Sample records for security management system
-
Correlation Research of Medical Security Management System Network Platform in Medical Practice
NASA Astrophysics Data System (ADS)
Jie, Wang; Fan, Zhang; Jian, Hao; Li-nong, Yu; Jun, Fei; Ping, Hao; Ya-wei, Shen; Yue-jin, Chang
Objective-The related research of medical security management system network in medical practice. Methods-Establishing network platform of medical safety management system, medical security network host station, medical security management system(C/S), medical security management system of departments and sections, comprehensive query, medical security disposal and examination system. Results-In medical safety management, medical security management system can reflect the hospital medical security problem, and can achieve real-time detection and improve the medical security incident detection rate. Conclusion-The application of the research in the hospital management implementation, can find hospital medical security hidden danger and the problems of medical disputes, and can help in resolving medical disputes in time and achieve good work efficiency, which is worth applying in the hospital practice.
-
5 CFR 930.301 - Information systems security awareness training program.
Code of Federal Regulations, 2011 CFR
2011-01-01
... training in system/application life cycle management, risk management, and contingency planning. (4) Chief... security management, system/application life cycle management, risk management, and contingency planning..., risk management, and contingency planning. (b) Provide the Federal information systems security...
-
5 CFR 930.301 - Information systems security awareness training program.
Code of Federal Regulations, 2010 CFR
2010-01-01
... training in system/application life cycle management, risk management, and contingency planning. (4) Chief... security management, system/application life cycle management, risk management, and contingency planning..., risk management, and contingency planning. (b) Provide the Federal information systems security...
-
2010-08-22
practice for information security management ( ISO /IEC 27002 ),” “Information technology — Security techniques — Information security management...systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security techniques — Information security risk management ( ISO /IEC 27005).” from...associated practice aids. Perhaps the most germane discovery from this effort was a draft ISO standard on Systems and software engineering, Systems and
-
5 CFR 9701.405 - Performance management system requirements.
Code of Federal Regulations, 2010 CFR
2010-01-01
... requirements. 9701.405 Section 9701.405 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Performance Management § 9701.405 Performance...
-
Information Security Management - Part Of The Integrated Management System
NASA Astrophysics Data System (ADS)
Manea, Constantin Adrian
2015-07-01
The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security
-
2010-08-22
Commission (IEC). “Information technology — Security techniques — Code of practice for information security management ( ISO /IEC 27002 ...Information technology — Security techniques — Information security management systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security...was a draft ISO standard on Systems and software engineering, Systems and software assurance [18]. Created by systems engineers for systems
-
5 CFR 9701.512 - Conferring on procedures for the exercise of management rights.
Code of Federal Regulations, 2010 CFR
2010-01-01
... SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.512...
-
5 CFR 9701.231 - Conversion of positions and employees to the DHS classification system.
Code of Federal Regulations, 2010 CFR
2010-01-01
... HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification Transitional...
-
5 CFR 9701.526 - Continuation of existing laws, recognitions, agreements, and procedures.
Code of Federal Regulations, 2010 CFR
2010-01-01
... HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations...
-
5 CFR 9701.313 - Homeland Security Compensation Committee.
Code of Federal Regulations, 2010 CFR
2010-01-01
... MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Overview of Pay System § 9701.313... Undersecretary for Management. The Compensation Committee has 14 members, including 4 officials of labor...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES... establishment of a new human resources management system within the Department of Homeland Security (DHS), as...
-
5 CFR 930.301 - Information systems security awareness training program.
Code of Federal Regulations, 2012 CFR
2012-01-01
... training in system/application life cycle management, risk management, and contingency planning. (4) Chief... security management, system/application life cycle management, risk management, and contingency planning... management; and management and implementation level training in system/application life cycle management...
-
5 CFR 9701.373 - Conversion of employees to the DHS pay system.
Code of Federal Regulations, 2010 CFR
2010-01-01
... system. 9701.373 Section 9701.373 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Transitional Provisions...
-
5 CFR 9701.527 - Savings provision.
Code of Federal Regulations, 2011 CFR
2011-01-01
....527 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.527 Savings provision. This subpart does not...
-
5 CFR 9701.516 - Allotments to representatives.
Code of Federal Regulations, 2011 CFR
2011-01-01
... Section 9701.516 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.516 Allotments to representatives...
-
5 CFR 9701.516 - Allotments to representatives.
Code of Federal Regulations, 2012 CFR
2012-01-01
... Section 9701.516 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.516 Allotments to representatives...
-
5 CFR 9701.516 - Allotments to representatives.
Code of Federal Regulations, 2014 CFR
2014-01-01
... Section 9701.516 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.516 Allotments to representatives...
-
5 CFR 9701.516 - Allotments to representatives.
Code of Federal Regulations, 2013 CFR
2013-01-01
... Section 9701.516 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.516 Allotments to representatives...
-
5 CFR 9701.523 - Official time.
Code of Federal Regulations, 2010 CFR
2010-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.523 Official time. (a) Any employee representing an...
-
5 CFR 9701.527 - Savings provision.
Code of Federal Regulations, 2010 CFR
2010-01-01
....527 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.527 Savings provision. This subpart does not...
-
Code of Federal Regulations, 2011 CFR
2011-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Performance Management § 9701.401 Purpose. (a) This subpart provides for the establishment...
-
5 CFR 9701.410 - DHS responsibilities.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 9701.410 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Performance Management § 9701.410 DHS responsibilities. In carrying out its...
-
5 CFR 9701.507 - Employee rights.
Code of Federal Regulations, 2010 CFR
2010-01-01
....507 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.507 Employee rights. Each employee has the...
-
5 CFR 9701.314 - DHS responsibilities.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 9701.314 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Overview of Pay System § 9701.314 DHS...
-
5 CFR 9701.522 - Exceptions to arbitration awards.
Code of Federal Regulations, 2010 CFR
2010-01-01
....522 Section 9701.522 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.522 Exceptions to arbitration...
-
5 CFR 9701.502 - Rule of construction.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 9701.502 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.502 Rule of construction. In interpreting this...
-
5 CFR 9701.517 - Unfair labor practices.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 9701.517 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.517 Unfair labor practices. (a) For the...
-
5 CFR 9701.407 - Monitoring performance and providing feedback.
Code of Federal Regulations, 2010 CFR
2010-01-01
... feedback. 9701.407 Section 9701.407 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Performance Management § 9701.407 Monitoring...
-
5 CFR 9701.334 - Setting and adjusting locality and special rate supplements.
Code of Federal Regulations, 2010 CFR
2010-01-01
... SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Locality and...
-
5 CFR 9701.525 - Regulations of the HSLRB.
Code of Federal Regulations, 2010 CFR
2010-01-01
... Section 9701.525 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.525 Regulations of the HSLRB. The...
-
5 CFR 9701.406 - Setting and communicating performance expectations.
Code of Federal Regulations, 2010 CFR
2010-01-01
... expectations. 9701.406 Section 9701.406 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Performance Management § 9701.406 Setting and...
-
5 CFR 9701.513 - Exclusive recognition of labor organizations.
Code of Federal Regulations, 2010 CFR
2010-01-01
... organizations. 9701.513 Section 9701.513 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.513 Exclusive...
-
5 CFR 9701.323 - Eligibility for pay increase associated with a rate range adjustment.
Code of Federal Regulations, 2010 CFR
2010-01-01
... SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Setting and...
-
5 CFR 9701.335 - Eligibility for pay increase associated with a supplement adjustment.
Code of Federal Regulations, 2010 CFR
2010-01-01
... SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Locality and...
-
FAA computer security : concerns remain due to personnel and other continuing weaknesses
DOT National Transportation Integrated Search
2000-08-01
FAA has a history of computer security weaknesses in a number of areas, including its physical security management at facilities that house air traffic control (ATC) systems, systems security for both operational and future systems, management struct...
-
5 CFR 9701.520 - Standards of conduct for labor organizations.
Code of Federal Regulations, 2010 CFR
2010-01-01
... organizations. 9701.520 Section 9701.520 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.520 Standards of...
-
2017 Joint Annual NDIA/AIA Industrial Security Committee Fall Conference
2017-11-15
beyond credit data to offer the insights that government professionals need to make informed decisions and ensure citizen safety, manage compliance...business that provides information technology and professional services. We specialize in managing business processes and systems integration for both... Information Security System ISFD Industrial Security Facilities Database OBMS ODAA Business Management System STEPP Security, Training, Education and
-
5 CFR 9701.313 - Homeland Security Compensation Committee.
Code of Federal Regulations, 2011 CFR
2011-01-01
... MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Overview of Pay System § 9701.313... to provide options and/or recommendations for consideration by the Secretary or designee on strategic...
-
Code of Federal Regulations, 2013 CFR
2013-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification Classification Structure § 9701.212 Bands. (a) For purposes of identifying...
-
5 CFR 9701.221 - Classification requirements.
Code of Federal Regulations, 2013 CFR
2013-01-01
... Section 9701.221 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification Classification Process § 9701.221 Classification...
-
5 CFR 9701.221 - Classification requirements.
Code of Federal Regulations, 2012 CFR
2012-01-01
... Section 9701.221 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification Classification Process § 9701.221 Classification...
-
5 CFR 9701.221 - Classification requirements.
Code of Federal Regulations, 2014 CFR
2014-01-01
... Section 9701.221 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification Classification Process § 9701.221 Classification...
-
5 CFR 9701.221 - Classification requirements.
Code of Federal Regulations, 2011 CFR
2011-01-01
... Section 9701.221 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification Classification Process § 9701.221 Classification...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Adverse Actions General § 9701.601 Purpose. This subpart contains regulations prescribing...
-
5 CFR 9701.211 - Occupational clusters.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 9701.211 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification Classification Structure § 9701.211 Occupational clusters. For...
-
5 CFR 9701.105 - Continuing collaboration.
Code of Federal Regulations, 2011 CFR
2011-01-01
... Section 9701.105 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM General Provisions § 9701.105 Continuing collaboration. (a) In...
-
5 CFR 9701.105 - Continuing collaboration.
Code of Federal Regulations, 2010 CFR
2010-01-01
... Section 9701.105 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM General Provisions § 9701.105 Continuing collaboration. (a) In...
-
5 CFR 9701.609 - Proposal notice.
Code of Federal Regulations, 2010 CFR
2010-01-01
....609 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Adverse Actions Requirements for Furlough of 30 Days Or Less, Suspension...
-
5 CFR 9701.612 - Departmental record.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 9701.612 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Adverse Actions Requirements for Furlough of 30 Days Or Less, Suspension...
-
Code of Federal Regulations, 2011 CFR
2011-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration General § 9701.301 Purpose. (a) This subpart contains...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Adverse Actions General § 9701.603 Definitions. In this subpart: Adverse action means a...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Adverse Actions General § 9701.604 Coverage. (a) Actions covered. This subpart covers...
-
5 CFR 9701.107 - Program evaluation.
Code of Federal Regulations, 2010 CFR
2010-01-01
....107 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM General Provisions § 9701.107 Program evaluation. (a) DHS will establish...
-
Code of Federal Regulations, 2011 CFR
2011-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification General § 9701.204 Definitions. In this subpart: Band means a work level or...
-
Code of Federal Regulations, 2014 CFR
2014-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification General § 9701.204 Definitions. In this subpart: Band means a work level or...
-
5 CFR 9701.345 - Developmental pay adjustments.
Code of Federal Regulations, 2011 CFR
2011-01-01
... Section 9701.345 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Performance-Based Pay § 9701.345...
-
Code of Federal Regulations, 2012 CFR
2012-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification General § 9701.204 Definitions. In this subpart: Band means a work level or...
-
5 CFR 9701.345 - Developmental pay adjustments.
Code of Federal Regulations, 2012 CFR
2012-01-01
... Section 9701.345 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Performance-Based Pay § 9701.345...
-
Code of Federal Regulations, 2013 CFR
2013-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification General § 9701.204 Definitions. In this subpart: Band means a work level or...
-
5 CFR 9701.345 - Developmental pay adjustments.
Code of Federal Regulations, 2013 CFR
2013-01-01
... Section 9701.345 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Performance-Based Pay § 9701.345...
-
5 CFR 9701.345 - Developmental pay adjustments.
Code of Federal Regulations, 2014 CFR
2014-01-01
... Section 9701.345 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Performance-Based Pay § 9701.345...
-
5 CFR 9701.102 - Eligibility and coverage.
Code of Federal Regulations, 2010 CFR
2010-01-01
... Section 9701.102 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM General Provisions § 9701.102 Eligibility and coverage. (a) All...
-
5 CFR 9701.610 - Opportunity to reply.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 9701.610 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Adverse Actions Requirements for Furlough of 30 Days Or Less, Suspension...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay...
-
5 CFR 9701.104 - Scope of authority.
Code of Federal Regulations, 2010 CFR
2010-01-01
....104 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM General Provisions § 9701.104 Scope of authority. Subject to the requirements...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay...
-
5 CFR 9701.222 - Reconsideration of classification decisions.
Code of Federal Regulations, 2010 CFR
2010-01-01
... decisions. 9701.222 Section 9701.222 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification Classification Process § 9701.222...
-
5 CFR 9701.361 - Special skills payments.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 9701.361 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Special Payments § 9701.361 Special skills payments...
-
5 CFR 9701.343 - Within-band reductions.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 9701.343 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Performance-Based Pay § 9701.343 Within-band...
-
5 CFR 9701.321 - Structure of bands.
Code of Federal Regulations, 2010 CFR
2010-01-01
....321 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Setting and Adjusting Rate Ranges § 9701.321...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay...
-
Intelligent community management system based on the devicenet fieldbus
NASA Astrophysics Data System (ADS)
Wang, Yulan; Wang, Jianxiong; Liu, Jiwen
2013-03-01
With the rapid development of the national economy and the improvement of people's living standards, people are making higher demands on the living environment. And the estate management content, management efficiency and service quality have been higher required. This paper in-depth analyzes about the intelligent community of the structure and composition. According to the users' requirements and related specifications, it achieves the district management systems, which includes Basic Information Management: the management level of housing, household information management, administrator-level management, password management, etc. Service Management: standard property costs, property charges collecting, the history of arrears and other property expenses. Security Management: household gas, water, electricity and security and other security management, security management district and other public places. Systems Management: backup database, restore database, log management. This article also carries out on the Intelligent Community System analysis, proposes an architecture which is based on B / S technology system. And it has achieved a global network device management with friendly, easy to use, unified human - machine interface.
-
A model for international border management systems.
DOE Office of Scientific and Technical Information (OSTI.GOV)
Duggan, Ruth Ann
2008-09-01
To effectively manage the security or control of its borders, a country must understand its border management activities as a system. Using its systems engineering and security foundations as a Department of Energy National Security Laboratory, Sandia National Laboratories has developed such an approach to modeling and analyzing border management systems. This paper describes the basic model and its elements developed under Laboratory Directed Research and Development project 08-684.
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and...
-
5 CFR 9701.408 - Developing performance and addressing poor performance.
Code of Federal Regulations, 2010 CFR
2010-01-01
... HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Performance Management § 9701.408...
-
Security in the management of information systems.
Huston, T L; Huston, J L
1998-06-01
Although security technology exists in abundance in health information management systems, the implementation of that technology is often lacking. This lack of implementation can be heavily affected by the attitudes and perceptions of users and management, the "people part" of systems. Particular operational, organizational, and economic factors must be addressed along with employment of security objectives and accountability. Unique threats, as well as controls, pervade the use of microcomputer-based systems as these systems permeate health care information management.
-
DOT National Transportation Integrated Search
2013-12-27
This report presents an analysis by Booz Allen Hamilton (Booz Allen) of the technical design for the Security Credentials Management System (SCMS) intended to support communications security for the connected vehicle system. The SCMS technical design...
-
5 CFR 9701.232 - Special transition rules for Federal Air Marshal Service.
Code of Federal Regulations, 2010 CFR
2010-01-01
... Marshal Service. 9701.232 Section 9701.232 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification Transitional Provisions § 9701.232...
-
5 CFR 9701.374 - Special transition rules for Federal Air Marshal Service.
Code of Federal Regulations, 2010 CFR
2010-01-01
... Marshal Service. 9701.374 Section 9701.374 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Transitional Provisions...
-
Federal Register 2010, 2011, 2012, 2013, 2014
2010-02-23
... risk of harm to economic or property interests, identity theft or fraud, or harm to the security or... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2009-0041] Privacy Act of 1974; Department of Homeland Security/ALL--023 Personnel Security Management System of Records AGENCY...
-
77 FR 60401 - Privacy Act of 1974; Systems of Records
Federal Register 2010, 2011, 2012, 2013, 2014
2012-10-03
... computer password protection.'' * * * * * System manager(s) and address: Delete entry and replace with...; Systems of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to amend a system of records. SUMMARY: The National Security Agency (NSA) is proposing to amend a system of...
-
5 CFR 9701.510 - Powers and duties of the Federal Labor Relations Authority.
Code of Federal Regulations, 2010 CFR
2010-01-01
... HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.510...
-
5 CFR 9701.355 - Setting pay upon movement to a different occupational cluster.
Code of Federal Regulations, 2010 CFR
2010-01-01
... occupational cluster. 9701.355 Section 9701.355 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Pay Administration § 9701...
-
5 CFR 9701.222 - Reconsideration of classification decisions.
Code of Federal Regulations, 2012 CFR
2012-01-01
... RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification Classification Process § 9701.222...
-
5 CFR 9701.222 - Reconsideration of classification decisions.
Code of Federal Regulations, 2013 CFR
2013-01-01
... RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification Classification Process § 9701.222...
-
5 CFR 9701.222 - Reconsideration of classification decisions.
Code of Federal Regulations, 2014 CFR
2014-01-01
... RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification Classification Process § 9701.222...
-
5 CFR 9701.222 - Reconsideration of classification decisions.
Code of Federal Regulations, 2011 CFR
2011-01-01
... RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification Classification Process § 9701.222...
-
NASA Technical Reports Server (NTRS)
Gilliam, David P.; Feather, Martin S.
2004-01-01
Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.
-
Identity and Access Management and Security in Higher Education.
ERIC Educational Resources Information Center
Bruhn, Mark; Gettes, Michael; West, Ann
2003-01-01
Discusses the drivers for an identity management system (IdM), components of this system, and its role within a school security strategy, focusing on: basic access management; requirements for access management; middleware support for an access management system; IdM implementation considerations (e.g., access eligibilities, authentication…
-
The Management and Security Expert (MASE)
NASA Technical Reports Server (NTRS)
Miller, Mark D.; Barr, Stanley J.; Gryphon, Coranth D.; Keegan, Jeff; Kniker, Catherine A.; Krolak, Patrick D.
1991-01-01
The Management and Security Expert (MASE) is a distributed expert system that monitors the operating systems and applications of a network. It is capable of gleaning the information provided by the different operating systems in order to optimize hardware and software performance; recognize potential hardware and/or software failure, and either repair the problem before it becomes an emergency, or notify the systems manager of the problem; and monitor applications and known security holes for indications of an intruder or virus. MASE can eradicate much of the guess work of system management.
-
Achieving Safety through Security Management
NASA Astrophysics Data System (ADS)
Ridgway, John
Whilst the achievement of safety objectives may not be possible purely through the administration of an effective Information Security Management System (ISMS), your job as safety manager will be significantly eased if such a system is in place. This paper seeks to illustrate the point by drawing a comparison between two of the prominent standards within the two disciplines of security and safety management.
-
Strengthening the Security of ESA Ground Data Systems
NASA Astrophysics Data System (ADS)
Flentge, Felix; Eggleston, James; Garcia Mateos, Marc
2013-08-01
A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.
-
Security Management Strategies for Protecting Your Library's Network.
ERIC Educational Resources Information Center
Ives, David J.
1996-01-01
Presents security procedures for protecting a library's computer system from potential threats by patrons or personnel, and describes how security can be breached. A sidebar identifies four areas of concern in security management: the hardware, the operating system, the network, and the user interface. A selected bibliography of sources on…
-
Making Our Buildings Safer: Security Management and Equipment Issues.
ERIC Educational Resources Information Center
Clark, James H.
1997-01-01
Discusses three major components of library security: physical security of the environment; operating procedures for library staff, the public, and security personnel; and a contract security force (or campus security in academic institutions.) Topics include risk management; maintenance; appropriate technology, including security systems and…
-
48 CFR 339.7102 - Applicability.
Code of Federal Regulations, 2013 CFR
2013-10-01
... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...
-
48 CFR 339.7102 - Applicability.
Code of Federal Regulations, 2014 CFR
2014-10-01
... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...
-
48 CFR 339.7102 - Applicability.
Code of Federal Regulations, 2012 CFR
2012-10-01
... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...
-
48 CFR 339.7102 - Applicability.
Code of Federal Regulations, 2011 CFR
2011-10-01
... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...
-
5 CFR 9701.511 - Management rights.
Code of Federal Regulations, 2012 CFR
2012-01-01
... 5 Administrative Personnel 3 2012-01-01 2012-01-01 false Management rights. 9701.511 Section 9701.511 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN...
-
5 CFR 9701.511 - Management rights.
Code of Federal Regulations, 2011 CFR
2011-01-01
... 5 Administrative Personnel 3 2011-01-01 2011-01-01 false Management rights. 9701.511 Section 9701.511 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN...
-
5 CFR 9701.511 - Management rights.
Code of Federal Regulations, 2014 CFR
2014-01-01
... 5 Administrative Personnel 3 2014-01-01 2014-01-01 false Management rights. 9701.511 Section 9701.511 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN...
-
5 CFR 9701.511 - Management rights.
Code of Federal Regulations, 2013 CFR
2013-01-01
... 5 Administrative Personnel 3 2013-01-01 2013-01-01 false Management rights. 9701.511 Section 9701.511 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN...
-
5 CFR 9701.511 - Management rights.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Management rights. 9701.511 Section 9701.511 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN...
-
Securely and Flexibly Sharing a Biomedical Data Management System
Wang, Fusheng; Hussels, Phillip; Liu, Peiya
2011-01-01
Biomedical database systems need not only to address the issues of managing complex data, but also to provide data security and access control to the system. These include not only system level security, but also instance level access control such as access of documents, schemas, or aggregation of information. The latter is becoming more important as multiple users can share a single scientific data management system to conduct their research, while data have to be protected before they are published or IP-protected. This problem is challenging as users’ needs for data security vary dramatically from one application to another, in terms of who to share with, what resources to be shared, and at what access level. We develop a comprehensive data access framework for a biomedical data management system SciPort. SciPort provides fine-grained multi-level space based access control of resources at not only object level (documents and schemas), but also space level (resources set aggregated in a hierarchy way). Furthermore, to simplify the management of users and privileges, customizable role-based user model is developed. The access control is implemented efficiently by integrating access privileges into the backend XML database, thus efficient queries are supported. The secure access approach we take makes it possible for multiple users to share the same biomedical data management system with flexible access management and high data security. PMID:21625285
-
NASA Technical Reports Server (NTRS)
Tompkins, F. G.
1983-01-01
This report presents guidance to NASA Computer security officials for developing ADP security risk management plans. The six components of the risk management process are identified and discussed. Guidance is presented on how to manage security risks that have been identified during a risk analysis performed at a data processing facility or during the security evaluation of an application system.
-
NASA Astrophysics Data System (ADS)
Brown, Willie L., Jr.
Global terrorism continues to persist despite the great efforts of various countries to protect and safely secure their citizens. As airports form the entry and exit ports of a country, they are one of the most vulnerable locations to terror attacks. Managers of international airports constantly face similar challenges in developing and implementing airport security protocols. Consequently, the technological advances of today have brought both positive and negative impacts on security and terrorism of airports, which are mostly managed by the airport managers. The roles of the managers have greatly increased over the years due to technological advances. The developments in technology have had different roles in security, both in countering terrorism and, at the same time, increasing the communication methods of the terrorists. The purpose of this qualitative multiple case study was to investigate the perspectives of airport managers with regard to societal security and social interactions in the socio-technical systems of the National Terrorism Advisory System (NTAS). Through the data gained regarding managers' perception and experiences, the researcher hoped to enable the development of security measures and policies that are appropriate for airports as socio-technical systems. The researcher conducted interviews with airport managers to gather relevant data to fulfill the rationale of the study. Ten to twelve airport managers based in three commercial aviation airports in Maryland, United States participated in the study. The researcher used a qualitative thematic analysis procedure to analyze the data responses of participants in the interview sessions.
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES..., to provide Governmentwide oversight in human resources management programs and practices. Department...
-
[How to establish the hospital information system security policies].
Gong, Qing-Yue; Shi, Cheng
2008-03-01
It is important to establish the hospital information system security policies. While these security policies are being established, a comprehensive consideration should be given to the acceptable levels of users, IT supporters and hospital managers. We should have a formal policy designing process that is consistently followed by all security policies. Reasons for establishing the security policies and their coverage and applicable objects should be stated clearly. Besides, each policy should define user's responsibilities and penalties of violation. Every organization will need some key policies, such as of information sources usage, remote access, information protection, perimeter security, and baseline host/device security. Security managing procedures are the mechanisms to enforce the policies. An incident-handling procedure is the most important security managing procedure for all organizations.
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES... resources are allocated for the design, implementation, and administration of the performance management...
-
Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald
2013-01-01
Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).
-
5 CFR 9701.409 - Rating and rewarding performance.
Code of Federal Regulations, 2014 CFR
2014-01-01
... MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Performance Management § 9701.409 Rating and rewarding... 5 Administrative Personnel 3 2014-01-01 2014-01-01 false Rating and rewarding performance. 9701...
-
5 CFR 9701.409 - Rating and rewarding performance.
Code of Federal Regulations, 2012 CFR
2012-01-01
... MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Performance Management § 9701.409 Rating and rewarding... 5 Administrative Personnel 3 2012-01-01 2012-01-01 false Rating and rewarding performance. 9701...
-
5 CFR 9701.409 - Rating and rewarding performance.
Code of Federal Regulations, 2011 CFR
2011-01-01
... MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Performance Management § 9701.409 Rating and rewarding... 5 Administrative Personnel 3 2011-01-01 2011-01-01 false Rating and rewarding performance. 9701...
-
5 CFR 9701.409 - Rating and rewarding performance.
Code of Federal Regulations, 2013 CFR
2013-01-01
... MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Performance Management § 9701.409 Rating and rewarding... 5 Administrative Personnel 3 2013-01-01 2013-01-01 false Rating and rewarding performance. 9701...
-
Design and implementation of a secure workflow system based on PKI/PMI
NASA Astrophysics Data System (ADS)
Yan, Kai; Jiang, Chao-hui
2013-03-01
As the traditional workflow system in privilege management has the following weaknesses: low privilege management efficiency, overburdened for administrator, lack of trust authority etc. A secure workflow model based on PKI/PMI is proposed after studying security requirements of the workflow systems in-depth. This model can achieve static and dynamic authorization after verifying user's ID through PKC and validating user's privilege information by using AC in workflow system. Practice shows that this system can meet the security requirements of WfMS. Moreover, it can not only improve system security, but also ensures integrity, confidentiality, availability and non-repudiation of the data in the system.
-
Information security management system planning for CBRN facilities
DOE Office of Scientific and Technical Information (OSTI.GOV)
Lenaeu, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.
The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.
-
MAVEN Information Security Governance, Risk Management, and Compliance (GRC): Lessons Learned
NASA Technical Reports Server (NTRS)
Takamura, Eduardo; Gomez-Rosa, Carlos A.; Mangum, Kevin; Wasiak, Fran
2014-01-01
As the first interplanetary mission managed by the NASA Goddard Space Flight Center, the Mars Atmosphere and Volatile EvolutioN (MAVEN) had three IT security goals for its ground system: COMPLIANCE, (IT) RISK REDUCTION, and COST REDUCTION. In a multiorganizational environment in which government, industry and academia work together in support of the ground system and mission operations, information security governance, risk management, and compliance (GRC) becomes a challenge as each component of the ground system has and follows its own set of IT security requirements. These requirements are not necessarily the same or even similar to each other's, making the auditing of the ground system security a challenging feat. A combination of standards-based information security management based on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), due diligence by the Mission's leadership, and effective collaboration among all elements of the ground system enabled MAVEN to successfully meet NASA's requirements for IT security, and therefore meet Federal Information Security Management Act (FISMA) mandate on the Agency. Throughout the implementation of GRC on MAVEN during the early stages of the mission development, the Project faced many challenges some of which have been identified in this paper. The purpose of this paper is to document these challenges, and provide a brief analysis of the lessons MAVEN learned. The historical information documented herein, derived from an internal pre-launch lessons learned analysis, can be used by current and future missions and organizations implementing and auditing GRC.
-
CMMI(Registered) for Services, Version 1.3
2010-11-01
ISO 2008b] ISO /IEC 27001 :2005 Information technology – Security techniques – Information Security Management Systems – Requirements [ ISO /IEC 2005...Commission. ISO /IEC 27001 Information Technology – Security Techniques – Information Security Management Systems – Requirements, 2005. http...CMM or International Organization for Standardization ( ISO ) 9001, you will immediately recognize many similarities in their structure and content
-
A Security Audit Framework to Manage Information System Security
NASA Astrophysics Data System (ADS)
Pereira, Teresa; Santos, Henrique
The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.
-
Information Systems Security Management: A Review and a Classification of the ISO Standards
NASA Astrophysics Data System (ADS)
Tsohou, Aggeliki; Kokolakis, Spyros; Lambrinoudakis, Costas; Gritzalis, Stefanos
The need for common understanding and agreement of functional and non-functional requirements is well known and understood by information system designers. This is necessary for both: designing the "correct" system and achieving interoperability with other systems. Security is maybe the best example of this need. If the understanding of the security requirements is not the same for all involved parties and the security mechanisms that will be implemented do not comply with some globally accepted rules and practices, then the system that will be designed will not necessarily achieve the desired security level and it will be very difficult to securely interoperate with other systems. It is therefore clear that the role and contribution of international standards to the design and implementation of security mechanisms is dominant. In this paper we provide a state of the art review on information security management standards published by the International Organization for Standardization and the International Electrotechnical Commission. Such an analysis is meaningful to security practitioners for an efficient management of information security. Moreover, the classification of the standards in the clauses of ISO/IEC 27001:2005 that results from our analysis is expected to provide assistance in dealing with the plethora of security standards.
-
A secure file manager for UNIX
DOE Office of Scientific and Technical Information (OSTI.GOV)
DeVries, R.G.
1990-12-31
The development of a secure file management system for a UNIX-based computer facility with supercomputers and workstations is described. Specifically, UNIX in its usual form does not address: (1) Operation which would satisfy rigorous security requirements. (2) Online space management in an environment where total data demands would be many times the actual online capacity. (3) Making the file management system part of a computer network in which users of any computer in the local network could retrieve data generated on any other computer in the network. The characteristics of UNIX can be exploited to develop a portable, secure filemore » manager which would operate on computer systems ranging from workstations to supercomputers. Implementation considerations making unusual use of UNIX features, rather than requiring extensive internal system changes, are described, and implementation using the Cray Research Inc. UNICOS operating system is outlined.« less
-
Report #12-P-0836, September 20, 2012. EPA's OEI is not managing key system management documentation, system administration functions, the granting and monitoring of privileged accounts, and the application of security controls associated with its DSS.
-
Implementing an Information Security Program
DOE Office of Scientific and Technical Information (OSTI.GOV)
Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.
The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to covermore » information security best practices, planning for an information security management system, and implementing security controls for information security.« less
-
Birds of a Feather: Supporting Secure Systems
DOE Office of Scientific and Technical Information (OSTI.GOV)
Braswell III, H V
2006-04-24
Over the past few years Lawrence Livermore National Laboratory has begun the process of moving to a diskless environment in the Secure Computer Support realm. This movement has included many moving targets and increasing support complexity. We would like to set up a forum for Security and Support professionals to get together from across the Complex and discuss current deployments, lessons learned, and next steps. This would include what hardware, software, and hard copy based solutions are being used to manage Secure Computing. The topics to be discussed include but are not limited to: Diskless computing, port locking and management,more » PC, Mac, and Linux/UNIX support and setup, system imaging, security setup documentation and templates, security documentation and management, customer tracking, ticket tracking, software download and management, log management, backup/disaster recovery, and mixed media environments.« less
-
5 CFR 930.301 - Information systems security awareness training program.
Code of Federal Regulations, 2013 CFR
2013-01-01
....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2013-01-01 2013-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...
-
5 CFR 930.301 - Information systems security awareness training program.
Code of Federal Regulations, 2014 CFR
2014-01-01
....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2014-01-01 2014-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...
-
ERIC Educational Resources Information Center
Sauls, Jeff; Gudigantala, Naveen
2013-01-01
Managing IT security and assurance is a top priority for organizations. Aware of the costs associated with a security or privacy breach, organizations are constantly vigilant about protecting their data and IT systems. In addition, organizations are investing heavily in IT resources to keep up with the challenges of managing their IT security and…
-
Code of Federal Regulations, 2013 CFR
2013-04-01
... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Internal risk management control system requirements for supervised investment bank holding companies. 240.17i-4 Section 240.17i-4 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934...
-
Code of Federal Regulations, 2012 CFR
2012-04-01
... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Internal risk management control system requirements for supervised investment bank holding companies. 240.17i-4 Section 240.17i-4 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934...
-
Computer Security Products Technology Overview
1988-10-01
13 3. DATABASE MANAGEMENT SYSTEMS ................................... 15 Definition...this paper addresses fall into the areas of multi-user hosts, database management systems (DBMS), workstations, networks, guards and gateways, and...provide a portion of that protection, for example, a password scheme, a file protection mechanism, a secure database management system, or even a
-
Analysis of information security management systems at 5 domestic hospitals with more than 500 beds.
Park, Woo-Sung; Seo, Sun-Won; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam
2010-06-01
The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS.
-
NASA Astrophysics Data System (ADS)
Feng, Nan; Wu, Harris; Li, Minqiang; Wu, Desheng; Chen, Fuzan; Tian, Jin
2016-09-01
Information sharing across organisations is critical to effectively managing the security risks of inter-organisational information systems. Nevertheless, few previous studies on information systems security have focused on inter-organisational information sharing, and none have studied the sharing of inferred beliefs versus factual observations. In this article, a multiagent collaborative model (MACM) is proposed as a practical solution to assess the risk level of each allied organisation's information system and support proactive security treatment by sharing beliefs on event probabilities as well as factual observations. In MACM, for each allied organisation's information system, we design four types of agents: inspection agent, analysis agent, control agent, and communication agent. By sharing soft findings (beliefs) in addition to hard findings (factual observations) among the organisations, each organisation's analysis agent is capable of dynamically predicting its security risk level using a Bayesian network. A real-world implementation illustrates how our model can be used to manage security risks in distributed information systems and that sharing soft findings leads to lower expected loss from security risks.
-
2012-11-01
Abbreviations BPC building partner capacity DOD Department of Defense DSCA Defense Security Cooperation Agency EFTS Enhanced Freight Tracking System...SCOs are ready to receive a planned delivery. For both FMS and pseudo-FMS processes, DOD uses the Enhanced Freight Tracking System ( EFTS ), a secure...providing data for this system. The Security Assistance Management Manual recommends that SCOs use the EFTS to maintain awareness of incoming shipments
-
77 FR 56662 - Homeland Security Science and Technology Advisory Committee (HSSTAC)
Federal Register 2010, 2011, 2012, 2013, 2014
2012-09-13
... as new developments in systems engineering, cyber-security, knowledge management and how best to... Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The Homeland Security Science and... the Under Secretary on policies, management processes, and organizational constructs as needed. Agenda...
-
78 FR 66949 - Homeland Security Science and Technology Advisory Committee (HSSTAC)
Federal Register 2010, 2011, 2012, 2013, 2014
2013-11-07
... Technology, such as new developments in systems engineering, cyber-security, knowledge management and how... Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The Homeland Security Science and... also advises the Under Secretary on policies, management processes, and organizational constructs as...
-
17 CFR 240.15c3-4 - Internal risk management control systems for OTC derivatives dealers.
Code of Federal Regulations, 2014 CFR
2014-04-01
... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Internal risk management control systems for OTC derivatives dealers. 240.15c3-4 Section 240.15c3-4 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934 Rules and Regulations Under the...
-
Prototype system of secure VOD
NASA Astrophysics Data System (ADS)
Minemura, Harumi; Yamaguchi, Tomohisa
1997-12-01
Secure digital contents delivery systems are to realize copyright protection and charging mechanism, and aim at secure delivery service of digital contents. Encrypted contents delivery and history (log) management are means to accomplish this purpose. Our final target is to realize a video-on-demand (VOD) system that can prevent illegal usage of video data and manage user history data to achieve a secure video delivery system on the Internet or Intranet. By now, mainly targeting client-server systems connected with enterprise LAN, we have implemented and evaluated a prototype system based on the investigation into the delivery method of encrypted video contents.
-
41 CFR 105-64.209 - What special conditions apply to accessing law enforcement and security records?
Code of Federal Regulations, 2012 CFR
2012-01-01
... and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES... enforcement and security records are generally exempt from disclosure to individuals except when the system.... If so, the system manager will notify you of the existence of the record and disclose the information...
-
41 CFR 105-64.209 - What special conditions apply to accessing law enforcement and security records?
Code of Federal Regulations, 2011 CFR
2011-01-01
... and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES... enforcement and security records are generally exempt from disclosure to individuals except when the system.... If so, the system manager will notify you of the existence of the record and disclose the information...
-
41 CFR 105-64.209 - What special conditions apply to accessing law enforcement and security records?
Code of Federal Regulations, 2013 CFR
2013-07-01
... and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES... enforcement and security records are generally exempt from disclosure to individuals except when the system.... If so, the system manager will notify you of the existence of the record and disclose the information...
-
41 CFR 105-64.209 - What special conditions apply to accessing law enforcement and security records?
Code of Federal Regulations, 2014 CFR
2014-01-01
... and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES... enforcement and security records are generally exempt from disclosure to individuals except when the system.... If so, the system manager will notify you of the existence of the record and disclose the information...
-
17 CFR 240.3b-15 - Definition of ancillary portfolio management securities activities.
Code of Federal Regulations, 2010 CFR
2010-04-01
... governing body of the dealer and included in the internal risk management control system for the dealer... of incidental trading activities for portfolio management purposes; and (3) Are limited to risk... portfolio management securities activities. 240.3b-15 Section 240.3b-15 Commodity and Securities Exchanges...
-
A cooperative model for IS security risk management in distributed environment.
Feng, Nan; Zheng, Chundong
2014-01-01
Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.
-
NASA Astrophysics Data System (ADS)
Mohammadi, Hadi
Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to create and design a Security and Critical Patch Management Process (SCPMP) framework based on Systems Engineering (SE) principles. This framework will assist Information Technology Department Staff (ITDS) to reduce IT operating time and costs and mitigate the risk of security and vulnerability attacks. Further, this study evaluates implementation of the SCPMP in the networked computing systems of an academic environment in order to: 1. Meet patch management requirements by applying SE principles. 2. Reduce the cost of IT operations and PVM cycles. 3. Improve the current PVM methodologies to prevent networked computing systems from becoming the targets of security vulnerability attacks. 4. Embed a Maintenance Optimization Tool (MOT) in the proposed framework. The MOT allows IT managers to make the most practicable choice of methods for deploying and installing released patches and vulnerability remediation. In recent years, there has been a variety of frameworks for security practices in every networked computing system to protect computer workstations from becoming compromised or vulnerable to security attacks, which can expose important information and critical data. I have developed a new mechanism for implementing PVM for maximizing security-vulnerability maintenance, protecting OS and software packages, and minimizing SCPMP cost. To increase computing system security in any diverse environment, particularly in academia, one must apply SCPMP. I propose an optimal maintenance policy that will allow ITDS to measure and estimate the variation of PVM cycles based on their department's requirements. My results demonstrate that MOT optimizes the process of implementing SCPMP in academic workstations.
-
Moghaddasi, Hamid; Sajjadi, Samad; Kamkarhaghighi, Mehran
2016-01-01
Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. The "data security models" presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the "needs and improvement" cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced.
-
Moghaddasi, Hamid; Kamkarhaghighi, Mehran
2016-01-01
Introduction: Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. Background: The “data security models” presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the “needs and improvement” cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Findings: Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Conclusion: Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced. PMID:27857823
-
5 CFR 9701.322 - Setting and adjusting rate ranges.
Code of Federal Regulations, 2010 CFR
2010-01-01
... MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Setting and Adjusting Rate Ranges... operational reasons, these adjustments will become effective on or about the date of the annual General...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...
-
Code of Federal Regulations, 2014 CFR
2014-01-01
... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...
-
Code of Federal Regulations, 2012 CFR
2012-01-01
... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...
-
Code of Federal Regulations, 2013 CFR
2013-01-01
... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...
-
Code of Federal Regulations, 2011 CFR
2011-01-01
... information and proprietary information in the Federal Docket Management System (FDMS)? 11.35 Section 11.35... RULEMAKING PROCEDURES Rulemaking Procedures General § 11.35 Does FAA include sensitive security information and proprietary information in the Federal Docket Management System (FDMS)? (a) Sensitive security...
-
Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds
Park, Woo-Sung; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam
2010-01-01
Objectives The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. Methods The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. Results With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. Conclusions The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS. PMID:21818429
-
75 FR 18841 - Office for Civil Rights; Privacy Act of 1974, Amended System of Records
Federal Register 2010, 2011, 2012, 2013, 2014
2010-04-13
... Privacy Act of 1974, Federal Information Security Management Act of 2002, Computer Security Act of 1987... 1974, Federal Information Security Management Act of 2002, Computer Security Act of 1987, the Paperwork... Oversight, the Chair of the Senate Committee on Homeland Security and Governmental Affairs, and the...
-
77 FR 26254 - Privacy Act of 1974; System of Records
Federal Register 2010, 2011, 2012, 2013, 2014
2012-05-03
... media. Retrievability: By name, Social Security Number (SSN), employee identification number, or... General. Categories of records in the system: Individual's name, Social Security Number (SSN), employee... erasure or destruction of magnetic media. System manager(s) and address: Inspector General, National...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES... adequate resources are allocated for the design, implementation, and administration of the performance...
-
22 CFR 308.9 - Records systems-management and control.
Code of Federal Regulations, 2014 CFR
2014-04-01
... monitoring the security standards set forth in these regulations. (b) A designated official (System Manager... and for insuring that such records are secured in appropriate containers wherever not in use or in the...
-
22 CFR 308.9 - Records systems-management and control.
Code of Federal Regulations, 2012 CFR
2012-04-01
... monitoring the security standards set forth in these regulations. (b) A designated official (System Manager... and for insuring that such records are secured in appropriate containers wherever not in use or in the...
-
22 CFR 308.9 - Records systems-management and control.
Code of Federal Regulations, 2013 CFR
2013-04-01
... monitoring the security standards set forth in these regulations. (b) A designated official (System Manager... and for insuring that such records are secured in appropriate containers wherever not in use or in the...
-
22 CFR 308.9 - Records systems-management and control.
Code of Federal Regulations, 2010 CFR
2010-04-01
... monitoring the security standards set forth in these regulations. (b) A designated official (System Manager... and for insuring that such records are secured in appropriate containers wherever not in use or in the...
-
22 CFR 308.9 - Records systems-management and control.
Code of Federal Regulations, 2011 CFR
2011-04-01
... monitoring the security standards set forth in these regulations. (b) A designated official (System Manager... and for insuring that such records are secured in appropriate containers wherever not in use or in the...
-
41 CFR 102-192.80 - How do we develop written security policies and plans?
Code of Federal Regulations, 2014 CFR
2014-01-01
... service and/or the Federal Protective Service to develop agency mail security policies and plans. The... written security policies and plans? 102-192.80 Section 102-192.80 Public Contracts and Property Management Federal Property Management Regulations System (Continued) FEDERAL MANAGEMENT REGULATION...
-
41 CFR 102-192.80 - How do we develop written security policies and plans?
Code of Federal Regulations, 2013 CFR
2013-07-01
... service and/or the Federal Protective Service to develop agency mail security policies and plans. The... written security policies and plans? 102-192.80 Section 102-192.80 Public Contracts and Property Management Federal Property Management Regulations System (Continued) FEDERAL MANAGEMENT REGULATION...
-
41 CFR 102-192.80 - How do we develop written security policies and plans?
Code of Federal Regulations, 2012 CFR
2012-01-01
... service and/or the Federal Protective Service to develop agency mail security policies and plans. The... written security policies and plans? 102-192.80 Section 102-192.80 Public Contracts and Property Management Federal Property Management Regulations System (Continued) FEDERAL MANAGEMENT REGULATION...
-
41 CFR 102-192.80 - How do we develop written security policies and plans?
Code of Federal Regulations, 2011 CFR
2011-01-01
... service and/or the Federal Protective Service to develop agency mail security policies and plans. The... written security policies and plans? 102-192.80 Section 102-192.80 Public Contracts and Property Management Federal Property Management Regulations System (Continued) FEDERAL MANAGEMENT REGULATION...
-
A Cooperative Model for IS Security Risk Management in Distributed Environment
Zheng, Chundong
2014-01-01
Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively. PMID:24563626
-
Federal Register 2010, 2011, 2012, 2013, 2014
2013-11-21
... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [DHS-2013-0073] Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency, Federal Government--001 National Defense Executive Reserve System of Records AGENCY: Department of Homeland Security, Privacy Office...
-
Safe teleradiology: information assurance as project planning methodology
NASA Astrophysics Data System (ADS)
Collmann, Jeff R.; Alaoui, Adil; Nguyen, Dan; Lindisch, David
2003-05-01
This project demonstrates use of OCTAVE, an information security risk assessment method, as an approach to the safe design and planning of a teleradiology system. By adopting this approach to project planning, we intended to provide evidence that including information security as an intrinsic component of project planning improves information assurance and that using information assurance as a planning tool produces and improves the general system management plan. Several considerations justify this approach to planning a safe teleradiology system. First, because OCTAVE was designed as a method for retrospectively assessing and proposing enhancements for the security of existing information management systems, it should function well as a guide to prospectively designing and deploying a secure information system such as teleradiology. Second, because OCTAVE provides assessment and planning tools for use primarily by interdisciplinary teams from user organizations, not consultants, it should enhance the ability of such teams at the local level to plan safe information systems. Third, from the perspective of sociological theory, OCTAVE explicitly attempts to enhance organizational conditions identified as necessary to safely manage complex technologies. Approaching information system design from the perspective of information security risk management proactively integrates health information assurance into a project"s core. This contrasts with typical approaches that perceive "security" as a secondary attribute to be "added" after designing the system and with approaches that identify information assurance only with security devices and user training. The perspective of health information assurance embraces so many dimensions of a computerized health information system"s design that one may successfully deploy a method for retrospectively assessing information security risk as a prospective planning tool. From a sociological perspective, this approach enhances the general conditions as well as establishes specific policies and procedures for reliable performance of health information assurance.
-
Advanced approach to information security management system model for industrial control system.
Park, Sanghyun; Lee, Kyungho
2014-01-01
Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.
-
Advanced Approach to Information Security Management System Model for Industrial Control System
2014-01-01
Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS. PMID:25136659
-
ITIL{sup ®} and information security
DOE Office of Scientific and Technical Information (OSTI.GOV)
Jašek, Roman; Králík, Lukáš; Popelka, Miroslav
2015-03-10
This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.
-
Code of Federal Regulations, 2010 CFR
2010-07-01
... other expenses associated with telephone service); and (g) Security systems (including installation and other expenses associated with security systems). Utilization of Space ... Public Contracts and Property Management Federal Property Management Regulations System (Continued...
-
Managing information technology security risk
NASA Technical Reports Server (NTRS)
Gilliam, David
2003-01-01
Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.
-
48 CFR 339.7102 - Applicability.
Code of Federal Regulations, 2010 CFR
2010-10-01
... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability. Contracting Officers are responsible for ensuring that all information technology acquisitions comply with the Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...
-
Code of Federal Regulations, 2011 CFR
2011-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES... Department's mission foremost in mind. The regulations also recognize the rights of DHS employees to organize...
-
DOE Office of Scientific and Technical Information (OSTI.GOV)
Settlemyer, S.R.
1991-09-01
The Nuclear Weapons Management System combines the strengths of an expert system with the flexibility of a database management system to assist the Weapons Officer, Security Officer, and the Personnel Reliability Program Officer in the performance of administrative duties associated with the nuclear weapons programs in the United States Navy. This thesis examines the need for, and ultimately the design of, a system that will assist the Security Officer in administrative duties associated with the Shipboard Self Defense Force. This system, designed and coded utilizing dBASE IV, can be implemented as a stand alone system. Furthermore, it interfaces with themore » expert system submodule that handles the PRP screening process.« less
-
Information technology security system engineering methodology
NASA Technical Reports Server (NTRS)
Childs, D.
2003-01-01
A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.
-
NASA Astrophysics Data System (ADS)
Kuhn, D. R.; Tracy, Miles C.; Frankel, Sheila E.
2002-08-01
This document is intended to assist those responsible - users, system administrators, and management - for telecommuting security, by providing introductory information about broadband communication security and policy, security of home office systems, and considerations for system administrators in the central office. It addresses concepts relating to the selection, deployment, and management of broadband communications for a telecommuting user. This document is not intended to provide a mandatory framework for telecommuting or home office broadband communication environments, but rather to present suggested approaches to the topic.
-
12 CFR 792.67 - Security of systems of records.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Security of systems of records. 792.67 Section... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792.67 Security of systems of records. (a) Each system manager, with the approval of the head of that...
-
DOE Office of Scientific and Technical Information (OSTI.GOV)
Duren, Mike; Aldridge, Hal; Abercrombie, Robert K
2013-01-01
Compromises attributable to the Advanced Persistent Threat (APT) highlight the necessity for constant vigilance. The APT provides a new perspective on security metrics (e.g., statistics based cyber security) and quantitative risk assessments. We consider design principals and models/tools that provide high assurance for energy delivery systems (EDS) operations regardless of the state of compromise. Cryptographic keys must be securely exchanged, then held and protected on either end of a communications link. This is challenging for a utility with numerous substations that must secure the intelligent electronic devices (IEDs) that may comprise complex control system of systems. For example, distribution andmore » management of keys among the millions of intelligent meters within the Advanced Metering Infrastructure (AMI) is being implemented as part of the National Smart Grid initiative. Without a means for a secure cryptographic key management system (CKMS) no cryptographic solution can be widely deployed to protect the EDS infrastructure from cyber-attack. We consider 1) how security modeling is applied to key management and cyber security concerns on a continuous basis from design through operation, 2) how trusted models and key management architectures greatly impact failure scenarios, and 3) how hardware-enabled trust is a critical element to detecting, surviving, and recovering from attack.« less
-
DOE Office of Scientific and Technical Information (OSTI.GOV)
Schurman, D.L.; Datesman, G.H. Jr; Truitt, J.O.
The report presents a system for evaluating and correcting deficiencies in security-force effectiveness in licensed nuclear facilities. There are four checklists which security managers can copy directly, or can use as guidelines for developing their own checklists. The checklists are keyed to corrective-action guides found in the body of the report. In addition to the corrective-action guides, the report gives background information on the nature of security systems and discussions of various special problems of the licensed nuclear industry.
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Definitions. 9701.504 Section 9701.504 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false General. 9701.371 Section 9701.371 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Coverage. 9701.505 Section 9701.505 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Waivers. 9701.503 Section 9701.503 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Purpose. 9701.201 Section 9701.201 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Waivers. 9701.403 Section 9701.403 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Definitions. 9701.404 Section 9701.404 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Definitions. 9701.304 Section 9701.304 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Purpose. 9701.501 Section 9701.501 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Waivers. 9701.303 Section 9701.303 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Definitions. 9701.204 Section 9701.204 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Waivers. 9701.203 Section 9701.203 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Bands. 9701.212 Section 9701.212 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false General. 9701.331 Section 9701.331 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false General. 9701.341 Section 9701.341 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
5 CFR 9701.357 - Miscellaneous.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Miscellaneous. 9701.357 Section 9701.357 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Coverage. 9701.202 Section 9701.202 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Coverage. 9701.402 Section 9701.402 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Coverage. 9701.302 Section 9701.302 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
75 FR 30411 - Privacy Act of 1974; Report of a Modified or Altered System of Records
Federal Register 2010, 2011, 2012, 2013, 2014
2010-06-01
... Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse... Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance Portability... systems and data files necessary for compliance with Title XI, Part C of the Social Security Act because...
-
Federal Register 2010, 2011, 2012, 2013, 2014
2013-07-22
... titled, ``Department of Homeland Security/Federal Emergency Management Agency--006 Citizen Corps Database...) authorities; (5) purpose; (6) routine uses of information; (7) system manager and address; (8) notification... Database'' and retitle it ``DHS/FEMA--006 Citizen Corps Program System of Records.'' FEMA administers the...
-
NASA Technical Reports Server (NTRS)
Takamura, Eduardo; Mangum, Kevin
2016-01-01
The National Aeronautics and Space Administration (NASA) invests millions of dollars in spacecraft and ground system development, and in mission operations in the pursuit of scientific knowledge of the universe. In recent years, NASA sent a probe to Mars to study the Red Planet's upper atmosphere, obtained high resolution images of Pluto, and it is currently preparing to find new exoplanets, rendezvous with an asteroid, and bring a sample of the asteroid back to Earth for analysis. The success of these missions is enabled by mission assurance. In turn, mission assurance is backed by information assurance. The information systems supporting NASA missions must be reliable as well as secure. NASA - like every other U.S. Federal Government agency - is required to manage the security of its information systems according to federal mandates, the most prominent being the Federal Information Security Management Act (FISMA) of 2002 and the legislative updates that followed it. Like the management of enterprise information technology (IT), federal information security management takes a "one-size fits all" approach for protecting IT systems. While this approach works for most organizations, it does not effectively translate into security of highly specialized systems such as those supporting NASA missions. These systems include command and control (C&C) systems, spacecraft and instrument simulators, and other elements comprising the ground segment. They must be carefully configured, monitored and maintained, sometimes for several years past the missions' initially planned life expectancy, to ensure the ground system is protected and remains operational without any compromise of its confidentiality, integrity and availability. Enterprise policies, processes, procedures and products, if not effectively tailored to meet mission requirements, may not offer the needed security for protecting the information system, and they may even become disruptive to mission operations. Certain protective measures for the general enterprise may not be as efficient within the ground segment. This is what the authors have concluded through observations and analysis of patterns identified from the various security assessments performed on NASA missions such as MAVEN, OSIRIS-REx, New Horizons and TESS, to name a few. The security audits confirmed that the framework for managing information system security developed by the National Institute of Standards and Technology (NIST) for the federal government, and adopted by NASA, is indeed effective. However, the selection of the technical, operational and management security controls offered by the NIST model - and how they are implemented - does not always fit the nature and the environment where the ground system operates in even though there is no apparent impact on mission success. The authors observed that unfit controls, that is, controls that are not necessarily applicable or sufficiently effective in protecting the mission systems, are often selected to facilitate compliance with security requirements and organizational expectations even if the selected controls offer minimum or non-existent protection. This paper identifies some of the standard security controls that can in fact protect the ground system, and which of them offer little or no benefit at all. It offers multiple scenarios from real security audits in which the controls are not effective without, of course, disclosing any sensitive information about the missions assessed. In addition to selection and implementation of controls, the paper also discusses potential impact of recent legislation such as the Federal Information Security Modernization Act (FISMA) of 2014 - aimed at the enterprise - on the ground system, and offers other recommendations to Information System Owners (ISOs).
-
Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K
2000-05-01
The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.
-
Security of Personal Computer Systems: A Management Guide.
ERIC Educational Resources Information Center
Steinauer, Dennis D.
This report describes management and technical security considerations associated with the use of personal computer systems as well as other microprocessor-based systems designed for use in a general office environment. Its primary objective is to identify and discuss several areas of potential vulnerability and associated protective measures. The…
-
ERIC Educational Resources Information Center
Edwards, Gregory
2011-01-01
Security incidents resulting from human error or subversive actions have caused major financial losses, reduced business productivity or efficiency, and threatened national security. Some research suggests that information system security frameworks lack emphasis on human involvement as a significant cause for security problems in a rapidly…
-
ERIC Educational Resources Information Center
Benson, Allen C.
This handbook is designed to help readers identify and eliminate security risks, with sound recommendations and library-tested security software. Chapter 1 "Managing Your Facilities and Assessing Your Risks" addresses fundamental management responsibilities including planning for a secure system, organizing computer-related information, assessing…
-
Zarei, Javad; Sadoughi, Farahnaz
2016-01-01
In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.
-
5 CFR 9701.356 - Pay retention.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Pay retention. 9701.356 Section 9701.356 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
5 CFR 9701.312 - Maximum rates.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Maximum rates. 9701.312 Section 9701.312 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
5 CFR 9701.311 - Major features.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Major features. 9701.311 Section 9701.311 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES...
-
Code of Federal Regulations, 2010 CFR
2010-10-01
... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and... information contained in those systems. Each system's level of security shall protect the integrity...
-
NASA Automatic Information Security Handbook
NASA Technical Reports Server (NTRS)
1993-01-01
This handbook details the Automated Information Security (AIS) management process for NASA. Automated information system security is becoming an increasingly important issue for all NASA managers and with rapid advancements in computer and network technologies and the demanding nature of space exploration and space research have made NASA increasingly dependent on automated systems to store, process, and transmit vast amounts of mission support information, hence the need for AIS systems and management. This handbook provides the consistent policies, procedures, and guidance to assure that an aggressive and effective AIS programs is developed, implemented, and sustained at all NASA organizations and NASA support contractors.
-
Safe teleradiology: information assurance as project planning methodology.
Collmann, Jeff; Alaoui, Adil; Nguyen, Dan; Lindisch, David
2005-01-01
The Georgetown University Medical Center Department of Radiology used a tailored version of OCTAVE, a self-directed information security risk assessment method, to design a teleradiology system that complied with the regulation implementing the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The system addressed threats to and vulnerabilities in the privacy and security of protected health information. By using OCTAVE, Georgetown identified the teleradiology program's critical assets, described threats to the assurance of those assets, developed and ran vulnerability scans of a system pilot, evaluated the consequences of security breaches, and developed a risk management plan to mitigate threats to program assets, thereby implementing good information assurance practices. This case study illustrates the basic point that prospective, comprehensive planning to protect the privacy and security of an information system strategically benefits program management as well as system security.
-
10 CFR 1008.22 - Use and collection of social security numbers.
Code of Federal Regulations, 2011 CFR
2011-01-01
... 10 Energy 4 2011-01-01 2011-01-01 false Use and collection of social security numbers. 1008.22... (PRIVACY ACT) Maintenance and Establishment of Systems of Records § 1008.22 Use and collection of social security numbers. (a) The System Manager of each system of records which utilizes social security numbers...
-
Federal Register 2010, 2011, 2012, 2013, 2014
2013-04-30
... Assistance Files System of Records AGENCY: Privacy Office, Department of Homeland Security. ACTION: Notice of Privacy Act System of Records. SUMMARY: In accordance with the Privacy Act of 1974, the Department of Homeland Security proposes to update and reissue a current Department of Homeland Security system of...
-
10 CFR 1008.22 - Use and collection of social security numbers.
Code of Federal Regulations, 2013 CFR
2013-01-01
... 10 Energy 4 2013-01-01 2013-01-01 false Use and collection of social security numbers. 1008.22... (PRIVACY ACT) Maintenance and Establishment of Systems of Records § 1008.22 Use and collection of social security numbers. (a) The System Manager of each system of records which utilizes social security numbers...
-
10 CFR 1008.22 - Use and collection of social security numbers.
Code of Federal Regulations, 2012 CFR
2012-01-01
... 10 Energy 4 2012-01-01 2012-01-01 false Use and collection of social security numbers. 1008.22... (PRIVACY ACT) Maintenance and Establishment of Systems of Records § 1008.22 Use and collection of social security numbers. (a) The System Manager of each system of records which utilizes social security numbers...
-
10 CFR 1008.22 - Use and collection of social security numbers.
Code of Federal Regulations, 2014 CFR
2014-01-01
... 10 Energy 4 2014-01-01 2014-01-01 false Use and collection of social security numbers. 1008.22... (PRIVACY ACT) Maintenance and Establishment of Systems of Records § 1008.22 Use and collection of social security numbers. (a) The System Manager of each system of records which utilizes social security numbers...
-
10 CFR 1008.22 - Use and collection of social security numbers.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 10 Energy 4 2010-01-01 2010-01-01 false Use and collection of social security numbers. 1008.22... (PRIVACY ACT) Maintenance and Establishment of Systems of Records § 1008.22 Use and collection of social security numbers. (a) The System Manager of each system of records which utilizes social security numbers...
-
Security Techniques for Sensor Systems and the Internet of Things
ERIC Educational Resources Information Center
Midi, Daniele
2016-01-01
Sensor systems are becoming pervasive in many domains, and are recently being generalized by the Internet of Things (IoT). This wide deployment, however, presents significant security issues. We develop security techniques for sensor systems and IoT, addressing all security management phases. Prior to deployment, the nodes need to be hardened. We…
-
Analyzing Cases of Resilience Success and Failure - A Research Study
2012-12-01
controls [NIST 2012, NIST 2008] ISO 27002 and ISO 27004 Guidelines for initiating, implementing, maintaining, and improving information security...Commission ( ISO /IEC). Information technology—Security techniques—Code of practice for information security management ( ISO /IEC 27002 :2005). ISO /IEC, 2005...security management system and controls or groups of controls [ ISO /IEC 2005, ISO /IEC 2009] CIS Security Metrics Outcome and practice metrics measuring
-
NASA Technical Reports Server (NTRS)
Gunawan, Ryan A.
2016-01-01
With the rapid development of the Internet, the number of malicious threats to organizations is continually increasing. In June of 2015, the United States Office of Personnel Management (OPM) had a data breach resulting in the compromise of millions of government employee records. The National Aeronautics and Space Administration (NASA) is not exempt from these attacks. Cyber security is becoming a critical facet to the discussion of moving forward with projects. The Spaceport Command and Control System (SCCS) project at the Kennedy Space Center (KSC) aims to develop the launch control system for the next generation launch vehicle in the coming decades. There are many ways to increase the security of the network it uses, from vulnerability management to ensuring operating system images are compliant with securely configured baselines recommended by the United States Government.
-
1991-10-01
SUBJECT TERMS 15. NUMBER OF PAGES engineering management information systems method formalization 60 information engineering process modeling 16 PRICE...CODE information systems requirements definition methods knowlede acquisition methods systems engineering 17. SECURITY CLASSIFICATION ji. SECURITY... Management , Inc., Santa Monica, California. CORYNEN, G. C., 1975, A Mathematical Theory of Modeling and Simula- tion. Ph.D. Dissertation, Department
-
New secure communication-layer standard for medical image management (ISCL)
NASA Astrophysics Data System (ADS)
Kita, Kouichi; Nohara, Takashi; Hosoba, Minoru; Yachida, Masuyoshi; Yamaguchi, Masahiro; Ohyama, Nagaaki
1999-07-01
This paper introduces a summary of the standard draft of ISCL 1.00 which will be published by MEDIS-DC officially. ISCL is abbreviation of Integrated Secure Communication Layer Protocols for Secure Medical Image Management Systems. ISCL is a security layer which manages security function between presentation layer and TCP/IP layer. ISCL mechanism depends on basic function of a smart IC card and symmetric secret key mechanism. A symmetry key for each session is made by internal authentication function of a smart IC card with a random number. ISCL has three functions which assure authentication, confidently and integrity. Entity authentication process is done through 3 path 4 way method using functions of internal authentication and external authentication of a smart iC card. Confidentially algorithm and MAC algorithm for integrity are able to be selected. ISCL protocols are communicating through Message Block which consists of Message Header and Message Data. ISCL protocols are evaluating by applying to regional collaboration system for image diagnosis, and On-line Secure Electronic Storage system for medical images. These projects are supported by Medical Information System Development Center. These project shows ISCL is useful to keep security.
-
Process Improvement Should Link to Security: SEPG 2007 Security Track Recap
2007-09-01
the Systems Security Engineering Capability Maturity Model (SSE- CMM / ISO 21827) and its use in system software developments ...software development life cycle ( SDLC )? 6. In what ways should process improvement support security in the SDLC ? 1.2 10BPANEL RESOURCES For each... project management, and support practices through the use of the capability maturity models including the CMMI and the Systems Security
-
Brock, Gordon; Gurekas, Vydas; Gelinas, Anne-Fredrique; Rollin, Karina
2009-01-01
Little has been published on the management of psychiatric crises in rural areas, and little is known of the security needs or use of "secure rooms" in rural hospitals. We conducted a 3-year retrospective chart audit on the use of our secure room/security guard system at a rural hospital in a town of 3500, located 220 km from our psychiatric referral centre. Use of our secure room/security guard system occurred at the rate of 1.1 uses/1000 emergency department visits, with the most common indication being physician perception of risk of patient suicide or self-harm. Concern for staff safety was a factor in 10% of uses. Eighty percent of patients were treated locally, with most being released from the secure room after 2 days or less. Fourteen percent of patients required ultimate transfer to our psychiatric referral centre and 6% to a detoxification centre. The average annual cost of security was $16 259.61. A secure room can provide the opportunity for close observation of a potentially self-harming patient, additional security for staff and early warning if a patient flees the hospital. Most admissions were handled locally, obviating the need for transfer to distant psychiatric referral centres. Most patients who were admitted were already known as having a psychiatric illness and 80% of the patients required the use of the secure room/security guard system for less than a 2-night stay, suggesting that most rural mental health crises pass quickly. Most patients admitted to a rural hospital with a mental health crisis can be managed locally if an adequate secure room/security guard system is available.
-
76 FR 81359 - National Security Personnel System
Federal Register 2010, 2011, 2012, 2013, 2014
2011-12-28
... contains regulatory documents #0;having general applicability and legal effect, most of which are keyed #0... Security Personnel System AGENCY: Department of Defense; Office of Personnel Management. ACTION: Final rule... concerning the National Security Personnel System (NSPS). Section 1113 of the National Defense Authorization...
-
DOE Office of Scientific and Technical Information (OSTI.GOV)
Iveson, Steven W.
Global chemical security has been enhanced through the determined use and integration of both voluntary and legislated standards. Many popular standards contain components that specifically detail requirements for the security of materials, facilities and other vital assets. In this document we examine the roll of quality management standards and how they affect the security culture within the institutions that adopt these standards in order to conduct business within the international market place. Good manufacturing practices and good laboratory practices are two of a number of quality management systems that have been adopted as law in many nations. These standards aremore » designed to protect the quality of drugs, medicines, foods and analytical test results in order to provide the world-wide consumer with safe and affective products for consumption. These standards provide no established security protocols and yet manage to increase the security of chemicals, materials, facilities and the supply chain via the effective and complete control over the manufacturing, the global supply chains and testing processes. We discuss the means through which these systems enhance security and how nations can further improve these systems with additional regulations that deal specifically with security in the realm of these management systems. We conclude with a discussion of new technologies that may cause disruption within the industries covered by these standards and how these issues might be addressed in order to maintain or increase the level of security within the industries and nations that have adopted these standards.« less
-
ERIC Educational Resources Information Center
Mohammadi, Hadi
2014-01-01
Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to…
-
Zarei, Javad; Sadoughi, Farahnaz
2016-01-01
Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481
-
Research on information security system of waste terminal disposal process
NASA Astrophysics Data System (ADS)
Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei
2017-05-01
Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.
-
Architecture of security management unit for safe hosting of multiple agents
NASA Astrophysics Data System (ADS)
Gilmont, Tanguy; Legat, Jean-Didier; Quisquater, Jean-Jacques
1999-04-01
In such growing areas as remote applications in large public networks, electronic commerce, digital signature, intellectual property and copyright protection, and even operating system extensibility, the hardware security level offered by existing processors is insufficient. They lack protection mechanisms that prevent the user from tampering critical data owned by those applications. Some devices make exception, but have not enough processing power nor enough memory to stand up to such applications (e.g. smart cards). This paper proposes an architecture of secure processor, in which the classical memory management unit is extended into a new security management unit. It allows ciphered code execution and ciphered data processing. An internal permanent memory can store cipher keys and critical data for several client agents simultaneously. The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility. The result is a secure processor that has hardware support for extensible multitask operating systems, and can be used for both general applications and critical applications needing strong protection. The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance, and do not require it to be modified.
-
A mapping of information security in health Information Systems in Latin America and Brazil.
Pereira, Samáris Ramiro; Fernandes, João Carlos Lopes; Labrada, Luis; Bandiera-Paiva, Paulo
2013-01-01
In health, Information Systems are patient records, hospital administration or other, have advantages such as cost, availability and integration. However, for these benefits to be fully met, it is necessary to guarantee the security of information maintained and provided by the systems. The lack of security can lead to serious consequences such as lawsuits and induction to medical errors. The management of information security is complex and is used in various fields of knowledge. Often, it is left in the background for not being the ultimate goal of a computer system, causing huge financial losses to corporations. This paper by systematic review methodologies, presented a mapping in the literature, in order to identify the most relevant aspects that are addressed by security researchers of health information, as to the development of computerized systems. They conclude through the results, some important aspects, for which the managers of computerized health systems should remain alert.
-
NASA Technical Reports Server (NTRS)
1993-01-01
C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.
-
NASA Astrophysics Data System (ADS)
Kurnianto, Ari; Isnanto, Rizal; Widodo, Aris Puji
2018-02-01
Information security is a problem effected business process of an organization, so it needs special concern. Information security assessment which is good and has international standard is done using Information Security Management System (ISMS) ISO/IEC 27001:2013. In this research, the high level assessment has been done using ISO/IEC 27001:2013 to observe the strength of information secuity in Ministry of Internal Affairs. The research explains about the assessment of information security management which is built using PHP. The input data use primary and secondary data which passed observation. The process gets maturity using the assessment of ISO/IEC 27001:2013. GAP Analysis observes the condition now a days and then to get recommendation and road map. The result of this research gets all of the information security process which has not been already good enough in Ministry of Internal Affairs, gives recommendation and road map to improve part of all information system being running. It indicates that ISO/IEC 27001:2013 is good used to rate maturity of information security management. As the next analyzation, this research use Clause and Annex in ISO/IEC 27001:2013 which is suitable with condition of Data Center and Data Recovery Center, so it gets optimum result and solving problem of the weakness information security.
-
Advanced Distribution Management Systems | Grid Modernization | NREL
Advanced Distribution Management Systems Advanced Distribution Management Systems Electric utilities are investing in updated grid technologies such as advanced distribution management systems to management testbed for cyber security in power systems. The "advanced" elements of advanced
-
Secure electronic commerce communication system based on CA
NASA Astrophysics Data System (ADS)
Chen, Deyun; Zhang, Junfeng; Pei, Shujun
2001-07-01
In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The system can implement automatic allocation and united management of key through setting up the CA in the network.
-
ERIC Educational Resources Information Center
National Bureau of Standards (DOC), Washington, DC.
These guidelines provide a handbook for use by federal organizations in structuring physical security and risk management programs for their automatic data processing facilities. This publication discusses security analysis, natural disasters, supporting utilities, system reliability, procedural measures and controls, off-site facilities,…
-
Federal Register 2010, 2011, 2012, 2013, 2014
2010-03-10
... 20472. For privacy issues please contact: Mary Ellen Callahan (703-235- 0780), Chief Privacy Officer... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Federal Emergency Management Agency System of Records AGENCY: Privacy Office...
-
Access Control Is More than Security.
ERIC Educational Resources Information Center
Fickes, Michael
2002-01-01
Describes the University of New Mexico's photo identification LOBO card system, which performs both security and validation tasks. It is used in conjunction with several C-CURE 800 Integrated Security Management Systems supplied by Software House of Lexington, Massachusetts. (EV)
-
Security Systems Commissioning: An Old Trick for Your New Dog
ERIC Educational Resources Information Center
Black, James R.
2009-01-01
Sophisticated, software-based security systems can provide powerful tools to support campus security. By nature, such systems are flexible, with many capabilities that can help manage the process of physical protection. However, the full potential of these systems can be overlooked because of unfamiliarity with the products, weaknesses in security…
-
Research and realization of info-net security controlling system
NASA Astrophysics Data System (ADS)
Xu, Tao; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen
2017-03-01
The thesis introduces some relative concepts about Network Cybernetics, and we design and realize a new info-net security controlling system based on Network Cybernetics. The system can control the endpoints, safely save files, encrypt communication, supervise actions of users and show security conditions, in order to realize full-scale security management. At last, we simulate the functions of the system. The results show, the system can ensure the controllability of users and devices, and supervise them real-time. The system can maximize the security of the network and users.
-
Federal Register 2010, 2011, 2012, 2013, 2014
2012-07-23
... Information System (NEMIS)--Mitigation (MT) Electronic Grants Management System of Records,'' and retitle it... Information System (NEMIS)--Mitigation (MT) Electronic Grants Management System of Records (69 FR 75079... Management Information System (NEMIS)--Mitigation (MT) Electronic Grants Management System (NEMIS--MT eGrants...
-
Warrant Officer Orientation Course (WOOC) Evaluation
1981-10-01
Army Mainte- nance Management System, Security Awareness, Organizational Effectiveness, Introduction to Management , Enlisted Personnel Management...Orientation Introduction to Management Professional Ethics USA Officer Evaluation Reporting System (OES) Military Correspondence Military...Organizational Effectiveness, Introduction to Management , Enlisted Personnal Management System, and The Army Functional Files System and The Army
-
5 CFR 9701.410 - DHS responsibilities.
Code of Federal Regulations, 2012 CFR
2012-01-01
... RESOURCES MANAGEMENT SYSTEM Performance Management § 9701.410 DHS responsibilities. In carrying out its performance management system(s), DHS must— (a) Transfer ratings between subordinate organizations and to... 9701.410 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM...
-
5 CFR 9701.410 - DHS responsibilities.
Code of Federal Regulations, 2014 CFR
2014-01-01
... RESOURCES MANAGEMENT SYSTEM Performance Management § 9701.410 DHS responsibilities. In carrying out its performance management system(s), DHS must— (a) Transfer ratings between subordinate organizations and to... 9701.410 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM...
-
5 CFR 9701.410 - DHS responsibilities.
Code of Federal Regulations, 2011 CFR
2011-01-01
... RESOURCES MANAGEMENT SYSTEM Performance Management § 9701.410 DHS responsibilities. In carrying out its performance management system(s), DHS must— (a) Transfer ratings between subordinate organizations and to... 9701.410 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM...
-
A Hybrid Authentication and Authorization Process for Control System Networks
DOE Office of Scientific and Technical Information (OSTI.GOV)
Manz, David O.; Edgar, Thomas W.; Fink, Glenn A.
2010-08-25
Convergence of control system and IT networks require that security, privacy, and trust be addressed. Trust management continues to plague traditional IT managers and is even more complex when extended into control system networks, with potentially millions of entities, a mission that requires 100% availability. Yet these very networks necessitate a trusted secure environment where controllers and managers can be assured that the systems are secure and functioning properly. We propose a hybrid authentication management protocol that addresses the unique issues inherent within control system networks, while leveraging the considerable research and momentum in existing IT authentication schemes. Our hybridmore » authentication protocol for control systems provides end device to end device authentication within a remote station and between remote stations and control centers. Additionally, the hybrid protocol is failsafe and will not interrupt communication or control of vital systems in a network partition or device failure. Finally, the hybrid protocol is resilient to transitory link loss and can operate in an island mode until connectivity is reestablished.« less
-
Building Assured Systems Framework
2010-09-01
of standards such as ISO 27001 as frameworks [NASCIO 2009]. In this context, a framework is a standard intended to assist in auditing and compliance...Information Security ISO /IEC 27004 Information technology – Security techniques - Information security management measurement ISO /IEC 15939, System and
-
41 CFR 105-53.133 - Information Security Oversight Office.
Code of Federal Regulations, 2010 CFR
2010-07-01
... 41 Public Contracts and Property Management 3 2010-07-01 2010-07-01 false Information Security Oversight Office. 105-53.133 Section 105-53.133 Public Contracts and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES ADMINISTRATION 53-STATEMENT OF ORGANIZATION AND...
-
41 CFR 105-53.133 - Information Security Oversight Office.
Code of Federal Regulations, 2011 CFR
2011-01-01
... 41 Public Contracts and Property Management 3 2011-01-01 2011-01-01 false Information Security Oversight Office. 105-53.133 Section 105-53.133 Public Contracts and Property Management Federal Property Management Regulations System (Continued) GENERAL SERVICES ADMINISTRATION 53-STATEMENT OF ORGANIZATION AND...
-
2007-01-15
it can detect specifically proscribed content changes to critical files (e.g., illegal shells inserted into /etc/ passwd ). Fourth, it can detect the...UNIX password management involves a pair of inter-related files (/etc/ passwd and /etc/shadow). The corresponding access patterns seen at the storage...content integrity verification is utilized. As a concrete example, consider a UNIX system password file (/etc/ passwd ), which consists of a set of well
-
Focus on Resiliency: A Process-Oriented Approach to Security
2005-11-01
by ANSI Std Z39-18 © 2005 Carnegie Mellon University CSI v1.0 2 Agenda About the SEI Characterizing the problem Security, resiliency, and risk A...2005 Carnegie Mellon University CSI v1.0 5 SEI Technical Programs Product Line Systems Dynamic Systems Software Engineering Process Management...University CSI v1.0 7 What is the problem? Is your organization’s security capability sufficient to identify and manage risks that result from failed
-
System security in the space flight operations center
NASA Technical Reports Server (NTRS)
Wagner, David A.
1988-01-01
The Space Flight Operations Center is a networked system of workstation-class computers that will provide ground support for NASA's next generation of deep-space missions. The author recounts the development of the SFOC system security policy and discusses the various management and technology issues involved. Particular attention is given to risk assessment, security plan development, security implications of design requirements, automatic safeguards, and procedural safeguards.
-
33 CFR 96.220 - What makes up a safety management system?
Code of Federal Regulations, 2011 CFR
2011-07-01
... SECURITY VESSEL OPERATING REGULATIONS RULES FOR THE SAFE OPERATION OF VESSELS AND SAFETY MANAGEMENT SYSTEMS Company and Vessel Safety Management Systems § 96.220 What makes up a safety management system? (a) The safety management system must document the responsible person's— (1) Safety and pollution prevention...
-
77 FR 62059 - Privacy Act of 1974, as Amended; Revisions to Existing Systems of Records
Federal Register 2010, 2011, 2012, 2013, 2014
2012-10-11
... and forms, microfilm or microfiche, and in computer processable storage media such as personnel system... 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986... apply: The Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer...
-
The Effectiveness of an Electronic Security Management System in a Privately Owned Apartment Complex
ERIC Educational Resources Information Center
Greenberg, David F.; Roush, Jeffrey B.
2009-01-01
Poisson and negative binomial regression methods are used to analyze the monthly time series data to determine the effects of introducing an integrated security management system including closed-circuit television (CCTV), door alarm monitoring, proximity card access, and emergency call boxes to a large privately-owned complex of apartment…
-
DOE Office of Scientific and Technical Information (OSTI.GOV)
Not Available
This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System.more » Selected papers were processed separately for inclusion in the Energy Science and Technology Database.« less
-
A system for distributed intrusion detection
DOE Office of Scientific and Technical Information (OSTI.GOV)
Snapp, S.R.; Brentano, J.; Dias, G.V.
1991-01-01
The study of providing security in computer networks is a rapidly growing area of interest because the network is the medium over which most attacks or intrusions on computer systems are launched. One approach to solving this problem is the intrusion-detection concept, whose basic premise is that not only abandoning the existing and huge infrastructure of possibly-insecure computer and network systems is impossible, but also replacing them by totally-secure systems may not be feasible or cost effective. Previous work on intrusion-detection systems were performed on stand-alone hosts and on a broadcast local area network (LAN) environment. The focus of ourmore » present research is to extend our network intrusion-detection concept from the LAN environment to arbitarily wider areas with the network topology being arbitrary as well. The generalized distributed environment is heterogeneous, i.e., the network nodes can be hosts or servers from different vendors, or some of them could be LAN managers, like our previous work, a network security monitor (NSM), as well. The proposed architecture for this distributed intrusion-detection system consists of the following components: a host manager in each host; a LAN manager for monitoring each LAN in the system; and a central manager which is placed at a single secure location and which receives reports from various host and LAN managers to process these reports, correlate them, and detect intrusions. 11 refs., 2 figs.« less
-
Code of Federal Regulations, 2013 CFR
2013-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF... MANAGEMENT SYSTEM Performance Management § 9701.404 Definitions. In this subpart— Appraisal means the review... under a performance management system for reviewing employee performance. Competencies means the...
-
Code of Federal Regulations, 2014 CFR
2014-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF... MANAGEMENT SYSTEM Performance Management § 9701.404 Definitions. In this subpart— Appraisal means the review... under a performance management system for reviewing employee performance. Competencies means the...
-
Code of Federal Regulations, 2012 CFR
2012-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF... MANAGEMENT SYSTEM Performance Management § 9701.404 Definitions. In this subpart— Appraisal means the review... under a performance management system for reviewing employee performance. Competencies means the...
-
Code of Federal Regulations, 2011 CFR
2011-01-01
... Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM...-for-performance evaluation system means the performance management system established under this...
-
ERIC Educational Resources Information Center
Brooks, Nita G.; Greer, Timothy H.; Morris, Steven A.
2018-01-01
The authors' focus was the assessment of skill requirements for information systems security positions to understand expectations for security jobs and to highlight issues relevant to curriculum management. The analysis of 798 job advertisements involved the exploration of domain-related and soft skills as well as degree and certification…
-
77 FR 13574 - Privacy Act of 1974; System of Records
Federal Register 2010, 2011, 2012, 2013, 2014
2012-03-07
... electronic storage media. Retrievability: Individual's name and last four of Social Security Number (SSN... commuting to and from work. Categories of records in the system: Name, last four of Social Security Number... contain the full name of the individual and last four of Social Security Number (SSN). The system manager...
-
2009-02-01
management, available at <http://www.iso.org/ iso /en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=39612&ICS1=35&ICS2=40 &ICS3=>. ISO /IEC 27001 . Information...Management of the Systems Engineering Process. [ ISO /IEC 27001 ] ISO /IEC 27001 :2005. Information technology -- Security techniques -- Information security...software life cycles [ ISO /IEC 15026]. Software assurance is a key element of national security and homeland security. It is critical because dramatic
-
28 CFR 700.25 - Use and collection of social security numbers.
Code of Federal Regulations, 2011 CFR
2011-07-01
... 28 Judicial Administration 2 2011-07-01 2011-07-01 false Use and collection of social security... to Individual Records Under the Privacy Act of 1974 § 700.25 Use and collection of social security numbers. (a) Each system manager of a system of records that utilizes Social Security numbers as a method...
-
28 CFR 700.25 - Use and collection of social security numbers.
Code of Federal Regulations, 2012 CFR
2012-07-01
... 28 Judicial Administration 2 2012-07-01 2012-07-01 false Use and collection of social security... to Individual Records Under the Privacy Act of 1974 § 700.25 Use and collection of social security numbers. (a) Each system manager of a system of records that utilizes Social Security numbers as a method...
-
28 CFR 700.25 - Use and collection of social security numbers.
Code of Federal Regulations, 2014 CFR
2014-07-01
... 28 Judicial Administration 2 2014-07-01 2014-07-01 false Use and collection of social security... to Individual Records Under the Privacy Act of 1974 § 700.25 Use and collection of social security numbers. (a) Each system manager of a system of records that utilizes Social Security numbers as a method...
-
28 CFR 700.25 - Use and collection of social security numbers.
Code of Federal Regulations, 2013 CFR
2013-07-01
... 28 Judicial Administration 2 2013-07-01 2013-07-01 false Use and collection of social security... to Individual Records Under the Privacy Act of 1974 § 700.25 Use and collection of social security numbers. (a) Each system manager of a system of records that utilizes Social Security numbers as a method...
-
28 CFR 700.25 - Use and collection of social security numbers.
Code of Federal Regulations, 2010 CFR
2010-07-01
... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Use and collection of social security... to Individual Records Under the Privacy Act of 1974 § 700.25 Use and collection of social security numbers. (a) Each system manager of a system of records that utilizes Social Security numbers as a method...
-
The Shaping of Managers' Security Objectives through Information Security Awareness Training
ERIC Educational Resources Information Center
Harris, Mark A.
2010-01-01
Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…
-
NASA Astrophysics Data System (ADS)
Francisco, Glen; Brown, Todd
2012-06-01
Integrated security systems are essential to pre-empting criminal assaults. Nearly 500,000 sites have been identified (source: US DHS) as critical infrastructure sites that would suffer severe damage if a security breach should occur. One major breach in any of 123 U.S. facilities, identified as "most critical", threatens more than 1,000,000 people. The vulnerabilities of critical infrastructure are expected to continue and even heighten over the coming years.
-
End-to-end security for personal telehealth.
Koster, Paul; Asim, Muhammad; Petkovic, Milan
2011-01-01
Personal telehealth is in rapid development with innovative emerging applications like disease management. With personal telehealth people participate in their own care supported by an open distributed system with health services. This poses new end-to-end security and privacy challenges. In this paper we introduce new end-to-end security requirements and present a design for consent management in the context of the Continua Health Alliance architecture. Thus, we empower patients to control how their health information is shared and used in a personal telehealth eco-system.
-
NASA Technical Reports Server (NTRS)
Tompkins, F. G.
1984-01-01
Guidance is presented to NASA Computer Security Officials for determining the acceptability or unacceptability of ADP security risks based on the technical, operational and economic feasibility of potential safeguards. The risk management process is reviewed as a specialized application of the systems approach to problem solving and information systems analysis and design. Reporting the results of the risk reduction analysis to management is considered. Report formats for the risk reduction study are provided.
-
41 CFR 101-26.507-3 - Purchase of security equipment from Federal Supply Schedules.
Code of Federal Regulations, 2010 CFR
2010-07-01
... the unforeseen demands for security equipment, Federal Supply Schedule contracts have been established... equipment from Federal Supply Schedules. 101-26.507-3 Section 101-26.507-3 Public Contracts and Property Management Federal Property Management Regulations System FEDERAL PROPERTY MANAGEMENT REGULATIONS SUPPLY AND...
-
41 CFR 102-192.70 - What security policies and plans must we have?
Code of Federal Regulations, 2014 CFR
2014-01-01
... and plans must we have? 102-192.70 Section 102-192.70 Public Contracts and Property Management Federal Property Management Regulations System (Continued) FEDERAL MANAGEMENT REGULATION ADMINISTRATIVE PROGRAMS... plans must we have? (a) You must have a written mail security policy that applies throughout the agency...
-
41 CFR 102-192.70 - What security policies and plans must we have?
Code of Federal Regulations, 2010 CFR
2010-07-01
... and plans must we have? 102-192.70 Section 102-192.70 Public Contracts and Property Management Federal Property Management Regulations System (Continued) FEDERAL MANAGEMENT REGULATION ADMINISTRATIVE PROGRAMS... plans must we have? (a) You must have a written mail security policy that applies throughout the agency...
-
41 CFR 102-192.70 - What security policies and plans must we have?
Code of Federal Regulations, 2011 CFR
2011-01-01
... and plans must we have? 102-192.70 Section 102-192.70 Public Contracts and Property Management Federal Property Management Regulations System (Continued) FEDERAL MANAGEMENT REGULATION ADMINISTRATIVE PROGRAMS... plans must we have? (a) You must have a written mail security policy that applies throughout the agency...
-
41 CFR 102-192.70 - What security policies and plans must we have?
Code of Federal Regulations, 2012 CFR
2012-01-01
... and plans must we have? 102-192.70 Section 102-192.70 Public Contracts and Property Management Federal Property Management Regulations System (Continued) FEDERAL MANAGEMENT REGULATION ADMINISTRATIVE PROGRAMS... plans must we have? (a) You must have a written mail security policy that applies throughout the agency...
-
NASA Technical Reports Server (NTRS)
Marks, V. J.; Benigue, C. E.
1983-01-01
Four programs deal with intruders and resource managment. Package available from COSMIC provides DEC VAX-11/780 with certain "deterent" security features. Although packages is not comprehensive security system, of interest for any VAX installation where security is concern.
-
Park, KeeHyun; Lim, SeungHyeon
2015-01-01
In this paper, a multilayer secure biomedical data management system for managing a very large number of diverse personal health devices is proposed. The system has the following characteristics: the system supports international standard communication protocols to achieve interoperability. The system is integrated in the sense that both a PHD communication system and a remote PHD management system work together as a single system. Finally, the system proposed in this paper provides user/message authentication processes to securely transmit biomedical data measured by PHDs based on the concept of a biomedical signature. Some experiments, including the stress test, have been conducted to show that the system proposed/constructed in this study performs very well even when a very large number of PHDs are used. For a stress test, up to 1,200 threads are made to represent the same number of PHD agents. The loss ratio of the ISO/IEEE 11073 messages in the normal system is as high as 14% when 1,200 PHD agents are connected. On the other hand, no message loss occurs in the multilayered system proposed in this study, which demonstrates the superiority of the multilayered system to the normal system with regard to heavy traffic.
-
Lim, SeungHyeon
2015-01-01
In this paper, a multilayer secure biomedical data management system for managing a very large number of diverse personal health devices is proposed. The system has the following characteristics: the system supports international standard communication protocols to achieve interoperability. The system is integrated in the sense that both a PHD communication system and a remote PHD management system work together as a single system. Finally, the system proposed in this paper provides user/message authentication processes to securely transmit biomedical data measured by PHDs based on the concept of a biomedical signature. Some experiments, including the stress test, have been conducted to show that the system proposed/constructed in this study performs very well even when a very large number of PHDs are used. For a stress test, up to 1,200 threads are made to represent the same number of PHD agents. The loss ratio of the ISO/IEEE 11073 messages in the normal system is as high as 14% when 1,200 PHD agents are connected. On the other hand, no message loss occurs in the multilayered system proposed in this study, which demonstrates the superiority of the multilayered system to the normal system with regard to heavy traffic. PMID:26247034
-
Proposal for a Security Management in Cloud Computing for Health Care
Dzombeta, Srdan; Brandis, Knud
2014-01-01
Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources. PMID:24701137
-
Proposal for a security management in cloud computing for health care.
Haufe, Knut; Dzombeta, Srdan; Brandis, Knud
2014-01-01
Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.
-
Federal Register 2010, 2011, 2012, 2013, 2014
2012-02-24
...The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), OMB control number 1652-0040, abstracted below that we will submit to the Office of Management and Budget (OMB) for renewal in compliance with the Paperwork Reduction Act. The ICR describes the nature of the information collection and its expected burden. This ICR involves five broad categories of affected populations: airports, passenger aircraft operators, foreign air carriers, indirect air carriers operating under a security program, and all-cargo carriers. The collections of information that make up this ICR are security programs, security threat assessments (STA), known shipper data via the Known Shipper Management System (KSMS), Air Cargo Data Management System (ACDMS), Cargo Reporting Tool for cargo screening reporting, and evidence of compliance recordkeeping. TSA seeks continued OMB approval in order to secure passenger aircraft carrying cargo as authorized in the Aviation and Transportation Security Act.
-
Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun
2018-01-01
To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.
-
Design, implementation and migration of security systems as an extreme project.
DOE Office of Scientific and Technical Information (OSTI.GOV)
Scharmer, Carol; Trujillo, David
2010-08-01
Decision Trees, algorithms, software code, risk management, reports, plans, drawings, change control, presentations, and analysis - all useful tools and efforts but time consuming, resource intensive, and potentially costly for projects that have absolute schedule and budget constraints. What are necessary and prudent efforts when a customer calls with a major security problem that needs to be fixed with a proven, off-the-approval-list, multi-layered integrated system with high visibility and limited funding and expires at the end of the Fiscal Year? Whether driven by budget cycles, safety, or by management decree, many such projects begin with generic scopes and funding allocatedmore » based on a rapid management 'guestimate.' Then a Project Manager (PM) is assigned a project with a predefined and potentially limited scope, compressed schedule, and potentially insufficient funding. The PM is tasked to rapidly and cost effectively coordinate a requirements-based design, implementation, test, and turnover of a fully operational system to the customer, all while the customer is operating and maintaining an existing security system. Many project management manuals call this an impossible project that should not be attempted. However, security is serious business and the reality is that rapid deployment of proven systems via an 'Extreme Project' is sometimes necessary. Extreme Projects can be wildly successful but require a dedicated team of security professionals lead by an experienced project manager using a highly-tailored and agile project management process with management support at all levels, all combined with significant interface with the customer. This paper does not advocate such projects or condone eliminating the valuable analysis and project management techniques. Indeed, having worked on a well-planned project provides the basis for experienced team members to complete Extreme Projects. This paper does, however, provide insight into what it takes for projects to be successfully implemented and accepted when completed under extreme conditions.« less
-
Design implementation and migration of security systems as an extreme project.
DOE Office of Scientific and Technical Information (OSTI.GOV)
Scharmer, Carol
2010-10-01
Decision Trees, algorithms, software code, risk management, reports, plans, drawings, change control, presentations, and analysis - all useful tools and efforts but time consuming, resource intensive, and potentially costly for projects that have absolute schedule and budget constraints. What are necessary and prudent efforts when a customer calls with a major security problem that needs to be fixed with a proven, off-the-approval-list, multi-layered integrated system with high visibility and limited funding and expires at the end of the Fiscal Year? Whether driven by budget cycles, safety, or by management decree, many such projects begin with generic scopes and funding allocatedmore » based on a rapid management 'guestimate.' Then a Project Manager (PM) is assigned a project with a predefined and potentially limited scope, compressed schedule, and potentially insufficient funding. The PM is tasked to rapidly and cost effectively coordinate a requirements-based design, implementation, test, and turnover of a fully operational system to the customer, all while the customer is operating and maintaining an existing security system. Many project management manuals call this an impossible project that should not be attempted. However, security is serious business and the reality is that rapid deployment of proven systems via an 'Extreme Project' is sometimes necessary. Extreme Projects can be wildly successful but require a dedicated team of security professionals lead by an experienced project manager using a highly-tailored and agile project management process with management support at all levels, all combined with significant interface with the customer. This paper does not advocate such projects or condone eliminating the valuable analysis and project management techniques. Indeed, having worked on a well-planned project provides the basis for experienced team members to complete Extreme Projects. This paper does, however, provide insight into what it takes for projects to be successfully implemented and accepted when completed under extreme conditions.« less
-
33 CFR 104.215 - Vessel Security Officer (VSO).
Code of Federal Regulations, 2011 CFR
2011-07-01
... procedures, including scenario-based response training; (4) Crowd management and control techniques; (5) Operations of security equipment and systems; and (6) Testing and calibration of security equipment and...
-
46 CFR 16.500 - Management Information System requirements.
Code of Federal Regulations, 2010 CFR
2010-10-01
... 46 Shipping 1 2010-10-01 2010-10-01 false Management Information System requirements. 16.500 Section 16.500 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System § 16.500 Management Information System requirements. (a...
-
46 CFR 16.500 - Management Information System requirements.
Code of Federal Regulations, 2013 CFR
2013-10-01
... 46 Shipping 1 2013-10-01 2013-10-01 false Management Information System requirements. 16.500 Section 16.500 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System § 16.500 Management Information System requirements. (a...
-
46 CFR 16.500 - Management Information System requirements.
Code of Federal Regulations, 2011 CFR
2011-10-01
... 46 Shipping 1 2011-10-01 2011-10-01 false Management Information System requirements. 16.500 Section 16.500 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System § 16.500 Management Information System requirements. (a...
-
46 CFR 16.500 - Management Information System requirements.
Code of Federal Regulations, 2014 CFR
2014-10-01
... 46 Shipping 1 2014-10-01 2014-10-01 false Management Information System requirements. 16.500 Section 16.500 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System § 16.500 Management Information System requirements. (a...
-
46 CFR 16.500 - Management Information System requirements.
Code of Federal Regulations, 2012 CFR
2012-10-01
... 46 Shipping 1 2012-10-01 2012-10-01 false Management Information System requirements. 16.500 Section 16.500 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN CHEMICAL TESTING Management Information System § 16.500 Management Information System requirements. (a...
-
Network Security Is Manageable
ERIC Educational Resources Information Center
Roberts, Gary
2006-01-01
An effective systems librarian must understand security vulnerabilities and be proactive in preventing problems. Specifics of future attacks or security challenges cannot possibly be anticipated, but this paper suggests some simple measures that can be taken to make attacks less likely to occur: program the operating system to get automatic…
-
SPI/U3.2. Security Profile Inspector for UNIX Systems
DOE Office of Scientific and Technical Information (OSTI.GOV)
Bartoletti, A.
1994-08-01
SPI/U3.2 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Authentication Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less
-
Handbook of emergency management for state-level transportation agencies.
DOT National Transportation Integrated Search
2010-03-01
The Department of Homeland Security has mandated specific systems and techniques for the management of emergencies in the United States, including the Incident Command System, the National Incident Management System, Emergency Operations Plans, Emerg...
-
Concept of Operations for the Next Generation Air Transportation System. Version 3.2
2011-01-01
Airside. Security Identification Display Area/Airport ( SIDA ) operations area, terminal perimeter, terminal airspace (security) • Landside. Terminal...Definition RTSS Remote Terminal Security Screening SAA Special Activity Airspace SIDA Security Identification Display Area SM Separation Management
-
75 FR 1566 - National Industrial Security Program Directive No. 1
Federal Register 2010, 2011, 2012, 2013, 2014
2010-01-12
... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office 32 CFR Part...: Information Security Oversight Office, NARA. ACTION: Proposed rule; correction. SUMMARY: This document... Management System (FDMS) number to the proposed rule for Information Security Oversight Office (ISOO...
-
33 CFR 96.220 - What makes up a safety management system?
Code of Federal Regulations, 2010 CFR
2010-07-01
... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false What makes up a safety management... SECURITY VESSEL OPERATING REGULATIONS RULES FOR THE SAFE OPERATION OF VESSELS AND SAFETY MANAGEMENT SYSTEMS Company and Vessel Safety Management Systems § 96.220 What makes up a safety management system? (a) The...
-
Flexible session management in a distributed environment
NASA Astrophysics Data System (ADS)
Miller, Zach; Bradley, Dan; Tannenbaum, Todd; Sfiligoi, Igor
2010-04-01
Many secure communication libraries used by distributed systems, such as SSL, TLS, and Kerberos, fail to make a clear distinction between the authentication, session, and communication layers. In this paper we introduce CEDAR, the secure communication library used by the Condor High Throughput Computing software, and present the advantages to a distributed computing system resulting from CEDAR's separation of these layers. Regardless of the authentication method used, CEDAR establishes a secure session key, which has the flexibility to be used for multiple capabilities. We demonstrate how a layered approach to security sessions can avoid round-trips and latency inherent in network authentication. The creation of a distinct session management layer allows for optimizations to improve scalability by way of delegating sessions to other components in the system. This session delegation creates a chain of trust that reduces the overhead of establishing secure connections and enables centralized enforcement of system-wide security policies. Additionally, secure channels based upon UDP datagrams are often overlooked by existing libraries; we show how CEDAR's structure accommodates this as well. As an example of the utility of this work, we show how the use of delegated security sessions and other techniques inherent in CEDAR's architecture enables US CMS to meet their scalability requirements in deploying Condor over large-scale, wide-area grid systems.
-
Sandia National Laboratories: National Security Missions: International
Programs Environmental Responsibility Environmental Management System Pollution Prevention History 60 ; Security Weapons Science & Technology Defense Systems & Assessments About Defense Systems & ; Development Technology Deployment Centers Working With Sandia Working With Sandia Prospective Suppliers What
-
5 CFR 9701.409 - Rating and rewarding performance.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Rating and rewarding performance. 9701.409 Section 9701.409 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES... SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Performance Management § 9701.409 Rating and rewarding...
-
Jahanbakhsh, Maryam; Karimi, Saeed; Hassanzadeh, Akbar; Beigi, Maliheh
2017-01-01
Electronic medical record system (EMRS) is a valuable system for safe access to the patient's data and increases health care quality. Manpower is one of the requirements for EMRS, among which manager is the most important person in any hospital. Taking into account manager's positive attitude and good commitments, EMRS will be implemented successfully. As such, we decided to assess manager's attitude and commitment toward EMRS in Isfahan hospitals in the year of 2014. This article aimed to determine the hospital managers' attitude and commitment toward the implementation of EMRS. The present article is an applied analytic study. Research society consisted of the managers of all the hospitals in Isfahan that include hospitals affiliated to Isfahan University of Medical Sciences, private, and social security hospitals. This study was done in 2014. Data collection tools included a questionnaire for which reliability and validity were determined. Data were analyzed by means of SPSS 20. Average score for the managers' attitude toward EMRS in the city of Isfahan was 77.5 out of 100 and their average score for commitment was 74.7. Manager's attitude in social security hospitals was more positive than the private and governmental ones (83.3%). In addition, the amount of commitment by the managers in social security hospitals was higher than the same in private and governmental hospitals (86.6%). At present, managers' attitude and commitment in Isfahan hospitals toward EMRS are very high and social security hospitals show more readiness in this respect.
-
The research of network database security technology based on web service
NASA Astrophysics Data System (ADS)
Meng, Fanxing; Wen, Xiumei; Gao, Liting; Pang, Hui; Wang, Qinglin
2013-03-01
Database technology is one of the most widely applied computer technologies, its security is becoming more and more important. This paper introduced the database security, network database security level, studies the security technology of the network database, analyzes emphatically sub-key encryption algorithm, applies this algorithm into the campus-one-card system successfully. The realization process of the encryption algorithm is discussed, this method is widely used as reference in many fields, particularly in management information system security and e-commerce.
-
How to implement security controls for an information security program at CBRN facilities
DOE Office of Scientific and Technical Information (OSTI.GOV)
Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.
This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in anmore » easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.« less
-
Code of Federal Regulations, 2010 CFR
2010-07-01
... Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY VESSEL OPERATING REGULATIONS RULES FOR THE SAFE OPERATION OF VESSELS AND SAFETY MANAGEMENT SYSTEMS How Will Safety Management Systems... international certification for the company's and vessel's safety management system. ...
-
Integrated Work Management: Overview, Course 31881
DOE Office of Scientific and Technical Information (OSTI.GOV)
Simpson, Lewis Edward
Integrated work management (IWM) is the process used for formally implementing the five-step process associated with integrated safety management (ISM) and integrated safeguards and security management (ISSM) at Los Alamos National Laboratory (LANL). IWM also directly supports the LANL Environmental Management System (EMS). IWM helps all workers and managers perform work safely and securely and in a manner that protects people, the environment, property, and the security of the nation. The IWM process applies to all work activities at LANL, from working in the office to designing experiments to assembling and detonating explosives. The primary LANL document that establishes andmore » describes IWM requirements is Procedure (P) 300, Integrated Work Management.« less
-
33 CFR 96.240 - What functional requirements must a safety management system meet?
Code of Federal Regulations, 2010 CFR
2010-07-01
... a safety management system meet? 96.240 Section 96.240 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY VESSEL OPERATING REGULATIONS RULES FOR THE SAFE OPERATION OF VESSELS AND SAFETY MANAGEMENT SYSTEMS Company and Vessel Safety Management Systems § 96.240 What functional...
-
33 CFR 96.230 - What objectives must a safety management system meet?
Code of Federal Regulations, 2010 CFR
2010-07-01
... management system meet? 96.230 Section 96.230 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY VESSEL OPERATING REGULATIONS RULES FOR THE SAFE OPERATION OF VESSELS AND SAFETY MANAGEMENT SYSTEMS Company and Vessel Safety Management Systems § 96.230 What objectives must a safety...
-
78 FR 56737 - Privacy Act of 1974; System of Records
Federal Register 2010, 2011, 2012, 2013, 2014
2013-09-13
... system as the ``Organized Crime Drug Enforcement Task Forces Management Information System'' (OCDETF MIS... Task Forces Management Information System (OCDETF MIS). SECURITY CLASSIFICATION: Unclassified. SYSTEM... Office of Management and Budget (OMB) Circular No. A-130, notice is hereby given that the Department of...
-
77 FR 14525 - Statement of Organization, Functions, and Delegations of Authority
Federal Register 2010, 2011, 2012, 2013, 2014
2012-03-12
... maintains the CDC Computer Security Incident Response Team; (4) performs cyber security incident reporting... systems planning and support; internal security and emergency preparedness; and management analysis and... security; education, training, and workforce development in information and IT disciplines; development and...
-
The hack attack - Increasing computer system awareness of vulnerability threats
NASA Technical Reports Server (NTRS)
Quann, John; Belford, Peter
1987-01-01
The paper discusses the issue of electronic vulnerability of computer based systems supporting NASA Goddard Space Flight Center (GSFC) by unauthorized users. To test the security of the system and increase security awareness, NYMA, Inc. employed computer 'hackers' to attempt to infiltrate the system(s) under controlled conditions. Penetration procedures, methods, and descriptions are detailed in the paper. The procedure increased the security consciousness of GSFC management to the electronic vulnerability of the system(s).
-
Cost-Benefit Analysis of Confidentiality Policies for Advanced Knowledge Management Systems
DOE Office of Scientific and Technical Information (OSTI.GOV)
May, D
Knowledge Discovery (KD) processes can create new information within a Knowledge Management (KM) system. In many domains, including government, this new information must be secured against unauthorized disclosure. Applying an appropriate confidentiality policy achieves this. However, it is not evident which confidentiality policy to apply, especially when the goals of sharing and disseminating knowledge have to be balanced with the requirements to secure knowledge. This work proposes to solve this problem by developing a cost-benefit analysis technique for examining the tradeoffs between securing and sharing discovered knowledge.
-
DOE Office of Scientific and Technical Information (OSTI.GOV)
Abercrombie, R. K.; Peters, Scott
The Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) Cyber Security for Energy Delivery Systems (CSEDS) industry led program (DE-FOA-0000359) entitled "Innovation for Increasing Cyber Security for Energy Delivery Systems (12CSEDS)," awarded a contract to Sypris Electronics LLC to develop a Cryptographic Key Management System for the smart grid (Scalable Key Management Solutions for Critical Infrastructure Protection). Oak Ridge National Laboratory (ORNL) and Sypris Electronics, LLC as a result of that award entered into a CRADA (NFE-11-03562) between ORNL and Sypris Electronics, LLC. ORNL provided its Cyber Security Econometrics System (CSES) as a tool to be modifiedmore » and used as a metric to address risks and vulnerabilities in the management of cryptographic keys within the Advanced Metering Infrastructure (AMI) domain of the electric sector. ORNL concentrated our analysis on the AMI domain of which the National Electric Sector Cyber security Organization Resource (NESCOR) Working Group 1 (WG1) has documented 29 failure scenarios. The computational infrastructure of this metric involves system stakeholders, security requirements, system components and security threats. To compute this metric, we estimated the stakes that each stakeholder associates with each security requirement, as well as stochastic matrices that represent the probability of a threat to cause a component failure and the probability of a component failure to cause a security requirement violation. We applied this model to estimate the security of the AMI, by leveraging the recently established National Institute of Standards and Technology Interagency Report (NISTIR) 7628 guidelines for smart grid security and the International Electrotechnical Commission (IEC) 63351, Part 9 to identify the life cycle for cryptographic key management, resulting in a vector that assigned to each stakeholder an estimate of their average loss in terms of dollars per day of system operation. To further address probabilities of threats, information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. The strategy for the game was developed by analyzing five electric sector representative failure scenarios contained in the AMI functional domain from NESCOR WG1. From these five selected scenarios, we characterized them into three specific threat categories affecting confidentiality, integrity and availability (CIA). The analysis using our ABGT simulation demonstrated how to model the AMI functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the AMI network with respect to CIA.« less
-
Cryptographic Key Management and Critical Risk Assessment
DOE Office of Scientific and Technical Information (OSTI.GOV)
Abercrombie, Robert K
The Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) CyberSecurity for Energy Delivery Systems (CSEDS) industry led program (DE-FOA-0000359) entitled "Innovation for Increasing CyberSecurity for Energy Delivery Systems (12CSEDS)," awarded a contract to Sypris Electronics LLC to develop a Cryptographic Key Management System for the smart grid (Scalable Key Management Solutions for Critical Infrastructure Protection). Oak Ridge National Laboratory (ORNL) and Sypris Electronics, LLC as a result of that award entered into a CRADA (NFE-11-03562) between ORNL and Sypris Electronics, LLC. ORNL provided its Cyber Security Econometrics System (CSES) as a tool to be modified and usedmore » as a metric to address risks and vulnerabilities in the management of cryptographic keys within the Advanced Metering Infrastructure (AMI) domain of the electric sector. ORNL concentrated our analysis on the AMI domain of which the National Electric Sector Cyber security Organization Resource (NESCOR) Working Group 1 (WG1) has documented 29 failure scenarios. The computational infrastructure of this metric involves system stakeholders, security requirements, system components and security threats. To compute this metric, we estimated the stakes that each stakeholder associates with each security requirement, as well as stochastic matrices that represent the probability of a threat to cause a component failure and the probability of a component failure to cause a security requirement violation. We applied this model to estimate the security of the AMI, by leveraging the recently established National Institute of Standards and Technology Interagency Report (NISTIR) 7628 guidelines for smart grid security and the International Electrotechnical Commission (IEC) 63351, Part 9 to identify the life cycle for cryptographic key management, resulting in a vector that assigned to each stakeholder an estimate of their average loss in terms of dollars per day of system operation. To further address probabilities of threats, information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. The strategy for the game was developed by analyzing five electric sector representative failure scenarios contained in the AMI functional domain from NESCOR WG1. From these five selected scenarios, we characterized them into three specific threat categories affecting confidentiality, integrity and availability (CIA). The analysis using our ABGT simulation demonstrated how to model the AMI functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the AMI network with respect to CIA.« less
-
Cyber Hygiene for Control System Security
Oliver, David
2015-10-08
There are many resources from government and private industry available to assist organizations in reducing their attack surface and enhancing their security posture. Furthermore, standards are being written and improved upon to make the practice of securing a network more manageable. And while the specifics of network security are complex, most system vulnerabilities can be mitigated using fairly simple cyber hygiene techniques like those offered above.
-
NASA Astrophysics Data System (ADS)
Khe Sun, Pak; Vorona-Slivinskaya, Lubov; Voskresenskay, Elena
2017-10-01
The article highlights the necessity of a complex approach to assess economic security of municipalities, which would consider municipal management specifics. The approach allows comparing the economic security level of municipalities, but it does not describe parameter differences between compared municipalities. Therefore, there is a second method suggested: parameter rank order method. Applying these methods allowed to figure out the leaders and outsiders of the economic security among municipalities and rank all economic security parameters according to the significance level. Complex assessment of the economic security of municipalities, based on the combination of the two approaches, allowed to assess the security level more accurate. In order to assure economic security and equalize its threshold values, one should pay special attention to transportation system development in municipalities. Strategic aims of projects in the area of transportation infrastructure development in municipalities include the following issues: contribution into creating and elaborating transportation logistics and manufacture transport complexes, development of transportation infrastructure with account of internal and external functions of the region, public transport development, improvement of transport security and reducing its negative influence on the environment.
-
48 CFR 3045.505-14 - Reports of Government property.
Code of Federal Regulations, 2011 CFR
2011-10-01
... 48 Federal Acquisition Regulations System 7 2011-10-01 2011-10-01 false Reports of Government... SECURITY, HOMELAND SECURITY ACQUISITION REGULATION (HSAR) CONTRACT MANAGEMENT GOVERNMENT PROPERTY Management of Government Property in the Possession of Contractors 3045.505-14 Reports of Government property...
-
48 CFR 3045.505-14 - Reports of Government property.
Code of Federal Regulations, 2010 CFR
2010-10-01
... 48 Federal Acquisition Regulations System 7 2010-10-01 2010-10-01 false Reports of Government... SECURITY, HOMELAND SECURITY ACQUISITION REGULATION (HSAR) CONTRACT MANAGEMENT GOVERNMENT PROPERTY Management of Government Property in the Possession of Contractors 3045.505-14 Reports of Government property...
-
Study on development and application of platform with students' safety based on SOA
NASA Astrophysics Data System (ADS)
Jiang, Derong
2011-10-01
Students' safety management is a very important work, which is responsible for the entire school student security problems, student safety primarily prevent, only advance predict various of the imminent problems, to better protect their safety. The system mainly used on the development request the student safety management, safety evaluation, safety education, and etc, which are for daily management work completed for students in the security digital management. Development of the system can reduce the safety management for department working pressure, meanwhile, can reduce the labor force to use, accelerate query speed, strengthens the management, as well as the national various departments about the information step, making each management standardized. Therefore, developing a set of suitability and the populace, compatibly good system is very necessary.
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... between the performance management system and DoD's strategic plan; (4) A means for ensuring employee... Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM...
-
Code of Federal Regulations, 2011 CFR
2011-01-01
... between the performance management system and DoD's strategic plan; (4) A means for ensuring employee... Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM...
-
Security Concepts for Satellite Links
NASA Astrophysics Data System (ADS)
Tobehn, C.; Penné, B.; Rathje, R.; Weigl, A.; Gorecki, Ch.; Michalik, H.
2008-08-01
The high costs to develop, launch and maintain a satellite network makes protecting the assets imperative. Attacks may be passive such as eavesdropping on the payload data. More serious threat are active attacks that try to gain control of the satellite, which may lead to the total lost of the satellite asset. To counter these threats, new satellite and ground systems are using cryptographic technologies to provide a range of services: confidentiality, entity & message authentication, and data integrity. Additionally, key management cryptographic services are required to support these services. This paper describes the key points of current satellite control and operations, that are authentication of the access to the satellite TMTC link and encryption of security relevant TM/TC data. For payload data management the key points are multi-user ground station access and high data rates both requiring frequent updates and uploads of keys with the corresponding key management methods. For secure satellite management authentication & key negotiation algorithms as HMAC-RIPEMD160, EC- DSA and EC-DH are used. Encryption of data uses algorithms as IDEA, AES, Triple-DES, or other. A channel coding and encryption unit for payload data provides download data rates up to Nx250 Mbps. The presented concepts are based on our experience and heritage of the security systems for all German MOD satellite projects (SATCOMBw2, SAR-Lupe multi- satellite system and German-French SAR-Lupe-Helios- II systems inter-operability) as well as for further international (KOMPSAT-II Payload data link system) and ESA activities (TMTC security and GMES).
-
Study of Software Tools to Support Systems Engineering Management
2015-06-01
Management 15. NUMBER OF PAGES 137 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY CLASSIFICATION OF THIS...AVAILABILITY STATEMENT Approved for public release; distribution is unlimited 12b. DISTRIBUTION CODE 13. ABSTRACT (maximum 200 words) According to a...PAGE Unclassified 19. SECURITY CLASSIFICATION OF ABSTRACT Unclassified 20. LIMITATION OF ABSTRACT UU NSN 7540–01–280–5500 Standard Form 298
-
1988-10-20
The LOCK project , from its very beginnings as an implementation study for the Provably Secure Operating System in 1979...to the security field, can study to gain insight into the evaluation process. The project has developed an innovative format for the DTLS and FTLS...management tern becomes available, the Al Secure DBMS will be system (DBMS) that is currently being developed un- ported to it . der the Advanced
-
[Application of password manager software in health care].
Ködmön, József
2016-12-01
When using multiple IT systems, handling of passwords in a secure manner means a potential source of problem. The most frequent issues are choosing the appropriate length and complexity, and then remembering the strong passwords. Password manager software provides a good solution for this problem, while greatly increasing the security of sensitive medical data. This article introduces a password manager software and provides basic information of the application. It also discusses how to select a really secure password manager software and suggests a practical application to efficient, safe and comfortable use for health care. Orv. Hetil., 2016, 157(52), 2066-2073.
-
5 CFR 9701.514 - Determination of appropriate units for labor organization representation.
Code of Federal Regulations, 2011 CFR
2011-01-01
... subpart relating to labor-management relations may not be represented by a labor organization— (1) Which... labor organization representation. 9701.514 Section 9701.514 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL...
-
5 CFR 9701.514 - Determination of appropriate units for labor organization representation.
Code of Federal Regulations, 2010 CFR
2010-01-01
... subpart relating to labor-management relations may not be represented by a labor organization— (1) Which... labor organization representation. 9701.514 Section 9701.514 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL...
-
5 CFR 9901.409 - Monitoring and developing performance.
Code of Federal Regulations, 2011 CFR
2011-01-01
... LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM (NSPS) Performance Management § 9901.409 Monitoring and developing performance. (a) In applying the requirements of the performance management system and its implementing...
-
5 CFR 9901.409 - Monitoring and developing performance.
Code of Federal Regulations, 2010 CFR
2010-01-01
... LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM (NSPS) Performance Management § 9901.409 Monitoring and developing performance. (a) In applying the requirements of the performance management system and its implementing...
-
NASA Technical Reports Server (NTRS)
Tompkins, F. G.
1984-01-01
The Office of Management and Budget (OMB) Circular A-71, transmittal Memorandum No. 1, requires that each agency establish a management control process to assure that appropriate administrative, physical and technical safeguards are incorporated into all new computer applications. In addition to security specifications, the management control process should assure that the safeguards are adequate for the application. The security activities that should be integral to the system development process are examined. The software quality assurance process to assure that adequate and appropriate controls are incorporated into sensitive applications is also examined. Security for software packages is also discussed.
-
Secure authentication protocol for Internet applications over CATV network
NASA Astrophysics Data System (ADS)
Chin, Le-Pond
1998-02-01
An authentication protocol is proposed in this paper to implement secure functions which include two way authentication and key management between end users and head-end. The protocol can protect transmission from frauds, attacks such as reply and wiretap. Location privacy is also achieved. A rest protocol is designed to restore the system once when systems fail. The security is verified by taking several security and privacy requirements into consideration.
-
NASA Astrophysics Data System (ADS)
Zhang, Jianguo; Chen, Xiaomeng; Zhuang, Jun; Jiang, Jianrong; Zhang, Xiaoyan; Wu, Dongqing; Huang, H. K.
2003-05-01
In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare administration levels, and the DSPR component manages the all the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.
-
Health information security: a case study of three selected medical centers in iran.
Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas
2013-03-01
Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients' electronic records and health information systems have become a source for hackers. This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts' points of view. Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of "verification and system design, user access management, access control system", Al Zahra Hospital in two indicators of "access management and network access control" and Amin Hospital in "equipment safety and system design". In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place.
-
Designing Intelligent Secure Android Application for Effective Chemical Inventory
NASA Astrophysics Data System (ADS)
Shukran, Mohd Afizi Mohd; Naim Abdullah, Muhammad; Nazri Ismail, Mohd; Maskat, Kamaruzaman; Isa, Mohd Rizal Mohd; Shahfee Ishak, Muhammad; Adib Khairuddin, Muhamad
2017-08-01
Mobile services support various situations in everyday life and with the increasing sophistication of phone functions, the daily life is much more easier and better especially in term of managing tools and apparatus. Since chemical inventory management system has been experiencing a new revolution from antiquated to an automated inventory management system, some additional features should be added in current chemical inventory system. Parallel with the modern technologies, chemical inventory application using smart phone has been developed. Several studies about current related chemical inventory management using smart phone application has been done in this paper in order to obtain an overview on recent studies in smartphone application for chemical inventory system which are needed in schools, universities or other education institutions. This paper also discuss about designing the proposed secure mobile chemical inventory system. The study of this paper can provide forceful review analysis support for the chemical inventory management system related research.
-
Koenig, Kristi L
2003-01-01
The terrorist attacks of 11 September 2001 led to the largest US Government transformation since the formation of the Department of Defense following World War II. More than 22 different agencies, in whole or in part, and >170,000 employees were reorganized to form a new Cabinet-level Department of Homeland Security (DHS), with the primary mission to protect the American homeland. Legislation enacted in November 2002 transferred the entire Federal Emergency Management Agency and several Department of Health and Human Services (HHS) assets to DHS, including the Office of Emergency Response, and oversight for the National Disaster Medical System, Strategic National Stockpile, and Metropolitan Medical Response System. This created a potential separation of "health" and "medical" assets between the DHS and HHS. A subsequent presidential directive mandated the development of a National Incident Management System and an all-hazard National Response Plan. While no Department of Veterans Affairs (VA) assets were targeted for transfer, the VA remains the largest integrated healthcare system in the nation with important support roles in homeland security that complement its primary mission to provide care to veterans. The Emergency Management Strategic Healthcare Group (EMSHG) within the VA's medical component, the Veteran Health Administration (VHA), is the executive agent for the VA's Fourth Mission, emergency management. In addition to providing comprehensive emergency management services to the VA, the EMSHG coordinates medical back-up to the Department of Defense, and assists the public via the National Disaster Medical System and the National Response Plan. This article describes the VA's role in homeland security and disasters, and provides an overview of the ongoing organizational and operational changes introduced by the formation of the new DHS. Challenges and opportunities for public health are highlighted.
-
Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety
DOT National Transportation Integrated Search
1998-05-01
Given the paramount importance of computer security of Air Traffic Control (ATC) systems, Congress asked the General Accounting Office to determine (1) whether the Fedcral Aviation Administration (FAA) is effectively managing physical security at ATC...
-
Code of Federal Regulations, 2010 CFR
2010-10-01
... 48 Federal Acquisition Regulations System 7 2010-10-01 2010-10-01 false [Reserved] 3046.702 Section 3046.702 Federal Acquisition Regulations System DEPARTMENT OF HOMELAND SECURITY, HOMELAND SECURITY ACQUISITION REGULATION (HSAR) CONTRACT MANAGEMENT QUALITY ASSURANCE Warranties 3046.702 [Reserved] ...
-
Federal Register 2010, 2011, 2012, 2013, 2014
2013-02-12
...) Not to exceed 3000 positions that require unique cyber security skills and knowledge to perform cyber..., distributed control systems security, cyber incident response, cyber exercise facilitation and management, cyber vulnerability detection and assessment, network and systems engineering, enterprise architecture...
-
Code of Federal Regulations, 2011 CFR
2011-10-01
... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...
-
Code of Federal Regulations, 2013 CFR
2013-10-01
... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...
-
Code of Federal Regulations, 2014 CFR
2014-10-01
... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...
-
Code of Federal Regulations, 2012 CFR
2012-10-01
... 339.7101 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and...
-
Design, Development and Utilization Perspectives on Database Management Systems
ERIC Educational Resources Information Center
Shneiderman, Ben
1977-01-01
This paper reviews the historical development of integrated data base management systems and examines competing approaches. Topics include management and utilization, implementation and design, query languages, security, integrity, privacy and concurrency. (Author/KP)
-
The Flask Security Architecture: System Support for Diverse Security Policies
2006-01-01
Flask microkernel -based operating sys tem, that successfully overcomes these obstacles to pol- icy flexibility. The cleaner separation of mechanism and...other object managers in the system to en- force those access control decisions. Although the pro totype system is microkernel -based, the security...mecha nisms do not depend on a microkernel architecture and will easily generalize beyond it. The resulting system provides policy flexibility. It sup
-
SPAN security policies and guidelines
NASA Technical Reports Server (NTRS)
Sisson, Patricia L.; Green, James L.
1989-01-01
A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment.
-
DOT National Transportation Integrated Search
2001-08-01
This study assesses how to manage the effects or outcomes of organizational change on job security and employee commitment in transit systems using trust-building, empowerment, employee reassurance, and job redesign strategies. The major findings are...
-
Systems Security Engineering Capability Maturity Model SSE-CMM Model Description Document
1999-04-01
management is the process of accessing and quantifying risk , and establishing an acceptable level of risk for the organization. Managing risk is an...Process of assessing and quantifying risk and establishing acceptable level of risk for the organization. [IEEE 13335-1:1996] Security Engineering
-
5 CFR 9701.518 - Duty to bargain, confer, and consult.
Code of Federal Regulations, 2010 CFR
2010-01-01
... 5 Administrative Personnel 3 2010-01-01 2010-01-01 false Duty to bargain, confer, and consult. 9701.518 Section 9701.518 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES... SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.518 Duty to bargain, confer...
-
DOE Office of Scientific and Technical Information (OSTI.GOV)
Witzke, Edward L.
In 2014, the United States Department of Defense started tra nsitioning the way it performs risk management and accreditation of informatio n systems to a process entitled Risk Management Framework for DoD Information Technology or RMF for DoD IT. There are many more security and privacy contro ls (and control enhancements) from which to select in RMF, than there w ere in the previous Information Assurance process. This report is an attempt t o clarify the way security controls and enhancements are selected. After a brief overview and comparison of RMF for DoD I T with the previously used process,more » this report looks at the determination of systems as National Security Systems (NSS). Once deemed to be an NSS, this report addr esses the categorization of the information system with respect to impact level s of the various security objectives and the selection of an initial baseline o f controls. Next, the report describes tailoring the controls through the use of overl ays and scoping considerations. Finally, the report discusses organizatio n-defined values for tuning the security controls to the needs of the information system.« less
-
Building a highly available and intrusion tolerant Database Security and Protection System (DSPS).
Cai, Liang; Yang, Xiao-Hu; Dong, Jin-Xiang
2003-01-01
Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.
-
ERIC Educational Resources Information Center
Sousa, Kenneth J.; MacDonald, Laurie E.; Fougere, Kenneth T.
2005-01-01
The authors conducted an evaluation of Management Information Systems (MIS) textbooks and found that computer security receives very little in-depth coverage. The textbooks provide, at best, superficial treatment of security issues. The research results suggest that MIS faculty need to provide material to supplement the textbook to provide…
-
DOE Office of Scientific and Technical Information (OSTI.GOV)
Lee, Hsien-Hsin S
The overall objective of this research project is to develop novel architectural techniques as well as system software to achieve a highly secure and intrusion-tolerant computing system. Such system will be autonomous, self-adapting, introspective, with self-healing capability under the circumstances of improper operations, abnormal workloads, and malicious attacks. The scope of this research includes: (1) System-wide, unified introspection techniques for autonomic systems, (2) Secure information-flow microarchitecture, (3) Memory-centric security architecture, (4) Authentication control and its implication to security, (5) Digital right management, (5) Microarchitectural denial-of-service attacks on shared resources. During the period of the project, we developed several architectural techniquesmore » and system software for achieving a robust, secure, and reliable computing system toward our goal.« less
-
Security Management in a Multimedia System
ERIC Educational Resources Information Center
Rednic, Emanuil; Toma, Andrei
2009-01-01
In database security, the issue of providing a level of security for multimedia information is getting more and more known. For the moment the security of multimedia information is done through the security of the database itself, in the same way, for all classic and multimedia records. So what is the reason for the creation of a security…
-
44 CFR 208.6 - System resource reports.
Code of Federal Regulations, 2011 CFR
2011-10-01
... 44 Emergency Management and Assistance 1 2011-10-01 2011-10-01 false System resource reports. 208.6 Section 208.6 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY DISASTER ASSISTANCE NATIONAL URBAN SEARCH AND RESCUE RESPONSE SYSTEM General § 208.6 System resource reports. (a) Reports to...
-
Providing security for automated process control systems at hydropower engineering facilities
NASA Astrophysics Data System (ADS)
Vasiliev, Y. S.; Zegzhda, P. D.; Zegzhda, D. P.
2016-12-01
This article suggests the concept of a cyberphysical system to manage computer security of automated process control systems at hydropower engineering facilities. According to the authors, this system consists of a set of information processing tools and computer-controlled physical devices. Examples of cyber attacks on power engineering facilities are provided, and a strategy of improving cybersecurity of hydropower engineering systems is suggested. The architecture of the multilevel protection of the automated process control system (APCS) of power engineering facilities is given, including security systems, control systems, access control, encryption, secure virtual private network of subsystems for monitoring and analysis of security events. The distinctive aspect of the approach is consideration of interrelations and cyber threats, arising when SCADA is integrated with the unified enterprise information system.
-
Security Controls in the Stockpoint Logistics Integrated Communications Environment (SPLICE).
1985-03-01
call programs as authorized after checks by the Terminal Management Subsystem on SAS databases . SAS overlays the TANDEM GUARDIAN operating system to...Security Access Profile database (SAP) and a query capability generating various security reports. SAS operates with the System Monitor (SMON) subsystem...system to DDN and other components. The first SAS component to be reviewed is the SAP database . SAP is organized into two types of files. Relational
-
NASA Technical Reports Server (NTRS)
1985-01-01
The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.
-
Quantum key distribution network for multiple applications
NASA Astrophysics Data System (ADS)
Tajima, A.; Kondoh, T.; Ochi, T.; Fujiwara, M.; Yoshino, K.; Iizuka, H.; Sakamoto, T.; Tomita, A.; Shimamura, E.; Asami, S.; Sasaki, M.
2017-09-01
The fundamental architecture and functions of secure key management in a quantum key distribution (QKD) network with enhanced universal interfaces for smooth key sharing between arbitrary two nodes and enabling multiple secure communication applications are proposed. The proposed architecture consists of three layers: a quantum layer, key management layer and key supply layer. We explain the functions of each layer, the key formats in each layer and the key lifecycle for enabling a practical QKD network. A quantum key distribution-advanced encryption standard (QKD-AES) hybrid system and an encrypted smartphone system were developed as secure communication applications on our QKD network. The validity and usefulness of these systems were demonstrated on the Tokyo QKD Network testbed.
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM... supports mission accomplishment. ...
-
Code of Federal Regulations, 2011 CFR
2011-01-01
... Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM... supports mission accomplishment. ...
-
75 FR 81562 - Privacy Act of 1974; System of Records
Federal Register 2010, 2011, 2012, 2013, 2014
2010-12-28
... System name: Supplementary Security Income (SSI)/Office of Personnel Management (OPM) Temporary Matching... the Social Security Administration (SSA) was still part of the Department, and when OIG was tasked... Fraud Detection File, HHS/OS/OIG. Purpose: This system of records was established to facilitate the...
-
5 CFR 9701.510 - Powers and duties of the Federal Labor Relations Authority.
Code of Federal Regulations, 2013 CFR
2013-01-01
... 5 Administrative Personnel 3 2013-01-01 2013-01-01 false Powers and duties of the Federal Labor Relations Authority. 9701.510 Section 9701.510 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY...) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Labor-Management Relations § 9701.510...
-
Federal Register 2010, 2011, 2012, 2013, 2014
2012-11-27
... Department of Homeland Security, Federal Emergency Management Agency, and sent via electronic mail to oira... Program's (NFIP) Community Rating System (CRS) to document the activities that communities have undertaken... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2010-0012...
-
44 CFR 334.5 - GMR system description.
Code of Federal Regulations, 2014 CFR
2014-10-01
... 44 Emergency Management and Assistance 1 2014-10-01 2014-10-01 false GMR system description. 334.5 Section 334.5 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY PREPAREDNESS GRADUATED MOBILIZATION RESPONSE § 334.5 GMR system description. The GMR...
-
Federal Register 2010, 2011, 2012, 2013, 2014
2011-02-15
... screen activity in the National Emergency Management Information System for both call-related customer... desktop screen as they perform work in National Emergency Management Information System (NEMIS); (3) Avaya...), Enterprise Performance Information Management Section, Federal Emergency Management Agency, Texas National...
-
DOE Office of Scientific and Technical Information (OSTI.GOV)
Strait, R.S.; Wagner, E.E.
1994-07-01
The US Department of Energy (DOE) Office of Safeguards and Security initiated the DOE Integrated Security System / Electronic Transfer (DISS/ET) for the purpose of reducing the time required to process security clearance requests. DISS/ET will be an integrated system using electronic commerce technologies for the collection and processing of personnel security clearance data, and its transfer between DOE local security clearance offices, DOE Operations Offices, and the Office of Personnel Management. The system will use electronic forms to collect clearance applicant data. The forms data will be combined with electronic fingerprint images and packaged in a secure encrypted electronicmore » mail envelope for transmission across the Internet. Information provided by the applicant will be authenticated using digital signatures. All processing will be done electronically.« less
-
48 CFR 3046.790 - Use of warranties in major systems acquisitions by the USCG (USCG).
Code of Federal Regulations, 2010 CFR
2010-10-01
... 48 Federal Acquisition Regulations System 7 2010-10-01 2010-10-01 false Use of warranties in major systems acquisitions by the USCG (USCG). 3046.790 Section 3046.790 Federal Acquisition Regulations System DEPARTMENT OF HOMELAND SECURITY, HOMELAND SECURITY ACQUISITION REGULATION (HSAR) CONTRACT MANAGEMENT QUALITY...
-
DOE Office of Scientific and Technical Information (OSTI.GOV)
Hutchinson, R.L.; Hamilton, V.A.; Istrail, G.G.
1997-11-01
This report describes the results of a Sandia-funded laboratory-directed research and development project titled {open_quotes}Integrated and Robust Security Infrastructure{close_quotes} (IRSI). IRSI was to provide a broad range of commercial-grade security services to any software application. IRSI has two primary goals: application transparency and manageable public key infrastructure. IRSI must provide its security services to any application without the need to modify the application to invoke the security services. Public key mechanisms are well suited for a network with many end users and systems. There are many issues that make it difficult to deploy and manage a public key infrastructure. IRSImore » addressed some of these issues to create a more manageable public key infrastructure.« less
-
Anatomy of a Security Operations Center
NASA Technical Reports Server (NTRS)
Wang, John
2010-01-01
Many agencies and corporations are either contemplating or in the process of building a cyber Security Operations Center (SOC). Those Agencies that have established SOCs are most likely working on major revisions or enhancements to existing capabilities. As principle developers of the NASA SOC; this Presenters' goals are to provide the GFIRST community with examples of some of the key building blocks of an Agency scale cyber Security Operations Center. This presentation viII include the inputs and outputs, the facilities or shell, as well as the internal components and the processes necessary to maintain the SOC's subsistence - in other words, the anatomy of a SOC. Details to be presented include the SOC architecture and its key components: Tier 1 Call Center, data entry, and incident triage; Tier 2 monitoring, incident handling and tracking; Tier 3 computer forensics, malware analysis, and reverse engineering; Incident Management System; Threat Management System; SOC Portal; Log Aggregation and Security Incident Management (SIM) systems; flow monitoring; IDS; etc. Specific processes and methodologies discussed include Incident States and associated Work Elements; the Incident Management Workflow Process; Cyber Threat Risk Assessment methodology; and Incident Taxonomy. The Evolution of the Cyber Security Operations Center viII be discussed; starting from reactive, to proactive, and finally to proactive. Finally, the resources necessary to establish an Agency scale SOC as well as the lessons learned in the process of standing up a SOC viII be presented.
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM... of Defense and the Director of the Office of Personnel Management (OPM). The Secretary may establish...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM (NSPS) Performance Management § 9901.404 Definitions. In this subpart— Appraisal means the review and...
-
5 CFR 9901.413 - Reconsideration of ratings.
Code of Federal Regulations, 2010 CFR
2010-01-01
... Section 9901.413 Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM (NSPS) Performance Management § 9901.413 Reconsideration of ratings. (a...
-
Code of Federal Regulations, 2011 CFR
2011-01-01
... Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM... of Defense and the Director of the Office of Personnel Management (OPM). The Secretary may establish...
-
Managing Complex IT Security Processes with Value Based Measures
DOE Office of Scientific and Technical Information (OSTI.GOV)
Abercrombie, Robert K; Sheldon, Frederick T; Mili, Ali
2009-01-01
Current trends indicate that IT security measures will need to greatly expand to counter the ever increasingly sophisticated, well-funded and/or economically motivated threat space. Traditional risk management approaches provide an effective method for guiding courses of action for assessment, and mitigation investments. However, such approaches no matter how popular demand very detailed knowledge about the IT security domain and the enterprise/cyber architectural context. Typically, the critical nature and/or high stakes require careful consideration and adaptation of a balanced approach that provides reliable and consistent methods for rating vulnerabilities. As reported in earlier works, the Cyberspace Security Econometrics System provides amore » comprehensive measure of reliability, security and safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders interests in that requirement. This paper advocates a dependability measure that acknowledges the aggregate structure of complex system specifications, and accounts for variations by stakeholder, by specification components, and by verification and validation impact.« less
-
Developing the security culture at the SEISMED Reference Centres.
Fowler, J
1996-01-01
The paper gives a brief summary of the SEISMED project and the particular role played by the Reference Centres. Details are given of the hardware and application systems in use in the Royal Hospitals (NHS) Trust (RHT), one of the SEISMED Reference Centres. It proposes, without verification, a definition of a Security Culture based on three criteria. These are suggested to be the "Awareness" the "Acceptance" and the "Actions" of the management and staff to improve Information Systems Security throughout the RHT. The way that "Awareness" was increased is shown by the specific initiatives commenced as a result of a CRAMM Risk Analysis and the management and staff training programmes. The specific initiatives mentioned include, an Information Systems Security Policy, a contingency and disaster recovery plan, improvements in the physical protection of equipment and changes to the method of access control. The "Acceptance" by the staff of these measures is considered and the success or failure of "Developing A Security Culture" examined. The role of SEISMED in this process is assessed.
-
Health Information Security: A Case Study of Three Selected Medical Centers in Iran
Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas
2013-01-01
Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients’ electronic records and health information systems have become a source for hackers. Methods This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts’ points of view. Results and discussion Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of “verification and system design, user access management, access control system”, Al Zahra Hospital in two indicators of “access management and network access control” and Amin Hospital in “equipment safety and system design”. In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place. PMID:23572861
-
A Hybrid Location Method for Missile Security Team Positioning
2007-01-01
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission. A Hybrid Location Method for Missile Security...Bell and Weir A Hybrid Location Method for Missile Security Team Positioning Chief Master Sergeant Michael C. Dawson Air Force Logistics Management...problem oj locating security teams over a geographic area to maintain security Jor US Air Force Intercontinental Ballistic Missile Systems. A
-
Redefining Security. A Report by the Joint Security Commission
1994-02-28
security policies. This report offers recommendations on developing new strategies for achieving security within our infor-mation systems, including...better, and we outline methods of improving government and industry personnel security poli- cies. We offer recommendations on developing new strategies ... strategies , sufficient funding, and management attention if our comput- ers and networks are to protect the confidentiality, integrity, and availability of
-
OLMS: Online Learning Management System for E-Learning
ERIC Educational Resources Information Center
Ippakayala, Vinay Kumar; El-Ocla, Hosam
2017-01-01
In this paper we introduce a learning management system that provides a management system for centralized control of course content. A secure system to record lectures is implemented as a key feature of this application. This feature would be accessed through web camera and mobile recording. These features are mainly designed for e-learning…
-
Secure Cryptographic Key Management System (CKMS) Considerations for Smart Grid Devices
DOE Office of Scientific and Technical Information (OSTI.GOV)
Abercrombie, Robert K; Sheldon, Frederick T; Aldridge, Hal
2011-01-01
In this paper, we examine some unique challenges associated with key management in the Smart Grid and concomitant research initiatives: 1) effectively model security requirements and their implementations, and 2) manage keys and key distribution for very large scale deployments such as Smart Meters over a long period of performance. This will set the stage to: 3) develop innovative, low cost methods to protect keying material, and 4) provide high assurance authentication services. We will present our perspective on key management and will discuss some key issues within the life cycle of a cryptographic key designed to achieve the following:more » 1) control systems designed, installed, operated, and maintained to survive an intentional cyber assault with no loss of critical function, and 2) widespread implementation of methods for secure communication between remote access devices and control centers that are scalable and cost-effective to deploy.« less
-
Measuring Security Effectiveness and Efficiency at U.S. Commercial Airports
2013-03-01
formative program evaluation and policy analysis to investigate current airport security programs. It identifies innovative public administration and...policy-analysis tools that could provide potential benefits to airport security . These tools will complement the System Based Risk Management framework if
-
Water availability and management for food security
USDA-ARS?s Scientific Manuscript database
Food security is directly linked to water security for food production. Water availability for crop production will be dependent upon precipitation or irrigation, soil water holding capacity, and crop water demand. The linkages among these components in rainfed agricultural systems shows the impact ...
-
Using RFID to enhance security in off-site data storage.
Lopez-Carmona, Miguel A; Marsa-Maestre, Ivan; de la Hoz, Enrique; Velasco, Juan R
2010-01-01
Off-site data storage is one of the most widely used strategies in enterprises of all sizes to improve business continuity. In medium-to-large size enterprises, the off-site data storage processes are usually outsourced to specialized providers. However, outsourcing the storage of critical business information assets raises serious security considerations, some of which are usually either disregarded or incorrectly addressed by service providers. This article reviews these security considerations and presents a radio frequency identification (RFID)-based, off-site, data storage management system specifically designed to address security issues. The system relies on a set of security mechanisms or controls that are arranged in security layers or tiers to balance security requirements with usability and costs. The system has been successfully implemented, deployed and put into production. In addition, an experimental comparison with classical bar-code-based systems is provided, demonstrating the system's benefits in terms of efficiency and failure prevention.
-
Model-Driven Configuration of SELinux Policies
NASA Astrophysics Data System (ADS)
Agreiter, Berthold; Breu, Ruth
The need for access control in computer systems is inherent. However, the complexity to configure such systems is constantly increasing which affects the overall security of a system negatively. We think that it is important to define security requirements on a non-technical level while taking the application domain into respect in order to have a clear and separated view on security configuration (i.e. unblurred by technical details). On the other hand, security functionality has to be tightly integrated with the system and its development process in order to provide comprehensive means of enforcement. In this paper, we propose a systematic approach based on model-driven security configuration to leverage existing operating system security mechanisms (SELinux) for realising access control. We use UML models and develop a UML profile to satisfy these needs. Our goal is to exploit a comprehensive protection mechanism while rendering its security policy manageable by a domain specialist.
-
48 CFR 3046.790-1 - Scope (USCG).
Code of Federal Regulations, 2014 CFR
2014-10-01
... 48 Federal Acquisition Regulations System 7 2014-10-01 2014-10-01 false Scope (USCG). 3046.790-1 Section 3046.790-1 Federal Acquisition Regulations System DEPARTMENT OF HOMELAND SECURITY, HOMELAND SECURITY ACQUISITION REGULATION (HSAR) CONTRACT MANAGEMENT QUALITY ASSURANCE Warranties 3046.790-1 Scope...
-
48 CFR 3046.790-1 - Scope (USCG).
Code of Federal Regulations, 2010 CFR
2010-10-01
... 48 Federal Acquisition Regulations System 7 2010-10-01 2010-10-01 false Scope (USCG). 3046.790-1 Section 3046.790-1 Federal Acquisition Regulations System DEPARTMENT OF HOMELAND SECURITY, HOMELAND SECURITY ACQUISITION REGULATION (HSAR) CONTRACT MANAGEMENT QUALITY ASSURANCE Warranties 3046.790-1 Scope...
-
48 CFR 3046.792 - Cost benefit analysis (USCG).
Code of Federal Regulations, 2010 CFR
2010-10-01
... 48 Federal Acquisition Regulations System 7 2010-10-01 2010-10-01 false Cost benefit analysis (USCG). 3046.792 Section 3046.792 Federal Acquisition Regulations System DEPARTMENT OF HOMELAND SECURITY, HOMELAND SECURITY ACQUISITION REGULATION (HSAR) CONTRACT MANAGEMENT QUALITY ASSURANCE Warranties 3046.792...
-
A Data Analysis of Naval Air Systems Command Funding Documents
2017-06-01
Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management ...Business & Financial Managers 15. NUMBER OF PAGES 75 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY...Summary Statistics for Regressions with a Statistically Significant Relationship
-
Integrated homeland security system with passive thermal imaging and advanced video analytics
NASA Astrophysics Data System (ADS)
Francisco, Glen; Tillman, Jennifer; Hanna, Keith; Heubusch, Jeff; Ayers, Robert
2007-04-01
A complete detection, management, and control security system is absolutely essential to preempting criminal and terrorist assaults on key assets and critical infrastructure. According to Tom Ridge, former Secretary of the US Department of Homeland Security, "Voluntary efforts alone are not sufficient to provide the level of assurance Americans deserve and they must take steps to improve security." Further, it is expected that Congress will mandate private sector investment of over $20 billion in infrastructure protection between 2007 and 2015, which is incremental to funds currently being allocated to key sites by the department of Homeland Security. Nearly 500,000 individual sites have been identified by the US Department of Homeland Security as critical infrastructure sites that would suffer severe and extensive damage if a security breach should occur. In fact, one major breach in any of 7,000 critical infrastructure facilities threatens more than 10,000 people. And one major breach in any of 123 facilities-identified as "most critical" among the 500,000-threatens more than 1,000,000 people. Current visible, nightvision or near infrared imaging technology alone has limited foul-weather viewing capability, poor nighttime performance, and limited nighttime range. And many systems today yield excessive false alarms, are managed by fatigued operators, are unable to manage the voluminous data captured, or lack the ability to pinpoint where an intrusion occurred. In our 2006 paper, "Critical Infrastructure Security Confidence Through Automated Thermal Imaging", we showed how a highly effective security solution can be developed by integrating what are now available "next-generation technologies" which include: Thermal imaging for the highly effective detection of intruders in the dark of night and in challenging weather conditions at the sensor imaging level - we refer to this as the passive thermal sensor level detection building block Automated software detection for creating initial alerts - we refer to this as software level detection, the next level building block Immersive 3D visual assessment for situational awareness and to manage the reaction process - we refer to this as automated intelligent situational awareness, a third building block Wide area command and control capabilities to allow control from a remote location - we refer to this as the management and process control building block integrating together the lower level building elements. In addition, this paper describes three live installations of complete, total systems that incorporate visible and thermal cameras as well as advanced video analytics. Discussion of both system elements and design is extensive.
-
5 CFR 9901.356 - Pay retention.
Code of Federal Regulations, 2010 CFR
2010-01-01
... Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM... employee who would not be affected personally requests a reduction in band; (ii) Management determines the...
-
An Introduction to Database Structure and Database Machines.
ERIC Educational Resources Information Center
Detweiler, Karen
1984-01-01
Enumerates principal management objectives of database management systems (data independence, quality, security, multiuser access, central control) and criteria for comparison (response time, size, flexibility, other features). Conventional database management systems, relational databases, and database machines used for backend processing are…
-
5 CFR 9901.407 - Minimum period of performance.
Code of Federal Regulations, 2010 CFR
2010-01-01
... Section 9901.407 Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM (NSPS) Performance Management § 9901.407 Minimum period of performance. (a) Only...
-
5 CFR 9901.406 - Setting and communicating performance expectations.
Code of Federal Regulations, 2010 CFR
2010-01-01
... expectations. 9901.406 Section 9901.406 Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM (NSPS) Performance Management § 9901.406 Setting and...
-
Federal Register 2010, 2011, 2012, 2013, 2014
2010-02-24
... Information Management System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of modification to... Enforcement Support Center Alien Criminal Response Information Management System of Records (73 FR 74739... Enforcement Support Center (LESC) Alien Criminal Response Information Management (ACRIMe) System (73 FR 74739...
-
chain MS ISO/IEC 27001: 2007 Information Security Management Systems MS ISO 50001: 2011 Energy . Announcements Popular Standards Popular Standards MS ISO 9001 :2015 Quality Management System(QMS) MS ISO 14001 : 2015 Environmental Management Systems(EMS) MS 1722:2011 & OHSAS 18001:2007 Occupational Health and
-
33 CFR 96.380 - How will the Coast Guard handle compliance and enforcement of these regulations?
Code of Federal Regulations, 2010 CFR
2010-07-01
... safety management system while operating the vessel or transferring cargoes. (b) A foreign vessel that... GUARD, DEPARTMENT OF HOMELAND SECURITY VESSEL OPERATING REGULATIONS RULES FOR THE SAFE OPERATION OF VESSELS AND SAFETY MANAGEMENT SYSTEMS How Will Safety Management Systems Be Certificated and Enforced...
-
76 FR 61676 - Privacy Act of 1974; Systems of Records
Federal Register 2010, 2011, 2012, 2013, 2014
2011-10-05
...' Health and Counseling Programs; E.O. 12564, Drug Free Federal Workplace; E.O. 12196, Occupational safety.... System manager(s) and address: Chief, Employee Assistance Services, National Security Agency/ Central.... For additional information, contact the system manager. [FR Doc. 2011-25697 Filed 10-4-11; 8:45 am...
-
Kiah, M L Mat; Nabi, Mohamed S; Zaidan, B B; Zaidan, A A
2013-10-01
This study aims to provide security solutions for implementing electronic medical records (EMRs). E-Health organizations could utilize the proposed method and implement recommended solutions in medical/health systems. Majority of the required security features of EMRs were noted. The methods used were tested against each of these security features. In implementing the system, the combination that satisfied all of the security features of EMRs was selected. Secure implementation and management of EMRs facilitate the safeguarding of the confidentiality, integrity, and availability of e-health organization systems. Health practitioners, patients, and visitors can use the information system facilities safely and with confidence anytime and anywhere. After critically reviewing security and data transmission methods, a new hybrid method was proposed to be implemented on EMR systems. This method will enhance the robustness, security, and integration of EMR systems. The hybrid of simple object access protocol/extensible markup language (XML) with advanced encryption standard and secure hash algorithm version 1 has achieved the security requirements of an EMR system with the capability of integrating with other systems through the design of XML messages.
-
Code of Federal Regulations, 2011 CFR
2011-04-01
... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Internal risk management... Supervised Investment Bank Holding Company Rules § 240.17i-4 Internal risk management control system...) As part of its internal risk management control system, a supervised investment bank holding company...
-
The Department of Homeland Security’s Pursuit of Data-Driven Decision Making
2015-12-01
agencies’ information management systems pertaining to mission support and business operations 1 KT...Directorate’s operating environment. xviii managed . Meanwhile, adding to the intrinsic organizational change management challenges is the idea that...a timely manner. The lack of a single, enterprise-wide information management system has resulted in numerous, disparate systems operating within
-
Code of Federal Regulations, 2010 CFR
2010-04-01
... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Internal risk management... Supervised Investment Bank Holding Company Rules § 240.17i-4 Internal risk management control system...) As part of its internal risk management control system, a supervised investment bank holding company...
-
17 CFR 240.15c3-4 - Internal risk management control systems for OTC derivatives dealers.
Code of Federal Regulations, 2010 CFR
2010-04-01
... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Internal risk management...-Counter Markets § 240.15c3-4 Internal risk management control systems for OTC derivatives dealers. (a) An OTC derivatives dealer shall establish, document, and maintain a system of internal risk management...
-
5 CFR 9901.224 - Appeal to OPM for review of classification decisions.
Code of Federal Regulations, 2011 CFR
2011-01-01
... RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM (NSPS) Classification Classification Process § 9901...
-
5 CFR 9901.224 - Appeal to OPM for review of classification decisions.
Code of Federal Regulations, 2010 CFR
2010-01-01
... RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM (NSPS) Classification Classification Process § 9901...
-
76 FR 22911 - National Advisory Council
Federal Register 2010, 2011, 2012, 2013, 2014
2011-04-25
... discussions on professionalism of emergency management, approaches for National Incident Management System... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID FEMA-2007-0008] National Advisory Council AGENCY: Federal Emergency Management Agency, DHS. ACTION: Committee Management...
-
Security and Privacy in a DACS.
Delgado, Jaime; Llorente, Silvia; Pàmies, Martí; Vilalta, Josep
2016-01-01
The management of electronic health records (EHR), in general, and clinical documents, in particular, is becoming a key issue in the daily work of Healthcare Organizations (HO). The need for providing secure and private access to, and storage for, clinical documents together with the need for HO to interoperate, raises a number of issues difficult to solve. Many systems are in place to manage EHR and documents. Some of these Healthcare Information Systems (HIS) follow standards in their document structure and communications protocols, but many do not. In fact, they are mostly proprietary and do not interoperate. Our proposal to solve the current situation is the use of a DACS (Document Archiving and Communication System) for providing security, privacy and standardized access to clinical documents.
-
Self Managing the Consequences of Major Limb Trauma
2007-03-01
rehabilitation to the community – whether that be in the military or 15. SUBJECT TERMS Self Management, Trauma, Online Learning 16. SECURITY...Task # 1). The Flash platform was chosen based on its high level of market penetration (greater than 98% in the U.S.A.), ease of integration with...management system to facilitate seamless transitions between lessons, online chats, message boards, and evaluation questionnaires using a single security
-
Code of Federal Regulations, 2014 CFR
2014-04-01
...) Establish procedures for: (i) Reporting stress test results to its risk management committee or board of... 17 Commodity and Securities Exchanges 1 2014-04-01 2014-04-01 false Risk management for....36 Risk management for systemically important derivatives clearing organizations and subpart C...
-
Y-12 Integrated Materials Management System
DOE Office of Scientific and Technical Information (OSTI.GOV)
Alspaugh, D. H.; Hickerson, T. W.
2002-06-03
The Integrated Materials Management System, when fully implemented, will provide the Y-12 National Security Complex with advanced inventory information and analysis capabilities and enable effective assessment, forecasting and management of nuclear materials, critical non-nuclear materials, and certified supplies. These capabilities will facilitate future Y-12 stockpile management work, enhance interfaces to existing National Nuclear Security Administration (NNSA) corporate-level information systems, and enable interfaces to planned NNSA systems. In the current national nuclear defense environment where, for example, weapons testing is not permitted, material managers need better, faster, more complete information about material properties and characteristics. They now must manage non-special nuclearmore » material at the same high-level they have managed SNM, and information capabilities about both must be improved. The full automation and integration of business activities related to nuclear and non-nuclear materials that will be put into effect by the Integrated Materials Management System (IMMS) will significantly improve and streamline the process of providing vital information to Y-12 and NNSA managers. This overview looks at the kinds of information improvements targeted by the IMMS project, related issues, the proposed information architecture, and the progress to date in implementing the system.« less
-
Network systems security analysis
NASA Astrophysics Data System (ADS)
Yilmaz, Ä.°smail
2015-05-01
Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.
-
Ver-i-Fus: an integrated access control and information monitoring and management system
NASA Astrophysics Data System (ADS)
Thomopoulos, Stelios C.; Reisman, James G.; Papelis, Yiannis E.
1997-01-01
This paper describes the Ver-i-Fus Integrated Access Control and Information Monitoring and Management (IAC-I2M) system that INTELNET Inc. has developed. The Ver-i-Fus IAC-I2M system has been designed to meet the most stringent security and information monitoring requirements while allowing two- way communication between the user and the system. The systems offers a flexible interface that permits to integrate practically any sensing device, or combination of sensing devices, including a live-scan fingerprint reader, thus providing biometrics verification for enhanced security. Different configurations of the system provide solutions to different sets of access control problems. The re-configurable hardware interface, tied together with biometrics verification and a flexible interface that allows to integrate Ver-i-Fus with an MIS, provide an integrated solution to security, time and attendance, labor monitoring, production monitoring, and payroll applications.
-
78 FR 54466 - Federal Open Market Committee; Domestic Policy Directive of July 30-31, 2013
Federal Register 2010, 2011, 2012, 2013, 2014
2013-09-04
... FEDERAL RESERVE SYSTEM Federal Open Market Committee; Domestic Policy Directive of July 30-31... the meeting, are available upon request to the Board of Governors of the Federal Reserve System... mortgage-backed securities in agency mortgage-backed securities. The System Open Market Account Manager and...
-
78 FR 70945 - Federal Open Market Committee; Domestic Policy Directive of October 29-30, 2013
Federal Register 2010, 2011, 2012, 2013, 2014
2013-11-27
... FEDERAL RESERVE SYSTEM Federal Open Market Committee; Domestic Policy Directive of October 29-30... issued at the meeting, are available upon request to the Board of Governors of the Federal Reserve System... mortgage-backed securities in agency mortgage-backed securities. The System Open Market Account Manager and...
-
Code of Federal Regulations, 2010 CFR
2010-04-01
...) Fire safety system; (vii) Security system; and (viii) Roof, foundation, walls, floors. (12) Unscheduled...) Monitoring and preventive maintenance of building structures and systems, including but not limited to: (i..., repainting); (14) Security services; (15) Management fees; and (16) Other reasonable and necessary operation...
-
Securing Emergency State Data in a Tactical Computing Environment
2010-12-01
in a Controlled Manner, 19th IEEE Symposium on Computer-Based Medical Systems (CBMS), 847–854. [38] K. Kifayat, D. Llewellyn - Jones , A. Arabo, O...Drew, M. Merabti, Q. Shi, A. Waller, R. Craddock, G. Jones , State-of-the-Art in System-of-Systems Security for Crisis Management, Fourth Annual
-
48 CFR 3046.791-3 - Warranties on Government-furnished property (USCG).
Code of Federal Regulations, 2010 CFR
2010-10-01
... 48 Federal Acquisition Regulations System 7 2010-10-01 2010-10-01 false Warranties on Government-furnished property (USCG). 3046.791-3 Section 3046.791-3 Federal Acquisition Regulations System DEPARTMENT OF HOMELAND SECURITY, HOMELAND SECURITY ACQUISITION REGULATION (HSAR) CONTRACT MANAGEMENT QUALITY...
-
1981-03-01
Research Instructor of Computer Scienr-. Reviewed by: Released by: WILLIAM M. TOLLES Department puter Science Dean of Research 4c t SECURITY...Lyle A. Cox, Roger R. Schell, and Sonja L. Perdue 9. PERFORMING ORGANIZATION NAME ANO ADDRESS 10. PROGRAM ELEMENT. PROJECT. TASK AREA A WORK UNIT... Computer Networks, Operating Systems, Computer Security 20. AftUrCT (Cnthm, w v re eae old* It n..*p and idm 0 F W blk ..m.m.o’) ",A_;he security
-
Code of Federal Regulations, 2011 CFR
2011-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF... MANAGEMENT SYSTEM Labor-Management Relations § 9701.504 Definitions. In this subpart: Authority means the... representative of employees in an appropriate unit in the Department to meet at reasonable times and to consult...
-
Code of Federal Regulations, 2013 CFR
2013-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF... MANAGEMENT SYSTEM Labor-Management Relations § 9701.504 Definitions. In this subpart: Authority means the... representative of employees in an appropriate unit in the Department to meet at reasonable times and to consult...
-
Code of Federal Regulations, 2012 CFR
2012-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF... MANAGEMENT SYSTEM Labor-Management Relations § 9701.504 Definitions. In this subpart: Authority means the... representative of employees in an appropriate unit in the Department to meet at reasonable times and to consult...
-
Code of Federal Regulations, 2014 CFR
2014-01-01
... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF... MANAGEMENT SYSTEM Labor-Management Relations § 9701.504 Definitions. In this subpart: Authority means the... representative of employees in an appropriate unit in the Department to meet at reasonable times and to consult...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM... § 9901.354) in an NSPS position from a GS or FWS position through a management-directed action (except...
-
41 CFR 105-64.105 - When may Social Security Numbers (SSNs) be collected?
Code of Federal Regulations, 2011 CFR
2011-01-01
... 41 Public Contracts and Property Management 3 2011-01-01 2011-01-01 false When may Social Security...-64.105 When may Social Security Numbers (SSNs) be collected? (a) Statutory or regulatory authority must exist for collecting Social Security Numbers for record systems that use the SSNs as a method of...
-
41 CFR 105-64.105 - When may Social Security Numbers (SSNs) be collected?
Code of Federal Regulations, 2013 CFR
2013-07-01
... 41 Public Contracts and Property Management 3 2013-07-01 2013-07-01 false When may Social Security...-64.105 When may Social Security Numbers (SSNs) be collected? (a) Statutory or regulatory authority must exist for collecting Social Security Numbers for record systems that use the SSNs as a method of...
-
41 CFR 105-64.105 - When may Social Security Numbers (SSNs) be collected?
Code of Federal Regulations, 2014 CFR
2014-01-01
... 41 Public Contracts and Property Management 3 2014-01-01 2014-01-01 false When may Social Security...-64.105 When may Social Security Numbers (SSNs) be collected? (a) Statutory or regulatory authority must exist for collecting Social Security Numbers for record systems that use the SSNs as a method of...
-
41 CFR 105-64.105 - When may Social Security Numbers (SSNs) be collected?
Code of Federal Regulations, 2012 CFR
2012-01-01
... 41 Public Contracts and Property Management 3 2012-01-01 2012-01-01 false When may Social Security...-64.105 When may Social Security Numbers (SSNs) be collected? (a) Statutory or regulatory authority must exist for collecting Social Security Numbers for record systems that use the SSNs as a method of...
-
41 CFR 105-64.105 - When may Social Security Numbers (SSNs) be collected?
Code of Federal Regulations, 2010 CFR
2010-07-01
... 41 Public Contracts and Property Management 3 2010-07-01 2010-07-01 false When may Social Security...-64.105 When may Social Security Numbers (SSNs) be collected? (a) Statutory or regulatory authority must exist for collecting Social Security Numbers for record systems that use the SSNs as a method of...
-
Close the Gate, Lock the Windows, Bolt the Doors: Securing Library Computers. Online Treasures
ERIC Educational Resources Information Center
Balas, Janet
2005-01-01
This article, written by a systems librarian at the Monroeville Public Library, discusses a major issue affecting all computer users, security. It indicates that while, staying up-to-date on the latest security issues has become essential for all computer users, it's more critical for network managers who are responsible for securing computer…
-
41 CFR 102-192.5 - What does this part cover?
Code of Federal Regulations, 2011 CFR
2011-01-01
... Regulations System (Continued) FEDERAL MANAGEMENT REGULATION ADMINISTRATIVE PROGRAMS 192-MAIL MANAGEMENT... for the effective, economical, and secure management of incoming, internal, and outgoing mail in...
-
41 CFR 102-192.5 - What does this part cover?
Code of Federal Regulations, 2014 CFR
2014-01-01
... Regulations System (Continued) FEDERAL MANAGEMENT REGULATION ADMINISTRATIVE PROGRAMS 192-MAIL MANAGEMENT... for the effective, economical, and secure management of incoming, internal, and outgoing mail in...
-
41 CFR 102-192.5 - What does this part cover?
Code of Federal Regulations, 2012 CFR
2012-01-01
... Regulations System (Continued) FEDERAL MANAGEMENT REGULATION ADMINISTRATIVE PROGRAMS 192-MAIL MANAGEMENT... for the effective, economical, and secure management of incoming, internal, and outgoing mail in...
-
41 CFR 102-192.5 - What does this part cover?
Code of Federal Regulations, 2013 CFR
2013-07-01
... Regulations System (Continued) FEDERAL MANAGEMENT REGULATION ADMINISTRATIVE PROGRAMS 192-MAIL MANAGEMENT... for the effective, economical, and secure management of incoming, internal, and outgoing mail in...
-
Security Encryption Scheme for Communication of Web Based Control Systems
NASA Astrophysics Data System (ADS)
Robles, Rosslin John; Kim, Tai-Hoon
A control system is a device or set of devices to manage, command, direct or regulate the behavior of other devices or systems. The trend in most systems is that they are connected through the Internet. Traditional Supervisory Control and Data Acquisition Systems (SCADA) is connected only in a limited private network Since the internet Supervisory Control and Data Acquisition Systems (SCADA) facility has brought a lot of advantages in terms of control, data viewing and generation. Along with these advantages, are security issues regarding web SCADA, operators are pushed to connect Control Systems through the internet. Because of this, many issues regarding security surfaced. In this paper, we discuss web SCADA and the issues regarding security. As a countermeasure, a web SCADA security solution using crossed-crypto-scheme is proposed to be used in the communication of SCADA components.
-
44 CFR 6.70 - Reporting requirement.
Code of Federal Regulations, 2010 CFR
2010-10-01
... HOMELAND SECURITY GENERAL IMPLEMENTATION OF THE PRIVACY ACT OF 1974 Report on New Systems and Alterations... establishment of a new system of records, the prospective system manager shall notify the Privacy Appeals Officer of the proposed new system. The prospective system manager shall include with the notification a...
-
The Design of Data Disaster Recovery of National Fundamental Geographic Information System
NASA Astrophysics Data System (ADS)
Zhai, Y.; Chen, J.; Liu, L.; Liu, J.
2014-04-01
With the development of information technology, data security of information system is facing more and more challenges. The geographic information of surveying and mapping is fundamental and strategic resource, which is applied in all areas of national economic, defence and social development. It is especially vital to national and social interests when such classified geographic information is directly concerning Chinese sovereignty. Several urgent problems that needs to be resolved for surveying and mapping are how to do well in mass data storage and backup, establishing and improving the disaster backup system especially after sudden natural calamity accident, and ensuring all sectors rapidly restored on information system will operate correctly. For overcoming various disaster risks, protect the security of data and reduce the impact of the disaster, it's no doubt the effective way is to analysis and research on the features of storage and management and security requirements, as well as to ensure that the design of data disaster recovery system suitable for the surveying and mapping. This article analyses the features of fundamental geographic information data and the requirements of storage management, three site disaster recovery system of DBMS plan based on the popular network, storage and backup, data replication and remote switch of application technologies. In LAN that synchronous replication between database management servers and the local storage of backup management systems, simultaneously, remote asynchronous data replication between local storage backup management systems and remote database management servers. The core of the system is resolving local disaster in the remote site, ensuring data security and business continuity of local site. This article focuses on the following points: background, the necessity of disaster recovery system, the analysis of the data achievements and data disaster recovery plan. Features of this program is to use a hardware-based data hot backup, and remote online disaster recovery support for Oracle database system. The achievement of this paper is in summarizing and analysing the common characteristics of disaster of surveying and mapping business system requirements, while based on the actual situation of the industry, designed the basic GIS disaster recovery solutions, and we also give the conclusions about key technologies of RTO and RPO.
-
The Graduate MIS Security Course: Objectives and Challenges
ERIC Educational Resources Information Center
Jensen, Bradley K.; Guynes, Carl S.; Nyaboga, Andrew
2009-01-01
Given the magnitude of real and potential losses, both private and public employers increasingly expect graduates of management information systems (MIS) programs to understand information security concepts. The infrastructure requirements for the course includes setting up a secure laboratory environment to accommodate the development of viruses…
-
Situated Usability Testing for Security Systems
DOE Office of Scientific and Technical Information (OSTI.GOV)
Greitzer, Frank L.
2011-03-02
While usability testing is well established, assessing the usability of security software, tools, or methods deserves more careful consideration. It has been argued that dealing with security has become too difficult for individuals or organizations to manage effectively or to use conveniently. As difficult as it is for system administrators and developers to deal with, security is even more challenging for casual users. Indeed, it is much too easy for casual/home users to configure the security of their systems in non-optimal ways that leave their systems inadvertently insecure. This is exacerbated by the fact that casual users are focused onmore » matters other than security, and likely would prefer not even to think about security. This brief report argues that when security and/or privacy are part of the equation, traditional methods for usability testing should be re-considered. The purpose of this brief report is to argue for and outline a method associated with a new approach to usability testing for examining usable security issues.« less
-
The Coast Guard Proceedings of the Marine Safety and Security Council: Spring 2016
2016-04-01
PROCEEDINGS Spring 2016 Vol. 73, Number 1 Safety Management System Objectives 6 Safety Management Facilitates Safe Vessel Operation Vessel systems...crew, and operations. by LCDR Aaron W. Demo 9 Safety Management Systems to Prevent Pollution from Ships Standard procedures protect the environment...by LCDR Michael Lendvay 11 Dead Reckoning by Safety Management ? Check your course. by LCDR Corydon F. Heard IV Safety Management Systems and the Outer
-
76 FR 21373 - Privacy Act of 1974; Report of a New System of Records
Federal Register 2010, 2011, 2012, 2013, 2014
2011-04-15
... Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance... 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986... established by State law; (3) support litigation involving the Agency; (4) combat fraud, waste, and abuse in...
-
Design and implementation of a unified certification management system based on seismic business
NASA Astrophysics Data System (ADS)
Tang, Hongliang
2018-04-01
Many business software for seismic systems are based on web pages, users can simply open a browser and enter their IP address. However, how to achieve unified management and security management of many IP addresses, this paper introduces the design concept based on seismic business and builds a unified authentication management system using ASP technology.
-
Final Technical Report. Project Boeing SGS
DOE Office of Scientific and Technical Information (OSTI.GOV)
Bell, Thomas E.
Boeing and its partner, PJM Interconnection, teamed to bring advanced “defense-grade” technologies for cyber security to the US regional power grid through demonstration in PJM’s energy management environment. Under this cooperative project with the Department of Energy, Boeing and PJM have developed and demonstrated a host of technologies specifically tailored to the needs of PJM and the electric sector as a whole. The team has demonstrated to the energy industry a combination of processes, techniques and technologies that have been successfully implemented in the commercial, defense, and intelligence communities to identify, mitigate and continuously monitor the cyber security of criticalmore » systems. Guided by the results of a Cyber Security Risk-Based Assessment completed in Phase I, the Boeing-PJM team has completed multiple iterations through the Phase II Development and Phase III Deployment phases. Multiple cyber security solutions have been completed across a variety of controls including: Application Security, Enhanced Malware Detection, Security Incident and Event Management (SIEM) Optimization, Continuous Vulnerability Monitoring, SCADA Monitoring/Intrusion Detection, Operational Resiliency, Cyber Range simulations and hands on cyber security personnel training. All of the developed and demonstrated solutions are suitable for replication across the electric sector and/or the energy sector as a whole. Benefits identified include; Improved malware and intrusion detection capability on critical SCADA networks including behavioral-based alerts resulting in improved zero-day threat protection; Improved Security Incident and Event Management system resulting in better threat visibility, thus increasing the likelihood of detecting a serious event; Improved malware detection and zero-day threat response capability; Improved ability to systematically evaluate and secure in house and vendor sourced software applications; Improved ability to continuously monitor and maintain secure configuration of network devices resulting in reduced vulnerabilities for potential exploitation; Improved overall cyber security situational awareness through the integration of multiple discrete security technologies into a single cyber security reporting console; Improved ability to maintain the resiliency of critical systems in the face of a targeted cyber attack of other significant event; Improved ability to model complex networks for penetration testing and advanced training of cyber security personnel« less
-
Security architecture for HL/7 message interchange.
Chen, T S; Liao, B S; Lin, M G; Gough, T G
2001-01-01
The promotion of quality medical treatment is very important to the healthcare providers as well as to patients. It requires that the medical resources of different hospitals be combined to ensure that medical information is shared and that resources are not wasted. A computer-based patient record is one of the best methods to accomplish the interchange of the patient's clinical data. In our system, the Health Level/Seven (HL/7) format is used for the interchange of the clinical data, as it has been supported by many healthcare providers and become a â standard'. The security of the interchange of clinical data is a serious issue for people using the Internet for data communication. Several international well-developed security algorithms, models and secure policies are adopted in the design of a security handler for an HL/7 architecture. The goal of our system is to combine our security system with the end-to-end communication systems constructed from the HL/7 format to establish a safe delivery channel. A suitable security interchange environment is implemented to address some shortcomings in clinical data interchange. located at the application layer of the ISO/OSI reference model. The medical message components, sub-components, and related types of message event are the primary goals of the HL/7 protocols. The patient management system, the doctor's system for recording his advice, examination and diagnosis as well as any financial management system are all covered by the HL/7 protocols. Healthcare providers and hospitals in Taiwan are very interested in developing the HL/7 protocols as a common standard for clinical data interchange.
-
Systems and Methods for Secure Transaction Management and Electronic Rights Protection
2002-07-30
4305131 Dec., 1981 Best. 4306289 Dec., 1981 Lumley. 4309569 Jan., 1982 Merkle . 4319079 Mar., 1982 Best. 4323921 Apr., 1982 Guillou. 4328544 May...Operating System Security, (USC/Information Science Institute, Marina Del Rey, CA), Oct. 1973, pp. 666-675. Rolf Blom, Robert Forchheimer, et al
-
75 FR 43500 - Privacy Act of 1974; System of Records
Federal Register 2010, 2011, 2012, 2013, 2014
2010-07-26
... effective on August 25, 2010, unless comments are received that would result in a contrary determination... name, rank, Social Security Number (SSN), designator, address and signature. The system manager may... Integrity Drive, Millington, TN 38055-0000. Requests should contain full name, rank, Social Security Number...
-
77 FR 1942 - Homeland Security Science and Technology Advisory Committee (HSSTAC)
Federal Register 2010, 2011, 2012, 2013, 2014
2012-01-12
... developments in systems engineering, cyber- security, knowledge management and how best to leverage related... contribution to a diverse range of science and technology topic areas (including chemical, biological, and... technology capabilities and needs, and the latest thinking in systems engineering), and their depth of...
-
44 CFR 6.6 - Safeguarding systems of records.
Code of Federal Regulations, 2010 CFR
2010-10-01
... 44 Emergency Management and Assistance 1 2010-10-01 2010-10-01 false Safeguarding systems of... systems of records. (a) Systems managers shall ensure that appropriate administrative, technical, and... against any anticipated threats or hazards to their security or integrity which could result in...
-
Using RFID to Enhance Security in Off-Site Data Storage
Lopez-Carmona, Miguel A.; Marsa-Maestre, Ivan; de la Hoz, Enrique; Velasco, Juan R.
2010-01-01
Off-site data storage is one of the most widely used strategies in enterprises of all sizes to improve business continuity. In medium-to-large size enterprises, the off-site data storage processes are usually outsourced to specialized providers. However, outsourcing the storage of critical business information assets raises serious security considerations, some of which are usually either disregarded or incorrectly addressed by service providers. This article reviews these security considerations and presents a radio frequency identification (RFID)-based, off-site, data storage management system specifically designed to address security issues. The system relies on a set of security mechanisms or controls that are arranged in security layers or tiers to balance security requirements with usability and costs. The system has been successfully implemented, deployed and put into production. In addition, an experimental comparison with classical bar-code-based systems is provided, demonstrating the system’s benefits in terms of efficiency and failure prevention. PMID:22163638
-
5 CFR 9901.223 - Appeal to DoD for review of classification decisions.
Code of Federal Regulations, 2011 CFR
2011-01-01
... RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM (NSPS) Classification Classification Process § 9901... an appeal. A management official may disallow an employee's representative when— (1) An individual's...
-
Access control based on attribute certificates for medical intranet applications.
Mavridis, I; Georgiadis, C; Pangalos, G; Khair, M
2001-01-01
Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy.
-
DOE Office of Scientific and Technical Information (OSTI.GOV)
Bartoletti, T.
SPI/U3.1 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Inspector Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less
-
DOE Office of Scientific and Technical Information (OSTI.GOV)
Bartoletti, Tony
SPI/U3.2 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Authentication Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less
-
Biometrics and international migration.
Redpath, Jillyanne
2007-01-01
This paper will focus on the impact of the rapid expansion in the use of biometric systems in migration management on the rights of individuals; it seeks to highlight legal issues for consideration in implementing such systems, taking as the starting point that the security interests of the state and the rights of the individual are not, and should not be, mutually exclusive. The first part of this paper briefly describes the type of biometric applications available, how biometric systems function, and those used in migration management. The second part examines the potential offered by biometrics for greater security in migration management, and focuses on developments in the use of biometrics as a result of September 11. The third part discusses the impact of the use of biometrics in the management of migration on the individual's right to privacy and ability to move freely and lawfully. The paper highlights the increasing need for domestic and international frameworks to govern the use of biometric applications in the migration/security context, and proposes a number of issues that such frameworks could address.
-
5 CFR 9901.221 - Classification requirements.
Code of Federal Regulations, 2011 CFR
2011-01-01
... Section 9901.221 Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM (NSPS) Classification Classification Process § 9901.221 Classification...
-
1983-03-01
have both a Federal and a State mission. The State mission is to provide protection of life and property and to preserve peace and public safety. The...logistics system is basically the same and will be integrated into the active system in wartime. Financial man- agement support consists of financial...the entire system is security. ErS is on contract to furnish basic security as well as a higher type of security known as the enhanced version
-
Caranguian, Luther Paul R; Pancho-Festin, Susan; Sison, Luis G
2012-01-01
In this study, we focused on the interoperability and authentication of medical devices in the context of telemedical systems. A recent standard called the ISO/IEEE 11073 Personal Health Device (X73-PHD) Standards addresses the device interoperability problem by defining common protocols for agent (medical device) and manager (appliance) interface. The X73-PHD standard however has not addressed security and authentication of medical devices which is important in establishing integrity of a telemedical system. We have designed and implemented a security policy within the X73-PHD standards. The policy will enable device authentication using Asymmetric-Key Cryptography and the RSA algorithm as the digital signature scheme. We used two approaches for performing the digital signatures: direct software implementation and use of embedded security modules (ESM). The two approaches were evaluated and compared in terms of execution time and memory requirement. For the standard 2048-bit RSA, ESM calculates digital signatures only 12% of the total time for the direct implementation. Moreover, analysis shows that ESM offers more security advantage such as secure storage of keys compared to using direct implementation. Interoperability with other systems was verified by testing the system with LNI Healthlink, a manager software that implements the X73-PHD standard. Lastly, security analysis was done and the system's response to common attacks on authentication systems was analyzed and several measures were implemented to protect the system against them.
-
40 CFR 280.210 - Participation in management.
Code of Federal Regulations, 2011 CFR
2011-07-01
... or facility or property on which the UST or UST system is located, liquidate, wind up operations, and... the security interest includes all debt and costs incurred by the security interest holder, and is... value of the security interest also includes all reasonable and necessary costs, fees, or other charges...
-
Development of a Secure Mobile GPS Tracking and Management System
ERIC Educational Resources Information Center
Liu, Anyi
2012-01-01
With increasing demand of mobile devices and cloud computing, it becomes increasingly important to develop efficient mobile application and its secured backend, such as web applications and virtualization environment. This dissertation reports a systematic study of mobile application development and the security issues of its related backend. …
-
Managing Campus Security: Issues for Police Officers at Public Institutions.
ERIC Educational Resources Information Center
Dwyer, William O.; And Others
1994-01-01
To maximize the effectiveness of their campus security systems while minimizing the institution's exposure to liability, campus administrators must understand the legal context in which their police or security personnel are operating as agents of authority. Some of these policy and behavior issues are explained. (MSE)
-
A Rich Client-Server Based Framework for Convenient Security and Management of Mobile Applications
NASA Astrophysics Data System (ADS)
Badan, Stephen; Probst, Julien; Jaton, Markus; Vionnet, Damien; Wagen, Jean-Frédéric; Litzistorf, Gérald
Contact lists, Emails, SMS or custom applications on a professional smartphone could hold very confidential or sensitive information. What could happen in case of theft or accidental loss of such devices? Such events could be detected by the separation between the smartphone and a Bluetooth companion device. This event should typically block the applications and delete personal and sensitive data. Here, a solution is proposed based on a secured framework application running on the mobile phone as a rich client connected to a security server. The framework offers strong and customizable authentication and secured connectivity. A security server manages all security issues. User applications are then loaded via the framework. User data can be secured, synchronized, pushed or pulled via the framework. This contribution proposes a convenient although secured environment based on a client-server architecture using external authentications. Several features of the proposed system are exposed and a practical demonstrator is described.
-
2011 Defense Industrial Base Critical Infrastructure Protection Conference (DIBCIP)
2011-08-25
Office of the Program Manager, Information Sharing Environment u Mr. Vince Jarvie , Vice President, Corporate Security, L-3 Communications...National Defense University IRM College and in 2008 he obtained the Certified Information System Security Professional certificate. MR. VINCE JARVIE ...Vice President, Corporate Security, L-3 Communciations Corporation Mr. Vincent (Vince) Jarvie is the Vice President, Corporate Security for L-3
-
An analysis of Indonesia’s information security index: a case study in a public university
NASA Astrophysics Data System (ADS)
Yustanti, W.; Qoiriah, A.; Bisma, R.; Prihanto, A.
2018-01-01
Ministry of Communication and Informatics of the Republic of Indonesia has issued the regulation number 4-2016 about Information Security Management System (ISMS) for all kind organizations. Public university as a government institution must apply this standard to assure its level of information security has complied ISO 27001:2013. This research is a preliminary study to evaluate the readiness of university IT services (case study in a public university) meets the requirement of ISO 27001:2013 using the Indonesia’s Information Security Index (IISI). There are six parameters used to measure the level of information security, these are the ICT role, governance, risk management, framework, asset management and technology. Each parameter consists of serial questions which must be answered and convert to a numeric value. The result shows the level of readiness and maturity to apply ISO 27001 standard.
-
DOE Office of Scientific and Technical Information (OSTI.GOV)
PALMER, M.E.
1999-09-21
Test Plan HNF-4351 defines testing requirements for installation of a new server in the WRAP Facility. This document shows the results of the test reports on the DMS-Y2K and DMS-F81 (Security) systems.
-
5 CFR 9701.231 - Conversion of positions and employees to the DHS classification system.
Code of Federal Regulations, 2011 CFR
2011-01-01
... the DHS classification system. 9701.231 Section 9701.231 Administrative Personnel DEPARTMENT OF... MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification Transitional Provisions § 9701.231 Conversion of positions and employees to the DHS classification system. (a) This...
-
Symmetric Key Services Markup Language (SKSML)
NASA Astrophysics Data System (ADS)
Noor, Arshad
Symmetric Key Services Markup Language (SKSML) is the eXtensible Markup Language (XML) being standardized by the OASIS Enterprise Key Management Infrastructure Technical Committee for requesting and receiving symmetric encryption cryptographic keys within a Symmetric Key Management System (SKMS). This protocol is designed to be used between clients and servers within an Enterprise Key Management Infrastructure (EKMI) to secure data, independent of the application and platform. Building on many security standards such as XML Signature, XML Encryption, Web Services Security and PKI, SKSML provides standards-based capability to allow any application to use symmetric encryption keys, while maintaining centralized control. This article describes the SKSML protocol and its capabilities.
-
Lu, Xiaoqi; Wang, Lei; Zhao, Jianfeng
2012-02-01
With the development of medical information, Picture Archiving and Communications System (PACS), Hospital Information System/Radiology Information System(HIS/RIS) and other medical information management system become popular and developed, and interoperability between these systems becomes more frequent. So, these enclosed systems will be open and regionalized by means of network, and this is inevitable. If the trend becomes true, the security of information transmission may be the first problem to be solved. Based on the need for network security, we investigated the Digital Imaging and Communications in Medicine (DICOM) Standard and Transport Layer Security (TLS) Protocol, and implemented the TLS transmission of the DICOM medical information with OpenSSL toolkit and DCMTK toolkit.
-
Globus Identity, Access, and Data Management: Platform Services for Collaborative Science
NASA Astrophysics Data System (ADS)
Ananthakrishnan, R.; Foster, I.; Wagner, R.
2016-12-01
Globus is software-as-a-service for research data management, developed at, and operated by, the University of Chicago. Globus, accessible at www.globus.org, provides high speed, secure file transfer; file sharing directly from existing storage systems; and data publication to institutional repositories. 40,000 registered users have used Globus to transfer tens of billions of files totaling hundreds of petabytes between more than 10,000 storage systems within campuses and national laboratories in the US and internationally. Web, command line, and REST interfaces support both interactive use and integration into applications and infrastructures. An important component of the Globus system is its foundational identity and access management (IAM) platform service, Globus Auth. Both Globus research data management and other applications use Globus Auth for brokering authentication and authorization interactions between end-users, identity providers, resource servers (services), and a range of clients, including web, mobile, and desktop applications, and other services. Compliant with important standards such as OAuth, OpenID, and SAML, Globus Auth provides mechanisms required for an extensible, integrated ecosystem of services and clients for the research and education community. It underpins projects such as the US National Science Foundation's XSEDE system, NCAR's Research Data Archive, and the DOE Systems Biology Knowledge Base. Current work is extending Globus services to be compliant with FEDRAMP standards for security assessment, authorization, and monitoring for cloud services. We will present Globus IAM solutions and give examples of Globus use in various projects for federated access to resources. We will also describe how Globus Auth and Globus research data management capabilities enable rapid development and low-cost operations of secure data sharing platforms that leverage Globus services and integrate them with local policy and security.
-
Efforts to secure universal access to HIV/AIDS treatment: a comparison of BRICS countries.
Sun, Jing; Boing, Alexandra Crispim; Silveira, Marysabel P T; Bertoldi, Andréa D; Ziganshina, Liliya E; Khaziakhmetova, Veronica N; Khamidulina, Rashida M; Chokshi, Maulik R; McGee, Shelley; Suleman, Fatima
2014-02-01
This article illustrates how the BRICS countries have been building their focused leadership, making important high level commitment and national policy changes, and improving their health systems, in addressing the HIV/AIDS epidemics in respective settings. Specific aspects are focused on efforts of creating public provisions to secure universal access to ARVs from the aspects of active responsive system and national program, health system strengthening, fostering local production of ARVs, supply chain management, and information system strengthening. Challenges in each BRICS country are analyzed respectively. The most important contributors to the success of response to HIV/AIDS include: creating legal basis for healthcare as a fundamental human right; political commitment to necessary funding for universal access and concrete actions to secure equal quality care; comprehensive system to secure demands that all people in need are capable of accessing prevention, treatment and care; active community involvement; decentralization of the management system considering the local settings; integration of treatment and prevention; taking horizontal approach to strengthen health systems; fully use of the TRIPS flexibility; and regular monitoring and evaluation to serve evidence based decision making. © 2013 Chinese Cochrane Center, West China Hospital of Sichuan University and Wiley Publishing Asia Pty Ltd.
-
NASA Astrophysics Data System (ADS)
Perry, William G.
2006-04-01
One goal of database mining is to draw unique and valid perspectives from multiple data sources. Insights that are fashioned from closely-held data stores are likely to possess a high degree of reliability. The degree of information assurance comes into question, however, when external databases are accessed, combined and analyzed to form new perspectives. ISO/IEC 17799, Information technology-Security techniques-Code of practice for information security management, can be used to establish a higher level of information assurance among disparate entities using data mining in the defense, homeland security, commercial and other civilian/commercial domains. Organizations that meet ISO/IEC information security standards have identified and assessed risks, threats and vulnerabilities and have taken significant proactive steps to meet their unique security requirements. The ISO standards address twelve domains: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management and business continuity management and compliance. Analysts can be relatively confident that if organizations are ISO 17799 compliant, a high degree of information assurance is likely to be a characteristic of the data sets being used. The reverse may be true. Extracting, fusing and drawing conclusions based upon databases with a low degree of information assurance may be wrought with all of the hazards that come from knowingly using bad data to make decisions. Using ISO/IEC 17799 as a baseline for information assurance can help mitigate these risks.
-
Communication Security for Control Systems in Smart Grid
NASA Astrophysics Data System (ADS)
Robles, Rosslin John; Kim, Tai-Hoon
As an example of Control System, Supervisory Control and Data Acquisition systems can be relatively simple, such as one that monitors environmental conditions of a small office building, or incredibly complex, such as a system that monitors all the activity in a nuclear power plant or the activity of a municipal water system. SCADA systems are basically Process Control Systems, designed to automate systems such as traffic control, power grid management, waste processing etc. Connecting SCADA to the Internet can provide a lot of advantages in terms of control, data viewing and generation. SCADA infrastructures like electricity can also be a part of a Smart Grid. Connecting SCADA to a public network can bring a lot of security issues. To answer the security issues, a SCADA communication security solution is proposed.
-
ReTrust: attack-resistant and lightweight trust management for medical sensor networks.
He, Daojing; Chen, Chun; Chan, Sammy; Bu, Jiajun; Vasilakos, Athanasios V
2012-07-01
Wireless medical sensor networks (MSNs) enable ubiquitous health monitoring of users during their everyday lives, at health sites, without restricting their freedom. Establishing trust among distributed network entities has been recognized as a powerful tool to improve the security and performance of distributed networks such as mobile ad hoc networks and sensor networks. However, most existing trust systems are not well suited for MSNs due to the unique operational and security requirements of MSNs. Moreover, similar to most security schemes, trust management methods themselves can be vulnerable to attacks. Unfortunately, this issue is often ignored in existing trust systems. In this paper, we identify the security and performance challenges facing a sensor network for wireless medical monitoring and suggest it should follow a two-tier architecture. Based on such an architecture, we develop an attack-resistant and lightweight trust management scheme named ReTrust. This paper also reports the experimental results of the Collection Tree Protocol using our proposed system in a network of TelosB motes, which show that ReTrust not only can efficiently detect malicious/faulty behaviors, but can also significantly improve the network performance in practice.
-
Developing a Security Metrics Scorecard for Healthcare Organizations.
Elrefaey, Heba; Borycki, Elizabeth; Kushniruk, Andrea
2015-01-01
In healthcare, information security is a key aspect of protecting a patient's privacy and ensuring systems availability to support patient care. Security managers need to measure the performance of security systems and this can be achieved by using evidence-based metrics. In this paper, we describe the development of an evidence-based security metrics scorecard specific to healthcare organizations. Study participants were asked to comment on the usability and usefulness of a prototype of a security metrics scorecard that was developed based on current research in the area of general security metrics. Study findings revealed that scorecards need to be customized for the healthcare setting in order for the security information to be useful and usable in healthcare organizations. The study findings resulted in the development of a security metrics scorecard that matches the healthcare security experts' information requirements.
-
Hughes, Richard John; Thrasher, James Thomas; Nordholt, Jane Elizabeth
2016-11-29
Innovations for quantum key management harness quantum communications to form a cryptography system within a public key infrastructure framework. In example implementations, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a Merkle signature scheme (using Winternitz one-time digital signatures or other one-time digital signatures, and Merkle hash trees) to constitute a cryptography system. More generally, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a hash-based signature scheme. This provides a secure way to identify, authenticate, verify, and exchange secret cryptographic keys. Features of the quantum key management innovations further include secure enrollment of users with a registration authority, as well as credential checking and revocation with a certificate authority, where the registration authority and/or certificate authority can be part of the same system as a trusted authority for quantum key distribution.
-
Applications for radio-frequency identification technology in the perioperative setting.
Zhao, Tiyu; Zhang, Xiaoxiang; Zeng, Lili; Xia, Shuyan; Hinton, Antentor Othrell; Li, Xiuyun
2014-06-01
We implemented a two-year project to develop a security-gated management system for the perioperative setting using radio-frequency identification (RFID) technology to enhance the management efficiency of the OR. We installed RFID readers beside the entrances to the OR and changing areas to receive and process signals from the RFID tags that we sewed into surgical scrub attire and shoes. The system also required integrating automatic access control panels, computerized lockers, light-emitting diode (LED) information screens, wireless networks, and an information system. By doing this, we are able to control the flow of personnel and materials more effectively, reduce OR costs, optimize the registration and attire-changing process for personnel, and improve management efficiency. We also anticipate this system will improve patient safety by reducing the risk of surgical site infection. Application of security-gated management systems is an important and effective way to help ensure a clean, convenient, and safe management process to manage costs in the perioperative area and promote patient safety. Copyright © 2014 AORN, Inc. Published by Elsevier Inc. All rights reserved.
-
Code of Federal Regulations, 2014 CFR
2014-01-01
... performance, recognizing and rewarding employees, and other associated duties. (c) DHS must document in... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF... MANAGEMENT SYSTEM Classification Classification Structure § 9701.212 Bands. (a) For purposes of identifying...
-
Code of Federal Regulations, 2011 CFR
2011-01-01
... performance, recognizing and rewarding employees, and other associated duties. (c) DHS must document in... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF... MANAGEMENT SYSTEM Classification Classification Structure § 9701.212 Bands. (a) For purposes of identifying...
-
Code of Federal Regulations, 2012 CFR
2012-01-01
... performance, recognizing and rewarding employees, and other associated duties. (c) DHS must document in... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF... MANAGEMENT SYSTEM Classification Classification Structure § 9701.212 Bands. (a) For purposes of identifying...
-
5 CFR 9901.104 - Scope of authority.
Code of Federal Regulations, 2010 CFR
2010-01-01
....104 Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY... with performance appraisal systems; (b) Chapter 51, dealing with General Schedule job classification...
-
Code of Federal Regulations, 2010 CFR
2010-01-01
... Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM (NSPS) Staffing and Employment General § 9901.504 Definitions. In this subpart— Career conditional...
-
Multi-agent integrated password management (MIPM) application secured with encryption
NASA Astrophysics Data System (ADS)
Awang, Norkhushaini; Zukri, Nurul Hidayah Ahmad; Rashid, Nor Aimuni Md; Zulkifli, Zuhri Arafah; Nazri, Nor Afifah Mohd
2017-10-01
Users use weak passwords and reuse them on different websites and applications. Password managers are a solution to store login information for websites and help users log in automatically. This project developed a system that acts as an agent managing passwords. Multi-Agent Integrated Password Management (MIPM) is an application using encryption that provides users with secure storage of their login account information such as their username, emails and passwords. This project was developed on an Android platform with an encryption agent using Java Agent Development Environment (JADE). The purpose of the embedded agents is to act as a third-party software to ease the encryption process, and in the future, the developed encryption agents can form part of the security system. This application can be used by the computer and mobile users. Currently, users log into many applications causing them to use unique passwords to prevent password leaking. The crypto agent handles the encryption process using an Advanced Encryption Standard (AES) 128-bit encryption algorithm. As a whole, MIPM is developed on the Android application to provide a secure platform to store passwords and has high potential to be commercialised for public use.
-
33 CFR 96.390 - When will the Coast Guard deny entry into a U.S. port?
Code of Federal Regulations, 2010 CFR
2010-07-01
... HOMELAND SECURITY VESSEL OPERATING REGULATIONS RULES FOR THE SAFE OPERATION OF VESSELS AND SAFETY MANAGEMENT SYSTEMS How Will Safety Management Systems Be Certificated and Enforced? § 96.390 When will the... force majeure, no vessel shall enter any port or terminal of the U.S. without a safety management system...
-
33 CFR 96.390 - When will the Coast Guard deny entry into a U.S. port?
Code of Federal Regulations, 2011 CFR
2011-07-01
... HOMELAND SECURITY VESSEL OPERATING REGULATIONS RULES FOR THE SAFE OPERATION OF VESSELS AND SAFETY MANAGEMENT SYSTEMS How Will Safety Management Systems Be Certificated and Enforced? § 96.390 When will the... force majeure, no vessel shall enter any port or terminal of the U.S. without a safety management system...
-
Code of Federal Regulations, 2012 CFR
2012-10-01
... 46 Shipping 6 2012-10-01 2012-10-01 false Information requirements for the ballast water management system (BWMS) application. 162.060-14 Section 162.060-14 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) EQUIPMENT, CONSTRUCTION, AND MATERIALS: SPECIFICATIONS AND APPROVAL ENGINEERING EQUIPMENT Ballast Water Management Systems §...
-
46 CFR 162.060-16 - Changes to an approved ballast water management system (BWMS).
Code of Federal Regulations, 2012 CFR
2012-10-01
... 46 Shipping 6 2012-10-01 2012-10-01 false Changes to an approved ballast water management system (BWMS). 162.060-16 Section 162.060-16 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) EQUIPMENT, CONSTRUCTION, AND MATERIALS: SPECIFICATIONS AND APPROVAL ENGINEERING EQUIPMENT Ballast Water Management Systems § 162.060-16 Changes to...
-
46 CFR 162.060-30 - Testing requirements for ballast water management system (BWMS) components.
Code of Federal Regulations, 2012 CFR
2012-10-01
... 46 Shipping 6 2012-10-01 2012-10-01 false Testing requirements for ballast water management system (BWMS) components. 162.060-30 Section 162.060-30 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) EQUIPMENT, CONSTRUCTION, AND MATERIALS: SPECIFICATIONS AND APPROVAL ENGINEERING EQUIPMENT Ballast Water Management Systems § 162.060...
-
Patients’ Data Management System Protected by Identity-Based Authentication and Key Exchange
Rivero-García, Alexandra; Santos-González, Iván; Hernández-Goya, Candelaria; Caballero-Gil, Pino; Yung, Moti
2017-01-01
A secure and distributed framework for the management of patients’ information in emergency and hospitalization services is proposed here in order to seek improvements in efficiency and security in this important area. In particular, confidentiality protection, mutual authentication, and automatic identification of patients are provided. The proposed system is based on two types of devices: Near Field Communication (NFC) wristbands assigned to patients, and mobile devices assigned to medical staff. Two other main elements of the system are an intermediate server to manage the involved data, and a second server with a private key generator to define the information required to protect communications. An identity-based authentication and key exchange scheme is essential to provide confidential communication and mutual authentication between the medical staff and the private key generator through an intermediate server. The identification of patients is carried out through a keyed-hash message authentication code. Thanks to the combination of the aforementioned tools, a secure alternative mobile health (mHealth) scheme for managing patients’ data is defined for emergency and hospitalization services. Different parts of the proposed system have been implemented, including mobile application, intermediate server, private key generator and communication channels. Apart from that, several simulations have been performed, and, compared with the current system, significant improvements in efficiency have been observed. PMID:28362328
-
Patients' Data Management System Protected by Identity-Based Authentication and Key Exchange.
Rivero-García, Alexandra; Santos-González, Iván; Hernández-Goya, Candelaria; Caballero-Gil, Pino; Yung, Moti
2017-03-31
A secure and distributed framework for the management of patients' information in emergency and hospitalization services is proposed here in order to seek improvements in efficiency and security in this important area. In particular, confidentiality protection, mutual authentication, and automatic identification of patients are provided. The proposed system is based on two types of devices: Near Field Communication (NFC) wristbands assigned to patients, and mobile devices assigned to medical staff. Two other main elements of the system are an intermediate server to manage the involved data, and a second server with a private key generator to define the information required to protect communications. An identity-based authentication and key exchange scheme is essential to provide confidential communication and mutual authentication between the medical staff and the private key generator through an intermediate server. The identification of patients is carried out through a keyed-hash message authentication code. Thanks to the combination of the aforementioned tools, a secure alternative mobile health (mHealth) scheme for managing patients' data is defined for emergency and hospitalization services. Different parts of the proposed system have been implemented, including mobile application, intermediate server, private key generator and communication channels. Apart from that, several simulations have been performed, and, compared with the current system, significant improvements in efficiency have been observed.
-
2018-04-01
referred to as “defense in depth” and has been the standard model of information security management for at least a decade. Concepts such as mandatory...instrumentation into the system and monitoring this instrumentation with appropriate reports and alerts (e.g., security information event management tools or...Coalition Battle Management Language (C-BML) (NATO 2012) define information (orders, plans, reports, requests, etc.) that can be readily processed by
-
Jahanbakhsh, Maryam; Karimi, Saeed; Hassanzadeh, Akbar; Beigi, Maliheh
2017-01-01
INTRODUCTION: Electronic medical record system (EMRS) is a valuable system for safe access to the patient's data and increases health care quality. Manpower is one of the requirements for EMRS, among which manager is the most important person in any hospital. Taking into account manager's positive attitude and good commitments, EMRS will be implemented successfully. As such, we decided to assess manager's attitude and commitment toward EMRS in Isfahan hospitals in the year of 2014. AIM: This article aimed to determine the hospital managers’ attitude and commitment toward the implementation of EMRS. MATERIALS AND METHODS: The present article is an applied analytic study. Research society consisted of the managers of all the hospitals in Isfahan that include hospitals affiliated to Isfahan University of Medical Sciences, private, and social security hospitals. This study was done in 2014. Data collection tools included a questionnaire for which reliability and validity were determined. Data were analyzed by means of SPSS 20. RESULTS: Average score for the managers’ attitude toward EMRS in the city of Isfahan was 77.5 out of 100 and their average score for commitment was 74.7. Manager's attitude in social security hospitals was more positive than the private and governmental ones (83.3%). In addition, the amount of commitment by the managers in social security hospitals was higher than the same in private and governmental hospitals (86.6%). CONCLUSION: At present, managers’ attitude and commitment in Isfahan hospitals toward EMRS are very high and social security hospitals show more readiness in this respect. PMID:28584837
-
Laboratory Information Management System Chain of Custody: Reliability and Security
Tomlinson, J. J.; Elliott-Smith, W.; Radosta, T.
2006-01-01
A chain of custody (COC) is required in many laboratories that handle forensics, drugs of abuse, environmental, clinical, and DNA testing, as well as other laboratories that want to assure reliability of reported results. Maintaining a dependable COC can be laborious, but with the recent establishment of the criteria for electronic records and signatures by US regulatory agencies, laboratory information management systems (LIMSs) are now being developed to fully automate COCs. The extent of automation and of data reliability can vary, and FDA- and EPA-compliant electronic signatures and system security are rare. PMID:17671623
-
Project management; considerations for success.
Maas, Jos
2013-01-01
During the past two years the author was a project leader for three Information Communication Technology (ICT) security related systems projects for a newly built healthcare facility. These projects were: a CCTV system, an Access Control system and an Identity & Access Management system. During those two years he gained experiences on how to coop with ICT projects related to security and healthcare as well as some pitfalls to be contended with along the way. With this article, he shares his experiences so that colleagues can benefit from them when they are a project leaders for their health facility and need to better decide how or how not to address their project and project issues.
-
Trust and Privacy Solutions Based on Holistic Service Requirements.
Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio
2015-12-24
The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens' information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing.
-
Trust and Privacy Solutions Based on Holistic Service Requirements
Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio
2015-01-01
The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens’ information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing. PMID:26712752
-
41 CFR 102-33.400 - How must we report to FAIRS?
Code of Federal Regulations, 2010 CFR
2010-07-01
... Management Regulations System (Continued) FEDERAL MANAGEMENT REGULATION PERSONAL PROPERTY 33-MANAGEMENT OF... System (fairs) § 102-33.400 How must we report to FAIRS? You must report to FAIRS electronically through a secure Web interface to the FAIRS application on the Internet. For information on becoming a FAIRS...
-
5 CFR 9901.231 - Conversion of positions and employees to NSPS classification system.
Code of Federal Regulations, 2010 CFR
2010-01-01
... HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE NATIONAL SECURITY PERSONNEL SYSTEM (NSPS) Classification Transitional... employee's career group, pay schedule, and band upon conversion. (d) Grade retention prior to conversion...
-
76 FR 17143 - Advisory Committee on Commercial Operations of Customs and Border Protection (COAC)
Federal Register 2010, 2011, 2012, 2013, 2014
2011-03-28
... Data System 5. Enhancing Air Cargo Security 6. National Strategy Global Supply Chain Security and the...: Committee Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The Advisory Committee on...