48 CFR 1252.239-71 - Information technology security plan and accreditation.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Information technology... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and...

48 CFR 1252.239-71 - Information technology security plan and accreditation.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Information technology... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and...

48 CFR 2452.239-71 - Information Technology Virus Security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 6 2011-10-01 2011-10-01 false Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

48 CFR 1252.239-71 - Information technology security plan and accreditation.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 5 2012-10-01 2012-10-01 false Information technology... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and...

48 CFR 1252.239-71 - Information technology security plan and accreditation.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information technology... Provisions and Clauses 1252.239-71 Information technology security plan and accreditation. As prescribed in (TAR) 48 CFR 1239.70, insert the following provision: Information Technology Security Plan and...

48 CFR 2452.239-71 - Information Technology Virus Security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Information Technology... Provisions and Clauses 2452.239-71 Information Technology Virus Security. As prescribed in 2439.107(b), insert the following clause: Information Technology Virus Security (FEB 2006) (a) The contractor hereby...

A review of security of electronic health records.

PubMed

Win, Khin Than

The objective of this study is to answer the research question, "Are current information security technologies adequate for electronic health records (EHRs)?" In order to achieve this, the following matters have been addressed in this article: (i) What is information security in the context of EHRs? (ii) Why is information security important for EHRs? and (iii) What are the current technologies for information security available to EHRs? It is concluded that current EHR security technologies are inadequate and urgently require improvement. Further study regarding information security of EHRs is indicated.

The Chain-Link Fence Model: A Framework for Creating Security Procedures

ERIC Educational Resources Information Center

Houghton, Robert F.

2013-01-01

A long standing problem in information technology security is how to help reduce the security footprint. Many specific proposals exist to address specific problems in information technology security. Most information technology solutions need to be repeatable throughout the course of an information systems lifecycle. The Chain-Link Fence Model is…

48 CFR 652.239-70 - Information Technology Security Plan and Accreditation.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 4 2014-10-01 2014-10-01 false Information Technology... Clauses 652.239-70 Information Technology Security Plan and Accreditation. As prescribed in 639.107-70(a), insert the following provision: Information Technology Security Plan and Accreditation (SEP 2007) All...

48 CFR 652.239-70 - Information Technology Security Plan and Accreditation.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 4 2012-10-01 2012-10-01 false Information Technology... Clauses 652.239-70 Information Technology Security Plan and Accreditation. As prescribed in 639.107-70(a), insert the following provision: Information Technology Security Plan and Accreditation (SEP 2007) All...

17 CFR 200.26a - Office of Information Technology.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Organization § 200.26a Office of Information Technology. The Office of Information Technology is responsible... 17 Commodity and Securities Exchanges 2 2011-04-01 2011-04-01 false Office of Information Technology. 200.26a Section 200.26a Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION...

48 CFR 652.239-70 - Information Technology Security Plan and Accreditation.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 4 2011-10-01 2011-10-01 false Information Technology... Clauses 652.239-70 Information Technology Security Plan and Accreditation. As prescribed in 639.107-70(a), insert the following provision: Information Technology Security Plan and Accreditation (SEP 2007) All...

48 CFR 652.239-70 - Information Technology Security Plan and Accreditation.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 4 2013-10-01 2013-10-01 false Information Technology... Clauses 652.239-70 Information Technology Security Plan and Accreditation. As prescribed in 639.107-70(a), insert the following provision: Information Technology Security Plan and Accreditation (SEP 2007) All...

17 CFR 200.26a - Office of Information Technology.

Code of Federal Regulations, 2014 CFR

2014-04-01

... Organization § 200.26a Office of Information Technology. The Office of Information Technology is responsible... 17 Commodity and Securities Exchanges 3 2014-04-01 2014-04-01 false Office of Information Technology. 200.26a Section 200.26a Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION...

17 CFR 200.26a - Office of Information Technology.

Code of Federal Regulations, 2013 CFR

2013-04-01

... Organization § 200.26a Office of Information Technology. The Office of Information Technology is responsible... 17 Commodity and Securities Exchanges 2 2013-04-01 2013-04-01 false Office of Information Technology. 200.26a Section 200.26a Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION...

14 CFR § 1274.937 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2014 CFR

2014-01-01

... information technology resources. § 1274.937 Section § 1274.937 Aeronautics and Space NATIONAL AERONAUTICS... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be responsible...

17 CFR 200.26a - Office of Information Technology.

Code of Federal Regulations, 2012 CFR

2012-04-01

... Organization § 200.26a Office of Information Technology. The Office of Information Technology is responsible... 17 Commodity and Securities Exchanges 2 2012-04-01 2012-04-01 false Office of Information Technology. 200.26a Section 200.26a Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION...

17 CFR 200.26a - Office of Information Technology.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Office of Information Technology. 200.26a Section 200.26a Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Organization § 200.26a Office of Information Technology. The Office of Information Technology is responsible...

48 CFR 652.239-70 - Information Technology Security Plan and Accreditation.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 4 2010-10-01 2010-10-01 false Information Technology... Clauses 652.239-70 Information Technology Security Plan and Accreditation. As prescribed in 639.107-70(a), insert the following provision: Information Technology Security Plan and Accreditation (SEP 2007) All...

76 FR 4079 - Information Technology (IT) Security

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-24

... Technology (IT) Security AGENCY: National Aeronautics and Space Administration. ACTION: Final rule. SUMMARY: NASA is revising the NASA FAR Supplement (NFS) to update requirements related to Information Technology... Security clause. However, due to the critical importance of protecting the Agency's Information Technology...

48 CFR 1804.470-2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... ADMINISTRATIVE MATTERS Safeguarding Classified Information Within Industry 1804.470-2 Policy. NASA IT security...) 2810, Security of Information Technology; NASA Procedural Requirements (NPR) 2810, Security of Information Technology; and interim policy updates in the form of NASA Information Technology Requirements...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... Clause 1352.239-73, Security Requirements for Information Technology Resources, is needed, contracting... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339...

Systems Security Engineering

DTIC Science & Technology

2010-08-22

practice for information security management ( ISO /IEC 27002 ),” “Information technology — Security techniques — Information security management...systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security techniques — Information security risk management ( ISO /IEC 27005).” from...associated practice aids. Perhaps the most germane discovery from this effort was a draft ISO standard on Systems and software engineering, Systems and

48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 6 2013-10-01 2013-10-01 false Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 6 2011-10-01 2011-10-01 false Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

32 CFR 2400.42 - Security Officer.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.42 Security...

77 FR 70792 - Privacy Act of 1974; Department of Homeland Security/ALL-004 General Information Technology...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-27

... 1974; Department of Homeland Security/ALL-004 General Information Technology Access Account Records..., Department of Homeland Security/ALL-004 General Information Technology Access Account Records System of... access account records. This system consists of information collected in order to provide authorized...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability. Contracting Officers are responsible for ensuring that all information technology acquisitions comply with the Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2014 CFR

2014-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2012 CFR

2012-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2010 CFR

2010-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2011 CFR

2011-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.46 - Suggestions or complaints.

Code of Federal Regulations, 2013 CFR

2013-07-01

... POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.46... Science and Technology Policy Information Security Program should do so in writing. This correspondence...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

32 CFR 2400.45 - Information Security Program Review.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Section 2400.45 National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45...

Securing Information Technology in Healthcare

PubMed Central

Anthony, Denise; Campbell, Andrew T.; Candon, Thomas; Gettinger, Andrew; Kotz, David; Marsch, Lisa A.; Molina-Markham, Andrés; Page, Karen; Smith, Sean W.; Gunter, Carl A.; Johnson, M. Eric

2014-01-01

Dartmouth College’s Institute for Security, Technology, and Society conducted three workshops on securing information technology in healthcare, attended by a diverse range of experts in the field. This article summarizes the three workshops. PMID:25379030

Information technology security system engineering methodology

NASA Technical Reports Server (NTRS)

Childs, D.

2003-01-01

A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

Information security of power enterprises of North-Arctic region

NASA Astrophysics Data System (ADS)

Sushko, O. P.

2018-05-01

The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

77 FR 749 - General Services Administration Acquisition Regulation; Implementation of Information Technology...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-06

... Acquisition Regulation; Implementation of Information Technology Security Provision AGENCY: Office of... orders that include information technology (IT) supplies, services and systems. DATES: Effective Date... 6, 2012 that include information technology (IT) supplies, services and systems with security...

48 CFR 652.239-71 - Security Requirements for Unclassified Information Technology Resources.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Unclassified Information Technology Resources. 652.239-71 Section 652.239-71 Federal Acquisition Regulations... Provisions and Clauses 652.239-71 Security Requirements for Unclassified Information Technology Resources. As... Technology Resources (SEP 2007) (a) General. The Contractor shall be responsible for information technology...

48 CFR 652.239-71 - Security Requirements for Unclassified Information Technology Resources.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Unclassified Information Technology Resources. 652.239-71 Section 652.239-71 Federal Acquisition Regulations... Provisions and Clauses 652.239-71 Security Requirements for Unclassified Information Technology Resources. As... Technology Resources (SEP 2007) (a) General. The Contractor shall be responsible for information technology...

48 CFR 652.239-71 - Security Requirements for Unclassified Information Technology Resources.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Unclassified Information Technology Resources. 652.239-71 Section 652.239-71 Federal Acquisition Regulations... Provisions and Clauses 652.239-71 Security Requirements for Unclassified Information Technology Resources. As... Technology Resources (SEP 2007) (a) General. The Contractor shall be responsible for information technology...

48 CFR 652.239-71 - Security Requirements for Unclassified Information Technology Resources.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Unclassified Information Technology Resources. 652.239-71 Section 652.239-71 Federal Acquisition Regulations... Provisions and Clauses 652.239-71 Security Requirements for Unclassified Information Technology Resources. As... Technology Resources (SEP 2007) (a) General. The Contractor shall be responsible for information technology...

48 CFR 652.239-71 - Security Requirements for Unclassified Information Technology Resources.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Unclassified Information Technology Resources. 652.239-71 Section 652.239-71 Federal Acquisition Regulations... Provisions and Clauses 652.239-71 Security Requirements for Unclassified Information Technology Resources. As... Technology Resources (SEP 2007) (a) General. The Contractor shall be responsible for information technology...

48 CFR 552.239-71 - Security Requirements for Unclassified Information Technology Resources.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Unclassified Information Technology Resources. 552.239-71 Section 552.239-71 Federal Acquisition Regulations... Text of Provisions and Clauses 552.239-71 Security Requirements for Unclassified Information Technology... Information Technology Resources (JAN 2012) (a) General. The Contractor shall be responsible for information...

48 CFR 552.239-71 - Security Requirements for Unclassified Information Technology Resources.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Unclassified Information Technology Resources. 552.239-71 Section 552.239-71 Federal Acquisition Regulations... Text of Provisions and Clauses 552.239-71 Security Requirements for Unclassified Information Technology... Information Technology Resources (JAN 2012) (a) General. The Contractor shall be responsible for information...

48 CFR 552.239-71 - Security Requirements for Unclassified Information Technology Resources.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Unclassified Information Technology Resources. 552.239-71 Section 552.239-71 Federal Acquisition Regulations... Text of Provisions and Clauses 552.239-71 Security Requirements for Unclassified Information Technology... Information Technology Resources (JAN 2012) (a) General. The Contractor shall be responsible for information...

48 CFR 552.239-71 - Security Requirements for Unclassified Information Technology Resources.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Unclassified Information Technology Resources. 552.239-71 Section 552.239-71 Federal Acquisition Regulations... Text of Provisions and Clauses 552.239-71 Security Requirements for Unclassified Information Technology... Information Technology Resources (JUN 2011) (a) General. The Contractor shall be responsible for information...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2011 CFR

2011-10-01

... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology... Unclassified Information Technology Resources (APR 2005) (a) The Contractor shall be responsible for...

48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2014 CFR

2014-10-01

... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology... Unclassified Information Technology Resources (APR 2005) (a) The Contractor shall be responsible for...

48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2013 CFR

2013-10-01

... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology... Unclassified Information Technology Resources (APR 2005) (a) The Contractor shall be responsible for...

48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2012 CFR

2012-10-01

... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology... Unclassified Information Technology Resources (APR 2005) (a) The Contractor shall be responsible for...

48 CFR 352.239-72 - Security requirements for Federal information technology resources.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Federal information technology resources. 352.239-72 Section 352.239-72 Federal Acquisition Regulations... Provisions and Clauses 352.239-72 Security requirements for Federal information technology resources. As... Federal Information Technology Resources (January 2010) (a) Applicability. This clause applies whether the...

48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2010 CFR

2010-10-01

... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology... Unclassified Information Technology Resources (APR 2005) (a) The Contractor shall be responsible for...

CMMI(Registered) for Services, Version 1.3

DTIC Science & Technology

2010-11-01

ISO 2008b] ISO /IEC 27001 :2005 Information technology – Security techniques – Information Security Management Systems – Requirements [ ISO /IEC 2005...Commission. ISO /IEC 27001 Information Technology – Security Techniques – Information Security Management Systems – Requirements, 2005. http...CMM or International Organization for Standardization ( ISO ) 9001, you will immediately recognize many similarities in their structure and content

Research on the information security system in electrical gis system in mobile application

NASA Astrophysics Data System (ADS)

Zhou, Chao; Feng, Renjun; Jiang, Haitao; Huang, Wei; Zhu, Daohua

2017-05-01

With the rapid development of social informatization process, the demands of government, enterprise, and individuals for spatial information becomes larger. In addition, the combination of wireless network technology and spatial information technology promotes the generation and development of mobile technologies. In today’s rapidly developed information technology field, network technology and mobile communication have become the two pillar industries by leaps and bounds. They almost absorbed and adopted all the latest information, communication, computer, electronics and so on new technologies. Concomitantly, the network coverage is more and more big, the transmission rate is faster and faster, the volume of user’s terminal is smaller and smaller. What’s more, from LAN to WAN, from wired network to wireless network, from wired access to mobile wireless access, people’s demand for communication technology is increasingly higher. As a result, mobile communication technology is facing unprecedented challenges as well as unprecedented opportunities. When combined with the existing mobile communication network, it led to the development of leaps and bounds. However, due to the inherent dependence of the system on the existing computer communication network, information security problems cannot be ignored. Today’s information security has penetrated into all aspects of life. Information system is a complex computer system, and it’s physical, operational and management vulnerabilities constitute the security vulnerability of the system. Firstly, this paper analyzes the composition of mobile enterprise network and information security threat. Secondly, this paper puts forward the security planning and measures, and constructs the information security structure.

48 CFR 1852.204-76 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2011 CFR

2011-10-01

... unclassified information technology resources. 1852.204-76 Section 1852.204-76 Federal Acquisition Regulations... information technology resources. As prescribed in 1804.470-4(a), insert the following clause: SECURITY REQUIREMENTS FOR UNCLASSIFIED INFORMATION TECHNOLOGY RESOURCES (MONTH YEAR) (a) The contractor shall protect...

48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2011 CFR

2011-10-01

... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition Regulations... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information Technology...

48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2012 CFR

2012-10-01

... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition Regulations... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information Technology...

48 CFR 1852.204-76 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2012 CFR

2012-10-01

... unclassified information technology resources. 1852.204-76 Section 1852.204-76 Federal Acquisition Regulations... information technology resources. As prescribed in 1804.470-4(a), insert the following clause: Security Requirements for Unclassified Information Technology Resources (MONTH YEAR) (a) The contractor shall protect...

48 CFR 1852.204-76 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2013 CFR

2013-10-01

... unclassified information technology resources. 1852.204-76 Section 1852.204-76 Federal Acquisition Regulations... information technology resources. As prescribed in 1804.470-4(a), insert the following clause: Security Requirements for Unclassified Information Technology Resources (MONTH YEAR) (a) The contractor shall protect...

48 CFR 1852.204-76 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2014 CFR

2014-10-01

... unclassified information technology resources. 1852.204-76 Section 1852.204-76 Federal Acquisition Regulations... information technology resources. As prescribed in 1804.470-4(a), insert the following clause: Security Requirements for Unclassified Information Technology Resources (MONTH YEAR) (a) The contractor shall protect...

48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2010 CFR

2010-10-01

... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition Regulations... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information Technology...

48 CFR 352.239-72 - Security requirements for Federal information technology resources.

Code of Federal Regulations, 2011 CFR

2011-10-01

...' mission. The term “information technology (IT)”, as used in this clause, includes computers, ancillary... Federal information technology resources. 352.239-72 Section 352.239-72 Federal Acquisition Regulations... Provisions and Clauses 352.239-72 Security requirements for Federal information technology resources. As...

48 CFR 352.239-72 - Security requirements for Federal information technology resources.

Code of Federal Regulations, 2013 CFR

2013-10-01

...' mission. The term “information technology (IT)”, as used in this clause, includes computers, ancillary... Federal information technology resources. 352.239-72 Section 352.239-72 Federal Acquisition Regulations... Provisions and Clauses 352.239-72 Security requirements for Federal information technology resources. As...

48 CFR 352.239-72 - Security requirements for Federal information technology resources.

Code of Federal Regulations, 2014 CFR

2014-10-01

...' mission. The term “information technology (IT)”, as used in this clause, includes computers, ancillary... Federal information technology resources. 352.239-72 Section 352.239-72 Federal Acquisition Regulations... Provisions and Clauses 352.239-72 Security requirements for Federal information technology resources. As...

48 CFR 352.239-72 - Security requirements for Federal information technology resources.

Code of Federal Regulations, 2012 CFR

2012-10-01

...' mission. The term “information technology (IT)”, as used in this clause, includes computers, ancillary... Federal information technology resources. 352.239-72 Section 352.239-72 Federal Acquisition Regulations... Provisions and Clauses 352.239-72 Security requirements for Federal information technology resources. As...

76 FR 45645 - 10-Day Notice of Proposed Information Collection: Technology Security/Clearance Plans, Screening...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-29

...: Technology Security/Clearance Plans, Screening Records, and Non-Disclosure Agreements ACTION: Notice of... Information Collection: Technology Security/ Clearance Plans, Screening Records, and Non-Disclosure Agreements...: None. Respondents: Business and Nonprofit Organizations, Foreign Governments. Estimated Number of...

Information Resource Management Planning in the Office of the Under Secretary of Defense (Acquisition)

DTIC Science & Technology

1989-08-01

Include in this plan the role of the Defense Technical Information Center (DTIC), the Defense Technology Security Administration ( DTSA ), and ODDR&E’s...DTIC = Defense Technical Information Center DTSA = Defense Technology Security Administration DUSD = Deputy Under Secretary of Defense Gloss. 2 DUSD...technologically sensitive requests. The Defense Technology Security Administi ation ( DTSA ) is developing a large system to track foreign military sales

Three Essays on Information Technology Security Management in Organizations

ERIC Educational Resources Information Center

Gupta, Manish

2011-01-01

Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to…

48 CFR 1804.470-2 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 1804.470-2 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND SPACE ADMINISTRATION GENERAL...) 2810, Security of Information Technology; NASA Procedural Requirements (NPR) 2810, Security of Information Technology; and interim policy updates in the form of NASA Information Technology Requirements...

48 CFR 1804.470-2 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 1804.470-2 Federal Acquisition Regulations System NATIONAL AERONAUTICS AND SPACE ADMINISTRATION GENERAL...) 2810, Security of Information Technology; NASA Procedural Requirements (NPR) 2810, Security of Information Technology; and interim policy updates in the form of NASA Information Technology Requirements...

48 CFR 339.7103 - Solicitation and contract clause.

Code of Federal Regulations, 2010 CFR

2010-10-01

... SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management...-72, Security Requirements for Federal Information Technology Resources, in solicitations and contracts that involve contractor access to Federal information or Federal information systems. ...

75 FR 49943 - New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-16

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY: Transportation... INFORMATION CONTACT: Joanna Johnson, Office of Information Technology, TSA-11, Transportation Security...

Research on information security in big data era

NASA Astrophysics Data System (ADS)

Zhou, Linqi; Gu, Weihong; Huang, Cheng; Huang, Aijun; Bai, Yongbin

2018-05-01

Big data is becoming another hotspot in the field of information technology after the cloud computing and the Internet of Things. However, the existing information security methods can no longer meet the information security requirements in the era of big data. This paper analyzes the challenges and a cause of data security brought by big data, discusses the development trend of network attacks under the background of big data, and puts forward my own opinions on the development of security defense in technology, strategy and product.

48 CFR 1239.70 - Solicitation provision and contract clause.

Code of Federal Regulations, 2010 CFR

2010-10-01

... TRANSPORTATION SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1239.70... 1252.239-71, Information Technology Security Plan and Accreditation, and the clause at (TAR) 48 CFR 1252.239-70, Security Requirements for Unclassified Information Technology Resources, in all...

A layered trust information security architecture.

PubMed

de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

2014-12-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

Satisfactions, Self-Efficacy, and Compliance in Mandatory Technology Settings

ERIC Educational Resources Information Center

Devgan, Vipan

2012-01-01

Many organizations recognize employees as great assets in the efforts to reduce risk related to information security. Employee's compliance with information security rules and regulations of organization is the key to strengthening information security. It is crucial for organizations to understand factors affecting technology compliance to…

75 FR 33631 - Science and Technology (S&T) Directorate; Agency Information Collection Activities: Submission...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-14

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2010-0040] Science and Technology (S&T) Directorate; Agency Information Collection Activities: Submission for Review; Information Collection Request for the Department of Homeland Security (DHS) Science and Technology TechSolutions Program AGENCY...

75 FR 53706 - Science and Technology (S&T) Directorate: Agency Information Collection Activities: Submission...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-01

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2010-0072] Science and Technology (S&T) Directorate: Agency Information Collection Activities: Submission for Review; Information Collection Request for the Department of Homeland Security (DHS) Science and Technology TechSolutions Program AGENCY...

48 CFR 3004.470-2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... unclassified information. MD 4300.1, entitled Information Technology Systems Security, and the DHS Sensitive Systems Handbook, prescribe the policies and procedures on security for Information Technology resources... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive Information...

A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

ERIC Educational Resources Information Center

Francois, Michael T.

2016-01-01

Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

Explore Awareness of Information Security: Insights from Cognitive Neuromechanism.

PubMed

Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

2015-01-01

With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment.

Explore Awareness of Information Security: Insights from Cognitive Neuromechanism

PubMed Central

Han, Dongmei; Han, Tianlin; Dai, Xingyun

2015-01-01

With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment. PMID:26587017

Determination of ISRA Framework Using Delphi Methodology for Small and Midsized Enterprises

ERIC Educational Resources Information Center

Shah, Ashish

2017-01-01

Unfathomable a few decades ago, the velocity of revolution in information technology (IT) security is accelerating. Small and midsized enterprises (SMEs) continue to make IT security a highest priority and foster security controls to safeguard their environments from adverse effects. Information technology security professionals must rely on one…

Acceptance Factors Influencing Adoption of National Institute of Standards and Technology Information Security Standards: A Quantitative Study

ERIC Educational Resources Information Center

Kiriakou, Charles M.

2012-01-01

Adoption of a comprehensive information security governance model and security controls is the best option organizations may have to protect their information assets and comply with regulatory requirements. Understanding acceptance factors of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) comprehensive…

A Layered Trust Information Security Architecture

PubMed Central

de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

2014-01-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

75 FR 29568 - Extension of Agency Information Collection Activity Under OMB Review: Aircraft Operator Security

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-26

... Act (PRA) Officer, Office of Information Technology (OIT), TSA-11, Transportation Security..., electronic, mechanical, or other technological collection techniques or other forms of information technology... criminal history records check (CHRC). As part of the CHRC process, the individual must provide identifying...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

Intelligence, Information Technology, and Information Warfare.

ERIC Educational Resources Information Center

Davies, Philip H. J.

2002-01-01

Addresses the use of information technology for intelligence and information warfare in the context of national security and reviews the status of clandestine collection. Discusses hacking, human agent collection, signal interception, covert action, counterintelligence and security, and communications between intelligence producers and consumers…

75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-23

... Office, --Update of NIST Computer Security Division, and --Information Security and Privacy Advisory... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.40 - Responsibility.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.40 Responsibility...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

32 CFR 2400.44 - Custodians.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.44 Custodians...

75 FR 16491 - Science and Technology Directorate; Submission for Review; Information Collection Request for the...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-01

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2010-0026] Science and Technology Directorate; Submission for Review; Information Collection Request for the Department of Homeland Security Science and Technology Directorate First Responders Community of Practice AGENCY: Science and Technology Directorate, DHS...

Information Technology Security Professionals' Knowledge and Use Intention Based on UTAUT Model

ERIC Educational Resources Information Center

Kassa, Woldeloul

2016-01-01

Information technology (IT) security threats and vulnerabilities have become a major concern for organizations in the United States. However, there has been little research on assessing the effect of IT security professionals' knowledge on the use of IT security controls. This study examined the unified theory of acceptance and use of technology…

48 CFR 539.7001 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Additional Requirements for Purchases Not in Support of... Information Security Management Act (FISMA) describes Federal agency security responsibilities as including... behalf of an agency.” (b) Employees responsible for or procuring information technology supplies...

48 CFR 539.7001 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Additional Requirements for Purchases Not in Support of... Information Security Management Act (FISMA) describes Federal agency security responsibilities as including... behalf of an agency.” (b) Employees responsible for or procuring information technology supplies...

48 CFR 539.7001 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Additional Requirements for Purchases Not in Support of... Information Security Management Act (FISMA) describes Federal agency security responsibilities as including... behalf of an agency.” (b) Employees responsible for or procuring information technology supplies...

48 CFR 539.7001 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Additional Requirements for Purchases Not in Support of... Information Security Management Act (FISMA) describes Federal agency security responsibilities as including... behalf of an agency.” (b) Employees responsible for or procuring information technology supplies...

48 CFR 3439.702 - Department security requirements.

Code of Federal Regulations, 2012 CFR

2012-10-01

... ACQUISITION REGULATION SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Department Requirements for Acquisition of Information Technology 3439.702 Department security requirements. The...) involves the design, operation, repair, or maintenance of information systems and access to sensitive but...

48 CFR 3439.702 - Department security requirements.

Code of Federal Regulations, 2013 CFR

2013-10-01

... ACQUISITION REGULATION SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Department Requirements for Acquisition of Information Technology 3439.702 Department security requirements. The...) involves the design, operation, repair, or maintenance of information systems and access to sensitive but...

48 CFR 3439.702 - Department security requirements.

Code of Federal Regulations, 2011 CFR

2011-10-01

... ACQUISITION REGULATION SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Department Requirements for Acquisition of Information Technology 3439.702 Department security requirements. The...) involves the design, operation, repair, or maintenance of information systems and access to sensitive but...

48 CFR 339.7103 - Solicitation and contract clause.

Code of Federal Regulations, 2011 CFR

2011-10-01

... clause. 339.7103 Section 339.7103 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management...-72, Security Requirements for Federal Information Technology Resources, in solicitations and...

48 CFR 339.7103 - Solicitation and contract clause.

Code of Federal Regulations, 2014 CFR

2014-10-01

... clause. 339.7103 Section 339.7103 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management...-72, Security Requirements for Federal Information Technology Resources, in solicitations and...

48 CFR 339.7103 - Solicitation and contract clause.

Code of Federal Regulations, 2013 CFR

2013-10-01

... clause. 339.7103 Section 339.7103 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management...-72, Security Requirements for Federal Information Technology Resources, in solicitations and...

48 CFR 339.7103 - Solicitation and contract clause.

Code of Federal Regulations, 2012 CFR

2012-10-01

... clause. 339.7103 Section 339.7103 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management...-72, Security Requirements for Federal Information Technology Resources, in solicitations and...

The study and implementation of the wireless network data security model

NASA Astrophysics Data System (ADS)

Lin, Haifeng

2013-03-01

In recent years, the rapid development of Internet technology and the advent of information age, people are increasing the strong demand for the information products and the market for information technology. Particularly, the network security requirements have become more sophisticated. This paper analyzes the wireless network in the data security vulnerabilities. And a list of wireless networks in the framework is the serious defects with the related problems. It has proposed the virtual private network technology and wireless network security defense structure; and it also given the wireless networks and related network intrusion detection model for the detection strategies.

76 FR 31971 - New Agency Information Collection Activity Under OMB Review: Security Program for Hazardous...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-02

... INFORMATION CONTACT: Joanna Johnson, TSA PRA Officer, Office of Information Technology (OIT), TSA-11... other forms of information technology. Information Collection Requirement Title: Security Program for... surveyor tool that is managed at TSA. Participants who attend the classroom training sessions will also be...

12 CFR Appendix B to Part 570 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... reports; or (B) Blind data, such as payment history on accounts that are not personally identifiable, that... technology, the sensitivity of your customer information, internal or external threats to information, and... Information Technology Examination Handbook, Information Security Booklet, Dec. 2002 available at http://www...

76 FR 68486 - Agency Information Collection Activities: Submission for Review; Information Collection Request...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-04

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0077] Agency Information Collection Activities: Submission for Review; Information Collection Request for the Department of Homeland Security (DHS), Science and Technology, External S&T Collaboration Site (E-STCS) AGENCY: Science and Technology...

An Evaluation Methodology for the Usability and Security of Cloud-based File Sharing Technologies

DTIC Science & Technology

2012-09-01

FISMA, ISO 27001 , FIPS 140-2, and ISO 270001) indicate a cloud-based service’s compliance with industry standard security controls, management and...Information Assurance IEEE Institute of Electrical and Electronics Engineers IT Information Technology ITS Insider Threat Study ISO International...effectively, efficiently and with satisfaction” (International Organization for Standardization [ ISO ], 1998). Alternately, information security

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.43 - Heads of offices.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.43 Heads of...

32 CFR 2400.41 - Office Review Committee.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.41 Office Review...

75 FR 1446 - Rate of Payment for Medical Records Received Through Health Information Technology (IT) Necessary...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-11

... Received Through Health Information Technology (IT) Necessary To Make Disability Determinations AGENCY... Federal Register. FOR FURTHER INFORMATION CONTACT: Cheryl Elksnis, Office of Disability Programs, Social Security Administration, 6401 Security Boulevard, Baltimore, MD 21235-6401, 410-966-0497, for information...

75 FR 38595 - Guidance to States Regarding Driver History Record Information Security, Continuity of Operation...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-02

... Standards and Technology's (NIST) Computer Security Division maintains a Computer Security Resource Center... Regarding Driver History Record Information Security, Continuity of Operation Planning, and Disaster... (SDLAs) to support their efforts at maintaining the security of information contained in the driver...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and... information contained in those systems. Each system's level of security shall protect the integrity...

The Effectiveness of Information Technology Simulation and Security Awareness Training on U.S Military Personnel in Iraq and Afghanistan

ERIC Educational Resources Information Center

Armstead, Stanley K.

2017-01-01

In today's dynamic military environment, information technology plays a crucial role in the support of mission preparedness and operational readiness. This research examined the effectiveness of information technology security simulation and awareness training on U.S. military personnel in Iraq and Afghanistan. Also, the study analyzed whether…

The Perceptions of U.S.-Based IT Security Professionals about the Effectiveness of IT Security Frameworks: A Quantitative Study

ERIC Educational Resources Information Center

Warfield, Douglas L.

2011-01-01

The evolution of information technology has included new methodologies that use information technology to control and manage various industries and government activities. Information Technology has also evolved as its own industry with global networks of interconnectivity, such as the Internet, and frameworks, models, and methodologies to control…

The Department of Homeland Security Intelligence Enterprise: Operational Overview and Oversight Challenges for Congress

DTIC Science & Technology

2009-05-27

technology network architecture to connect various DHS elements and promote information sharing.17 • Establish a DHS State, Local, and Regional...A Strategic Plan; training, and the implementation of a comprehensive information systems architecture .65 As part of its integration...information technology network architecture was submitted to Congress last year. See DHS I&A, Homeland Security Information Technology Network

The application of data encryption technology in computer network communication security

NASA Astrophysics Data System (ADS)

Gong, Lina; Zhang, Li; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-04-01

With the rapid development of Intemet and the extensive application of computer technology, the security of information becomes more and more serious, and the information security technology with data encryption technology as the core has also been developed greatly. Data encryption technology not only can encrypt and decrypt data, but also can realize digital signature, authentication and authentication and other functions, thus ensuring the confidentiality, integrity and confirmation of data transmission over the network. In order to improve the security of data in network communication, in this paper, a hybrid encryption system is used to encrypt and decrypt the triple DES algorithm with high security, and the two keys are encrypted with RSA algorithm, thus ensuring the security of the triple DES key and solving the problem of key management; At the same time to realize digital signature using Java security software, to ensure data integrity and non-repudiation. Finally, the data encryption system is developed by Java language. The data encryption system is simple and effective, with good security and practicality.

Usage of information safety requirements in improving tube bending process

NASA Astrophysics Data System (ADS)

Livshitz, I. I.; Kunakov, E.; Lontsikh, P. A.

2018-05-01

This article is devoted to an improvement of the technological process's analysis with the information security requirements implementation. The aim of this research is the competition increase analysis in aircraft industry enterprises due to the information technology implementation by the example of the tube bending technological process. The article analyzes tube bending kinds and current technique. In addition, a potential risks analysis in a tube bending technological process is carried out in terms of information security.

New colored optical security elements using Rolic's LPP/LCP technology: devices for first- to third-level inspection

NASA Astrophysics Data System (ADS)

Moia, Franco

2002-04-01

With linear photo-polymerization (LPP) ROLIC has invented a photo-patternable technology enabling to align not only conventional liquid crystals but also liquid crystals polymers (LCP). ROLIC's optical security device technology derives from its LPP/LCP technology. LPP/LCP security devices are created by structured photo-alignment of an LPP layer through phot-masks, thus generating a high resolution, photo-patterned aligning layer which carries the aligning information of the image to be created. The subsequent LCP layer transforms the aligning information into an optical phase image with low and/or very high information content, such as invisible photographic pictures. The building block capability of the LPP/LCP technology allows the manufacturing of cholesteric and non-cholesteric LPP/LCP devices which cover 1st and/or 2nd level applications. Apart from black/white security devices colored information zones can be integrated. Moreover, we have developed an LPP/LCP security device which covers all three- 1st, 2nd and 3rd- inspection levels in one and the same authentication device: besides a color shift by tilting the device (1st level) and the detection of normally hidden information by use of a simple sheet polarizer (2nd level) the new device contains encrypted hidden information which can be visualized only by superimposing an LPP/LCP inspection tool (key) for decryption (3rd level). This optical key is also based on the LPP/LCP technology and is itself a 3rd level security device.

Quantum technology and cryptology for information security

NASA Astrophysics Data System (ADS)

Naqvi, Syed; Riguidel, Michel

2007-04-01

Cryptology and information security are set to play a more prominent role in the near future. In this regard, quantum communication and cryptography offer new opportunities to tackle ICT security. Quantum Information Processing and Communication (QIPC) is a scientific field where new conceptual foundations and techniques are being developed. They promise to play an important role in the future of information Security. It is therefore essential to have a cross-fertilizing development between quantum technology and cryptology in order to address the security challenges of the emerging quantum era. In this article, we discuss the impact of quantum technology on the current as well as future crypto-techniques. We then analyse the assumptions on which quantum computers may operate. Then we present our vision for the distribution of security attributes using a novel form of trust based on Heisenberg's uncertainty; and, building highly secure quantum networks based on the clear transmission of single photons and/or bundles of photons able to withstand unauthorized reading as a result of secure protocols based on the observations of quantum mechanics. We argue how quantum cryptographic systems need to be developed that can take advantage of the laws of physics to provide long-term security based on solid assumptions. This requires a structured integration effort to deploy quantum technologies within the existing security infrastructure. Finally, we conclude that classical cryptographic techniques need to be redesigned and upgraded in view of the growing threat of cryptanalytic attacks posed by quantum information processing devices leading to the development of post-quantum cryptography.

National Security and Information Technology: The New Regulatory Option?

ERIC Educational Resources Information Center

Irwin, Manley R.

1987-01-01

Summarizes recent developments in information technology research and development, telecommunication services, telephone manufacturing, telecommunication networks, information processing, and U.S. import/export policy. It is concluded that government regulation as a policy strategy depends on how one defines national security. (Author/CLB)

The research of network database security technology based on web service

NASA Astrophysics Data System (ADS)

Meng, Fanxing; Wen, Xiumei; Gao, Liting; Pang, Hui; Wang, Qinglin

2013-03-01

Database technology is one of the most widely applied computer technologies, its security is becoming more and more important. This paper introduced the database security, network database security level, studies the security technology of the network database, analyzes emphatically sub-key encryption algorithm, applies this algorithm into the campus-one-card system successfully. The realization process of the encryption algorithm is discussed, this method is widely used as reference in many fields, particularly in management information system security and e-commerce.

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

Collaborating to optimize nursing students' agency information technology use.

PubMed

Fetter, Marilyn S

2009-01-01

As the learning laboratory for gaining actual patient care experience, clinical agencies play an essential role in nursing education. With an information technology revolution transforming healthcare, nursing programs are eager for their students to learn the latest informatics systems and technologies. However, many healthcare institutions are struggling to meet their own information technology needs and report limited resources and other as barriers to nursing student training. In addition, nursing students' information technology access and use raise security and privacy concerns. With the goal of a fully electronic health record by 2014, it is imperative that agencies and educational programs collaborate. They need to establish educationally sound, cost-effective, and secure policies and procedures for managing students' use of information technology systems. Strategies for evaluating options, selecting training methods, and ensuring data security are shared, along with strategies that may reap clinical, economic, and educational benefits. Students' information technology use raises numerous issues that the nursing profession must address to participate in healthcare's transformation into the digital age.

21 CFR 1311.08 - Incorporation by reference.

Code of Federal Regulations, 2010 CFR

2010-04-01

... of Standards and Technology, Computer Security Division, Information Technology Laboratory, National... standards are available from the National Institute of Standards and Technology, Computer Security Division... 140-2, Security Requirements for Cryptographic Modules, May 25, 2001, as amended by Change Notices 2...

Disaster at a University: A Case Study in Information Security

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Tyks, Jonathan

2012-01-01

Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

Examining the Relationship between Organization Systems and Information Security Awareness

ERIC Educational Resources Information Center

Tintamusik, Yanarong

2010-01-01

The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

Information Sharing for IT Security Professionals

ERIC Educational Resources Information Center

Petersen, Rodney J.

2008-01-01

Information sharing is a core value for information technology (IT) security professionals. It is also a familiar concept for those who work at institutions of higher education because of their long history of collaboration and openness. Information sharing has become part of the national fabric as IT security professionals attempt to secure cyber…

78 FR 19073 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-28

... individual custodians; end-investors providing security-by-security information will require an average of...; end-investors providing security-by-security information will require an average of 146 hours; and... keeping burdens on respondents, including the use of information technologies to automate the collection...

48 CFR 3439.702 - Department security requirements.

Code of Federal Regulations, 2014 CFR

2014-10-01

... requirements. 3439.702 Section 3439.702 Federal Acquisition Regulations System DEPARTMENT OF EDUCATION ACQUISITION REGULATION SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Department Requirements for Acquisition of Information Technology 3439.702 Department security requirements. The...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

32 CFR 2400.19 - Declassification by the Director of the Information Security Oversight Office.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM Declassification and Downgrading § 2400.19...

48 CFR 339.7100 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7100 Definitions. As... with OMB Circular A-130, Management of Federal Information Resources, Appendix 3 (Security of Federal Automated Information Resources), security commensurate with the risk and magnitude of harm resulting from...

A security architecture for health information networks.

PubMed

Kailar, Rajashekar; Muralidhar, Vinod

2007-10-11

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

A Security Architecture for Health Information Networks

PubMed Central

Kailar, Rajashekar

2007-01-01

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today’s healthcare enterprise. Recent work on ‘nationwide health information network’ architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately. PMID:18693862

Exploring Factors Influencing Self-Efficacy in Information Security an Empirical Analysis by Integrating Multiple Theoretical Perspectives in the Context of Using Protective Information Technologies

ERIC Educational Resources Information Center

Reddy, Dinesh Sampangirama

2017-01-01

Cybersecurity threats confront the United States on a daily basis, making them one of the major national security challenges. One approach to meeting these challenges is to improve user cybersecurity behavior. End user security behavior hinges on end user acceptance and use of the protective information technologies such as anti-virus and…

77 FR 52692 - NIST Federal Information Processing Standard (FIPS) 140-3 (Second Draft), Security Requirements...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-30

...-03] NIST Federal Information Processing Standard (FIPS) 140-3 (Second Draft), Security Requirements... Technology (NIST), Commerce. ACTION: Notice and Request for Comments. SUMMARY: The National Institute of Standards and Technology (NIST) seeks additional comments on specific sections of Federal Information...

Research on Quantum Authentication Methods for the Secure Access Control Among Three Elements of Cloud Computing

NASA Astrophysics Data System (ADS)

Dong, Yumin; Xiao, Shufen; Ma, Hongyang; Chen, Libo

2016-12-01

Cloud computing and big data have become the developing engine of current information technology (IT) as a result of the rapid development of IT. However, security protection has become increasingly important for cloud computing and big data, and has become a problem that must be solved to develop cloud computing. The theft of identity authentication information remains a serious threat to the security of cloud computing. In this process, attackers intrude into cloud computing services through identity authentication information, thereby threatening the security of data from multiple perspectives. Therefore, this study proposes a model for cloud computing protection and management based on quantum authentication, introduces the principle of quantum authentication, and deduces the quantum authentication process. In theory, quantum authentication technology can be applied in cloud computing for security protection. This technology cannot be cloned; thus, it is more secure and reliable than classical methods.

Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study.

PubMed

Atienza, Audie A; Zarcadoolas, Christina; Vaughon, Wendy; Hughes, Penelope; Patel, Vaishali; Chou, Wen-Ying Sylvia; Pritts, Joy

2015-01-01

This study examined consumers' attitudes and perceptions regarding mobile health (mHealth) technology use in health care. Twenty-four focus groups with 256 participants were conducted in 5 geographically diverse locations. Participants were also diverse in age, education, race/ethnicity, gender, and rural versus urban settings. Several key themes emerged from the focus groups. Findings suggest that consumer attitudes regarding mHealth privacy/security are highly contextualized, with concerns depending on the type of information being communicated, where and when the information is being accessed, who is accessing or seeing the information, and for what reasons. Consumers frequently considered the tradeoffs between the privacy/security of using mHealth technologies and the potential benefits. Having control over mHealth privacy/security features and trust in providers were important issues for consumers. Overall, this study found significant diversity in attitudes regarding mHealth privacy/security both within and between traditional demographic groups. Thus, to address consumers' concerns regarding mHealth privacy and security, a one-size-fits-all approach may not be adequate. Health care providers and technology developers should consider tailoring mHealth technology according to how various types of information are communicated in the health care setting, as well as according to the comfort, skills, and concerns individuals may have with mHealth technology.

A Security Audit Framework to Manage Information System Security

NASA Astrophysics Data System (ADS)

Pereira, Teresa; Santos, Henrique

The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

77 FR 25686 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-01

... NIST Computer Security Division. Note that agenda items may change without notice because of possible... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB...

Making Technology Work for Campus Security

ERIC Educational Resources Information Center

Floreno, Jeff; Keil, Brad

2010-01-01

The challenges associated with securing schools from both on- and off-campus threats create constant pressure for law enforcement, campus security professionals, and administrators. And while security technology choices are plentiful, many colleges and universities are operating with limited dollars and information needed to select and integrate…

Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model.

PubMed

Moghaddasi, Hamid; Sajjadi, Samad; Kamkarhaghighi, Mehran

2016-01-01

Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. The "data security models" presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the "needs and improvement" cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced.

Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model

PubMed Central

Moghaddasi, Hamid; Kamkarhaghighi, Mehran

2016-01-01

Introduction: Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. Background: The “data security models” presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the “needs and improvement” cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Findings: Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Conclusion: Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced. PMID:27857823

48 CFR 339.7100 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7100 Definitions. As used in this subpart, the following definitions shall apply: Adequate security means, in accordance with OMB Circular A-130, Management of Federal Information Resources, Appendix 3 (Security of Federal...

48 CFR 339.7100 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7100 Definitions. As used in this subpart, the following definitions shall apply: Adequate security means, in accordance with OMB Circular A-130, Management of Federal Information Resources, Appendix 3 (Security of Federal...

48 CFR 339.7100 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7100 Definitions. As used in this subpart, the following definitions shall apply: Adequate security means, in accordance with OMB Circular A-130, Management of Federal Information Resources, Appendix 3 (Security of Federal...

48 CFR 339.7100 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7100 Definitions. As used in this subpart, the following definitions shall apply: Adequate security means, in accordance with OMB Circular A-130, Management of Federal Information Resources, Appendix 3 (Security of Federal...

75 FR 27847 - China Technology Global Corp.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-18

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] China Technology Global Corp.; Order of Suspension of Trading May 14, 2010. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of China Technology Global Corp...

Marine data security based on blockchain technology

NASA Astrophysics Data System (ADS)

Yang, Zhao; Xie, Weiwei; Huang, Lei; Wei, Zhiqiang

2018-03-01

With the development of marine observation technology and network technology, the volume of marine data growing rapidly. This brings new challenges for data storage and transmission. How to protect data security of marine big data has become an urgent problem. The traditional information security methods’ characteristic is centralization. These technologies cannot provide whole process protection, e.g., data storage, data management and application of data. The blockchain technology is a novel technology, which can keep the data security and reliability by using decentralized methodology. It has aroused wide interest in the financial field. In this paper, we describe the concept, characteristics and key technologies of blockchain technology and introduce it into the field of marine data security.

Managing information technology security risk

NASA Technical Reports Server (NTRS)

Gilliam, David

2003-01-01

Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

Information technology as a tool for the Italian Institute of Social Security (INPS) in the management of social security and civil disability: Pro and cons.

PubMed

Sammicheli, Michele; Scaglione, Marcella

2018-01-01

We examine, from a medical-legal perspective, the pro and cons of the information technology procedures that the Italian Institute of Social Security (INPS) has implemented to manage the provision of social disability assistance, meaning that separate from the payment of pension contributions, being welfare, anchored to an administrative requirement by way of the compulsory payment of a minimum social security contribution.

Security in the management of information systems.

PubMed

Huston, T L; Huston, J L

1998-06-01

Although security technology exists in abundance in health information management systems, the implementation of that technology is often lacking. This lack of implementation can be heavily affected by the attitudes and perceptions of users and management, the "people part" of systems. Particular operational, organizational, and economic factors must be addressed along with employment of security objectives and accountability. Unique threats, as well as controls, pervade the use of microcomputer-based systems as these systems permeate health care information management.

Contextualizing Secure Information System Design: A Socio-Technical Approach

ERIC Educational Resources Information Center

Charif, Abdul Rahim

2017-01-01

Secure Information Systems (SIS) design paradigms have evolved in generations to adapt to IS security needs. However, modern IS are still vulnerable and are far from secure. The development of an underlying IS cannot be reduced to "technological fixes" neither is the design of SIS. Technical security cannot ensure IS security.…

Building Assured Systems Framework

DTIC Science & Technology

2010-09-01

of standards such as ISO 27001 as frameworks [NASCIO 2009]. In this context, a framework is a standard intended to assist in auditing and compliance...Information Security ISO /IEC 27004 Information technology – Security techniques - Information security management measurement ISO /IEC 15939, System and

Cyber indicators of compromise: a domain ontology for security information and event management

DTIC Science & Technology

2017-03-01

COMPROMISE: A DOMAIN ONTOLOGY FOR SECURITY INFORMATION AND EVENT MANAGEMENT by Marsha D. Rowell March 2017 Thesis Co-Advisors: J. D...to automate this work is Security Information and Event Management (SIEM). In short, SIEM technology works by aggregating log information , and then...Distribution is unlimited. CYBER INDICATORS OF COMPROMISE: A DOMAIN ONTOLOGY FOR SECURITY INFORMATION AND EVENT MANAGEMENT Marsha D. Rowell

75 FR 39920 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-13

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, August...

Optical identity authentication technique based on compressive ghost imaging with QR code

NASA Astrophysics Data System (ADS)

Wenjie, Zhan; Leihong, Zhang; Xi, Zeng; Yi, Kang

2018-04-01

With the rapid development of computer technology, information security has attracted more and more attention. It is not only related to the information and property security of individuals and enterprises, but also to the security and social stability of a country. Identity authentication is the first line of defense in information security. In authentication systems, response time and security are the most important factors. An optical authentication technology based on compressive ghost imaging with QR codes is proposed in this paper. The scheme can be authenticated with a small number of samples. Therefore, the response time of the algorithm is short. At the same time, the algorithm can resist certain noise attacks, so it offers good security.

48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

Code of Federal Regulations, 2013 CFR

2013-10-01

... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive Information...

48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

Code of Federal Regulations, 2010 CFR

2010-10-01

... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive Information...

48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

Code of Federal Regulations, 2014 CFR

2014-10-01

... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive Information...

48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

Code of Federal Regulations, 2011 CFR

2011-10-01

... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive Information...

48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

Code of Federal Regulations, 2012 CFR

2012-10-01

... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive Information...

Security analysis of cyber-physical system

NASA Astrophysics Data System (ADS)

Li, Bo; Zhang, Lichen

2017-05-01

In recent years, Cyber-Physical System (CPS) has become an important research direction of academic circles and scientific and technological circles at home and abroad, is considered to be following the third wave of world information technology after the computer, the Internet. PS is a multi-dimensional, heterogeneous, deep integration of open systems, Involving the computer, communication, control and other disciplines of knowledge. As the various disciplines in the research theory and methods are significantly different, so the application of CPS has brought great challenges. This paper introduces the definition and characteristics of CPS, analyzes the current situation of CPS, analyzes the security threats faced by CPS, and gives the security solution for security threats. It also discusses CPS-specific security technology, to promote the healthy development of CPS in information security.

48 CFR 39.001 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY 39.001 Applicability. This part applies to the acquisition of information technology by or for the use of agencies except for acquisitions of information technology for national security systems. However, acquisitions of information technology for national...

Restricted access processor - An application of computer security technology

NASA Technical Reports Server (NTRS)

Mcmahon, E. M.

1985-01-01

This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

Information Technology Security Training Requirements: A Role- and Performance-Based Model

DTIC Science & Technology

1998-04-01

Journal, Vol.9, no. 2, pp. 18-20, 1995. Kearsley, Greg. Andragogy (M. Knowles), Washington, DC: George Washington University, 1996. Knowles, M.S...The Modern Practice of Adult Education: Andragogy vs. Pedagogy, New York: Association Press, 1970. Information Technology Security Training

Discussion on the Technology and Method of Computer Network Security Management

NASA Astrophysics Data System (ADS)

Zhou, Jianlei

2017-09-01

With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.

CMMI(Registered) for Acquisition, Version 1.3. CMMI-ACQ, V1.3

DTIC Science & Technology

2010-11-01

and Software Engineering – System Life Cycle Processes [ ISO 2008b] ISO /IEC 27001 :2005 Information technology – Security techniques – Information...International Organization for Standardization and International Electrotechnical Commission. ISO /IEC 27001 Information Technology – Security Techniques...International Organization for Standardization/International Electrotechnical Commission ( ISO /IEC) body of standards. CMMs focus on improving processes

The Use of BS7799 Information Security Standard to Construct Mechanisms for the Management of Medical Organization Information Security

NASA Astrophysics Data System (ADS)

Liu, Shu-Fan; Chueh, Hao-En; Liao, Kuo-Hsiung

According to surveys, 80 % of security related events threatening information in medical organizations is due to improper management. Most research on information security has focused on information and security technology, such as network security and access control; rarely addressing issues at the management issues. The main purpose of this study is to construct a BS7799 based mechanism for the management of information with regard to security as it applies to medical organizations. This study analyzes and identifies the most common events related to information security in medical organizations and categorizes these events as high-risk, transferable-risk, and controlled-risk to facilitate the management of such risk.

Examining the Relationship of Business Operations and the Information Security Culture in the United States

ERIC Educational Resources Information Center

Wynn, Cynthia L.

2017-01-01

An increase in information technology has caused and increased in threats towards information security. Threats are malware, viruses, sabotage from employees, and hacking into computer systems. Organizations have to find new ways to combat vulnerabilities and threats of internal and external threats to protect their information security and…

Implementing an Information Security Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to covermore » information security best practices, planning for an information security management system, and implementing security controls for information security.« less

Functions of the Department of Defense and Its Major Components

DTIC Science & Technology

2010-12-21

Information Center (DTIC),” August 19, 2005 (ax) DoD Directive 5105.72, “Defense Technology Security Administration ( DTSA ),” July 28, 2005 (ay) DoD...Information Center (DTIC). See DoDD 5105.73 (Reference (aw)). (4) Defense Technology Security Administration ( DTSA ). See DoDD 5105.72

75 FR 33811 - Office of the National Coordinator for Health Information Technology; HIT Policy Committee's...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-15

... DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of the National Coordinator for Health Information Technology; HIT Policy Committee's Privacy & Security Tiger Team Meeting; Notice of Meeting AGENCY: Office of... of Committee: HIT Policy Committee's Privacy & Security Tiger Team. General Function of the Committee...

Sandia National Laboratories: National Security Missions: International

Science.gov Websites

; Security Weapons Science & Technology Defense Systems & Assessments About Defense Systems & ; Development Technology Deployment Centers Working With Sandia Working With Sandia Prospective Suppliers What Information Construction & Facilities Contract Audit Sandia's Economic Impact Licensing & Technology

How Secure Is Education in Information Technology? A Method for Evaluating Security Education in IT

ERIC Educational Resources Information Center

Grover, Mark; Reinicke, Bryan; Cummings, Jeff

2016-01-01

As the popularity of Information Technology programs has expanded at many universities, there are a number of questions to be answered from a curriculum standpoint. As many of these programs are either interdisciplinary, or at least exist outside of the usual Computer Science and Information Systems programs, questions of what is appropriate for…

Information Communication and Technology for Water Resource Management and Food Security in Kenya: A Case Study of Kericho and Uasin Gishu Districts

ERIC Educational Resources Information Center

Omboto, P. I.; Macharia, J.; Mbagaya, Grace; Standa, F. N.

2011-01-01

Recent reports on Kenya have indicated food insecurity and destruction of water catchments as serious problems facing the country. Despite the tremendous strides in Information and Communication Technology (ICT), the country has not taken advantage of the technology to improve food security by effectively managing her water resources. A survey on…

The Department of Homeland Security Intelligence Enterprise: Operational Overview and Oversight Challenges for Congress

DTIC Science & Technology

2010-03-19

network architecture to connect various DHS elements and promote information sharing.17 • Establish a DHS State, Local, and Regional Fusion Center...of reports; the I&A Strategic Plan; training, and the implementation of a comprehensive information systems architecture .73 As part of its...comprehensive information technology network architecture was submitted to Congress last year. See DHS I&A, Homeland Security Information Technology Network

2017 Joint Annual NDIA/AIA Industrial Security Committee Fall Conference

DTIC Science & Technology

2017-11-15

beyond credit data to offer the insights that government professionals need to make informed decisions and ensure citizen safety, manage compliance...business that provides information technology and professional services. We specialize in managing business processes and systems integration for both... Information Security System ISFD Industrial Security Facilities Database OBMS ODAA Business Management System STEPP Security, Training, Education and

76 FR 7817 - Announcing Draft Federal Information Processing Standard 180-4, Secure Hash Standard, and Request...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... before May 12, 2011. ADDRESSES: Written comments may be sent to: Chief, Computer Security Division... FURTHER INFORMATION CONTACT: Elaine Barker, Computer Security Division, National Institute of Standards... Quynh Dang, Computer Security Division, National Institute of Standards and Technology, Gaithersburg, MD...

12 CFR Appendix B to Part 748 - Guidance on Response Programs for Unauthorized Access to Member Information and Member Notice

Code of Federal Regulations, 2010 CFR

2010-01-01

....d. 37 See FFIEC Information Technology Examination Handbook, Information Security Booklet, (December... response program. 38 See FFIEC Information Technology Examination Handbook, Outsourcing Technology Services... accounts, while preserving records and other evidence; 40 and 40 See FFIEC Information Technology...

78 FR 50076 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Sensitive...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-16

... PRA Officer, Office of Information Technology (OIT), TSA-11, Transportation Security Administration... technological collection techniques or other forms of information technology. Information Collection Requirement... Paperwork Reduction Act Officer, Office of Information Technology. [FR Doc. 2013-19973 Filed 8-15-13; 8:45...

Do You Take Credit Cards? Security and Compliance for the Credit Card Payment Industry

ERIC Educational Resources Information Center

Willey, Lorrie; White, Barbara Jo

2013-01-01

Security is a significant concern in business and in information systems (IS) education from both a technological and a strategic standpoint. Students can benefit from the study of information systems security when security concepts are introduced in the context of real-world industry standards. The development of a data security standard for…

78 FR 5438 - Proposed Agency Information Collection

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-25

... DEPARTMENT OF ENERGY National Nuclear Security Administration Proposed Agency Information Collection AGENCY: National Nuclear Security Administration, U.S. Department of Energy. ACTION: Notice and... techniques or other forms of information technology. DATES: Comments regarding this proposed information...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...

Network security system for health and medical information using smart IC card

NASA Astrophysics Data System (ADS)

Kanai, Yoichi; Yachida, Masuyoshi; Yoshikawa, Hiroharu; Yamaguchi, Masahiro; Ohyama, Nagaaki

1998-07-01

A new network security protocol that uses smart IC cards has been designed to assure the integrity and privacy of medical information in communication over a non-secure network. Secure communication software has been implemented as a library based on this protocol, which is called the Integrated Secure Communication Layer (ISCL), and has been incorporated into information systems of the National Cancer Center Hospitals and the Health Service Center of the Tokyo Institute of Technology. Both systems have succeeded in communicating digital medical information securely.

Efficient proof of ownership for cloud storage systems

NASA Astrophysics Data System (ADS)

Zhong, Weiwei; Liu, Zhusong

2017-08-01

Cloud storage system through the deduplication technology to save disk space and bandwidth, but the use of this technology has appeared targeted security attacks: the attacker can deceive the server to obtain ownership of the file by get the hash value of original file. In order to solve the above security problems and the different security requirements of the files in the cloud storage system, an efficient and information-theoretical secure proof of ownership sceme is proposed to support the file rating. Through the K-means algorithm to implement file rating, and use random seed technology and pre-calculation method to achieve safe and efficient proof of ownership scheme. Finally, the scheme is information-theoretical secure, and achieve better performance in the most sensitive areas of client-side I/O and computation.

Practical cryptographic strategies in the post-quantum era

NASA Astrophysics Data System (ADS)

Kabanov, I. S.; Yunusov, R. R.; Kurochkin, Y. V.; Fedorov, A. K.

2018-02-01

Quantum key distribution technologies promise information-theoretic security and are currently being deployed in com-mercial applications. We review new frontiers in information security technologies in communications and distributed storage applications with the use of classical, quantum, hybrid classical-quantum, and post-quantum cryptography. We analyze the cur-rent state-of-the-art, critical characteristics, development trends, and limitations of these techniques for application in enterprise information protection systems. An approach concerning the selection of practical encryption technologies for enterprises with branched communication networks is discussed.

Problems of collaborative work of the automated process control system (APCS) and the its information security and solutions.

NASA Astrophysics Data System (ADS)

Arakelyan, E. K.; Andryushin, A. V.; Mezin, S. V.; Kosoy, A. A.; Kalinina, Ya V.; Khokhlov, I. S.

2017-11-01

The principle of interaction of the specified systems of technological protections by the Automated process control system (APCS) and information safety in case of incorrect execution of the algorithm of technological protection is offered. - checking the correctness of the operation of technological protection in each specific situation using the functional relationship between the monitored parameters. The methodology for assessing the economic feasibility of developing and implementing an information security system.

Department of Veterans Affairs' Implementation of Information Security Education Assistance Program. GAO-10-170R

ERIC Educational Resources Information Center

Wilshusen, Gregory C.; Melvin, Valerie C.

2009-01-01

The Veterans Benefits, Health Care, and Information Technology Act of 2006 authorizes the Secretary of Veterans Affairs to establish an educational assistance program for information security. The Information Security Education Assistance Program is envisioned as a means for the Department of Veterans Affairs (VA) to attract and retain individuals…

Marketing Plan for Demonstration and Validation Assets

DOE Office of Scientific and Technical Information (OSTI.GOV)

None, None

The National Security Preparedness Project (NSPP), is to be sustained by various programs, including technology demonstration and evaluation (DEMVAL). This project assists companies in developing technologies under the National Security Technology Incubator program (NSTI) through demonstration and validation of technologies applicable to national security created by incubators and other sources. The NSPP also will support the creation of an integrated demonstration and validation environment. This report documents the DEMVAL marketing and visibility plan, which will focus on collecting information about, and expanding the visibility of, DEMVAL assets serving businesses with national security technology applications in southern New Mexico.

Information security system quality assessment through the intelligent tools

NASA Astrophysics Data System (ADS)

Trapeznikov, E. V.

2018-04-01

The technology development has shown the automated system information security comprehensive analysis necessity. The subject area analysis indicates the study relevance. The research objective is to develop the information security system quality assessment methodology based on the intelligent tools. The basis of the methodology is the information security assessment model in the information system through the neural network. The paper presents the security assessment model, its algorithm. The methodology practical implementation results in the form of the software flow diagram are represented. The practical significance of the model being developed is noted in conclusions.

32 CFR 147.15 - Guideline M-Misuse of Information technology systems.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Guideline M-Misuse of Information technology... CLASSIFIED INFORMATION Adjudication § 147.15 Guideline M—Misuse of Information technology systems. (a) The... technology systems may raise security concerns about an individual's trustworthiness, willingness, and...

48 CFR 239.7102-1 - General.

Code of Federal Regulations, 2010 CFR

2010-10-01

..., DEPARTMENT OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-1 General. (a) Agencies shall ensure that information assurance is... include— (1) The National Security Act; (2) The Clinger-Cohen Act; (3) National Security...

48 CFR 239.7102-1 - General.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., DEPARTMENT OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-1 General. (a) Agencies shall ensure that information assurance is... include— (1) The National Security Act; (2) The Clinger-Cohen Act; (3) National Security...

48 CFR 239.7102-1 - General.

Code of Federal Regulations, 2013 CFR

2013-10-01

..., DEPARTMENT OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-1 General. (a) Agencies shall ensure that information assurance is... include— (1) The National Security Act; (2) The Clinger-Cohen Act; (3) National Security...

48 CFR 239.7102-1 - General.

Code of Federal Regulations, 2012 CFR

2012-10-01

..., DEPARTMENT OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-1 General. (a) Agencies shall ensure that information assurance is... include— (1) The National Security Act; (2) The Clinger-Cohen Act; (3) National Security...

48 CFR 239.7102-1 - General.

Code of Federal Regulations, 2011 CFR

2011-10-01

..., DEPARTMENT OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7102-1 General. (a) Agencies shall ensure that information assurance is... include— (1) The National Security Act; (2) The Clinger-Cohen Act; (3) National Security...

Information Technology Challenges Facing the Strategic Leaders of Homeland Security in the 21st Century

DTIC Science & Technology

2004-05-03

A special thanks to all of these folks (Glenn Starnes, Lee Gutierrez, Bill Rapp, Joel Hillison, Carlos Gomez, Steve Fraunfelter, Janie Hopkins, Dave ...DiClemente, Joe Nunez, John Bonin , and Steve Nerheim). viii INFORMATION TECHNOLOGY CHALLENGES FACING THE STRATEGIC LEADERS OF HOMELAND SECURITY IN THE 21ST

Shared Information Framework and Technology (SHIFT) Handbook

DTIC Science & Technology

2009-02-01

field. Such a patchwork of separate systems neither improves information sharing nor guarantees the safety and security of communities and personnel in...analysis. In many organizations, security may not necessarily be the expertise of people working in the field, or security and safety issues may be...the safety and security of all crisis management personnel in crisis areas. Functioning information sharing between organisations improves situational

48 CFR 39.107 - Contract clause.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 39.107 Contract clause. The contracting officer..., in solicitations and contracts for information technology which require security of information... information technology services or support services. [61 FR 41470, Aug. 8, 1996. Redesignated at 62 FR 274...

Reducing security risk using data loss prevention technology.

PubMed

Beeskow, John

2015-11-01

Data loss/leakage protection (DLP) technology seeks to improve data security by answering three fundamental questions: > Where are confidential data stored? > Who is accessing the information? > How are data being handled?

5 CFR 1312.29 - Destruction.

Code of Federal Regulations, 2010 CFR

2010-01-01

.... Classified official record material will be processed to the Information Systems and Technology, Records.../CSS Directorate for Information Systems Security, Ft. Meade, Maryland 20755. Specifications concerning..., DECLASSIFICATION AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION Control and Accountability of Classified...

Information Data Security Specialists' and Business Leaders' Experiences Regarding Communication Challenges

ERIC Educational Resources Information Center

Lopez, Robert H.

2012-01-01

The problem addressed was the need to maintain data security in the field of information technology. Specifically, the breakdown of communication between business leaders and data security specialists create risks to data security. The purpose of this qualitative phenomenological study was to determine which factors would improve communication…

Teaching Information Security with Workflow Technology--A Case Study Approach

ERIC Educational Resources Information Center

He, Wu; Kshirsagar, Ashish; Nwala, Alexander; Li, Yaohang

2014-01-01

In recent years, there has been a significant increase in the demand from professionals in different areas for improving the curricula regarding information security. The use of authentic case studies in teaching information security offers the potential to effectively engage students in active learning. In this paper, the authors introduce the…

78 FR 62931 - Pacific Clean Water Technologies, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-22

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Pacific Clean Water Technologies, Inc.; Order of Suspension of Trading October 11, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Pacific Clean Water...

77 FR 58424 - China Mobile Media Technology, Inc., Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-20

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] China Mobile Media Technology, Inc., Order of Suspension of Trading September 18, 2012. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of China Mobile Media...

21 CFR 1311.08 - Incorporation by reference.

Code of Federal Regulations, 2014 CFR

2014-04-01

... the National Institute of Standards and Technology, Computer Security Division, Information Technology... Publication (FIPS PUB) 140-2, Change Notices (12-03-2002), Security Requirements for Cryptographic Modules... §§ 1311.30(b), 1311.55(b), 1311.115(b), 1311.120(b), 1311.205(b). (i) Annex A: Approved Security Functions...

Using SysML to model complex systems for security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Cano, Lester Arturo

2010-08-01

As security systems integrate more Information Technology the design of these systems has tended to become more complex. Some of the most difficult issues in designing Complex Security Systems (CSS) are: Capturing Requirements: Defining Hardware Interfaces: Defining Software Interfaces: Integrating Technologies: Radio Systems: Voice Over IP Systems: Situational Awareness Systems.

77 FR 5291 - Thermo Tech Technologies Inc., T.V.G. Technologies Ltd., and Visual Frontier, Inc.; Order of...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-02

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Thermo Tech Technologies Inc., T.V.G. Technologies Ltd., and Visual Frontier, Inc.; Order of Suspension of Trading January 31, 2012. It appears to... is a lack of current and accurate information concerning the securities of T.V.G. Technologies Ltd...

76 FR 34231 - Agency Information Collection Activities: Submission for Review; Information Collection Request...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-13

... Information Collection. (2) Title of the Form/Collection: Science and Technology, External S&T Collaboration... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0041] Agency Information Collection Activities: Submission for Review; Information Collection Request for the Department of Homeland Security...

77 FR 25186 - Agency Information Collection Activities: Submission for Review; Information Collection Request...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-27

... 23, 2012. Rick Stevens, Chief Information Officer for Science and Technology. [FR Doc. 2012-10235... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2012-0015] Agency Information Collection Activities: Submission for Review; Information Collection Request for the Department of Homeland Security...

The Electronic Intrusion Threat to National Security and Emergency Preparedness (NS/EP) Telecommunications. An Awareness Document

DTIC Science & Technology

1999-03-01

Responsibilities, a national security emergency is “any occurrence, including natural disaster, military attack, technological emergency, or other...in information systems increase in Russia, “the growing role of information- technology warfare is rapidly lowering the barrier between war and peace...waging war. As one Russian military theorist stated, “it is necessary to place paramount importance on technological indicators of new weapons, which are

An Analysis of Information Technology Managers' and Executives' Security Concerns on Willingness to Adopt Cloud Computing Solutions

ERIC Educational Resources Information Center

Tanque, Marcus M.

2012-01-01

The research conducted in this study inquires about Information Technology (IT) managers' and executives' attitudes, beliefs, and knowledge on Cloud Computing (CC) security. The study evaluated how these factors affect IT managers' and executives' willingness to adopt CC solutions in their organizations. Confidentiality,…

Supporting Case-Based Learning in Information Security with Web-Based Technology

ERIC Educational Resources Information Center

He, Wu; Yuan, Xiaohong; Yang, Li

2013-01-01

Case-based learning has been widely used in many disciplines. As an effective pedagogical method, case-based learning is also being used to support teaching and learning in the domain of information security. In this paper, we demonstrate case-based learning in information security by sharing our experiences in using a case study to teach security…

78 FR 54266 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Department of...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-03

... delivered to the TSA PRA Officer, Office of Information Technology (OIT), TSA-11, Transportation Security... technological collection techniques or other forms of information technology. Information Collection Requirement... Protection, U.S. Citizenship and Immigration Services, Office of Biometric Information Management, Office of...

76 FR 57615 - National Health Information Technology Week, 2011

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-15

... Health Information Technology Week, 2011 #0; #0; #0; Presidential Documents #0; #0; #0;#0;Federal... Technology Week, 2011 By the President of the United States of America A Proclamation Technological advances... Week, we highlight the critical importance of secure and efficient information systems to improving the...

Software Assurance in Acquisition: Mitigating Risks to the Enterprise. A Reference Guide for Security-Enhanced Software Acquisition and Outsourcing

DTIC Science & Technology

2009-02-01

management, available at <http://www.iso.org/ iso /en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=39612&ICS1=35&ICS2=40 &ICS3=>. ISO /IEC 27001 . Information...Management of the Systems Engineering Process. [ ISO /IEC 27001 ] ISO /IEC 27001 :2005. Information technology -- Security techniques -- Information security...software life cycles [ ISO /IEC 15026]. Software assurance is a key element of national security and homeland security. It is critical because dramatic

Cyber security evaluation of II&C technologies

DOE Office of Scientific and Technical Information (OSTI.GOV)

Thomas, Ken

The Light Water Reactor Sustainability (LWRS) Program is a research and development program sponsored by the Department of Energy, which is conducted in close collaboration with industry to provide the technical foundations for licensing and managing the long-term, safe and economical operation of current nuclear power plants The LWRS Program serves to help the US nuclear industry adopt new technologies and engineering solutions that facilitate the continued safe operation of the plants and extension of the current operating licenses. Within the LWRS Program, the Advanced Instrumentation, Information, and Control (II&C) Systems Technologies Pathway conducts targeted research and development (R&D) tomore » address aging and reliability concerns with the legacy instrumentation and control and related information systems of the U.S. operating light water reactor (LWR) fleet. The II&C Pathway is conducted by Idaho National Laboratory (INL). Cyber security is a common concern among nuclear utilities and other nuclear industry stakeholders regarding the digital technologies that are being developed under this program. This concern extends to the point of calling into question whether these types of technologies could ever be deployed in nuclear plants given the possibility that the information in them can be compromised and the technologies themselves can potentially be exploited to serve as attack vectors for adversaries. To this end, a cyber security evaluation has been conducted of these technologies to determine whether they constitute a threat beyond what the nuclear plants already manage within their regulatory-required cyber security programs. Specifically, the evaluation is based on NEI 08-09, which is the industry’s template for cyber security programs and evaluations, accepted by the Nuclear Regulatory Commission (NRC) as responsive to the requirements of the nuclear power plant cyber security regulation found in 10 CFR 73.54. The evaluation was conducted by a cyber security team with expertise in nuclear utility cyber security programs and experience in conducting these evaluations. The evaluation has determined that, for the most part, cyber security will not be a limiting factor in the application of these technologies to nuclear power plant applications.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nelson, Cynthia Lee

There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allowmore » special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing the secure portal concept.« less

An Examination of Issues Surrounding Information Security in California Colleges

ERIC Educational Resources Information Center

Butler, Robert D.

2013-01-01

Technological advances have provided increasing opportunities in higher education for delivering instruction and other services. However, exposure to information security attacks has been increasing as more organizations conduct their businesses online. Higher education institutions have one of the highest frequencies of security breaches as…

What's in a Name?

ERIC Educational Resources Information Center

Petersen, Rodney

2004-01-01

The evolution of terms, such as computer security, network security, information security, and information assurance, appears to reflect a changing landscape, largely influenced by rapid developments in technology and the maturity of a relatively young profession and an emerging academic discipline. What lies behind the evolution of these terms?…

Security Evolution.

ERIC Educational Resources Information Center

De Patta, Joe

2003-01-01

Examines how to evaluate school security, begin making schools safe, secure schools without turning them into fortresses, and secure schools easily and affordably; the evolution of security systems into information technology systems; using schools' high-speed network lines; how one specific security system was developed; pros and cons of the…

75 FR 28325 - Proposed Collection; Comment Request for Form 8316

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-20

... 8316, Information Regarding Request for Refund of Social Security Tax Erroneously Withheld on Wages... . SUPPLEMENTARY INFORMATION: Title: Information Regarding Request for Refund of Social Security Tax Erroneously... information technology; and (e) estimates of capital or start-up costs and costs of operation, maintenance...

75 FR 15761 - Agency Information Collection Activities: Proposed Request and Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-30

... technology. Mail, e-mail, or fax your comments and recommendations on the information collection(s) to the... SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection...

"Willing but unwilling": attitudinal barriers to adoption of home-based health information technology among older adults.

PubMed

Young, Rachel; Willis, Erin; Cameron, Glen; Geana, Mugur

2014-06-01

While much research focuses on adoption of electronic health-care records and other information technology among health-care providers, less research explores patient attitudes. This qualitative study examines barriers to adoption of home-based health information technology, particularly personal electronic health records, among older adults. We conducted in-depth interviews (30-90 min duration) with 35 American adults, aged 46-72 years, to determine their perceptions of and attitudes toward home-based health information technology. Analysis of interview data revealed that most barriers to adoption fell under four themes: technological discomfort, privacy or security concerns, lack of relative advantage, and perceived distance from the user representation. Based on our findings, systems to promote home-based health information technology should incorporate familiar computer applications, alleviate privacy and security concerns, and align with older adults' active and engaged self-image.

48 CFR 39.107 - Contract clause.

Code of Federal Regulations, 2012 CFR

2012-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 39.107 Contract clause. The contracting officer..., in solicitations and contracts for information technology which require security of information technology, and/or are for the design, development, or operation of a system of records using commercial...

48 CFR 39.107 - Contract clause.

Code of Federal Regulations, 2011 CFR

2011-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 39.107 Contract clause. The contracting officer..., in solicitations and contracts for information technology which require security of information technology, and/or are for the design, development, or operation of a system of records using commercial...

48 CFR 39.107 - Contract clause.

Code of Federal Regulations, 2014 CFR

2014-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 39.107 Contract clause. The contracting officer..., in solicitations and contracts for information technology which require security of information technology, and/or are for the design, development, or operation of a system of records using commercial...

48 CFR 39.107 - Contract clause.

Code of Federal Regulations, 2013 CFR

2013-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 39.107 Contract clause. The contracting officer..., in solicitations and contracts for information technology which require security of information technology, and/or are for the design, development, or operation of a system of records using commercial...

76 FR 28499 - Data Fortress Systems Group Ltd., Digital Youth Network Corp., Fantom Technologies, Inc., and KIK...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-17

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Data Fortress Systems Group Ltd., Digital Youth Network Corp., Fantom Technologies, Inc., and KIK Technology International, Inc., Order of... of current and accurate information concerning the securities of Data Fortress Systems Group Ltd...

77 FR 73669 - Response to Comments Received for the “The Menlo Report: Ethical Principles Guiding Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-11

... Technology Research'' (``The Menlo Report'') for the Department of Homeland Security (DHS), Science and Technology, Cyber Security Division (CSD), Protected Repository for the Defense of Infrastructure Against Cyber Threats (PREDICT) Project AGENCY: Science and Technology Directorate, DHS. ACTION: Response...

The exploration of the exhibition informatization

NASA Astrophysics Data System (ADS)

Zhang, Jiankang

2017-06-01

The construction and management of exhibition informatization is the main task and choke point during the process of Chinese exhibition industry’s transformation and promotion. There are three key points expected to realize a breakthrough during the construction of Chinese exhibition informatization, and the three aspects respectively are adopting service outsourcing to construct and maintain the database, adopting advanced chest card technology to collect various kinds of information, developing statistics analysis to maintain good cutomer relations. The success of Chinese exhibition informatization mainly calls for mature suppliers who can provide construction and maintenance of database, the proven technology, a sense of data security, advanced chest card technology, the ability of data mining and analysis and the ability to improve the exhibition service basing on the commercial information got from the data analysis. Several data security measures are expected to apply during the process of system developing, including the measures of the terminal data security, the internet data security, the media data security, the storage data security and the application data security. The informatization of this process is based on the chest card designing. At present, there are several types of chest card technology: bar code chest card; two-dimension code card; magnetic stripe chest card; smart-chip chest card. The information got from the exhibition data will help the organizers to make relevant service strategies, quantify the accumulated indexes of the customers, and improve the level of the customer’s satisfaction and loyalty, what’s more, the information can also provide more additional services like the commercial trips, VIP ceremonial reception.

Sandia National Laboratories: National Security Missions: International

Science.gov Websites

Weapons Safety & Security Weapons Science & Technology Defense Systems & Assessments About Directed Research & Development Technology Deployment Centers Working With Sandia Working With Sandia Payable Contract Information Construction & Facilities Contract Audit Sandia's Economic Impact

78 FR 32417 - Intent To Request Renewal From OMB of One Current Public Collection of Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-30

... Officer, Office of Information Technology (OIT), TSA-11, Transportation Security Administration, 601 South... technological collection techniques or other forms of information technology. Information Collection Requirement... provide fingerprints and undergo a criminal history records check. The program implements authorities set...

An Australian Land Force for Conflict in a World Without Precedent (Future Warfare Concept Paper)

DTIC Science & Technology

2009-01-01

Michael B. Ryan, Australian Army Thesis: The current pace of change in the global security environment and information technology demands that, like...information) Wave societies.6 The current pace of change in the global security environment and information technology demands that, like all...Blue, downloaded from www.defence.gov.au/navy; La Franchi , Peter, “High Level Interoperability: Future Development of t Peter, “Development Role

Enhanced optical security by using information carrier digital screening

NASA Astrophysics Data System (ADS)

Koltai, Ferenc; Adam, Bence

2004-06-01

Jura has developed different security features based on Information Carrier Digital Screening. Substance of such features is that a non-visible secondary image is encoded in a visible primary image. The encoded image will be visible only by using a decoding device. One of such developments is JURA's Invisible Personal Information (IPI) is widely used in high security documents, where personal data of the document holder are encoded in the screen of the document holder's photography and they can be decoded by using an optical decoding device. In order to make document verification fully automated, enhance security and eliminate human factors, digital version of IPI, the D-IPI was developed. A special 2D-barcode structure was designed, which contains sufficient quantity of encoded digital information and can be embedded into the photo. Other part of Digital-IPI is the reading software, that is able to retrieve the encoded information with high reliability. The reading software developed with a specific 2D structure is providing the possibility of a forensic analysis. Such analysis will discover all kind of manipulations -- globally, if the photography was simply changed and selectively, if only part of the photography was manipulated. Digital IPI is a good example how benefits of digital technology can be exploited by using optical security and how technology for optical security can be converted into digital technology. The D-IPI process is compatible with all current personalization printers and materials (polycarbonate, PVC, security papers, Teslin-foils, etc.) and can provide any document with enhanced security and tamper-resistance.

Crosstalk: The Journal of Defense Software Engineering. Volume 22, Number 3

DTIC Science & Technology

2009-04-01

international standard for information security management systems like ISO /IEC 27001 :2005 [1] existed. Since that time, the organization has developed control...of ISO /IEC 27001 and the desire to make decisions based on business value and risk has prompted Ford’s IT Security and Controls organi- zation to begin...their conventional application security operation.u References 1. ISO /IEC 27001 :2005. “Information Technology – Security Techniques – Information

25 CFR 543.16 - What are the minimum internal controls for information technology?

Code of Federal Regulations, 2010 CFR

2010-04-01

... technology? 543.16 Section 543.16 Indians NATIONAL INDIAN GAMING COMMISSION, DEPARTMENT OF THE INTERIOR HUMAN... controls for information technology? (a) Physical security measures restricting access to agents, including... longer required. (2) In the event of remote access, the information technology employees must prepare a...

Information Systems at Enterprise. Design of Secure Network of Enterprise

NASA Astrophysics Data System (ADS)

Saigushev, N. Y.; Mikhailova, U. V.; Vedeneeva, O. A.; Tsaran, A. A.

2018-05-01

No enterprise and company can do without designing its own corporate network in today's information society. It accelerates and facilitates the work of employees at any level, but contains a big threat to confidential information of the company. In addition to the data theft attackers, there are plenty of information threats posed by modern malware effects. In this regard, the computational security of corporate networks is an important component of modern information technologies of computer security for any enterprise. This article says about the design of the protected corporate network of the enterprise that provides the computers on the network access to the Internet, as well interoperability with the branch. The access speed to the Internet at a high level is provided through the use of high-speed access channels and load balancing between devices. The security of the designed network is performed through the use of VLAN technology as well as access lists and AAA server.

Using Information Technologies in Professional Training of Future Security Specialists in the USA, Great Britain, Poland and Israel

ERIC Educational Resources Information Center

Kyslenko, Dmytro

2017-01-01

The paper discusses the use of information technologies in professional training of future security specialists in the United States, Great Britain, Poland and Israel. The probable use of computer-based techniques being available within the integrated Web-sites have been systematized. It has been suggested that the presented scheme may be of great…

Gender Differences in the Field of Information Security Technology Management: A Qualitative, Phenomenological Study

ERIC Educational Resources Information Center

Johnson, Marcia L.

2013-01-01

This qualitative study explored why there are so few senior women in the information security technology management field and whether gender played a part in the achievement of women in the field. Extensive interviews were performed to capture the lived experiences of successful women in the field regarding the obstacles and common denominators of…

Qualitative Case Study Exploring Operational Barriers Impeding Small and Private, Nonprofit Higher Education Institutions from Implementing Information Security Controls

ERIC Educational Resources Information Center

Liesen, Joseph J.

2017-01-01

The higher education industry uses the very latest technologies to effectively prepare students for their careers, but these technologies often contain vulnerabilities that can be exploited via their connection to the Internet. The complex task of securing information and computing systems is made more difficult at institutions of higher education…

78 FR 40830 - Proposed Collection; Comment Request for Form 8316

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-08

... 8316, Information Regarding Request for Refund of Social Security Tax Erroneously Withheld on Wages... INFORMATION: Title: Information Regarding Request for Refund of Social Security Tax Erroneously Withheld on... information technology; and (e) estimates of capital or start-up costs and costs of operation, [[Page 40831...

Mobile Security: A Systems Engineering Framework for Implementing Bring Your Own Device (BYOD) Security through the Combination of Policy Management and Technology

ERIC Educational Resources Information Center

Zahadat, Nima

2016-01-01

With the rapid increase of smartphones and tablets, security concerns have also been on the rise. Traditionally, Information Technology (IT) departments set up devices, apply security, and monitor them. Such approaches do not apply to today's mobile devices due to a phenomenon called Bring Your Own Device or BYOD. Employees find it desirable to…

The ISACA Business Model for Information Security: An Integrative and Innovative Approach

NASA Astrophysics Data System (ADS)

von Roessing, Rolf

In recent years, information security management has matured into a professional discipline that covers both technical and managerial aspects in an organisational environment. Information security is increasingly dependent on business-driven parameters and interfaces to a variety of organisational units and departments. In contrast, common security models and frameworks have remained largely technical. A review of extant models ranging from [LaBe73] to more recent models shows that technical aspects are covered in great detail, while the managerial aspects of security are often neglected.Likewise, the business view on organisational security is frequently at odds with the demands of information security personnel or information technology management. In practice, senior and executive level management remain comparatively distant from technical requirements. As a result, information security is generally regarded as a cost factor rather than a benefit to the organisation.

Interpreting international governance standards for health IT use within general medical practice.

PubMed

Mahncke, Rachel J; Williams, Patricia A H

2014-01-01

General practices in Australia recognise the importance of comprehensive protective security measures. Some elements of information security governance are incorporated into recommended standards, however the governance component of information security is still insufficiently addressed in practice. The International Organistion for Standardisation (ISO) released a new global standard in May 2013 entitled, ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security. This standard, applicable to organisations of all sizes, offers a framework against which to assess and implement the governance components of information security. The standard demonstrates the relationship between governance and the management of information security, provides strategic principles and processes, and forms the basis for establishing a positive information security culture. An analysis interpretation of this standard for use in Australian general practice was performed. This work is unique as such interpretation for the Australian healthcare environment has not been undertaken before. It demonstrates an application of the standard at a strategic level to inform existing development of an information security governance framework.

75 FR 44974 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Sensitive...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-30

... TSA PRA Officer, Office of Information Technology (OIT), TSA-11, Transportation Security... technological collection techniques or other forms of information technology. Information Collection Requirement... history records check (CHRC), (2) a name-based check to determine whether the individual poses or is...

78 FR 7820 - Notice of Intelligent Mail Indicia Performance Criteria

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-04

... FURTHER INFORMATION CONTACT: Marlo Kay Ivey, Business Programs Specialist, Payment Technology, U.S. Postal... Performance Criteria and Security Architecture for Open Information Based Indicia (IBI) Postage Evidencing Systems and the Performance Criteria and Security Architecture for Closed Information Based Indicia (IBI...

The Most Likely Nemesis to Timely, Accurate Electronic Information

DTIC Science & Technology

2002-02-04

NETWORKS, TRAINING, COMMERCIAL OFF-THE-SHELF, INFORMATION TECHNOLOGY , INTERNET , COMMUNICATIONS EQUIPMENT, ELECTRONIC INFORMATION 15.Abstract... information . During a recent interview for Military Information Technology magazine, Lieutenant General John L. Woodward, Jr., USAF, Deputy Chief of Staff...NSC) Coordinator for Security, Infrastructure Protection and Counterterrorism, said the NSC did not want a czar for information technology (IT) nor

78 FR 13366 - Information Collection Request: Technical Resource for Incident Prevention (TRIPwire) User...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-27

..., electronic, mechanical, or other technological collection techniques or other forms of information technology...' suitability to access the secure environment. The information collected during the TRIPwire user registration...

Security of Data, Stored in Information Systems of Bulgarian Municipal Administrations

NASA Astrophysics Data System (ADS)

Kapralyakov, Petko

2011-12-01

Massive influx of information technology in municipal administrations increases their efficiency in delivering public services but increased the risk of theft of confidential information electronically. The report proposed an approach for improving information security for small municipal governments in Bulgaria through enhanced intrusion detection and prevention system.

77 FR 68881 - DIAS Holding, Inc., EarthBlock Technologies, Inc., Ensurapet, Inc., FIIC Holdings, Inc., GeM...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-16

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] DIAS Holding, Inc., EarthBlock Technologies, Inc., Ensurapet, Inc., FIIC Holdings, Inc., GeM Solutions, Inc., Gold Star Tutoring Services Inc., and... accurate information concerning the securities of EarthBlock Technologies, Inc. because it has not filed...

Management, Security, and Congressional Oversight. Federal Government Information Technology.

ERIC Educational Resources Information Center

Congress of the U.S., Washington, DC. Office of Technology Assessment.

This report considers the management, use, and congressional oversight of information technology in the Federal Government as rapid advances in technology--e.g., microcomputers, computer networking, computer modeling, videoconferencing, and electronic information exchange--are generating many new applications, opportunities, and issues which are…

48 CFR 639.107-70 - DOSAR solicitation provision and contract clause.

Code of Federal Regulations, 2010 CFR

2010-10-01

... DEPARTMENT OF STATE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 639.107... provision at 652.239-70, Information Technology Security Plan and Accreditation, in solicitations that include information technology resources or services in which the contractor will have physical or...

From the Weakest Link to the Best Defense: Exploring the Factors That Affect Employee Intention to Comply with Information Security Policies

ERIC Educational Resources Information Center

Aurigemma, Salvatore

2013-01-01

Information and information systems have become embedded in the fabric of contemporary organizations throughout the world. As the reliance on information technology has increased, so too have the threats and costs associated with protecting organizational information resources. To combat potential information security threats, organizations rely…

Vehicle Tracking and Security

NASA Astrophysics Data System (ADS)

Scorer, A. G.

1998-09-01

This paper covers the wide area and short range locational technologies that are available for vehicle tracking in particular and mobile user security in general. It also summarises the radio communications services that can deliver information to the user. It considers the use that can be made of these technologies, when combined with procedures for delivering a response, in the security field, notably in relation to personal security, high-value load protection and the after-theft tracking markets.

77 FR 55900 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-11

... security-by-security information will require an average of 120 hours; and end-investors and custodians... Department of the Treasury, including whether the information collected will have practical uses; (b) the... respondents, including the use of information technologies to automate the collection of the data requested...

IT Security on Campus: A Fragile Equilibrium.

ERIC Educational Resources Information Center

Wada, Kent

2003-01-01

Considers how to provide appropriate levels of information technology (IT) security in the higher education environment. Discusses implications of the Digital Millennium Copyright Act, the USA Patriot Act, the Health Insurance Portability and Accountability Act of 1996, California Information Practices Act, VISA USA Cardholder Information Security…

Database security and encryption technology research and application

NASA Astrophysics Data System (ADS)

Zhu, Li-juan

2013-03-01

The main purpose of this paper is to discuss the current database information leakage problem, and discuss the important role played by the message encryption techniques in database security, As well as MD5 encryption technology principle and the use in the field of website or application. This article is divided into introduction, the overview of the MD5 encryption technology, the use of MD5 encryption technology and the final summary. In the field of requirements and application, this paper makes readers more detailed and clearly understood the principle, the importance in database security, and the use of MD5 encryption technology.

Approach to spatial information security based on digital certificate

NASA Astrophysics Data System (ADS)

Cong, Shengri; Zhang, Kai; Chen, Baowen

2005-11-01

With the development of the online applications of geographic information systems (GIS) and the spatial information services, the spatial information security becomes more important. This work introduced digital certificates and authorization schemes into GIS to protect the crucial spatial information combining the techniques of the role-based access control (RBAC), the public key infrastructure (PKI) and the privilege management infrastructure (PMI). We investigated the spatial information granularity suited for sensitivity marking and digital certificate model that fits the need of GIS security based on the semantics analysis of spatial information. It implements a secure, flexible, fine-grained data access based on public technologies in GIS in the world.

78 FR 70617 - In the Matter of Pure H20 Bio-Technologies, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-26

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Pure H20 Bio-Technologies, Inc.; Order of Suspension of Trading November 22, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Pure H20 Bio...

Effectiveness of Using a Change Management Approach to Convey the Benefits of an Information Security Implementation to Technology Users

ERIC Educational Resources Information Center

Bennett, Jeannine B.

2012-01-01

This study addressed the problems associated with users' understanding, accepting, and complying with requirements of security-oriented solutions. The goal of the research was not to dispute existing theory on IT project implementations, but rather to further the knowledge on the topic of technology user acceptance of security-oriented IT…

25 CFR 543.16 - What are the minimum internal controls for information technology?

Code of Federal Regulations, 2012 CFR

2012-04-01

... controls for information technology? (a) Physical security measures restricting access to agents, including... longer required. (2) In the event of remote access, the information technology employees must prepare a... 25 Indians 2 2012-04-01 2012-04-01 false What are the minimum internal controls for information...

25 CFR 543.16 - What are the minimum internal controls for information technology?

Code of Federal Regulations, 2011 CFR

2011-04-01

... controls for information technology? (a) Physical security measures restricting access to agents, including... longer required. (2) In the event of remote access, the information technology employees must prepare a... 25 Indians 2 2011-04-01 2011-04-01 false What are the minimum internal controls for information...

Clinicians, security and information technology support services in practice settings--a pilot study.

PubMed

Fernando, Juanita

2010-01-01

This case study of 9 information technology (IT) support staff in 3 Australian (Victoria) public hospitals juxtaposes their experiences at the user-level of eHealth security in the Natural Hospital Environment with that previously reported by 26 medical, nursing and allied healthcare clinicians. IT support responsibilities comprised the entire hospital, of which clinician eHealth security needs were only part. IT staff believed their support tasks were often fragmented while work responsibilities were hampered by resources shortages. They perceived clinicians as an ongoing security risk to private health information. By comparison clinicians believed IT staff would not adequately support the private and secure application of eHealth for patient care. Preliminary data analysis suggests the tension between these cohorts manifests as an eHealth environment where silos of clinical work are disconnected from silos of IT support work. The discipline-based silos hamper health privacy outcomes. Privacy and security policies, especially those influencing the audit process, will benefit by further research of this phenomenon.

Develop security architecture for both in-house healthcare information systems and electronic patient record

NASA Astrophysics Data System (ADS)

Zhang, Jianguo; Chen, Xiaomeng; Zhuang, Jun; Jiang, Jianrong; Zhang, Xiaoyan; Wu, Dongqing; Huang, H. K.

2003-05-01

In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare administration levels, and the DSPR component manages the all the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.

75 FR 2844 - Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-19

..., electronic, mechanical, or other technological collection techniques or other forms of information technology... releases from personal liability where security property is transferred to approved applicants who, under... estate security; operation or lease of realty, disposition of surplus property; conveyance of complete...

78 FR 14265 - Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-05

..., electronic, mechanical, or other technological collection techniques or other forms of information technology... personal liability where security property is transferred to approve applicants who, under agreement... security; operation or lease of realty, disposition of surplus property; conveyance of complete interest of...

14 CFR § 1203.201 - Information security objectives.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 14 Aeronautics and Space 5 2014-01-01 2014-01-01 false Information security objectives. § 1203.201 Section § 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION... technologies. (e) Provide a timely and effective means for downgrading or declassifying information when the...

Relationship between Corporate Governance and Information Security Governance Effectiveness in United States Corporations

ERIC Educational Resources Information Center

Davis, Robert E.

2017-01-01

Cyber attackers targeting large corporations achieved a high perimeter penetration success rate during 2013, resulting in many corporations incurring financial losses. Corporate information technology leaders have a fiduciary responsibility to implement information security domain processes that effectually address the challenges for preventing…

48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 7 2014-10-01 2014-10-01 false Security requirements for... System DEPARTMENT OF HOMELAND SECURITY, HOMELAND SECURITY ACQUISITION REGULATION (HSAR) CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 3052.204-70 Security requirements...

48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 7 2013-10-01 2012-10-01 true Security requirements for... System DEPARTMENT OF HOMELAND SECURITY, HOMELAND SECURITY ACQUISITION REGULATION (HSAR) CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 3052.204-70 Security requirements...

An Agile Enterprise Regulation Architecture for Health Information Security Management

PubMed Central

Chen, Ying-Pei; Hsieh, Sung-Huai; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

2010-01-01

Abstract Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital. PMID:20815748

An agile enterprise regulation architecture for health information security management.

PubMed

Chen, Ying-Pei; Hsieh, Sung-Huai; Cheng, Po-Hsun; Chien, Tsan-Nan; Chen, Heng-Shuen; Luh, Jer-Junn; Lai, Jin-Shin; Lai, Feipei; Chen, Sao-Jie

2010-09-01

Information security management for healthcare enterprises is complex as well as mission critical. Information technology requests from clinical users are of such urgency that the information office should do its best to achieve as many user requests as possible at a high service level using swift security policies. This research proposes the Agile Enterprise Regulation Architecture (AERA) of information security management for healthcare enterprises to implement as part of the electronic health record process. Survey outcomes and evidential experiences from a sample of medical center users proved that AERA encourages the information officials and enterprise administrators to overcome the challenges faced within an electronically equipped hospital.

Securely implementing remote access within health information management.

PubMed

Carroll, E T; Wright, S; Zakoworotny, C

1998-03-01

As technology changes, our definition of the workplace expands, and we no longer are limited to working at our desk in an office. The authors describe technologies that enable us to work from home or on the road and examine security regulations and precautions.

On Business-Driven IT Security Management and Mismatches between Security Requirements in Firms, Industry Standards and Research Work

NASA Astrophysics Data System (ADS)

Frühwirth, Christian

Industry managers have long recognized the vital importance of information security for their businesses, but at the same time they perceived security as a technology-driven rather then a business-driven field. Today, this notion is changing and security management is shifting from technology- to business-oriented approaches. Whereas there is evidence of this shift in the literature, this paper argues that security standards and academic work have not yet taken it fully into account. We examine whether this disconnect has lead to a misalignment of IT security requirements in businesses versus industry standards and academic research. We conducted 13 interviews with practitioners from 9 different firms to investigate this question. The results present evidence for a significant gap between security requirements in industry standards and actually reported security vulnerabilities. We further find mismatches between the prioritization of security factors in businesses, standards and real-world threats. We conclude that security in companies serves the business need of protecting information availability to keep the business running at all times.

76 FR 12208 - Agency Information Collection Activities: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-04

... or other forms of information technology. Mail, e-mail, or fax your comments and recommendations on...: 202-395-6974, E-mail address: [email protected] (SSA) Social Security Administration, DCBFM... above e-mail address. 1. Request for Social Security Earnings Information--20 CFR 404.810 and 401.100...

Coalition Network Defence Common Operational Picture

DTIC Science & Technology

2010-11-01

27000 .org/ iso -27005.htm [26] ISO 8601:2004, Data elements and interchange formats - Information interchange - Representation of dates and times, http://ww.iso.org, http://en.wikipedia.org/wiki/ISO_8601 ...Regular_expression [25] ISO /IEC 27005:2008, Information technology -- Security techniques -- Information security risk management, http://ww.iso.org,; http://www

Health care data security: one size does not fit all.

PubMed

Krohn, R

2001-11-01

In the wake of the Internet, E-commerce, and particularly the Health Insurance Portability and Accountability Act, data security has risen to the top of health care information technology priorities. What is the correct mix of data security tools, policies, and technologies for the doctor, the hospital, the insurer, the vendor, and everyone else who does business in the health care industry?

New Advanced Technologies to Provide Decentralised and Secure Access to Medical Records: Case Studies in Oncology

PubMed Central

Quantin, Catherine; Coatrieux, Gouenou; Allaert, François André; Fassa, Maniane; Bourquard, Karima; Boire, Jean-Yves; de Vlieger, Paul; Maigne, Lydia; Breton, Vincent

2009-01-01

The main problem for health professionals and patients in accessing information is that this information is very often distributed over many medical records and locations. This problem is particularly acute in cancerology because patients may be treated for many years and undergo a variety of examinations. Recent advances in technology make it feasible to gain access to medical records anywhere and anytime, allowing the physician or the patient to gather information from an “ephemeral electronic patient record”. However, this easy access to data is accompanied by the requirement for improved security (confidentiality, traceability, integrity, ...) and this issue needs to be addressed. In this paper we propose and discuss a decentralised approach based on recent advances in information sharing and protection: Grid technologies and watermarking methodologies. The potential impact of these technologies for oncology is illustrated by the examples of two experimental cases: a cancer surveillance network and a radiotherapy treatment plan. It is expected that the proposed approach will constitute the basis of a future secure “google-like” access to medical records. PMID:19718446

Protection of data carriers using secure optical codes

NASA Astrophysics Data System (ADS)

Peters, John A.; Schilling, Andreas; Staub, René; Tompkin, Wayne R.

2006-02-01

Smartcard technologies, combined with biometric-enabled access control systems, are required for many high-security government ID card programs. However, recent field trials with some of the most secure biometric systems have indicated that smartcards are still vulnerable to well equipped and highly motivated counterfeiters. In this paper, we present the Kinegram Secure Memory Technology which not only provides a first-level visual verification procedure, but also reinforces the existing chip-based security measures. This security concept involves the use of securely-coded data (stored in an optically variable device) which communicates with the encoded hashed information stored in the chip memory via a smartcard reader device.

Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules.

PubMed

2013-01-25

The Department of Health and Human Services (HHS or ``the Department'') is issuing this final rule to: Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (``the HITECH Act'' or ``the Act'') to strengthen the privacy and security protection for individuals' health information; modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities.

Impact of Security Awareness Programs on End-User Security Behavior: A Quantitative Study of Federal Workers

ERIC Educational Resources Information Center

Smith, Gwendolynn T.

2012-01-01

The increasing dependence on technology presented more vulnerability to security breaches of information and the need to assess security awareness levels in federal organizations, as well as other organizations. Increased headlines of security breaches of federal employees' security actions prompted this study. The research study reviewed the…

Model based verification of the Secure Socket Layer (SSL) Protocol for NASA systems

NASA Technical Reports Server (NTRS)

Powell, John D.; Gilliam, David

2004-01-01

The National Aeronautics and Space Administration (NASA) has tens of thousands of networked computer systems and applications. Software Security vulnerabilities present risks such as lost or corrupted data, information theft, and unavailability of critical systems. These risks represent potentially enormous costs to NASA. The NASA Code Q research initiative 'Reducing Software Security Risk (RSSR) Trough an Integrated Approach' offers formal verification of information technology (IT), through the creation of a Software Security Assessment Instrument (SSAI), to address software security risks.

E-Commerce and Security Governance in Developing Countries

NASA Astrophysics Data System (ADS)

Sanayei, Ali.; Rajabion, Lila

Security is very often mentioned as one of the preconditions for the faster growth of e-commerce. Without a secure and reliable internet, customer will continue to be reluctant to provide confidential information online, such as credit card number. Moreover, organizations of all types and sizes around the world rely heavily on technologies of electronic commerce (e-commerce) for conducting their day-to-day business transaction. Providing organizations with a secure e-commerce environment is a major issue and challenging one especially in Middle Eastern countries. Without secure e-commerce, it is almost impossible to take advantage of the opportunities offered by e-commerce technologies. E-commerce can create opportunities for small entrepreneurs in Middle Eastern countries. This requires removing infrastructure blockages in telecommunications and logistics alongside the governance of e-commerce with policies on consumer protection, security of transactions, privacy of records and intellectual property. In this paper, we will explore the legal implications of e-commerce security governance by establishing who is responsible for ensuring compliance with this discipline, demonstrating the value to be derived from information security governance, the methodology of applying information security governance, and liability for non-compliance with this discipline. Our main focus will be on analyzing the importance and implication of e-commerce security governance in developing countries.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Aldridge, Chris D.

Mobile biometric devices (MBDs) capable of both enrolling individuals in databases and performing identification checks of subjects in the field are seen as an important capability for military, law enforcement, and homeland security operations. The technology is advancing rapidly. The Department of Homeland Security Science and Technology Directorate through an Interagency Agreement with Sandia sponsored a series of pilot projects to obtain information for the first responder law enforcement community on further identification of requirements for mobile biometric device technology. Working with 62 different jurisdictions, including components of the Department of Homeland Security, Sandia delivered a series of reports onmore » user operation of state-of-the-art mobile biometric devices. These reports included feedback information on MBD usage in both operational and exercise scenarios. The findings and conclusions of the project address both the limitations and possibilities of MBD technology to improve operations. Evidence of these possibilities can be found in the adoption of this technology by many agencies today and the cooperation of several law enforcement agencies in both participating in the pilot efforts and sharing of information about their own experiences in efforts undertaken separately.« less

76 FR 13000 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-09

..., including through the use of automated collection techniques or other forms of information technology..., Copies Available From: U.S. Securities and Exchange Commission, Office of Investor Education and Advocacy... Securities and Exchange Commission (``Commission'') is soliciting comments on the collection of information...

Education and the Degree of Data Security

ERIC Educational Resources Information Center

Spears, Phillip Dewitt

2013-01-01

New technology development has researchers inundated with a plethora of data security issues linked to cyber attacks and hackers' ability to transmogrify their techniques. The present research focused on the information technology managing officers' (ITMOs') level of education, size of organization, organization's industry, and effect they have on…

78 FR 48722 - Agency Information Collection Activities; Submission for OMB Review; Comment Request; Focus...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-09

...(a)(1)(D). SUPPLEMENTARY INFORMATION: Employee Retirement Income Security Act of 1974 (ERISA) section... other technological collection techniques or other forms of information technology, e.g., permitting... DEPARTMENT OF LABOR Office of the Secretary Agency Information Collection Activities; Submission...

When trust defies common security sense.

PubMed

Williams, Patricia A H

2008-09-01

Primary care medical practices fail to recognize the seriousness of security threats to their patient and practice information. This can be attributed to a lack of understanding of security concepts, underestimation of potential threats and the difficulty in configuration of security technology countermeasures. To appreciate the factors contributing to such problems, research into general practitioner security practice and perceptions of security was undertaken. The investigation focused on demographics, actual practice, issues and barriers, and practitioner perception. Poor implementation, lack of relevant knowledge and inconsistencies between principles and practice were identified as key themes. Also the results revealed an overwhelming reliance on trust in staff and in computer information systems. This clearly identified that both cultural and technical attributes contribute to the deficiencies in information security practice. The aim of this research is to understand user needs and problems when dealing with information security practice.

77 FR 3319 - TapSlide, Inc., TTC Technology Corp. (f/k/a SmarTire Systems Inc.), TWL Corp., TXP Corp...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-23

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] TapSlide, Inc., TTC Technology Corp. (f/k/a SmarTire Systems Inc.), TWL Corp., TXP Corp., Valentec Systems, Inc. (f/k/a Acorn Holdings Corp... current and accurate information concerning the securities of TTC Technology Corp. (f/k/a SmarTire Systems...

Security analysis of RSA cryptosystem algorithm and it’s properties

DOE Office of Scientific and Technical Information (OSTI.GOV)

Liu, Chenglian; Guo, Yongning, E-mail: guoyn@163.com, E-mail: linjuanliucaihong@qq.com; Lin, Juan, E-mail: guoyn@163.com, E-mail: linjuanliucaihong@qq.com

2014-10-06

The information technology rapidly development and dramatically changed the life style people, in addition to shortening the distance of communication, but also promote the smooth exchange of information flows. However, derivatives to facilitate the relative safety of these issues, since into the digital information age, the majority of the practitioners of engineering and technical personnel and technical workers in terms of technology, information security is increasingly becoming an important issue. The RSA algorithm was published in 1978. It is a kind of very popular and widely application modem cryptosystem in the world. Even though there are lots of articles tomore » discuss about how to break the RSA, but it is still secure today. In this paper, the authors would like to introduce a variant attack to RSA.« less

Economic Evaluation of the Information Security Levels Achieved by Electric Energy Providers in North Arctic Region

NASA Astrophysics Data System (ADS)

Sushko, O. P.; Kaznin, A. A.; Babkin, A. V.; Bogdanov, D. A.

2017-10-01

The study we are conducting involves the analysis of information security levels achieved by energy providers operating in the North Arctic Region. We look into whether the energy providers’ current information security levels meet reliability standards and determine what further actions may be needed for upgrading information security in the context of the digital transformation that the world community is undergoing. When developing the information security systems for electric energy providers or selecting the protection means for them, we are governed by the fact that the assets to be protected are process technologies. While information security risk can be assessed using different methods, the evaluation of the economic damage from these risks appears to be a difficult task. The most probable and harmful risks we have identified when evaluating the electric energy providers’ information security will be used by us as variables. To provide the evaluation, it is necessary to calculate the costs relating to elimination of the risks identified. The final stage of the study will involve the development of an operation algorithm for the North Arctic Region’s energy provider’s business information protection security system - a set of information security services, and security software and hardware.

32 CFR 2400.2 - Purpose.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General... § 2400.1 that information of the Office of Science and Technology Policy (OSTP) relating to national...

32 CFR 2400.5 - Basic policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... basis for classifying information. The policy of the Office of Science and Technology Policy is to make...

32 CFR 2400.5 - Basic policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... basis for classifying information. The policy of the Office of Science and Technology Policy is to make...

32 CFR 2400.5 - Basic policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... basis for classifying information. The policy of the Office of Science and Technology Policy is to make...

32 CFR 2400.2 - Purpose.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General... § 2400.1 that information of the Office of Science and Technology Policy (OSTP) relating to national...

32 CFR 2400.5 - Basic policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... basis for classifying information. The policy of the Office of Science and Technology Policy is to make...

32 CFR 2400.2 - Purpose.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General... § 2400.1 that information of the Office of Science and Technology Policy (OSTP) relating to national...

32 CFR 2400.2 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General... § 2400.1 that information of the Office of Science and Technology Policy (OSTP) relating to national...

32 CFR 2400.5 - Basic policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Defense Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM... basis for classifying information. The policy of the Office of Science and Technology Policy is to make...

32 CFR 2400.2 - Purpose.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Other Regulations Relating to National Defense OFFICE OF SCIENCE AND TECHNOLOGY POLICY REGULATIONS TO IMPLEMENT E.O. 12356; OFFICE OF SCIENCE AND TECHNOLOGY POLICY INFORMATION SECURITY PROGRAM General... § 2400.1 that information of the Office of Science and Technology Policy (OSTP) relating to national...

Survey of Collaboration Technologies in Multi-level Security Environments

DTIC Science & Technology

2014-04-28

infrastructure or resources. In this research program, the security implications of the US Air Force GeoBase (the US The problem is that in many cases...design structure. ORA uses a Java interface for ease of use, and a C++ computational backend . The current version ORA1.2 software is available on the...information: culture, policy, governance, economics and resources, and technology and infrastructure . This plan, the DoD Information Sharing

76 FR 13438 - In the Matter of AdAl Group, Inc., Com/Tech Communications Technologies, Inc., Dialog Group, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-11

.../k/a GB Holdings Liquidation, Inc.), Information Management Technologies Corporation, Interiors, Inc... and Exchange Commission that there is a lack of current and accurate information concerning the... accurate information concerning the securities of Com/Tech Communications Technologies, Inc. because it has...

Information security of Smart Factories

NASA Astrophysics Data System (ADS)

Iureva, R. A.; Andreev, Y. S.; Iuvshin, A. M.; Timko, A. S.

2018-05-01

In several years, technologies and systems based on the Internet of things (IoT) will be widely used in all smart factories. When processing a huge array of unstructured data, their filtration and adequate interpretation are a priority for enterprises. In this context, the correct representation of information in a user-friendly form acquires special importance, for which the market today presents advanced analytical platforms designed to collect, store and analyze data on technological processes and events in real time. The main idea of the paper is the statement of the information security problem in IoT and integrity of processed information.

76 FR 70520 - RMD Technologies, Inc., Rockwall Holdings, Inc., Southmark Corp., Stargold Mines, Inc., Stelax...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-14

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] RMD Technologies, Inc., Rockwall Holdings, Inc., Southmark Corp., Stargold Mines, Inc., Stelax Industries, Ltd., Stem Cell Innovations, Inc., and Surfect... there is a lack of current and accurate information concerning the securities of Stem Cell Innovations...

Independent Review of Aviation Technology and Research Information Analysis System (ATRIAS) Database

DTIC Science & Technology

1994-02-01

capability to support the Federal Aviation Administration (FAA)/ Aviation Security Research and Development Service’s (ACA) Explosive Detection...Systems (EDS) programs and Aviation Security Human Factors Program (ASHFP). This review was conducted by an independent consultant selected by the FAA...sections 2 and 3 of the report. Overall, ATRIAS was found to address many technology application areas relevant to the FAA’s aviation security programs

Hybrid network defense model based on fuzzy evaluation.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.

The Integration of It Governance, Information Security Leadership and Strategic Alignment in Healthcare: A Correlational Study

ERIC Educational Resources Information Center

Taft, Tiffany H.

2017-01-01

This dissertation is a study of the relationship between Information Technology Governance (ITG), information security leadership, and strategic alignment within a healthcare organization. Strong organizational leadership and adherence to the process are vital to the formulation and management of performance and implementation of key directives.…

Protecting and securing networked medical devices.

PubMed

Riha, Chris

2004-01-01

Designing, building, and maintaining a secure environment for medical devices is a critical component in health care technology management. This article will address several avenues to harden a health care information network to provide a secure enclave for medical devices.

Security of medical data transfer and storage in Internet. Cryptography, antiviral security and electronic signature problems, which must be solved in nearest future in practical context.

PubMed

Kasztelowicz, Piotr; Czubenko, Marek; Zieba, Iwona

2003-01-01

The informatical revolution in computer age, which gives significant benefit in transfer of medical information requests to pay still more attention for aspect of network security. All known advantages of network technologies--first of all simplicity of copying, multiplication and sending information to many individuals can be also dangerous, if illegal, not permitted persons get access to medical data bases. Internet is assumed to be as especially "anarchic" medium, therefore in order to use it in professional work any security principles should be bewared. In our presentation we will try to find the optimal security solution in organisational and technological aspects for any medical network. In our opinion the harmonious co-operation between users, medical authorities and network administrators is core of the success.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Davida, G.I.; Frankel, Y.; Matt, B.J.

In developing secure applications and systems, the designers often must incorporate secure user identification in the design specification. In this paper, the authors study secure off line authenticated user identification schemes based on a biometric system that can measure a user`s biometric accurately (up to some Hamming distance). The schemes presented here enhance identification and authorization in secure applications by binding a biometric template with authorization information on a token such as a magnetic strip. Also developed here are schemes specifically designed to minimize the compromise of a user`s private biometrics data, encapsulated in the authorization information, without requiring securemore » hardware tokens. In this paper the authors furthermore study the feasibility of biometrics performing as an enabling technology for secure system and application design. The authors investigate a new technology which allows a user`s biometrics to facilitate cryptographic mechanisms.« less

Research on information security system of waste terminal disposal process

NASA Astrophysics Data System (ADS)

Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

2017-05-01

Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

48 CFR 1837.203-70 - Providing contractors access to sensitive information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION SPECIAL CATEGORIES OF CONTRACTING SERVICE CONTRACTING... contract, as a compliance document. (e) If the service provider will be operating an information technology... 1852.204-76, Security Requirements for Unclassified Information Technology Resources, which requires...

48 CFR 1837.203-70 - Providing contractors access to sensitive information.

Code of Federal Regulations, 2012 CFR

2012-10-01

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION SPECIAL CATEGORIES OF CONTRACTING SERVICE CONTRACTING... contract, as a compliance document. (e) If the service provider will be operating an information technology... 1852.204-76, Security Requirements for Unclassified Information Technology Resources, which requires...

48 CFR 1837.203-70 - Providing contractors access to sensitive information.

Code of Federal Regulations, 2013 CFR

2013-10-01

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION SPECIAL CATEGORIES OF CONTRACTING SERVICE CONTRACTING... contract, as a compliance document. (e) If the service provider will be operating an information technology... 1852.204-76, Security Requirements for Unclassified Information Technology Resources, which requires...

78 FR 61397 - Notice of Information Collection

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-03

... compliance with HSPD-12 and the National Institute of Standards and Technology (NIST) Federal Information..., citizenship, social security number (SSN), address, employment history, biometric identifiers (e.g... collection techniques or the use of other forms of information technology. Comments submitted in response to...

Agencies Should Assess Vulnerabilities and Improve Guidance for Protecting Export-Controlled Information at Companies

DTIC Science & Technology

2006-12-01

Supplement DOD Department of Defense DOL Department of Labor DTSA Defense Technology Security Administration EAR Export Administration Regulations...and outreach to companies on the export regulations. DOD: The Defense Technology Security Administration ( DTSA ) represents DOD on export control...and technologies, which DOD oversees. DTSA serves an advisory role in State’s and Commerce’s export license review processes and offers technical

Status of Optical Disk Standards and Copy Protection Technology

DTIC Science & Technology

2000-01-01

Technology (IT), the Consumer Electronics (CE) and the Content Providers such as the Motion Picture Association (MPA) and Secure Digital Music ...and Access Control. On audio recording, Secure Digital Music Initiative (SDMI) is leading the effort. 10 Besides these organizations, a world wide...coordinating orgainzation which ia working with the Information Technology Inductry Association (ITI), the Content Providers such as the Motion Picture

COmmunications and Networking with QUantum operationally Secure Technology for Maritime Deployment (CONQUEST)

DTIC Science & Technology

2016-12-02

Quantum Computing , University of Waterloo, Waterloo ON, N2L 3G1, Canada (Dated: December 1, 2016) Continuous variable (CV) quantum key distribution (QKD...Networking with QUantum operationally-Secure Technology for Maritime Deployment (CONQUEST) Contract Period of Performance: 2 September 2016 – 1 September...this letter or have any other questions. Sincerely, Raytheon BBN Technologies Kathryn Carson Program Manager Quantum Information Processing

Computer Network Security- The Challenges of Securing a Computer Network

NASA Technical Reports Server (NTRS)

Scotti, Vincent, Jr.

2011-01-01

This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

78 FR 34174 - Proposed Information Collection (Pension Claim Questionnaire for Farm Income) Activity: Comment...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-06

... to determine net income derived from farming. DATES: Written comments and recommendations on the... use of other forms of information technology. Title: Pension Claim Questionnaire for Farm Income, VA... Information Security, Office of Information and Technology, U.S. Department of Veterans Affairs. [FR Doc. 2013...

Managing the Security of Nursing Data in the Electronic Health Record

PubMed Central

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-01-01

Background: The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. Methods: This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts’ opinions and Cronbach’s alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. Results: The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Conclusions: Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research. PMID:25870490

Managing the security of nursing data in the electronic health record.

PubMed

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-02-01

The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts' opinions and Cronbach's alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research.

Does the PCEHR mean a new paradigm for information security? Implications for health information management.

PubMed

Williams, Patricia A H

Australia is stepping up to the new e-health environment. With this comes new legislation and new demands on information security. The expanded functionality of e-health and the increased legislative requirements, coupled with new uses of technology, means that enhancement of existing security practice will be necessary. This paperanalyses the new operating environment for Australian healthcare and the legislation governing it, and highlights the changes that are required to meet this new context. Individuals are now more responsible for security and organisations should be prompted to review their security measures in light of the new demands of legislative compliance.

Inspection of the Armed Forces Retirement Home

DTIC Science & Technology

2010-02-25

22 Tab D – Information Technology ............................................................................................. 25 Tab E...Forces Retirement Home February 25, 2010 Report No. IE-2010-002 Tab D – Information Technology Overall Assessment We used the National Institute of Science...and Technology (NIST) SP 800-53, Revision 2, “Recommended Security Controls for Federal Information Systems,” dated December 2007 as the basis for

The Effects of Risk and Size of Company on Business Performance in Information Technology Outsourcing

ERIC Educational Resources Information Center

Balogun, Shereef Adewale

2013-01-01

Information technology (IT) outsourcing is a practical way to transfer information technology by industries of different firms. The problem occurs when companies outsource services to domestic and international data centers as network security issues arise. This leads to competition between companies causing the size of the company to become more…

The secret to health information technology's success within the diabetes patient population: a comprehensive privacy and security framework.

PubMed

Pandya, Sheel M

2010-05-01

Congress made an unprecedented investment in health information technology (IT) when it passed the American Recovery and Reinvestment Act in February 2009. Health IT provides enormous opportunities to improve health care quality, reduce costs, and engage patients in their own care. But the potential payoff for use of health IT for diabetes care is magnified given the prevalence, cost, and complexity of the disease. However, without proper privacy and security protections in place, diabetes patient data are at risk of misuse, and patient trust in the system is undermined. We need a comprehensive privacy and security framework that articulates clear parameters for access, use, and disclosure of diabetes patient data for all entities storing and exchanging electronic data. (c) 2010 Diabetes Technology Society.

Design and implementation of website information disclosure assessment system.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2015-01-01

Internet application technologies, such as cloud computing and cloud storage, have increasingly changed people's lives. Websites contain vast amounts of personal privacy information. In order to protect this information, network security technologies, such as database protection and data encryption, attract many researchers. The most serious problems concerning web vulnerability are e-mail address and network database leakages. These leakages have many causes. For example, malicious users can steal database contents, taking advantage of mistakes made by programmers and administrators. In order to mitigate this type of abuse, a website information disclosure assessment system is proposed in this study. This system utilizes a series of technologies, such as web crawler algorithms, SQL injection attack detection, and web vulnerability mining, to assess a website's information disclosure. Thirty websites, randomly sampled from the top 50 world colleges, were used to collect leakage information. This testing showed the importance of increasing the security and privacy of website information for academic websites.

48 CFR 52.250-4 - SAFETY Act Pre-qualification Designation Notice.

Code of Federal Regulations, 2013 CFR

2013-10-01

... (including information technology) or any combination of the foregoing. Design services, consulting services... information, including— (i) A detailed description of and specification for the technology covered by the... Act certification of a technology class that the Department of Homeland Security (DHS) has determined...

48 CFR 52.250-4 - SAFETY Act Pre-qualification Designation Notice.

Code of Federal Regulations, 2014 CFR

2014-10-01

... (including information technology) or any combination of the foregoing. Design services, consulting services... information, including— (i) A detailed description of and specification for the technology covered by the... Act certification of a technology class that the Department of Homeland Security (DHS) has determined...

48 CFR 52.250-4 - SAFETY Act Pre-qualification Designation Notice.

Code of Federal Regulations, 2011 CFR

2011-10-01

... (including information technology) or any combination of the foregoing. Design services, consulting services... information, including— (i) A detailed description of and specification for the technology covered by the... Act certification of a technology class that the Department of Homeland Security (DHS) has determined...

48 CFR 52.250-4 - SAFETY Act Pre-qualification Designation Notice.

Code of Federal Regulations, 2012 CFR

2012-10-01

... (including information technology) or any combination of the foregoing. Design services, consulting services... information, including— (i) A detailed description of and specification for the technology covered by the... Act certification of a technology class that the Department of Homeland Security (DHS) has determined...

77 FR 13135 - Agency Information Collection Activities: Submission for Review; Information Collection Request...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-05

... (DHS), Science and Technology, Protected Repository for the Defense of Infrastructure Against Cyber Threats (PREDICT) Program AGENCY: Science and Technology Directorate, DHS. ACTION: 30-Day notice and request for comment. SUMMARY: The Department of Homeland Security (DHS), Science & Technology (S&T...

A New Approach To Secure Federated Information Bases Using Agent Technology.

ERIC Educational Resources Information Center

Weippi, Edgar; Klug, Ludwig; Essmayr, Wolfgang

2003-01-01

Discusses database agents which can be used to establish federated information bases by integrating heterogeneous databases. Highlights include characteristics of federated information bases, including incompatible database management systems, schemata, and frequently changing context; software agent technology; Java agents; system architecture;…

Assessing Factors Affecting Physician's Intention to Adopt Biometric Authentication Technology in Electronic Medical Records

ERIC Educational Resources Information Center

Corazao, Cesar E.

2014-01-01

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulated the privacy and security of patient information. Since HIPPA became a law, hospital operators have struggled to comply fully with its security and privacy provisions. The proximity-based biometric authentication (PBBA) technology evolved in last decade to help…

76 FR 77578 - In the Matter of: Brendan Technologies, Inc., CenterStaging Corp., PGMI, Inc., Thermal Energy...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-13

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of: Brendan Technologies, Inc., CenterStaging Corp., PGMI, Inc., Thermal Energy Storage, Inc., and Trinity3 Corporation; Order of... there is a lack of current and accurate information concerning the securities of Thermal Energy Storage...

76 FR 35259 - In the Matter of Dawn Technologies, Inc., Distinctive Devices, Inc., Haber, Inc., and...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-16

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Dawn Technologies, Inc., Distinctive Devices, Inc., Haber, Inc., and Independence Brewing Co.; Order of Suspension of Trading June 14... a lack of current and accurate information concerning the securities of Independence Brewing Co...

78 FR 59409 - In the Matter of AcuNetx, Inc., Alliance Pharmaceutical Corp., BBV Vietnam SE.A. Acquisition Corp...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-26

... Pharmaceutical Corp., BBV Vietnam SE.A. Acquisition Corp., Cash Technologies, Inc., Conspiracy Entertainment... that there is a lack of current and accurate information concerning the securities of Cash Technologies... concerning the securities of Conspiracy Entertainment Holdings, Inc. because it has not filed any periodic...

77 FR 57072 - Proposed Information Collection; Comment Request; National Security and Critical Technology...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-17

... Request; National Security and Critical Technology Assessments of the U.S. Industrial Base AGENCY: Bureau... Federal agencies, conducts assessments of U.S. industrial base sectors deemed critical to U.S. national... needs of these critical market segments in order to maintain a strong U.S. industrial base. II. Method...

Productivity and Job Security: Retraining to Adapt to Technological Change.

ERIC Educational Resources Information Center

National Center for Productivity and Quality of Working Life, Washington, DC.

This report, the first of a series on productivity and job security, presents five case studies to illustrate retraining to achieve worker's adjustment to technology. The first of seven chapters addresses the following issues: the availability of job training/retraining data, the desirability of informing workers in advance of technological…

78 FR 15977 - Proposed Collection Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-13

..., including through the use of automated collection techniques or other forms of information technology..., Copies Available From: Securities and Exchange Commission, Office of Investor Education and Advocacy... collection of information provided for in Rule 15a-6, (17 CFR 240.15a- 6), under the Securities Exchange Act...

Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo

2006-01-01

The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglectedmore » or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .« less

Cyber Security--Are You Prepared?

ERIC Educational Resources Information Center

Newman, Scott

2007-01-01

During the summer 2002 term, Oklahoma State University-Okmulgee's Information Technologies Division offered a one credit-hour network security course--which barely had adequate student interest to meet the institution's enrollment requirements. Today, OSU-Okmulgee boasts one of the nation's premier cyber security programs. Many prospective…

Guidelines for Working with Law Enforcement Agencies

ERIC Educational Resources Information Center

Corn, Michael

2007-01-01

Many security professionals choose the career because of an interest in the technology of security. Few realize the degree to which a contemporary security office interacts with law enforcement agencies (LEAs) such as the FBI and state, local, and campus police. As the field of information security has matured, the language of risk management is…

Secure or Insure: An Economic Analysis of Security Interdependencies and Investment Types

ERIC Educational Resources Information Center

Grossklags, Jens

2009-01-01

Computer users express a strong desire to prevent attacks, and to reduce the losses from computer and information security breaches. However, despite the widespread availability of various technologies, actual investments in security remain highly variable across the Internet population. As a result, attacks such as distributed denial-of-service…

[Research and implementation of the TLS network transport security technology based on DICOM standard].

PubMed

Lu, Xiaoqi; Wang, Lei; Zhao, Jianfeng

2012-02-01

With the development of medical information, Picture Archiving and Communications System (PACS), Hospital Information System/Radiology Information System(HIS/RIS) and other medical information management system become popular and developed, and interoperability between these systems becomes more frequent. So, these enclosed systems will be open and regionalized by means of network, and this is inevitable. If the trend becomes true, the security of information transmission may be the first problem to be solved. Based on the need for network security, we investigated the Digital Imaging and Communications in Medicine (DICOM) Standard and Transport Layer Security (TLS) Protocol, and implemented the TLS transmission of the DICOM medical information with OpenSSL toolkit and DCMTK toolkit.

Relationship between stakeholders' information value perception and information security behaviour

NASA Astrophysics Data System (ADS)

Tajuddin, Sharul; Olphert, Wendy; Doherty, Neil

2015-02-01

The study, reported in this paper, aims to explore the relationship between the stakeholders' perceptions about the value of information and their resultant information security behaviours. Moreover, this study seeks to explore the role of national and organisational culture in facilitating information value assignment. Information Security is a concept that formed from the recognition that information is valuable and that there is a need to protect it. The ISO 27002 defines information as an asset, which, like other important business assets, is essential to an organisation's business and consequently needs to be appropriately protected. By definition, an asset has a value to the organisation hence it requires protection. Information protection is typically accomplished through the implementation of countermeasures against the threats and vulnerabilities of information security, for example, implementation of technological processes and mechanisms such as firewall and authorization and authentication systems, set-up of deterrence procedures such as password control and enforcement of organisational policy on information handling procedures. However, evidence routinely shows that despite such measures, information security breaches and incidents are on the rise. These breaches lead to loss of information, personal records, or other data, with consequent implications for the value of the information asset. A number of studies have suggested that such problems are not related primarily to technology problems or procedural deficiencies, but rather to stakeholders' poor compliance with the security measures that are in place. Research indicates that compliance behaviour is affected by many variables including perceived costs and benefits, national and organisational culture and norms. However, there has been little research to understand the concept of information value from the perspective of those who interact with the data, and the consequences for information security behaviours. This study seeks to address this gap in the research. Data will be presented from a pilot study consisting of interviews with 6 participants from public organisations in Brunei Darussalam which illustrate the nature of the value assignment process, together with an initial model of the relationship between perceived information value and information security behaviours.

Summary of vulnerability related technologies based on machine learning

NASA Astrophysics Data System (ADS)

Zhao, Lei; Chen, Zhihao; Jia, Qiong

2018-04-01

As the scale of information system increases by an order of magnitude, the complexity of system software is getting higher. The vulnerability interaction from design, development and deployment to implementation stages greatly increases the risk of the entire information system being attacked successfully. Considering the limitations and lags of the existing mainstream security vulnerability detection techniques, this paper summarizes the development and current status of related technologies based on the machine learning methods applied to deal with massive and irregular data, and handling security vulnerabilities.

National Security Technology Incubator Evaluation Process

DOE Office of Scientific and Technical Information (OSTI.GOV)

None, None

This report describes the process by which the National Security Technology Incubator (NSTI) will be evaluated. The technology incubator is being developed as part of the National Security Preparedness Project (NSPP), funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This report includes a brief description of the components, steps, and measures of the proposed evaluation process. The purpose of the NSPP is to promote national security technologies through business incubation, technology demonstration and validation, and workforce development. The NSTI will focus on serving businesses with national security technology applications by nurturing them through critical stages ofmore » early development. An effective evaluation process of the NSTI is an important step as it can provide qualitative and quantitative information on incubator performance over a given period. The vision of the NSTI is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety and security. The mission of the NSTI is to identify, incubate, and accelerate technologies with national security applications at various stages of development by providing hands-on mentoring and business assistance to small businesses and emerging or growing companies. To achieve success for both incubator businesses and the NSTI program, an evaluation process is essential to effectively measure results and implement corrective processes in the incubation design if needed. The evaluation process design will collect and analyze qualitative and quantitative data through performance evaluation system.« less

Effects of New Technologies.

ERIC Educational Resources Information Center

Social and Labour Bulletin, 1980

1980-01-01

Transnational implications of technological change and innovation in telecommunications are discussed, including impact on jobs and industrial relations, computer security, access to information, and effects of technological innovation on international economic systems. (SK)

Geographic Information Office

USGS Publications Warehouse

,

2004-01-01

The Geographic Information Office (GIO) is the principal information office for U.S. Geological Survey (USGS), focused on: Information Policy and Services, Information Technology, Science Information, Information Security, and the Federal Geographic Data Committee/Geospatial One Stop.

Information Technology: Opportunities for Improving Acquisitions and Operations

DTIC Science & Technology

2017-04-01

United States Government Accountability Office Highlights of GAO-17-251SP, a GAO forum April 2017 INFORMATION TECHNOLOGY Opportunities...Richard McKinney Chief Information Officer, U.S. Department of Transportation Richard Spires Chief Executive Officer, Learning Tree International ...Former Chief Information Officer, U.S. Department of Homeland Security Former Chief Information Officer, Internal Revenue Service Appendix II

Market analysis of seismic security systems

NASA Technical Reports Server (NTRS)

Taglio, S.

1981-01-01

This report provides information on the commercialization potential of the NASA Activity Monitor. Data on current commercially available products, market size, and growth are combined with information on the NASA technology and the projected impact of this technology on the market.

Information security for compliance with select agent regulations.

PubMed

Lewis, Nick; Campbell, Mark J; Baskin, Carole R

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

Information Security for Compliance with Select Agent Regulations

PubMed Central

Lewis, Nick; Campbell, Mark J.

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

IT Security Support for the Spaceport Command Control System Development

NASA Technical Reports Server (NTRS)

Varise, Brian

2014-01-01

My job title is IT Security support for the Spaceport Command & Control System Development. As a cyber-security analyst it is my job to ensure NASA's information stays safe from cyber threats, such as, viruses, malware and denial-of-service attacks by establishing and enforcing system access controls. Security is very important in the world of technology and it is used everywhere from personal computers to giant networks ran by Government agencies worldwide. Without constant monitoring analysis, businesses, public organizations and government agencies are vulnerable to potential harmful infiltration of their computer information system. It is my responsibility to ensure authorized access by examining improper access, reporting violations, revoke access, monitor information request by new programming and recommend improvements. My department oversees the Launch Control System and networks. An audit will be conducted for the LCS based on compliance with the Federal Information Security Management Act (FISMA) and The National Institute of Standards and Technology (NIST). I recently finished analyzing the SANS top 20 critical controls to give cost effective recommendations on various software and hardware products for compliance. Upon my completion of this internship, I will have successfully completed my duties as well as gain knowledge that will be helpful to my career in the future as a Cyber Security Analyst.

Hybrid Network Defense Model Based on Fuzzy Evaluation

PubMed Central

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture. PMID:24574870

Enterprise systems security management: a framework for breakthrough protection

NASA Astrophysics Data System (ADS)

Farroha, Bassam S.; Farroha, Deborah L.

2010-04-01

Securing the DoD information network is a tremendous task due to its size, access locations and the amount of network intrusion attempts on a daily basis. This analysis investigates methods/architecture options to deliver capabilities for secure information sharing environment. Crypto-binding and intelligent access controls are basic requirements for secure information sharing in a net-centric environment. We introduce many of the new technology components to secure the enterprise. The cooperative mission requirements lead to developing automatic data discovery and data stewards granting access to Cross Domain (CD) data repositories or live streaming data. Multiple architecture models are investigated to determine best-of-breed approaches including SOA and Private/Public Clouds.

Proof of cipher text ownership based on convergence encryption

NASA Astrophysics Data System (ADS)

Zhong, Weiwei; Liu, Zhusong

2017-08-01

Cloud storage systems save disk space and bandwidth through deduplication technology, but with the use of this technology has been targeted security attacks: the attacker can get the original file just use hash value to deceive the server to obtain the file ownership. In order to solve the above security problems and the different security requirements of cloud storage system files, an efficient information theory security proof of ownership scheme is proposed. This scheme protects the data through the convergence encryption method, and uses the improved block-level proof of ownership scheme, and can carry out block-level client deduplication to achieve efficient and secure cloud storage deduplication scheme.

The Federal Government and Information Technology Standards: Building the National Information Infrastructure.

ERIC Educational Resources Information Center

Radack, Shirley M.

1994-01-01

Examines the role of the National Institute of Standards and Technology (NIST) in the development of the National Information Infrastructure (NII). Highlights include the standards process; voluntary standards; Open Systems Interconnection problems; Internet Protocol Suite; consortia; government's role; and network security. (16 references) (LRW)

77 FR 14955 - DoD Information Assurance Scholarship Program (IASP)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-14

... IA and information technology (IT) management, technical, digital and multimedia forensics, cyber..., digital and multimedia forensics, electrical engineering, electronics engineering, information security...

Implementing healthcare information security: standards can help.

PubMed

Orel, Andrej; Bernik, Igor

2013-01-01

Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

Characterizing, Classifying, and Understanding Information Security Laws and Regulations: Considerations for Policymakers and Organizations Protecting Sensitive Information Assets

ERIC Educational Resources Information Center

Thaw, David Bernard

2011-01-01

Current scholarly understanding of information security regulation in the United States is limited. Several competing mechanisms exist, many of which are untested in the courts and before state regulators, and new mechanisms are being proposed on a regular basis. Perhaps of even greater concern, the pace at which technology and threats change far…

78 FR 56263 - In the Matter of Exmocare, Inc. (n/k/a Second Solar, Inc.), First Transation Management, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-12

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Exmocare, Inc. (n/k/a Second Solar, Inc.), First Transation Management, Inc., jetPADS, Inc., PepperBall Technologies, Inc., Pure Play... current and accurate information concerning the securities of PepperBall Technologies, Inc. because it has...

76 FR 35934 - In the Matter of: SHC Corp. (f/k/a Victormaxx Technologies, Inc.), Shells Seafood Restaurants...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-20

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of: SHC Corp. (f/k/a Victormaxx Technologies, Inc.), Shells Seafood Restaurants, Inc., SI Restructuring, Inc. (f/k/a Schlotzsky's, Inc.), SLS... a lack of current and accurate information concerning the securities of Shells Seafood Restaurants...

Privacy and security of patient data in the pathology laboratory.

PubMed

Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

A New Approach to Understanding Information Assurance

NASA Astrophysics Data System (ADS)

Blyth, Andrew; Williams, Colin; Bryant, Ian; Mattinson, Harvey

The growth of technologies such as ubiquitous and the mobile computing has resulted in the need for a rethinking of the security paradigm. Over the past forty years technology has made fast steps forward, yet most organisations still view security in terms of Confidentiality, Integrity and Availability (CIA). This model of security has expanded to include Non-Repudiation and Authentication. However this thinking fails to address the social, ethical and business requirements that the modern use of computing has generated. Today computing devices are integrated into every facet of business with the result that security technologies have struggled to keep pace with the rate of change. In this paper we will argue that the currently view that most organisations/stakeholders have of security is out-of-date, or in some cases wrong, and that the new view of security needs to be rooted in business impact and business function.

Safety and Security Interface Technology Initiative

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

Safety and Security Interface Technology Initiative Mr. Kevin J. Carroll Dr. Robert Lowrie, Dr. Micheal Lehto BWXT Y12 NSC Oak Ridge, TN 37831 865-576-2289/865-241-2772 carrollkj@y12.doe.gov Work Objective. Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. “Supporting Excellence in Operations Through Safety Analysis,” (workshop theme)more » includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is “Safeguards/Security Integration with Safety.” This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security Documentation Integration, Configuration Control, and development of a shared ‘tool box’ of information/successes. Specific Benefits. The expectation or end state resulting from the topical report and associated implementation plan includes: (1) A recommended process for handling the documentation of the security and safety disciplines, including an appropriate change control process and participation by all stakeholders. (2) A means to package security systems with sufficient information to help expedite the flow of that system through the process. In addition, a means to share successes among sites, to include information and safety basis to the extent such information is transportable. (3) Identification of key security systems and associated essential security elements being installed and an arrangement for the sites installing these systems to host an appropriate team to review a specific system and determine what information is exportable. (4) Identification of the security systems’ essential elements and appropriate controls required for testing of these essential elements in the facility. (5) The ability to help refine and improve an agreed to control set at the manufacture stage.« less

77 FR 58980 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-25

... technology security, --Cybersecurity Updates from Director of Cybersecurity, White House, --Presentation on... communications across federal agencies with the National Cybersecurity and Communications Integration Center...

Improving Insider Threat Training Awareness and Mitigation Programs at Nuclear Facilities.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abbott, Shannon

In recent years, insider threat programs have become an important aspect of nuclear security, and nuclear security training courses. However, many nuclear security insider threat programs fail to address the insider threat attack and monitoring potential that exists on information technology (IT) systems. This failure is critical because of the importance of information technology and networks in today’s world. IT systems offer an opportunity to perpetrate dangerous insider attacks, but they also present an opportunity to monitor for them and prevent them. This paper suggests a number of best practices for monitoring and preventing insider attacks on IT systems, andmore » proposes the development of a new IT insider threat tabletop that can be used to help train nuclear security practitioners on how best to implement IT insider threat prevention best practices. The development of IT insider threat best practices and a practical tabletop exercise will allow nuclear security practitioners to improve nuclear security trainings as it integrates a critical part of insider threat prevention into the broader nuclear security system.« less

Wireless networks of opportunity in support of secure field operations

NASA Astrophysics Data System (ADS)

Stehle, Roy H.; Lewis, Mark

1997-02-01

Under funding from the Defense Advanced Research Projects Agency (DARPA) for joint military and law enforcement technologies, demonstrations of secure information transfer in support of law enforcement and military operations other than war, using wireless and wired technology, were held in September 1996 at several locations in the United States. In this paper, the network architecture, protocols, and equipment supporting the demonstration's scenarios are presented, together with initial results, including lessons learned and desired system enhancements. Wireless networks of opportunity encompassed in-building (wireless-LAN), campus-wide (Metricom Inc.), metropolitan (AMPS cellular, CDPD), and national (one- and two-way satellite) systems. Evolving DARPA-sponsored packet radio technology was incorporated. All data was encrypted, using multilevel information system security initiative (MISSI)FORTEZZA technology, for carriage over unsecured and unclassified commercial networks. The identification and authentication process inherent in the security system permitted logging for database accesses and provided an audit trail useful in evidence gathering. Wireless and wireline communications support, to and between modeled crisis management centers, was demonstrated. Mechanisms for the guarded transport of data through the secret-high military tactical Internet were included, to support joint law enforcement and crisis management missions. A secure World Wide Web (WWW) browser forms the primary, user-friendly interface for information retrieval and submission. The WWW pages were structured to be sensitive to the bandwidth, error rate, and cost of the communications medium in use (e.g., the use of and resolution for graphical data). Both still and motion compressed video were demonstrated, along with secure voice transmission from laptop computers in the field. Issues of network bandwidth, airtime costs, and deployment status are discussed.

78 FR 65670 - Agency Information Collection Activities; Proposed Collection; Comment Request; Prior Notice of...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-01

... Food Under the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 AGENCY... appropriate, and other forms of information technology. Prior Notice of Imported Food Under the Public Health... 0910-0520)--Revision The Public Health Security and Bioterrorism Preparedness and Response Act of 2002...

NASA Blue Team: Determining Operational Security Posture of Critical Systems and Networks

NASA Technical Reports Server (NTRS)

Alley, Adam David

2016-01-01

Emergence of Cybersecurity has increased the focus on security risks to Information Technology (IT) assets going beyond traditional Information Assurance (IA) concerns: More sophisticated threats have emerged from increasing sources as advanced hacker tools and techniques have emerged and proliferated to broaden the attack surface available across globally interconnected networks.

Safeguarding Your Technology: Practical Guidelines for Electronic Education Information Security.

ERIC Educational Resources Information Center

Szuba, Tom

This guide was developed specifically for educational administrators at the building, campus, district, system, and state levels, and is meant to serve as a framework to help them better understand why and how to effectively secure their organization's information, software, and computer and networking equipment. This document is organized into 10…

A Model for an Information Security Risk Management (ISRM) Framework for Saudi Arabian Organisations

ERIC Educational Resources Information Center

Alshareef, Naser

2016-01-01

Countries in the Gulf represent thriving, globally important commercial centres. They have embraced technology and modern management methods, often originating in the western countries. In adapting to quite different cultures these do not always operate as successfully. The adoption and practices of the Information Security Risk Management (ISRM)…

NASA Automatic Information Security Handbook

NASA Technical Reports Server (NTRS)

1993-01-01

This handbook details the Automated Information Security (AIS) management process for NASA. Automated information system security is becoming an increasingly important issue for all NASA managers and with rapid advancements in computer and network technologies and the demanding nature of space exploration and space research have made NASA increasingly dependent on automated systems to store, process, and transmit vast amounts of mission support information, hence the need for AIS systems and management. This handbook provides the consistent policies, procedures, and guidance to assure that an aggressive and effective AIS programs is developed, implemented, and sustained at all NASA organizations and NASA support contractors.

75 FR 61783 - Proposed Collection; Request For Comments On A Revised Information Collection: (OMB Control No...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-06

... collection, ``We Need the Social Security Number of the Person Named Below'' (OMB Control No. 3206-0144; Form... technological collection techniques or other forms of information technology. Approximately 3,000 RI 38-45 forms...

75 FR 27602 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-17

... rules governing offers and sales of securities made outside the United States without registration under... clarification of the extent to which Section 5 of the Securities Act applies to offers and sales of securities... collection techniques or other forms of information technology. Consideration will be given to comments and...

Security Controls Hurt Research, NAS Warns.

ERIC Educational Resources Information Center

Kolata, Gina

1982-01-01

A National Academy of Sciences (NAS) report found no evidence that leaks of technical information from universities or other research centers have damaged national security. However, in areas where control is warranted, decisions should be based on criteria. These criteria and issues related to security control and technological transfer are…

A Study on Corporate Security Awareness and Compliance Behavior Intent

ERIC Educational Resources Information Center

Clark, Christine Y.

2013-01-01

Understanding the drivers to encourage employees' security compliance behavior is increasingly important in today's highly networked environment to protect computer and information assets of the company. The traditional approach for corporations to implement technology-based controls, to prevent security breaches is no longer sufficient.…

Network Security: What Non-Technical Administrators Must Know

ERIC Educational Resources Information Center

Council, Chip

2005-01-01

Now it is increasingly critical that community college leaders become involved in network security and partner with their directors of information technology (IT). Network security involves more than just virus protection software and firewalls. It involves vigilance and requires top executive support. Leaders can help their IT directors to…

Security and privacy issues of personal health.

PubMed

Blobel, Bernd; Pharow, Peter

2007-01-01

While health systems in developed countries and increasingly also in developing countries are moving from organisation-centred to person-centred health service delivery, the supporting communication and information technology is faced with new risks regarding security and privacy of stakeholders involved. The comprehensively distributed environment puts special burden on guaranteeing communication security services, but even more on guaranteeing application security services dealing with privilege management, access control and audit regarding social implication and connected sensitivity of personal information recorded, processed, communicated and stored in an even internationally distributed environment.

Design and Implementation of Website Information Disclosure Assessment System

PubMed Central

Cho, Ying-Chiang; Pan, Jen-Yi

2015-01-01

Internet application technologies, such as cloud computing and cloud storage, have increasingly changed people’s lives. Websites contain vast amounts of personal privacy information. In order to protect this information, network security technologies, such as database protection and data encryption, attract many researchers. The most serious problems concerning web vulnerability are e-mail address and network database leakages. These leakages have many causes. For example, malicious users can steal database contents, taking advantage of mistakes made by programmers and administrators. In order to mitigate this type of abuse, a website information disclosure assessment system is proposed in this study. This system utilizes a series of technologies, such as web crawler algorithms, SQL injection attack detection, and web vulnerability mining, to assess a website’s information disclosure. Thirty websites, randomly sampled from the top 50 world colleges, were used to collect leakage information. This testing showed the importance of increasing the security and privacy of website information for academic websites. PMID:25768434

An open, interoperable, and scalable prehospital information technology network architecture.

PubMed

Landman, Adam B; Rokos, Ivan C; Burns, Kevin; Van Gelder, Carin M; Fisher, Roger M; Dunford, James V; Cone, David C; Bogucki, Sandy

2011-01-01

Some of the most intractable challenges in prehospital medicine include response time optimization, inefficiencies at the emergency medical services (EMS)-emergency department (ED) interface, and the ability to correlate field interventions with patient outcomes. Information technology (IT) can address these and other concerns by ensuring that system and patient information is received when and where it is needed, is fully integrated with prior and subsequent patient information, and is securely archived. Some EMS agencies have begun adopting information technologies, such as wireless transmission of 12-lead electrocardiograms, but few agencies have developed a comprehensive plan for management of their prehospital information and integration with other electronic medical records. This perspective article highlights the challenges and limitations of integrating IT elements without a strategic plan, and proposes an open, interoperable, and scalable prehospital information technology (PHIT) architecture. The two core components of this PHIT architecture are 1) routers with broadband network connectivity to share data between ambulance devices and EMS system information services and 2) an electronic patient care report to organize and archive all electronic prehospital data. To successfully implement this comprehensive PHIT architecture, data and technology requirements must be based on best available evidence, and the system must adhere to health data standards as well as privacy and security regulations. Recent federal legislation prioritizing health information technology may position federal agencies to help design and fund PHIT architectures.

Information Analysis Methodology for Border Security Deployment Prioritization and Post Deployment Evaluation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Booker, Paul M.; Maple, Scott A.

2010-06-08

Due to international commerce, cross-border conflicts, and corruption, a holistic, information driven, approach to border security is required to best understand how resources should be applied to affect sustainable improvements in border security. The ability to transport goods and people by land, sea, and air across international borders with relative ease for legitimate commercial purposes creates a challenging environment to detect illicit smuggling activities that destabilize national level border security. Smuggling activities operated for profit or smuggling operations driven by cross border conflicts where militant or terrorist organizations facilitate the transport of materials and or extremists to advance a causemore » add complexity to smuggling interdiction efforts. Border security efforts are further hampered when corruption thwarts interdiction efforts or reduces the effectiveness of technology deployed to enhance border security. These issues necessitate the implementation of a holistic approach to border security that leverages all available data. Large amounts of information found in hundreds of thousands of documents can be compiled to assess national or regional borders to identify variables that influence border security. Location data associated with border topics of interest may be extracted and plotted to better characterize the current border security environment for a given country or region. This baseline assessment enables further analysis, but also documents the initial state of border security that can be used to evaluate progress after border security improvements are made. Then, border security threats are prioritized via a systems analysis approach. Mitigation factors to address risks can be developed and evaluated against inhibiting factor such as corruption. This holistic approach to border security helps address the dynamic smuggling interdiction environment where illicit activities divert to a new location that provides less resistance to smuggling activities after training or technology is deployed at a given location. This paper will present an approach to holistic border security information analysis.« less

Advances in Protection.

ERIC Educational Resources Information Center

Szczerba, Peter

2000-01-01

Explains how integrating information technology can extend the capabilities of school security systems far beyond traditional card access. Use of biometric identification technologies and digitized event recording are explored. (GR)

Natural language processing-based COTS software and related technologies survey.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Stickland, Michael G.; Conrad, Gregory N.; Eaton, Shelley M.

Natural language processing-based knowledge management software, traditionally developed for security organizations, is now becoming commercially available. An informal survey was conducted to discover and examine current NLP and related technologies and potential applications for information retrieval, information extraction, summarization, categorization, terminology management, link analysis, and visualization for possible implementation at Sandia National Laboratories. This report documents our current understanding of the technologies, lists software vendors and their products, and identifies potential applications of these technologies.

Using ESB and BPEL for Evolving Healthcare Systems Towards Pervasive, Grid-Enabled SOA

NASA Astrophysics Data System (ADS)

Koufi, V.; Malamateniou, F.; Papakonstantinou, D.; Vassilacopoulos, G.

Healthcare organizations often face the challenge of integrating diverse and geographically disparate information technology systems to respond to changing requirements and to exploit the capabilities of modern technologies. Hence, systems evolution, through modification and extension of the existing information technology infrastructure, becomes a necessity. Moreover, the availability of these systems at the point of care when needed is a vital issue for the quality of healthcare provided to patients. This chapter takes a process perspective of healthcare delivery within and across organizational boundaries and presents a disciplined approach for evolving healthcare systems towards a pervasive, grid-enabled service-oriented architecture using the enterprise system bus middleware technology for resolving integration issues, the business process execution language for supporting collaboration requirements and grid middleware technology for both addressing common SOA scalability requirements and complementing existing system functionality. In such an environment, appropriate security mechanisms must ensure authorized access to integrated healthcare services and data. To this end, a security framework addressing security aspects such as authorization and access control is also presented.

The Role of Healthcare Technology Management in Facilitating Medical Device Cybersecurity.

PubMed

Busdicker, Mike; Upendra, Priyanka

2017-09-02

This article discusses the role of healthcare technology management (HTM) in medical device cybersecurity and outlines concepts that are applicable to HTM professionals at a healthcare delivery organization or at an integrated delivery network, regardless of size. It provides direction for HTM professionals who are unfamiliar with the security aspects of managing healthcare technologies but are familiar with standards from The Joint Commission (TJC). It provides a useful set of recommendations, including relevant references for incorporating good security practices into HTM practice. Recommendations for policies, procedures, and processes referencing TJC standards are easily applicable to HTM departments with limited resources and to those with no resource concerns. The authors outline processes from their organization as well as best practices learned through information sharing at AAMI, National Health Information Sharing and Analysis Center (NH-ISAC), and Medical Device Innovation, Safety, and Security Consortium (MDISS) conferences and workshops.

77 FR 19025 - Extension of Agency Information Collection Activity Under OMB Review: Aircraft Operator Security

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-29

... appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of... with TSA-approved comprehensive security programs to ensure the safety of persons and property...

Medical systems and malware.

PubMed

Kusche, Kristopher P

2004-01-01

No longer just an information technology issue, network security requires a multifaceted, multidisciplinary approach to ensuring critical equipment functionality, data security, and patient safety. This article provides insight into the threat of malware and ways to deal with it.

Protecting the Privacy and Security of Your Health Information

MedlinePlus

... Access to Medical Records Privacy, Security, and HIPAA Laws, Regulation, and Policy Scientific Initiatives Standards & Technology Usability ... care providers and professionals, and the government. Federal laws require many of the key persons and organizations ...

An analysis of Indonesia’s information security index: a case study in a public university

NASA Astrophysics Data System (ADS)

Yustanti, W.; Qoiriah, A.; Bisma, R.; Prihanto, A.

2018-01-01

Ministry of Communication and Informatics of the Republic of Indonesia has issued the regulation number 4-2016 about Information Security Management System (ISMS) for all kind organizations. Public university as a government institution must apply this standard to assure its level of information security has complied ISO 27001:2013. This research is a preliminary study to evaluate the readiness of university IT services (case study in a public university) meets the requirement of ISO 27001:2013 using the Indonesia’s Information Security Index (IISI). There are six parameters used to measure the level of information security, these are the ICT role, governance, risk management, framework, asset management and technology. Each parameter consists of serial questions which must be answered and convert to a numeric value. The result shows the level of readiness and maturity to apply ISO 27001 standard.

Secure and interoperable communication infrastructures for PPDR organisations

NASA Astrophysics Data System (ADS)

Müller, Wilmuth; Marques, Hugo; Pereira, Luis; Rodriguez, Jonathan; Brouwer, Frank; Bouwers, Bert; Politis, Ilias; Lykourgiotis, Asimakis; Ladas, Alexandros; Adigun, Olayinka; Jelenc, David

2016-05-01

The growing number of events affecting public safety and security (PS&S) on a regional scale with potential to grow up to large scale cross border disasters puts an increased pressure on agencies and organisation responsible for PS&S. In order to respond timely and in an adequate manner to such events, Public Protection and Disaster Relief (PPDR) organisations need to cooperate, align their procedures and activities, share the needed information and be interoperable. Existing PPDR/PMR technologies such as TETRA, TETRAPOL or P25, do not currently provide broadband capability nor is expected such technologies to be upgraded in the future. This presents a major limitation in supporting new services and information flows. Furthermore, there is no known standard that addresses interoperability of these technologies. In this contribution the design of a next generation communication infrastructure for PPDR organisations which fulfills the requirements of secure and seamless end-to-end communication and interoperable information exchange within the deployed communication networks is presented. Based on Enterprise Architecture of PPDR organisations, a next generation PPDR network that is backward compatible with legacy communication technologies is designed and implemented, capable of providing security, privacy, seamless mobility, QoS and reliability support for mission-critical Private Mobile Radio (PMR) voice and broadband data services. The designed solution provides a robust, reliable, and secure mobile broadband communications system for a wide variety of PMR applications and services on PPDR broadband networks, including the ability of inter-system, interagency and cross-border operations with emphasis on interoperability between users in PMR and LTE.

77 FR 67329 - Information Collection Request, Servicing Minor Program Loans

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-09

... into by FSA. That section also authorizes transfers of security property, as the Secretary deems... lease of realty; disposition of property; conveyance of real property interest of the United States..., mechanical, or other technological collection techniques or other forms of information technology. All...

Arrangement on the Recognition of Common Criteria Certificates In the Field of Information Technology Security

DTIC Science & Technology

2000-05-01

Security Establishment from Canada and Ministry of Finance from Finland and Service Central de la Sécurité des Systèmes d’Information from France and...Nazionale per la Sicurezza CESIS III Reparto - UCSi from Italy and Ministry of the Interior and Kingdom Relations from The Netherlands and Page 3 of...39 HQ Defence Command Norway/Security Division from Norway and Ministerio de Administraciones Públicas from Spain and Communications-Electronics

Intelligent cloud computing security using genetic algorithm as a computational tools

NASA Astrophysics Data System (ADS)

Razuky AL-Shaikhly, Mazin H.

2018-05-01

An essential change had occurred in the field of Information Technology which represented with cloud computing, cloud giving virtual assets by means of web yet awesome difficulties in the field of information security and security assurance. Currently main problem with cloud computing is how to improve privacy and security for cloud “cloud is critical security”. This paper attempts to solve cloud security by using intelligent system with genetic algorithm as wall to provide cloud data secure, all services provided by cloud must detect who receive and register it to create list of users (trusted or un-trusted) depend on behavior. The execution of present proposal has shown great outcome.

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

NASA Technical Reports Server (NTRS)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

75 FR 63206 - Notice of Information Collection

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-14

... and cooperative agreement partners are required to submit new technology reports indicating new... technology to prepare patent reports through a hyperlink to the electronic New Technology Reporting Web (e...) to report new technology and patent notification directly, via a secure Internet connection, to NASA...

Enabling Patient Control of Personal Electronic Health Records Through Distributed Ledger Technology.

PubMed

Cunningham, James; Ainsworth, John

2017-01-01

The rise of distributed ledger technology, initiated and exemplified by the Bitcoin blockchain, is having an increasing impact on information technology environments in which there is an emphasis on trust and security. Management of electronic health records, where both conformation to legislative regulations and maintenance of public trust are paramount, is an area where the impact of these new technologies may be particularly beneficial. We present a system that enables fine-grained personalized control of third-party access to patients' electronic health records, allowing individuals to specify when and how their records are accessed for research purposes. The use of the smart contract based Ethereum blockchain technology to implement this system allows it to operate in a verifiably secure, trustless, and openly auditable environment, features crucial to health information systems moving forward.

Network Security via Biometric Recognition of Patterns of Gene Expression

NASA Technical Reports Server (NTRS)

Shaw, Harry C.

2016-01-01

Molecular biology provides the ability to implement forms of information and network security completely outside the bounds of legacy security protocols and algorithms. This paper addresses an approach which instantiates the power of gene expression for security. Molecular biology provides a rich source of gene expression and regulation mechanisms, which can be adopted to use in the information and electronic communication domains. Conventional security protocols are becoming increasingly vulnerable due to more intensive, highly capable attacks on the underlying mathematics of cryptography. Security protocols are being undermined by social engineering and substandard implementations by IT (Information Technology) organizations. Molecular biology can provide countermeasures to these weak points with the current security approaches. Future advances in instruments for analyzing assays will also enable this protocol to advance from one of cryptographic algorithms to an integrated system of cryptographic algorithms and real-time assays of gene expression products.

Keeping the Guard Up in a Down Economy: Investing in IT Security in Hard Times

ERIC Educational Resources Information Center

Voss, Brian D.; Siegel, Peter M.

2009-01-01

Considering the unprecedented budget hardships in higher education, now may not seem to be an auspicious time to be emphasizing the importance of continuing, or even perhaps increasing, investments in information security. Decisions regarding these matters are usually in the hands of the CIOs, leaving information technology (IT) leaders in…

An HIT Solution for Clinical Care and Disaster Planning: How One health Center in Joplin, MO Survived a Tornado and Avoided a Health Information Disaster.

PubMed

Shin, Peter; Jacobs, Feygele

2012-01-01

Since taking office, President Obama has made substantial investments in promoting the diffusion of health information technology (IT). The objective of the national health IT program is, generally, to enable health care providers to better manage patient care through secure use and sharing of health information. Through the use of technologies including electronic health records, providers can better maintain patient care information and facilitate communication, often improving care outcomes. The recent tornado in Joplin, MO highlights the importance of health information technology in the health center context, and illustrates the importance of secure electronic health information systems as a crucial element of disaster and business continuity planning. This article examines the experience of a community health center in the aftermath of the major tornado that swept through the American Midwest in the spring of 2011, and provides insight into the planning for disaster survival and recovery as it relates to patient records and health center data.

An HIT Solution for Clinical Care and Disaster Planning: How One health Center in Joplin, MO Survived a Tornado and Avoided a Health Information Disaster

PubMed Central

Shin, Peter; Jacobs, Feygele

2012-01-01

Since taking office, President Obama has made substantial investments in promoting the diffusion of health information technology (IT). The objective of the national health IT program is, generally, to enable health care providers to better manage patient care through secure use and sharing of health information. Through the use of technologies including electronic health records, providers can better maintain patient care information and facilitate communication, often improving care outcomes. The recent tornado in Joplin, MO highlights the importance of health information technology in the health center context, and illustrates the importance of secure electronic health information systems as a crucial element of disaster and business continuity planning. This article examines the experience of a community health center in the aftermath of the major tornado that swept through the American Midwest in the spring of 2011, and provides insight into the planning for disaster survival and recovery as it relates to patient records and health center data. PMID:23569622

Privacy and security of patient data in the pathology laboratory

PubMed Central

Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

Measuring Information Security: Guidelines to Build Metrics

NASA Astrophysics Data System (ADS)

von Faber, Eberhard

Measuring information security is a genuine interest of security managers. With metrics they can develop their security organization's visibility and standing within the enterprise or public authority as a whole. Organizations using information technology need to use security metrics. Despite the clear demands and advantages, security metrics are often poorly developed or ineffective parameters are collected and analysed. This paper describes best practices for the development of security metrics. First attention is drawn to motivation showing both requirements and benefits. The main body of this paper lists things which need to be observed (characteristic of metrics), things which can be measured (how measurements can be conducted) and steps for the development and implementation of metrics (procedures and planning). Analysis and communication is also key when using security metrics. Examples are also given in order to develop a better understanding. The author wants to resume, continue and develop the discussion about a topic which is or increasingly will be a critical factor of success for any security managers in larger organizations.

Assessing the Alignment of Information Security with Strategic Business, and Strategic Information System Planning: A Department of Defense Perspective

DTIC Science & Technology

2010-06-01

Wolfgang. "Appraisal of the effectivness and efficiency of an Information Security Management System based on ISO 27001 ." International Conference on...of corporate information resources (Doherty and 29 Fulford, 2006) ( ISO /IEC 17799, 2005). Both public and private sectors of business have...Science Ltd, 2002. Iacovou, Charalambos L. "The IPACS project: when IT hits the fan." Journal of Information Technology, 1999: 267-275. ISO /IEC 17799

Mobile health requires mobile security: challenges, solutions, and standardization.

PubMed

Pharow, Peter; Blobel, Bernd

2008-01-01

Extended communication and advanced cooperation in a permanently growing healthcare and welfare domain require a well-defined set of security services provided by an interoperable security infrastructure based on international and European standards. Any communication and collaboration procedure requires a purpose. But such legal purpose-binding is definitely not the only aspect to carefully be observed and investigated. More and more, aspects of security, safety, privacy, ethics, and quality reach importance while discussing about future-proof health information systems and health networks - regardless whether local, regional or even pan-European networks. During the course of the current paradigm change from an organization-centered to a process-related and to a person-centered health system, different new technologies including mobile solutions need to be applied in order to meet challenges arising from both legal and technical circumstances. Beside the typical Information and Communication Technology systems and applications, the extended use of modern technologies includes large medical devices like, e.g., MRI and CT but also small devices like sensors worn by a person or included in clothing. Security and safety are on top of the priority list. The paper addresses the identification of some specific aspects like mobile technology and safety when moving both IT and people towards mobile health aiming at increasing citizens and patients awareness, confidence, and acceptance in future mobile care - a world often still beyond the horizon.

77 FR 61620 - Privacy Act of 1974; Home Equity Reverse Mortgage Information Technology (HERMIT)-Notice of...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-10

... borrowers who participate in the HECM program: Name, title, property addresses, birthdates, Social Security... submitted to the Office of Management and Budget (OMB), the Senate Committee on Homeland Security and... addresses, birthdates, Social Security Numbers, phone numbers and dates of death; case-level details on the...

Exploring health information technology education: an analysis of the research.

PubMed

Virgona, Thomas

2012-01-01

This article is an analysis of the Health Information Technology Education published research. The purpose of this study was to examine selected literature using variables such as journal frequency, keyword analysis, universities associated with the research and geographic diversity. The analysis presented in this paper has identified intellectually significant studies that have contributed to the development and accumulation of intellectual wealth of Health Information Technology. The keyword analysis suggests that Health Information Technology research has evolved from establishing concepts and domains of health information systems, technology and management to contemporary issues such as education, outsourcing, web services and security. The research findings have implications for educators, researchers, journal.

Firewall systems: the next generation

NASA Astrophysics Data System (ADS)

McGhie, Lynda L.

1996-01-01

To be competitive in today's globally connected marketplace, a company must ensure that their internal network security methodologies and supporting policies are current and reflect an overall understanding of today's technology and its resultant threats. Further, an integrated approach to information security should ensure that new ways of sharing information and doing business are accommodated; such as electronic commerce, high speed public broadband network services, and the federally sponsored National Information Infrastructure. There are many challenges, and success is determined by the establishment of a solid and firm baseline security architecture that accommodate today's external connectivity requirements, provides transitional solutions that integrate with evolving and dynamic technologies, and ultimately acknowledges both the strategic and tactical goals of an evolving network security architecture and firewall system. This paper explores the evolution of external network connectivity requirements, the associated challenges and the subsequent development and evolution of firewall security systems. It makes the assumption that a firewall is a set of integrated and interoperable components, coming together to form a `SYSTEM' and must be designed, implement and managed as such. A progressive firewall model will be utilized to illustrates the evolution of firewall systems from earlier models utilizing separate physical networks, to today's multi-component firewall systems enabling secure heterogeneous and multi-protocol interfaces.

48 CFR 239.7101 - Definition.

Code of Federal Regulations, 2011 CFR

2011-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7101 Definition. Information assurance, as used in this subpart, means...

48 CFR 239.7101 - Definition.

Code of Federal Regulations, 2012 CFR

2012-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7101 Definition. Information assurance, as used in this subpart, means...

48 CFR 239.7101 - Definition.

Code of Federal Regulations, 2014 CFR

2014-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7101 Definition. Information assurance, as used in this subpart, means...

48 CFR 239.7101 - Definition.

Code of Federal Regulations, 2013 CFR

2013-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7101 Definition. Information assurance, as used in this subpart, means...

48 CFR 239.7101 - Definition.

Code of Federal Regulations, 2010 CFR

2010-10-01

... OF DEFENSE SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Security and Privacy for Computer Systems 239.7101 Definition. Information assurance, as used in this subpart, means...

Sandia National Laboratories: Sandia National Laboratories: Missions:

Science.gov Websites

; Security Weapons Science & Technology Defense Systems & Assessments About Defense Systems & ; Development Technology Deployment Centers Working With Sandia Working With Sandia Prospective Suppliers What Information Construction & Facilities Contract Audit Sandia's Economic Impact Licensing & Technology

Trends in Research on the Security of Medical Information in Korea: Focused on Information Privacy Security in Hospitals.

PubMed

Kim, Yong-Woon; Cho, Namin; Jang, Hye-Jung

2018-01-01

Information technology involves a risk of privacy violation in providing easy access to confidential information,such as personal information and medical information through the Internet. In this study, we investigated medical information security to gain a better understanding of trends in research related to medical information security. We researched papers published on '의료정보' and 'medical information' in various Korean journals during a 10-year period from 2005 to 2015. We also analyzed these journal papers for each fiscal year; these papers were categorized into the areas of literature research and empirical research, and were further subdivided according to themes and subjects. It was confirmed that 48 papers were submitted to 35 academic journals. There were 33 (68.8%) literature review articles, and analysis of secondary data was not carried out at all. In terms of empirical research, 8 (16.7%) surveys and 7 (14.6%) program developments were studied. As a result of analyzing these papers according to the research theme by research method, 17 (35.4%) papers on laws, systems, and policies were the most numerous. It was found that among the literature research papers on medical personnel were the most common, and among the empirical research papers, research on experts in information protection and medical personnel were the most common. We suggest that further research should be done in terms of social perception, human resource development, and technology development to improve risk management in medical information systems.

How ISO/IEC 17799 can be used for base lining information assurance among entities using data mining for defense, homeland security, commercial, and other civilian/commercial domains

NASA Astrophysics Data System (ADS)

Perry, William G.

2006-04-01

One goal of database mining is to draw unique and valid perspectives from multiple data sources. Insights that are fashioned from closely-held data stores are likely to possess a high degree of reliability. The degree of information assurance comes into question, however, when external databases are accessed, combined and analyzed to form new perspectives. ISO/IEC 17799, Information technology-Security techniques-Code of practice for information security management, can be used to establish a higher level of information assurance among disparate entities using data mining in the defense, homeland security, commercial and other civilian/commercial domains. Organizations that meet ISO/IEC information security standards have identified and assessed risks, threats and vulnerabilities and have taken significant proactive steps to meet their unique security requirements. The ISO standards address twelve domains: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management and business continuity management and compliance. Analysts can be relatively confident that if organizations are ISO 17799 compliant, a high degree of information assurance is likely to be a characteristic of the data sets being used. The reverse may be true. Extracting, fusing and drawing conclusions based upon databases with a low degree of information assurance may be wrought with all of the hazards that come from knowingly using bad data to make decisions. Using ISO/IEC 17799 as a baseline for information assurance can help mitigate these risks.

Stennis holds Information Technology Expo

NASA Image and Video Library

2010-06-16

Brian Wagner (l to r) with the U.S. Navy, Andrew Hiukenbein with NVision Solutions and Theresa Avoskey with the Naval Oceanographic Office at Stennis Space Center learn about the latest improvements in making flash drives secure during an Information Technology Expo held June 16. Various area companies visited Stennis during the day to offer exhibits for employees on a range of information technology topics. The theme of the daylong expo was 'The Road to Green IT Computing.'

Optical Security System Based on the Biometrics Using Holographic Storage Technique with a Simple Data Format

NASA Astrophysics Data System (ADS)

Jun, An Won

2006-01-01

We implement a first practical holographic security system using electrical biometrics that combines optical encryption and digital holographic memory technologies. Optical information for identification includes a picture of face, a name, and a fingerprint, which has been spatially multiplexed by random phase mask used for a decryption key. For decryption in our biometric security system, a bit-error-detection method that compares the digital bit of live fingerprint with of fingerprint information extracted from hologram is used.

Information Assurance in Wireless Networks

NASA Astrophysics Data System (ADS)

Kabara, Joseph; Krishnamurthy, Prashant; Tipper, David

2001-09-01

Emerging wireless networks will contain a hybrid infrastructure based on fixed, mobile and ad hoc topologies and technologies. In such a dynamic architecture, we define information assurance as the provisions for both information security and information availability. The implications of this definition are that the wireless network architecture must (a) provide sufficient security measures, (b) be survivable under node or link attack or failure and (c) be designed such that sufficient capacity remains for all critical services (and preferably most other services) in the event of attack or component failure. We have begun a research project to investigate the provision of information assurance for wireless networks viz. survivability, security and availability and here discuss the issues and challenges therein.

Security and privacy issues with health care information technology.

PubMed

Meingast, Marci; Roosta, Tanya; Sastry, Shankar

2006-01-01

The face of health care is changing as new technologies are being incorporated into the existing infrastructure. Electronic patient records and sensor networks for in-home patient monitoring are at the current forefront of new technologies. Paper-based patient records are being put in electronic format enabling patients to access their records via the Internet. Remote patient monitoring is becoming more feasible as specialized sensors can be placed inside homes. The combination of these technologies will improve the quality of health care by making it more personalized and reducing costs and medical errors. While there are benefits to technologies, associated privacy and security issues need to be analyzed to make these systems socially acceptable. In this paper we explore the privacy and security implications of these next-generation health care technologies. We describe existing methods for handling issues as well as discussing which issues need further consideration.

Information-Flow-Based Access Control for Web Browsers

NASA Astrophysics Data System (ADS)

Yoshihama, Sachiko; Tateishi, Takaaki; Tabuchi, Naoshi; Matsumoto, Tsutomu

The emergence of Web 2.0 technologies such as Ajax and Mashup has revealed the weakness of the same-origin policy[1], the current de facto standard for the Web browser security model. We propose a new browser security model to allow fine-grained access control in the client-side Web applications for secure mashup and user-generated contents. We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege of scripts in the event-driven programming model.

Sandia National Laboratories Strategic Context Workshop Series 2017: National Security Futures for Strategic Thinking.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Keller, Elizabeth James Kistin; Roll, Elizabeth; Aamir, Munaf Syed

In August 2017, Sandia convened five workshops to explore the future of advanced technologies and global peace and security through the lenses of deterrence, information, innovation, nonproliferation, and population and Earth systems.

Report: FISMA - Fiscal Year 2004 Status of EPA’s Computer Security Program

EPA Pesticide Factsheets

Report #2004-S-00007, September 30, 2004. This report synopsizes the results of information technology security work the U.S. Environmental Protection Agency’s Office of Inspector General (OIG) performed during Fiscal Year (FY) 2004.

76 FR 29014 - Self-Regulatory Organizations; NASDAQ Stock Market, LLC; Notice of Filing and Immediate...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-19

... those who meet the Professional definition have certain technological and informational advantages over... Chapter I, Section I (Definitions). See also Securities Exchange Act Release Nos. 63028 (October 1, 2010... Professionals have the same technological and informational advantages as broker-dealers trading for their own...

Towards an Enterprise Level Measure of Security

ERIC Educational Resources Information Center

Marchant, Robert L.

2013-01-01

Vulnerabilities of Information Technology (IT) Infrastructure have grown at the similar pace (at least) as the sophistication and complexity of the technology that is the cornerstone of our IT enterprises. Despite massive increased funding for research, for development, and to support deployment of Information Assurance (IA) defenses, the damages…

75 FR 62399 - Office of the National Coordinator for Health Information Technology; HIT Standards Committee...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-08

..., implementation, and privacy and security. HIT Standards Committee Schedule for the Assessment of HIT Policy... recommendations received from the HIT Policy Committee regarding health information technology standards...), section 3003. Erin Poetter, Office of Policy and Planning, Office of the National Coordinator for Health...

A computer science approach to managing security in health care.

PubMed

Asirelli, P; Braccini, G; Caramella, D; Coco, A; Fabbrini, F

2002-09-01

The security of electronic medical information is very important for health care organisations, which have to ensure confidentiality, integrity and availability of the information provided. This paper will briefly outline the legal measures adopted by the European Community, Italy and the United States to regulate the use and disclosure of medical records. It will then go on to highlight how information technology can help to address these issues with special reference to the management of organisation policies. To this end, we will present a modelling example for the security policy of a radiological department.

Strategy for IT Security

NASA Technical Reports Server (NTRS)

Santiago, S. Scott; Moyles, Thomas J. (Technical Monitor)

2001-01-01

This viewgraph presentation provides information on the importance of information technology (IT) security (ITS) to NASA's mission. Several points are made concerning the subject. In order for ITS to be successful, it must be supported by management. NASA, while required by law to keep the public informed of its pursuits, must take precautions due to possible IT-based incursions by computer hackers and other malignant persons. Fear is an excellent motivation for establishing and maintaining a robust ITS policy. The ways in which NASA ITS personnel continually increase security are manifold, however a great deal relies upon the active involvement of the entire NASA community.

78 FR 68040 - President's Council of Advisors on Science and Technology Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-13

... provide updates on its studies of education information technology and cyber- security. Additional... DEPARTMENT OF ENERGY President's Council of Advisors on Science and Technology Meeting AGENCY... Science and Technology (PCAST), and describes the functions of the Council. Notice of this meeting is...

Adoption of information technology by resident physicians.

PubMed

Parekh, Selene G; Nazarian, David G; Lim, Charles K

2004-04-01

The Internet represents a technological revolution that is transforming our society. In the healthcare industry, physicians have been typified as slow adopters of information technology. However, young physicians, having been raised in a computer-prevalent society, may be more likely to embrace technology. We attempt to characterize the use and acceptance of the Internet and information technology among resident physicians in a large academic medical center and to assess concerns regarding privacy, security, and credibility of information on the Internet. A 41-question survey was distributed to 150 pediatric, medical, and surgical residents at an urban, academic medical center. One hundred thirty-five residents completed the survey (response rate of 90%). Responses were evaluated and statistical analysis was done. The majority of resident physicians in our survey have adopted the tools of information technology. Ninety-eight percent used the Internet and 96% use e-mail. Two-thirds of the respondents used the Internet for healthcare-related purposes and a similar percentage thought that the Internet has affected their practice of medicine positively. The majority of residents thought that Internet healthcare services such as electronic medical records, peer-support websites, and remote patient monitoring would be beneficial for the healthcare industry. However, they are concerned about the credibility, privacy, and security of health and medical information online. The majority of resident physicians in our institution use Internet and information technology in their practice of medicine. Most think that the Internet will continue to have a beneficial role in the healthcare industry.