 false Purpose. 245.1 Section 245.1 National Defense...

32 CFR 245.6 - Abbreviations and acronyms.

Code of Federal Regulations, 2013 CFR

2013-07-01

...—Domestic Event Network DHS—Department of Homeland Security DND—Department of National Defence (Canada) DoD... (NORAD) NORAD—North American Aerospace Defense Command PACAF—Pacific Air Forces SCA—Security Control Authorization SEADS—Southeast Air Defense Sector (NORAD) SUA—Special Use Airspace TSA—Transportation Security...

40 CFR 205.5-2 - National security exemptions.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 40 Protection of Environment 25 2011-07-01 2011-07-01 false National security exemptions. 205.5-2 Section 205.5-2 Protection of Environment ENVIRONMENTAL PROTECTION AGENCY (CONTINUED) NOISE ABATEMENT PROGRAMS TRANSPORTATION EQUIPMENT NOISE EMISSION CONTROLS General Provisions § 205.5-2 National security...

49 CFR 15.13 - Marking SSI.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.13 Marking... document. (b) Protective marking. The protective marking is: SENSITIVE SECURITY INFORMATION. (c... Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may...

40 CFR 205.5-2 - National security exemptions.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 40 Protection of Environment 24 2010-07-01 2010-07-01 false National security exemptions. 205.5-2 Section 205.5-2 Protection of Environment ENVIRONMENTAL PROTECTION AGENCY (CONTINUED) NOISE ABATEMENT PROGRAMS TRANSPORTATION EQUIPMENT NOISE EMISSION CONTROLS General Provisions § 205.5-2 National security...

SECURITY GATE FOR WEAPONS STORAGE AREA. FROM LEFT TO RIGHT, ...

Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

SECURITY GATE FOR WEAPONS STORAGE AREA. FROM LEFT TO RIGHT, STORAGE BUILDING (BUILDING 3584), CONVENTIONAL MUNITIONS SHOP (BUILDING 3580), AND SECURITY POLICE ENTRY CONTROL BUILDING (BUILDING 3582). VIEW TO SOUTHWEST - Plattsburgh Air Force Base, U.S. Route 9, Plattsburgh, Clinton County, NY

49 CFR 15.13 - Marking SSI.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.13 Marking... document. (b) Protective marking. The protective marking is: SENSITIVE SECURITY INFORMATION. (c... Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may...

15 CFR 784.3 - Scope and conduct of complementary access.

Code of Federal Regulations, 2011 CFR

2011-01-01

..., safety, and security regulations (e.g., regulations for protection of controlled environments within the... (Continued) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE ADDITIONAL PROTOCOL REGULATIONS... presence of a U.S. Government Host Team. No information of direct national security significance shall be...

14 CFR 99.7 - Special security instructions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 2 2010-01-01 2010-01-01 false Special security instructions. 99.7 Section 99.7 Aeronautics and Space FEDERAL AVIATION ADMINISTRATION, DEPARTMENT OF TRANSPORTATION (CONTINUED) AIR TRAFFIC AND GENERAL OPERATING RULES SECURITY CONTROL OF AIR TRAFFIC General § 99.7 Special...

A single-pixel X-ray imager concept and its application to secure radiographic inspections

DOE PAGES

Gilbert, Andrew J.; Miller, Brian W.; Robinson, Sean M.; ...

2017-07-01

Imaging technology is generally considered too invasive for arms control inspections due to the concern that it cannot properly secure sensitive features of the inspected item. But, this same sensitive information, which could include direct information on the form and function of the items under inspection, could be used for robust arms control inspections. The single-pixel X-ray imager (SPXI) is introduced as a method to make such inspections, capturing the salient spatial information of an object in a secure manner while never forming an actual image. We built this method on the theory of compressive sensing and the single pixelmore » optical camera. The performance of the system is quantified using simulated inspections of simple objects. Measures of the robustness and security of the method are introduced and used to determine how robust and secure such an inspection would be. Particularly, it is found that an inspection with low noise (<1%) and high undersampling (>256×) exhibits high robustness and security.« less

Increasing the resilience and security of the United States' power infrastructure

DOE Office of Scientific and Technical Information (OSTI.GOV)

Happenny, Sean F.

2015-08-01

The United States' power infrastructure is aging, underfunded, and vulnerable to cyber attack. Emerging smart grid technologies may take some of the burden off of existing systems and make the grid as a whole more efficient, reliable, and secure. The Pacific Northwest National Laboratory (PNNL) is funding research into several aspects of smart grid technology and grid security, creating a software simulation tool that will allow researchers to test power infrastructure control and distribution paradigms by utilizing different smart grid technologies to determine how the grid and these technologies react under different circumstances. Understanding how these systems behave in real-worldmore » conditions will lead to new ways to make our power infrastructure more resilient and secure. Demonstrating security in embedded systems is another research area PNNL is tackling. Many of the systems controlling the U.S. critical infrastructure, such as the power grid, lack integrated security and the aging networks protecting them are becoming easier to attack.« less

A single-pixel X-ray imager concept and its application to secure radiographic inspections

NASA Astrophysics Data System (ADS)

Gilbert, Andrew J.; Miller, Brian W.; Robinson, Sean M.; White, Timothy A.; Pitts, William Karl; Jarman, Kenneth D.; Seifert, Allen

2017-07-01

Imaging technology is generally considered too invasive for arms control inspections due to the concern that it cannot properly secure sensitive features of the inspected item. However, this same sensitive information, which could include direct information on the form and function of the items under inspection, could be used for robust arms control inspections. The single-pixel X-ray imager (SPXI) is introduced as a method to make such inspections, capturing the salient spatial information of an object in a secure manner while never forming an actual image. The method is built on the theory of compressive sensing and the single pixel optical camera. The performance of the system is quantified using simulated inspections of simple objects. Measures of the robustness and security of the method are introduced and used to determine how robust and secure such an inspection would be. In particular, it is found that an inspection with low noise ( < 1 %) and high undersampling ( > 256 ×) exhibits high robustness and security.

Self-efficacy is associated with increased food security in novel food pantry program.

PubMed

Martin, Katie S; Colantonio, Angela G; Picho, Katherine; Boyle, Katie E

2016-12-01

We examined the effect of a novel food pantry intervention (Freshplace) that includes client-choice and motivational interviewing on self-efficacy and food security in food pantry clients. The study was designed as a randomized control trial. Participants were recruited over one year from traditional food pantries in Hartford, CT. Participants were randomized to Freshplace or traditional food pantries (controls) and data collection occurred at baseline with quarterly follow-ups for 18 months. Food security was measured using the USDA 18-item Food Security Module. A newly developed scale was utilized to measure self-efficacy. Scale reliability was measured using a Cronbach alpha test; validity was measured via correlating with a related variable. Analyses included chi-square tests for bivariate analyses and hierarchical linear modeling for longitudinal analyses. A total of 227 adults were randomized to the Freshplace intervention ( n =112) or control group ( n =115). The overall group was 60% female, 73% Black, mean age=51. The new self-efficacy scale showed good reliability and validity. Self-efficacy was significantly inversely associated with very low food security ( p <.05). Being in the Freshplace intervention ( p =.01) and higher self-efficacy ( p =.04) were independently associated with decreased very low food security. The traditional food pantry model fails to recognize the influence of self-efficacy on a person's food security. A food pantry model with client-choice, motivational interviewing and targeted referral services can increase self-efficacy of clients. Prioritizing the self-efficacy of clients over the efficiency of pantry operations is required to increase food security among disadvantaged populations.

Protection of data carriers using secure optical codes

NASA Astrophysics Data System (ADS)

Peters, John A.; Schilling, Andreas; Staub, René; Tompkin, Wayne R.

2006-02-01

Smartcard technologies, combined with biometric-enabled access control systems, are required for many high-security government ID card programs. However, recent field trials with some of the most secure biometric systems have indicated that smartcards are still vulnerable to well equipped and highly motivated counterfeiters. In this paper, we present the Kinegram Secure Memory Technology which not only provides a first-level visual verification procedure, but also reinforces the existing chip-based security measures. This security concept involves the use of securely-coded data (stored in an optically variable device) which communicates with the encoded hashed information stored in the chip memory via a smartcard reader device.

Healthcare teams over the Internet: programming a certificate-based approach.

PubMed

Georgiadis, Christos K; Mavridis, Ioannis K; Pangalos, George I

2003-07-01

Healthcare environments are a representative case of collaborative environments since individuals (e.g. doctors) in many cases collaborate in order to provide care to patients in a more proficient way. At the same time modern healthcare institutions are increasingly interested in sharing access of their information resources in the networked environment. Healthcare applications over the Internet offer an attractive communication infrastructure at worldwide level but with a noticeably great factor of risk. Security has, therefore, become a major concern. However, although an adequate level of security can be relied upon digital certificates, if an appropriate security model is used, additional security considerations are needed in order to deal efficiently with the above team-work concerns. The already known Hybrid Access Control (HAC) security model supports and handles efficiently healthcare teams with active security capabilities and is capable to exploit the benefits of certificate technology. In this paper we present the way for encoding the appropriate authoritative information in various types of certificates, as well as the overall operational architecture of the implemented access control system for healthcare collaborative environments over the Internet. A pilot implementation of the proposed methodology in a major Greek hospital has shown the applicability of the proposals and the flexibility of the access control provided.

Healthcare teams over the Internet: towards a certificate-based approach.

PubMed

Georgiadis, Christos K; Mavridis, Ioannis K; Pangalos, George I

2002-01-01

Healthcare environments are a representative case of collaborative environments since individuals (e.g. doctors) in many cases collaborate in order to provide care to patients in a more proficient way. At the same time modem healthcare institutions are increasingly interested in sharing access of their information resources in the networked environment. Healthcare applications over the Internet offer an attractive communication infrastructure at worldwide level but with a noticeably great factor of risk. Security has therefore become a major concern for healthcare applications over the Internet. However, although an adequate level of security can be relied upon digital certificates, if an appropriate security policy is used, additional security considerations are needed in order to deal efficiently with the above team-work concerns. The already known Hybrid Access Control security model supports and handles efficiently healthcare teams with active security capabilities and is capable to exploit the benefits of certificate technology. In this paper we present the way for encoding the appropriate authoritative information in various types of certificates, as well as the overall operational architecture of the implemented access control system for healthcare collaborative environments over the Internet. A pilot implementation of the proposed methodology in a major Greek hospital has shown the applicability of the proposals and the flexibility of the access control provided.

You Should Be the Specialist! Weak Mental Rotation Performance in Aviation Security Screeners – Reduced Performance Level in Aviation Security with No Gender Effect

PubMed Central

Krüger, Jenny K.; Suchan, Boris

2016-01-01

Aviation security screeners analyze a large number of X-ray images per day and seem to be experts in mentally rotating diverse kinds of visual objects. A robust gender-effect that men outperform women in the Vandenberg & Kuse mental rotation task has been well documented over the last years. In addition it has been shown that training can positively influence the overall task-performance. Considering this, the aim of the present study was to investigate whether security screeners show better performance in the Mental Rotation Test (MRT) independently of gender. Forty-seven security screeners of both sexes from two German airports were examined with a computer based MRT. Their performance was compared to a large sample of control subjects. The well-known gender-effect favoring men on mental rotation was significant within the control group. However, the security screeners did not show any sex differences suggesting an effect of training and professional performance. Surprisingly this specialized group showed a lower level of overall MRT performance than the control participants. Possible aviation related influences such as secondary effects of work-shift or expertise which can cumulatively cause this result are discussed. PMID:27014142

Integrating Programming Language and Operating System Information Security Mechanisms

DTIC Science & Technology

2016-08-31

suggestions for reducing the burden, to the Department of Defense, Executive Service Directorate (0704-0188). Respondents should be aware that...improve the precision of security enforcement, and to provide greater assurance of information security. This grant focuses on two key projects: language...based control of authority; and formal guarantees for the correctness of audit information. 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17

Cyber Hygiene for Control System Security

DOE PAGES

Oliver, David

2015-10-08

There are many resources from government and private industry available to assist organizations in reducing their attack surface and enhancing their security posture. Furthermore, standards are being written and improved upon to make the practice of securing a network more manageable. And while the specifics of network security are complex, most system vulnerabilities can be mitigated using fairly simple cyber hygiene techniques like those offered above.

World population, world health and security: 20th century trends.

PubMed

Bashford, A

2008-03-01

The connection between infectious disease control and national security is now firmly entrenched. This article takes a historical look at another security issue once prominent in debate on foreign policy and international relations, but now more or less absent: overpopulation. It explores the nature of the debate on population as a security question, and its complicated historical relation to the development of world health.

Innovative dressing and securement of tunneled central venous access devices in pediatrics: a pilot randomized controlled trial.

PubMed

Ullman, Amanda J; Kleidon, Tricia; Gibson, Victoria; McBride, Craig A; Mihala, Gabor; Cooke, Marie; Rickard, Claire M

2017-08-30

Central venous access device (CVAD) associated complications are a preventable source of patient harm, frequently resulting in morbidity and delays to vital treatment. Dressing and securement products are used to prevent infectious and mechanical complications, however current complication rates suggest customary practices are inadequate. The aim of this study was to evaluate the feasibility of launching a full-scale randomized controlled efficacy trial of innovative dressing and securement products for pediatric tunneled CVAD to prevent complication and failure. An external, pilot, four-group randomized controlled trial of standard care (bordered polyurethane dressing and suture), in comparison to integrated securement-dressing, suture-less securement device, and tissue adhesive was undertaken across two large, tertiary referral pediatric hospitals in Australia. Forty-eight pediatric participants with newly inserted tunneled CVADs were consecutively recruited. The primary outcome of study feasibility was established by elements of eligibility, recruitment, attrition, protocol adherence, missing data, parent and healthcare staff satisfaction and acceptability, and effect size estimates for CVAD failure (cessation of function prior to completion of treatment) and complication (associated bloodstream infection, thrombosis, breakage, dislodgement or occlusion). Dressing integrity, product costs and site complications were also examined. Protocol feasibility was established. CVAD failure was: 17% (2/12) integrated securement-dressing; 8% (1/13) suture-less securement device; 0% tissue adhesive (0/12); and, 0% standard care (0/11). CVAD complications were: 15% (2/13) suture-less securement device (CVAD associated bloodstream infection, and occlusion and partial dislodgement); 8% (1/12) integrated securement-dressing (partial dislodgement); 0% tissue adhesive (0/12); and, 0% standard care (0/11). One CVAD-associated bloodstream infection occurred, within the suture-less securement device group. Overall satisfaction was highest in the integrated securement-dressing (mean 8.5/10; standard deviation 1.2). Improved dressing integrity was evident in the intervention arms, with the integrated securement-dressing associated with prolonged time to first dressing change (mean days 3.5). Improving the security and dressing integrity of tunneled CVADs is likely to improve outcomes for pediatric patients. Further research is necessary to identify novel, effective CVAD securement to reduce complications, and provide reliable vascular access for children. ACTRN12614000280606 ; prospectively registered on 17/03/2014.

Securing Resources in Collaborative Environments: A Peer-to-peerApproach

DOE Office of Scientific and Technical Information (OSTI.GOV)

Berket, Karlo; Essiari, Abdelilah; Thompson, Mary R.

2005-09-19

We have developed a security model that facilitates control of resources by autonomous peers who act on behalf of collaborating users. This model allows a gradual build-up of trust. It enables secure interactions among users that do not necessarily know each other and allows them to build trust over the course of their collaboration. This paper describes various aspects of our security model and describes an architecture that implements this model to provide security in pure peer-to-peer environments.

Cyber security best practices for the nuclear industry

DOE Office of Scientific and Technical Information (OSTI.GOV)

Badr, I.

2012-07-01

When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

Lawrence Livermore National Laboratory safeguards and security quarterly progress report to the US Department of Energy quarter ending September 30, 1994

DOE Office of Scientific and Technical Information (OSTI.GOV)

Davis, G.; Mansur, D.L.; Ruhter, W.D.

1994-10-01

This report presents the details of the Lawrence Livermore National Laboratory safeguards and securities program. This program is focused on developing new technology, such as x- and gamma-ray spectrometry, for measurement of special nuclear materials. This program supports the Office of Safeguards and Securities in the following five areas; safeguards technology, safeguards and decision support, computer security, automated physical security, and automated visitor access control systems.

Laboratory security and emergency response guidance for laboratories working with select agents. Centers for Disease Control and Prevention.

PubMed

Richmond, Jonathan Y; Nesby-O'Dell, Shanna L

2002-12-06

In recent years, concern has increased regarding use of biologic materials as agents of terrorism, but these same agents are often necessary tools in clinical and research microbiology laboratories. Traditional biosafety guidelines for laboratories have emphasized use of optimal work practices, appropriate containment equipment, well-designed facilities, and administrative controls to minimize risk of worker injury and to ensure safeguards against laboratory contamination. The guidelines discussed in this report were first published in 1999 (U.S. Department of Health and Human Services/CDC and National Institutes of Health. Biosafety in microbiological and biomedical laboratories [BMBL]. Richmond JY, McKinney RW, eds. 4th ed. Washington, DC: US Department of Health and Human Services, 1999 [Appendix F]). In that report, physical security concerns were addressed, and efforts were focused on preventing unauthorized entry to laboratory areas and preventing unauthorized removal of dangerous biologic agents from the laboratory. Appendix F of BMBL is now being revised to include additional information regarding personnel risk assessments, and inventory controls. The guidelines contained in this report are intended for laboratories working with select agents under biosafety-level 2, 3, or 4 conditions as described in Sections II and III of BMBL. These recommendations include conducting facility risk assessments and developing comprehensive security plans to minimize the probability of misuse of select agents. Risk assessments should include systematic, site-specific reviews of 1) physical security; 2) security of data and electronic technology systems; 3) employee security; 4) access controls to laboratory and animal areas; 5) procedures for agent inventory and accountability; 6) shipping/transfer and receiving of select agents; 7) unintentional incident and injury policies; 8) emergency response plans; and 9) policies that address breaches in security. The security plan should be an integral part of daily operations. All employees should be well-trained and equipped, and the plan should be reviewed annually, at least.

33 CFR 104.220 - Company or vessel personnel with security duties.

Code of Federal Regulations, 2013 CFR

2013-07-01

... measures; (e) Crowd management and control techniques; (f) Security related communications; (g) Knowledge... duties must maintain a TWIC, and must have knowledge, through training or equivalent job experience, in the following, as appropriate: (a) Knowledge of current security threats and patterns; (b) Recognition...

33 CFR 104.220 - Company or vessel personnel with security duties.

Code of Federal Regulations, 2014 CFR

2014-07-01

... measures; (e) Crowd management and control techniques; (f) Security related communications; (g) Knowledge... duties must maintain a TWIC, and must have knowledge, through training or equivalent job experience, in the following, as appropriate: (a) Knowledge of current security threats and patterns; (b) Recognition...

33 CFR 104.220 - Company or vessel personnel with security duties.

Code of Federal Regulations, 2012 CFR

2012-07-01

... measures; (e) Crowd management and control techniques; (f) Security related communications; (g) Knowledge... duties must maintain a TWIC, and must have knowledge, through training or equivalent job experience, in the following, as appropriate: (a) Knowledge of current security threats and patterns; (b) Recognition...

77 FR 18255 - Agency Information Collection Activities: Form N-565; Extension of an Existing Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-27

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services Agency Information... Naturalization/Citizenship Document; OMB Control No. 1615-0091. The Department of Homeland Security, U.S... Security (DHS), USCIS, Chief, Regulatory Coordination Division, 20 Massachusetts Avenue NW., Washington, DC...

75 FR 80835 - Agency Information Collection Activities: Form N-565; Extension of an Existing Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-23

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services Agency Information... Naturalization/Citizenship Document; OMB Control No. 1615-0091. The Department of Homeland Security, U.S... Security (DHS), USCIS, Chief, Regulatory Products Division, 20 Massachusetts Avenue, NW., Washington, DC...

75 FR 23311 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-03

... instead of using an intermediary. The number of custodians is from Lipper Inc.'s Lana Database. Securities... SECURITIES AND EXCHANGE COMMISSION [Rule 17f-4; SEC File No. 270-232; OMB Control No. 3235-0225] Proposed Collection; Comment Request Upon Written Request, Copies Available From: Securities and Exchange...

75 FR 11552 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Aviation...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-11

... From OMB of One Current Public Collection of Information: Aviation Security Customer Satisfaction.... The collection involves surveying travelers to measure customer satisfaction of aviation security in... OMB Control Number 1652-0013; Aviation Security Customer Satisfaction Performance Measurement...

78 FR 5122 - NASA Security and Protective Services Enforcement

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-24

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION 14 CFR Parts 1203a, 1203b, and 1204 [Docket No NASA-2012-0007] RIN 2700-AD89 NASA Security and Protective Services Enforcement AGENCY: National Aeronautics... nonsubstantive changes to NASA regulations to clarify the procedures for establishing controlled/ secure areas...

An effective and secure key-management scheme for hierarchical access control in E-medicine system.

PubMed

Odelu, Vanga; Das, Ashok Kumar; Goswami, Adrijit

2013-04-01

Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against 'man-in-the-middle attack' or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.'s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu-Chen's scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu-Chen's scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu-Chen's scheme, Nikooghadam-Zakerolhosseini's scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems.

Server-Controlled Identity-Based Authenticated Key Exchange

NASA Astrophysics Data System (ADS)

Guo, Hua; Mu, Yi; Zhang, Xiyong; Li, Zhoujun

We present a threshold identity-based authenticated key exchange protocol that can be applied to an authenticated server-controlled gateway-user key exchange. The objective is to allow a user and a gateway to establish a shared session key with the permission of the back-end servers, while the back-end servers cannot obtain any information about the established session key. Our protocol has potential applications in strong access control of confidential resources. In particular, our protocol possesses the semantic security and demonstrates several highly-desirable security properties such as key privacy and transparency. We prove the security of the protocol based on the Bilinear Diffie-Hellman assumption in the random oracle model.

Attachment Security Balances Perspectives: Effects of Security Priming on Highly Optimistic and Pessimistic Explanatory Styles.

PubMed

Deng, Yanhe; Yan, Mengge; Chen, Henry; Sun, Xin; Zhang, Peng; Zeng, Xianglong; Liu, Xiangping; Lye, Yue

2016-01-01

Highly optimistic explanatory style (HOES) and highly pessimistic explanatory style (HPES) are two maladaptive ways to explain the world and may have roots in attachment insecurity. The current study aims to explore the effects of security priming - activating supportive representations of attachment security - on ameliorating these maladaptive explanatory styles. 57 participants with HOES and 57 participants with HPES were randomized into security priming and control conditions. Their scores of overall optimistic attribution were measured before and after priming. Security priming had a moderating effect: the security primed HOES group exhibited lower optimistic attribution, while the security primed HPES group evinced higher scores of optimistic attribution. Furthermore, the security primed HOES group attributed positive outcomes more externally, while the security primed HPES group attributed successful results more internally. The results support the application of security priming interventions on maladaptive explanatory styles. Its potential mechanism and directions for future study are also discussed.

American Security and the International Energy Situation. Volume 2. World Energy and the Security of Supply

DTIC Science & Technology

1975-04-15

flue gas desulfurization technology seems to oe progressing so that by the late 1970s utilities may be able to burn high-sultur coal directly with...CObHqat ion•.V Conferva 1i on 0’ I , gas . and shale Coa I Lir.’I ronmcntal control Nuclear fission Nuclear fusion Other a. So I a r B...abandonment of all import controls , its findings on th: key problem of import dependence and security did not reflect a dear conviction that a

DOE Office of Scientific and Technical Information (OSTI.GOV)

Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.

This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

Fuzzy Logic Based Anomaly Detection for Embedded Network Security Cyber Sensor

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Jason Wright

Resiliency and security in critical infrastructure control systems in the modern world of cyber terrorism constitute a relevant concern. Developing a network security system specifically tailored to the requirements of such critical assets is of a primary importance. This paper proposes a novel learning algorithm for anomaly based network security cyber sensor together with its hardware implementation. The presented learning algorithm constructs a fuzzy logic rule based model of normal network behavior. Individual fuzzy rules are extracted directly from the stream of incoming packets using an online clustering algorithm. This learning algorithm was specifically developed to comply with the constrainedmore » computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental test-bed mimicking the environment of a critical infrastructure control system.« less

Security Policies for Mitigating the Risk of Load Altering Attacks on Smart Grid Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ryutov, Tatyana; AlMajali, Anas; Neuman, Clifford

2015-04-01

While demand response programs implement energy efficiency and power quality objectives, they bring potential security threats to the Smart Grid. The ability to influence load in a system enables attackers to cause system failures and impacts the quality and integrity of power delivered to customers. This paper presents a security mechanism to monitor and control load according to a set of security policies during normal system operation. The mechanism monitors, detects, and responds to load altering attacks. We examined the security requirements of Smart Grid stakeholders and constructed a set of load control policies enforced by the mechanism. We implementedmore » a proof of concept prototype and tested it using the simulation environment. By enforcing the proposed policies in this prototype, the system is maintained in a safe state in the presence of load drop attacks.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gilbert, Andrew J.; Miller, Brian W.; Robinson, Sean M.

Imaging technology is generally considered too invasive for arms control inspections due to the concern that it cannot properly secure sensitive features of the inspected item. But, this same sensitive information, which could include direct information on the form and function of the items under inspection, could be used for robust arms control inspections. The single-pixel X-ray imager (SPXI) is introduced as a method to make such inspections, capturing the salient spatial information of an object in a secure manner while never forming an actual image. We built this method on the theory of compressive sensing and the single pixelmore » optical camera. The performance of the system is quantified using simulated inspections of simple objects. Measures of the robustness and security of the method are introduced and used to determine how robust and secure such an inspection would be. Particularly, it is found that an inspection with low noise (<1%) and high undersampling (>256×) exhibits high robustness and security.« less

Real time test bed development for power system operation, control and cyber security

NASA Astrophysics Data System (ADS)

Reddi, Ram Mohan

The operation and control of the power system in an efficient way is important in order to keep the system secure, reliable and economical. With advancements in smart grid, several new algorithms have been developed for improved operation and control. These algorithms need to be extensively tested and validated in real time before applying to the real electric power grid. This work focuses on the development of a real time test bed for testing and validating power system control algorithms, hardware devices and cyber security vulnerability. The test bed developed utilizes several hardware components including relays, phasor measurement units, phasor data concentrator, programmable logic controllers and several software tools. Current work also integrates historian for power system monitoring and data archiving. Finally, two different power system test cases are simulated to demonstrate the applications of developed test bed. The developed test bed can also be used for power system education.

Implementing an Information Security Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to covermore » information security best practices, planning for an information security management system, and implementing security controls for information security.« less

An Information Security Control Assessment Methodology for Organizations

ERIC Educational Resources Information Center

Otero, Angel R.

2014-01-01

In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

75 FR 81152 - Export Control Modernization: Strategic Trade Authorization License Exception

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-27

... DEPARTMENT OF COMMERCE Bureau of Industry and Security 15 CFR Parts 732, 738, 740, 743, 758, and... Authorization License Exception AGENCY: Bureau of Industry and Security, Commerce. ACTION: Proposed rule..., Bureau of Industry and Security, Room 2705, U.S. Department of Commerce, Washington, DC 20230. Please...

76 FR 11807 - Agency Information Collection Activities: Form N-565, Extension of a Currently Approved...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-03

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services Agency Information... Naturalization/Citizenship Document; OMB Control No. 1615-0091. * * * * * The Department of Homeland Security, U... associated response time, should be directed to the Department of Homeland Security (DHS), and to the Office...

75 FR 13776 - Agency Information Collection Activities: Form N-300; Extension of an Existing Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-23

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services Agency Information... Intention; OMB Control No. 1615-0078. The Department of Homeland Security, U.S. Citizenship and Immigration... response time, should be directed to the Department of Homeland Security (DHS), USCIS, Chief, Regulatory...

75 FR 71451 - Agency Information Collection Activities: Form I-130, Extension of a Currently Approved...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-23

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services Agency Information...; OMB Control No. 1615-0012. The Department of Homeland Security, U.S. Citizenship and Immigration... to the Department of Homeland Security (DHS), and to the Office of Management and Budget (OMB) USCIS...

76 FR 17144 - Agency Information Collection Activities: Form N-300; Extension of an Existing Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-28

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services Agency Information... Intention; OMB Control No. 1615-0078. The Department Homeland Security, U.S. Citizenship and Immigration... associated response time, should be directed to the Department of Homeland Security (DHS), USCIS, Chief...

75 FR 51094 - Agency Information Collection Activities: Form I-363, Extension of a Currently Approved...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-18

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services [OMB Control No. 1615... Department of Homeland Security, U.S. Citizenship and Immigration Services (USCIS) will be submitting the... public burden and associated response time, should be directed to the Department of Homeland Security...

76 FR 66944 - Agency Information Collection Activities: Form I-129F; Extension of a Currently Approved...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-28

... DEPARTMENT OF HOMELAND SECURITY Citizenship and Immigration Services Agency Information Collection... Control No. 1615-0001. The Department of Homeland Security, U.S. Citizenship and Immigration Services will... associated response time should be directed to the Department of Homeland Security (DHS), USCIS, Chief...

76 FR 36560 - Agency Information Collection Activities; Form N-300; Extension of an Existing Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-22

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services Agency Information... Intention; OMB Control No. 1615-0078. The Department of Homeland Security, U.S. Citizenship and Immigration... public burden and associated response time, should be directed to the Department of Homeland Security...

77 FR 32660 - Agency Information Collection Activities: Proposed Collection; Comment Request, Request To...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-01

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services Agency Information... Amerasian; OMB Control No.1615-0022. The Department of Homeland Security, U.S. Citizenship and Immigration... associated response time should be directed to the Department of Homeland Security (DHS), USCIS, Office of...

75 FR 43208 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-23

... securities to the database, (b) to confirm inquiry of the database, and (c) to demonstrate compliance with... SECURITIES AND EXCHANGE COMMISSION [Rule 17f-1(g); SEC File No. 270-30; OMB Control No. 3235-0290] Proposed Collection; Comment Request Upon Written Request, Copies Available From: Securities and Exchange...

Guidelines for Automatic Data Processing Physical Security and Risk Management. Federal Information Processing Standards Publication 31.

ERIC Educational Resources Information Center

National Bureau of Standards (DOC), Washington, DC.

These guidelines provide a handbook for use by federal organizations in structuring physical security and risk management programs for their automatic data processing facilities. This publication discusses security analysis, natural disasters, supporting utilities, system reliability, procedural measures and controls, off-site facilities,…

40 CFR 91.1008 - National security exemption.

Code of Federal Regulations, 2010 CFR

2010-07-01

... (CONTINUED) CONTROL OF EMISSIONS FROM MARINE SPARK-IGNITION ENGINES Exclusion and Exemption of Marine SI Engines § 91.1008 National security exemption. (a)(1) Any marine SI engine, otherwise subject to this part... request a national security exemption for any marine SI engine, otherwise subject to this part, which does...

10 CFR 1016.39 - Termination, suspension, or revocation of security facility approval.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 4 2011-01-01 2011-01-01 false Termination, suspension, or revocation of security facility approval. 1016.39 Section 1016.39 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) SAFEGUARDING OF RESTRICTED DATA Control of Information § 1016.39 Termination, suspension, or revocation of security facility...

10 CFR 1016.39 - Termination, suspension, or revocation of security facility approval.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 4 2010-01-01 2010-01-01 false Termination, suspension, or revocation of security facility approval. 1016.39 Section 1016.39 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) SAFEGUARDING OF RESTRICTED DATA Control of Information § 1016.39 Termination, suspension, or revocation of security facility...

76 FR 39447 - Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-06

... SECURITIES AND EXCHANGE COMMISSION [Rule 15b6-1 and Form BDW; OMB Control No. 3235-0018; SEC File...: U.S. Securities and Exchange Commission, Office of Investor Education and Advocacy, Washington, DC... et seq.), the Securities and Exchange Commission (``Commission'') has submitted to the Office of...

78 FR 38782 - Lifting of Chemical and Biological Weapons (CBW) Proliferation Sanctions Against Chinese Entities

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-27

... Arms Control and International Security determined and certified to Congress that lifting sanctions on the following Chinese entities, their sub-units and successors is important to the national security... Security and Nonproliferation, Department of State, Telephone (202) 647-4930. SUPPLEMENTARY INFORMATION...

Building Security. Honeywell Planning Guide.

ERIC Educational Resources Information Center

Honeywell, Inc., Minneapolis, Minn.

A general discussion of building detection and alarm systems to provide security against burglary and vandalism is provided by a manufacturer of automated monitoring and control systems. Security systems are identified as--(1) local alarm system, (2) central station alarm system, (3) proprietary alarm system, and (4) direct connect alarm system..…

13 CFR 102.33 - Security of systems of records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Security of systems of records....33 Security of systems of records. (a) Each Program/Support Office Head or designee shall establish administrative and physical controls to prevent unauthorized access to its systems of records, to prevent...

75 FR 38853 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-06

... SECURITIES AND EXCHANGE COMMISSION [Form N-14; SEC File No. 270-297; OMB Control No. 3235-0336... Commission, Office of Investor Education and Advocacy, Washington, DC 20549-0213. Extension: Form N-14, SEC... approval. Form N-14 (17 CFR 239.23)--Registration Statement Under the Securities Act of 1933 for Securities...

A Study on Corporate Security Awareness and Compliance Behavior Intent

ERIC Educational Resources Information Center

Clark, Christine Y.

2013-01-01

Understanding the drivers to encourage employees' security compliance behavior is increasingly important in today's highly networked environment to protect computer and information assets of the company. The traditional approach for corporations to implement technology-based controls, to prevent security breaches is no longer sufficient.…

32 CFR Appendix A to Part 223 - Procedures for Identifying and Controlling DoD UCNI

Code of Federal Regulations, 2011 CFR

2011-07-01

... security measures, including security plans, procedures, and equipment, for the physical protection of DoD... stand-alone personal computers, or shared-logic work processing systems, if protection from unauthorized... and security by increasing significantly the likelihood of the illegal production of nuclear weapons...

75 FR 5994 - Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-05

... and OMB Number: Voice of Industry Survey; OMB Control Number 0704-TBD. Type of Request: New. Number of... Security Program (NISP)'' Section 202(a) stipulates that the Secretary of Defense shall serve as the... Security Agency (CSA), designated by the NISPOM, is responsible for determining the frequency of Security...

Military Deception Reconsidered

DTIC Science & Technology

2008-06-01

operations through media channels to receive real benefits . If information advantage is properly formulated, carried out, and secured, it is a...timeliness, security, objective, and centralized control. However, I propose that operational advantage , consisting of surprise, information advantage ... Advantage , Surprise, Operational Advantage , Military Tactics, Deception Campaigns 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified

10 CFR 37.29 - Relief from fingerprinting, identification, and criminal history records checks and other...

Code of Federal Regulations, 2014 CFR

2014-01-01

... under 27 CFR part 555; (4) Health and Human Services security risk assessments for possession and use of...; (6) State Radiation Control Program Directors and State Homeland Security Advisors or their designated State employee representatives; (7) Agreement State employees conducting security inspections on...

77 FR 71431 - New Agency Information Collection Activity Under OMB Review: Highway Baseline Assessment for...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-30

... Collection Activity Under OMB Review: Highway Baseline Assessment for Security Enhancement (BASE) Program... Assessment for Security Enhancement (BASE) Program. Type of Request: New collection. OMB Control Number: Not yet assigned. Form(s): Highway Baseline Assessment for Security Enhancement (BASE). Affected Public...

78 FR 17702 - Agency Information Collection Activities: Application for Action on an Approved Application or...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-22

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services [OMB Control Number 1615... Department of Homeland Security (DHS), U.S. Citizenship and Immigration Services (USCIS) invites the general....S. Citizenship and Immigration Services, Department of Homeland Security. [FR Doc. 2013-06582 Filed...

12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2014 CFR

2014-01-01

.... Design its information security program to control the identified risks, commensurate with the... Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the... score, derived from a group of consumer reports; or (B) Blind data, such as payment history on accounts...

12 CFR Appendix B to Part 170 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2012 CFR

2012-01-01

.... You shall: 1. Design your information security program to control the identified risks, commensurate... Control Risk D. Oversee Service Provider Arrangements E. Adjust the Program F. Report to the Board G... information does not include: (A) Aggregate information, such as the mean credit score, derived from a group...

12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

.... Design its information security program to control the identified risks, commensurate with the... Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the... score, derived from a group of consumer reports; or (B) Blind data, such as payment history on accounts...

12 CFR Appendix C to Part 1720 - Policy Guidance; Safety and Soundness Standards for Information

Code of Federal Regulations, 2011 CFR

2011-01-01

... implementation and reviewing reports from management. 2. Assess Risk. Each Enterprise shall: a. Identify... control risks. 3. Manage and Control Risk. Each Enterprise shall: a. Design its information security... security program. The frequency and nature of such tests should be determined by the Enterprise's risk...

77 FR 72917 - Editorial Corrections to the Commerce Control List of the Export Administration Regulations

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-07

... DEPARTMENT OF COMMERCE Bureau of Industry and Security 15 CFR Part 774 [Docket No. 120320200-2296-01] RIN 0694-AF62 Editorial Corrections to the Commerce Control List of the Export Administration Regulations AGENCY: Bureau of Industry and Security, Commerce. ACTION: Final rule. SUMMARY: This final rule...

75 FR 39500 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-09

... with ``Badge and vehicle control records that at a minimum include; name, Social Security Number (SSN... system: Badge and vehicle control records that at a minimum include; name, Social Security Number (SSN... maintenance of the system: 10 U.S.C. 8013, Secretary of the Air Force, Powers and Duties; Department of...

78 FR 60002 - Self-Regulatory Organizations; Fixed Income Clearing Corporation; Order Approving Proposed Rule...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-30

...-balance order, destined to- be announced (``TBA'') transactions; (ii) trade-for-trade TBA transactions... safeguarding of securities and funds which are in the custody or control of the clearing agency, or for which... helps protect the securities and funds in FICC's control, not only by encouraging members' timely...

21 CFR 1301.74 - Other security controls for non-practitioners; narcotic treatment programs and compounders for...

Code of Federal Regulations, 2012 CFR

2012-04-01

... the substances(s) by contacting the Drug Enforcement Administration. (h) The acceptance of delivery of... 21 Food and Drugs 9 2012-04-01 2012-04-01 false Other security controls for non-practitioners... and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS...

21 CFR 1301.74 - Other security controls for non-practitioners; narcotic treatment programs and compounders for...

Code of Federal Regulations, 2013 CFR

2013-04-01

... the substances(s) by contacting the Drug Enforcement Administration. (h) The acceptance of delivery of... 21 Food and Drugs 9 2013-04-01 2013-04-01 false Other security controls for non-practitioners... and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS...

21 CFR 1301.74 - Other security controls for non-practitioners; narcotic treatment programs and compounders for...

Code of Federal Regulations, 2014 CFR

2014-04-01

... the substances(s) by contacting the Drug Enforcement Administration. (h) The acceptance of delivery of... 21 Food and Drugs 9 2014-04-01 2014-04-01 false Other security controls for non-practitioners... and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS...

42 CFR 73.14 - Incident response.

Code of Federal Regulations, 2010 CFR

2010-10-01

..., security breaches (including information systems), severe weather and other natural disasters, workplace... locations, (10) Site security and control, (11) Procedures for emergency evacuation, including type of...

Security in Father-child Relationship and Behavior Problems in Sexually Abused Children

PubMed Central

Parent-Boursier, Claudel; Hébert, Martine

2017-01-01

While the influence of mother-child relationships on children’s recovery following sexual abuse has been documented, less is known about the possible contribution of father-child relationships on outcomes. The present study explored the contribution of children’s perception of security in their relationship to the father on internalizing and externalizing behavior problems, while controlling for sociodemographic variables and variables associated with the mother-child relationship. Participants were 142 children who disclosed sexual abuse involving a perpetrator other than the biological father. Regression analyses indicated that children’s perception of security to fathers contributed to the prediction of parental reports of children’s behavior problems, even after controlling for maternal psychological distress and perception of security to mothers. PMID:29321696

Network gateway security method for enterprise Grid: a literature review

NASA Astrophysics Data System (ADS)

Sujarwo, A.; Tan, J.

2017-03-01

The computational Grid has brought big computational resources closer to scientists. It enables people to do a large computational job anytime and anywhere without any physical border anymore. However, the massive and spread of computer participants either as user or computational provider arise problems in security. The challenge is on how the security system, especially the one which filters data in the gateway could works in flexibility depends on the registered Grid participants. This paper surveys what people have done to approach this challenge, in order to find the better and new method for enterprise Grid. The findings of this paper is the dynamically controlled enterprise firewall to secure the Grid resources from unwanted connections with a new firewall controlling method and components.

Management of the Defense Technology Security Administration Year 2000 Program

DTIC Science & Technology

1998-11-03

caller is fully protected Acronyms DTSA Defense Technology Security Administration Y2K Year 2000 INSPECTOR GENERAL DEPARTMENT OF DEFENSE 400 ARMY NAVY...accordance with the DoD Management Plan Defense Technology Security Administration. The Defense Technology Security Administration ( DTSA ) was established...in 1985 as a field activity of the Office of the Secretary of Defense By establishing DTSA , the DoD role in export controls was centralized and

Cyber Security Audit and Attack Detection Toolkit

DOE Office of Scientific and Technical Information (OSTI.GOV)

Peterson, Dale

2012-05-31

This goal of this project was to develop cyber security audit and attack detection tools for industrial control systems (ICS). Digital Bond developed and released a tool named Bandolier that audits ICS components commonly used in the energy sector against an optimal security configuration. The Portaledge Project developed a capability for the PI Historian, the most widely used Historian in the energy sector, to aggregate security events and detect cyber attacks.

Protecting water and wastewater infrastructure from cyber attacks

NASA Astrophysics Data System (ADS)

Panguluri, Srinivas; Phillips, William; Cusimano, John

2011-12-01

Multiple organizations over the years have collected and analyzed data on cyber attacks and they all agree on one conclusion: cyber attacks are real and can cause significant damages. This paper presents some recent statistics on cyber attacks and resulting damages. Water and wastewater utilities must adopt countermeasures to prevent or minimize the damage in case of such attacks. Many unique challenges are faced by the water and wastewater industry while selecting and implementing security countermeasures; the key challenges are: 1) the increasing interconnection of their business and control system networks, 2) large variation of proprietary industrial control equipment utilized, 3) multitude of cross-sector cyber-security standards, and 4) the differences in the equipment vendor's approaches to meet these security standards. The utilities can meet these challenges by voluntarily selecting and adopting security standards, conducting a gap analysis, performing vulnerability/risk analysis, and undertaking countermeasures that best meets their security and organizational requirements. Utilities should optimally utilize their limited resources to prepare and implement necessary programs that are designed to increase cyber-security over the years. Implementing cyber security does not necessarily have to be expensive, substantial improvements can be accomplished through policy, procedure, training and awareness. Utilities can also get creative and allocate more funding through annual budgets and reduce dependence upon capital improvement programs to achieve improvements in cyber-security.

OS friendly microprocessor architecture: Hardware level computer security

NASA Astrophysics Data System (ADS)

Jungwirth, Patrick; La Fratta, Patrick

2016-05-01

We present an introduction to the patented OS Friendly Microprocessor Architecture (OSFA) and hardware level computer security. Conventional microprocessors have not tried to balance hardware performance and OS performance at the same time. Conventional microprocessors have depended on the Operating System for computer security and information assurance. The goal of the OS Friendly Architecture is to provide a high performance and secure microprocessor and OS system. We are interested in cyber security, information technology (IT), and SCADA control professionals reviewing the hardware level security features. The OS Friendly Architecture is a switched set of cache memory banks in a pipeline configuration. For light-weight threads, the memory pipeline configuration provides near instantaneous context switching times. The pipelining and parallelism provided by the cache memory pipeline provides for background cache read and write operations while the microprocessor's execution pipeline is running instructions. The cache bank selection controllers provide arbitration to prevent the memory pipeline and microprocessor's execution pipeline from accessing the same cache bank at the same time. This separation allows the cache memory pages to transfer to and from level 1 (L1) caching while the microprocessor pipeline is executing instructions. Computer security operations are implemented in hardware. By extending Unix file permissions bits to each cache memory bank and memory address, the OSFA provides hardware level computer security.

Privacy and security in teleradiology.

PubMed

Ruotsalainen, Pekka

2010-01-01

Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper. Copyright (c) 2009 Elsevier Ireland Ltd. All rights reserved.

A secure transmission scheme of streaming media based on the encrypted control message

NASA Astrophysics Data System (ADS)

Li, Bing; Jin, Zhigang; Shu, Yantai; Yu, Li

2007-09-01

As the use of streaming media applications increased dramatically in recent years, streaming media security becomes an important presumption, protecting the privacy. This paper proposes a new encryption scheme in view of characteristics of streaming media and the disadvantage of the living method: encrypt the control message in the streaming media with the high security lever and permute and confuse the data which is non control message according to the corresponding control message. Here the so-called control message refers to the key data of the streaming media, including the streaming media header and the header of the video frame, and the seed key. We encrypt the control message using the public key encryption algorithm which can provide high security lever, such as RSA. At the same time we make use of the seed key to generate key stream, from which the permutation list P responding to GOP (group of picture) is derived. The plain text of the non-control message XORs the key stream and gets the middle cipher text. And then obtained one is permutated according to P. In contrast the decryption process is the inverse process of the above. We have set up a testbed for the above scheme and found our scheme is six to eight times faster than the conventional method. It can be applied not only between PCs but also between handheld devices.

UNIX security in a supercomputing environment

NASA Technical Reports Server (NTRS)

Bishop, Matt

1989-01-01

The author critiques some security mechanisms in most versions of the Unix operating system and suggests more effective tools that either have working prototypes or have been implemented, for example in secure Unix systems. Although no computer (not even a secure one) is impenetrable, breaking into systems with these alternate mechanisms will cost more, require more skill, and be more easily detected than penetrations of systems without these mechanisms. The mechanisms described fall into four classes (with considerable overlap). User authentication at the local host affirms the identity of the person using the computer. The principle of least privilege dictates that properly authenticated users should have rights precisely sufficient to perform their tasks, and system administration functions should be compartmentalized; to this end, access control lists or capabilities should either replace or augment the default Unix protection system, and mandatory access controls implementing multilevel security models and integrity mechanisms should be available. Since most users access supercomputing environments using networks, the third class of mechanisms augments authentication (where feasible). As no security is perfect, the fourth class of mechanism logs events that may indicate possible security violations; this will allow the reconstruction of a successful penetration (if discovered), or possibly the detection of an attempted penetration.

48 CFR 45.101 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-10-01

... to the public safety or security if stolen, lost, or misplaced, or that shall be subject to exceptional physical security, protection, control, and accountability. Examples include weapons, ammunition...

[System construction of early warning for ecological security at cultural and natural heritage mixed sites and its application: a case study of Wuyishan Scenery District].

PubMed

You, Wei-Bin; He, Dong-Jin; Qin, De-Hua; Ji, Zhi-Rong; Wu, Li-Yun; Yu, Jian-An; Chen, Bing-Rong; Tan, Yong

2014-05-01

This paper proposed a new concept of ecological security for protection by a comprehensive analysis of the contents and standards of world heritage sites. A frame concept model named "Pressure-State-Control" for early warning of ecological security at world heritage mixed sites was constructed and evaluation indicators of this frame were also selected. Wuyishan Scenery District was chosen for a case study, which has been severely disturbed by natural and artificial factors. Based on the frame model of "Pressure-State-Control" and by employing extension analysis, the matter-element model was established to assess the ecological security status of this cultural and natural world heritage mixed site. The results showed that the accuracy of ecological security early warning reached 84%. Early warning rank was I level (no alert status) in 1997 and 2009, but that in 2009 had a higher possibility to convert into II level. Likewise, the early-warning indices of sensitive ranks were different between 1997 and 2009. Population density, population growth rate, area index for tea garden, cultivated land owned per capita, level of drought, and investment for ecological and environmental construction were the main limiting factors to hinder the development of ecological security from 2009 to future. In general, the status of Wuyishan Scenery District ecological security was relatively good and considered as no alert level, while risk conditions also existed in terms of a few early-warning indicators. We still need to pay more attention to serious alert indicators and adopt effective prevention and control measures to maintain a good ecological security status of this heritage site.

Incorporating voltage security into the planning, operation and monitoring of restructured electric energy markets

NASA Astrophysics Data System (ADS)

Nair, Nirmal-Kumar

As open access market principles are applied to power systems, significant changes are happening in their planning, operation and control. In the emerging marketplace, systems are operating under higher loading conditions as markets focus greater attention to operating costs than stability and security margins. Since operating stability is a basic requirement for any power system, there is need for newer tools to ensure stability and security margins being strictly enforced in the competitive marketplace. This dissertation investigates issues associated with incorporating voltage security into the unbundled operating environment of electricity markets. It includes addressing voltage security in the monitoring, operational and planning horizons of restructured power system. This dissertation presents a new decomposition procedure to estimate voltage security usage by transactions. The procedure follows physical law and uses an index that can be monitored knowing the state of the system. The expression derived is based on composite market coordination models that have both PoolCo and OpCo transactions, in a shared stressed transmission grid. Our procedure is able to equitably distinguish the impacts of individual transactions on voltage stability, at load buses, in a simple and fast manner. This dissertation formulates a new voltage stability constrained optimal power flow (VSCOPF) using a simple voltage security index. In modern planning, composite power system reliability analysis that encompasses both adequacy and security issues is being developed. We have illustrated the applicability of our VSCOPF into composite reliability analysis. This dissertation also delves into the various applications of voltage security index. Increasingly, FACT devices are being used in restructured markets to mitigate a variety of operational problems. Their control effects on voltage security would be demonstrated using our VSCOPF procedure. Further, this dissertation investigates the application of steady state voltage stability index to detect potential dynamic voltage collapse. Finally, this dissertation examines developments in representation, standardization, communication and exchange of power system data. Power system data is the key input to all analytical engines for system operation, monitoring and control. Data exchange and dissemination could impact voltage security evaluation and therefore needs to be critically examined.

Arms Control and National Security: Revealed through Two Case Studies

DTIC Science & Technology

1988-03-01

national security. Those in the service, while charged to carry out the orders of those appointed over them, possess a potential to influence national...the sixth point , of the stated six major national security goals of the present Administration. Not everyone would [ agree with such a placement...the other side concede some point at the bargaining table. 0 A defense bargain is a relative term relating to how much security or strength a

Democracy by Coup: The Turkish Government under Military Control (1980- 1983)

DTIC Science & Technology

1984-05-01

See reverse. JAN 47 EDITIO O INOV 65ISOSOLETE UNCLASSIFIED SECURITY CLASSIFICATION OF THItS PAGE (When Doe Entered) UNCLASSIFIED, SECURITY...Germany’s blitzkrieg of Poland , was seen as a real threat to Turkey’s security. In response, Turkey entered into a one-way treaty of mutual assistance with

17 CFR 240.3b-15 - Definition of ancillary portfolio management securities activities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... governing body of the dealer and included in the internal risk management control system for the dealer... of incidental trading activities for portfolio management purposes; and (3) Are limited to risk... portfolio management securities activities. 240.3b-15 Section 240.3b-15 Commodity and Securities Exchanges...

76 FR 37403 - Treasury International Capital Form SLT: Report of Aggregate Holdings of Long-Term Securities by...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-27

... reporting entity's own account and for customers. The reporting entity should include reportable securities....- resident end-investor. Securities held as part of a direct investment relationship should not be reported... Management and Budget (OMB) in accordance with the Paperwork Reduction Act and assigned control number 1505...

Analysis of the Strategy to Combat Maritime Piracy

DTIC Science & Technology

2009-12-11

26  Contemporary Maritime Piracy: Causative Factors...NSC National Security Council PUC Persons Under Control viii SLOC Sea lines of communication SSA Ships Security Assessment SSP Ships Security Plan...UNCLOS United Nations Convention on the Law of the Sea USD United States Dollar U.S. United States ix ILLUSTRATIONS Page Figure 1.  Factors

75 FR 52625 - Amendment to the International Traffic in Arms Regulations: Export Exemption for Technical Data

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-27

... the provisions of the Department of Defense National Industrial Security Program Operating Manual, an... Department of Defense National Industrial Security Program Operating Manual (unless such requirements are in..., Arms Control and International Security, Department of State. [FR Doc. 2010-21450 Filed 8-26-10; 8:45...

C2 Link Security for UAS: Technical Literature Study and Preliminary Functional Requirements. Version 0.9 (Working Draft)

NASA Technical Reports Server (NTRS)

2005-01-01

This document provides a study of the technical literature related to Command and Control (C2) link security for Unmanned Aircraft Systems (UAS) for operation in the National Airspace System (NAS). Included is a preliminary set of functional requirements for C2 link security.

Information Security Issues in Higher Education and Institutional Research

ERIC Educational Resources Information Center

Custer, William L.

2010-01-01

Information security threats to educational institutions and their data assets have worsened significantly over the past few years. The rich data stores of institutional research are especially vulnerable, and threats from security breaches represent no small risk. New genres of threat require new kinds of controls if the institution is to prevent…

15. Front security entrance to the perimeter acquisition radar building, ...

Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

15. Front security entrance to the perimeter acquisition radar building, showing rotogates 1 and 2 and entrance door to security operations control center (SOCC), room #108 - Stanley R. Mickelsen Safeguard Complex, Perimeter Acquisition Radar Building, Limited Access Area, between Limited Access Patrol Road & Service Road A, Nekoma, Cavalier County, ND

76 FR 23327 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Highway...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-26

... From OMB of One Current Public Collection of Information: Highway Corporate Security Review AGENCY... in the highway and motor carrier industry by way of its Highway Corporate Security Review (CSR... OMB Control Number 1652-0036; Corporate Security Review. Under the Aviation and Transportation...

Building Multilevel Secure Web Services-Based Components for the Global Information Grid

DTIC Science & Technology

2006-05-01

unclassified Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18 Transforming: Business , Security ,Warfighting 16 CROSSTALK The Journal of Defense...A Single Step of the BAC Table 1: A Single Step of the Block Access Controller Transforming: Business , Security ,Warfighting 18 CROSSTALK The Journal

An Investigation of Influencing Factors for Adopting Federated Identity Authentication in Service-Oriented Architecture (SOA)

ERIC Educational Resources Information Center

Tadesse, Yohannes

2012-01-01

The importance of information security has made many organizations to invest and utilize effective information security controls within the information systems (IS) architecture. An organization's strategic decisions to secure enterprise-wide services often associated with the overall competitive advantages that are attained through the process of…

76 FR 17936 - Agency Information Collection Activities: Revision of an Existing Information Collection; Comment...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-31

... DEPARTMENT OF HOMELAND SECURITY United States Immigration and Customs Enforcement Agency... and Local Agency Assessment; OMB Control No. 1653-0040. The Department of Homeland Security, U.S... Security sponsoring the collection: Form 70-003, Form 70-004, Form 75-001 and Form 75-002; U.S. Immigration...

75 FR 14335 - Revisions to the Export Administration Regulations To Enhance U.S. Homeland Security: Addition of...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-25

... identified by an interagency working group that is reviewing export control issues related to homeland security. The interagency working group is made up of representatives from the Departments of Commerce, Defense, Homeland Security and State. The purpose of the interagency working group is to ensure that...

Acceptance Factors Influencing Adoption of National Institute of Standards and Technology Information Security Standards: A Quantitative Study

ERIC Educational Resources Information Center

Kiriakou, Charles M.

2012-01-01

Adoption of a comprehensive information security governance model and security controls is the best option organizations may have to protect their information assets and comply with regulatory requirements. Understanding acceptance factors of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) comprehensive…

77 FR 55485 - Agency Information Collection Activities: H-2 Petitioner's Employment Related or Fee Related...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-10

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services [OMB Control Number 1615...-Day notice. SUMMARY: The Department of Homeland Security (DHS), U.S. Citizenship and Immigration.... Citizenship and Immigration Services, Department of Homeland Security. [FR Doc. 2012-22137 Filed 9-7-12; 8:45...

77 FR 55486 - Agency Information Collection Activities: Employment Eligibility Verification, Form I-9, OMB...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-10

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services [OMB Control Number 1615.... On August 22, 2012 the Department of Homeland Security, U.S. Citizenship and Immigration Services.... Citizenship and Immigration Services, Department of Homeland Security. [FR Doc. 2012-22138 Filed 9-7-12; 8:45...

Securing Location Services Infrastructures: Practical Criteria for Application Developers and Solutions Architects

ERIC Educational Resources Information Center

Karamanian, Andre

2013-01-01

This qualitative, exploratory, normative study examined the security and privacy of location based services in mobile applications. This study explored risk, and controls to implement privacy and security. This study was addressed using components of the FIPS Risk Management Framework. This study found that risk to location information was…

Secure distribution for high resolution remote sensing images

NASA Astrophysics Data System (ADS)

Liu, Jin; Sun, Jing; Xu, Zheng Q.

2010-09-01

The use of remote sensing images collected by space platforms is becoming more and more widespread. The increasing value of space data and its use in critical scenarios call for adoption of proper security measures to protect these data against unauthorized access and fraudulent use. In this paper, based on the characteristics of remote sensing image data and application requirements on secure distribution, a secure distribution method is proposed, including users and regions classification, hierarchical control and keys generation, and multi-level encryption based on regions. The combination of the three parts can make that the same remote sensing images after multi-level encryption processing are distributed to different permission users through multicast, but different permission users can obtain different degree information after decryption through their own decryption keys. It well meets user access control and security needs in the process of high resolution remote sensing image distribution. The experimental results prove the effectiveness of the proposed method which is suitable for practical use in the secure transmission of remote sensing images including confidential information over internet.

The strategic measures for the industrial security of small and medium business.

PubMed

Lee, Chang-Moo

2014-01-01

The competitiveness of companies increasingly depends upon whether they possess the cutting-edge or core technology. The technology should be protected from industrial espionage or leakage. A special attention needs to be given to SMB (small and medium business), furthermore, because SMB occupies most of the companies but has serious problems in terms of industrial security. The technology leakages of SMB would account for more than 2/3 of total leakages during last five years. The purpose of this study is, therefore, to analyze the problems of SMB in terms of industrial security and suggest the strategic solutions for SMB in South Korea. The low security awareness and financial difficulties, however, make it difficult for SMB to build the effective security management system which would protect the company from industrial espionage and leakage of its technology. The growing dependence of SMB on network such as internet, in addition, puts the SMB at risk of leaking its technology through hacking or similar ways. It requires new measures to confront and control such a risk. Online security control services and technology deposit system are suggested for such measures.

A novel and lightweight system to secure wireless medical sensor networks.

PubMed

He, Daojing; Chan, Sammy; Tang, Shaohua

2014-01-01

Wireless medical sensor networks (MSNs) are a key enabling technology in e-healthcare that allows the data of a patient's vital body parameters to be collected by the wearable or implantable biosensors. However, the security and privacy protection of the collected data is a major unsolved issue, with challenges coming from the stringent resource constraints of MSN devices, and the high demand for both security/privacy and practicality. In this paper, we propose a lightweight and secure system for MSNs. The system employs hash-chain based key updating mechanism and proxy-protected signature technique to achieve efficient secure transmission and fine-grained data access control. Furthermore, we extend the system to provide backward secrecy and privacy preservation. Our system only requires symmetric-key encryption/decryption and hash operations and is thus suitable for the low-power sensor nodes. This paper also reports the experimental results of the proposed system in a network of resource-limited motes and laptop PCs, which show its efficiency in practice. To the best of our knowledge, this is the first secure data transmission and access control system for MSNs until now.

Exploring the role of voluntary disease schemes on UK farmer bio-security behaviours: Findings from the Norfolk-Suffolk Bovine Viral Diarrhoea control scheme.

PubMed

Azbel-Jackson, Lena; Heffernan, Claire; Gunn, George; Brownlie, Joe

2018-01-01

The article describes the influence of a disease control scheme (the Norfolk-Suffolk Bovine Viral Diarrhoea Disease (BVD) Eradication scheme) on farmers' bio-security attitudes and behaviours. In 2010, a survey of 100 cattle farmers (53 scheme members vs. 47 out of scheme farmers) was undertaken among cattle farmers residing in Norfolk and Suffolk counties in the UK. A cross-sectional independent measures design was employed. The main analytical tool was content analysis. The following variables at the farmer-level were explored: the specific BVD control measures adopted, livestock disease priorities, motivation for scheme membership, wider knowledge acquisition, biosecurity behaviours employed and training course attendance. The findings suggest that participation in the BVD scheme improved farmers' perception of the scheme benefits and participation in training courses. However, no association was found between the taking part in the BVD scheme and livestock disease priorities or motivation for scheme participation, or knowledge about BVD bio-security measures employed. Equally importantly, scheme membership did appear to influence the importance accorded specific bio-security measures. Yet such ranking did not appear to reflect the actual behaviours undertaken. As such, disease control efforts alone while necessary, are insufficient. Rather, to enhance farmer bio-security behaviours significant effort must be made to address underlying attitudes to the specific disease threat involved.

Exploring the role of voluntary disease schemes on UK farmer bio-security behaviours: Findings from the Norfolk-Suffolk Bovine Viral Diarrhoea control scheme

PubMed Central

Azbel-Jackson, Lena; Heffernan, Claire; Gunn, George; Brownlie, Joe

2018-01-01

The article describes the influence of a disease control scheme (the Norfolk-Suffolk Bovine Viral Diarrhoea Disease (BVD) Eradication scheme) on farmers' bio-security attitudes and behaviours. In 2010, a survey of 100 cattle farmers (53 scheme members vs. 47 out of scheme farmers) was undertaken among cattle farmers residing in Norfolk and Suffolk counties in the UK. A cross-sectional independent measures design was employed. The main analytical tool was content analysis. The following variables at the farmer-level were explored: the specific BVD control measures adopted, livestock disease priorities, motivation for scheme membership, wider knowledge acquisition, biosecurity behaviours employed and training course attendance. The findings suggest that participation in the BVD scheme improved farmers' perception of the scheme benefits and participation in training courses. However, no association was found between the taking part in the BVD scheme and livestock disease priorities or motivation for scheme participation, or knowledge about BVD bio-security measures employed. Equally importantly, scheme membership did appear to influence the importance accorded specific bio-security measures. Yet such ranking did not appear to reflect the actual behaviours undertaken. As such, disease control efforts alone while necessary, are insufficient. Rather, to enhance farmer bio-security behaviours significant effort must be made to address underlying attitudes to the specific disease threat involved. PMID:29432435

76 FR 4948 - Program for Allocation of Regulatory Responsibilities Pursuant to Rule 17d-2; Notice of Filing...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-27

... Control. In the event of a change of control of a Listing Market, the Listing Market will have the... Agreement from (a) the Consolidated Tape Association (``CTA'') as the exclusive securities information... Unlisted Trading Privileges Plan as the exclusive SIP for all NASDAQ[-listed securities] Listed Stocks. b...

78 FR 51810 - Twenty-Fourth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-21

...., 1150 18th Street NW., Suite 910, Washington, DC 20036. FOR FURTHER INFORMATION CONTACT: The RTCA... (202) 833-9434, or Web site at http://www.rtca.org . SUPPLEMENTARY INFORMATION: Pursuant to section 10... Security System Standard for Airport Access Control, RTCA Paper No. 168-13/SC224-048 TOR Review--Status of...

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2012 CFR

2012-01-01

... risks. C. Manage and Control Risk. Each bank shall: 1. Design its information security program to... A. Involve the Board of Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service...) Aggregate information, such as the mean credit score, derived from a group of consumer reports; or (B) Blind...

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... risks. C. Manage and Control Risk. Each bank shall: 1. Design its information security program to... A. Involve the Board of Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service...) Aggregate information, such as the mean credit score, derived from a group of consumer reports; or (B) Blind...

21 CFR 1301.72 - Physical security controls for non-practitioners; narcotic treatment programs and compounders for...

Code of Federal Regulations, 2014 CFR

2014-04-01

... 21 Food and Drugs 9 2014-04-01 2014-04-01 false Physical security controls for non-practitioners... 1301.72 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF... a central protection company or a local or State police agency which has a legal duty to respond, or...

Science and Its Discontents: An Evolutionary Tale. Research & Occasional Papers Series. CSHE.11.2008

ERIC Educational Resources Information Center

Kennedy, Donald

2008-01-01

This paper analyzes the roots and implications of conflict between the conduct of science and government predilections in the United States, including the security state and neoconservative control of Washington. Three major conflicts are discussed: the emergence of new security and secrecy regimes that seek control of science; religiously derived…

15 CFR 744.11 - License requirements that apply to entities acting contrary to the national security or foreign...

Code of Federal Regulations, 2011 CFR

2011-01-01

... activity. (4) Preventing accomplishment of an end use check conducted by or on behalf of BIS or the Directorate of Defense Trade Controls of the Department of State by: precluding access to; refusing to provide...) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS CONTROL POLICY...

15 CFR 744.11 - License requirements that apply to entities acting contrary to the national security or foreign...

Code of Federal Regulations, 2012 CFR

2012-01-01

... activity. (4) Preventing accomplishment of an end use check conducted by or on behalf of BIS or the Directorate of Defense Trade Controls of the Department of State by: precluding access to; refusing to provide...) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS CONTROL POLICY...

15 CFR 744.11 - License requirements that apply to entities acting contrary to the national security or foreign...

Code of Federal Regulations, 2014 CFR

2014-01-01

... activity. (4) Preventing accomplishment of an end use check conducted by or on behalf of BIS or the Directorate of Defense Trade Controls of the Department of State by: precluding access to; refusing to provide...) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS CONTROL POLICY...

15 CFR 744.11 - License requirements that apply to entities acting contrary to the national security or foreign...

Code of Federal Regulations, 2010 CFR

2010-01-01

... activity. (4) Preventing accomplishment of an end use check conducted by or on behalf of BIS or the Directorate of Defense Trade Controls of the Department of State by: precluding access to; refusing to provide...) BUREAU OF INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS CONTROL POLICY...

77 FR 44696 - Agency Forms Submitted for OMB Review, Request for Comments

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-30

... the social security equivalent and non- social security equivalent portions of Tier I, Tier II, vested... OMB control number of the ICR. For proper consideration of your comments, it is best if the RRB and... and Compensation Reports. OMB Control Number: 3220-0014. Form(s) submitted: DC-2 and DC-2a. Type of...

Environmental security control of resource utilization of shale gas' drilling cuttings containing heavy metals.

PubMed

Wang, Chao-Qiang; Lin, Xiao-Yan; Zhang, Chun; Mei, Xu-Dong

2017-09-01

The overall objective of this research project was to investigate the heavy metals environmental security control of resource utilization of shale gas' drilling cuttings. To achieve this objective, we got through theoretical calculation and testing, ultimately and preliminarily determine the content of heavy metals pollutants, and compared with related standards at domestically and abroad. The results indicated that using the second Fike's law, the theoretical model of the release amount of heavy metal can be made, and the groundwater environmental risk as main point compared with soil. This study can play a role of standard guidance on environmental security control of drilling cuttings resource utilization by the exploration and development of shale gas in our country.

Cryptanalysis and improvement of a quantum communication-based online shopping mechanism

NASA Astrophysics Data System (ADS)

Huang, Wei; Yang, Ying-Hui; Jia, Heng-Yue

2015-06-01

Recently, Chou et al. (Electron Commer Res 14:349-367, 2014) presented a novel controlled quantum secure direct communication protocol which can be used for online shopping. The authors claimed that their protocol was immune to the attacks from both external eavesdropper and internal betrayer. However, we find that this protocol is vulnerable to the attack from internal betrayer. In this paper, we analyze the security of this protocol to show that the controller in this protocol is able to eavesdrop the secret information of the sender (i.e., the customer's shopping information), which indicates that it cannot be used for secure online shopping as the authors expected. Accordingly, an improvement of this protocol, which could resist the controller's attack, is proposed. In addition, we present another protocol which is more appropriate for online shopping. Finally, a discussion about the difference in detail of the quantum secure direct communication process between regular quantum communications and online shopping is given.

Facilitating Secure Sharing of Personal Health Data in the Cloud

PubMed Central

Nepal, Surya; Glozier, Nick

2016-01-01

Background Internet-based applications are providing new ways of promoting health and reducing the cost of care. Although data can be kept encrypted in servers, the user does not have the ability to decide whom the data are shared with. Technically this is linked to the problem of who owns the data encryption keys required to decrypt the data. Currently, cloud service providers, rather than users, have full rights to the key. In practical terms this makes the users lose full control over their data. Trust and uptake of these applications can be increased by allowing patients to feel in control of their data, generally stored in cloud-based services. Objective This paper addresses this security challenge by providing the user a way of controlling encryption keys independently of the cloud service provider. We provide a secure and usable system that enables a patient to share health information with doctors and specialists. Methods We contribute a secure protocol for patients to share their data with doctors and others on the cloud while keeping complete ownership. We developed a simple, stereotypical health application and carried out security tests, performance tests, and usability tests with both students and doctors (N=15). Results We developed the health application as an app for Android mobile phones. We carried out the usability tests on potential participants and medical professionals. Of 20 participants, 14 (70%) either agreed or strongly agreed that they felt safer using our system. Using mixed methods, we show that participants agreed that privacy and security of health data are important and that our system addresses these issues. Conclusions We presented a security protocol that enables patients to securely share their eHealth data with doctors and nurses and developed a secure and usable system that enables patients to share mental health information with doctors. PMID:27234691

Security System Software

NASA Technical Reports Server (NTRS)

1993-01-01

C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.

A Healthy Approach to Fitness Center Security.

ERIC Educational Resources Information Center

Sturgeon, Julie

2000-01-01

Examines techniques for keeping college fitness centers secure while maintaining an inviting atmosphere. Building access control, preventing locker room theft, and suppressing causes for physical violence are discussed. (GR)

Partially Key Distribution with Public Key Cryptosystem Based on Error Control Codes

NASA Astrophysics Data System (ADS)

Tavallaei, Saeed Ebadi; Falahati, Abolfazl

Due to the low level of security in public key cryptosystems based on number theory, fundamental difficulties such as "key escrow" in Public Key Infrastructure (PKI) and a secure channel in ID-based cryptography, a new key distribution cryptosystem based on Error Control Codes (ECC) is proposed . This idea is done by some modification on McEliece cryptosystem. The security of ECC cryptosystem obtains from the NP-Completeness of block codes decoding. The capability of generating public keys with variable lengths which is suitable for different applications will be provided by using ECC. It seems that usage of these cryptosystems because of decreasing in the security of cryptosystems based on number theory and increasing the lengths of their keys would be unavoidable in future.

HIPAA-compliant automatic monitoring system for RIS-integrated PACS operation

NASA Astrophysics Data System (ADS)

Jin, Jin; Zhang, Jianguo; Chen, Xiaomeng; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen; Feng, Jie; Sheng, Liwei; Huang, H. K.

2006-03-01

As a governmental regulation, Health Insurance Portability and Accountability Act (HIPAA) was issued to protect the privacy of health information that identifies individuals who are living or deceased. HIPAA requires security services supporting implementation features: Access control; Audit controls; Authorization control; Data authentication; and Entity authentication. These controls, which proposed in HIPAA Security Standards, are Audit trails here. Audit trails can be used for surveillance purposes, to detect when interesting events might be happening that warrant further investigation. Or they can be used forensically, after the detection of a security breach, to determine what went wrong and who or what was at fault. In order to provide security control services and to achieve the high and continuous availability, we design the HIPAA-Compliant Automatic Monitoring System for RIS-Integrated PACS operation. The system consists of two parts: monitoring agents running in each PACS component computer and a Monitor Server running in a remote computer. Monitoring agents are deployed on all computer nodes in RIS-Integrated PACS system to collect the Audit trail messages defined by the Supplement 95 of the DICOM standard: Audit Trail Messages. Then the Monitor Server gathers all audit messages and processes them to provide security information in three levels: system resources, PACS/RIS applications, and users/patients data accessing. Now the RIS-Integrated PACS managers can monitor and control the entire RIS-Integrated PACS operation through web service provided by the Monitor Server. This paper presents the design of a HIPAA-compliant automatic monitoring system for RIS-Integrated PACS Operation, and gives the preliminary results performed by this monitoring system on a clinical RIS-integrated PACS.

[Simulation of urban ecological security pattern based on cellular automata: a case of Dongguan City, Guangdong Province of South China].

PubMed

Yang, Qing-Sheng; Qiao, Ji-Gang; Ai, Bin

2013-09-01

Taking the Dongguan City with rapid urbanization as a case, and selecting landscape ecological security level as evaluation criterion, the urbanization cellular number of 1 km x 1 km ecological security cells was obtained, and imbedded into the transition rules of cellular automata (CA) as the restraint term to control urban development, establish ecological security urban CA, and simulate ecological security urban development pattern. The results showed the integrated landscape ecological security index of the City decreased from 0.497 in 1998 to 0.395 in 2005, indicating that the ecological security at landscape scale was decreased. The CA-simulated integrated ecological security index of the City in 2005 was increased from the measured 0.395 to 0.479, showing that the simulated urban landscape ecological pressure from human became lesser, ecological security became better, and integrated landscape ecological security became higher. CA could be used as an effective tool in researching urban ecological security.

Exploring machine-learning-based control plane intrusion detection techniques in software defined optical networks

NASA Astrophysics Data System (ADS)

Zhang, Huibin; Wang, Yuqiao; Chen, Haoran; Zhao, Yongli; Zhang, Jie

2017-12-01

In software defined optical networks (SDON), the centralized control plane may encounter numerous intrusion threatens which compromise the security level of provisioned services. In this paper, the issue of control plane security is studied and two machine-learning-based control plane intrusion detection techniques are proposed for SDON with properly selected features such as bandwidth, route length, etc. We validate the feasibility and efficiency of the proposed techniques by simulations. Results show an accuracy of 83% for intrusion detection can be achieved with the proposed machine-learning-based control plane intrusion detection techniques.

A possible new approach to understanding mental disorder.

PubMed

Sharples, P J

2012-09-01

The aetiology of mental disorders is not fully understood. This paper presents an analysis of the conceptual control process exploring the tools of conceptual application and the phases and the mechanism of the control process and seeks to show how the illness states of mental disorder naturally come to occur. Living occurs in a world of change. For living to occur some control is required and to exert control, to provide direction for the conceptual process, some interpretation of significance, some definition of need is also required. Such interpretation, monitoring significance in relation to the many aspects of change, forms the base on which living occurs. Change in human terms is intrinsically insecure and interpretation of significance is an interpretation of security, an interpretation of control in living. Conceptual control is a process applied to maintain security, to maintain a secure base for the interpretation of significance, it is a process applied to produce and hold a sense of control. Powering a process, producing and holding a sense of control, is an active process and so requires some form of energy. Human beings have a sense of that energy, something exhibited in terms such as full of energy, tired, exhausted. As energy is required to power the control process, accompanying the sense of energy is a sense of the ability to provide power, is a sense of the ability to hold and maintain control, is a sense of security. As available energy reduces there is difficulty holding the same sense of control, a person in the same setting comes to feel more insecure. This can result in a person experiencing mental disorder from mild to severe degree. Mild where conceptual process is applied to manage just one or a very few particular needs, severe and more general where the insecurity affects the base of interpretation. In this later case seeking to protect security can lead to mania, mood-incongruent delusions, schizophrenia. Failing ability to protect can lead to generalized anxiety disorder, mood-congruent delusions, different presentations and degrees of depression. Copyright © 2012 Elsevier Ltd. All rights reserved.

Apparatus and method supporting wireless access to multiple security layers in an industrial control and automation system or other system

DOEpatents

Chen, Yu-Gene T.

2013-04-16

A method includes receiving a message at a first wireless node. The first wireless node is associated with a first wired network, and the first wired network is associated with a first security layer. The method also includes transmitting the message over the first wired network when at least one destination of the message is located in the first security layer. The method further includes wirelessly transmitting the message for delivery to a second wireless node when at least one destination of the message is located in a second security layer. The second wireless node is associated with a second wired network, and the second wired network is associated with the second security layer. The first and second security layers may be associated with different security paradigms and/or different security domains. Also, the message could be associated with destinations in the first and second security layers.

The role of optics in secure credentials

NASA Astrophysics Data System (ADS)

Lichtenstein, Terri L.

2006-02-01

The global need for secure ID credentials has grown rapidly over the last few years. This is evident both in government and commercial sectors. Governmental programs include national ID card programs, permanent resident cards for noncitizens, biometric visas or border crossing cards, foreign worker ID programs and secure vehicle registration programs. The commercial need for secure credentials includes secure banking and financial services, security and access control systems and digital healthcare record cards. All of these programs necessitate the use of multiple tamper and counterfeit resistant features for credential authentication and cardholder verification. It is generally accepted that a secure credential should include a combination of overt, covert and forensic security features. The LaserCard optical memory card is a proven example of a secure credential that uses a variety of optical features to enhance its counterfeit resistance and reliability. This paper will review those features and how they interact to create a better credential.

Survey of cyber security issues in smart grids

NASA Astrophysics Data System (ADS)

Chen, Thomas M.

2010-04-01

The future smart grid will enable cost savings and lower energy use by means of smart appliances and smart meters which support dynamic load management and real-time monitoring of energy use and distribution. The introduction of two-way communications and control into power grid introduces security and privacy concerns. This talk will survey the security and privacy issues in smart grids using the NIST reference model, and relate these issues to cyber security in the Internet.

Integrated Support for Manipulation and Display of 3D Objects for the Command and Control Workstation of the Future

DTIC Science & Technology

1989-06-01

Science Unclassified SECURITY CLASSIFICATION OF THIS PAGE REPORT DOCUMENTATION PAGE la. REPORT SECURITY CLASS’r!CATION )b RESTRICTIVE MARKINGS UNCLASSIFIED...2a. SECURITY CLASSIFICATION AUTHORITY 3. DISTRIBUTION/AVAILABILITY OF REPORT Approved for public release; Zb. DECLASSIFICATION I DOWNGRADING SCHEDULE...ZIP Code) 10 SOURCE OF FUNDING NUMBERS PROGRAM PROJECT TASK WORK UNIT Monterey, CA. 93943 FLEMENT NO. NO. NO ACCESSION NO. 11. TITLE (Include Security