Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model.

PubMed

Moghaddasi, Hamid; Sajjadi, Samad; Kamkarhaghighi, Mehran

2016-01-01

Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. The "data security models" presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the "needs and improvement" cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced.

Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model

PubMed Central

Moghaddasi, Hamid; Kamkarhaghighi, Mehran

2016-01-01

Introduction: Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. Background: The “data security models” presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the “needs and improvement” cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Findings: Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Conclusion: Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced. PMID:27857823

Analysis of information security management systems at 5 domestic hospitals with more than 500 beds.

PubMed

Park, Woo-Sung; Seo, Sun-Won; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

2010-06-01

The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS.

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

2017 Joint Annual NDIA/AIA Industrial Security Committee Fall Conference

DTIC Science & Technology

2017-11-15

beyond credit data to offer the insights that government professionals need to make informed decisions and ensure citizen safety, manage compliance...business that provides information technology and professional services. We specialize in managing business processes and systems integration for both... Information Security System ISFD Industrial Security Facilities Database OBMS ODAA Business Management System STEPP Security, Training, Education and

48 CFR 339.7100 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7100 Definitions. As... with OMB Circular A-130, Management of Federal Information Resources, Appendix 3 (Security of Federal Automated Information Resources), security commensurate with the risk and magnitude of harm resulting from...

[How to establish the hospital information system security policies].

PubMed

Gong, Qing-Yue; Shi, Cheng

2008-03-01

It is important to establish the hospital information system security policies. While these security policies are being established, a comprehensive consideration should be given to the acceptable levels of users, IT supporters and hospital managers. We should have a formal policy designing process that is consistently followed by all security policies. Reasons for establishing the security policies and their coverage and applicable objects should be stated clearly. Besides, each policy should define user's responsibilities and penalties of violation. Every organization will need some key policies, such as of information sources usage, remote access, information protection, perimeter security, and baseline host/device security. Security managing procedures are the mechanisms to enforce the policies. An incident-handling procedure is the most important security managing procedure for all organizations.

Information security risk management for computerized health information systems in hospitals: a case study of Iran

PubMed Central

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

The ISACA Business Model for Information Security: An Integrative and Innovative Approach

NASA Astrophysics Data System (ADS)

von Roessing, Rolf

In recent years, information security management has matured into a professional discipline that covers both technical and managerial aspects in an organisational environment. Information security is increasingly dependent on business-driven parameters and interfaces to a variety of organisational units and departments. In contrast, common security models and frameworks have remained largely technical. A review of extant models ranging from [LaBe73] to more recent models shows that technical aspects are covered in great detail, while the managerial aspects of security are often neglected.Likewise, the business view on organisational security is frequently at odds with the demands of information security personnel or information technology management. In practice, senior and executive level management remain comparatively distant from technical requirements. As a result, information security is generally regarded as a cost factor rather than a benefit to the organisation.

ITIL{sup ®} and information security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jašek, Roman; Králík, Lukáš; Popelka, Miroslav

2015-03-10

This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.

A Security Audit Framework to Manage Information System Security

NASA Astrophysics Data System (ADS)

Pereira, Teresa; Santos, Henrique

The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

How ISO/IEC 17799 can be used for base lining information assurance among entities using data mining for defense, homeland security, commercial, and other civilian/commercial domains

NASA Astrophysics Data System (ADS)

Perry, William G.

2006-04-01

One goal of database mining is to draw unique and valid perspectives from multiple data sources. Insights that are fashioned from closely-held data stores are likely to possess a high degree of reliability. The degree of information assurance comes into question, however, when external databases are accessed, combined and analyzed to form new perspectives. ISO/IEC 17799, Information technology-Security techniques-Code of practice for information security management, can be used to establish a higher level of information assurance among disparate entities using data mining in the defense, homeland security, commercial and other civilian/commercial domains. Organizations that meet ISO/IEC information security standards have identified and assessed risks, threats and vulnerabilities and have taken significant proactive steps to meet their unique security requirements. The ISO standards address twelve domains: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management and business continuity management and compliance. Analysts can be relatively confident that if organizations are ISO 17799 compliant, a high degree of information assurance is likely to be a characteristic of the data sets being used. The reverse may be true. Extracting, fusing and drawing conclusions based upon databases with a low degree of information assurance may be wrought with all of the hazards that come from knowingly using bad data to make decisions. Using ISO/IEC 17799 as a baseline for information assurance can help mitigate these risks.

CMMI(Registered) for Services, Version 1.3

DTIC Science & Technology

2010-11-01

ISO 2008b] ISO /IEC 27001 :2005 Information technology – Security techniques – Information Security Management Systems – Requirements [ ISO /IEC 2005...Commission. ISO /IEC 27001 Information Technology – Security Techniques – Information Security Management Systems – Requirements, 2005. http...CMM or International Organization for Standardization ( ISO ) 9001, you will immediately recognize many similarities in their structure and content

Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds

PubMed Central

Park, Woo-Sung; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

2010-01-01

Objectives The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. Methods The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. Results With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. Conclusions The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS. PMID:21818429

Insider Threat and Information Security Management

NASA Astrophysics Data System (ADS)

Coles-Kemp, Lizzie; Theoharidou, Marianthi

The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.

14 CFR 11.35 - Does FAA include sensitive security information and proprietary information in the Federal Docket...

Code of Federal Regulations, 2010 CFR

2010-01-01

... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...

14 CFR 11.35 - Does FAA include sensitive security information and proprietary information in the Federal Docket...

Code of Federal Regulations, 2014 CFR

2014-01-01

... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...

14 CFR 11.35 - Does FAA include sensitive security information and proprietary information in the Federal Docket...

Code of Federal Regulations, 2012 CFR

2012-01-01

... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...

14 CFR 11.35 - Does FAA include sensitive security information and proprietary information in the Federal Docket...

Code of Federal Regulations, 2013 CFR

2013-01-01

... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...

14 CFR 11.35 - Does FAA include sensitive security information and proprietary information in the Federal Docket...

Code of Federal Regulations, 2011 CFR

2011-01-01

... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...

48 CFR 339.7100 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7100 Definitions. As used in this subpart, the following definitions shall apply: Adequate security means, in accordance with OMB Circular A-130, Management of Federal Information Resources, Appendix 3 (Security of Federal...

48 CFR 339.7100 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7100 Definitions. As used in this subpart, the following definitions shall apply: Adequate security means, in accordance with OMB Circular A-130, Management of Federal Information Resources, Appendix 3 (Security of Federal...

48 CFR 339.7100 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7100 Definitions. As used in this subpart, the following definitions shall apply: Adequate security means, in accordance with OMB Circular A-130, Management of Federal Information Resources, Appendix 3 (Security of Federal...

48 CFR 339.7100 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7100 Definitions. As used in this subpart, the following definitions shall apply: Adequate security means, in accordance with OMB Circular A-130, Management of Federal Information Resources, Appendix 3 (Security of Federal...

Analyzing Cases of Resilience Success and Failure - A Research Study

DTIC Science & Technology

2012-12-01

controls [NIST 2012, NIST 2008] ISO 27002 and ISO 27004 Guidelines for initiating, implementing, maintaining, and improving information security...Commission ( ISO /IEC). Information technology—Security techniques—Code of practice for information security management ( ISO /IEC 27002 :2005). ISO /IEC, 2005...security management system and controls or groups of controls [ ISO /IEC 2005, ISO /IEC 2009] CIS Security Metrics Outcome and practice metrics measuring

Concepts for a standard based cross-organisational information security management system in the context of a nationwide EHR.

PubMed

Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald

2013-01-01

Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).

75 FR 18841 - Office for Civil Rights; Privacy Act of 1974, Amended System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-13

... Privacy Act of 1974, Federal Information Security Management Act of 2002, Computer Security Act of 1987... 1974, Federal Information Security Management Act of 2002, Computer Security Act of 1987, the Paperwork... Oversight, the Chair of the Senate Committee on Homeland Security and Governmental Affairs, and the...

The Shaping of Managers' Security Objectives through Information Security Awareness Training

ERIC Educational Resources Information Center

Harris, Mark A.

2010-01-01

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

Report: Fiscal Year 2011 Federal Information Security Management Act Report Status of EPA’s Computer Security Program

EPA Pesticide Factsheets

Report #12-P-0062, November 9, 2011. Attached is the Office of Inspector General’s (OIG’s) Fiscal Year 2011 Federal Information Security Management Act (FISMA) Reporting Template, as prescribed by the Office of Management and Budget (OMB).

78 FR 69099 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-18

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2013-0034... addressed to the Desk Officer for the Department of Homeland Security, Federal Emergency Management Agency... . SUPPLEMENTARY INFORMATION: Collection of Information Title: FEMA Preparedness Grants: Homeland Security Grant...

78 FR 50430 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-19

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2013-0020... addressed to the Desk Officer for the Department of Homeland Security, Federal Emergency Management Agency... . SUPPLEMENTARY INFORMATION: Collection of Information Title: FEMA Preparedness Grants: Port Security Grant...

A layered trust information security architecture.

PubMed

de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

2014-12-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

An Agile Enterprise Regulation Architecture for Health Information Security Management

PubMed Central

Chen, Ying-Pei; Hsieh, Sung-Huai; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

2010-01-01

Abstract Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital. PMID:20815748

An agile enterprise regulation architecture for health information security management.

PubMed

Chen, Ying-Pei; Hsieh, Sung-Huai; Cheng, Po-Hsun; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

2010-09-01

Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital.

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

Information security management system planning for CBRN facilities

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lenaeu, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.

The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

PubMed

Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

2000-05-01

The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.

Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs

NASA Astrophysics Data System (ADS)

Kurnianto, Ari; Isnanto, Rizal; Widodo, Aris Puji

2018-02-01

Information security is a problem effected business process of an organization, so it needs special concern. Information security assessment which is good and has international standard is done using Information Security Management System (ISMS) ISO/IEC 27001:2013. In this research, the high level assessment has been done using ISO/IEC 27001:2013 to observe the strength of information secuity in Ministry of Internal Affairs. The research explains about the assessment of information security management which is built using PHP. The input data use primary and secondary data which passed observation. The process gets maturity using the assessment of ISO/IEC 27001:2013. GAP Analysis observes the condition now a days and then to get recommendation and road map. The result of this research gets all of the information security process which has not been already good enough in Ministry of Internal Affairs, gives recommendation and road map to improve part of all information system being running. It indicates that ISO/IEC 27001:2013 is good used to rate maturity of information security management. As the next analyzation, this research use Clause and Annex in ISO/IEC 27001:2013 which is suitable with condition of Data Center and Data Recovery Center, so it gets optimum result and solving problem of the weakness information security.

Managing information technology security risk

NASA Technical Reports Server (NTRS)

Gilliam, David

2003-01-01

Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gibbs, P. W.

Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

Security in the management of information systems.

PubMed

Huston, T L; Huston, J L

1998-06-01

Although security technology exists in abundance in health information management systems, the implementation of that technology is often lacking. This lack of implementation can be heavily affected by the attitudes and perceptions of users and management, the "people part" of systems. Particular operational, organizational, and economic factors must be addressed along with employment of security objectives and accountability. Unique threats, as well as controls, pervade the use of microcomputer-based systems as these systems permeate health care information management.

Optimizing Security of Cloud Computing within the DoD

DTIC Science & Technology

2010-12-01

information security governance and risk management; application security; cryptography; security architecture and design; operations security; business ...governance and risk management; application security; cryptography; security architecture and design; operations security; business continuity...20 7. Operational Security (OPSEC).........................................................20 8. Business Continuity Planning (BCP) and Disaster

Managing security risks for inter-organisational information systems: a multiagent collaborative model

NASA Astrophysics Data System (ADS)

Feng, Nan; Wu, Harris; Li, Minqiang; Wu, Desheng; Chen, Fuzan; Tian, Jin

2016-09-01

Information sharing across organisations is critical to effectively managing the security risks of inter-organisational information systems. Nevertheless, few previous studies on information systems security have focused on inter-organisational information sharing, and none have studied the sharing of inferred beliefs versus factual observations. In this article, a multiagent collaborative model (MACM) is proposed as a practical solution to assess the risk level of each allied organisation's information system and support proactive security treatment by sharing beliefs on event probabilities as well as factual observations. In MACM, for each allied organisation's information system, we design four types of agents: inspection agent, analysis agent, control agent, and communication agent. By sharing soft findings (beliefs) in addition to hard findings (factual observations) among the organisations, each organisation's analysis agent is capable of dynamically predicting its security risk level using a Bayesian network. A real-world implementation illustrates how our model can be used to manage security risks in distributed information systems and that sharing soft findings leads to lower expected loss from security risks.

A Layered Trust Information Security Architecture

PubMed Central

de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

2014-01-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

6 CFR 29.5 - Requirements for protection.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL... PCII Program Manager or the PCII Program Manager's designee; (2) The information is submitted for... information initially provided received by the PCII Program Manager or the PCII Program Manager's designee...

6 CFR 29.5 - Requirements for protection.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL... PCII Program Manager or the PCII Program Manager's designee; (2) The information is submitted for... information initially provided received by the PCII Program Manager or the PCII Program Manager's designee...

Software Assurance in Acquisition: Mitigating Risks to the Enterprise. A Reference Guide for Security-Enhanced Software Acquisition and Outsourcing

DTIC Science & Technology

2009-02-01

management, available at <http://www.iso.org/ iso /en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=39612&ICS1=35&ICS2=40 &ICS3=>. ISO /IEC 27001 . Information...Management of the Systems Engineering Process. [ ISO /IEC 27001 ] ISO /IEC 27001 :2005. Information technology -- Security techniques -- Information security...software life cycles [ ISO /IEC 15026]. Software assurance is a key element of national security and homeland security. It is critical because dramatic

Safe teleradiology: information assurance as project planning methodology

NASA Astrophysics Data System (ADS)

Collmann, Jeff R.; Alaoui, Adil; Nguyen, Dan; Lindisch, David

2003-05-01

This project demonstrates use of OCTAVE, an information security risk assessment method, as an approach to the safe design and planning of a teleradiology system. By adopting this approach to project planning, we intended to provide evidence that including information security as an intrinsic component of project planning improves information assurance and that using information assurance as a planning tool produces and improves the general system management plan. Several considerations justify this approach to planning a safe teleradiology system. First, because OCTAVE was designed as a method for retrospectively assessing and proposing enhancements for the security of existing information management systems, it should function well as a guide to prospectively designing and deploying a secure information system such as teleradiology. Second, because OCTAVE provides assessment and planning tools for use primarily by interdisciplinary teams from user organizations, not consultants, it should enhance the ability of such teams at the local level to plan safe information systems. Third, from the perspective of sociological theory, OCTAVE explicitly attempts to enhance organizational conditions identified as necessary to safely manage complex technologies. Approaching information system design from the perspective of information security risk management proactively integrates health information assurance into a project"s core. This contrasts with typical approaches that perceive "security" as a secondary attribute to be "added" after designing the system and with approaches that identify information assurance only with security devices and user training. The perspective of health information assurance embraces so many dimensions of a computerized health information system"s design that one may successfully deploy a method for retrospectively assessing information security risk as a prospective planning tool. From a sociological perspective, this approach enhances the general conditions as well as establishes specific policies and procedures for reliable performance of health information assurance.

MAVEN Information Security Governance, Risk Management, and Compliance (GRC): Lessons Learned

NASA Technical Reports Server (NTRS)

Takamura, Eduardo; Gomez-Rosa, Carlos A.; Mangum, Kevin; Wasiak, Fran

2014-01-01

As the first interplanetary mission managed by the NASA Goddard Space Flight Center, the Mars Atmosphere and Volatile EvolutioN (MAVEN) had three IT security goals for its ground system: COMPLIANCE, (IT) RISK REDUCTION, and COST REDUCTION. In a multiorganizational environment in which government, industry and academia work together in support of the ground system and mission operations, information security governance, risk management, and compliance (GRC) becomes a challenge as each component of the ground system has and follows its own set of IT security requirements. These requirements are not necessarily the same or even similar to each other's, making the auditing of the ground system security a challenging feat. A combination of standards-based information security management based on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), due diligence by the Mission's leadership, and effective collaboration among all elements of the ground system enabled MAVEN to successfully meet NASA's requirements for IT security, and therefore meet Federal Information Security Management Act (FISMA) mandate on the Agency. Throughout the implementation of GRC on MAVEN during the early stages of the mission development, the Project faced many challenges some of which have been identified in this paper. The purpose of this paper is to document these challenges, and provide a brief analysis of the lessons MAVEN learned. The historical information documented herein, derived from an internal pre-launch lessons learned analysis, can be used by current and future missions and organizations implementing and auditing GRC.

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Part 364—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2013 CFR

2013-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2013-01-01 2013-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2014 CFR

2014-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2014-01-01 2014-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

Proposal for a Security Management in Cloud Computing for Health Care

PubMed Central

Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources. PMID:24701137

Proposal for a security management in cloud computing for health care.

PubMed

Haufe, Knut; Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

Three Essays on Information Technology Security Management in Organizations

ERIC Educational Resources Information Center

Gupta, Manish

2011-01-01

Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to…

How to implement security controls for an information security program at CBRN facilities

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in anmore » easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.« less

Advanced approach to information security management system model for industrial control system.

PubMed

Park, Sanghyun; Lee, Kyungho

2014-01-01

Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

Advanced Approach to Information Security Management System Model for Industrial Control System

PubMed Central

2014-01-01

Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS. PMID:25136659

Information Security Management Practices of K-12 School Districts

ERIC Educational Resources Information Center

Nyachwaya, Samson

2013-01-01

The research problem addressed in this quantitative correlational study was the inadequacy of sound information security management (ISM) practices in K-12 school districts, despite their increasing ownership of information assets. Researchers have linked organizational and sociotechnical factors to the implementation of information security…

Report: Fiscal Year 2010 Federal Information Security Management Act Report

EPA Pesticide Factsheets

Report #11-P-0017, November 16, 2010. Attached is the Office of Inspector General’s (OIG’s) Fiscal Year 2010 Federal Information Security Management Act (FISMA) Reporting Template, as prescribed by the Office of Management and Budget (OMB).

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and... information contained in those systems. Each system's level of security shall protect the integrity...

75 FR 1566 - National Industrial Security Program Directive No. 1

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-12

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office 32 CFR Part...: Information Security Oversight Office, NARA. ACTION: Proposed rule; correction. SUMMARY: This document... Management System (FDMS) number to the proposed rule for Information Security Oversight Office (ISOO...

Strengthening the Security of ESA Ground Data Systems

NASA Astrophysics Data System (ADS)

Flentge, Felix; Eggleston, James; Garcia Mateos, Marc

2013-08-01

A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.

Improving Information Security Risk Management

ERIC Educational Resources Information Center

Singh, Anand

2009-01-01

manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

An analysis of Indonesia’s information security index: a case study in a public university

NASA Astrophysics Data System (ADS)

Yustanti, W.; Qoiriah, A.; Bisma, R.; Prihanto, A.

2018-01-01

Ministry of Communication and Informatics of the Republic of Indonesia has issued the regulation number 4-2016 about Information Security Management System (ISMS) for all kind organizations. Public university as a government institution must apply this standard to assure its level of information security has complied ISO 27001:2013. This research is a preliminary study to evaluate the readiness of university IT services (case study in a public university) meets the requirement of ISO 27001:2013 using the Indonesia’s Information Security Index (IISI). There are six parameters used to measure the level of information security, these are the ICT role, governance, risk management, framework, asset management and technology. Each parameter consists of serial questions which must be answered and convert to a numeric value. The result shows the level of readiness and maturity to apply ISO 27001 standard.

The adoption of IT security standards in a healthcare environment.

PubMed

Gomes, Rui; Lapão, Luís Velez

2008-01-01

Security is a vital part of daily life to Hospitals that need to ensure that the information is adequately secured. In Portugal, more CIOs are seeking that their hospital IS departments are properly protecting information assets from security threats. It is imperative to take necessary measures to ensure risk management and business continuity. Security management certification provides just such a guarantee, increasing patient and partner confidence. This paper introduces one best practice for implementing four security controls in a hospital datacenter infrastructure (ISO27002), and describes the security assessment for implementing such controls.

Special Reports; Homeland Security and Information Management; The Development of Electronic Government in the United States: The Federal Policy Experience; Digital Rights Management: Why Libraries Should Be Major Players; The Current State and Future Promise of Portal Applications; Recruitment and Retention: A Professional Concern.

ERIC Educational Resources Information Center

Relyea, Harold C.; Halchin, L. Elaine; Hogue, Henry B.; Agnew, Grace; Martin, Mairead; Schottlaender, Brian E. C.; Jackson, Mary E.

2003-01-01

Theses five reports address five special issues: the effects of the September 11 attacks on information management, including homeland security, Web site information removal, scientific and technical information, and privacy concerns; federal policy for electronic government information; digital rights management and libraries; library Web portal…

41 CFR 105-53.133 - Information Security Oversight Office.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 41 Public Contracts and Property Management 3 2010-07-01 2010-07-01 false Information Security Oversight Office. 105-53.133 Section 105-53.133 Public Contracts and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES ADMINISTRATION 53-STATEMENT OF ORGANIZATION AND...

41 CFR 105-53.133 - Information Security Oversight Office.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 41 Public Contracts and Property Management 3 2011-01-01 2011-01-01 false Information Security Oversight Office. 105-53.133 Section 105-53.133 Public Contracts and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES ADMINISTRATION 53-STATEMENT OF ORGANIZATION AND...

Methods of Organizational Information Security

NASA Astrophysics Data System (ADS)

Martins, José; Dos Santos, Henrique

The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant dimensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foundation of norms focused on technologies, in processes and taking into consideration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the development of a method of security of information for an organization in a conflicting environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of "Network centric warfare", "Information superiority" and "Information warfare" especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.

NASA Automatic Information Security Handbook

NASA Technical Reports Server (NTRS)

1993-01-01

This handbook details the Automated Information Security (AIS) management process for NASA. Automated information system security is becoming an increasingly important issue for all NASA managers and with rapid advancements in computer and network technologies and the demanding nature of space exploration and space research have made NASA increasingly dependent on automated systems to store, process, and transmit vast amounts of mission support information, hence the need for AIS systems and management. This handbook provides the consistent policies, procedures, and guidance to assure that an aggressive and effective AIS programs is developed, implemented, and sustained at all NASA organizations and NASA support contractors.

78 FR 5116 - NASA Information Security Protection

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-24

... 2700-AD61 NASA Information Security Protection AGENCY: National Aeronautics and Space Administration... implement the provisions of Executive Order (E.O.) 13526, Classified National Security Information, and... Information, that establishes the Agency's requirements for the proper implementation and management of a...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2012 CFR

2012-01-01

... training in system/application life cycle management, risk management, and contingency planning. (4) Chief... security management, system/application life cycle management, risk management, and contingency planning... management; and management and implementation level training in system/application life cycle management...

The Operational Manager - Enemy or Hero of Secure Business Practice?

NASA Astrophysics Data System (ADS)

Goucher, Wendy

This paper will investigate the role of the non-IT manager in information security. He can, for example, be the reason why sensitive work is carried out on the move and security focused spending is given a low priority in the budget. Alternatively, he can also be the driving force behind empowering the team to have a dynamic attitude to protecting data both at work and at home. Now is the time for managers to stop pushing information security issues away from their desk and into the in-tray of the IT department.

Information Systems Security Management: A Review and a Classification of the ISO Standards

NASA Astrophysics Data System (ADS)

Tsohou, Aggeliki; Kokolakis, Spyros; Lambrinoudakis, Costas; Gritzalis, Stefanos

The need for common understanding and agreement of functional and non-functional requirements is well known and understood by information system designers. This is necessary for both: designing the "correct" system and achieving interoperability with other systems. Security is maybe the best example of this need. If the understanding of the security requirements is not the same for all involved parties and the security mechanisms that will be implemented do not comply with some globally accepted rules and practices, then the system that will be designed will not necessarily achieve the desired security level and it will be very difficult to securely interoperate with other systems. It is therefore clear that the role and contribution of international standards to the design and implementation of security mechanisms is dominant. In this paper we provide a state of the art review on information security management standards published by the International Organization for Standardization and the International Electrotechnical Commission. Such an analysis is meaningful to security practitioners for an efficient management of information security. Moreover, the classification of the standards in the clauses of ISO/IEC 27001:2005 that results from our analysis is expected to provide assistance in dealing with the plethora of security standards.

17 CFR 200.17 - Chief Management Analyst.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 2 2011-04-01 2011-04-01 false Chief Management Analyst. 200.17 Section 200.17 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management General Organization...

An Examination of an Information Security Framework Implementation Based on Agile Values to Achieve Health Insurance Portability and Accountability Act Security Rule Compliance in an Academic Medical Center: The Thomas Jefferson University Case Study

ERIC Educational Resources Information Center

Reis, David W.

2012-01-01

Agile project management is most often examined in relation to software development, while information security frameworks are often examined with respect to certain risk management capabilities rather than in terms of successful implementation approaches. This dissertation extended the study of both Agile project management and information…

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s or business associate's workforce in relation to the protection of that information...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s workforce in relation to the protection of that information. Authentication means the...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s workforce in relation to the protection of that information. Authentication means the...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s workforce in relation to the protection of that information. Authentication means the...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s or business associate's workforce in relation to the protection of that information...

Research on information security system of waste terminal disposal process

NASA Astrophysics Data System (ADS)

Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

2017-05-01

Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

77 FR 11145 - Intent to Request Renewal From OMB of One Current Public Collection of Information: Air Cargo...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-24

...The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), OMB control number 1652-0040, abstracted below that we will submit to the Office of Management and Budget (OMB) for renewal in compliance with the Paperwork Reduction Act. The ICR describes the nature of the information collection and its expected burden. This ICR involves five broad categories of affected populations: airports, passenger aircraft operators, foreign air carriers, indirect air carriers operating under a security program, and all-cargo carriers. The collections of information that make up this ICR are security programs, security threat assessments (STA), known shipper data via the Known Shipper Management System (KSMS), Air Cargo Data Management System (ACDMS), Cargo Reporting Tool for cargo screening reporting, and evidence of compliance recordkeeping. TSA seeks continued OMB approval in order to secure passenger aircraft carrying cargo as authorized in the Aviation and Transportation Security Act.

44 CFR 8.3 - Senior FEMA official responsible for the information security program.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 44 Emergency Management and Assistance 1 2010-10-01 2010-10-01 false Senior FEMA official... Senior FEMA official responsible for the information security program. The Director of the Security Division, has been designated as the senior official to direct and administer the FEMA information security...

14 CFR 1203.901 - Responsibilities.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program Committee § 1203.901 Responsibilities. (a) The Chairperson reports to the Administrator concerning the management and direction of the NASA Information Security Program as provided for...

14 CFR 1203.901 - Responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program Committee § 1203.901 Responsibilities. (a) The Chairperson reports to the Administrator concerning the management and direction of the NASA Information Security Program as provided for...

Intelligent community management system based on the devicenet fieldbus

NASA Astrophysics Data System (ADS)

Wang, Yulan; Wang, Jianxiong; Liu, Jiwen

2013-03-01

With the rapid development of the national economy and the improvement of people's living standards, people are making higher demands on the living environment. And the estate management content, management efficiency and service quality have been higher required. This paper in-depth analyzes about the intelligent community of the structure and composition. According to the users' requirements and related specifications, it achieves the district management systems, which includes Basic Information Management: the management level of housing, household information management, administrator-level management, password management, etc. Service Management: standard property costs, property charges collecting, the history of arrears and other property expenses. Security Management: household gas, water, electricity and security and other security management, security management district and other public places. Systems Management: backup database, restore database, log management. This article also carries out on the Intelligent Community System analysis, proposes an architecture which is based on B / S technology system. And it has achieved a global network device management with friendly, easy to use, unified human - machine interface.

A Model for an Information Security Risk Management (ISRM) Framework for Saudi Arabian Organisations

ERIC Educational Resources Information Center

Alshareef, Naser

2016-01-01

Countries in the Gulf represent thriving, globally important commercial centres. They have embraced technology and modern management methods, often originating in the western countries. In adapting to quite different cultures these do not always operate as successfully. The adoption and practices of the Information Security Risk Management (ISRM)…

10 CFR 10.5 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-01-01

... SECURITY INFORMATION OR AN EMPLOYMENT CLEARANCE General Provisions § 10.5 Definitions. Access authorization... person designated by the Deputy Executive Director for Corporate Management and Chief Information Officer, is eligible for a security clearance for access to Restricted Data or National Security Information...

Building Assured Systems Framework

DTIC Science & Technology

2010-09-01

of standards such as ISO 27001 as frameworks [NASCIO 2009]. In this context, a framework is a standard intended to assist in auditing and compliance...Information Security ISO /IEC 27004 Information technology – Security techniques - Information security management measurement ISO /IEC 15939, System and

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

Safe teleradiology: information assurance as project planning methodology.

PubMed

Collmann, Jeff; Alaoui, Adil; Nguyen, Dan; Lindisch, David

2005-01-01

The Georgetown University Medical Center Department of Radiology used a tailored version of OCTAVE, a self-directed information security risk assessment method, to design a teleradiology system that complied with the regulation implementing the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The system addressed threats to and vulnerabilities in the privacy and security of protected health information. By using OCTAVE, Georgetown identified the teleradiology program's critical assets, described threats to the assurance of those assets, developed and ran vulnerability scans of a system pilot, evaluated the consequences of security breaches, and developed a risk management plan to mitigate threats to program assets, thereby implementing good information assurance practices. This case study illustrates the basic point that prospective, comprehensive planning to protect the privacy and security of an information system strategically benefits program management as well as system security.

Federal Government Information Systems Security Management and Governance Are Pacing Factors for Innovation

ERIC Educational Resources Information Center

Edwards, Gregory

2011-01-01

Security incidents resulting from human error or subversive actions have caused major financial losses, reduced business productivity or efficiency, and threatened national security. Some research suggests that information system security frameworks lack emphasis on human involvement as a significant cause for security problems in a rapidly…

Information technology as a tool for the Italian Institute of Social Security (INPS) in the management of social security and civil disability: Pro and cons.

PubMed

Sammicheli, Michele; Scaglione, Marcella

2018-01-01

We examine, from a medical-legal perspective, the pro and cons of the information technology procedures that the Italian Institute of Social Security (INPS) has implemented to manage the provision of social disability assistance, meaning that separate from the payment of pension contributions, being welfare, anchored to an administrative requirement by way of the compulsory payment of a minimum social security contribution.

78 FR 16869 - Agency Information Collection Activities; Submission for OMB Review; Comment Request; Employee...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-19

... for OMB Review; Comment Request; Employee Retirement Income Security Act of 1974 Investment Manager... Retirement Income Security Act of 1974 Investment Manager Electronic Registration,'' to the Office of... order to meet the definition of investment manager under Employee Retirement Income Security Act of 1974...

12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for.... Definitions II. Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of...

12 CFR Appendix F to Part 225 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for.... Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B...

77 FR 24507 - Agency Information Collection Activities: Form N-25, Extension of an Existing Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-24

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services Agency Information... Naturalization. The Department of Homeland Security, U.S. Citizenship and Immigration Services (USCIS) will be... Homeland Security (DHS), and to the Office of Information and Regulatory Affairs, Office of Management and...

IDEF3 Formalization Report

DTIC Science & Technology

1991-10-01

SUBJECT TERMS 15. NUMBER OF PAGES engineering management information systems method formalization 60 information engineering process modeling 16 PRICE...CODE information systems requirements definition methods knowlede acquisition methods systems engineering 17. SECURITY CLASSIFICATION ji. SECURITY... Management , Inc., Santa Monica, California. CORYNEN, G. C., 1975, A Mathematical Theory of Modeling and Simula- tion. Ph.D. Dissertation, Department

Report: EPA’s Information Security Program Is Established, but Improvements Are Needed to Strengthen Its Processes

EPA Pesticide Factsheets

Report #18-P-0031, October 30, 2017. Although the EPA has an effective information security program, management emphasis is needed to achieve a higher level of maturity for the agency’s information security program.

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2014 CFR

2014-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2012 CFR

2012-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2010 CFR

2010-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2011 CFR

2011-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2013 CFR

2013-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

48 CFR 339.7103 - Solicitation and contract clause.

Code of Federal Regulations, 2010 CFR

2010-10-01

... SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management...-72, Security Requirements for Federal Information Technology Resources, in solicitations and contracts that involve contractor access to Federal information or Federal information systems. ...

School Security Assessment Programme in Australia

ERIC Educational Resources Information Center

Marrapodi, John

2007-01-01

This article describes a successful security risk management programme in Australia. The state-wide programme follows a structured risk management approach focusing on the safety and security of people, information, provision, and assets in the school environment. To assist school principals, a Security Risk Assessment Programme was developed on a…

An Analysis of Information Technology Managers' and Executives' Security Concerns on Willingness to Adopt Cloud Computing Solutions

ERIC Educational Resources Information Center

Tanque, Marcus M.

2012-01-01

The research conducted in this study inquires about Information Technology (IT) managers' and executives' attitudes, beliefs, and knowledge on Cloud Computing (CC) security. The study evaluated how these factors affect IT managers' and executives' willingness to adopt CC solutions in their organizations. Confidentiality,…

A mapping of information security in health Information Systems in Latin America and Brazil.

PubMed

Pereira, Samáris Ramiro; Fernandes, João Carlos Lopes; Labrada, Luis; Bandiera-Paiva, Paulo

2013-01-01

In health, Information Systems are patient records, hospital administration or other, have advantages such as cost, availability and integration. However, for these benefits to be fully met, it is necessary to guarantee the security of information maintained and provided by the systems. The lack of security can lead to serious consequences such as lawsuits and induction to medical errors. The management of information security is complex and is used in various fields of knowledge. Often, it is left in the background for not being the ultimate goal of a computer system, causing huge financial losses to corporations. This paper by systematic review methodologies, presented a mapping in the literature, in order to identify the most relevant aspects that are addressed by security researchers of health information, as to the development of computerized systems. They conclude through the results, some important aspects, for which the managers of computerized health systems should remain alert.

78 FR 48697 - Agency Information Collection Activities: Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-09

... INFORMATION: FEMA's Homeland Security Grant Program (HSGP) is an important part of the Administration's larger... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2013-0034... concerning the collection of information to administer the Homeland Security Grant Program (HSGP). DATES...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

Achieving Safety through Security Management

NASA Astrophysics Data System (ADS)

Ridgway, John

Whilst the achievement of safety objectives may not be possible purely through the administration of an effective Information Security Management System (ISMS), your job as safety manager will be significantly eased if such a system is in place. This paper seeks to illustrate the point by drawing a comparison between two of the prominent standards within the two disciplines of security and safety management.

Notification: Audit of the U.S. EPA's Compliance with the Federal Information Security Management Act (FISMA)

EPA Pesticide Factsheets

Project #OA-FY13-0280, May 9, 2013. The Office of Inspector General plans to begin fieldwork for an audit of the U.S. Environmental Protection Agency’s compliance with the Federal Information Security Management Act.

Security engineering: systems engineering of security through the adaptation and application of risk management

NASA Technical Reports Server (NTRS)

Gilliam, David P.; Feather, Martin S.

2004-01-01

Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.

Tailoring NIST Security Controls for the Ground System: Selection and Implementation -- Recommendations for Information System Owners

NASA Technical Reports Server (NTRS)

Takamura, Eduardo; Mangum, Kevin

2016-01-01

The National Aeronautics and Space Administration (NASA) invests millions of dollars in spacecraft and ground system development, and in mission operations in the pursuit of scientific knowledge of the universe. In recent years, NASA sent a probe to Mars to study the Red Planet's upper atmosphere, obtained high resolution images of Pluto, and it is currently preparing to find new exoplanets, rendezvous with an asteroid, and bring a sample of the asteroid back to Earth for analysis. The success of these missions is enabled by mission assurance. In turn, mission assurance is backed by information assurance. The information systems supporting NASA missions must be reliable as well as secure. NASA - like every other U.S. Federal Government agency - is required to manage the security of its information systems according to federal mandates, the most prominent being the Federal Information Security Management Act (FISMA) of 2002 and the legislative updates that followed it. Like the management of enterprise information technology (IT), federal information security management takes a "one-size fits all" approach for protecting IT systems. While this approach works for most organizations, it does not effectively translate into security of highly specialized systems such as those supporting NASA missions. These systems include command and control (C&C) systems, spacecraft and instrument simulators, and other elements comprising the ground segment. They must be carefully configured, monitored and maintained, sometimes for several years past the missions' initially planned life expectancy, to ensure the ground system is protected and remains operational without any compromise of its confidentiality, integrity and availability. Enterprise policies, processes, procedures and products, if not effectively tailored to meet mission requirements, may not offer the needed security for protecting the information system, and they may even become disruptive to mission operations. Certain protective measures for the general enterprise may not be as efficient within the ground segment. This is what the authors have concluded through observations and analysis of patterns identified from the various security assessments performed on NASA missions such as MAVEN, OSIRIS-REx, New Horizons and TESS, to name a few. The security audits confirmed that the framework for managing information system security developed by the National Institute of Standards and Technology (NIST) for the federal government, and adopted by NASA, is indeed effective. However, the selection of the technical, operational and management security controls offered by the NIST model - and how they are implemented - does not always fit the nature and the environment where the ground system operates in even though there is no apparent impact on mission success. The authors observed that unfit controls, that is, controls that are not necessarily applicable or sufficiently effective in protecting the mission systems, are often selected to facilitate compliance with security requirements and organizational expectations even if the selected controls offer minimum or non-existent protection. This paper identifies some of the standard security controls that can in fact protect the ground system, and which of them offer little or no benefit at all. It offers multiple scenarios from real security audits in which the controls are not effective without, of course, disclosing any sensitive information about the missions assessed. In addition to selection and implementation of controls, the paper also discusses potential impact of recent legislation such as the Federal Information Security Modernization Act (FISMA) of 2014 - aimed at the enterprise - on the ground system, and offers other recommendations to Information System Owners (ISOs).

78 FR 39302 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-01

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2013-0008... addressed to the Desk Officer for the Department of Homeland Security, Federal Emergency Management Agency... Management Agency, Department of Homeland Security. [FR Doc. 2013-15646 Filed 6-28-13; 8:45 am] BILLING CODE...

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2012 CFR

2012-01-01

... risks. C. Manage and Control Risk. Each bank shall: 1. Design its information security program to... A. Involve the Board of Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service...) Aggregate information, such as the mean credit score, derived from a group of consumer reports; or (B) Blind...

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... risks. C. Manage and Control Risk. Each bank shall: 1. Design its information security program to... A. Involve the Board of Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service...) Aggregate information, such as the mean credit score, derived from a group of consumer reports; or (B) Blind...

44 CFR 8.1 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.1 Purpose. (a) Section 5.3(b) of Executive Order (EO) 12356, “National Security Information” requires agencies to promulgate implementing policies and regulations. To...

Notification: Audit of the U.S. Environmental Protection Agency’s Compliance with the Federal Information Security Management Act

EPA Pesticide Factsheets

Project #OA-FY14-0135, February 10, 2014. The Office of Inspector General plans to begin fieldwork for an audit of the U.S. Environmental Protection Agency's compliance with the Federal Information Security Management Act (FISMA).

Securing PCs and Data in Libraries and Schools: A Handbook with Menuing, Anti-Virus, and Other Protective Software.

ERIC Educational Resources Information Center

Benson, Allen C.

This handbook is designed to help readers identify and eliminate security risks, with sound recommendations and library-tested security software. Chapter 1 "Managing Your Facilities and Assessing Your Risks" addresses fundamental management responsibilities including planning for a secure system, organizing computer-related information, assessing…

An Empirical Examination of Fear Appeal's Effect on Behavioral Intention to Comply with Anti-Spyware Software Information Security Recommendations among College Students

ERIC Educational Resources Information Center

Brown, David A.

2017-01-01

Information security is a concern for managers implementing protection measures. Implementing information security measures requires communicating both the reason and remediation for the protection measure. Examining how an anti-spyware security communication affects an individual's intention to implement a protection measure could help improve…

[Application of classified protection of information security in the information system of air pollution and health impact monitoring].

PubMed

Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

2018-01-01

To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

Information Management and the Biological Warfare Threat

DTIC Science & Technology

2002-03-01

24 2. Scientific-Security Paradigm Interaction........................................ 25 3. Business - Security Paradigm...policies of openness and guardedness and discuss the three paradigms (scientific, business , security ) as a developing factor for information sharing...Trade Center. 3. Business - Security Paradigm Interaction Gene patenting (discussed previously) is utilized by business to protect their

Security Management in a Multimedia System

ERIC Educational Resources Information Center

Rednic, Emanuil; Toma, Andrei

2009-01-01

In database security, the issue of providing a level of security for multimedia information is getting more and more known. For the moment the security of multimedia information is done through the security of the database itself, in the same way, for all classic and multimedia records. So what is the reason for the creation of a security…

75 FR 9919 - Extension of Agency Information Collection Activity Under OMB Review: Air Cargo Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-04

...This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), OMB control number 1652-0040, abstracted below to the Office of Management and Budget (OMB) for renewal in compliance with the Paperwork Reduction Act. The ICR describes the nature of the information collection and its expected burden. TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of the following collection of information on November 16, 2009, 74 FR 58969. TSA has not received any comments. The collections of information that make up this ICR involve five broad categories affecting airports, passenger aircraft operators, foreign air carriers, indirect air carriers operating under a security program, and all-cargo carriers. These five categories are: security programs, security threat assessments (STA), known shipper data via the Known Shipper Management System (KSMS), cargo screening reporting, and evidence of compliance recordkeeping.

76 FR 4362 - Extension of Agency Information Collection Activity Under OMB Review: Air Cargo Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-25

...This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), OMB control number 1652-0040, abstracted below, to the Office of Management and Budget (OMB) for renewal in compliance with the Paperwork Reduction Act. The ICR describes the nature of the information collection and its expected burden. TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of this collection of information on October 14, 2010, 75 FR 63192. TSA has not received any comments. The collections of information that make up this ICR involve five broad categories affecting airports, passenger aircraft operators, foreign air carriers, indirect air carriers operating under a security program, and all-cargo carriers. These five categories are: Security programs, security threat assessments (STA), known shipper data via the Known Shipper Management System (KSMS), cargo screening reporting, and evidence of compliance recordkeeping.

On Business-Driven IT Security Management and Mismatches between Security Requirements in Firms, Industry Standards and Research Work

NASA Astrophysics Data System (ADS)

Frühwirth, Christian

Industry managers have long recognized the vital importance of information security for their businesses, but at the same time they perceived security as a technology-driven rather then a business-driven field. Today, this notion is changing and security management is shifting from technology- to business-oriented approaches. Whereas there is evidence of this shift in the literature, this paper argues that security standards and academic work have not yet taken it fully into account. We examine whether this disconnect has lead to a misalignment of IT security requirements in businesses versus industry standards and academic research. We conducted 13 interviews with practitioners from 9 different firms to investigate this question. The results present evidence for a significant gap between security requirements in industry standards and actually reported security vulnerabilities. We further find mismatches between the prioritization of security factors in businesses, standards and real-world threats. We conclude that security in companies serves the business need of protecting information availability to keep the business running at all times.

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

An updated look at document security: from initiation to storage or shredder.

PubMed

McConnell, Charles R

2014-01-01

In these days of close attention to security of information handled electronically, there is often a tendency to overlook the security of hard-copy documents. Document security can involve many areas of business, but the health care department manager's concerns are primarily for patient records and employee documentation. Document security is closely related to growing concerns for individual privacy; guidelines are furnished for protecting employee privacy by separating retention practices for business information from personal information. Sensitive documentation requires rules and procedures for processing, retaining, accessing, storing, and eventually destroying. Also, documents that are missing or incomplete at times present unique problems for the organization. The department manager is provided with some simple rules for safeguarding employee and patient documentation.

Approaches to Enhancing Cyber Resilience: Report of the North Atlantic Treaty Organization (NATO) Workshop IST-153

DTIC Science & Technology

2018-04-01

referred to as “defense in depth” and has been the standard model of information security management for at least a decade. Concepts such as mandatory...instrumentation into the system and monitoring this instrumentation with appropriate reports and alerts (e.g., security information event management tools or...Coalition Battle Management Language (C-BML) (NATO 2012) define information (orders, plans, reports, requests, etc.) that can be readily processed by

Information technology security system engineering methodology

NASA Technical Reports Server (NTRS)

Childs, D.

2003-01-01

A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

Measuring Information Security: Guidelines to Build Metrics

NASA Astrophysics Data System (ADS)

von Faber, Eberhard

Measuring information security is a genuine interest of security managers. With metrics they can develop their security organization's visibility and standing within the enterprise or public authority as a whole. Organizations using information technology need to use security metrics. Despite the clear demands and advantages, security metrics are often poorly developed or ineffective parameters are collected and analysed. This paper describes best practices for the development of security metrics. First attention is drawn to motivation showing both requirements and benefits. The main body of this paper lists things which need to be observed (characteristic of metrics), things which can be measured (how measurements can be conducted) and steps for the development and implementation of metrics (procedures and planning). Analysis and communication is also key when using security metrics. Examples are also given in order to develop a better understanding. The author wants to resume, continue and develop the discussion about a topic which is or increasingly will be a critical factor of success for any security managers in larger organizations.

78 FR 42113 - Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-15

... Securities and Exchange Commission (``Commission'') has submitted to the Office of Management and Budget... settlement price for each cash-settled security futures product fairly reflect the opening price of the... Securities and Exchange Commission, Office of Information and Regulatory Affairs, Office of Management and...

Managing Materials and Wastes for Homeland Security Incidents

EPA Pesticide Factsheets

To provide information on waste management planning and preparedness before a homeland security incident, including preparing for the large amounts of waste that would need to be managed when an incident occurs, such as a large-scale natural disaster.

Shared Information Framework and Technology (SHIFT) Handbook

DTIC Science & Technology

2009-02-01

field. Such a patchwork of separate systems neither improves information sharing nor guarantees the safety and security of communities and personnel in...analysis. In many organizations, security may not necessarily be the expertise of people working in the field, or security and safety issues may be...the safety and security of all crisis management personnel in crisis areas. Functioning information sharing between organisations improves situational

Structuring the Chief Information Security Officer Organization

DTIC Science & Technology

2015-09-07

GP9 Objectively Evaluate Adherence CERT-RMM HRM Human Resource Management CERT-RMM ID Identity Management CERT-RMM IMC Incident Management and...Detect, triage, analyze, respond to, and recover from suspicious events and security incidents Security incident management IMC IR IR-1, IR- 2, IR-3...2015-TN-007 | SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY 6 Table 2: Source Acronyms3 CERT-RMM NIST 800-53 C2M2 IMC Incident

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

PubMed

Bernik, Igor; Prislan, Kaja

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

Effective Management of Information Security and Privacy

ERIC Educational Resources Information Center

Anderson, Alicia

2006-01-01

No university seems immune to cyber attacks. For many universities, such events have served as wake-up calls to develop a comprehensive information security and privacy strategy. This is no simple task, however. It involves balancing a culture of openness with a need for security and privacy. Security and privacy are not the same, and the…

78 FR 89 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-02

... Management and Budget, and the Director of NIST on security and privacy issues pertaining to federal computer... Computer Security Division. Note that agenda items may change without notice because of possible unexpected... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and...

Acceptance Factors Influencing Adoption of National Institute of Standards and Technology Information Security Standards: A Quantitative Study

ERIC Educational Resources Information Center

Kiriakou, Charles M.

2012-01-01

Adoption of a comprehensive information security governance model and security controls is the best option organizations may have to protect their information assets and comply with regulatory requirements. Understanding acceptance factors of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) comprehensive…

Information Systems Security Job Advertisement Analysis: Skills Review and Implications for Information Systems Curriculum

ERIC Educational Resources Information Center

Brooks, Nita G.; Greer, Timothy H.; Morris, Steven A.

2018-01-01

The authors' focus was the assessment of skill requirements for information systems security positions to understand expectations for security jobs and to highlight issues relevant to curriculum management. The analysis of 798 job advertisements involved the exploration of domain-related and soft skills as well as degree and certification…

78 FR 37244 - Submission for Review: We Need Important Information About Your Eligibility for Social Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-20

... Eligibility for Social Security Disability Benefits, RI 98-7 AGENCY: U.S. Office of Personnel Management... extension, without change, of a currently approved information collection request (ICR) 3206-0216, We Need Important Information About Your Eligibility for Social Security Disability Benefits, RI 98-7. As required...

Information Assurance in Saudi Organizations - An Empirical Study

NASA Astrophysics Data System (ADS)

Nabi, Syed Irfan; Mirza, Abdulrahman A.; Alghathbar, Khaled

This paper presents selective results of a survey conducted to find out the much needed insight into the status of information security in Saudi Arabian organizations. The purpose of this research is to give the state of information assurance in the Kingdom and to better understand the prevalent ground realities. The survey covered technical aspects of information security, risk management and information assurance management. The results provide deep insights in to the existing level of information assurance in various sectors that can be helpful in better understanding the intricate details of the prevalent information security in the Kingdom. Also, the results can be very useful for information assurance policy makers in the government as well as private sector organizations. There are few empirical studies on information assurance governance available in literature, especially about the Middle East and Saudi Arabia, therefore, the results are invaluable for information security researchers in improving the understanding of information assurance in this region and the Kingdom.

17 CFR 200.13 - Chief Operating Officer.

Code of Federal Regulations, 2012 CFR

2012-04-01

...; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management General Organization... Financial Management, the Office of FOIA, Records Management, and Security, and the Office of Information... management improvements, telecommunications and information technology policies, and other government-wide...

17 CFR 200.13 - Chief Operating Officer.

Code of Federal Regulations, 2013 CFR

2013-04-01

...; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management General Organization... Financial Management, the Office of FOIA, Records Management, and Security, and the Office of Information... management improvements, telecommunications and information technology policies, and other government-wide...

46 CFR 16.500 - Management Information System requirements.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 1 2010-10-01 2010-10-01 false Management Information System requirements. 16.500 Section 16.500 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System § 16.500 Management Information System requirements. (a...

46 CFR 16.500 - Management Information System requirements.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 46 Shipping 1 2013-10-01 2013-10-01 false Management Information System requirements. 16.500 Section 16.500 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System § 16.500 Management Information System requirements. (a...

46 CFR 16.500 - Management Information System requirements.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 1 2011-10-01 2011-10-01 false Management Information System requirements. 16.500 Section 16.500 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System § 16.500 Management Information System requirements. (a...

46 CFR 16.500 - Management Information System requirements.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 46 Shipping 1 2014-10-01 2014-10-01 false Management Information System requirements. 16.500 Section 16.500 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System § 16.500 Management Information System requirements. (a...

46 CFR 16.500 - Management Information System requirements.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 46 Shipping 1 2012-10-01 2012-10-01 false Management Information System requirements. 16.500 Section 16.500 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System § 16.500 Management Information System requirements. (a...

78 FR 9435 - Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-08

... Securities and Exchange Commission (``Commission'') has submitted to the Office of Management and Budget this... to register securities that are offered for cash upon the exercise of rights granted to a registrant... Securities and Exchange Commission, Office of Information and Regulatory Affairs, Office of Management and...

Information Security - Data Loss Prevention Procedure

EPA Pesticide Factsheets

The purpose of this procedure is to extend and provide specificity to the Environmental Protection Agency (EPA) Information Security Policy regarding data loss prevention and digital rights management.

Overview of Computer Security Certification and Accreditation. Final Report.

ERIC Educational Resources Information Center

Ruthberg, Zella G.; Neugent, William

Primarily intended to familiarize ADP (automatic data processing) policy and information resource managers with the approach to computer security certification and accreditation found in "Guideline to Computer Security Certification and Accreditation," Federal Information Processing Standards Publications (FIPS-PUB) 102, this overview…

77 FR 17081 - Information Collection Requests to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-23

... Information Collection Requests (ICRs) to the Office of Management and Budget (OMB), Office of Information and.... FOR FURTHER INFORMATION CONTACT: Contact Ms. Kenlinishia Tyler, Office of Information Management... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-0082] Information Collection Requests to...

12 CFR Appendix C to Part 1720 - Policy Guidance; Safety and Soundness Standards for Information

Code of Federal Regulations, 2011 CFR

2011-01-01

... implementation and reviewing reports from management. 2. Assess Risk. Each Enterprise shall: a. Identify... control risks. 3. Manage and Control Risk. Each Enterprise shall: a. Design its information security... security program. The frequency and nature of such tests should be determined by the Enterprise's risk...

77 FR 62059 - Privacy Act of 1974, as Amended; Revisions to Existing Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-11

... and forms, microfilm or microfiche, and in computer processable storage media such as personnel system... 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986... apply: The Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer...

SecureCore Security Architecture: Authority Mode and Emergency Management

DTIC Science & Technology

2007-10-16

can shield first responders from social vultures (e.g., “ambulance chasers”) or malicious parties who could intentionally interfere with emergency...hierarchical design Communications Management: network communication Process Management...and Emergency Management 1 I. Introduction During many crises, first- responder access to sensitive, restricted emergency information is

75 FR 43579 - Privacy Act of 1974; Computer Matching Program Between the Office of Personnel Management and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... safeguards for disclosure of Social Security benefit information to OPM via direct computer link for the... OFFICE OF PERSONNEL MANAGEMENT Privacy Act of 1974; Computer Matching Program Between the Office of Personnel Management and Social Security Administration AGENCY: Office of Personnel Management...

78 FR 3474 - Privacy Act of 1974; Computer Matching Program Between the Office Of Personnel Management and...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-16

... Security benefit information to OPM via direct computer link for the administration of certain programs by... OFFICE OF PERSONNEL MANAGEMENT Privacy Act of 1974; Computer Matching Program Between the Office Of Personnel Management and Social Security Administration AGENCY: Office of Personnel Management...

Women’s Role in Disaster Management and Implications for National Security

DTIC Science & Technology

2017-07-11

management policies, plans and decision making processes,” available at http://www.unisdr.org/we/ inform /publications/1037. Beijing Agenda for Global...1 WOMEN’S ROLE IN DISASTER MANAGEMENT AND IMPLICATIONS FOR NATIONAL SECURITY By Jessica Ear Introduction Disasters are increasing in...frequency and intensity. For those lacking control and access to services and resources such as education and information , disaster risks are even

Preparing Information Systems (IS) Graduates to Meet the Challenges of Global IT Security: Some Suggestions

ERIC Educational Resources Information Center

Sauls, Jeff; Gudigantala, Naveen

2013-01-01

Managing IT security and assurance is a top priority for organizations. Aware of the costs associated with a security or privacy breach, organizations are constantly vigilant about protecting their data and IT systems. In addition, organizations are investing heavily in IT resources to keep up with the challenges of managing their IT security and…

Guidelines for Automatic Data Processing Physical Security and Risk Management. Federal Information Processing Standards Publication 31.

ERIC Educational Resources Information Center

National Bureau of Standards (DOC), Washington, DC.

These guidelines provide a handbook for use by federal organizations in structuring physical security and risk management programs for their automatic data processing facilities. This publication discusses security analysis, natural disasters, supporting utilities, system reliability, procedural measures and controls, off-site facilities,…

78 FR 50436 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-19

... Justification Template. Abstract: The TSGP is an important component of the Department of Homeland Security's... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2013-0022... addressed to the Desk Officer for the Department of Homeland Security, Federal Emergency Management Agency...

48 CFR 539.7001 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Additional Requirements for Purchases Not in Support of... Information Security Management Act (FISMA) describes Federal agency security responsibilities as including... behalf of an agency.” (b) Employees responsible for or procuring information technology supplies...

48 CFR 539.7001 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Additional Requirements for Purchases Not in Support of... Information Security Management Act (FISMA) describes Federal agency security responsibilities as including... behalf of an agency.” (b) Employees responsible for or procuring information technology supplies...

48 CFR 539.7001 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Additional Requirements for Purchases Not in Support of... Information Security Management Act (FISMA) describes Federal agency security responsibilities as including... behalf of an agency.” (b) Employees responsible for or procuring information technology supplies...

48 CFR 539.7001 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Additional Requirements for Purchases Not in Support of... Information Security Management Act (FISMA) describes Federal agency security responsibilities as including... behalf of an agency.” (b) Employees responsible for or procuring information technology supplies...

48 CFR 339.7103 - Solicitation and contract clause.

Code of Federal Regulations, 2011 CFR

2011-10-01

... clause. 339.7103 Section 339.7103 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management...-72, Security Requirements for Federal Information Technology Resources, in solicitations and...

48 CFR 339.7103 - Solicitation and contract clause.

Code of Federal Regulations, 2014 CFR

2014-10-01

... clause. 339.7103 Section 339.7103 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management...-72, Security Requirements for Federal Information Technology Resources, in solicitations and...

48 CFR 339.7103 - Solicitation and contract clause.

Code of Federal Regulations, 2013 CFR

2013-10-01

... clause. 339.7103 Section 339.7103 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management...-72, Security Requirements for Federal Information Technology Resources, in solicitations and...

48 CFR 339.7103 - Solicitation and contract clause.

Code of Federal Regulations, 2012 CFR

2012-10-01

... clause. 339.7103 Section 339.7103 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management...-72, Security Requirements for Federal Information Technology Resources, in solicitations and...

Taiwan's perspective on electronic medical records' security and privacy protection: lessons learned from HIPAA.

PubMed

Yang, Che-Ming; Lin, Herng-Ching; Chang, Polun; Jian, Wen-Shan

2006-06-01

The protection of patients' health information is a very important concern in the information age. The purpose of this study is to ascertain what constitutes an effective legal framework in protecting both the security and privacy of health information, especially electronic medical records. All sorts of bills regarding electronic medical data protection have been proposed around the world including Health Insurance Portability and Accountability Act (HIPAA) of the U.S. The trend of a centralized bill that focuses on managing computerized health information is the part that needs our further attention. Under the sponsor of Taiwan's Department of Health (DOH), our expert panel drafted the "Medical Information Security and Privacy Protection Guidelines", which identifies nine principles and entails 12 articles, in the hope that medical organizations will have an effective reference in how to manage their medical information in a confidential and secured fashion especially in electronic transactions.

78 FR 77694 - Information Collection Requests to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-24

... Information Collection Requests (ICRs) to the Office of Management and Budget (OMB), Office of Information and...-7710. FOR FURTHER INFORMATION: Contact Mr. Anthony Smith, Office of Information Management, telephone... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2013-0949] Information Collection Requests to...

78 FR 12083 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-21

... Information Collection Request (ICR) to the Office of Management and Budget (OMB), Office of Information and..., Washington, DC 20593-7101. FOR FURTHER INFORMATION CONTACT: Anthony Smith, Office of Information Management... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2013-0037] Information Collection Request to...

78 FR 65351 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-31

... Information Collection Request (ICRs) to the Office of Management and Budget (OMB), Office of Information and..., DC 20593-7710. FOR FURTHER INFORMATION CONTACT: Mr. Anthony Smith, Office of Information Management... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2013-0861] Information Collection Request to...

78 FR 19502 - Information Collection Requests to Office of Management and Budget.

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-01

... Information Collection Requests (ICRs) to the Office of Management and Budget (OMB), Office of Information and... FURTHER INFORMATION CONTACT: Mr. Anthony Smith, Office of Information Management, telephone 202-475-3532... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2013-0164] Information Collection Requests to...

Interdependent Risk and Cyber Security: An Analysis of Security Investment and Cyber Insurance

ERIC Educational Resources Information Center

Shim, Woohyun

2010-01-01

An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…

Health information security: a case study of three selected medical centers in iran.

PubMed

Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas

2013-03-01

Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients' electronic records and health information systems have become a source for hackers. This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts' points of view. Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of "verification and system design, user access management, access control system", Al Zahra Hospital in two indicators of "access management and network access control" and Amin Hospital in "equipment safety and system design". In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place.

Health Information Security: A Case Study of Three Selected Medical Centers in Iran

PubMed Central

Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas

2013-01-01

Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients’ electronic records and health information systems have become a source for hackers. Methods This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts’ points of view. Results and discussion Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of “verification and system design, user access management, access control system”, Al Zahra Hospital in two indicators of “access management and network access control” and Amin Hospital in “equipment safety and system design”. In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place. PMID:23572861

Transitions: Managing the Transfer of Security Responsibility

DTIC Science & Technology

2010-02-05

Index 1.2_Transitions-ConceptNote_v2.0_draft Index Transitions: Managing the Transfer of Security Responsibility A Concept Paper...reporting burden for the collection of information is estimated to average 1 hour per response , including the time for reviewing instructions...TITLE AND SUBTITLE Transitions: Managing the Transfer of Security Responsibility 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6

A computer science approach to managing security in health care.

PubMed

Asirelli, P; Braccini, G; Caramella, D; Coco, A; Fabbrini, F

2002-09-01

The security of electronic medical information is very important for health care organisations, which have to ensure confidentiality, integrity and availability of the information provided. This paper will briefly outline the legal measures adopted by the European Community, Italy and the United States to regulate the use and disclosure of medical records. It will then go on to highlight how information technology can help to address these issues with special reference to the management of organisation policies. To this end, we will present a modelling example for the security policy of a radiological department.

77 FR 24506 - Extension of Agency Information Collection Activity Under OMB Review: Air Cargo Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-24

...This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0040, abstracted below to OMB for review and approval of an extension of the currently approved collection under the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of the following collection of information on February 24, 2012, 77 FR 11145. TSA has not received any comments. The collection of information that make up this ICR involve five broad categories affecting airports, passenger aircraft operators, foreign air carriers, indirect air carriers and all-cargo carriers operating under a TSA-approved security program. These five categories are: Security programs, security threat assessments (STAs), known shipper data via the Known Shipper Management System (KSMS), cargo screening reporting, and evidence of compliance recordkeeping.

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation

PubMed Central

2016-01-01

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model—ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it’s recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes. PMID:27655001

17 CFR 200.13 - Executive Director.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Section 200.13 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management General Organization... and Information Services, the Office of Freedom of Information and Privacy Act Operations, and the...

Interpreting international governance standards for health IT use within general medical practice.

PubMed

Mahncke, Rachel J; Williams, Patricia A H

2014-01-01

General practices in Australia recognise the importance of comprehensive protective security measures. Some elements of information security governance are incorporated into recommended standards, however the governance component of information security is still insufficiently addressed in practice. The International Organistion for Standardisation (ISO) released a new global standard in May 2013 entitled, ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security. This standard, applicable to organisations of all sizes, offers a framework against which to assess and implement the governance components of information security. The standard demonstrates the relationship between governance and the management of information security, provides strategic principles and processes, and forms the basis for establishing a positive information security culture. An analysis interpretation of this standard for use in Australian general practice was performed. This work is unique as such interpretation for the Australian healthcare environment has not been undertaken before. It demonstrates an application of the standard at a strategic level to inform existing development of an information security governance framework.

The Graduate MIS Security Course: Objectives and Challenges

ERIC Educational Resources Information Center

Jensen, Bradley K.; Guynes, Carl S.; Nyaboga, Andrew

2009-01-01

Given the magnitude of real and potential losses, both private and public employers increasingly expect graduates of management information systems (MIS) programs to understand information security concepts. The infrastructure requirements for the course includes setting up a secure laboratory environment to accommodate the development of viruses…

78 FR 77693 - Information Collection Requests to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-24

... Information Collection Requests (ICRs) to the Office of Management and Budget (OMB), Office of Information and... INFORMATION CONTACT: Contact Mr. Anthony Smith, Office of Information Management, telephone 202-475-3532, or... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2013-0896] Information Collection Requests to...

78 FR 42535 - Information Collection Requests to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-16

... Information Collection Requests (ICRs) to the Office of Management and Budget (OMB), Office of Information and... INFORMATION CONTACT: Mr. Anthony Smith, Office of Information Management, telephone 202-475-3532, or fax 202... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2013-0519] Information Collection Requests to...

76 FR 62426 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-07

... Information Collection Request (ICR) to the Office of Management and Budget (OMB), Office of Information and... INFORMATION CONTACT: Ms. Kenlinishia Tyler, Office of Information Management, telephone 202-475-3652, or fax... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2011-0902] Information Collection Request to...

78 FR 5192 - Information Collection Requests to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-24

... Information Collection Requests (ICRs) to the Office of Management and Budget (OMB), Office of Information and... INFORMATION CONTACT: Ms. Kenlinishia Tyler, Office of Information Management, telephone 202-475-3652, or fax... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-1006] Information Collection Requests to...

76 FR 58529 - Information Collection Requests to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-21

... Information Collection Requests (ICRs) to the Office of Management and Budget (OMB), Office of Information and... INFORMATION: Contact Ms. Kenlinishia Tyler, Office of Information Management, telephone 202-475-3652, or fax... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2011-0869] Information Collection Requests to...

76 FR 21373 - Privacy Act of 1974; Report of a New System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-15

... Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance... 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986... established by State law; (3) support litigation involving the Agency; (4) combat fraud, waste, and abuse in...

Trust and Reputation Management for Critical Infrastructure Protection

NASA Astrophysics Data System (ADS)

Caldeira, Filipe; Monteiro, Edmundo; Simões, Paulo

Today's Critical Infrastructures (CI) depend of Information and Communication Technologies (ICT) to deliver their services with the required level of quality and availability. ICT security plays a major role in CI protection and risk prevention for single and also for interconnected CIs were cascading effects might occur because of the interdependencies that exist among different CIs. This paper addresses the problem of ICT security in interconnected CIs. Trust and reputation management using the Policy Based Management paradigm is the proposed solution to be applied at the CI interconnection points for information exchange. The proposed solution is being applied to the Security Mediation Gateway being developed in the European FP7 MICIE project, to allow for information exchange among interconnected CIs.

Crosstalk: The Journal of Defense Software Engineering. Volume 22, Number 3

DTIC Science & Technology

2009-04-01

international standard for information security management systems like ISO /IEC 27001 :2005 [1] existed. Since that time, the organization has developed control...of ISO /IEC 27001 and the desire to make decisions based on business value and risk has prompted Ford’s IT Security and Controls organi- zation to begin...their conventional application security operation.u References 1. ISO /IEC 27001 :2005. “Information Technology – Security Techniques – Information

76 FR 31971 - New Agency Information Collection Activity Under OMB Review: Security Program for Hazardous...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-02

... INFORMATION CONTACT: Joanna Johnson, TSA PRA Officer, Office of Information Technology (OIT), TSA-11... other forms of information technology. Information Collection Requirement Title: Security Program for... surveyor tool that is managed at TSA. Participants who attend the classroom training sessions will also be...

6 CFR 29.4 - Protected Critical Infrastructure Information Program administration.

Code of Federal Regulations, 2014 CFR

2014-01-01

...) Protected Critical Infrastructure Information Management System (PCIIMS). The PCII Program Manager shall... be known as the “Protected Critical Infrastructure Information Management System” (PCIIMS), to record... 6 Domestic Security 1 2014-01-01 2014-01-01 false Protected Critical Infrastructure Information...

6 CFR 29.4 - Protected Critical Infrastructure Information Program administration.

Code of Federal Regulations, 2011 CFR

2011-01-01

...) Protected Critical Infrastructure Information Management System (PCIIMS). The PCII Program Manager shall... be known as the “Protected Critical Infrastructure Information Management System” (PCIIMS), to record... 6 Domestic Security 1 2011-01-01 2011-01-01 false Protected Critical Infrastructure Information...

6 CFR 29.4 - Protected Critical Infrastructure Information Program administration.

Code of Federal Regulations, 2010 CFR

2010-01-01

...) Protected Critical Infrastructure Information Management System (PCIIMS). The PCII Program Manager shall... be known as the “Protected Critical Infrastructure Information Management System” (PCIIMS), to record... 6 Domestic Security 1 2010-01-01 2010-01-01 false Protected Critical Infrastructure Information...

6 CFR 29.4 - Protected Critical Infrastructure Information Program administration.

Code of Federal Regulations, 2012 CFR

2012-01-01

...) Protected Critical Infrastructure Information Management System (PCIIMS). The PCII Program Manager shall... be known as the “Protected Critical Infrastructure Information Management System” (PCIIMS), to record... 6 Domestic Security 1 2012-01-01 2012-01-01 false Protected Critical Infrastructure Information...

6 CFR 29.4 - Protected Critical Infrastructure Information Program administration.

Code of Federal Regulations, 2013 CFR

2013-01-01

...) Protected Critical Infrastructure Information Management System (PCIIMS). The PCII Program Manager shall... be known as the “Protected Critical Infrastructure Information Management System” (PCIIMS), to record... 6 Domestic Security 1 2013-01-01 2013-01-01 false Protected Critical Infrastructure Information...

76 FR 8758 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-002...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-15

... screen activity in the National Emergency Management Information System for both call-related customer... desktop screen as they perform work in National Emergency Management Information System (NEMIS); (3) Avaya...), Enterprise Performance Information Management Section, Federal Emergency Management Agency, Texas National...

77 FR 43100 - Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency-009...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-23

... Information System (NEMIS)--Mitigation (MT) Electronic Grants Management System of Records,'' and retitle it... Information System (NEMIS)--Mitigation (MT) Electronic Grants Management System of Records (69 FR 75079... Management Information System (NEMIS)--Mitigation (MT) Electronic Grants Management System (NEMIS--MT eGrants...

78 FR 32303 - Departmental Offices; Renewal of the Treasury Borrowing Advisory Committee of the Securities...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-29

... Committee of the Securities Industry and Financial Markets Association ACTION: Notice of renewal. SUMMARY... the Treasury Borrowing Advisory Committee of the Securities Industry and Financial Markets Association... Management (202) 622-1876. SUPPLEMENTARY INFORMATION: The purpose of the Committee is to provide informed...

Breach to Nowhere

ERIC Educational Resources Information Center

Schaffhauser, Dian

2009-01-01

Will that data breach be the end of a chief security officer (CSO)? Managing information security in higher education requires more than just technical expertise, especially when the heat is cranked up. This article takes a look at how two CSOs deal with hack attacks at their universities. When Purdue University Chief Information Security Officer…

75 FR 71451 - Agency Information Collection Activities: Form I-130, Extension of a Currently Approved...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-23

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services Agency Information...; OMB Control No. 1615-0012. The Department of Homeland Security, U.S. Citizenship and Immigration... to the Department of Homeland Security (DHS), and to the Office of Management and Budget (OMB) USCIS...

76 FR 41282 - Agency Information Collection Activities: Form I-363, Extension of a Currently Approved...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-13

... DEPARTMENT OF HOMELAND SECURITY Citizenship and Immigration Services Agency Information Collection... Public Law 97-359 Amerasian. The Department of Homeland Security, U.S. Citizenship and Immigration... Department of Homeland Security (DHS), and to the Office of Management and Budget (OMB) USCIS Desk Officer...

77 FR 35419 - Agency Information Collection Activities: Application for Waiver of the Foreign Residence...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-13

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services Agency Information... Homeland Security, U.S. Citizenship and Immigration Services (USCIS) will be submitting the following... Homeland Security (DHS), and to the Office of Management and Budget (OMB) USCIS Desk Officer. Comments may...

77 FR 28894 - Agency Information Collection Activities: Collection of Qualitative Feedback Through Focus Groups

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-16

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services Agency Information... Department of Homeland Security, U.S. Citizenship and Immigration Services (USCIS) will be submitting the... Homeland Security (DHS), and to the Office of Management and Budget (OMB) USCIS Desk Officer. Comments may...

76 FR 70830 - Proposed Information Collection (Procedures, and Security for Government Financing) Activity...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-15

... (Procedures, and Security for Government Financing) Activity; Comment Request AGENCY: Office of Management... contract payments and to determine if the contractor has adequate security to warrant payment in advance... correspondence. During the comment period, comments may be viewed online through FDMS. FOR FURTHER INFORMATION...

2011 Defense Industrial Base Critical Infrastructure Protection Conference (DIBCIP)

DTIC Science & Technology

2011-08-25

Office of the Program Manager, Information Sharing Environment u Mr. Vince Jarvie , Vice President, Corporate Security, L-3 Communications...National Defense University IRM College and in 2008 he obtained the Certified Information System Security Professional certificate. MR. VINCE JARVIE ...Vice President, Corporate Security, L-3 Communciations Corporation Mr. Vincent (Vince) Jarvie is the Vice President, Corporate Security for L-3

An Evaluation Methodology for the Usability and Security of Cloud-based File Sharing Technologies

DTIC Science & Technology

2012-09-01

FISMA, ISO 27001 , FIPS 140-2, and ISO 270001) indicate a cloud-based service’s compliance with industry standard security controls, management and...Information Assurance IEEE Institute of Electrical and Electronics Engineers IT Information Technology ITS Insider Threat Study ISO International...effectively, efficiently and with satisfaction” (International Organization for Standardization [ ISO ], 1998). Alternately, information security

75 FR 17151 - Agency Information Collection Activities: Submission for OMB Review; Comment Request, OMB No...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-05

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2009-0001...; FEMA Preparedness Grants: Homeland Security Grant Program (HSGP) AGENCY: Federal Emergency Management.... 1660-NEW; FEMA Form 089-1, HSGP Investment Justification. SUMMARY: The Federal Emergency Management...

Health Information Security in Hospitals: the Application of Security Safeguards.

PubMed

Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

2016-02-01

A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

77 FR 53899 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-04

... Information Collection Request (ICR) to the Office of Management and Budget (OMB), Office of Information and...: Contact Ms. Kenlinishia Tyler, Office of Information Management, telephone 202-475-3652, or fax 202-475... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-0733] Information Collection Request to...

76 FR 35228 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-16

... Information Collection Request (ICR) to the Office of Management and Budget (OMB), Office of Information and..., Office of Information Management, telephone 202-475-3652, or fax 202-475-3929, for questions on these... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2011-0494] Information Collection Request to...

77 FR 74686 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-17

... Information Collection Request (ICR) to the Office of Management and Budget (OMB), Office of Information and... Information Management, telephone 202-475-3652, or fax 202-475-3929, for questions on these documents. Contact... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-1047] Information Collection Request to...

76 FR 61369 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-04

... Information Collection Request (ICR) to the Office of Management and Budget (OMB), Office of Information and..., Office of Information Management, telephone 202-475-3652, or fax 202-475-3929, for questions on these... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2011-0914] Information Collection Request to...

76 FR 46824 - Information Collection Requests to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-03

... Information Collection Requests (ICRs) to the Office of Management and Budget (OMB), Office of Information and.... Kenlinishia Tyler, Office of Information Management, telephone 202-475-3652, or fax 202-475-3929, for... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2011-0710] Information Collection Requests to...

77 FR 9951 - Information Collection Requests to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-21

... Information Collection Requests (ICRs) to the Office of Management and Budget (OMB), Office of Information and... Tyler, Office of Information Management, telephone 202-475-3652, or fax 202-475-3929, for questions on... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-0077] Information Collection Requests to...

77 FR 27472 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-10

... Information Collection Request (ICR) to the Office of Management and Budget (OMB), Office of Information and... CONTACT: Contact Ms. Kenlinishia Tyler, Office of Information Management, telephone 202-475-3652, or fax... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-0231] Information Collection Request to...

77 FR 6132 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-07

... Information Collection Request (ICR) to the Office of Management and Budget (OMB), Office of Information and... Tyler, Office of Information Management, telephone (202) 475-3652, or fax (202) 475- 3929, for questions... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-0029] Information Collection Request to...

76 FR 63626 - Information Collection Requests to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-13

... Information Collection Requests (ICRs) to the Office of Management and Budget (OMB), Office of Information and... Tyler, Office of Information Management, telephone 202-475-3652, or fax 202-475-3929, for questions on... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2011-0955] Information Collection Requests to...

78 FR 26798 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-08

... Information Collection Request (ICR) to the Office of Management and Budget (OMB), Office of Information and... Information Management, telephone 202-475-3532, or fax 202-475-3929, for questions on these documents. Contact... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2013-0222] Information Collection Request to...

78 FR 54667 - Information Collection Requests to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-05

... Information Collection Requests (ICRs) to the Office of Management and Budget (OMB), Office of Information and... Information Management, telephone 202-475-3532, or fax 202-475-3929, for questions on these documents. Contact... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2013-0779] Information Collection Requests to...

76 FR 46827 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-03

... Information Collection Request (ICR) to the Office of Management and Budget (OMB), Office of Information and... Information Management, telephone 202-475-3652, or fax 202-475-3929, for questions on these documents. Contact... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2011-0728] Information Collection Request to...

78 FR 23573 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-19

... Information Collection Request (ICR) to the Office of Management and Budget (OMB), Office of Information and... Information Management, telephone 202-475-3532, or fax 202-475-3929, for questions on these documents. Contact... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2013-0233] Information Collection Request to...

77 FR 16044 - Information Collection Requests to Office of Management and Budget.

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-19

... Information Collection Requests (ICRs) to the Office of Management and Budget (OMB), Office of Information and.... Kenlinishia Tyler, Office of Information Management, telephone 202-475-3652, or fax 202-475-3929, for... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-0149] Information Collection Requests to...

78 FR 54666 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-05

... Information Collection Request (ICRs) to the Office of Management and Budget (OMB), Office of Information and.... Anthony Smith, Office of Information Management, telephone 202-475-3532, or fax 202-475-3929, for... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2013-0782] Information Collection Request to...

78 FR 19503 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-01

... Information Collection Request (ICR) to the Office of Management and Budget (OMB), Office of Information and...: Contact Anthony Smith, Office of Information Management, telephone 202-475-3532, or fax 202-475-3929, for... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2013-0045] Information Collection Request to...

Towards an Enhancement of Organizational Information Security through Threat Factor Profiling (TFP) Model

NASA Astrophysics Data System (ADS)

Sidi, Fatimah; Daud, Maslina; Ahmad, Sabariah; Zainuddin, Naqliyah; Anneisa Abdullah, Syafiqa; Jabar, Marzanah A.; Suriani Affendey, Lilly; Ishak, Iskandar; Sharef, Nurfadhlina Mohd; Zolkepli, Maslina; Nur Majdina Nordin, Fatin; Amat Sejani, Hashimah; Ramadzan Hairani, Saiful

2017-09-01

Information security has been identified by organizations as part of internal operations that need to be well implemented and protected. This is because each day the organizations face a high probability of increase of threats to their networks and services that will lead to information security issues. Thus, effective information security management is required in order to protect their information assets. Threat profiling is a method that can be used by an organization to address the security challenges. Threat profiling allows analysts to understand and organize intelligent information related to threat groups. This paper presents a comparative analysis that was conducted to study the existing threat profiling models. It was found that existing threat models were constructed based on specific objectives, thus each model is limited to only certain components or factors such as assets, threat sources, countermeasures, threat agents, threat outcomes and threat actors. It is suggested that threat profiling can be improved by the combination of components found in each existing threat profiling model/framework. The proposed model can be used by an organization in executing a proactive approach to incident management.

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2012 CFR

2012-10-01

...)(i) Standard: Security management process. Implement policies and procedures to prevent, detect... this subpart for the entity. (3)(i) Standard: Workforce security. Implement policies and procedures to...) Standard: Information access management. Implement policies and procedures for authorizing access to...

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2011 CFR

2011-10-01

...)(i) Standard: Security management process. Implement policies and procedures to prevent, detect... this subpart for the entity. (3)(i) Standard: Workforce security. Implement policies and procedures to...) Standard: Information access management. Implement policies and procedures for authorizing access to...

Gender Differences in the Field of Information Security Technology Management: A Qualitative, Phenomenological Study

ERIC Educational Resources Information Center

Johnson, Marcia L.

2013-01-01

This qualitative study explored why there are so few senior women in the information security technology management field and whether gender played a part in the achievement of women in the field. Extensive interviews were performed to capture the lived experiences of successful women in the field regarding the obstacles and common denominators of…

Security Information and Event Management Tools and Insider Threat Detection

DTIC Science & Technology

2013-09-01

Orebaugh, A., Scholl , M., & Stine, K. (2011, September). Information security continuous monitoring (ISCM) for federal information systems and...E., Conway, T., Keverline, S., Williams , M., Capelli, D., Willke, B., & Moore, A. (2008, January). Insider threat study: illicit cyber activity in

75 FR 39053 - Agency Information Collection Activities: Submission for the Office of Management and Budget (OMB...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-07

.... The title of the information collection: 10 CFR Part 95-- Facility Security Clearance and Safeguarding of National Security Information and Restricted Data. 3. Current OMB approval number: 3150-0047. 4... NUCLEAR REGULATORY COMMISSION [Docket No. NRC-2010-0104] Agency Information Collection Activities...

78 FR 55300 - Agency Information Collection Activities: Submission for the Office of Management and Budget (OMB...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-10

... CFR Part 95-- Facility Security Clearance and Safeguarding of National Security Information and... NUCLEAR REGULATORY COMMISSION [Docket No. NRC-2013-0088] Agency Information Collection Activities... Commission. ACTION: Notice of the OMB review of information collection and solicitation of public comment...

78 FR 31966 - Agency Information Collection Activities: Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-28

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: [FEMA-2013-0019... Security Initiative (UASI) Nonprofit Security Grant Program (NSGP). DATES: Comments must be submitted on or... Urban Areas Security Initiative (UASI) Nonprofit Security Grant Program (NSGP) provides funding support...

Approach to spatial information security based on digital certificate

NASA Astrophysics Data System (ADS)

Cong, Shengri; Zhang, Kai; Chen, Baowen

2005-11-01

With the development of the online applications of geographic information systems (GIS) and the spatial information services, the spatial information security becomes more important. This work introduced digital certificates and authorization schemes into GIS to protect the crucial spatial information combining the techniques of the role-based access control (RBAC), the public key infrastructure (PKI) and the privilege management infrastructure (PMI). We investigated the spatial information granularity suited for sensitivity marking and digital certificate model that fits the need of GIS security based on the semantics analysis of spatial information. It implements a secure, flexible, fine-grained data access based on public technologies in GIS in the world.

Report: FY 2007 FISMA Report: Status of EPA’s Computer Security Program

EPA Pesticide Factsheets

Report #2007-S-00003, September 25, 2007. This is the Office of Inspector General’s Fiscal Year 2007 Federal Information Security Management Act Reporting Template, as prescribed by the Office of Management and Budget (OMB).

75 FR 14179 - Agency Information Collection Activities: Form I-9 CNMI; Revision to an Existing Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-24

... DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services [OMB Control No. 1615... Employment Eligibility Verification; OMB Control No. 1615- 0112. The Department of Homeland Security, U.S..., should be directed to the Department of Homeland Security (DHS), and to the Office of Management and...

77 FR 37055 - Agency Information Collection Activities; Submission for Office of Management and Budget Review...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-20

... Request; Secure Supply Chain Pilot Program AGENCY: Food and Drug Administration, HHS. ACTION: Notice... identified with the title Secure Supply Chain Pilot Program. Also include the FDA docket number found in... following proposed collection of information to OMB for review and clearance: ``Secure Supply Chain Pilot...

46 CFR 501.5 - Functions of the organizational components of the Federal Maritime Commission.

Code of Federal Regulations, 2012 CFR

2012-10-01

... administering IT contracts. The Office is also responsible for managing the computer security program. The... relevant EEOC Directives and Bulletins. (2) The Information Security Officer is a senior agency official designated under § 503.52 of this chapter to direct and administer the Commission's information security...

46 CFR 501.5 - Functions of the organizational components of the Federal Maritime Commission.

Code of Federal Regulations, 2013 CFR

2013-10-01

... administering IT contracts. The Office is also responsible for managing the computer security program. The... relevant EEOC Directives and Bulletins. (2) The Information Security Officer is a senior agency official designated under § 503.52 of this chapter to direct and administer the Commission's information security...

The Battle to Secure Our Public Access Computers

ERIC Educational Resources Information Center

Sendze, Monique

2006-01-01

Securing public access workstations should be a significant part of any library's network and information-security strategy because of the sensitive information patrons enter on these workstations. As the IT manager for the Johnson County Library in Kansas City, Kan., this author is challenged to make sure that thousands of patrons get the access…

47 CFR 0.503 - Submission of requests for mandatory declassification review.

Code of Federal Regulations, 2011 CFR

2011-10-01

... ORGANIZATION Mandatory Declassification of National Security Information § 0.503 Submission of requests for mandatory declassification review. (a) Requests for mandatory review of national security information shall be in writing, addressed to the Managing Director, and reasonably describe the information sought...

47 CFR 0.503 - Submission of requests for mandatory declassification review.

Code of Federal Regulations, 2010 CFR

2010-10-01

... ORGANIZATION Mandatory Declassification of National Security Information § 0.503 Submission of requests for mandatory declassification review. (a) Requests for mandatory review of national security information shall be in writing, addressed to the Managing Director, and reasonably describe the information sought...

Using a Prediction Model to Manage Cyber Security Threats.

PubMed

Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

Using a Prediction Model to Manage Cyber Security Threats

PubMed Central

Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization. PMID:26065024

Cost-Benefit Analysis of Confidentiality Policies for Advanced Knowledge Management Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

May, D

Knowledge Discovery (KD) processes can create new information within a Knowledge Management (KM) system. In many domains, including government, this new information must be secured against unauthorized disclosure. Applying an appropriate confidentiality policy achieves this. However, it is not evident which confidentiality policy to apply, especially when the goals of sharing and disseminating knowledge have to be balanced with the requirements to secure knowledge. This work proposes to solve this problem by developing a cost-benefit analysis technique for examining the tradeoffs between securing and sharing discovered knowledge.

77 FR 5816 - Information Collection Requests to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-06

... Information Collection Requests (ICRs) to the Office of Management and Budget (OMB), Office of Information and... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-0016] Information Collection Requests to Office of Management and Budget AGENCY: Coast Guard, DHS. ACTION: Sixty-day notice requesting comments...

78 FR 74155 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-10

... Information Collection Request (ICRs) to the Office of Management and Budget (OMB), Office of Information and... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2013-0950] Information Collection Request to Office of Management and Budget AGENCY: Coast Guard, DHS. ACTION: Sixty-day notice requesting comments...

77 FR 32657 - Information Collection Requests to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-01

... Information Collection Requests (ICRs) to the Office of Management and Budget (OMB), Office of Information and... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-0472] Information Collection Requests to Office of Management and Budget AGENCY: Coast Guard, DHS. ACTION: Sixty-day notice requesting comments...

77 FR 18253 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-27

... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-0173] Information Collection Request to Office of Management and Budget AGENCY: Coast Guard, DHS. ACTION: Sixty-day notice requesting comments... Information Collection Request (ICR) to the Office of Management and Budget (OMB), Office of Information and...

77 FR 40624 - Information Collection Requests to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-10

... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-0598] Information Collection Requests to Office of Management and Budget AGENCY: Coast Guard, DHS. ACTION: Sixty-day notice requesting comments... Information Collection Requests (ICRs) to the Office of Management and Budget (OMB), Office of Information and...

78 FR 19504 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-01

... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2013-0133] Information Collection Request to Office of Management and Budget AGENCY: Coast Guard, DHS. ACTION: Sixty-day notice requesting comments... Information Collection Request (ICR) to the Office of Management and Budget (OMB), Office of Information and...

76 FR 71993 - Extension of Agency Information Collection Activity Under OMB Review: TSA Claims Management Program

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-21

... Information Collection Activity Under OMB Review: TSA Claims Management Program AGENCY: Transportation... Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of Management... the nature of the information collection and its expected burden. TSA published a Federal Register...

Develop security architecture for both in-house healthcare information systems and electronic patient record

NASA Astrophysics Data System (ADS)

Zhang, Jianguo; Chen, Xiaomeng; Zhuang, Jun; Jiang, Jianrong; Zhang, Xiaoyan; Wu, Dongqing; Huang, H. K.

2003-05-01

In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare administration levels, and the DSPR component manages the all the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.

Information Communication and Technology for Water Resource Management and Food Security in Kenya: A Case Study of Kericho and Uasin Gishu Districts

ERIC Educational Resources Information Center

Omboto, P. I.; Macharia, J.; Mbagaya, Grace; Standa, F. N.

2011-01-01

Recent reports on Kenya have indicated food insecurity and destruction of water catchments as serious problems facing the country. Despite the tremendous strides in Information and Communication Technology (ICT), the country has not taken advantage of the technology to improve food security by effectively managing her water resources. A survey on…

78 FR 43890 - Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency-006...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-22

... titled, ``Department of Homeland Security/Federal Emergency Management Agency--006 Citizen Corps Database...) authorities; (5) purpose; (6) routine uses of information; (7) system manager and address; (8) notification... Database'' and retitle it ``DHS/FEMA--006 Citizen Corps Program System of Records.'' FEMA administers the...

41 CFR 105-64.209 - What special conditions apply to accessing law enforcement and security records?

Code of Federal Regulations, 2012 CFR

2012-01-01

... and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES... enforcement and security records are generally exempt from disclosure to individuals except when the system.... If so, the system manager will notify you of the existence of the record and disclose the information...

41 CFR 105-64.209 - What special conditions apply to accessing law enforcement and security records?

Code of Federal Regulations, 2011 CFR

2011-01-01

... and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES... enforcement and security records are generally exempt from disclosure to individuals except when the system.... If so, the system manager will notify you of the existence of the record and disclose the information...

41 CFR 105-64.209 - What special conditions apply to accessing law enforcement and security records?

Code of Federal Regulations, 2013 CFR

2013-07-01

... and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES... enforcement and security records are generally exempt from disclosure to individuals except when the system.... If so, the system manager will notify you of the existence of the record and disclose the information...

41 CFR 105-64.209 - What special conditions apply to accessing law enforcement and security records?

Code of Federal Regulations, 2014 CFR

2014-01-01

... and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES... enforcement and security records are generally exempt from disclosure to individuals except when the system.... If so, the system manager will notify you of the existence of the record and disclose the information...

10 CFR 10.35 - Reconsideration of cases.

Code of Federal Regulations, 2014 CFR

2014-01-01

... DATA OR NATIONAL SECURITY INFORMATION OR AN EMPLOYMENT CLEARANCE Procedures § 10.35 Reconsideration of... Director for Corporate Management and Chief Information Officer or the Commission has made a determination... sensitivity of the Restricted Data or National Security Information to which the individual has or will have...

10 CFR 10.35 - Reconsideration of cases.

Code of Federal Regulations, 2013 CFR

2013-01-01

... DATA OR NATIONAL SECURITY INFORMATION OR AN EMPLOYMENT CLEARANCE Procedures § 10.35 Reconsideration of... Director for Corporate Management and Chief Information Officer or the Commission has made a determination... sensitivity of the Restricted Data or National Security Information to which the individual has or will have...

SPAN security policies and guidelines

NASA Technical Reports Server (NTRS)

Sisson, Patricia L.; Green, James L.

1989-01-01

A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment.

Unix Security Cookbook

NASA Astrophysics Data System (ADS)

Rehan, S. C.

This document has been written to help Site Managers secure their Unix hosts from being compromised by hackers. I have given brief introductions to the security tools along with downloading, configuring and running information. I have also included a section on my recommendations for installing these security tools starting from an absolute minimum security requirement.

[The Explore of the Security Strategy Model in Hospital Mobile Clinic New Mode].

PubMed

Li, Ke; Xia, Yong; Wang, Wei

2016-03-01

The paper elaborates and analyzes the current status of mobile hospital information security, then puts forward a security new model of the mobile treatment, then its architecture and solutions is elaborated. The use of this model makes the overall security level of hospital information to be further improved and enhanced, it has a positive signifi cance to promote the overal hospital management level.

75 FR 30411 - Privacy Act of 1974; Report of a Modified or Altered System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-01

... Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse... Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance Portability... systems and data files necessary for compliance with Title XI, Part C of the Social Security Act because...

Information Resource Management Planning in the Office of the Under Secretary of Defense (Acquisition)

DTIC Science & Technology

1989-08-01

Include in this plan the role of the Defense Technical Information Center (DTIC), the Defense Technology Security Administration ( DTSA ), and ODDR&E’s...DTIC = Defense Technical Information Center DTSA = Defense Technology Security Administration DUSD = Deputy Under Secretary of Defense Gloss. 2 DUSD...technologically sensitive requests. The Defense Technology Security Administi ation ( DTSA ) is developing a large system to track foreign military sales

77 FR 14525 - Statement of Organization, Functions, and Delegations of Authority

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-12

... maintains the CDC Computer Security Incident Response Team; (4) performs cyber security incident reporting... systems planning and support; internal security and emergency preparedness; and management analysis and... security; education, training, and workforce development in information and IT disciplines; development and...

Computer Security in the Introductory Business Information Systems Course: An Exploratory Study of Textbook Coverage

ERIC Educational Resources Information Center

Sousa, Kenneth J.; MacDonald, Laurie E.; Fougere, Kenneth T.

2005-01-01

The authors conducted an evaluation of Management Information Systems (MIS) textbooks and found that computer security receives very little in-depth coverage. The textbooks provide, at best, superficial treatment of security issues. The research results suggest that MIS faculty need to provide material to supplement the textbook to provide…

17 CFR 200.17 - Chief Management Analyst.

Code of Federal Regulations, 2010 CFR

2010-04-01

...; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management General Organization...) Organizational structures and delegations of authority; (d) Management information systems and concepts; and (e... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Chief Management Analyst. 200...

76 FR 63299 - Information Collection Being Submitted for Review and Approval to the Office of Management and...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-12

... information is needed in order to support Federal government national security and emergency preparedness... Commission has been working with the Assistant Director for National Security and Emergency Preparedness, at...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

The Management and Security Expert (MASE)

NASA Technical Reports Server (NTRS)

Miller, Mark D.; Barr, Stanley J.; Gryphon, Coranth D.; Keegan, Jeff; Kniker, Catherine A.; Krolak, Patrick D.

1991-01-01

The Management and Security Expert (MASE) is a distributed expert system that monitors the operating systems and applications of a network. It is capable of gleaning the information provided by the different operating systems in order to optimize hardware and software performance; recognize potential hardware and/or software failure, and either repair the problem before it becomes an emergency, or notify the systems manager of the problem; and monitor applications and known security holes for indications of an intruder or virus. MASE can eradicate much of the guess work of system management.

77 FR 8825 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-15

... LEAD BY EXAMPLE using the application just as we expect those ``in the field'' to do. The information... access and visibility of this information. DMHRSi uses role-based security so a user sees only the... hosted in a secure facility managed by the Defense Information Systems Agency. For JMIS military and...

Coalition Network Defence Common Operational Picture

DTIC Science & Technology

2010-11-01

27000 .org/ iso -27005.htm [26] ISO 8601:2004, Data elements and interchange formats - Information interchange - Representation of dates and times, http://ww.iso.org, http://en.wikipedia.org/wiki/ISO_8601 ...Regular_expression [25] ISO /IEC 27005:2008, Information technology -- Security techniques -- Information security risk management, http://ww.iso.org,; http://www

45 CFR Appendix A to Subpart C of... - Security Standards: Matrix

Code of Federal Regulations, 2012 CFR

2012-10-01

... Procedure Termination Procedures (A) Information Access Management 164.308(a)(4) Isolating Health care... Protected Health Information Pt. 164, Subpt. C, App. A Appendix A to Subpart C of Part 164—Security...) Mechanism to Authenticate Electronic Protected Health Information (A) Person or Entity Authentication 164...

45 CFR Appendix A to Subpart C of... - Security Standards: Matrix

Code of Federal Regulations, 2014 CFR

2014-10-01

... Procedure Termination Procedures (A) Information Access Management 164.308(a)(4) Isolating Health care... Protected Health Information Pt. 164, Subpt. C, App. A Appendix A to Subpart C of Part 164—Security...) Mechanism to Authenticate Electronic Protected Health Information (A) Person or Entity Authentication 164...

45 CFR Appendix A to Subpart C of... - Security Standards: Matrix

Code of Federal Regulations, 2013 CFR

2013-10-01

... Procedure Termination Procedures (A) Information Access Management 164.308(a)(4) Isolating Health care... Protected Health Information Pt. 164, Subpt. C, App. A Appendix A to Subpart C of Part 164—Security...) Mechanism to Authenticate Electronic Protected Health Information (A) Person or Entity Authentication 164...

Y-12 Integrated Materials Management System

DOE Office of Scientific and Technical Information (OSTI.GOV)

Alspaugh, D. H.; Hickerson, T. W.

2002-06-03

The Integrated Materials Management System, when fully implemented, will provide the Y-12 National Security Complex with advanced inventory information and analysis capabilities and enable effective assessment, forecasting and management of nuclear materials, critical non-nuclear materials, and certified supplies. These capabilities will facilitate future Y-12 stockpile management work, enhance interfaces to existing National Nuclear Security Administration (NNSA) corporate-level information systems, and enable interfaces to planned NNSA systems. In the current national nuclear defense environment where, for example, weapons testing is not permitted, material managers need better, faster, more complete information about material properties and characteristics. They now must manage non-special nuclearmore » material at the same high-level they have managed SNM, and information capabilities about both must be improved. The full automation and integration of business activities related to nuclear and non-nuclear materials that will be put into effect by the Integrated Materials Management System (IMMS) will significantly improve and streamline the process of providing vital information to Y-12 and NNSA managers. This overview looks at the kinds of information improvements targeted by the IMMS project, related issues, the proposed information architecture, and the progress to date in implementing the system.« less

Security Assistance: DOD’s Ongoing Reforms Address Some Challenges, but Additional Information Is Needed to Further Enhance Program Management

DTIC Science & Technology

2012-11-01

Abbreviations BPC building partner capacity DOD Department of Defense DSCA Defense Security Cooperation Agency EFTS Enhanced Freight Tracking System...SCOs are ready to receive a planned delivery. For both FMS and pseudo-FMS processes, DOD uses the Enhanced Freight Tracking System ( EFTS ), a secure...providing data for this system. The Security Assistance Management Manual recommends that SCOs use the EFTS to maintain awareness of incoming shipments

The Department of Defense Information Security Process: A Study of Change Acceptance and Past-Performance-Based Outsourcing

ERIC Educational Resources Information Center

Hackney, Dennis W. G.

2011-01-01

Subchapter III of Chapter 35 of Title 44, United States Code, Federal Information Security Management Act of 2002; Department of Defense (DoD) Directive 8500.01E, Information Assurance, October 24, 2002; DoD Directive 8100.1, Global Information Grid Overarching Policy, September 19, 2002; and DoD Instruction 8500.2, Information Assurance…

Security management techniques and evaluative checklists for security force effectiveness. Technical report (final) Sep 80-Jul 81

DOE Office of Scientific and Technical Information (OSTI.GOV)

Schurman, D.L.; Datesman, G.H. Jr; Truitt, J.O.

The report presents a system for evaluating and correcting deficiencies in security-force effectiveness in licensed nuclear facilities. There are four checklists which security managers can copy directly, or can use as guidelines for developing their own checklists. The checklists are keyed to corrective-action guides found in the body of the report. In addition to the corrective-action guides, the report gives background information on the nature of security systems and discussions of various special problems of the licensed nuclear industry.

78 FR 40157 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-03

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2013-0012... AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency (FEMA) will submit the information collection abstracted below to the Office of Management...

511, America's traveler information number. Deployment assistance report #3, 511 and homeland security.

DOT National Transportation Integrated Search

2002-06-01

Today, transportation agencies are beginning to address the need for threat and vulnerability assessments, and re-examine how existing emergency management plans will be implemented during a homeland security emergency or alert. Travel information is...

Corporate Perspective: An Interview with John Sculley.

ERIC Educational Resources Information Center

Temares, M. Lewis

1989-01-01

John Sculley, the chairman of the board of Apple Computer, Inc., discusses information technology management, management strategies, network management, the Chief Information Officer, strategic planning, back-to-the-future planning, business and university joint ventures, and security issues. (MLW)

Security practices and regulatory compliance in the healthcare industry.

PubMed

Kwon, Juhee; Johnson, M Eric

2013-01-01

Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). Hospitals in the highest level of compliance were significantly managing third parties' breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption.

Security practices and regulatory compliance in the healthcare industry

PubMed Central

Kwon, Juhee; Johnson, M Eric

2013-01-01

Objective Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. Design We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. Measurement We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. Results Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). Conclusions Hospitals in the highest level of compliance were significantly managing third parties’ breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption. PMID:22955497

Developing a Security Metrics Scorecard for Healthcare Organizations.

PubMed

Elrefaey, Heba; Borycki, Elizabeth; Kushniruk, Andrea

2015-01-01

In healthcare, information security is a key aspect of protecting a patient's privacy and ensuring systems availability to support patient care. Security managers need to measure the performance of security systems and this can be achieved by using evidence-based metrics. In this paper, we describe the development of an evidence-based security metrics scorecard specific to healthcare organizations. Study participants were asked to comment on the usability and usefulness of a prototype of a security metrics scorecard that was developed based on current research in the area of general security metrics. Study findings revealed that scorecards need to be customized for the healthcare setting in order for the security information to be useful and usable in healthcare organizations. The study findings resulted in the development of a security metrics scorecard that matches the healthcare security experts' information requirements.

Expansion of the Center for Network Innovation and Experimentation (CENETIX) Network to a Worldwide Presence

DTIC Science & Technology

2006-09-01

data transform set contains : the security protocol (AH and/or ESP, connection mode (tunnel or transport), encryption information (DES, 3DES, AES...Management Information Base, version 2) objects are variables that contain data about the system. They are defined as part of the Simple Network...Avon Park was configured for access on the concentrator. c. Security Association (SA) • A security association contains all of the information

75 FR 8377 - Privacy Act of 1974; Department of Homeland Security Immigration and Customs Enforcement-007...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-24

... Information Management System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of modification to... Enforcement Support Center Alien Criminal Response Information Management System of Records (73 FR 74739... Enforcement Support Center (LESC) Alien Criminal Response Information Management (ACRIMe) System (73 FR 74739...

78 FR 3906 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-17

... intends to submit an Information Collection Request (ICR) to the Office of Management and Budget (OMB... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-1096] Information Collection Request to Office of Management and Budget AGENCY: Coast Guard, DHS. ACTION: Sixty-day notice requesting comments...

44 CFR 5.29 - Effect of failure to make information materials available.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 44 Emergency Management and Assistance 1 2010-10-01 2010-10-01 false Effect of failure to make information materials available. 5.29 Section 5.29 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL PRODUCTION OR DISCLOSURE OF INFORMATION...

76 FR 5815 - Information Collection Request to Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-02

... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2011-0016; OMB Control numbers: 1625-0005, 1625-0024, 1625-0036 and 1625-0061] Information Collection Request to Office of Management and Budget AGENCY... (ICRs) to the Office of Management and Budget (OMB), Office of Information and Regulatory Affairs (OIRA...

Security System Software

NASA Technical Reports Server (NTRS)

1993-01-01

C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.

When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist.

PubMed

Blanke, Sandra J; McGrady, Elizabeth

2016-07-01

Health care stakeholders are concerned about the growing risk of protecting sensitive patient health information from breaches. The Federal Emergency Management Agency (FEMA) has identified cyber attacks as an emerging concern, and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased security requirements and are enforcing compliance through stiff financial penalties. The purpose of this study is to describe health care breaches of protected information, analyze the hazards and vulnerabilities of reported breach cases, and prescribe best practices of managing risk through security controls and countermeasures. Prescriptive findings were used to construct a checklist tool to assess and monitor common risks. This research uses a case methodology to describe specific examples of the 3 major types of cyber breach hazards: portable device, insider, and physical breaches. We utilize a risk management framework to prescribe preventative actions that organizations can take to assess, analyze, and mitigate these risks. The health care sector has the largest number of reported breaches, with 3 major types: portable device, insider, and physical breaches. Analysis of actual cases indicates security gaps requiring prescriptive fixes based on "best practices." Our research culminates in a 25-item checklist that organizations can use to assess existing practices and identify security gaps requiring improvement. © 2016 American Society for Healthcare Risk Management of the American Hospital Association.

Security Science as an Applied Science?

ERIC Educational Resources Information Center

Smith, Clifton

2001-01-01

Describes the development of a security science degree as the emerging applied science of the protection of individuals and assets. Proposes the themes of physical, electronic, information security and facility management as scientific applications for the course. (Author/MM)

The Impact of the Security Competency on "Self-Efficacy in Information Security" for Effective Health Information Security in Iran.

PubMed

Shahri, Ahmad Bakhtiyari; Ismail, Zuraini; Mohanna, Shahram

2016-11-01

The security effectiveness based on users' behaviors is becoming a top priority of Health Information System (HIS). In the first step of this study, through the review of previous studies 'Self-efficacy in Information Security' (SEIS) and 'Security Competency' (SCMP) were identified as the important factors to transforming HIS users to the first line of defense in the security. Subsequently, a conceptual model was proposed taking into mentioned factors for HIS security effectiveness. Then, this quantitative study used the structural equation modeling to examine the proposed model based on survey data collected from a sample of 263 HIS users from eight hospitals in Iran. The result shows that SEIS is one of the important factors to cultivate of good end users' behaviors toward HIS security effectiveness. However SCMP appears a feasible alternative to providing SEIS. This study also confirms the mediation effects of SEIS on the relationship between SCMP and HIS security effectiveness. The results of this research paper can be used by HIS and IT managers to implement their information security process more effectively.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Witzke, Edward L.

In 2014, the United States Department of Defense started tra nsitioning the way it performs risk management and accreditation of informatio n systems to a process entitled Risk Management Framework for DoD Information Technology or RMF for DoD IT. There are many more security and privacy contro ls (and control enhancements) from which to select in RMF, than there w ere in the previous Information Assurance process. This report is an attempt t o clarify the way security controls and enhancements are selected. After a brief overview and comparison of RMF for DoD I T with the previously used process,more » this report looks at the determination of systems as National Security Systems (NSS). Once deemed to be an NSS, this report addr esses the categorization of the information system with respect to impact level s of the various security objectives and the selection of an initial baseline o f controls. Next, the report describes tailoring the controls through the use of overl ays and scoping considerations. Finally, the report discusses organizatio n-defined values for tuning the security controls to the needs of the information system.« less

78 FR 38067 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-25

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2013-0010... Request AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency (FEMA) will submit the information collection abstracted below to the Office of Management...

77 FR 59948 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-01

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID FEMA-2012-0024; OMB... AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency (FEMA) will submit the information collection abstracted below to the Office of Management...

78 FR 38726 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-27

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2013-0007... Request AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency (FEMA) will submit the information collection abstracted below to the Office of Management...

78 FR 66374 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-05

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID FEMA-2013-0029; OMB... AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency (FEMA) will submit the information collection abstracted below to the Office of Management...

78 FR 50433 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-19

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID FEMA-2013-0019; OMB... AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency (FEMA) will submit the information collection abstracted below to the Office of Management...

78 FR 50432 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-19

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2013-0023... Request AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency (FEMA) will submit the information collection abstracted below to the Office of Management...

78 FR 68463 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-14

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID FEMA-2013-0024; OMB... AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency (FEMA) will submit the information collection abstracted below to the Office of Management...

78 FR 53774 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-30

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID FEMA-2013-0019; OMB... AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency (FEMA) will submit the information collection abstracted below to the Office of Management...

78 FR 68462 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-14

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2013-0030... Request AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency (FEMA) will submit the information collection abstracted below to the Office of Management...

78 FR 16519 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-15

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID FEMA-2012-0033; OMB... AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency (FEMA) will submit the information collection abstracted below to the Office of Management...

78 FR 73874 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-09

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2013-0015... Request AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency (FEMA) will submit the information collection abstracted below to the Office of Management...

78 FR 21961 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-12

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2013-0005... Request AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency (FEMA) will submit the information collection abstracted below to the Office of Management...

Managing the Security of Nursing Data in the Electronic Health Record

PubMed Central

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-01-01

Background: The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. Methods: This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts’ opinions and Cronbach’s alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. Results: The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Conclusions: Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research. PMID:25870490

Managing the security of nursing data in the electronic health record.

PubMed

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-02-01

The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts' opinions and Cronbach's alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research.

78 FR 18620 - Agency Information Collection Activities: Extension, Without Change, of an Existing Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-27

... Request ACTION: 60-Day Notice of Information Collection for Review; File No. 70-009, 287(g) Candidate Questionnaire; OMB Control No. 1653-0047. The Department of Homeland Security, U.S. Immigration and Customs... Department of Homeland Security (DHS), Scott Elmore, Forms Manager, U.S. Immigration and Customs Enforcement...

12 CFR Appendix A to Part 748 - Guidelines for Safeguarding Member Information

Code of Federal Regulations, 2014 CFR

2014-01-01

... Implementation of Member Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the Program F. Report to the Board.... Development and Implementation of Member Information Security Program A. Involve the Board of Directors. The...

12 CFR Appendix A to Part 748 - Guidelines for Safeguarding Member Information

Code of Federal Regulations, 2013 CFR

2013-01-01

... Implementation of Member Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the Program F. Report to the Board.... Development and Implementation of Member Information Security Program A. Involve the Board of Directors. The...

12 CFR Appendix A to Part 748 - Guidelines for Safeguarding Member Information

Code of Federal Regulations, 2011 CFR

2011-01-01

... Implementation of Member Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the Program F. Report to the Board.... Development and Implementation of Member Information Security Program A. Involve the Board of Directors. The...

12 CFR Appendix A to Part 748 - Guidelines for Safeguarding Member Information

Code of Federal Regulations, 2012 CFR

2012-01-01

... Implementation of Member Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the Program F. Report to the Board.... Development and Implementation of Member Information Security Program A. Involve the Board of Directors. The...

The Integration of It Governance, Information Security Leadership and Strategic Alignment in Healthcare: A Correlational Study

ERIC Educational Resources Information Center

Taft, Tiffany H.

2017-01-01

This dissertation is a study of the relationship between Information Technology Governance (ITG), information security leadership, and strategic alignment within a healthcare organization. Strong organizational leadership and adherence to the process are vital to the formulation and management of performance and implementation of key directives.…

77 FR 13294 - Announcing Approval of Federal Information Processing Standard (FIPS) Publication 180-4, Secure...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-06

... hash algorithms in many computer network applications. On February 11, 2011, NIST published a notice in... Information Security Management Act (FISMA) of 2002 (Pub. L. 107-347), the Secretary of Commerce is authorized to approve Federal Information Processing Standards (FIPS). NIST activities to develop computer...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

75 FR 8384 - Agency Information Collection Activities: Proposed Collection; Comment Request, 1660-NEW; FEMA...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-24

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID FEMA-2010-0006... Preparedness Grants: State Homeland Security Program (SHSP) Tribal AGENCY: Federal Emergency Management Agency...-NEW; FEMA Form 089-22, SHSP-Tribal Investment Justification Template. SUMMARY: The Federal Emergency...

Does the PCEHR mean a new paradigm for information security? Implications for health information management.

PubMed

Williams, Patricia A H

Australia is stepping up to the new e-health environment. With this comes new legislation and new demands on information security. The expanded functionality of e-health and the increased legislative requirements, coupled with new uses of technology, means that enhancement of existing security practice will be necessary. This paperanalyses the new operating environment for Australian healthcare and the legislation governing it, and highlights the changes that are required to meet this new context. Individuals are now more responsible for security and organisations should be prompted to review their security measures in light of the new demands of legislative compliance.

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2013 CFR

2013-10-01

... REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health... accordance with § 164.306: (1)(i) Standard: Security management process. Implement policies and procedures to... to the confidentiality, integrity, and availability of electronic protected health information held...

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2014 CFR

2014-10-01

... REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health... accordance with § 164.306: (1)(i) Standard: Security management process. Implement policies and procedures to... to the confidentiality, integrity, and availability of electronic protected health information held...

Protecting and securing networked medical devices.

PubMed

Riha, Chris

2004-01-01

Designing, building, and maintaining a secure environment for medical devices is a critical component in health care technology management. This article will address several avenues to harden a health care information network to provide a secure enclave for medical devices.

Report: Fiscal Year 2006 Federal Information Security Management Act Report Status of EPA’s Computer Security Program

EPA Pesticide Factsheets

Report #2006-S-00008, September 25, 2006. Although the Agency has made substantial progress to improve its security program, the OIG identified weaknesses in the Agency’s incident reporting practices.

Discussion on the Technology and Method of Computer Network Security Management

NASA Astrophysics Data System (ADS)

Zhou, Jianlei

2017-09-01

With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.

76 FR 19107 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-011...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-06

... Ellen Callahan, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC... (703-235- 0780), Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC... Chief Privacy Officer and Chief Freedom of Information Act Officer, Department of Homeland Security, 245...

76 FR 62818 - Extension of Agency Information Collection Activity Under OMB Review: Critical Facility...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-11

... Review (CFSR) Form. The CFSR will differ from TSA's Corporate Security Review (CSR) in that a CSR looks at corporate or company-wide security management plans and practices while the CFSR will look at... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Extension of Agency...

[Application of password manager software in health care].

PubMed

Ködmön, József

2016-12-01

When using multiple IT systems, handling of passwords in a secure manner means a potential source of problem. The most frequent issues are choosing the appropriate length and complexity, and then remembering the strong passwords. Password manager software provides a good solution for this problem, while greatly increasing the security of sensitive medical data. This article introduces a password manager software and provides basic information of the application. It also discusses how to select a really secure password manager software and suggests a practical application to efficient, safe and comfortable use for health care. Orv. Hetil., 2016, 157(52), 2066-2073.

Explore Awareness of Information Security: Insights from Cognitive Neuromechanism.

PubMed

Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

2015-01-01

With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment.

Explore Awareness of Information Security: Insights from Cognitive Neuromechanism

PubMed Central

Han, Dongmei; Han, Tianlin; Dai, Xingyun

2015-01-01

With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment. PMID:26587017

77 FR 3483 - Agency Information Collection Activities: Submission for OMB Review; Comment Request, Write Your...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-24

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2011-0031... Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency (FEMA) will submit the information collection abstracted below to the Office of Management and Budget for review and...

The Johnson Space Center Management Information Systems (JSCMIS). 1: Requirements Definition and Design Specifications for Versions 2.1 and 2.1.1. 2: Documented Test Scenario Environments. 3: Security Design and Specifications

NASA Technical Reports Server (NTRS)

1986-01-01

The Johnson Space Center Management Information System (JSCMIS) is an interface to computer data bases at NASA Johnson which allows an authorized user to browse and retrieve information from a variety of sources with minimum effort. This issue gives requirements definition and design specifications for versions 2.1 and 2.1.1, along with documented test scenario environments, and security object design and specifications.

Tailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings

NASA Astrophysics Data System (ADS)

Valdevit, Thierry; Mayer, Nicolas; Barafort, Béatrix

While Information Security Management Systems (ISMS) are being adopted by the biggest IT companies, it remains quite difficult for smaller entities to implement and maintain all the requirements of ISO/IEC 27001. In order to increase information security in Luxembourg, the Public Research Centre Henri Tudor has been charged by the Luxembourg Ministry of Economy and Foreign Trade to find solutions to facilitate ISMS deployment for SMEs. After an initial experiment aiming at assisting a SME in getting the first national ISO/IEC 27001 certification for a private company, an implementation guide for deploying an ISMS, validated by local experts and experimented in SMEs, has been released and is presented in this paper.

Uncertainty and Risk Management in Cyber Situational Awareness

NASA Astrophysics Data System (ADS)

Li, Jason; Ou, Xinming; Rajagopalan, Raj

Handling cyber threats unavoidably needs to deal with both uncertain and imprecise information. What we can observe as potential malicious activities can seldom give us 100% confidence on important questions we care about, e.g. what machines are compromised and what damage has been incurred. In security planning, we need information on how likely a vulnerability can lead to a successful compromise to better balance security and functionality, performance, and ease of use. These information are at best qualitative and are often vague and imprecise. In cyber situational awareness, we have to rely on such imperfect information to detect real attacks and to prevent an attack from happening through appropriate risk management. This chapter surveys existing technologies in handling uncertainty and risk management in cyber situational awareness.

15 CFR Supplement No. 5 to Part 742 - Encryption Registration

Code of Federal Regulations, 2013 CFR

2013-01-01

... registration, i.e., the information as described in this Supplement, submitted as a support documentation... (h) Smartcards or other identity management (i) Computer or network forensics (j) Software (i) Operating systems (ii) Applications (k) Toolkits/ASICs/components (l) Information security including secure...

15 CFR Supplement No. 5 to Part 742 - Encryption Registration

Code of Federal Regulations, 2011 CFR

2011-01-01

... registration, i.e., the information as described in this Supplement, submitted as a support documentation... (h) Smartcards or other identity management (i) Computer or network forensics (j) Software (i) Operating systems (ii) Applications (k) Toolkits/ASICs/components (l) Information security including secure...

15 CFR Supplement No. 5 to Part 742 - Encryption Registration

Code of Federal Regulations, 2014 CFR

2014-01-01

... registration, i.e., the information as described in this Supplement, submitted as a support documentation... (h) Smartcards or other identity management (i) Computer or network forensics (j) Software (i) Operating systems (ii) Applications (k) Toolkits/ASICs/components (l) Information security including secure...

15 CFR Supplement No. 5 to Part 742 - Encryption Registration

Code of Federal Regulations, 2012 CFR

2012-01-01

... registration, i.e., the information as described in this Supplement, submitted as a support documentation... (h) Smartcards or other identity management (i) Computer or network forensics (j) Software (i) Operating systems (ii) Applications (k) Toolkits/ASICs/components (l) Information security including secure...

75 FR 1552 - Chemical Facility Anti-Terrorism Standards

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-12

... Protection Agency RMP--Risk Management Program SSP--Site Security Plan STQ--Screening Threshold Quantity SVA... Protection Agency (EPA) under the Clean Air Act's Risk Management Program (RMP) for counting-- or excluding... Safety, Information, Site Security and Fuels Regulatory Relief Act, Public Law 106-40. Cf. 72 FR 65410...

78 FR 69099 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-18

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2013-0033... addressed to the Desk Officer for the Department of Homeland Security, Federal Emergency Management Agency... 089-17, RCPT Membership List. Abstract: The RCPGP is an important tool among a comprehensive set of...

77 FR 70798 - Agency Information Collection Activities: Submission for OMB Review; Comment Request; Community...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-27

... Department of Homeland Security, Federal Emergency Management Agency, and sent via electronic mail to oira... Program's (NFIP) Community Rating System (CRS) to document the activities that communities have undertaken... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2010-0012...

77 FR 22622 - AP Henderson Group, BPO Management Services, Inc., Capital Mineral Investors, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-16

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] AP Henderson Group, BPO Management Services, Inc., Capital Mineral Investors, Inc., CardioVascular BioTherapeutics, Inc., and 1st Centennial... that there is a lack of current and accurate information concerning the securities of 1st Centennial...

Management Guide to the Protection of Information Resources.

ERIC Educational Resources Information Center

Helsing, Cheryl; And Others

This guide introduces information systems security concerns and outlines the issues that must be addressed by all agency managers in meeting their responsibilities to protect information systems within their organizations. It describes the essential components of an effective information resource protection process that applies to an individual…

[Research and implementation of the TLS network transport security technology based on DICOM standard].

PubMed

Lu, Xiaoqi; Wang, Lei; Zhao, Jianfeng

2012-02-01

With the development of medical information, Picture Archiving and Communications System (PACS), Hospital Information System/Radiology Information System(HIS/RIS) and other medical information management system become popular and developed, and interoperability between these systems becomes more frequent. So, these enclosed systems will be open and regionalized by means of network, and this is inevitable. If the trend becomes true, the security of information transmission may be the first problem to be solved. Based on the need for network security, we investigated the Digital Imaging and Communications in Medicine (DICOM) Standard and Transport Layer Security (TLS) Protocol, and implemented the TLS transmission of the DICOM medical information with OpenSSL toolkit and DCMTK toolkit.

Information security for compliance with select agent regulations.

PubMed

Lewis, Nick; Campbell, Mark J; Baskin, Carole R

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

Information Security for Compliance with Select Agent Regulations

PubMed Central

Lewis, Nick; Campbell, Mark J.

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

12 CFR Appendix C to Part 1720 - Policy Guidance; Safety and Soundness Standards for Information

Code of Federal Regulations, 2013 CFR

2013-01-01

... Information Security Program 1. Involve the Board of Directors. 2. Assess Risk. 3. Manage and Control Risk. 4. Oversee Service Provider Arrangements. 5. Adjust the Program. 6. Report to the Board. 7. Implementation. A...—Development and Implementation of Information Security Program 1. Involve the Board of Directors. The board of...

The Perceptions of U.S.-Based IT Security Professionals about the Effectiveness of IT Security Frameworks: A Quantitative Study

ERIC Educational Resources Information Center

Warfield, Douglas L.

2011-01-01

The evolution of information technology has included new methodologies that use information technology to control and manage various industries and government activities. Information Technology has also evolved as its own industry with global networks of interconnectivity, such as the Internet, and frameworks, models, and methodologies to control…

10 CFR 10.21 - Suspension of access authorization and/or employment clearance.

Code of Federal Regulations, 2014 CFR

2014-01-01

... ELIGIBILITY FOR ACCESS TO RESTRICTED DATA OR NATIONAL SECURITY INFORMATION OR AN EMPLOYMENT CLEARANCE... access authorization and/or an employment clearance, the Director, Division of Facilities and Security... Corporate Management and Chief Information Officer or other Deputy Executive Director, his or her...

10 CFR 10.21 - Suspension of access authorization and/or employment clearance.

Code of Federal Regulations, 2013 CFR

2013-01-01

... ELIGIBILITY FOR ACCESS TO RESTRICTED DATA OR NATIONAL SECURITY INFORMATION OR AN EMPLOYMENT CLEARANCE... access authorization and/or an employment clearance, the Director, Division of Facilities and Security... Corporate Management and Chief Information Officer or other Deputy Executive Director, his or her...

Notification: FY2017 Audit of the CSB's compliance with the Federal Information Security Management Act (FISMA)

EPA Pesticide Factsheets

Project #, May 23, 2017. The EPA OIG plans to begin fieldwork for an audit of the U.S. Chemical Safety and Hazard Investigation Board’s (CSB’s) compliance with the Federal Information Security Modernization Act of 2014 (FISMA).

78 FR 56737 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-13

... system as the ``Organized Crime Drug Enforcement Task Forces Management Information System'' (OCDETF MIS... Task Forces Management Information System (OCDETF MIS). SECURITY CLASSIFICATION: Unclassified. SYSTEM... Office of Management and Budget (OMB) Circular No. A-130, notice is hereby given that the Department of...

Higher Education Administrators Roles in Fortification of Information Security Program

ERIC Educational Resources Information Center

Eyadat, Mohammad S.

2015-01-01

Information systems produce significant benefits to organizations. Therefore, organizations invest tremendous amount of money and time to obtain and manage information in order to maintain a high level of performance and to remain competitive. There are many factors that can impact the organizational information management and performance. One of…

77 FR 70797 - Collection of Information Under Review by Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-27

..., Control, Communications, Computers and Information Technology. [FR Doc. 2012-28695 Filed 11-26-12; 8:45 am... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-0733] Collection of Information Under... forwarding an Information Collection Request (ICR), abstracted below, to the Office of Management and Budget...

Implementing healthcare information security: standards can help.

PubMed

Orel, Andrej; Bernik, Igor

2013-01-01

Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

Guidelines for Working with Law Enforcement Agencies

ERIC Educational Resources Information Center

Corn, Michael

2007-01-01

Many security professionals choose the career because of an interest in the technology of security. Few realize the degree to which a contemporary security office interacts with law enforcement agencies (LEAs) such as the FBI and state, local, and campus police. As the field of information security has matured, the language of risk management is…

12 CFR 792.67 - Security of systems of records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Security of systems of records. 792.67 Section... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792.67 Security of systems of records. (a) Each system manager, with the approval of the head of that...

17 CFR 200.10 - The Commission.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false The Commission. 200.10 Section 200.10 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management General Organization § 200.10...

17 CFR 200.10 - The Commission.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 2 2013-04-01 2013-04-01 false The Commission. 200.10 Section 200.10 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management General Organization § 200.10...

17 CFR 200.16a - Inspector General.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 2 2011-04-01 2011-04-01 false Inspector General. 200.16a Section 200.16a Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management General Organization...

17 CFR 200.10 - The Commission.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 2 2011-04-01 2011-04-01 false The Commission. 200.10 Section 200.10 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management General Organization § 200.10...

17 CFR 200.2 - Statutory functions.

Code of Federal Regulations, 2011 CFR

2011-04-01

... AND ETHICS; AND INFORMATION AND REQUESTS Organization and Program Management § 200.2 Statutory... such securities, it is unlawful to sell the securities in interstate commerce or through the mails... registered holding company must obtain Commission approval before it can issue and sell securities, acquire...

Redefining Security. A Report by the Joint Security Commission

DTIC Science & Technology

1994-02-28

security policies. This report offers recommendations on developing new strategies for achieving security within our infor-mation systems, including...better, and we outline methods of improving government and industry personnel security poli- cies. We offer recommendations on developing new strategies ... strategies , sufficient funding, and management attention if our comput- ers and networks are to protect the confidentiality, integrity, and availability of

Controlled information destruction: the final frontier in preserving information security for every organisation

NASA Astrophysics Data System (ADS)

Curiac, Daniel-Ioan; Pachia, Mihai

2015-05-01

Information security represents the cornerstone of every data processing system that resides in an organisation's trusted network, implementing all necessary protocols, mechanisms and policies to be one step ahead of possible threats. Starting from the need to strengthen the set of security services, in this article we introduce a new and innovative process named controlled information destruction (CID) that is meant to secure sensitive data that are no longer needed for the organisation's future purposes but would be very damaging if revealed. The disposal of this type of data has to be controlled carefully in order to delete not only the information itself but also all its splinters spread throughout the network, thus denying any possibility of recovering the information after its alleged destruction. This process leads to a modified model of information assurance and also reconfigures the architecture of any information security management system. The scheme we envisioned relies on a reshaped information lifecycle, which reveals the impact of the CID procedure directly upon the information states.

Enterprise systems security management: a framework for breakthrough protection

NASA Astrophysics Data System (ADS)

Farroha, Bassam S.; Farroha, Deborah L.

2010-04-01

Securing the DoD information network is a tremendous task due to its size, access locations and the amount of network intrusion attempts on a daily basis. This analysis investigates methods/architecture options to deliver capabilities for secure information sharing environment. Crypto-binding and intelligent access controls are basic requirements for secure information sharing in a net-centric environment. We introduce many of the new technology components to secure the enterprise. The cooperative mission requirements lead to developing automatic data discovery and data stewards granting access to Cross Domain (CD) data repositories or live streaming data. Multiple architecture models are investigated to determine best-of-breed approaches including SOA and Private/Public Clouds.

Security for Telecommuting and Broadband Communications: Recommendations of the National Institute of Standards and Technology

NASA Astrophysics Data System (ADS)

Kuhn, D. R.; Tracy, Miles C.; Frankel, Sheila E.

2002-08-01

This document is intended to assist those responsible - users, system administrators, and management - for telecommuting security, by providing introductory information about broadband communication security and policy, security of home office systems, and considerations for system administrators in the central office. It addresses concepts relating to the selection, deployment, and management of broadband communications for a telecommuting user. This document is not intended to provide a mandatory framework for telecommuting or home office broadband communication environments, but rather to present suggested approaches to the topic.

Management, Security, and Congressional Oversight. Federal Government Information Technology.

ERIC Educational Resources Information Center

Congress of the U.S., Washington, DC. Office of Technology Assessment.

This report considers the management, use, and congressional oversight of information technology in the Federal Government as rapid advances in technology--e.g., microcomputers, computer networking, computer modeling, videoconferencing, and electronic information exchange--are generating many new applications, opportunities, and issues which are…

A Data Analysis of Naval Air Systems Command Funding Documents

DTIC Science & Technology

2017-06-01

Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management ...Business & Financial Managers 15. NUMBER OF PAGES 75 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY...Summary Statistics for Regressions with a Statistically Significant Relationship

Management of U.S. Coast Guard Information Security Program Using Management by Objectives.

DTIC Science & Technology

1979-09-01

conducted. These men described their jobs and the attendant problems with obvious complete frankness and in the most lucid way. Thirdly, the security...scenario is not an unrealistic dream but a statement of the conditions that would exist if the organization arrived at some future state successfully

75 FR 32833 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Personnel Management...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-09

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2009-0077] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Office of Personnel Management (OPM))--Match 1307 AGENCY: Social Security... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

Notification: Audit of EPA's Processes for Managing Background Investigations of Privileged Users and Taking Action to Remediate Weaknesses in Agency's Information Security Program

EPA Pesticide Factsheets

Project #OA-FY17-0139, Feb 15, 2017.The EPA OIG plans to begin preliminary research on an audit of EPA's processes for managing background investigations of privileged users and taking action to remediate weaknesses in agency's info security program.

76 FR 60112 - Consent Based Social Security Number Verification (CBSV) Service

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-28

... protect the public's information. In addition to the benefit of providing high volume, centralized SSN verification services to the business community in a secure manner, CBSV provides us with cost and workload management benefits. New Information: To use CBSV, interested parties must pay a one- time non-refundable...

78 FR 56266 - Consent Based Social Security Number Verification (CBSV) Service

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-12

... developed CBSV as a user- friendly, internet-based application with safeguards that protect the public's information. In addition to the benefit of providing high volume, centralized SSN verification services to users in a secure manner, CBSV provides us with cost and workload management benefits. New Information...

77 FR 74685 - Chemical Facility Anti-Terrorism Standards (CFATS) Chemical-Terrorism Vulnerability Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-17

... Programs Directorate (NPPD), Office of Infrastructure Protection (IP), Infrastructure Security Compliance... questions about this Information Collection Request should be forwarded to DHS/NPPD/IP/ISCD CFATS Program... to the DHS/NPPD/IP/ISCD CFATS Program Manager at the Department of Homeland Security, 245 Murray Lane...

77 FR 34415 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-11

... SECURITIES AND EXCHANGE COMMISSION Proposed Collection; Comment Request Upon Written Request... collection of information provided for in Rule 17f-1(b) (17 CFR 240.17f-1(b) under the Securities Exchange... collection of information to the Office of Management and Budget (``OMB'') for extension and approval. Rule...

Security Notice To Federal, State and Local Officials Receiving Access to the Risk Management Program’s Off-site Consequence Analysis Information

EPA Pesticide Factsheets

Based on the Chemical Safety Information, Site Security and Fuels Regulatory Relief Act (CSISSFRRA), this notice states that while you may share with the public data from OCA sections, it is illegal to disclose/distribute the sections themselves.

44 CFR 11.14 - Administrative claim; evidence and information to be submitted.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 44 Emergency Management and Assistance 1 2011-10-01 2011-10-01 false Administrative claim; evidence and information to be submitted. 11.14 Section 11.14 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL CLAIMS Administrative Claims Under...

44 CFR 11.14 - Administrative claim; evidence and information to be submitted.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 44 Emergency Management and Assistance 1 2012-10-01 2011-10-01 true Administrative claim; evidence and information to be submitted. 11.14 Section 11.14 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL CLAIMS Administrative Claims Under...

44 CFR 11.14 - Administrative claim; evidence and information to be submitted.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 44 Emergency Management and Assistance 1 2013-10-01 2013-10-01 false Administrative claim; evidence and information to be submitted. 11.14 Section 11.14 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL CLAIMS Administrative Claims Under...

44 CFR 11.14 - Administrative claim; evidence and information to be submitted.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 44 Emergency Management and Assistance 1 2014-10-01 2014-10-01 false Administrative claim; evidence and information to be submitted. 11.14 Section 11.14 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL CLAIMS Administrative Claims Under...

44 CFR 11.14 - Administrative claim; evidence and information to be submitted.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 44 Emergency Management and Assistance 1 2010-10-01 2010-10-01 false Administrative claim; evidence and information to be submitted. 11.14 Section 11.14 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL CLAIMS Administrative Claims Under...

Research on computer virus database management system

NASA Astrophysics Data System (ADS)

Qi, Guoquan

2011-12-01

The growing proliferation of computer viruses becomes the lethal threat and research focus of the security of network information. While new virus is emerging, the number of viruses is growing, virus classification increasing complex. Virus naming because of agencies' capture time differences can not be unified. Although each agency has its own virus database, the communication between each other lacks, or virus information is incomplete, or a small number of sample information. This paper introduces the current construction status of the virus database at home and abroad, analyzes how to standardize and complete description of virus characteristics, and then gives the information integrity, storage security and manageable computer virus database design scheme.

Design of the Hospital Integrated Information Management System Based on Cloud Platform.

PubMed

Aijing, L; Jin, Y

2015-12-01

At present, the outdated information management style cannot meet the needs of hospital management, and has become the bottleneck of hospital's management and development. In order to improve the integrated management of information, hospitals have increased their investment in integrated information management systems. On account of the lack of reasonable and scientific design, some hospital integrated information management systems have common problems, such as unfriendly interface, poor portability and maintainability, low security and efficiency, lack of interactivity and information sharing. To solve the problem, this paper carries out the research and design of a hospital information management system based on cloud platform, which can realize the optimized integration of hospital information resources and save money.

Enhanced Systemic Understanding of the Information Environment in Complex Crisis Management - Analytical Concept, Version 1.0

DTIC Science & Technology

2010-10-22

4. TITLE AND SUBTITLE Enhanced Systemic Understanding of the Information Environment in Complex Crisis Management Analytical Concept, Version 1.0...Email: schmidtb@iabg.de UNCLASSIFIED FOR PUBLIC RELEASE – Enhanced Systemic Understanding of the Information Environment in Complex Crisis ...multinational crisis management and the security sector about the significance and characteristics of the information environment. The framework is

49 CFR 1.37 - Assistant Secretary for Administration.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Government Accountability Office and Inspector General audit reviews; information resource management; property management information; facilities; and security. The Assistant Secretary for Administration is... the Designated Agency Safety and Health Official. The Office of the Assistant Secretary for...

78 FR 45551 - Agency Information Collection Activities: Reinstatement, Without Change; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-29

... DEPARTMENT OF HOMELAND SECURITY United States Immigration and Customs Enforcement Agency... Department of Homeland Security, U.S. Immigration and Customs Enforcement (USICE), will submit the following... Homeland Security (DHS), Scott Elmore, Forms Manager, U.S. Immigration and Customs Enforcement, 801 I...

An Examination of Organizational Information Protection in the Era of Social Media: A Study of Social Network Security and Privacy Protection

ERIC Educational Resources Information Center

Maar, Michael C.

2013-01-01

This study investigates information protection for professional users of online social networks. It addresses management's desire to motivate their employees to adopt protective measures while accessing online social networks and to help their employees improve their proficiency in information security and ability to detect deceptive…

Homeland security: sharing and managing critical incident information

NASA Astrophysics Data System (ADS)

Ashley, W. R., III

2003-09-01

Effective critical incident response for homeland security requires access to real-time information from many organizations. Command and control, as well as basic situational awareness, are all dependant on quickly communicating a dynamically changing picture to a variety of decision makers. For the most part, critical information management is not unfamiliar or new to the public safety community. However, new challenges present themselves when that information needs to be seamlessly shared across multiple organizations at the local, state and federal level in real-time. The homeland security problem does not lend itself to the traditional military joint forces planning model where activities shift from a deliberate planning process to a crisis action planning process. Rather, the homeland security problem is more similar to a traditional public safety model where the current activity state moves from complete inactivity or low-level attention to immediate crisis action planning. More often than not the escalation occurs with no warning or baseline information. This paper addresses the challenges of sharing critical incident information and the impacts new technologies will have on this problem. The value of current and proposed approaches will be critiqued for operational value and areas will be identified for further development.

Security and confidentiality of health information systems: implications for physicians.

PubMed

Dorodny, V S

1998-01-01

Adopting and developing the new generation of information systems will be essential to remain competitive in a quality conscious health care environment. These systems enable physicians to document patient encounters and aggregate the information from the population they treat, while capturing detailed data on chronic medical conditions, medications, treatment plans, risk factors, severity of conditions, and health care resource utilization and management. Today, the knowledge-based information systems should offer instant, around-the-clock access for the provider, support simple order entry, facilitate data capture and retrieval, and provide eligibility verification, electronic authentication, prescription writing, security, and reporting that benchmarks outcomes management based upon clinical/financial decisions and treatment plans. It is an integral part of any information system to incorporate and integrate transactional (financial/administrative) information, as well as analytical (clinical/medical) data in a user-friendly, readily accessible, and secure form. This article explores the technical, financial, logistical, and behavioral obstacles on the way to the Promised Land.

Adequate Security Protocols Adopt in a Conceptual Model in Identity Management for the Civil Registry of Ecuador

NASA Astrophysics Data System (ADS)

Toapanta, Moisés; Mafla, Enrique; Orizaga, Antonio

2017-08-01

We analyzed the problems of security of the information of the civil registries and identification at world level that are considered strategic. The objective is to adopt the appropriate security protocols in a conceptual model in the identity management for the Civil Registry of Ecuador. In this phase, the appropriate security protocols were determined in a Conceptual Model in Identity Management with Authentication, Authorization and Auditing (AAA). We used the deductive method and exploratory research to define the appropriate security protocols to be adopted in the identity model: IPSec, DNSsec, Radius, SSL, TLS, IEEE 802.1X EAP, Set. It was a prototype of the location of the security protocols adopted in the logical design of the technological infrastructure considering the conceptual model for Identity, Authentication, Authorization, and Audit management. It was concluded that the adopted protocols are appropriate for a distributed database and should have a direct relationship with the algorithms, which allows vulnerability and risk mitigation taking into account confidentiality, integrity and availability (CIA).

76 FR 54779 - Agency Information Collection Activities: Submission for OMB Review; Comment Request, Write Your...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-02

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID FEMA-2011-0014; OMB..., Write Your Own (WYO) Program AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency (FEMA) has submitted the following information collection to...

Comprehensive Civil Information Management: How to Provide It

DTIC Science & Technology

2012-04-04

5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) AND ADDRESS(ES) 8. PERFORMING ORGANIZATION REPORT NUMBER...Management, Non-Government Organizations , International Organizations , Interagency 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18...Information Support Operations, Psychological Operations, Flat Technology, Knowledge Management, Non-Government Organizations , International

New York State Forum for Information Resource Management: 1998-1999 Annual Report.

ERIC Educational Resources Information Center

New York State Forum for Information Resource Management.

This annual report of the New York State Forum for Information Resource Management begins with a section that summarizes key activities for 1998-99, including partnerships with other organizations, sessions on the use of information in government and information security, programs on the challenges of electronic commerce for government,…

EoE (Eosinophilic Esophagitis)

MedlinePlus

... Sheet Q & A with Experts Patient Stories Social Security Disability Application Process For Kids For Teens Managing ... Q & A with Experts Health Information Sheet Social Security Disability Application Process For Family and Friends For ...

Risk management. National Aeronautics and Space Administration (NASA). Interim rule adopted as final with changes.

PubMed

2000-11-22

This is a final rule amending the NASA FAR Supplement (NFS) to emphasize considerations of risk management, including safety, security (including information technology security), health, export control, and damage to the environment, within the acquisition process. This final rule addresses risk management within the context of acquisition planning, selecting sources, choosing contract type, structuring award fee incentives, administering contracts, and conducting contractor surveillance.

Design and implementation of a secure workflow system based on PKI/PMI

NASA Astrophysics Data System (ADS)

Yan, Kai; Jiang, Chao-hui

2013-03-01

As the traditional workflow system in privilege management has the following weaknesses: low privilege management efficiency, overburdened for administrator, lack of trust authority etc. A secure workflow model based on PKI/PMI is proposed after studying security requirements of the workflow systems in-depth. This model can achieve static and dynamic authorization after verifying user's ID through PKC and validating user's privilege information by using AC in workflow system. Practice shows that this system can meet the security requirements of WfMS. Moreover, it can not only improve system security, but also ensures integrity, confidentiality, availability and non-repudiation of the data in the system.

77 FR 14955 - DoD Information Assurance Scholarship Program (IASP)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-14

... IA and information technology (IT) management, technical, digital and multimedia forensics, cyber..., digital and multimedia forensics, electrical engineering, electronics engineering, information security...

The Department of Homeland Security’s Pursuit of Data-Driven Decision Making

DTIC Science & Technology

2015-12-01

agencies’ information management systems pertaining to mission support and business operations 1 KT...Directorate’s operating environment. xviii managed . Meanwhile, adding to the intrinsic organizational change management challenges is the idea that...a timely manner. The lack of a single, enterprise-wide information management system has resulted in numerous, disparate systems operating within

Governance and Risk Management of Network and Information Security: The Role of Public Private Partnerships in Managing the Existing and Emerging Risks

NASA Astrophysics Data System (ADS)

Navare, Jyoti; Gemikonakli, Orhan

Globalisation and new technology has opened the gates to more security risks. As the strategic importance of communication networks and information increased, threats to the security and safety of communication infrastructures, as well as information stored in and/or transmitted increased significantly. The development of the self replicating programmes has become a nightmare for Internet users. Leading companies, strategic organisations were not immune to attacks; they were also "hacked" and overtaken by intruders. Incidents of recent years have also shown that national/regional crisis may also trigger cyber attacks at large scale. Experts forecast that cyber wars are likely to take the stage as tension mounts between developed societies. New risks such as cyber-attacks, network terrorism and disintegration of traditional infrastructures has somewhat blurred the boundaries of operation and control. This paper seeks to consider the risk management and governance and looking more specifically at implications for emerging economies.

76 FR 72209 - Agency Information Collection Activities: Form N-300; Revision of an Existing Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-22

...) will be submitting the following information collection request to the Office of Management and Budget... Security (DHS), and to the Office of Management and Budget (OMB) USCIS Desk Officer. Comments may be... documentary requirements for those seeking to work in certain occupations [[Page 72210

76 FR 80944 - Agency Information Collection Activities: Submission for OMB Review; Comment Request (3064-0022)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-27

... respond to, an information collection unless it displays a currently valid Office of Management and Budget...: Uniform Application/Uniform Termination for Municipal Securities Principal or Representative (OMB No. 3064... FDIC: Office of Information and Regulatory Affairs, Office of Management and Budget, New Executive...

77 FR 26561 - Collection of Information Under Review by Office of Management and Budget

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-04

.... OIRA posts its decisions on ICRs online at http://www.reginfo.gov/public/do/PRAMain after the comment... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-0077] Collection of Information Under... forwarding Information Collection Requests (ICRs), abstracted below, to the Office of Management and Budget...

78 FR 56263 - In the Matter of Exmocare, Inc. (n/k/a Second Solar, Inc.), First Transation Management, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-12

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Exmocare, Inc. (n/k/a Second Solar, Inc.), First Transation Management, Inc., jetPADS, Inc., PepperBall Technologies, Inc., Pure Play... current and accurate information concerning the securities of PepperBall Technologies, Inc. because it has...

Security and privacy issues of personal health.

PubMed

Blobel, Bernd; Pharow, Peter

2007-01-01

While health systems in developed countries and increasingly also in developing countries are moving from organisation-centred to person-centred health service delivery, the supporting communication and information technology is faced with new risks regarding security and privacy of stakeholders involved. The comprehensively distributed environment puts special burden on guaranteeing communication security services, but even more on guaranteeing application security services dealing with privilege management, access control and audit regarding social implication and connected sensitivity of personal information recorded, processed, communicated and stored in an even internationally distributed environment.

A Case Study of Information Resource Management in the Department of Defense

DTIC Science & Technology

1992-03-01

prepared to make effective decisions in a military environment. The justification for the use of information technology (IT) in support of operations...t ement No PfICt NO [ask No r 11 TITLE (Include Security Classification) A Case Study ofinformation Resourcc Management in the Departnentufl)clelse...block number) FIELD GROUP SUBGROUP Case study,Corporate Information Management, CIM. Information Hesource Munagenitnt IRM 19 ABSTRACT (continue on

12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2014 CFR

2014-01-01

.... Design its information security program to control the identified risks, commensurate with the... Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the... score, derived from a group of consumer reports; or (B) Blind data, such as payment history on accounts...

12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

.... Design its information security program to control the identified risks, commensurate with the... Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the... score, derived from a group of consumer reports; or (B) Blind data, such as payment history on accounts...

Information Security in the Age of Cloud Computing

ERIC Educational Resources Information Center

Sims, J. Eric

2012-01-01

Information security has been a particularly hot topic since the enhanced internal control requirements of Sarbanes-Oxley (SOX) were introduced in 2002. At about this same time, cloud computing started its explosive growth. Outsourcing of mission-critical functions has always been a gamble for managers, but the advantages of cloud computing are…

77 FR 5747 - Security Zones, Seattle's Seafair Fleet Week Moving Vessels, Puget Sound, WA

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-06

... establishment of security zones. We seek any comments or information that may lead to the discovery of a... This proposed rule would call for no new collection of information under the Paperwork Reduction Act of..., design, or operation; test methods; sampling procedures; and related management systems practices) that...

75 FR 38526 - Office of Consumer Information and Insurance Oversight: Privacy Act of 1974; Report of a New...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-02

.... Office of Personnel Management, the U.S. Department of Agriculture's National Finance Center (NFC), and... birth, Social Security Number (SSN), gender, state of residence, information about prior coverage... residential address (if different than the mailing address), date of birth, Social Security Number (if the...

Information security concepts and practices: the case of a provincial multi-specialty hospital.

PubMed

Cavalli, Enrico; Mattasoglio, Andrea; Pinciroli, Francesco; Spaggiari, Piergiorgio

2004-03-31

In recent years, major and widely accepted information security understandings and achievements confirm that the problem is complex. They clarify that technologies are fundamental tools, but management processes have even bigger relevance, as also prestigious international magazines dossier clearly explained recently. Such a magazine attention outlines the wide impact that the subject has on watchful decision makers. ISO17799 is an emerging standard in information security. In principle there are no reasons for considering it not applicable to the health care sector. In practice, because of both the just conceptual level of the standard and the peculiarities of the health care data and institutions, a lot of analysis and design work need to be invested any time a health care institution decides to deal with the subject. CEN/ENV 12924 is another emerging standard certainly more on the spot of the health care. Nevertheless, it also asks for evident further investigation. The practical case of information security design, implementation, management, and auditing inside a multi-specialty provincial Italian hospital will be described.

77 FR 11146 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Certified...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-24

...The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), OMB control number 1652-0053, abstracted below that we will submit to the Office of Management and Budget (OMB) for renewal in compliance with the Paperwork Reduction Act. The ICR describes the nature of the information collection and its expected burden. The collections include: (1) Applications from entities that wish to become Certified Cargo Screening Facilities (CCSF); (2) personal information to allow TSA to conduct security threat assessments on key individuals employed by the CCSFs; (3) acceptance of a standard security program or submission of a proposed modified security program; (4) information on the amount of cargo screened; and (5) recordkeeping requirements for CCSFs. TSA is seeking the renewal of the ICR for the continuation of the program in order to secure passenger aircraft carrying cargo.

76 FR 49503 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Airport Security

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-10

...The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0002, abstracted below that we will submit to OMB for renewal in compliance with the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. These programs require airport operators to maintain and update records to ensure compliance with security provisions outlined in 49 CFR part 1542.

Effective information management and assurance for a modern organisation during a crisis.

PubMed

MacLeod, Andrew

2015-01-01

During a crisis, organisations face a major unpredictable event with potentially negative consequences. Effective information management and assurance can assist the organisation in making sure that they have the correct information in a secure format to make decisions to recover their operations. The main elements of effective information management and assurance are confidentiality, integrity and availability, combined with non-repudiation. Should an element of effective information management or assurance be removed it can have a detrimental effect on the other elements and render the information management and assurance practices of the organisation ineffectual.

Executive Guide: Information Security Management. Learning From Leading Organizations

DTIC Science & Technology

1998-05-01

data. In September 1996, we reported that audit reports and agency self - assessments issued during the previous 2 years showed that weak information...company has developed an efficient and disciplined process for ensuring that information security-related risks to business operations are considered and...protection group at the utility was required to approve all new applications to indicate that risks had been adequately considered. Providing self

Design of the Hospital Integrated Information Management System Based on Cloud Platform

PubMed Central

Aijing, L; Jin, Y

2015-01-01

ABSTRACT At present, the outdated information management style cannot meet the needs of hospital management, and has become the bottleneck of hospital's management and development. In order to improve the integrated management of information, hospitals have increased their investment in integrated information management systems. On account of the lack of reasonable and scientific design, some hospital integrated information management systems have common problems, such as unfriendly interface, poor portability and maintainability, low security and efficiency, lack of interactivity and information sharing. To solve the problem, this paper carries out the research and design of a hospital information management system based on cloud platform, which can realize the optimized integration of hospital information resources and save money. PMID:27399033

78 FR 31579 - Agency Information Collection Activities; Submission for OMB Review; Comment Request; Petition...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-24

... for OMB Review; Comment Request; Petition for Finding Under Employee Retirement Income Security Act ACTION: Notice. SUMMARY: The Department of Labor (DOL) is submitting the Employee Benefits Security... Employee Retirement Income Security Act Section 3(40),'' to the Office of Management and Budget (OMB) for...

U.S. National Security Strategy - The Magnitude of Second and Third-Order Effects on Smaller Nations: The Cases of Lebanon During the Cold War and Pakistan During the Global War on Terrorism

DTIC Science & Technology

2004-03-19

informal management style used during the war years was not suited to the longer-term security issues of the post-war era. As US grand strategy became...Eisenhower Doctrine in 1957. THE CASE OF LEBANON Each of the above mentioned security policies were products of American diplomacy aimed at managing the...consisting of its East and West entities, found itself a principle player in the American-led security alliance structure designed to check Soviet

Safety Psychology Applicating on Coal Mine Safety Management Based on Information System

NASA Astrophysics Data System (ADS)

Hou, Baoyue; Chen, Fei

In recent years, with the increase of intensity of coal mining, a great number of major accidents happen frequently, the reason mostly due to human factors, but human's unsafely behavior are affected by insecurity mental control. In order to reduce accidents, and to improve safety management, with the help of application security psychology, we analyse the cause of insecurity psychological factors from human perception, from personality development, from motivation incentive, from reward and punishment mechanism, and from security aspects of mental training , and put forward countermeasures to promote coal mine safety production,and to provide information for coal mining to improve the level of safety management.

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

NASA Technical Reports Server (NTRS)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

End-to-end security for personal telehealth.

PubMed

Koster, Paul; Asim, Muhammad; Petkovic, Milan

2011-01-01

Personal telehealth is in rapid development with innovative emerging applications like disease management. With personal telehealth people participate in their own care supported by an open distributed system with health services. This poses new end-to-end security and privacy challenges. In this paper we introduce new end-to-end security requirements and present a design for consent management in the context of the Continua Health Alliance architecture. Thus, we empower patients to control how their health information is shared and used in a personal telehealth eco-system.

Guidelines for contingency planning NASA (National Aeronautics and Space Administration) ADP security risk reduction decision studies

NASA Technical Reports Server (NTRS)

Tompkins, F. G.

1984-01-01

Guidance is presented to NASA Computer Security Officials for determining the acceptability or unacceptability of ADP security risks based on the technical, operational and economic feasibility of potential safeguards. The risk management process is reviewed as a specialized application of the systems approach to problem solving and information systems analysis and design. Reporting the results of the risk reduction analysis to management is considered. Report formats for the risk reduction study are provided.

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

NASA Astrophysics Data System (ADS)

Mohammadi, Hadi

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to create and design a Security and Critical Patch Management Process (SCPMP) framework based on Systems Engineering (SE) principles. This framework will assist Information Technology Department Staff (ITDS) to reduce IT operating time and costs and mitigate the risk of security and vulnerability attacks. Further, this study evaluates implementation of the SCPMP in the networked computing systems of an academic environment in order to: 1. Meet patch management requirements by applying SE principles. 2. Reduce the cost of IT operations and PVM cycles. 3. Improve the current PVM methodologies to prevent networked computing systems from becoming the targets of security vulnerability attacks. 4. Embed a Maintenance Optimization Tool (MOT) in the proposed framework. The MOT allows IT managers to make the most practicable choice of methods for deploying and installing released patches and vulnerability remediation. In recent years, there has been a variety of frameworks for security practices in every networked computing system to protect computer workstations from becoming compromised or vulnerable to security attacks, which can expose important information and critical data. I have developed a new mechanism for implementing PVM for maximizing security-vulnerability maintenance, protecting OS and software packages, and minimizing SCPMP cost. To increase computing system security in any diverse environment, particularly in academia, one must apply SCPMP. I propose an optimal maintenance policy that will allow ITDS to measure and estimate the variation of PVM cycles based on their department's requirements. My results demonstrate that MOT optimizes the process of implementing SCPMP in academic workstations.

MedBlock: Efficient and Secure Medical Data Sharing Via Blockchain.

PubMed

Fan, Kai; Wang, Shangyang; Ren, Yanhui; Li, Hui; Yang, Yintang

2018-06-21

With the development of electronic information technology, electronic medical records (EMRs) have been a common way to store the patients' data in hospitals. They are stored in different hospitals' databases, even for the same patient. Therefore, it is difficult to construct a summarized EMR for one patient from multiple hospital databases due to the security and privacy concerns. Meanwhile, current EMRs systems lack a standard data management and sharing policy, making it difficult for pharmaceutical scientists to develop precise medicines based on data obtained under different policies. To solve the above problems, we proposed a blockchain-based information management system, MedBlock, to handle patients' information. In this scheme, the distributed ledger of MedBlock allows the efficient EMRs access and EMRs retrieval. The improved consensus mechanism achieves consensus of EMRs without large energy consumption and network congestion. In addition, MedBlock also exhibits high information security combining the customized access control protocols and symmetric cryptography. MedBlock can play an important role in the sensitive medical information sharing.

CERT(Restricted) Resilience Management Model (CERT(Restricted)-RMM) V1.1: NIST Special Publication 800-66 Crosswalk

DTIC Science & Technology

2013-10-01

Technology Assets • EXD:SG2 Manage Risks Due to External Dependencies (SP1-SP2) • EXD:SG3.SP4 Formalize Relationships 5 . Data Backup Plan and...Information Access Management (C.E.R. § 164.308(a)(4)) 11 4.5. Security Awareness and Training (C.E.R. § 164.308(a)( 5 )) 13 4.6. Security Incident Procedures...for managing operational resilience. It has two primary objectives: • Establish the convergence of operational risk and resilience management

Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

PubMed Central

Fernández, Gonzalo; López-Coronado, Miguel

2013-01-01

Background The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. Objective To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. Methods To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Results Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Conclusions Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed. PMID:23965254

Analysis of the security and privacy requirements of cloud-based electronic health records systems.

PubMed

Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

2013-08-21

The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed.

77 FR 60134 - Agency Information Collection Activities: Exportation of Used Self-Propelled Vehicles

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-02

... Security will be submitting the following information collection request to the Office of Management and... Regulatory Affairs, Office of Management and Budget. Comments should be addressed to the OMB Desk Officer for... Management and Budget (OMB) approval. All comments will become a matter of public record. In this document...

Assessing and comparing information security in swiss hospitals.

PubMed

Landolt, Sarah; Hirschel, Jürg; Schlienger, Thomas; Businger, Walter; Zbinden, Alex M

2012-11-07

Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. The goal of this study was to assess information security in hospitals through a questionnaire based on the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002, evaluating Information technology - Security techniques - Code of practice for information-security management, with a special focus on the effect of the hospitals' size and type. The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs) of 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast and easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful way, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The scores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital. The participating hospitals were offered a benchmark report about their status. The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all items in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering "process and quality management" (average score 1.3 ± 0.8 out of a maximum of 3) and "organization and risk management" (average score 1.3 ± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the implementation of "security zones" and "backup" (P = .008). Half (50.00%, 8588/17,177) of all assessed hospital beds in German-speaking Switzerland are in hospitals that have a score of 49% or less of the maximum possible score in information security. Patient data need to be better protected because of the data protection laws and because sensitive, personal data should be guaranteed confidentiality, integrity, and availability.

U.S. Army War College Guide to National Security Issues. Volume 2. National Security Policy and Strategy

DTIC Science & Technology

2012-06-01

1998 National War College paper entitled “U.S. National Se- curity Structure: A New Model for the 21st Century” defines the national security community ...fueled by revolu- tions in communications and information management, the emergence of a truly global market and world economy, the primacy of economic...collection of information is estimated to average 1 hour per response, including the time for reviewing instructions , searching existing data sources

Cost management of cleft lips under the Universal Health Coverage Program of the Tawanchai Cleft Center, Srinagarind Hospital, Faculty of Medicine, Khon Kaen University.

PubMed

Odton, Cheewarat; Rittirod, Theera; Pradubwong, Suteera; Chowchuen, Bowornsilp

2014-10-01

The study ofcost management with regard to cleft lip patients under the Universal Health Coverage Program at Tawanchai Cleft Center Srinagarind Hospital, Faculty of Medicine, Khon Kaen University, was conducted in order to provide fundamental information for the administrative team on how best to administrate and manage the organization. To study the cost management of cleft lip patients under the Universal Health Coverage Program. To compare individual patient management costs and costs from the National Health Security Office (NHSO), and to offer proper guidelines for cost management to the organization. The study was performed retrospectively. The data were collected by reviewing secondary sources of information from patients with cleft lips who consistently underwent treatment at Tawanchai Cleft Center. As for the provider prospects, the cost management did not address the other expenses. The study analyzed the comparison between cost management and income from the Universal Health Coverage Program, which it receivedfrom the National Health Security Office (NHSO). The study was conducted over 2 years (October 1, 2010 to 30 September, 2013). There were 21patients in this study. Microsoft excel was the instrument used to calculate the cost ofmanagement. (1) Total costs were lower than real payments because this cost did not take into account the total cost of the operation room, patient room, common bed, and costs of the medical equipment. Moreover the information regarding the building's price and the facility were not clear enough. The database of materials and equipment was also not yet complete. (2) The average cost ofpatient management was 12,025.14 Bahtperperson, but the compensation receivedfrom the National Health Security Office (NHSO) averaged 10,527.63 Bahtperperson, which was 87.55% ofthe total cost management. The department with the largest expenses was Anesthesia (36.42%). This study indicated that the cost of patient management is lower than usual due to the lack of clear cost information. The cost of medical care, which was received from the National Health Security Office (NHSO), was only 87.55%; the department with the highest costs was Anesthesia (36.42%).

The Design of Data Disaster Recovery of National Fundamental Geographic Information System

NASA Astrophysics Data System (ADS)

Zhai, Y.; Chen, J.; Liu, L.; Liu, J.

2014-04-01

With the development of information technology, data security of information system is facing more and more challenges. The geographic information of surveying and mapping is fundamental and strategic resource, which is applied in all areas of national economic, defence and social development. It is especially vital to national and social interests when such classified geographic information is directly concerning Chinese sovereignty. Several urgent problems that needs to be resolved for surveying and mapping are how to do well in mass data storage and backup, establishing and improving the disaster backup system especially after sudden natural calamity accident, and ensuring all sectors rapidly restored on information system will operate correctly. For overcoming various disaster risks, protect the security of data and reduce the impact of the disaster, it's no doubt the effective way is to analysis and research on the features of storage and management and security requirements, as well as to ensure that the design of data disaster recovery system suitable for the surveying and mapping. This article analyses the features of fundamental geographic information data and the requirements of storage management, three site disaster recovery system of DBMS plan based on the popular network, storage and backup, data replication and remote switch of application technologies. In LAN that synchronous replication between database management servers and the local storage of backup management systems, simultaneously, remote asynchronous data replication between local storage backup management systems and remote database management servers. The core of the system is resolving local disaster in the remote site, ensuring data security and business continuity of local site. This article focuses on the following points: background, the necessity of disaster recovery system, the analysis of the data achievements and data disaster recovery plan. Features of this program is to use a hardware-based data hot backup, and remote online disaster recovery support for Oracle database system. The achievement of this paper is in summarizing and analysing the common characteristics of disaster of surveying and mapping business system requirements, while based on the actual situation of the industry, designed the basic GIS disaster recovery solutions, and we also give the conclusions about key technologies of RTO and RPO.

Trust and Privacy Solutions Based on Holistic Service Requirements.

PubMed

Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

2015-12-24

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens' information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing.

Trust and Privacy Solutions Based on Holistic Service Requirements

PubMed Central

Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

2015-01-01

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens’ information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing. PMID:26712752

78 FR 24226 - Agency Information Collection Activities; Proposed Collection; Comment Request: Community Drill...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-24

... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID FEMA-2013-0012; OMB No. 1660-NEW] Agency Information Collection Activities; Proposed Collection; Comment Request: Community Drill Day Registration AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice...

10 CFR 95.18 - Key personnel.

Code of Federal Regulations, 2011 CFR

2011-01-01

... INFORMATION AND RESTRICTED DATA Physical Security § 95.18 Key personnel. The senior management official and... Clearance. Other key management officials, as determined by the CSA, must be granted an access authorization... organization's policies or practices in the performance of activities involving classified information. This...

46 CFR Appendix A - [Reserved

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 1 2010-10-01 2010-10-01 false [Reserved] A Appendix A Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System Management Information System requirements. Appendix A [Reserved] 46 CFR Ch. I (10-1-10 Edition...

76 FR 13438 - AccessTel, Inc., American Asset Management Corp., DME Interactive Holdings, Inc., DocuPort, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-11

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] AccessTel, Inc., American Asset Management Corp., DME Interactive Holdings, Inc., DocuPort, Inc., and iCarbon Corp., Order of Suspension of Trading March 8, 2011. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the...

Multi-agent integrated password management (MIPM) application secured with encryption

NASA Astrophysics Data System (ADS)

Awang, Norkhushaini; Zukri, Nurul Hidayah Ahmad; Rashid, Nor Aimuni Md; Zulkifli, Zuhri Arafah; Nazri, Nor Afifah Mohd

2017-10-01

Users use weak passwords and reuse them on different websites and applications. Password managers are a solution to store login information for websites and help users log in automatically. This project developed a system that acts as an agent managing passwords. Multi-Agent Integrated Password Management (MIPM) is an application using encryption that provides users with secure storage of their login account information such as their username, emails and passwords. This project was developed on an Android platform with an encryption agent using Java Agent Development Environment (JADE). The purpose of the embedded agents is to act as a third-party software to ease the encryption process, and in the future, the developed encryption agents can form part of the security system. This application can be used by the computer and mobile users. Currently, users log into many applications causing them to use unique passwords to prevent password leaking. The crypto agent handles the encryption process using an Advanced Encryption Standard (AES) 128-bit encryption algorithm. As a whole, MIPM is developed on the Android application to provide a secure platform to store passwords and has high potential to be commercialised for public use.

Assessing the Alignment of Information Security with Strategic Business, and Strategic Information System Planning: A Department of Defense Perspective

DTIC Science & Technology

2010-06-01

Wolfgang. "Appraisal of the effectivness and efficiency of an Information Security Management System based on ISO 27001 ." International Conference on...of corporate information resources (Doherty and 29 Fulford, 2006) ( ISO /IEC 17799, 2005). Both public and private sectors of business have...Science Ltd, 2002. Iacovou, Charalambos L. "The IPACS project: when IT hits the fan." Journal of Information Technology, 1999: 267-275. ISO /IEC 17799

33 CFR 1.10-5 - Public availability of records and documents.

Code of Federal Regulations, 2011 CFR

2011-07-01

... written request to the Chief, Office of Information Management (CG-61), U.S. Coast Guard Headquarters... of Information Management (CG-61), at the address in paragraph (a) of this section. [CGD-73-54R, 38... HOMELAND SECURITY GENERAL GENERAL PROVISIONS Public Availability of Information § 1.10-5 Public...