Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

PubMed

Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

2000-05-01

The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.

Re-designing the PhEDEx Security Model

DOE Office of Scientific and Technical Information (OSTI.GOV)

Huang, C.-H.; Wildish, T.; Zhang, X.

2014-01-01

PhEDEx, the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model provided a safe environment for site agents and operators, but offerred little more protection than that. Data was not sufficiently protected against loss caused by operator error or software bugs or by deliberate manipulation of the database. Operators were given high levels of access to the database, beyond what was actually needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintainingmore » code, which can lead to degredation of security over time. In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and re-implemented. Security was moved from the application layer into the database itself, fine-grained access roles were established, and tools and procedures created to control the evolution of the security model over time. In this paper we describe this work, we describe the deployment of the new security model, and we show how these enhancements improve security on several fronts simultaneously.« less

Re-designing the PhEDEx Security Model

NASA Astrophysics Data System (ADS)

C-H, Huang; Wildish, T.; X, Zhang

2014-06-01

PhEDEx, the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model provided a safe environment for site agents and operators, but offerred little more protection than that. Data was not sufficiently protected against loss caused by operator error or software bugs or by deliberate manipulation of the database. Operators were given high levels of access to the database, beyond what was actually needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time. In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and re-implemented. Security was moved from the application layer into the database itself, fine-grained access roles were established, and tools and procedures created to control the evolution of the security model over time. In this paper we describe this work, we describe the deployment of the new security model, and we show how these enhancements improve security on several fronts simultaneously.

Quality of Protection Evaluation of Security Mechanisms

PubMed Central

Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

2014-01-01

Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol. PMID:25136683

Practices in security and confidentiality of HIV/AIDS patients' information: A national survey among staff at HIV outpatient clinics in Vietnam.

PubMed

Khac Hai, Nguyen; Lawpoolsri, Saranath; Jittamala, Podjanee; Thi Thu Huong, Phan; Kaewkungwal, Jaranit

2017-01-01

Breach of confidentiality or invasion of privacy from the collection and use of medical records, particularly those of patients with HIV/AIDS or other diseases sensitive to stigmatization, should be prevented by all related stakeholders in healthcare settings. The main focus of this study was to assess practices regarding security and confidentiality of HIV-related information among staff at HIV outpatient clinics (HIV-OPCs) in Vietnam. A descriptive cross-sectional study was conducted at all 312 HIV-OPCs across the country using an online survey technique. In general, the staff practices for securing and protecting patient information were at acceptable levels. Most staff had proper measures and practices for maintaining data security; however, the protection of patient confidentiality, particularly for data access, sharing, and transfer still required improvement. Most HIV-OPC staff had good or moderate knowledge and positive perceptions towards security and confidentiality issues. Staff who were not trained in the practice of security measures differed significantly from those who were trained (OR: 3.74; 95%CI: 1.44-9.67); staff needing improved knowledge levels differed significantly from those with good (OR: 5.20; 95%CI: 2.39-11.32) and moderate knowledge levels (OR: 5.10; 95%CI: 2.36-11.00); and staff needing improved perception levels differed significantly from those with good (i.e., with 100% proper practices) and moderate perception levels (OR: 5.67; 95%CI: 2.93-10.95). Staff who were not trained in the protection of data confidentiality differed significantly from those who were trained (OR: 2.18; 95%CI: 1.29-3.65). Training is an important factor to help raise the levels of proper practices regarding confidentiality and security, to improve knowledge and raise awareness about change among staff. The operation and management of HIV treatment and care in Vietnam are currently transitioning from separate healthcare clinics (HIV-OPC) into units integrated into general hospitals/healthcare facilities. The findings of this study highlight topics that could be used for improving management and operation of information system and revising guidelines and regulations on protection measures/strategies for data security and confidentiality of HIV/AIDS patients by Vietnam health authorities or other countries facing similar situations. Secure infrastructure and secure measures for data access and use are very important, worthwhile investments. The provision of continuous training and active enforcement and monitoring of the practices of healthcare personnel might lead to an improved understanding and acknowledegement of the importance of national policies/guidelines regarding HIV-related patient information.

Protecting public surface transportation against terrorism and serious crime : an executive overview

DOT National Transportation Integrated Search

2001-10-01

Because terrorist threats are not easily quantifiable, it is difficult to determine the "right" level of security. Using cost-benefit analysis as the sole criterion to determine the level of security is inadequate. The risk of death to any individual...

Radioactive source security: the cultural challenges.

PubMed

Englefield, Chris

2015-04-01

Radioactive source security is an essential part of radiation protection. Sources can be abandoned, lost or stolen. If they are stolen, they could be used to cause deliberate harm and the risks are varied and significant. There is a need for a global security protection system and enhanced capability to achieve this. The establishment of radioactive source security requires 'cultural exchanges'. These exchanges include collaboration between: radiation protection specialists and security specialists; the nuclear industry and users of radioactive sources; training providers and regulators/users. This collaboration will facilitate knowledge and experience exchange for the various stakeholder groups, beyond those already provided. This will promote best practice in both physical and information security and heighten security awareness generally. Only if all groups involved are prepared to open their minds to listen to and learn from, each other will a suitable global level of control be achieved. © The Author 2014. Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com.

Securely and Flexibly Sharing a Biomedical Data Management System

PubMed Central

Wang, Fusheng; Hussels, Phillip; Liu, Peiya

2011-01-01

Biomedical database systems need not only to address the issues of managing complex data, but also to provide data security and access control to the system. These include not only system level security, but also instance level access control such as access of documents, schemas, or aggregation of information. The latter is becoming more important as multiple users can share a single scientific data management system to conduct their research, while data have to be protected before they are published or IP-protected. This problem is challenging as users’ needs for data security vary dramatically from one application to another, in terms of who to share with, what resources to be shared, and at what access level. We develop a comprehensive data access framework for a biomedical data management system SciPort. SciPort provides fine-grained multi-level space based access control of resources at not only object level (documents and schemas), but also space level (resources set aggregated in a hierarchy way). Furthermore, to simplify the management of users and privileges, customizable role-based user model is developed. The access control is implemented efficiently by integrating access privileges into the backend XML database, thus efficient queries are supported. The secure access approach we take makes it possible for multiple users to share the same biomedical data management system with flexible access management and high data security. PMID:21625285

Use of Computer-Generated Holograms in Security Hologram Applications

NASA Astrophysics Data System (ADS)

Bulanovs, A.; Bakanas, R.

2016-10-01

The article discusses the use of computer-generated holograms (CGHs) for the application as one of the security features in the relief-phase protective holograms. An improved method of calculating CGHs is presented, based on ray-tracing approach in the case of interference of parallel rays. Software is developed for the calculation of multilevel phase CGHs and their integration in the application of security holograms. Topology of calculated computer-generated phase holograms was recorded on the photoresist by the optical greyscale lithography. Parameters of the recorded microstructures were investigated with the help of the atomic-force microscopy (AFM) and scanning electron microscopy (SEM) methods. The results of the research have shown highly protective properties of the security elements based on CGH microstructures. In our opinion, a wide use of CGHs is very promising in the structure of complex security holograms for increasing the level of protection against counterfeit.

Context aware adaptive security service model

NASA Astrophysics Data System (ADS)

Tunia, Marcin A.

2015-09-01

Present systems and devices are usually protected against different threats concerning digital data processing. The protection mechanisms consume resources, which are either highly limited or intensively utilized by many entities. The optimization of these resources usage is advantageous. The resources that are saved performing optimization may be utilized by other mechanisms or may be sufficient for longer time. It is usually assumed that protection has to provide specific quality and attack resistance. By interpreting context situation of business services - users and services themselves, it is possible to adapt security services parameters to countermeasure threats associated with current situation. This approach leads to optimization of used resources and maintains sufficient security level. This paper presents architecture of adaptive security service, which is context-aware and exploits quality of context data issue.

Managing the Process of Protection Level Assessment of the Complex Organization and Technical Industrial Enterprises

NASA Astrophysics Data System (ADS)

Gorlov, A. P.; Averchenkov, V. I.; Rytov, M. Yu; Eryomenko, V. T.

2017-01-01

The article is concerned with mathematical simulation of protection level assessment of complex organizational and technical systems of industrial enterprises by creating automated system, which main functions are: information security (IS) audit, forming of the enterprise threats model, recommendations concerning creation of the information protection system, a set of organizational-administrative documentation.

Practices in security and confidentiality of HIV/AIDS patients’ information: A national survey among staff at HIV outpatient clinics in Vietnam

PubMed Central

Khac Hai, Nguyen; Lawpoolsri, Saranath; Jittamala, Podjanee; Thi Thu Huong, Phan

2017-01-01

Introduction Breach of confidentiality or invasion of privacy from the collection and use of medical records, particularly those of patients with HIV/AIDS or other diseases sensitive to stigmatization, should be prevented by all related stakeholders in healthcare settings. The main focus of this study was to assess practices regarding security and confidentiality of HIV-related information among staff at HIV outpatient clinics (HIV-OPCs) in Vietnam. Methods A descriptive cross-sectional study was conducted at all 312 HIV-OPCs across the country using an online survey technique. Results In general, the staff practices for securing and protecting patient information were at acceptable levels. Most staff had proper measures and practices for maintaining data security; however, the protection of patient confidentiality, particularly for data access, sharing, and transfer still required improvement. Most HIV-OPC staff had good or moderate knowledge and positive perceptions towards security and confidentiality issues. Staff who were not trained in the practice of security measures differed significantly from those who were trained (OR: 3.74; 95%CI: 1.44–9.67); staff needing improved knowledge levels differed significantly from those with good (OR: 5.20; 95%CI: 2.39–11.32) and moderate knowledge levels (OR: 5.10; 95%CI: 2.36–11.00); and staff needing improved perception levels differed significantly from those with good (i.e., with 100% proper practices) and moderate perception levels (OR: 5.67; 95%CI: 2.93–10.95). Staff who were not trained in the protection of data confidentiality differed significantly from those who were trained (OR: 2.18; 95%CI: 1.29–3.65). Conclusions Training is an important factor to help raise the levels of proper practices regarding confidentiality and security, to improve knowledge and raise awareness about change among staff. The operation and management of HIV treatment and care in Vietnam are currently transitioning from separate healthcare clinics (HIV-OPC) into units integrated into general hospitals/healthcare facilities. The findings of this study highlight topics that could be used for improving management and operation of information system and revising guidelines and regulations on protection measures/strategies for data security and confidentiality of HIV/AIDS patients by Vietnam health authorities or other countries facing similar situations. Secure infrastructure and secure measures for data access and use are very important, worthwhile investments. The provision of continuous training and active enforcement and monitoring of the practices of healthcare personnel might lead to an improved understanding and acknowledegement of the importance of national policies/guidelines regarding HIV-related patient information. PMID:29136017

Security culture for nuclear facilities

NASA Astrophysics Data System (ADS)

Gupta, Deeksha; Bajramovic, Edita

2017-01-01

Natural radioactive elements are part of our environment and radioactivity is a natural phenomenon. There are numerous beneficial applications of radioactive elements (radioisotopes) and radiation, starting from power generation to usages in medical, industrial and agriculture applications. But the risk of radiation exposure is always attached to operational workers, the public and the environment. Hence, this risk has to be assessed and controlled. The main goal of safety and security measures is to protect human life, health, and the environment. Currently, nuclear security considerations became essential along with nuclear safety as nuclear facilities are facing rapidly increase in cybersecurity risks. Therefore, prevention and adequate protection of nuclear facilities from cyberattacks is the major task. Historically, nuclear safety is well defined by IAEA guidelines while nuclear security is just gradually being addressed by some new guidance, especially the IAEA Nuclear Security Series (NSS), IEC 62645 and some national regulations. At the overall level, IAEA NSS 7 describes nuclear security as deterrence and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer or other malicious acts involving nuclear, other radioactive substances and their associated facilities. Nuclear security should be included throughout nuclear facilities. Proper implementation of a nuclear security culture leads to staff vigilance and a high level of security posture. Nuclear security also depends on policy makers, regulators, managers, individual employees and members of public. Therefore, proper education and security awareness are essential in keeping nuclear facilities safe and secure.

32 CFR 1292.2 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... or approve necessary security regulations and orders for the protection of property and places under their jurisdiction/administration. Regulations and orders for the protection of property and personnel... protection of property and personnel of primary level field activities (PLFAs) headed by civilians, and...

32 CFR 1292.2 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... or approve necessary security regulations and orders for the protection of property and places under their jurisdiction/administration. Regulations and orders for the protection of property and personnel... protection of property and personnel of primary level field activities (PLFAs) headed by civilians, and...

32 CFR 1292.2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... or approve necessary security regulations and orders for the protection of property and places under their jurisdiction/administration. Regulations and orders for the protection of property and personnel... protection of property and personnel of primary level field activities (PLFAs) headed by civilians, and...

32 CFR 1292.2 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... or approve necessary security regulations and orders for the protection of property and places under their jurisdiction/administration. Regulations and orders for the protection of property and personnel... protection of property and personnel of primary level field activities (PLFAs) headed by civilians, and...

32 CFR 1292.2 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... or approve necessary security regulations and orders for the protection of property and places under their jurisdiction/administration. Regulations and orders for the protection of property and personnel... protection of property and personnel of primary level field activities (PLFAs) headed by civilians, and...

Social Security Number Protection Laws: State-by-State Summary Table

ERIC Educational Resources Information Center

Data Quality Campaign, 2011

2011-01-01

As state policymakers implement statewide longitudinal data systems that collect, store, link and share student-level data, it is critical that they understand applicable privacy and data security standards and laws designed to ensure the privacy, security, and confidentiality of that data. To help state policymakers navigate this complex legal…

Managing the Security of Nursing Data in the Electronic Health Record

PubMed Central

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-01-01

Background: The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. Methods: This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts’ opinions and Cronbach’s alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. Results: The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Conclusions: Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research. PMID:25870490

Managing the security of nursing data in the electronic health record.

PubMed

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-02-01

The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts' opinions and Cronbach's alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research.

Audit of the management and cost of the Department of Energy`s protective forces

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

1994-07-01

The Department of Energy`s safeguards and security program is designed to provide appropriate, efficient, and effective protection of the Department`s nuclear weapons, nuclear materials, facilities, and classified information. These items must be protected against theft, sabotage, espionage, and terrorist activity, with continuing emphasis on protection against the insider threat. The purpose of the audit was to determine if protective forces were efficiently managed and appropriately sized in light of the changing missions and current budget constraints. The authors found that the cost of physical security at some sites had grown beyond those costs incurred when the site was in fullmore » production. This increase was due to a combination of factors, including concerns about the adequacy of physical security, reactions to the increase in terrorism in the early 1980s with the possibility of hostile attacks, and the selection of security system upgrades without adequate consideration of cost effectiveness. Ongoing projects to upgrade security systems were not promptly reassessed when missions changed and levels of protection were not determined in a way which considered the attractiveness of the material being protected. The authors also noted several opportunities for the Department to improve the operational efficiency of its protective force operations, including, eluminating overtime paid to officers prior to completion of the basic 40-hour workweek, paying hourly wages of unarmed guards which are commensurate with their duties, consolidating protective force units, transferring law enforcement duties to local law agencies, eliminating or reducing paid time to exercise, and standardizing supplies and equipment used by protective force members.« less

Proof of cipher text ownership based on convergence encryption

NASA Astrophysics Data System (ADS)

Zhong, Weiwei; Liu, Zhusong

2017-08-01

Cloud storage systems save disk space and bandwidth through deduplication technology, but with the use of this technology has been targeted security attacks: the attacker can get the original file just use hash value to deceive the server to obtain the file ownership. In order to solve the above security problems and the different security requirements of cloud storage system files, an efficient information theory security proof of ownership scheme is proposed. This scheme protects the data through the convergence encryption method, and uses the improved block-level proof of ownership scheme, and can carry out block-level client deduplication to achieve efficient and secure cloud storage deduplication scheme.

[Spatial-temporal pattern and obstacle factors of cultivated land ecological security in major grain producing areas of northeast China: a case study in Jilin Province].

PubMed

Zhao, Hong-Bo; Ma, Yan-Ji

2014-02-01

According to the cultivated land ecological security in major grain production areas of Northeast China, this paper selected 48 counties of Jilin Province as the research object. Based on the PSR-EES conceptual framework model, an evaluation index system of cultivated land ecological security was built. By using the improved TOPSIS, Markov chains, GIS spatial analysis and obstacle degree models, the spatial-temporal pattern of cultivated land ecological security and the obstacle factors were analyzed from 1995 to 2011 in Jilin Province. The results indicated that, the composite index of cultivated land ecological security appeared in a rising trend in Jilin Province from 1995 to 2011, and the cultivated land ecological security level changed from being sensitive to being general. There was a pattern of 'Club Convergence' in cultivated land ecological security level in each county and the spatial discrepancy tended to become larger. The 'Polarization' trend of cultivated land ecological security level was obvious. The distributions of sensitive level and critical security level with ribbon patterns tended to be dispersed, the general security level and relative security levels concentrated, and the distributions of security level scattered. The unstable trend of cultivated land ecological security level was more and more obvious. The main obstacle factors that affected the cultivated land ecological security level in Jilin Province were rural net income per capita, economic density, the proportion of environmental protection investment in GDP, degree of machinery cultivation and the comprehensive utilization rate of industrial solid wastes.

The Infrastructure Necessary to Support a Sustainable Material Protection, Control and Accounting (MPC&A) Program in Russia

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bachner, Katherine M.; Mladineo, Stephen V.

The NNSA Material Protection, Control, and Accounting (MPC&A) program has been engaged for fifteen years in upgrading the security of nuclear materials in Russia. Part of the effort has been to establish the conditions necessary to ensure the long-term sustainability of nuclear security. A sustainable program of nuclear security requires the creation of an indigenous infrastructure, starting with sustained high level government commitment. This includes organizational development, training, maintenance, regulations, inspections, and a strong nuclear security culture. The provision of modern physical protection, control, and accounting equipment to the Russian Federation alone is not sufficient. Comprehensive infrastructure projects support themore » Russian Federation's ability to maintain the risk reduction achieved through upgrades to the equipment. To illustrate the contributions to security, and challenges of implementation, this paper discusses the history and next steps for an indigenous Tamper Indication Device (TID) program, and a Radiation Portal Monitoring (RPM) program.« less

New Directions in Online Fraud

NASA Astrophysics Data System (ADS)

Mohatar, Oscar Delgado; Sierra Cámara, José M.

2007-12-01

The security of a system can be seen as a chain of protection methods, and the global level is just as strong as its weakest link. From this point of view, cryptography is no more than other link in the chain. And most of the times, it is probably the strongest link, but there are many others weak links which decrease the security level until unacceptable level for carrying out electronic commerce. In last term, exclusively technical protection methods seem not be able to completely resolve the situation. The focus should be changed towards trying to increase the resistance of the system, instead of its invulnerability that, in any case, can not be completely achieved in general purpose operating systems.

On Specifying the Functional Design for a Protected DMS Tool

DTIC Science & Technology

1977-03-01

of a secure data management system in terms of abstract entities. In keeping with this, the model identifies a security policy which is sufficient... policy of the model may be expressed, there- fore, as the rules which mediate the access of subjects to objects. The access authorization of the...level of a subject; however, this possibly is not acknowledged in our model. The specification of the DMS tool embodies this protection policy

Secure Obfuscation for Encrypted Group Signatures

PubMed Central

Fan, Hongfei; Liu, Qin

2015-01-01

In recent years, group signature techniques are widely used in constructing privacy-preserving security schemes for various information systems. However, conventional techniques keep the schemes secure only in normal black-box attack contexts. In other words, these schemes suppose that (the implementation of) the group signature generation algorithm is running in a platform that is perfectly protected from various intrusions and attacks. As a complementary to existing studies, how to generate group signatures securely in a more austere security context, such as a white-box attack context, is studied in this paper. We use obfuscation as an approach to acquire a higher level of security. Concretely, we introduce a special group signature functionality-an encrypted group signature, and then provide an obfuscator for the proposed functionality. A series of new security notions for both the functionality and its obfuscator has been introduced. The most important one is the average-case secure virtual black-box property w.r.t. dependent oracles and restricted dependent oracles which captures the requirement of protecting the output of the proposed obfuscator against collision attacks from group members. The security notions fit for many other specialized obfuscators, such as obfuscators for identity-based signatures, threshold signatures and key-insulated signatures. Finally, the correctness and security of the proposed obfuscator have been proven. Thereby, the obfuscated encrypted group signature functionality can be applied to variants of privacy-preserving security schemes and enhance the security level of these schemes. PMID:26167686

Development of the SAFE Checklist Tool for Assessing Site-Level Threats to Child Protection: Use of Delphi Methods and Application to Two Sites in India

PubMed Central

Betancourt, Theresa S.; Zuilkowski, Stephanie S.; Ravichandran, Arathi; Einhorn, Honora; Arora, Nikita; Bhattacharya Chakravarty, Aruna; Brennan, Robert T.

2015-01-01

Background The child protection community is increasingly focused on developing tools to assess threats to child protection and the basic security needs and rights of children and families living in adverse circumstances. Although tremendous advances have been made to improve measurement of individual child health status or household functioning for use in low-resource settings, little attention has been paid to a more diverse array of settings in which many children in adversity spend time and how context contributes to threats to child protection. The SAFE model posits that insecurity in any of the following fundamental domains threatens security in the others: Safety/freedom from harm; Access to basic physiological needs and healthcare; Family and connection to others; Education and economic security. Site-level tools are needed in order to monitor the conditions that can dramatically undermine or support healthy child growth, development and emotional and behavioral health. From refugee camps and orphanages to schools and housing complexes, site-level threats exist that are not well captured by commonly used measures of child health and well-being or assessments of single households (e.g., SDQ, HOME). Methods The present study presents a methodology and the development of a scale for assessing site-level child protection threats in various settings of adversity. A modified Delphi panel process was enhanced with two stages of expert review in core content areas as well as review by experts in instrument development, and field pilot testing. Results Field testing in two diverse sites in India—a construction site and a railway station—revealed that the resulting SAFE instrument was sensitive to the differences between the sites from the standpoint of core child protection issues. PMID:26540159

Development of the SAFE Checklist Tool for Assessing Site-Level Threats to Child Protection: Use of Delphi Methods and Application to Two Sites in India.

PubMed

Betancourt, Theresa S; Zuilkowski, Stephanie S; Ravichandran, Arathi; Einhorn, Honora; Arora, Nikita; Bhattacharya Chakravarty, Aruna; Brennan, Robert T

2015-01-01

The child protection community is increasingly focused on developing tools to assess threats to child protection and the basic security needs and rights of children and families living in adverse circumstances. Although tremendous advances have been made to improve measurement of individual child health status or household functioning for use in low-resource settings, little attention has been paid to a more diverse array of settings in which many children in adversity spend time and how context contributes to threats to child protection. The SAFE model posits that insecurity in any of the following fundamental domains threatens security in the others: Safety/freedom from harm; Access to basic physiological needs and healthcare; Family and connection to others; Education and economic security. Site-level tools are needed in order to monitor the conditions that can dramatically undermine or support healthy child growth, development and emotional and behavioral health. From refugee camps and orphanages to schools and housing complexes, site-level threats exist that are not well captured by commonly used measures of child health and well-being or assessments of single households (e.g., SDQ, HOME). The present study presents a methodology and the development of a scale for assessing site-level child protection threats in various settings of adversity. A modified Delphi panel process was enhanced with two stages of expert review in core content areas as well as review by experts in instrument development, and field pilot testing. Field testing in two diverse sites in India-a construction site and a railway station-revealed that the resulting SAFE instrument was sensitive to the differences between the sites from the standpoint of core child protection issues.

Green Secure Processors: Towards Power-Efficient Secure Processor Design

NASA Astrophysics Data System (ADS)

Chhabra, Siddhartha; Solihin, Yan

With the increasing wealth of digital information stored on computer systems today, security issues have become increasingly important. In addition to attacks targeting the software stack of a system, hardware attacks have become equally likely. Researchers have proposed Secure Processor Architectures which utilize hardware mechanisms for memory encryption and integrity verification to protect the confidentiality and integrity of data and computation, even from sophisticated hardware attacks. While there have been many works addressing performance and other system level issues in secure processor design, power issues have largely been ignored. In this paper, we first analyze the sources of power (energy) increase in different secure processor architectures. We then present a power analysis of various secure processor architectures in terms of their increase in power consumption over a base system with no protection and then provide recommendations for designs that offer the best balance between performance and power without compromising security. We extend our study to the embedded domain as well. We also outline the design of a novel hybrid cryptographic engine that can be used to minimize the power consumption for a secure processor. We believe that if secure processors are to be adopted in future systems (general purpose or embedded), it is critically important that power issues are considered in addition to performance and other system level issues. To the best of our knowledge, this is the first work to examine the power implications of providing hardware mechanisms for security.

Data Protection-Aware Design for Cloud Services

NASA Astrophysics Data System (ADS)

Creese, Sadie; Hopkins, Paul; Pearson, Siani; Shen, Yun

The Cloud is a relatively new concept and so it is unsurprising that the information assurance, data protection, network security and privacy concerns have yet to be fully addressed. This paper seeks to begin the process of designing data protection controls into clouds from the outset so as to avoid the costs associated with bolting on security as an afterthought. Our approach is firstly to consider cloud maturity from an enterprise level perspective, describing a novel capability maturity model. We use this model to explore privacy controls within an enterprise cloud deployment, and explore where there may be opportunities to design in data protection controls as exploitation of the Cloud matures. We demonstrate how we might enable such controls via the use of design patterns. Finally, we consider how Service Level Agreements (SLAs) might be used to ensure that third party suppliers act in support of such controls.

32 CFR 2700.12 - Criteria for and level of original classification.

Code of Federal Regulations, 2011 CFR

2011-07-01

... FOR MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Original Classification § 2700.12... be classified only when protecting the national security requires that the information they contain be withheld from public disclosure. Information may not be classified to conceal violations of law...

Security in Full-Force

NASA Technical Reports Server (NTRS)

2002-01-01

When fully developed for NASA, Vanguard Enforcer(TM) software-which emulates the activities of highly technical security system programmers, auditors, and administrators-was among the first intrusion detection programs to restrict human errors from affecting security, and to ensure the integrity of a computer's operating systems, as well as the protection of mission critical resources. Vanguard Enforcer was delivered in 1991 to Johnson Space Center and has been protecting systems and critical data there ever since. In August of 1999, NASA granted Vanguard exclusive rights to commercialize the Enforcer system for the private sector. In return, Vanguard continues to supply NASA with ongoing research, development, and support of Enforcer. The Vanguard Enforcer 4.2 is one of several surveillance technologies that make up the Vanguard Security Solutions line of products. Using a mainframe environment, Enforcer 4.2 achieves previously unattainable levels of automated security management.

A data protection scheme for a remote vital signs monitoring healthcare service.

PubMed

Gritzalis, D; Lambrinoudakis, C

2000-01-01

Personal and medical data processed by Healthcare Information Systems must be protected against unauthorized access, modification and withholding. Security measures should be selected to provide the required level of protection in a cost-efficient manner. This is only feasible if specific characteristics of the information system are examined on a basis of a risk analysis methodology. This paper presents the results of a risk analysis, based on the CRAMM methodology, for a healthcare organization offering a patient home-monitoring service through the transmission of vital signs, focusing on the identified security needs and the proposed countermeasures. The architectural and functional models of this service were utilized for identifying and valuating the system assets, the associated threats and vulnerabilities, as well as for assessing the impact on the patients and on the service provider, should the security of any of these assets is affected. A set of adequate organizational, administrative and technical countermeasures is described for the remote vital signs monitoring service, thus providing the healthcare organization with a data protection framework that can be utilized for the development of its own security plan.

Dynamic Reconfiguration of Security Policies in Wireless Sensor Networks

PubMed Central

Pinto, Mónica; Gámez, Nadia; Fuentes, Lidia; Amor, Mercedes; Horcas, José Miguel; Ayala, Inmaculada

2015-01-01

Providing security and privacy to wireless sensor nodes (WSNs) is very challenging, due to the heterogeneity of sensor nodes and their limited capabilities in terms of energy, processing power and memory. The applications for these systems run in a myriad of sensors with different low-level programming abstractions, limited capabilities and different routing protocols. This means that applications for WSNs need mechanisms for self-adaptation and for self-protection based on the dynamic adaptation of the algorithms used to provide security. Dynamic software product lines (DSPLs) allow managing both variability and dynamic software adaptation, so they can be considered a key technology in successfully developing self-protected WSN applications. In this paper, we propose a self-protection solution for WSNs based on the combination of the INTER-TRUST security framework (a solution for the dynamic negotiation and deployment of security policies) and the FamiWare middleware (a DSPL approach to automatically configure and reconfigure instances of a middleware for WSNs). We evaluate our approach using a case study from the intelligent transportation system domain. PMID:25746093

Architecture of security management unit for safe hosting of multiple agents

NASA Astrophysics Data System (ADS)

Gilmont, Tanguy; Legat, Jean-Didier; Quisquater, Jean-Jacques

1999-04-01

In such growing areas as remote applications in large public networks, electronic commerce, digital signature, intellectual property and copyright protection, and even operating system extensibility, the hardware security level offered by existing processors is insufficient. They lack protection mechanisms that prevent the user from tampering critical data owned by those applications. Some devices make exception, but have not enough processing power nor enough memory to stand up to such applications (e.g. smart cards). This paper proposes an architecture of secure processor, in which the classical memory management unit is extended into a new security management unit. It allows ciphered code execution and ciphered data processing. An internal permanent memory can store cipher keys and critical data for several client agents simultaneously. The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility. The result is a secure processor that has hardware support for extensible multitask operating systems, and can be used for both general applications and critical applications needing strong protection. The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance, and do not require it to be modified.

Factors Affecting Attachment in International Adoptees at 6 Months Post Adoption

PubMed Central

Weiss, Sandra

2011-01-01

This pilot study examined the effect of five child and maternal factors on the attachment security of international adoptees at six months post adoption. Results from the sample of 22 adoptive mother-infant dyads showed that age at adoption, developmental status, length and quality of preadoption care, and maternal attachment representations were not significant predictors of child attachment status. The number of preadoption placements and the child's stress level did significantly predict attachment status, accounting for approximately 40% of the variance in attachment security. Number of preadoption placements uniquely contributed 14% of that variance (p=.007) while stress level uniquely contributed 12% (p=.01). Children who had fewer preadoption placements had higher attachment security; similarly, children who had lower stress levels had higher attachment security. Results suggest that consistency of preadoption care was more important than its length or quality. Further, the relationship between stress level and attachment security raises the possibility that a lower stress level functions as a protective factor for the developing attachment with the adoptive mother. PMID:22267885

78 FR 66318 - Securities Investor Protection Corporation

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-05

...] Securities Investor Protection Corporation AGENCY: Securities and Exchange Commission. ACTION: Proposed rule. SUMMARY: The Securities Investor Protection Corporation (``SIPC'') filed a proposed rule change with the... satisfaction of customer claims for standardized options under the Securities Investor Protection Act of 1970...

A security vulnerabilities assessment tool for interim storage facilities of low-level radioactive wastes.

PubMed

Bible, J; Emery, R J; Williams, T; Wang, S

2006-11-01

Limited permanent low-level radioactive waste (LLRW) disposal capacity and correspondingly high disposal costs have resulted in the creation of numerous interim storage facilities for either decay-in-storage operations or longer term accumulation efforts. These facilities, which may be near the site of waste generation or in distal locations, often were not originally designed for the purpose of LLRW storage, particularly with regard to security. Facility security has become particularly important in light of the domestic terrorist acts of 2001, wherein LLRW, along with many other sources of radioactivity, became recognized commodities to those wishing to create disruption through the purposeful dissemination of radioactive materials. Since some LLRW materials may be in facilities that may exhibit varying degrees of security control sophistication, a security vulnerabilities assessment tool grounded in accepted criminal justice theory and security practice has been developed. The tool, which includes dedicated sections on general security, target hardening, criminalization benefits, and the presence of guardians, can be used by those not formally schooled in the security profession to assess the level of protection afforded to their respective facilities. The tool equips radiation safety practitioners with the ability to methodically and systematically assess the presence or relative status of various facility security aspects, many of which may not be considered by individuals from outside the security profession. For example, radiation safety professionals might not ordinarily consider facility lighting aspects, which is a staple for the security profession since it is widely known that crime disproportionately occurs more frequently at night or in poorly lit circumstances. Likewise, the means and associated time dimensions for detecting inventory discrepancies may not be commonly considered. The tool provides a simple means for radiation safety professionals to assess, and perhaps enhance in a reasonable fashion, the security of their interim storage operations. Aspects of the assessment tool can also be applied to other activities involving the protection of sources of radiation as well.

Methods and implementation of a central biosample and data management in a three-centre clinical study.

PubMed

Angelow, Aniela; Schmidt, Matthias; Weitmann, Kerstin; Schwedler, Susanne; Vogt, Hannes; Havemann, Christoph; Hoffmann, Wolfgang

2008-07-01

In our report we describe concept, strategies and implementation of a central biosample and data management (CSDM) system in the three-centre clinical study of the Transregional Collaborative Research Centre "Inflammatory Cardiomyopathy - Molecular Pathogenesis and Therapy" SFB/TR 19, Germany. Following the requirements of high system resource availability, data security, privacy protection and quality assurance, a web-based CSDM was developed based on Java 2 Enterprise Edition using an Oracle database. An efficient and reliable sample documentation system using bar code labelling, a partitioning storage algorithm and an online documentation software was implemented. An online electronic case report form is used to acquire patient-related data. Strict rules for access to the online applications and secure connections are used to account for privacy protection and data security. Challenges for the implementation of the CSDM resided at project, technical and organisational level as well as at staff level.

14 CFR 1203.301 - Identification of information requiring protection.

Code of Federal Regulations, 2011 CFR

2011-01-01

... INFORMATION SECURITY PROGRAM Classification Principles and Considerations § 1203.301 Identification of information requiring protection. Classifiers shall identify the level of classification of each classified... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Identification of information requiring...

14 CFR 1203.301 - Identification of information requiring protection.

Code of Federal Regulations, 2010 CFR

2010-01-01

... INFORMATION SECURITY PROGRAM Classification Principles and Considerations § 1203.301 Identification of information requiring protection. Classifiers shall identify the level of classification of each classified... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Identification of information requiring...

Protection of data carriers using secure optical codes

NASA Astrophysics Data System (ADS)

Peters, John A.; Schilling, Andreas; Staub, René; Tompkin, Wayne R.

2006-02-01

Smartcard technologies, combined with biometric-enabled access control systems, are required for many high-security government ID card programs. However, recent field trials with some of the most secure biometric systems have indicated that smartcards are still vulnerable to well equipped and highly motivated counterfeiters. In this paper, we present the Kinegram Secure Memory Technology which not only provides a first-level visual verification procedure, but also reinforces the existing chip-based security measures. This security concept involves the use of securely-coded data (stored in an optically variable device) which communicates with the encoded hashed information stored in the chip memory via a smartcard reader device.

An Efficient Mutual Authentication Framework for Healthcare System in Cloud Computing.

PubMed

Kumar, Vinod; Jangirala, Srinivas; Ahmad, Musheer

2018-06-28

The increasing role of Telecare Medicine Information Systems (TMIS) makes its accessibility for patients to explore medical treatment, accumulate and approach medical data through internet connectivity. Security and privacy preservation is necessary for medical data of the patient in TMIS because of the very perceptive purpose. Recently, Mohit et al.'s proposed a mutual authentication protocol for TMIS in the cloud computing environment. In this work, we reviewed their protocol and found that it is not secure against stolen verifier attack, many logged in patient attack, patient anonymity, impersonation attack, and fails to protect session key. For enhancement of security level, we proposed a new mutual authentication protocol for the similar environment. The presented framework is also more capable in terms of computation cost. In addition, the security evaluation of the protocol protects resilience of all possible security attributes, and we also explored formal security evaluation based on random oracle model. The performance of the proposed protocol is much better in comparison to the existing protocol.

Implementation of QoSS (Quality-of-Security Service) for NoC-Based SoC Protection

NASA Astrophysics Data System (ADS)

Sepúlveda, Johanna; Pires, Ricardo; Strum, Marius; Chau, Wang Jiang

Many of the current electronic systems embedded in a SoC (System-on-Chip) are used to capture, store, manipulate and access critical data, as well as to perform other key functions. In such a scenario, security is considered as an important issue. The Network-on-chip (NoC), as the foreseen communication structure of next-generation SoC devices, can be used to efficiently incorporate security. Our work proposes the implementation of QoSS (Quality of Security Service) to overcome present SoC vulnerabilities. QoSS is a novel concept for data protection that introduces security as a dimension of QoS. In this paper, we present the implementation of two security services (access control and authentication), that may be configured to assume one from several possible levels, the implementation of a technique to avoid denial-of-service (DoS) attacks, evaluate their effectiveness and estimate their impact on NoC performance.

A Framework for an Institutional High Level Security Policy for the Processing of Medical Data and their Transmission through the Internet

PubMed Central

Pangalos, George

2001-01-01

Background The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. Objective To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. Methods We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. Results We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. Conclusions The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented. PMID:11720956

A framework for an institutional high level security policy for the processing of medical data and their transmission through the Internet.

PubMed

Ilioudis, C; Pangalos, G

2001-01-01

The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented.

Design, Development, and Automated Verification of an Integrity-Protected Hypervisor

DTIC Science & Technology

2012-07-16

mechanism for implementing software virtualization. Since hypervisors execute at a very high privilege level, they must be secure. A fundamental security...using the CBMC model checker. CBMC verified XMHF?s implementation ? about 4700 lines of C code ? in about 80 seconds using less than 2GB of RAM. 15...Hypervisors are a popular mechanism for implementing software virtualization. Since hypervisors execute at a very high privilege level, they must be

Telemedicine with integrated data security in ATM-based networks

NASA Astrophysics Data System (ADS)

Thiel, Andreas; Bernarding, Johannes; Kurth, Ralf; Wenzel, Rudiger; Villringer, Arno; Tolxdorff, Thomas

1997-05-01

Telemedical services rely on the digital transfer of large amounts of data in a short time. The acceptance of these services requires therefore new hard- and software concepts. The fast exchange of data is well performed within a high- speed ATM-based network. The fast access to the data from different platforms imposes more difficult problems, which may be divided into those relating to standardized data formats and those relating to different levels of data security across nations. For a standardized access to the formats and those relating to different levels of data security across nations. For a standardized access to the image data, a DICOM 3.0 server was implemented.IMages were converted into the DICOM 3.0 standard if necessary. The access to the server is provided by an implementation of DICOM in JAVA allowing access to the data from different platforms. Data protection measures to ensure the secure transfer of sensitive patient data are not yet solved within the DICOM concept. We investigated different schemes to protect data using the DICOM/JAVA modality with as little impact on data transfer speed as possible.

[How to establish the hospital information system security policies].

PubMed

Gong, Qing-Yue; Shi, Cheng

2008-03-01

It is important to establish the hospital information system security policies. While these security policies are being established, a comprehensive consideration should be given to the acceptable levels of users, IT supporters and hospital managers. We should have a formal policy designing process that is consistently followed by all security policies. Reasons for establishing the security policies and their coverage and applicable objects should be stated clearly. Besides, each policy should define user's responsibilities and penalties of violation. Every organization will need some key policies, such as of information sources usage, remote access, information protection, perimeter security, and baseline host/device security. Security managing procedures are the mechanisms to enforce the policies. An incident-handling procedure is the most important security managing procedure for all organizations.

Day, night and all-weather security surveillance automation synergy from combining two powerful technologies

DOE Office of Scientific and Technical Information (OSTI.GOV)

Morellas, Vassilios; Johnson, Andrew; Johnston, Chris

2006-07-01

Thermal imaging is rightfully a real-world technology proven to bring confidence to daytime, night-time and all weather security surveillance. Automatic image processing intrusion detection algorithms are also a real world technology proven to bring confidence to system surveillance security solutions. Together, day, night and all weather video imagery sensors and automated intrusion detection software systems create the real power to protect early against crime, providing real-time global homeland protection, rather than simply being able to monitor and record activities for post event analysis. These solutions, whether providing automatic security system surveillance at airports (to automatically detect unauthorized aircraft takeoff andmore » landing activities) or at high risk private, public or government facilities (to automatically detect unauthorized people or vehicle intrusion activities) are on the move to provide end users the power to protect people, capital equipment and intellectual property against acts of vandalism and terrorism. As with any technology, infrared sensors and automatic image intrusion detection systems for global homeland security protection have clear technological strengths and limitations compared to other more common day and night vision technologies or more traditional manual man-in-the-loop intrusion detection security systems. This paper addresses these strength and limitation capabilities. False Alarm (FAR) and False Positive Rate (FPR) is an example of some of the key customer system acceptability metrics and Noise Equivalent Temperature Difference (NETD) and Minimum Resolvable Temperature are examples of some of the sensor level performance acceptability metrics. (authors)« less

2006 Homeland Security Symposium and Exposition. Held in Arlington, VA on 29-31 March 2006

DTIC Science & Technology

2006-03-31

Consequences , Vulnerabilities, and Threats) Prioritize Implement Protective Programs Measure Effectiveness 9March 2006 Major NIPP Theme: Sector Partnership... effect of exposure • Full understanding of the levels of exposure that mark the onset of miosis • Refined human operational exposure standard for GB...Untitled Document 2006 Homeland Security Symposium and Exposition.html[7/7/2016 11:38:26 AM] 2006 Homeland Security Symposium and Exposition

Advanced Protected Services: A Concept Paper on Survivable Service-Oriented Systems

DTIC Science & Technology

2010-05-07

resiliency and protection of such systems to a level where they can withstand sustained attacks from well-motivated adversaries. In this paper we...that are designed for the protection of systems that are based on service-oriented architectures. 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF...resilient against malicious attacks , and to demonstrate the utility of the developed advanced protection techniques in settings that exhibit various

Space Security Law

NASA Astrophysics Data System (ADS)

Blount, P. J.

2017-06-01

Since the very beginning of the space age, security has been the critical, overriding concern at the heart of both international and domestic space law regimes. While these regimes certainly encompass broader interests, such as commercial uses of outer space, they are built on a legal foundation that is largely intended to regularize interactions among space actors to ensure security, safety, and sustainability in the space environment. Space security law, as a result, has central goals of both maintaining peace and providing security as a public good for the benefit of humankind. The idea of security is a technical and political construct. The law is a tool that is used to articulate that construct as concept and operationalize it as a value. As such, space security law is a network of law and regulation that governs a wide variety of space activities. There are four broad categories that typify the various manifestations of space security law: international peace and security; national security; human security; and space safety and sustainability. International peace and security, the first category, is directly concerned with the international law and norms that have been adopted to decrease the risk of conflict between states. National security, category two, consists of domestic law that implements, at the national level, the obligations found in the first category as well as law that promotes other national security goals. Human security, the third category, is the loose set of law and policy directed at the use of space for the protection of human populations, such as disaster response and planetary protection. Finally, the fourth category, space safety and security, represents the emerging body of law and policy that seeks to protect the space environment through measures that address space debris and harmful contamination. Obviously, these categories overlap and laws can serve duplicative purposes, but this compartmentalization reveals much about the legal structures that surround core security projects being pursued in and through space.

75 FR 75711 - Securities Investor Protection Corporation; Notice of Filing of a Proposed Bylaw Change Relating...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-06

... Securities Investor Protection Corporation (``SIPC'') filed with the Securities and Exchange Commission... Members, Rel. No. SIPA-156, 56 FR 51952 (Oct. 16, 1991). \\6\\ Securities Investor Protection Corporation... SECURITIES AND EXCHANGE COMMISSION [Release No. SIPA-169; File No. SIPC-2010-01] Securities...

75 FR 68370 - Agency Information Collection Activities: Office of Infrastructure Protection; Chemical Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-05

... DEPARTMENT OF HOMELAND SECURITY National Protection and Programs Directorate [Docket No. DHS-2010-0071] Agency Information Collection Activities: Office of Infrastructure Protection; Chemical Security...: The Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD), Office...

Water security evaluation in Yellow River basin

NASA Astrophysics Data System (ADS)

Jiang, Guiqin; He, Liyuan; Jing, Juan

2018-03-01

Water security is an important basis for making water security protection strategy, which concerns regional economic and social sustainable development. In this paper, watershed water security evaluation index system including 3 levels of 5 criterion layers (water resources security, water ecological security and water environment security, water disasters prevention and control security and social economic security) and 24 indicators were constructed. The entropy weight method was used to determine the weights of the indexes in the system. The water security index of 2000, 2005, 2010 and 2015 in Yellow River basin were calculated by linear weighting method based on the relative data. Results show that the water security conditions continue to improve in Yellow River basin but still in a basic security state. There is still a long way to enhance the water security in Yellow River basin, especially the water prevention and control security, the water ecological security and water environment security need to be promoted vigorously.

The role of the health physicist in nuclear security.

PubMed

Waller, Edward J; van Maanen, Jim

2015-04-01

Health physics is a recognized safety function in the holistic context of the protection of workers, members of the public, and the environment against the hazardous effects of ionizing radiation, often generically designated as radiation protection. The role of the health physicist as protector dates back to the Manhattan Project. Nuclear security is the prevention and detection of, and response to, criminal or intentional unauthorized acts involving or directed at nuclear material, other radioactive material, associated facilities, or associated activities. Its importance has become more visible and pronounced in the post 9/11 environment, and it has a shared purpose with health physics in the context of protection of workers, members of the public, and the environment. However, the duties and responsibilities of the health physicist in the nuclear security domain are neither clearly defined nor recognized, while a fundamental understanding of nuclear phenomena in general, nuclear or other radioactive material specifically, and the potential hazards related to them is required for threat assessment, protection, and risk management. Furthermore, given the unique skills and attributes of professional health physicists, it is argued that the role of the health physicist should encompass all aspects of nuclear security, ranging from input in the development to implementation and execution of an efficient and effective nuclear security regime. As such, health physicists should transcend their current typical role as consultants in nuclear security issues and become fully integrated and recognized experts in the nuclear security domain and decision making process. Issues regarding the security clearances of health physics personnel and the possibility of insider threats must be addressed in the same manner as for other trusted individuals; however, the net gain from recognizing and integrating health physics expertise in all levels of a nuclear security regime far outweighs any negative aspects. In fact, it can be argued that health physics is essential in achieving an integrated approach toward nuclear safety, security, and safeguards.

The Role of the Health Physicist in Nuclear Security

PubMed Central

Waller, Edward J.; van Maanen, Jim

2015-01-01

Abstract Health physics is a recognized safety function in the holistic context of the protection of workers, members of the public, and the environment against the hazardous effects of ionizing radiation, often generically designated as radiation protection. The role of the health physicist as protector dates back to the Manhattan Project. Nuclear security is the prevention and detection of, and response to, criminal or intentional unauthorized acts involving or directed at nuclear material, other radioactive material, associated facilities, or associated activities. Its importance has become more visible and pronounced in the post 9/11 environment, and it has a shared purpose with health physics in the context of protection of workers, members of the public, and the environment. However, the duties and responsibilities of the health physicist in the nuclear security domain are neither clearly defined nor recognized, while a fundamental understanding of nuclear phenomena in general, nuclear or other radioactive material specifically, and the potential hazards related to them is required for threat assessment, protection, and risk management. Furthermore, given the unique skills and attributes of professional health physicists, it is argued that the role of the health physicist should encompass all aspects of nuclear security, ranging from input in the development to implementation and execution of an efficient and effective nuclear security regime. As such, health physicists should transcend their current typical role as consultants in nuclear security issues and become fully integrated and recognized experts in the nuclear security domain and decision making process. Issues regarding the security clearances of health physics personnel and the possibility of insider threats must be addressed in the same manner as for other trusted individuals; however, the net gain from recognizing and integrating health physics expertise in all levels of a nuclear security regime far outweighs any negative aspects. In fact, it can be argued that health physics is essential in achieving an integrated approach toward nuclear safety, security, and safeguards. PMID:25706142

Leap Frog Digital Sensors and Definition, Integration & Testing FY 2003 Annual Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Meitzler, Wayne D.; Ouderkirk, Steven J.; Shoemaker, Steven V.

2003-12-31

The objective of Leap Frog is to develop a comprehensive security tool that is transparent to the user community and more effective than current methods for preventing and detecting security compromises of critical physical and digital assets. Current security tools intrude on the people that interact with these critical assets by requiring them to perform additional functions or having additional visible sensors. Leap Frog takes security to the next level by being more effective and reducing the adverse impact on the people interacting with protected assets.

Trust and Reputation Management for Critical Infrastructure Protection

NASA Astrophysics Data System (ADS)

Caldeira, Filipe; Monteiro, Edmundo; Simões, Paulo

Today's Critical Infrastructures (CI) depend of Information and Communication Technologies (ICT) to deliver their services with the required level of quality and availability. ICT security plays a major role in CI protection and risk prevention for single and also for interconnected CIs were cascading effects might occur because of the interdependencies that exist among different CIs. This paper addresses the problem of ICT security in interconnected CIs. Trust and reputation management using the Policy Based Management paradigm is the proposed solution to be applied at the CI interconnection points for information exchange. The proposed solution is being applied to the Security Mediation Gateway being developed in the European FP7 MICIE project, to allow for information exchange among interconnected CIs.

The security of patient identifiable information in doctors' homes.

PubMed

McLean, Iain; Anderson, C Mary

2004-08-01

Ethically and legally doctors bear a responsibility to ensure the security of patient identifiable information in their possession. Many doctors, especially those in forensic medicine, hold paper or computerised medical records at home. This survey was conducted to assess the level of security for these records and awareness of the issues. Fifty-six forensic physicians (30 male, 26 female) answered a questionnaire. Eighty-nine percent used a computer to write patient notes and reports, but only 26 of these were on the Data Protection Register, and only 24 password-protected their files. Few doctors took steps to protect data on old computers they had stopped using. Of those responding, 88% held paper records at home but only of these had lockable filing cabinets. Burglar alarms were fitted in 77% of homes, yet 36% of homes had been burgled. No participants had written instructions for disposal of records and reports after their death. Older participants were more likely to have been burgled, yet less likely to have antiviral software than their younger counterparts. Participants expressed the need for information, education and training in data security.

Finite Energy and Bounded Attacks on Control System Sensor Signals

DOE Office of Scientific and Technical Information (OSTI.GOV)

Djouadi, Seddik M; Melin, Alexander M; Ferragut, Erik M

Control system networks are increasingly being connected to enterprise level networks. These connections leave critical industrial controls systems vulnerable to cyber-attacks. Most of the effort in protecting these cyber-physical systems (CPS) has been in securing the networks using information security techniques and protection and reliability concerns at the control system level against random hardware and software failures. However, besides these failures the inability of information security techniques to protect against all intrusions means that the control system must be resilient to various signal attacks for which new analysis and detection methods need to be developed. In this paper, sensor signalmore » attacks are analyzed for observer-based controlled systems. The threat surface for sensor signal attacks is subdivided into denial of service, finite energy, and bounded attacks. In particular, the error signals between states of attack free systems and systems subject to these attacks are quantified. Optimal sensor and actuator signal attacks for the finite and infinite horizon linear quadratic (LQ) control in terms of maximizing the corresponding cost functions are computed. The closed-loop system under optimal signal attacks are provided. Illustrative numerical examples are provided together with an application to a power network with distributed LQ controllers.« less

[Assessment and early warning of land ecological security in rapidly urbanizing coastal area: A case study of Caofeidian new district, Hebei, China].

PubMed

Zhang, Li; Chen, Ying; Wang, Shu-tao; Men, Ming-xin; Xu, Hao

2015-08-01

Assessment and early warning of land ecological security (LES) in rapidly urbanizing coastal area is an important issue to ensure sustainable land use and effective maintenance of land ecological security. In this study, an index system for the land ecological security of Caofeidian new district was established based on the Pressure-State-Response (P-S-R) model. Initial assessment units of 1 km x 1 km created with the remote sensing data and GIS methods were spatially interpolated to a fine pixel size of 30 m x 30 m, which were combined with the early warning method (using classification tree method) to evaluate the land ecological security of Caofeidian in 2005 and 2013. The early warning level was classed into four categories: security with degradation potential, sub-security with slow degradation, sub-security with rapid degradation, and insecurity. Result indicated that, from 2005 to 2013, the average LES of Caofeidian dropped from 0.55 to 0.52, indicating a degradation of land ecological security from medium security level to medium-low security level. The areas at the levels of insecurity with rapid degradation were mainly located in the rapid urbanization areas, illustrating that rapid expansion of urban construction land was the key factor to the deterioration of the regional land ecological security. Industrial District, Shilihai town and Nanpu saltern, in which the lands at the levels of insecurity and sub-security with rapid degradation or slow degradation accounted for 58.3%, 98.9% and 81.2% of their respective districts, were at the stage of high early warning. Thus, land ecological security regulation for these districts should be strengthened in near future. The study could provide a reference for land use planning and ecological protection of Caofeidian new district.

6 CFR 29.5 - Requirements for protection.

Code of Federal Regulations, 2013 CFR

2013-01-01

... protected use regarding the security of critical infrastructure or protected systems, analysis, warning... expectation of protection from disclosure as provided by the provisions of the Critical Infrastructure... Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL...

6 CFR 29.5 - Requirements for protection.

Code of Federal Regulations, 2014 CFR

2014-01-01

... protected use regarding the security of critical infrastructure or protected systems, analysis, warning... expectation of protection from disclosure as provided by the provisions of the Critical Infrastructure... Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL...

Computer-Based Testing: Test Site Security.

ERIC Educational Resources Information Center

Rosen, Gerald A.

Computer-based testing places great burdens on all involved parties to ensure test security. A task analysis of test site security might identify the areas of protecting the test, protecting the data, and protecting the environment as essential issues in test security. Protecting the test involves transmission of the examinations, identifying the…

Access to healthcare and financial risk protection for older adults in Mexico: secondary data analysis of a national survey

PubMed Central

Doubova, Svetlana V; Pérez-Cuevas, Ricardo; Canning, David; Reich, Michael R

2015-01-01

Objectives While the benefits of Seguro Popular health insurance in Mexico relative to no insurance have been widely documented, little has been reported on its effects relative to the pre-existing Social Security health insurance. We analyse the effects of Social Security and Seguro Popular health insurances in Mexico on access to healthcare of older adults, and on financial risk protection to their households, compared with older adults without health insurance. Setting Secondary data analysis was performed using the 2012 Mexican Survey of Health and Nutrition (ENSANUT). Participants The study population comprised 18 847 older adults and 13 180 households that have an elderly member. Outcome measures The dependent variables were access to healthcare given the reported need, the financial burden imposed by health expenditures measured through catastrophic health-related expenditures, and using savings for health-related expenditures. Separate propensity score matching analyses were conducted for each comparison. The analysis for access was performed at the individual level, and the analysis for financial burden at the household level. In each case, matching on a wide set of relevant characteristics was achieved. Results Seguro Popular showed a protective effect against lack of access to healthcare for older adults compared with those with no insurance. The average treatment effect on the treated (ATET) was ascertained through using the nearest-neighbour matching (−8.1%, t-stat −2.305) analysis. However, Seguro Popular did not show a protective effect against catastrophic expenditures in a household where an older adult lived. Social Security showed increased access to healthcare (ATET −11.3%, t-stat −3.138), and protective effect against catastrophic expenditures for households with an elderly member (ATET −1.9%, t-stat −2.178). Conclusions Seguro Popular increased access to healthcare for Mexican older adults. Social Security showed a significant protective effect against lack of access and catastrophic expenditures compared with those without health insurance. PMID:26198427

17 CFR 403.4 - Customer protection-reserves and custody of securities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Customer protection-reserves... TREASURY REGULATIONS UNDER SECTION 15C OF THE SECURITIES EXCHANGE ACT OF 1934 PROTECTION OF CUSTOMER SECURITIES AND BALANCES § 403.4 Customer protection—reserves and custody of securities. Every registered...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s or business associate's workforce in relation to the protection of that information...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s workforce in relation to the protection of that information. Authentication means the...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s workforce in relation to the protection of that information. Authentication means the...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s workforce in relation to the protection of that information. Authentication means the...

45 CFR 164.304 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-10-01

... SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... and procedures, to manage the selection, development, implementation, and maintenance of security...'s or business associate's workforce in relation to the protection of that information...

Improving organisational resilience through enterprise security risk management.

PubMed

Petruzzi, John; Loyear, Rachelle

Enterprise Security Risk Management (ESRM) is a new philosophy and method of managing security programmes through the use of traditional risk principles. As a philosophy and life cycle, ESRM is focused on creating a business partnership between security practitioners and business leaders to more effectively provide protection against security risks in line with acceptable risk tolerances as defined by business asset owners and stakeholders. This paper explores the basics of the ESRM philosophy and life cycle and also shows how embracing the ESRM philosophy and implementing a risk-based security management model in the business organisation can lead to higher levels of organisational resilience as desired by organisation leaders, executives and the board of directors.

The Operations Security Concept for Future ESA Earth Observation Missions

NASA Astrophysics Data System (ADS)

Fischer, D.; Bargellini, P.; Merri, M.

2008-08-01

Next-generation European earth observation missions will play a critical role in public safety and security infrastructures. This makes it necessary for ESA to protect the communication infrastructure of these missions in order to guarantee their service availability. In this paper, we discuss the development process for a generic earth observation security concept. This concept has been developed as part of a GMES Flight Operation Segment security study with the objective to analyse and select a number of high level security requirements for the missions. Further, we studied the impact of an implementation for these requirements on the operational infrastructure of current earth observation missions.

75 FR 82037 - National Protection and Programs Directorate; President's National Security Telecommunications...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-29

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2010-0050] National Protection and Programs Directorate; President's National Security Telecommunications Advisory Committee AGENCY: National Protection... Committee Meeting. SUMMARY: The President's National Security Telecommunications Advisory Committee (NSTAC...

A Secure and Robust Approach to Software Tamper Resistance

NASA Astrophysics Data System (ADS)

Ghosh, Sudeep; Hiser, Jason D.; Davidson, Jack W.

Software tamper-resistance mechanisms have increasingly assumed significance as a technique to prevent unintended uses of software. Closely related to anti-tampering techniques are obfuscation techniques, which make code difficult to understand or analyze and therefore, challenging to modify meaningfully. This paper describes a secure and robust approach to software tamper resistance and obfuscation using process-level virtualization. The proposed techniques involve novel uses of software check summing guards and encryption to protect an application. In particular, a virtual machine (VM) is assembled with the application at software build time such that the application cannot run without the VM. The VM provides just-in-time decryption of the program and dynamism for the application's code. The application's code is used to protect the VM to ensure a level of circular protection. Finally, to prevent the attacker from obtaining an analyzable snapshot of the code, the VM periodically discards all decrypted code. We describe a prototype implementation of these techniques and evaluate the run-time performance of applications using our system. We also discuss how our system provides stronger protection against tampering attacks than previously described tamper-resistance approaches.

[Legal development of consumer protection from the Federal Office of Consumer Protection and Food Safety standpoint].

PubMed

Püster, M

2010-06-01

Ten years after publication of the White Paper on Food Safety, health consumer protection has made significant progress and, today, is a key field in politics at both the European and German levels. In addition to the protection of health and security of consumers, consumer information has become a core element of consumer protection for the Federal Office of Consumer Protection and Food Safety (Bundesamt für Verbraucherschutz and Lebensmittelsicherheit, BVL). State authorities are provided with new means of communication and interaction with consumers.

A New Operating System for Security Tagged Architecture Hardware in Support of Multiple Independent Levels of Security (MILS) Compliant System

DTIC Science & Technology

2014-04-01

important data structures of RTEMS are introduced. Section 3.2.2 discusses the problems we found in RTEMS that may cause security vulnerabilities...the important data structures in RTEMS: Object, which is a critical data structure in the SCORE, tasks threads. Approved for Public Release...these important system codes. The example code shows a possibility that a user can delete a system thread. Therefore, in order to protect system

An Energy Efficient Protocol For The Internet Of Things

NASA Astrophysics Data System (ADS)

Venčkauskas, Algimantas; Jusas, Nerijus; Kazanavičius, Egidijus; Štuikys, Vytautas

2015-01-01

The Internet of Things (IoT) is a technological revolution that represents the future of computing and communications. One of the most important challenges of IoT is security: protection of data and privacy. The SSL protocol is the de-facto standard for secure Internet communications. The extra energy cost of encrypting and authenticating of the application data with SSL is around 15%. For IoT devices, where energy resources are limited, the increase in the cost of energy is a very significant factor. In this paper we present the energy efficient SSL protocol which ensures the maximum bandwidth and the required level of security with minimum energy consumption. The proper selection of the security level and CPU multiplier, can save up to 85% of the energy required for data encryption.

76 FR 2728 - Securities Investor Protection Corporation; Order Approving a Proposed Bylaw Change Relating to...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-14

... on SIPC Members January 10, 2011. On October 8, 2010, the Securities Investor Protection Corporation... pursuant to Section 3(e)(1) of the Securities Investor Protection Act of 1970 (``SIPA''), 15 U.S.C. 78ccc(e... SECURITIES AND EXCHANGE COMMISSION [Release No. SIPA-170; File No. SIPC-2010-01] Securities...

17 CFR 240.15b5-1 - Extension of registration for purposes of the Securities Investor Protection Act of 1970 after...

Code of Federal Regulations, 2010 CFR

2010-04-01

... purposes of the Securities Investor Protection Act of 1970 after cancellation or revocation. 240.15b5-1... purposes of the Securities Investor Protection Act of 1970 after cancellation or revocation. Commission... member within the meaning of Section 3(a)(2) of the Securities Investor Protection Act of 1970 for...

49 CFR 387.303 - Security for the protection of the public: Minimum limits.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 5 2010-10-01 2010-10-01 false Security for the protection of the public: Minimum... Insurance for Motor Carriers and Property Brokers § 387.303 Security for the protection of the public... convenience of the user, the revised text is set forth as follows: § 387.303 Security for the protection of...

Do privacy and security regulations need a status update? Perspectives from an intergenerational survey

PubMed Central

Pereira, Stacey; Robinson, Jill Oliver; Gutierrez, Amanda M.; Majumder, Mary A.; McGuire, Amy L.; Rothstein, Mark A.

2017-01-01

Background The importance of health privacy protections in the era of the “Facebook Generation” has been called into question. The ease with which younger people share personal information about themselves has led to the assumption that they are less concerned than older generations about the privacy of their information, including health information. We explored whether survey respondents’ views toward health privacy suggest that efforts to strengthen privacy protections as health information is moved online are unnecessary. Methods Using Amazon’s Mechanical Turk (MTurk), which is well-known for recruitment for survey research, we distributed a 45-item survey to individuals in the U.S. to assess their perspectives toward privacy and security of online and health information, social media behaviors, use of health and fitness devices, and demographic information. Results 1310 participants (mean age: 36 years, 50% female, 78% non-Hispanic white, 54% college graduates or higher) were categorized by generations: Millennials, Generation X, and Baby Boomers. In multivariate regression models, we found that generational cohort was an independent predictor of level of concern about privacy and security of both online and health information. Younger generations were significantly less likely to be concerned than older generations (all P < 0.05). Time spent online and social media use were not predictors of level of concern about privacy or security of online or health information (all P > 0.05). Limitations This study is limited by the non-representativeness of our sample. Conclusions Though Millennials reported lower levels of concern about privacy and security, this was not related to internet or social media behaviors, and majorities within all generations reported concern about both the privacy and security of their health information. Thus, there is no intergenerational imperative to relax privacy and security standards, and it would be advisable to take privacy and security of health information more seriously. PMID:28926626

Do privacy and security regulations need a status update? Perspectives from an intergenerational survey.

PubMed

Pereira, Stacey; Robinson, Jill Oliver; Peoples, Hayley A; Gutierrez, Amanda M; Majumder, Mary A; McGuire, Amy L; Rothstein, Mark A

2017-01-01

The importance of health privacy protections in the era of the "Facebook Generation" has been called into question. The ease with which younger people share personal information about themselves has led to the assumption that they are less concerned than older generations about the privacy of their information, including health information. We explored whether survey respondents' views toward health privacy suggest that efforts to strengthen privacy protections as health information is moved online are unnecessary. Using Amazon's Mechanical Turk (MTurk), which is well-known for recruitment for survey research, we distributed a 45-item survey to individuals in the U.S. to assess their perspectives toward privacy and security of online and health information, social media behaviors, use of health and fitness devices, and demographic information. 1310 participants (mean age: 36 years, 50% female, 78% non-Hispanic white, 54% college graduates or higher) were categorized by generations: Millennials, Generation X, and Baby Boomers. In multivariate regression models, we found that generational cohort was an independent predictor of level of concern about privacy and security of both online and health information. Younger generations were significantly less likely to be concerned than older generations (all P < 0.05). Time spent online and social media use were not predictors of level of concern about privacy or security of online or health information (all P > 0.05). This study is limited by the non-representativeness of our sample. Though Millennials reported lower levels of concern about privacy and security, this was not related to internet or social media behaviors, and majorities within all generations reported concern about both the privacy and security of their health information. Thus, there is no intergenerational imperative to relax privacy and security standards, and it would be advisable to take privacy and security of health information more seriously.

The changing face of Hanford security 1990--1994

DOE Office of Scientific and Technical Information (OSTI.GOV)

Thielman, J.

The meltdown of the Cold War was a shock to the systems built to cope with it. At the DOE`s Hanford Site in Washington State, a world-class safeguards and security system was suddenly out of step with the times. The level of protection for nuclear and classified materials was exceptional. But the cost was high and the defense facilities that funded security were closing down. The defense mission had created an umbrella of security over the sprawling Hanford Site. Helicopters designed to ferry special response teams to any trouble spot on the 1,456 square-kilometer site made the umbrella analogy almostmore » literally true. Facilities were grouped into areas, fenced off like a military base, and entrance required a badge check for everyone. Within the fence, additional rings of protection were set up around security interests or targets. The security was effective, but costly to operate and inconvenient for employees and visitors alike. Moreover, the umbrella meant that virtually all employees needed a security clearance just to get to work, whether they worked on classified or unclassified projects. Clearly, some fundamental rethinking of safeguards and security was needed. The effort to meet that challenge is the story of transition at Hanford and documented here.« less

7 CFR 765.203 - Protective advances.

Code of Federal Regulations, 2014 CFR

2014-01-01

... AGRICULTURE SPECIAL PROGRAMS DIRECT LOAN SERVICING-REGULAR Protecting the Agency's Security Interest § 765.203 Protective advances. When necessary to protect the Agency's security interest, costs incurred for the following actions will be charged to the borrower's account: (a) Maintain abandoned security property; (b...

75 FR 52768 - National Protection and Programs Directorate; Agency Information Collection Activities: Office of...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-27

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2010-0071] National Protection and Programs Directorate; Agency Information Collection Activities: Office of Infrastructure Protection; Chemical Security.... SUMMARY: The Department of Homeland Security, National Protection and Programs Directorate, Office of...

Food Security, Institutional Framework and Technology: Examining the Nexus in Nigeria Using ARDL Approach

PubMed Central

Osabohien, Romanus; Osabuohien, Evans; Urhie, Ese

2018-01-01

Background: Growth in agricultural science and technology is deemed essential for in-creasing agricultural output; reduce the vulnerability of rural poverty and in turn, food security. Food security and growth in agricultural output depends on technological usages, which enhances the pro-ductive capacity of the agricultural sector. The indicators of food security utilised in this study in-clude: dietary energy supply, average value of food production, prevalence of food inadequacy, among others. Objective: In this paper, we examined the level of technology and how investment in the agriculture and technology can improve technical know-how in Nigeria with a view to achieving food security. Method: We carried out the analysis on how investment in technology and institutional framework can improve the level of food availability (a key component of food security) in Nigeria using econ-ometric technique based on Autoregressive Distribution Lag (ARDL) framework. Results: The results showed, inter alia, that in Nigeria, there is a high level of food insecurity as a result of low attention on food production occasioned by the pervasive influence of oil that become the major export product. Conclusion: It was noted that the availability of arable land was one of the major factors to increase food production to solve the challenge of food insecurity. Thus, the efforts of reducing the rate of food insecurity are essential in this regards. This can also be achieved, among others, by active interactions between government and farmers, to make contribution to important planning issues that relate to food production in the country and above all, social protection policies should be geared or channelled to agricultural sector to protect farmers who are vulnerable to shocks and avert risks associated with agriculture. PMID:29853816

Food Security, Institutional Framework and Technology: Examining the Nexus in Nigeria Using ARDL Approach.

PubMed

Osabohien, Romanus; Osabuohien, Evans; Urhie, Ese

2018-04-01

Growth in agricultural science and technology is deemed essential for in-creasing agricultural output; reduce the vulnerability of rural poverty and in turn, food security. Food security and growth in agricultural output depends on technological usages, which enhances the pro-ductive capacity of the agricultural sector. The indicators of food security utilised in this study in-clude: dietary energy supply, average value of food production, prevalence of food inadequacy, among others. In this paper, we examined the level of technology and how investment in the agriculture and technology can improve technical know-how in Nigeria with a view to achieving food security. We carried out the analysis on how investment in technology and institutional framework can improve the level of food availability (a key component of food security) in Nigeria using econ-ometric technique based on Autoregressive Distribution Lag (ARDL) framework. The results showed, inter alia, that in Nigeria, there is a high level of food insecurity as a result of low attention on food production occasioned by the pervasive influence of oil that become the major export product. It was noted that the availability of arable land was one of the major factors to increase food production to solve the challenge of food insecurity. Thus, the efforts of reducing the rate of food insecurity are essential in this regards. This can also be achieved, among others, by active interactions between government and farmers, to make contribution to important planning issues that relate to food production in the country and above all, social protection policies should be geared or channelled to agricultural sector to protect farmers who are vulnerable to shocks and avert risks associated with agriculture.

19 CFR 10.606 - Filing of claim for tariff preference level.

Code of Federal Regulations, 2010 CFR

2010-04-01

...-Central America-United States Free Trade Agreement Tariff Preference Level § 10.606 Filing of claim for... 19 Customs Duties 1 2010-04-01 2010-04-01 false Filing of claim for tariff preference level. 10.606 Section 10.606 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY...

Evaluation of Ecological Environment Security in Contiguous Poverty Alleviation Area of Sichuan Province

NASA Astrophysics Data System (ADS)

Xian, W.; Chen, Y.; Chen, J.; Luo, X.; Shao, H.

2018-04-01

According to the overall requirements of ecological construction and environmental protection, rely on the national key ecological engineering, strengthen ecological environmental restoration and protection, improve forest cover, control soil erosion, construct important ecological security barrier in poor areas, inhibit poverty alleviation through ecological security in this area from environmental damage to the vicious cycle of poverty. Obviously, the dynamic monitoring of ecological security in contiguous destitute areas of Sichuan province has a policy sense of urgency and practical significance. This paper adopts RS technology and GIS technology to select the Luhe region of Jinchuan county and Ganzi prefecture as the research area, combined with the characteristics of ecological environment in poor areas, the impact factors of ecological environment are determined as land use type, terrain slope, vegetation cover, surface water, soil moisture and other factors. Using the ecological environmental safety assessment model, the ecological environment safety index is calculated. According to the index, the ecological environment safety of the research area is divided into four levels. The ecological environment safety classification map of 1990 in 2009 is obtained. It can be seen that with the human modern life and improve their economic level, the surrounding environment will be destroyed, because the research area ecological environment is now in good, the ecological environment generally tends to be stable. We should keep its ecological security good and improve local economic income. The relationship between ecological environmental security and economic coordinated development in poor areas has very important strategic significance.

78 FR 6807 - Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-31

... Cyber Security Trade Mission to Saudi Arabia and Kuwait, September 28-October 1, 2013 AGENCY... coordinating and sponsoring an executive-led Critical Infrastructure Protection and Cyber Security mission to... on the cyber security, critical infrastructure protection, and emergency management, ports of entry...

Medical and Medio-social Measures for the Health Protection of Mothers and Young Children in France.

ERIC Educational Resources Information Center

Evans, Roy; Evans, Patricia G.

1983-01-01

Provides English translation of a French study of legislation and programs providing preventive medical and social services to pregnant women and young children. Discussed are legislative objectives and organizational levels, strategies and modes of executive action, the contribution of social security to medical protection for mother and child,…

Developing measurement indices to enhance protection and resilience of critical infrastructure and key resources.

PubMed

Fisher, Ronald E; Norman, Michael

2010-07-01

The US Department of Homeland Security (DHS) is developing indices to better assist in the risk management of critical infrastructures. The first of these indices is the Protective Measures Index - a quantitative index that measures overall protection across component categories: physical security, security management, security force, information sharing, protective measures and dependencies. The Protective Measures Index, which can also be recalculated as the Vulnerability Index, is a way to compare differing protective measures (eg fence versus security training). The second of these indices is the Resilience Index, which assesses a site's resilience and consists of three primary components: robustness, resourcefulness and recovery. The third index is the Criticality Index, which assesses the importance of a facility. The Criticality Index includes economic, human, governance and mass evacuation impacts. The Protective Measures Index, Resilience Index and Criticality Index are being developed as part of the Enhanced Critical Infrastructure Protection initiative that DHS protective security advisers implement across the nation at critical facilities. This paper describes two core themes: determination of the vulnerability, resilience and criticality of a facility and comparison of the indices at different facilities.

Expanding the role of unattended ground sensors to multi-tiered systems

NASA Astrophysics Data System (ADS)

Garrison, David R., II

2009-05-01

Unattended Ground Sensors (UGS) have recently gained momentum in surveillance and protection applications. Many of these Unattended Ground Sensors are deployed in current operations today across the Department of Defense (DoD) and Department of Homeland Security (DHS). In addition to UGS needs, there is a growing desire to leverage existing UGS for incorporation into higher level systems for a broadening role in defense and homeland security applications. The architecture to achieve this goal and examples of non-traditional scenarios that leverage higher level systems are discussed in this paper.

A Multifactor Secure Authentication System for Wireless Payment

NASA Astrophysics Data System (ADS)

Sanyal, Sugata; Tiwari, Ayu; Sanyal, Sudip

Organizations are deploying wireless based online payment applications to expand their business globally, it increases the growing need of regulatory requirements for the protection of confidential data, and especially in internet based financial areas. Existing internet based authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. The vulnerability is that access is based on only single factor authentication which is not secure to protect user data, there is a need of multifactor authentication. This paper proposes a new protocol based on multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce another security level with the traditional Login/password system. The system provides a highly secure environment that is simple to use and deploy with in a limited resources that does not require any change in infrastructure or underline protocol of wireless network. This Protocol for Wireless Payment is extended as a two way authentications system to satisfy the emerging market need of mutual authentication and also supports secure B2B communication which increases faith of the user and business organizations on wireless financial transaction using mobile devices.

76 FR 4489 - Disclosure for Asset-Backed Securities Required by Section 943 of the Dodd-Frank Wall Street...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-26

... Dodd-Frank Wall Street Reform and Consumer Protection Act AGENCY: Securities and Exchange Commission... Reform and Consumer Protection Act (the ``Act'') related to asset-backed securities (``ABS'').\\11... securities. The Act broadened the mission of the MSRB to include the protection of state and local...

10 CFR 2.903 - Protection of restricted data and national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 1 2010-01-01 2010-01-01 false Protection of restricted data and national security... Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national security information. Nothing in this subpart shall relieve any person from safeguarding Restricted Data or...

A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: a privacy-protecting remote access system for health-related research and evaluation.

PubMed

Jones, Kerina H; Ford, David V; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J; Heaven, Martin L; Thayer, Daniel S; McNerney, Cynthia L; Lyons, Ronan A

2014-08-01

With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community. Copyright © 2014 The Aurthors. Published by Elsevier Inc. All rights reserved.

A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: A privacy-protecting remote access system for health-related research and evaluation☆

PubMed Central

Jones, Kerina H.; Ford, David V.; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J.; Heaven, Martin L.; Thayer, Daniel S.; McNerney, Cynthia L.; Lyons, Ronan A.

2014-01-01

With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community. PMID:24440148

A Demonstration of a Trusted Computer Interface Between a Multilevel Secure Command and Control System and Untrusted Tactical Data Systems.

DTIC Science & Technology

1987-03-01

information and work in a completely secure environment. Information used with today’s C3I systems must be protected. To better understand the role of...and security was of minor concern. The user either worked on his own behalf or as a programmer for someone else. The computer power was limited. With...Although the modules may be of the same classification level, the manager may want to limit each team’s access to the module on which they are working

Comprehensive security framework for the communication and storage of medical images

NASA Astrophysics Data System (ADS)

Slik, David; Montour, Mike; Altman, Tym

2003-05-01

Confidentiality, integrity verification and access control of medical imagery and associated metadata is critical for the successful deployment of integrated healthcare networks that extend beyond the department level. As medical imagery continues to become widely accessed across multiple administrative domains and geographically distributed locations, image data should be able to travel and be stored on untrusted infrastructure, including public networks and server equipment operated by external entities. Given these challenges associated with protecting large-scale distributed networks, measures must be taken to protect patient identifiable information while guarding against tampering, denial of service attacks, and providing robust audit mechanisms. The proposed framework outlines a series of security practices for the protection of medical images, incorporating Transport Layer Security (TLS), public and secret key cryptography, certificate management and a token based trusted computing base. It outlines measures that can be utilized to protect information stored within databases, online and nearline storage, and during transport over trusted and untrusted networks. In addition, it provides a framework for ensuring end-to-end integrity of image data from acquisition to viewing, and presents a potential solution to the challenges associated with access control across multiple administrative domains and institution user bases.

76 FR 3014 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-19

... Coast Guard will enforce the Blair Waterway security zone in Commencement Bay, WA for protection of... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2011-0015] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA AGENCY: Coast Guard, DHS...

33 CFR 165.1321 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security Zone; Protection of... Areas Thirteenth Coast Guard District § 165.1321 Security Zone; Protection of Military Cargo, Captain of... Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PORTS AND WATERWAYS SAFETY...

6 CFR 13.24 - Protective order.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Protective order. 13.24 Section 13.24 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROGRAM FRAUD CIVIL REMEDIES § 13.24 Protective order. (a) A party or a prospective witness or deponent may file a motion for a protective order...

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2013 CFR

2013-10-01

... REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health... accordance with § 164.306: (1)(i) Standard: Security management process. Implement policies and procedures to... to the confidentiality, integrity, and availability of electronic protected health information held...

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2014 CFR

2014-10-01

... REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health... accordance with § 164.306: (1)(i) Standard: Security management process. Implement policies and procedures to... to the confidentiality, integrity, and availability of electronic protected health information held...

Access to healthcare and financial risk protection for older adults in Mexico: secondary data analysis of a national survey.

PubMed

Doubova, Svetlana V; Pérez-Cuevas, Ricardo; Canning, David; Reich, Michael R

2015-07-21

While the benefits of Seguro Popular health insurance in Mexico relative to no insurance have been widely documented, little has been reported on its effects relative to the pre-existing Social Security health insurance. We analyse the effects of Social Security and Seguro Popular health insurances in Mexico on access to healthcare of older adults, and on financial risk protection to their households, compared with older adults without health insurance. Secondary data analysis was performed using the 2012 Mexican Survey of Health and Nutrition (ENSANUT). The study population comprised 18,847 older adults and 13,180 households that have an elderly member. The dependent variables were access to healthcare given the reported need, the financial burden imposed by health expenditures measured through catastrophic health-related expenditures, and using savings for health-related expenditures. Separate propensity score matching analyses were conducted for each comparison. The analysis for access was performed at the individual level, and the analysis for financial burden at the household level. In each case, matching on a wide set of relevant characteristics was achieved. Seguro Popular showed a protective effect against lack of access to healthcare for older adults compared with those with no insurance. The average treatment effect on the treated (ATET) was ascertained through using the nearest-neighbour matching (-8.1%, t-stat -2.305) analysis. However, Seguro Popular did not show a protective effect against catastrophic expenditures in a household where an older adult lived. Social Security showed increased access to healthcare (ATET -11.3%, t-stat -3.138), and protective effect against catastrophic expenditures for households with an elderly member (ATET -1.9%, t-stat -2.178). Seguro Popular increased access to healthcare for Mexican older adults. Social Security showed a significant protective effect against lack of access and catastrophic expenditures compared with those without health insurance. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

Identification of handheld objects for electro-optic/FLIR applications

NASA Astrophysics Data System (ADS)

Moyer, Steve K.; Flug, Eric; Edwards, Timothy C.; Krapels, Keith A.; Scarbrough, John

2004-08-01

This paper describes research on the determination of the fifty-percent probability of identification cycle criterion (N50) for two sets of handheld objects. The first set consists of 12 objects which are commonly held in a single hand. The second set consists of 10 objects commonly held in both hands. These sets consist of not only typical civilian handheld objects but also objects that are potentially lethal. A pistol, a cell phone, a rocket propelled grenade (RPG) launcher, and a broom are examples of the objects in these sets. The discrimination of these objects is an inherent part of homeland security, force protection, and also general population security. Objects were imaged from each set in the visible and mid-wave infrared (MWIR) spectrum. Various levels of blur are then applied to these images. These blurred images were then used in a forced choice perception experiment. Results were analyzed as a function of blur level and target size to give identification probability as a function of resolvable cycles on target. These results are applicable to handheld object target acquisition estimates for visible imaging systems and MWIR systems. This research provides guidance in the design and analysis of electro-optical systems and forward-looking infrared (FLIR) systems for use in homeland security, force protection, and also general population security.

Evaluating Common Privacy Vulnerabilities in Internet Service Providers

NASA Astrophysics Data System (ADS)

Kotzanikolaou, Panayiotis; Maniatis, Sotirios; Nikolouzou, Eugenia; Stathopoulos, Vassilios

Privacy in electronic communications receives increased attention in both research and industry forums, stemming from both the users' needs and from legal and regulatory requirements in national or international context. Privacy in internet-based communications heavily relies on the level of security of the Internet Service Providers (ISPs), as well as on the security awareness of the end users. This paper discusses the role of the ISP in the privacy of the communications. Based on real security audits performed in national-wide ISPs, we illustrate privacy-specific threats and vulnerabilities that many providers fail to address when implementing their security policies. We subsequently provide and discuss specific security measures that the ISPs can implement, in order to fine-tune their security policies in the context of privacy protection.

Providing security assurance in line with national DBT assumptions

NASA Astrophysics Data System (ADS)

Bajramovic, Edita; Gupta, Deeksha

2017-01-01

As worldwide energy requirements are increasing simultaneously with climate change and energy security considerations, States are thinking about building nuclear power to fulfill their electricity requirements and decrease their dependence on carbon fuels. New nuclear power plants (NPPs) must have comprehensive cybersecurity measures integrated into their design, structure, and processes. In the absence of effective cybersecurity measures, the impact of nuclear security incidents can be severe. Some of the current nuclear facilities were not specifically designed and constructed to deal with the new threats, including targeted cyberattacks. Thus, newcomer countries must consider the Design Basis Threat (DBT) as one of the security fundamentals during design of physical and cyber protection systems of nuclear facilities. IAEA NSS 10 describes the DBT as "comprehensive description of the motivation, intentions and capabilities of potential adversaries against which protection systems are designed and evaluated". Nowadays, many threat actors, including hacktivists, insider threat, cyber criminals, state and non-state groups (terrorists) pose security risks to nuclear facilities. Threat assumptions are made on a national level. Consequently, threat assessment closely affects the design structures of nuclear facilities. Some of the recent security incidents e.g. Stuxnet worm (Advanced Persistent Threat) and theft of sensitive information in South Korea Nuclear Power Plant (Insider Threat) have shown that these attacks should be considered as the top threat to nuclear facilities. Therefore, the cybersecurity context is essential for secure and safe use of nuclear power. In addition, States should include multiple DBT scenarios in order to protect various target materials, types of facilities, and adversary objectives. Development of a comprehensive DBT is a precondition for the establishment and further improvement of domestic state nuclear-related regulations in the field of physical and cyber protection. These national regulations have to be met later on by I&C platform suppliers, electrical systems suppliers, system integrators and turn-key providers.

A Survey on Cyber Security awareness among college students in Tamil Nadu

NASA Astrophysics Data System (ADS)

Senthilkumar, K.; Easwaramoorthy, Sathishkumar

2017-11-01

The aim of the study is to analyse the awareness of cyber security on college students in Tamil Nadu by focusing various security threats in the internet. In recent years cybercrime is an enormous challenge in all areas including national security, public safety and personal privacy. To prevent from a victim of cybercrime everyone must know about their own security and safety measures to protect by themselves. A well-structured questionnaire survey method will be applied to analyse the college student’s awareness in the area of cyber security. This survey will be going to conducted in major cities of Tamil Nadu by focusing various security threats like email, virus, phishing, fake advertisement, popup windows and other attacks in the internet. This survey examines the college students’ awareness and the level of awareness about the security issues and some suggestions are set forth to overcome these issues.

Personal health record systems and their security protection.

PubMed

Win, Khin Than; Susilo, Willy; Mu, Yi

2006-08-01

The objective of this study is to analyze the security protection of personal health record systems. To achieve this we have investigated different personal health record systems, their security functions, and security issues. We have noted that current security mechanisms are not adequate and we have proposed some security mechanisms to tackle these problems.

17 CFR 300.503 - Voidable securities transactions.

Code of Federal Regulations, 2010 CFR

2010-04-01

... (CONTINUED) Schedule A to Part 285 RULES OF THE SECURITIES INVESTOR PROTECTION CORPORATION Rules Relating to... right of the Securities Investor Protection Corporation, in a direct payment procedure under section 10... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Voidable securities...

An Empirical Examination of Fear Appeal's Effect on Behavioral Intention to Comply with Anti-Spyware Software Information Security Recommendations among College Students

ERIC Educational Resources Information Center

Brown, David A.

2017-01-01

Information security is a concern for managers implementing protection measures. Implementing information security measures requires communicating both the reason and remediation for the protection measure. Examining how an anti-spyware security communication affects an individual's intention to implement a protection measure could help improve…

The Influence of Security Statement, Technical Protection, and Privacy on Satisfaction and Loyalty; A Structural Equation Modeling

NASA Astrophysics Data System (ADS)

Peikari, Hamid Reza

Customer satisfaction and loyalty have been cited as the e-commerce critical success factors and various studies have been conducted to find the antecedent determinants of these concepts in the online transactions. One of the variables suggested by some studies is perceived security. However, these studies have referred to security from a broad general perspective and no attempts have been made to study the specific security related variables. This paper intends to study the influence on security statement and technical protection on satisfaction, loyalty and privacy. The data was collected from 337 respondents and after the reliability and validity tests, path analysis was applied to examine the hypotheses. The results suggest that loyalty is influenced by satisfaction and security statement and no empirical support was found for the influence on technical protection and privacy on loyalty. Moreover, it was found that security statement and technical protection have a positive significant influence on satisfaction while no significant effect was found for privacy. Furthermore, the analysis indicated that security statement have a positive significant influence on technical protection while technical protection was found to have a significant negative impact on perceived privacy.

Information Systems at Enterprise. Design of Secure Network of Enterprise

NASA Astrophysics Data System (ADS)

Saigushev, N. Y.; Mikhailova, U. V.; Vedeneeva, O. A.; Tsaran, A. A.

2018-05-01

No enterprise and company can do without designing its own corporate network in today's information society. It accelerates and facilitates the work of employees at any level, but contains a big threat to confidential information of the company. In addition to the data theft attackers, there are plenty of information threats posed by modern malware effects. In this regard, the computational security of corporate networks is an important component of modern information technologies of computer security for any enterprise. This article says about the design of the protected corporate network of the enterprise that provides the computers on the network access to the Internet, as well interoperability with the branch. The access speed to the Internet at a high level is provided through the use of high-speed access channels and load balancing between devices. The security of the designed network is performed through the use of VLAN technology as well as access lists and AAA server.

Secret-key expansion from covert communication

NASA Astrophysics Data System (ADS)

Arrazola, Juan Miguel; Amiri, Ryan

2018-02-01

Covert communication allows the transmission of messages in such a way that it is not possible for adversaries to detect that the communication is occurring. This provides protection in situations where knowledge that two parties are talking to each other may be incriminating to them. In this work, we study how covert communication can be used for a different purpose: secret key expansion. First, we show that any message transmitted in a secure covert protocol is also secret and therefore unknown to an adversary. We then propose a covert communication protocol where the amount of key consumed in the protocol is smaller than the transmitted key, thus leading to secure secret key expansion. We derive precise conditions for secret key expansion to occur, showing that it is possible when there are sufficiently low levels of noise for a given security level. We conclude by examining how secret key expansion from covert communication can be performed in a computational security model.

Privacy and security of patient data in the pathology laboratory.

PubMed

Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

Protecting Buildings from People

ERIC Educational Resources Information Center

Progressive Architecture, 1978

1978-01-01

Security in buildings ranges from simple locks to elaborate electronic systems. Most buildings do not need the level of sophistication it is possible to achieve. A survey of these products, however, is appropriate to appreciate their potential and variety. (Author/MLF)

40 CFR 205.5-2 - National security exemptions.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 40 Protection of Environment 25 2011-07-01 2011-07-01 false National security exemptions. 205.5-2 Section 205.5-2 Protection of Environment ENVIRONMENTAL PROTECTION AGENCY (CONTINUED) NOISE ABATEMENT PROGRAMS TRANSPORTATION EQUIPMENT NOISE EMISSION CONTROLS General Provisions § 205.5-2 National security...

49 CFR 15.13 - Marking SSI.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.13 Marking... document. (b) Protective marking. The protective marking is: SENSITIVE SECURITY INFORMATION. (c... Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may...

40 CFR 205.5-2 - National security exemptions.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 40 Protection of Environment 24 2010-07-01 2010-07-01 false National security exemptions. 205.5-2 Section 205.5-2 Protection of Environment ENVIRONMENTAL PROTECTION AGENCY (CONTINUED) NOISE ABATEMENT PROGRAMS TRANSPORTATION EQUIPMENT NOISE EMISSION CONTROLS General Provisions § 205.5-2 National security...

49 CFR 15.13 - Marking SSI.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.13 Marking... document. (b) Protective marking. The protective marking is: SENSITIVE SECURITY INFORMATION. (c... Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may...

GEMSS: privacy and security for a medical Grid.

PubMed

Middleton, S E; Herveg, J A M; Crazzolara, F; Marvin, D; Poullet, Y

2005-01-01

The GEMSS project is developing a secure Grid infrastructure through which six medical simulations services can be invoked. We examine the legal and security framework within which GEMSS operates. We provide a legal qualification to the operations performed upon patient data, in view of EU directive 95/46, when using medical applications on the GEMSS Grid. We identify appropriate measures to ensure security and describe the legal rationale behind our choice of security technology. Our legal analysis demonstrates there must be an identified controller (typically a hospital) of patient data. The controller must then choose a processor (in this context a Grid service provider) that provides sufficient guarantees with respect to the security of their technical and organizational data processing procedures. These guarantees must ensure a level of security appropriate to the risks, with due regard to the state of the art and the cost of their implementation. Our security solutions are based on a public key infrastructure (PKI), transport level security and end-to-end security mechanisms in line with the web service (WS Security, WS Trust and SecureConversation) security specifications. The GEMSS infrastructure ensures a degree of protection of patient data that is appropriate for the health care sector, and is in line with the European directives. We hope that GEMSS will become synonymous with high security data processing, providing a framework by which GEMSS service providers can provide the security guarantees required by hospitals with regard to the processing of patient data.

19 CFR 10.778 - Filing of claim for tariff preference level.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 19 Customs Duties 1 2010-04-01 2010-04-01 false Filing of claim for tariff preference level. 10.778 Section 10.778 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY ARTICLES CONDITIONALLY FREE, SUBJECT TO A REDUCED RATE, ETC. United States-Morocco...

19 CFR 10.881 - Filing of claim for tariff preference level.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 19 Customs Duties 1 2013-04-01 2013-04-01 false Filing of claim for tariff preference level. 10.881 Section 10.881 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY ARTICLES CONDITIONALLY FREE, SUBJECT TO A REDUCED RATE, ETC. United States-Oman...

19 CFR 10.881 - Filing of claim for tariff preference level.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 19 Customs Duties 1 2012-04-01 2012-04-01 false Filing of claim for tariff preference level. 10.881 Section 10.881 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY ARTICLES CONDITIONALLY FREE, SUBJECT TO A REDUCED RATE, ETC. United States-Oman...

19 CFR 10.881 - Filing of claim for tariff preference level.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 19 Customs Duties 1 2011-04-01 2011-04-01 false Filing of claim for tariff preference level. 10.881 Section 10.881 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY ARTICLES CONDITIONALLY FREE, SUBJECT TO A REDUCED RATE, ETC. United States-Oman...

19 CFR 10.881 - Filing of claim for tariff preference level.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 19 Customs Duties 1 2014-04-01 2014-04-01 false Filing of claim for tariff preference level. 10.881 Section 10.881 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY ARTICLES CONDITIONALLY FREE, SUBJECT TO A REDUCED RATE, ETC. United States-Oman...

45 CFR 164.306 - Security standards: General rules.

Code of Federal Regulations, 2012 CFR

2012-10-01

... RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164.306 Security standards: General rules. (a) General requirements. Covered... covered entity to reasonably and appropriately implement the standards and implementation specifications...

45 CFR 164.306 - Security standards: General rules.

Code of Federal Regulations, 2013 CFR

2013-10-01

... RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164.306 Security standards: General rules. (a) General requirements. Covered... and appropriately implement the standards and implementation specifications as specified in this...

Secure distribution for high resolution remote sensing images

NASA Astrophysics Data System (ADS)

Liu, Jin; Sun, Jing; Xu, Zheng Q.

2010-09-01

The use of remote sensing images collected by space platforms is becoming more and more widespread. The increasing value of space data and its use in critical scenarios call for adoption of proper security measures to protect these data against unauthorized access and fraudulent use. In this paper, based on the characteristics of remote sensing image data and application requirements on secure distribution, a secure distribution method is proposed, including users and regions classification, hierarchical control and keys generation, and multi-level encryption based on regions. The combination of the three parts can make that the same remote sensing images after multi-level encryption processing are distributed to different permission users through multicast, but different permission users can obtain different degree information after decryption through their own decryption keys. It well meets user access control and security needs in the process of high resolution remote sensing image distribution. The experimental results prove the effectiveness of the proposed method which is suitable for practical use in the secure transmission of remote sensing images including confidential information over internet.

Measuring Stability and Security in Iraq

DTIC Science & Technology

2009-03-01

faces a budget deficit of $20 billion in 2009 based on a price of $50 per barrel and an export rate of 2.0 million barrels per day. Current oil prices...security details with handguns and assist them in obtaining MoI weapons cards. In addition to protection officers, the Coalition assists with...production throughout 2009. Overall, crude oil production peaked at 2.54 million barrels per day (mbpd) in July 2008 and leveled off at approximately

Secure and QoS-Managed Information Exchange Between Enterprise and Constrained Environments

DTIC Science & Technology

2014-01-01

systems and enterprise services during mission operation can enable greater situational awareness and empowerment for the tactical user . For example...April 01, 2007. [17] Robbins, D., Unmanned Aircraft Operational Integration using MITRE’s Cursor on Target, The Edge, Volume 10, Number 2, MITRE...appropriate level of security protection and quality of service (QoS) for the tactical users is one possibility. Such an approach is not cost ef

Multi-discipline Waste Acceptance Process at the Nevada National Security Site - 13573

DOE Office of Scientific and Technical Information (OSTI.GOV)

Carilli, Jhon T.; Krenzien, Susan K.

2013-07-01

The Nevada National Security Site low-level radioactive waste disposal facility acceptance process requires multiple disciplines to ensure the protection of workers, the public, and the environment. These disciplines, which include waste acceptance, nuclear criticality, safety, permitting, operations, and performance assessment, combine into the overall waste acceptance process to assess low-level radioactive waste streams for disposal at the Area 5 Radioactive Waste Management Site. Four waste streams recently highlighted the integration of these disciplines: the Oak Ridge Radioisotope Thermoelectric Generators and Consolidated Edison Uranium Solidification Project material, West Valley Melter, and classified waste. (authors)

Approaches to decrease the level of parasitic noise over vibroacoustic channel in terms of configuring information security tools

NASA Astrophysics Data System (ADS)

Ivanov, A. V.; Reva, I. L.; Babin, A. A.

2018-04-01

The article deals with influence of various ways to place vibration transmitters on efficiency of rooms safety for negotiations. Standing for remote vibration listening of window glass, electro-optical channel, the most typical technical channel of information leakage, was investigated. The modern system “Sonata-AB” of 4B model is used as an active protection tool. Factors influencing on security tools configuration efficiency have been determined. The results allow utilizer to reduce masking interference level as well as parasitic noise with keeping properties of room safety.

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

NASA Technical Reports Server (NTRS)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

Model-Driven Configuration of SELinux Policies

NASA Astrophysics Data System (ADS)

Agreiter, Berthold; Breu, Ruth

The need for access control in computer systems is inherent. However, the complexity to configure such systems is constantly increasing which affects the overall security of a system negatively. We think that it is important to define security requirements on a non-technical level while taking the application domain into respect in order to have a clear and separated view on security configuration (i.e. unblurred by technical details). On the other hand, security functionality has to be tightly integrated with the system and its development process in order to provide comprehensive means of enforcement. In this paper, we propose a systematic approach based on model-driven security configuration to leverage existing operating system security mechanisms (SELinux) for realising access control. We use UML models and develop a UML profile to satisfy these needs. Our goal is to exploit a comprehensive protection mechanism while rendering its security policy manageable by a domain specialist.

10 CFR 73.28 - Security background checks for secure transfer of nuclear materials.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 2 2010-01-01 2010-01-01 false Security background checks for secure transfer of nuclear materials. 73.28 Section 73.28 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) PHYSICAL PROTECTION OF PLANTS AND MATERIALS Physical Protection of Special Nuclear Material in Transit § 73.28 Security...

10 CFR 73.28 - Security background checks for secure transfer of nuclear materials.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 2 2011-01-01 2011-01-01 false Security background checks for secure transfer of nuclear materials. 73.28 Section 73.28 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) PHYSICAL PROTECTION OF PLANTS AND MATERIALS Physical Protection of Special Nuclear Material in Transit § 73.28 Security...

10 CFR 73.28 - Security background checks for secure transfer of nuclear materials.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 2 2012-01-01 2012-01-01 false Security background checks for secure transfer of nuclear materials. 73.28 Section 73.28 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) PHYSICAL PROTECTION OF PLANTS AND MATERIALS Physical Protection of Special Nuclear Material in Transit § 73.28 Security...

10 CFR 73.28 - Security background checks for secure transfer of nuclear materials.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 2 2014-01-01 2014-01-01 false Security background checks for secure transfer of nuclear materials. 73.28 Section 73.28 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) PHYSICAL PROTECTION OF PLANTS AND MATERIALS Physical Protection of Special Nuclear Material in Transit § 73.28 Security...

10 CFR 73.28 - Security background checks for secure transfer of nuclear materials.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 2 2013-01-01 2013-01-01 false Security background checks for secure transfer of nuclear materials. 73.28 Section 73.28 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) PHYSICAL PROTECTION OF PLANTS AND MATERIALS Physical Protection of Special Nuclear Material in Transit § 73.28 Security...

6 CFR 25.10 - Confidentiality and protection of Intellectual Property.

Code of Federal Regulations, 2011 CFR

2011-01-01

... protection of Intellectual Property. (a) General. The Secretary, in consultation with the Office of... 6 Domestic Security 1 2011-01-01 2011-01-01 false Confidentiality and protection of Intellectual Property. 25.10 Section 25.10 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY...

17 CFR 301.0-1 - Availability of forms.

Code of Federal Regulations, 2010 CFR

2010-04-01

... A to Part 285 FORMS, SECURITIES INVESTOR PROTECTION CORPORATION § 301.0-1 Availability of forms. The forms prescribed for use under the Securities Investor Protection Act of 1970, as amended, (the “Act... may be obtained upon request to, as appropriate, the Securities Investor Protection Corporation (“SIPC...

10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... significance (Category III), and for protection of Restricted Data, National Security Information, Safeguards... 10 Energy 2 2010-01-01 2010-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED...

77 FR 34055 - Agency Information Collection Activities: Certificate of Registration

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-08

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Agency Information Collection.... SUMMARY: U.S. Customs and Border Protection (CBP) of the Department of Homeland Security will be... addressed to the OMB Desk Officer for U.S. Customs and Border Protection, Department of Homeland Security...

33 CFR 155.130 - Exemptions.

Code of Federal Regulations, 2011 CFR

2011-07-01

....130 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) POLLUTION OIL OR HAZARDOUS MATERIAL POLLUTION PREVENTION REGULATIONS FOR VESSELS General § 155.130 Exemptions... standards exist that would provide an equivalent level of protection from pollution; and (iii) The...

33 CFR 155.130 - Exemptions.

Code of Federal Regulations, 2010 CFR

2010-07-01

....130 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) POLLUTION OIL OR HAZARDOUS MATERIAL POLLUTION PREVENTION REGULATIONS FOR VESSELS General § 155.130 Exemptions... standards exist that would provide an equivalent level of protection from pollution; and (iii) The...

33 CFR 155.130 - Exemptions.

Code of Federal Regulations, 2012 CFR

2012-07-01

....130 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) POLLUTION OIL OR HAZARDOUS MATERIAL POLLUTION PREVENTION REGULATIONS FOR VESSELS General § 155.130 Exemptions... standards exist that would provide an equivalent level of protection from pollution; and (iii) The...

33 CFR 155.130 - Exemptions.

Code of Federal Regulations, 2014 CFR

2014-07-01

....130 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) POLLUTION OIL OR HAZARDOUS MATERIAL POLLUTION PREVENTION REGULATIONS FOR VESSELS General § 155.130 Exemptions... standards exist that would provide an equivalent level of protection from pollution; and (iii) The...

33 CFR 155.130 - Exemptions.

Code of Federal Regulations, 2013 CFR

2013-07-01

....130 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) POLLUTION OIL OR HAZARDOUS MATERIAL POLLUTION PREVENTION REGULATIONS FOR VESSELS General § 155.130 Exemptions... standards exist that would provide an equivalent level of protection from pollution; and (iii) The...

Interpreting international governance standards for health IT use within general medical practice.

PubMed

Mahncke, Rachel J; Williams, Patricia A H

2014-01-01

General practices in Australia recognise the importance of comprehensive protective security measures. Some elements of information security governance are incorporated into recommended standards, however the governance component of information security is still insufficiently addressed in practice. The International Organistion for Standardisation (ISO) released a new global standard in May 2013 entitled, ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security. This standard, applicable to organisations of all sizes, offers a framework against which to assess and implement the governance components of information security. The standard demonstrates the relationship between governance and the management of information security, provides strategic principles and processes, and forms the basis for establishing a positive information security culture. An analysis interpretation of this standard for use in Australian general practice was performed. This work is unique as such interpretation for the Australian healthcare environment has not been undertaken before. It demonstrates an application of the standard at a strategic level to inform existing development of an information security governance framework.

Security practices and regulatory compliance in the healthcare industry.

PubMed

Kwon, Juhee; Johnson, M Eric

2013-01-01

Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). Hospitals in the highest level of compliance were significantly managing third parties' breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption.

Security practices and regulatory compliance in the healthcare industry

PubMed Central

Kwon, Juhee; Johnson, M Eric

2013-01-01

Objective Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. Design We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. Measurement We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. Results Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). Conclusions Hospitals in the highest level of compliance were significantly managing third parties’ breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption. PMID:22955497

Privacy and security of patient data in the pathology laboratory

PubMed Central

Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

45 CFR 164.306 - Security standards: General rules.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 45 Public Welfare 1 2010-10-01 2010-10-01 false Security standards: General rules. 164.306 Section 164.306 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected...

45 CFR 164.306 - Security standards: General rules.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 45 Public Welfare 1 2011-10-01 2011-10-01 false Security standards: General rules. 164.306 Section 164.306 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected...

45 CFR 164.306 - Security standards: General rules.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 45 Public Welfare 1 2014-10-01 2014-10-01 false Security standards: General rules. 164.306 Section 164.306 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected...

Positive valence bias and parent-child relationship security moderate the association between early institutional caregiving and internalizing symptoms

PubMed Central

VanTieghem, Michelle R.; Gabard-Durnam, Laurel; Goff, Bonnie; Flannery, Jessica; Humphreys, Kathryn L.; Telzer, Eva H.; Caldera, Christina; Louie, Jennifer Y.; Shapiro, Mor; Bolger, Niall; Tottenham, Nim

2018-01-01

Institutional caregiving is associated with significant deviations from species-expected caregiving, altering the normative sequence of attachment formation and placing children at risk for long-term emotional difficulties. However, little is known about factors that can promote resilience following early institutional caregiving. In the current study, we investigated how adaptations in affective processing (i.e. positive valence bias) and family-level protective factors (i.e. secure parent-child relationships) moderate risk for internalizing symptoms in Previously Institutionalized (PI) youth. Children and adolescents with and without a history of institutional care performed a laboratory-based affective processing task and self-reported measures of parent-child relationship security. PI youth were more likely than comparison youth to show positive valence biases when interpreting ambiguous facial expressions. Both positive valence bias and parent-child relationship security moderated the association between institutional care and parent-reported internalizing symptoms, such that greater positive valence bias and more secure parent-child relationships predicted fewer symptoms in PI youth. However, when both factors were tested concurrently, parent-child relationship security more strongly moderated the link between PI status and internalizing symptoms. These findings suggest that both individual-level adaptations in affective processing and family-level factors of secure parent-child relationships may ameliorate risk for internalizing psychopathology following early institutional caregiving. PMID:28401841

Positive valence bias and parent-child relationship security moderate the association between early institutional caregiving and internalizing symptoms.

PubMed

Vantieghem, Michelle R; Gabard-Durnam, Laurel; Goff, Bonnie; Flannery, Jessica; Humphreys, Kathryn L; Telzer, Eva H; Caldera, Christina; Louie, Jennifer Y; Shapiro, Mor; Bolger, Niall; Tottenham, Nim

2017-05-01

Institutional caregiving is associated with significant deviations from species-expected caregiving, altering the normative sequence of attachment formation and placing children at risk for long-term emotional difficulties. However, little is known about factors that can promote resilience following early institutional caregiving. In the current study, we investigated how adaptations in affective processing (i.e., positive valence bias) and family-level protective factors (i.e., secure parent-child relationships) moderate risk for internalizing symptoms in previously institutionalized (PI) youth. Children and adolescents with and without a history of institutional care performed a laboratory-based affective processing task and self-reported measures of parent-child relationship security. PI youth were more likely than comparison youth to show positive valence biases when interpreting ambiguous facial expressions. Both positive valence bias and parent-child relationship security moderated the association between institutional care and parent-reported internalizing symptoms, such that greater positive valence bias and more secure parent-child relationships predicted fewer symptoms in PI youth. However, when both factors were tested concurrently, parent-child relationship security more strongly moderated the link between PI status and internalizing symptoms. These findings suggest that both individual-level adaptations in affective processing and family-level factors of secure parent-child relationships may ameliorate risk for internalizing psychopathology following early institutional caregiving.

Constructing vulnerabilty and protective measures indices for the enhanced critical infrastructure protection program.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fisher, R. E.; Buehring, W. A.; Whitfield, R. G.

2009-10-14

The US Department of Homeland Security (DHS) has directed its Protective Security Advisors (PSAs) to form partnerships with the owners and operators of assets most essential to the Nation's well being - a subclass of critical infrastructure and key resources (CIKR) - and to conduct site visits for these and other high-risk assets as part of the Enhanced Critical Infrastructure Protection (ECIP) Program. During each such visit, the PSA documents information about the facility's current CIKR protection posture and overall security awareness. The primary goals for ECIP site visits (DHS 2009) are to: (1) inform facility owners and operators ofmore » the importance of their facilities as an identified high-priority CIKR and the need to be vigilant in light of the ever-present threat of terrorism; (2) identify protective measures currently in place at these facilities, provide comparisons of CIKR protection postures across like assets, and track the implementation of new protective measures; and (3) enhance existing relationships among facility owners and operators; DHS; and various Federal, State, local tribal, and territorial partners. PSAs conduct ECIP visits to assess overall site security; educate facility owners and operators about security; help owners and operators identify gaps and potential improvements; and promote communication and information sharing among facility owners and operators, DHS, State governments, and other security partners. Information collected during ECIP visits is used to develop metrics; conduct sector-by-sector and cross-sector vulnerability comparisons; identify security gaps and trends across CIKR sectors and subsectors; establish sector baseline security survey results; and track progress toward improving CIKR security through activities, programs, outreach, and training (Snyder 2009). The data being collected are used in a framework consistent with the National Infrastructure Protection Plan (NIPP) risk criteria (DHS 2009). The NIPP framework incorporates consequence, threat, and vulnerability components and addresses all hazards. The analysis of the vulnerability data needs to be reproducible, support risk analysis, and go beyond protection. It also needs to address important security/vulnerability topics, such as physical security, cyber security, systems analysis, and dependencies and interdependencies. This report provides an overview of the approach being developed to estimate vulnerability and provide vulnerability comparisons for sectors and subsectors. the information will be used to assist DHS in analyzing existing protective measures and vulnerability at facilities, to identify potential ways to reduce vulnerabilities, and to assist in preparing sector risk estimates. The owner/operator receives an analysis of the data collected for a specific asset, showing a comparison between the facility's protection posture/vulnerability index and those of DHS sector/subsector sites visited. This comparison gives the owner/operator an indication of the asset's security strengths and weaknesses that may be contributing factors to its vulnerability and protection posture. The information provided to the owner/operator shows how the asset compares to other similar assets within the asset's sector or subsector. A 'dashboard' display is used to illustrate the results in a convenient format. The dashboard allows the owner/operator to analyze the implementation of additional protective measures and to illustrate how such actions would impact the asset's Protective Measures Index (PMI) or Vulnerability Index (VI).« less

Establishing end-to-end security in a nationwide network for telecooperation.

PubMed

Staemmler, Martin; Walz, Michael; Weisser, Gerald; Engelmann, Uwe; Weininger, Robert; Ernstberger, Antonio; Sturm, Johannes

2012-01-01

Telecooperation is used to support care for trauma patients by facilitating a mutual exchange of treatment and image data in use-cases such as emergency consultation, second-opinion, transfer, rehabilitation and out-patient aftertreatment. To comply with data protection legislation a two-factor authentication using ownership and knowledge has been implemented to assure personalized access rights. End-to-end security is achieved by symmetric encryption in combination with external trusted services which provide the symmetric key solely at runtime. Telecooperation partners may be chosen at departmental level but only individuals of that department, as a result of checking the organizational assignments maintained by LDAP services, are granted access. Data protection officers of a federal state have accepted the data protection means. The telecooperation platform is in routine operation and designed to serve for up to 800 trauma centers in Germany, organized in more than 50 trauma networks.

33 CFR 165.1313 - Security zone regulations, tank ship protection, Puget Sound and adjacent waters, Washington

Code of Federal Regulations, 2010 CFR

2010-07-01

... Areas Thirteenth Coast Guard District § 165.1313 Security zone regulations, tank ship protection, Puget... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security zone regulations, tank ship protection, Puget Sound and adjacent waters, Washington 165.1313 Section 165.1313 Navigation and...

78 FR 16701 - Agency Information Collection Activities: Application for Foreign Trade Zone and/or Status...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-18

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Agency Information Collection... Zone Activity Permit AGENCY: U.S. Customs and Border Protection (CBP), Department of Homeland Security...-0029. SUMMARY: U.S. Customs and Border Protection (CBP) of the Department of Homeland Security will be...

Efficient Data Transfer Rate and Speed of Secured Ethernet Interface System.

PubMed

Ghanti, Shaila; Naik, G M

2016-01-01

Embedded systems are extensively used in home automation systems, small office systems, vehicle communication systems, and health service systems. The services provided by these systems are available on the Internet and these services need to be protected. Security features like IP filtering, UDP protection, or TCP protection need to be implemented depending on the specific application used by the device. Every device on the Internet must have network interface. This paper proposes the design of the embedded Secured Ethernet Interface System to protect the service available on the Internet against the SYN flood attack. In this experimental study, Secured Ethernet Interface System is customized to protect the web service against the SYN flood attack. Secured Ethernet Interface System is implemented on ALTERA Stratix IV FPGA as a system on chip and uses the modified SYN flood attack protection method. The experimental results using Secured Ethernet Interface System indicate increase in number of genuine clients getting service from the server, considerable improvement in the data transfer rate, and better response time during the SYN flood attack.

Efficient Data Transfer Rate and Speed of Secured Ethernet Interface System

PubMed Central

Ghanti, Shaila

2016-01-01

Embedded systems are extensively used in home automation systems, small office systems, vehicle communication systems, and health service systems. The services provided by these systems are available on the Internet and these services need to be protected. Security features like IP filtering, UDP protection, or TCP protection need to be implemented depending on the specific application used by the device. Every device on the Internet must have network interface. This paper proposes the design of the embedded Secured Ethernet Interface System to protect the service available on the Internet against the SYN flood attack. In this experimental study, Secured Ethernet Interface System is customized to protect the web service against the SYN flood attack. Secured Ethernet Interface System is implemented on ALTERA Stratix IV FPGA as a system on chip and uses the modified SYN flood attack protection method. The experimental results using Secured Ethernet Interface System indicate increase in number of genuine clients getting service from the server, considerable improvement in the data transfer rate, and better response time during the SYN flood attack. PMID:28116350

The role of privacy protection in healthcare information systems adoption.

PubMed

Hsu, Chien-Lung; Lee, Ming-Ren; Su, Chien-Hui

2013-10-01

Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users' privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection.

Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids

PubMed Central

Zhang, Liping; Tang, Shanyu; Luo, He

2016-01-01

In a smart grid, the power service provider enables the expected power generation amount to be measured according to current power consumption, thus stabilizing the power system. However, the data transmitted over smart grids are not protected, and then suffer from several types of security threats and attacks. Thus, a robust and efficient authentication protocol should be provided to strength the security of smart grid networks. As the Supervisory Control and Data Acquisition system provides the security protection between the control center and substations in most smart grid environments, we focus on how to secure the communications between the substations and smart appliances. Existing security approaches fail to address the performance-security balance. In this study, we suggest a mitigation authentication protocol based on Elliptic Curve Cryptography with privacy protection by using a tamper-resistant device at the smart appliance side to achieve a delicate balance between performance and security of smart grids. The proposed protocol provides some attractive features such as identity protection, mutual authentication and key agreement. Finally, we demonstrate the completeness of the proposed protocol using the Gong-Needham- Yahalom logic. PMID:27007951

Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids.

PubMed

Zhang, Liping; Tang, Shanyu; Luo, He

2016-01-01

In a smart grid, the power service provider enables the expected power generation amount to be measured according to current power consumption, thus stabilizing the power system. However, the data transmitted over smart grids are not protected, and then suffer from several types of security threats and attacks. Thus, a robust and efficient authentication protocol should be provided to strength the security of smart grid networks. As the Supervisory Control and Data Acquisition system provides the security protection between the control center and substations in most smart grid environments, we focus on how to secure the communications between the substations and smart appliances. Existing security approaches fail to address the performance-security balance. In this study, we suggest a mitigation authentication protocol based on Elliptic Curve Cryptography with privacy protection by using a tamper-resistant device at the smart appliance side to achieve a delicate balance between performance and security of smart grids. The proposed protocol provides some attractive features such as identity protection, mutual authentication and key agreement. Finally, we demonstrate the completeness of the proposed protocol using the Gong-Needham-Yahalom logic.

32 CFR 228.6 - Security inspection.

Code of Federal Regulations, 2010 CFR

2010-07-01

... protected property are subject to inspection. A search of a person may accompany an investigative stop or an...) MISCELLANEOUS SECURITY PROTECTIVE FORCE § 228.6 Security inspection. Any personal property, including but not...

32 CFR 228.6 - Security inspection.

Code of Federal Regulations, 2012 CFR

2012-07-01

... protected property are subject to inspection. A search of a person may accompany an investigative stop or an...) MISCELLANEOUS SECURITY PROTECTIVE FORCE § 228.6 Security inspection. Any personal property, including but not...

32 CFR 228.6 - Security inspection.

Code of Federal Regulations, 2011 CFR

2011-07-01

... protected property are subject to inspection. A search of a person may accompany an investigative stop or an...) MISCELLANEOUS SECURITY PROTECTIVE FORCE § 228.6 Security inspection. Any personal property, including but not...

32 CFR 228.6 - Security inspection.

Code of Federal Regulations, 2013 CFR

2013-07-01

... protected property are subject to inspection. A search of a person may accompany an investigative stop or an...) MISCELLANEOUS SECURITY PROTECTIVE FORCE § 228.6 Security inspection. Any personal property, including but not...

Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

PubMed

Caruso, Ronald D

2003-01-01

Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort. Copyright RSNA, 2003

Secure Database Management Study.

DTIC Science & Technology

1978-12-01

covers cases Involving indus- trial economics (e.g., Industrial spies) and commercial finances (e.g., fraud). Priv¢j--Protection of date about people...California, Berke - lay [STONM76aI. * The approach to protection taken in INGRE (STOM74| has attracted a lot of Interest* Queries, in a high level query...Material Command Support Activity (NMCSA), and another DoD agency, Cullinane Corporation developed a prototype version of the IDS database system on a

Multitier specification for NSEP (National Security/Emergency Preparedness) enhancement of fiber-optic long-distance telecommunication networks. Volume 1. The multitier specification - an executive summary. Technical Information Bulletin

DOE Office of Scientific and Technical Information (OSTI.GOV)

Peach, D.F.

1987-12-01

Fiber optic telecommunication systems are susceptible to both natural and man-made stress. National Security/Emergency Preparedness (NSEP) is a function of how durable these systems are in light of projected levels of stress. Emergency Preparedness in 1987 is not just a matter of--can they deliver food, water, energy and other essentials--but can they deliver the vital information necessary to maintain corporate function of our country. 'Communication stamina' is a function of 'probability of survival' when faced with stress. This report provides an overview of the enhancements to a fiber-optic communication system/installation that will increase durability. These enhancements are grouped, based onmore » their value in protecting the system, such that a Multitier Specification is created that presents multiple levels of hardness. Mitigation of effects due to high-altitude electromagnetic pulse (HEMP) and gamma radiation, and protection from vandalism and weather events are discussed in the report. The report is presented in two volumes. Volume I presents the Multitier Specification in a format that is usable for management review. The attributes of specified physical parameters, and the levels of protection stated in Volume I, are discussed in more detail in Volume II.« less

40 CFR 11.5 - Procedures.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 40 Protection of Environment 1 2010-07-01 2010-07-01 false Procedures. 11.5 Section 11.5 Protection of Environment ENVIRONMENTAL PROTECTION AGENCY GENERAL SECURITY CLASSIFICATION REGULATIONS...” shall be directed to: Director, Security and Inspection Division, Environmental Protection Agency...

32 CFR 228.13 - Disturbances on protected property.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 2 2014-07-01 2014-07-01 false Disturbances on protected property. 228.13... (CONTINUED) MISCELLANEOUS SECURITY PROTECTIVE FORCE § 228.13 Disturbances on protected property. Any conduct which impedes or threatens the security of protected property, or any buildings or persons thereon, or...

32 CFR 228.13 - Disturbances on protected property.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 2 2013-07-01 2013-07-01 false Disturbances on protected property. 228.13... (CONTINUED) MISCELLANEOUS SECURITY PROTECTIVE FORCE § 228.13 Disturbances on protected property. Any conduct which impedes or threatens the security of protected property, or any buildings or persons thereon, or...

32 CFR 228.13 - Disturbances on protected property.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 2 2012-07-01 2012-07-01 false Disturbances on protected property. 228.13... (CONTINUED) MISCELLANEOUS SECURITY PROTECTIVE FORCE § 228.13 Disturbances on protected property. Any conduct which impedes or threatens the security of protected property, or any buildings or persons thereon, or...

32 CFR 228.13 - Disturbances on protected property.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 2 2011-07-01 2011-07-01 false Disturbances on protected property. 228.13... (CONTINUED) MISCELLANEOUS SECURITY PROTECTIVE FORCE § 228.13 Disturbances on protected property. Any conduct which impedes or threatens the security of protected property, or any buildings or persons thereon, or...

32 CFR 228.13 - Disturbances on protected property.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 2 2010-07-01 2010-07-01 false Disturbances on protected property. 228.13... (CONTINUED) MISCELLANEOUS SECURITY PROTECTIVE FORCE § 228.13 Disturbances on protected property. Any conduct which impedes or threatens the security of protected property, or any buildings or persons thereon, or...

10 CFR 2.903 - Protection of restricted data and national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national security information. Nothing in this subpart shall relieve any person from safeguarding Restricted Data or National Security Information in accordance with the applicable provisions of laws of the United States and...

Security Management Strategies for Protecting Your Library's Network.

ERIC Educational Resources Information Center

Ives, David J.

1996-01-01

Presents security procedures for protecting a library's computer system from potential threats by patrons or personnel, and describes how security can be breached. A sidebar identifies four areas of concern in security management: the hardware, the operating system, the network, and the user interface. A selected bibliography of sources on…

17 CFR 403.7 - Effective dates.

Code of Federal Regulations, 2010 CFR

2010-04-01

... THE SECURITIES EXCHANGE ACT OF 1934 PROTECTION OF CUSTOMER SECURITIES AND BALANCES § 403.7 Effective... referred to in § 403.4 concerning the Securities Investor Protection Act of 1970, and (ii) if applicable... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Effective dates. 403.7 Section...

22 CFR 1101.5 - Security, confidentiality and protection of records.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... 22 Foreign Relations 2 2011-04-01 2009-04-01 true Security, confidentiality and protection of... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

22 CFR 1101.5 - Security, confidentiality and protection of records.

Code of Federal Regulations, 2014 CFR

2014-04-01

... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... 22 Foreign Relations 2 2014-04-01 2014-04-01 false Security, confidentiality and protection of... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

22 CFR 1101.5 - Security, confidentiality and protection of records.

Code of Federal Regulations, 2013 CFR

2013-04-01

... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... 22 Foreign Relations 2 2013-04-01 2009-04-01 true Security, confidentiality and protection of... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

22 CFR 1101.5 - Security, confidentiality and protection of records.

Code of Federal Regulations, 2012 CFR

2012-04-01

... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... 22 Foreign Relations 2 2012-04-01 2009-04-01 true Security, confidentiality and protection of... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

22 CFR 1101.5 - Security, confidentiality and protection of records.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... 22 Foreign Relations 2 2010-04-01 2010-04-01 true Security, confidentiality and protection of... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

Suicide among emergency and protective service workers: A retrospective mortality study in Australia, 2001 to 2012.

PubMed

Milner, A; Witt, K; Maheen, H; LaMontagne, A D

2017-01-01

Emergency and protective services personnel (e.g., police, ambulance, fire-fighters, defence, prison and security officers) report elevated levels of job stress and health problems. While population-level research is lacking, there has been some research suggesting suicide rates may be elevated in emergency and protective services. This paper compares suicide rates between emergency and protective services occupational groups over a 12-year period (2001-2012) in Australia. Labour force data was obtained from the 2006 Australian Census. Suicide data was obtained from the National Coroners Information System (NCIS). Negative binomial regression was used to estimate the association between suicide and employment as an emergency or protective service worker (including prison and security officers) over the period 2001-2012, as compared to all other occupations. Information on suicide method was extracted from the NCIS. The age-adjusted suicide rate across all emergency and protective service workers was 22.4 (95% CI 19.5 to 25.2) per 100,000 in males and 7.8 in females (95% CI 4.6 to 11.00), compared to 15.5 per 100,000 (95% CI 15.2 to 15.9) for males and 3.4 (95% CI 3.2 to 3.6) for females in other occupations. The highest risk by subgroup was observed among those employed in the defence force, prison officers, and ambulance personnel. The major method of death for all occupational groups was hanging. Our results clearly highlight the need for suicide prevention among emergency and protective service occupations.

10 CFR 95.25 - Protection of National Security Information and Restricted Data in storage.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 2 2012-01-01 2012-01-01 false Protection of National Security Information and Restricted Data in storage. 95.25 Section 95.25 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY... protection during non-working hours; or (2) Any steel file cabinet that has four sides and a top and bottom...

10 CFR 95.25 - Protection of National Security Information and Restricted Data in storage.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 2 2014-01-01 2014-01-01 false Protection of National Security Information and Restricted Data in storage. 95.25 Section 95.25 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY... protection during non-working hours; or (2) Any steel file cabinet that has four sides and a top and bottom...

10 CFR 95.25 - Protection of National Security Information and Restricted Data in storage.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 2 2010-01-01 2010-01-01 false Protection of National Security Information and Restricted Data in storage. 95.25 Section 95.25 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY... protection during non-working hours; or (2) Any steel file cabinet that has four sides and a top and bottom...

10 CFR 95.25 - Protection of National Security Information and Restricted Data in storage.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 2 2013-01-01 2013-01-01 false Protection of National Security Information and Restricted Data in storage. 95.25 Section 95.25 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY... protection during non-working hours; or (2) Any steel file cabinet that has four sides and a top and bottom...

10 CFR 95.25 - Protection of National Security Information and Restricted Data in storage.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 2 2011-01-01 2011-01-01 false Protection of National Security Information and Restricted Data in storage. 95.25 Section 95.25 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY... protection during non-working hours; or (2) Any steel file cabinet that has four sides and a top and bottom...

33 CFR 165.1324 - Safety and Security Zone; Cruise Ship Protection, Elliott Bay and Pier-91, Seattle, Washington.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Areas Thirteenth Coast Guard District § 165.1324 Safety and Security Zone; Cruise Ship Protection... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Safety and Security Zone; Cruise Ship Protection, Elliott Bay and Pier-91, Seattle, Washington. 165.1324 Section 165.1324 Navigation and...

78 FR 32696 - China Environmental Protection, Inc., Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-31

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] China Environmental Protection, Inc., Order of Suspension of Trading May 29, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of China Environmental Protection, Inc. because it has not filed any periodi...

17 CFR 240.17a-5 - Reports to be made by certain brokers and dealers.

Code of Federal Regulations, 2013 CFR

2013-04-01

... membership of the broker or dealer in the Securities Investor Protection Corporation (“SIPC”) if, pursuant to... provided for in section 4(d)(1)(c) of the Securities Investor Protection Act of 1970, as amended. The... for exclusion from membership under the Securities Investor Protection Act of 1970, and the date and...

17 CFR 240.17a-5 - Reports to be made by certain brokers and dealers.

Code of Federal Regulations, 2012 CFR

2012-04-01

... membership of the broker or dealer in the Securities Investor Protection Corporation (“SIPC”) if, pursuant to... provided for in section 4(d)(1)(c) of the Securities Investor Protection Act of 1970, as amended. The... for exclusion from membership under the Securities Investor Protection Act of 1970, and the date and...

17 CFR 240.17a-5 - Reports to be made by certain brokers and dealers.

Code of Federal Regulations, 2011 CFR

2011-04-01

... membership of the broker or dealer in the Securities Investor Protection Corporation (“SIPC”) if, pursuant to... provided for in section 4(d)(1)(c) of the Securities Investor Protection Act of 1970, as amended. The... for exclusion from membership under the Securities Investor Protection Act of 1970, and the date and...

40 CFR 11.4 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 40 Protection of Environment 1 2010-07-01 2010-07-01 false Definitions. 11.4 Section 11.4 Protection of Environment ENVIRONMENTAL PROTECTION AGENCY GENERAL SECURITY CLASSIFICATION REGULATIONS.... Confidential refers to that national security information or material which requires protection. The test for...

A Low Cost Key Agreement Protocol Based on Binary Tree for EPCglobal Class 1 Generation 2 RFID Protocol

NASA Astrophysics Data System (ADS)

Jeng, Albert; Chang, Li-Chung; Chen, Sheng-Hui

There are many protocols proposed for protecting Radio Frequency Identification (RFID) system privacy and security. A number of these protocols are designed for protecting long-term security of RFID system using symmetric key or public key cryptosystem. Others are designed for protecting user anonymity and privacy. In practice, the use of RFID technology often has a short lifespan, such as commodity check out, supply chain management and so on. Furthermore, we know that designing a long-term security architecture to protect the security and privacy of RFID tags information requires a thorough consideration from many different aspects. However, any security enhancement on RFID technology will jack up its cost which may be detrimental to its widespread deployment. Due to the severe constraints of RFID tag resources (e. g., power source, computing power, communication bandwidth) and open air communication nature of RFID usage, it is a great challenge to secure a typical RFID system. For example, computational heavy public key and symmetric key cryptography algorithms (e. g., RSA and AES) may not be suitable or over-killed to protect RFID security or privacy. These factors motivate us to research an efficient and cost effective solution for RFID security and privacy protection. In this paper, we propose a new effective generic binary tree based key agreement protocol (called BKAP) and its variations, and show how it can be applied to secure the low cost and resource constraint RFID system. This BKAP is not a general purpose key agreement protocol rather it is a special purpose protocol to protect privacy, un-traceability and anonymity in a single RFID closed system domain.

A Strategic Design of an Opto-Chemical Security Device with Resettable and Reconfigurable Password Based Upon Dual Channel Two-in-One Chemosensor Molecule.

PubMed

Majumdar, Tapas; Haldar, Basudeb; Mallick, Arabinda

2017-02-20

A simple strategy is proposed to design and develop an intelligent device based on dual channel ion responsive spectral properties of a commercially available molecule, harmine (HM). The system can process different sets of opto-chemical inputs generating different patterns as fluorescence outputs at specific wavelengths which can provide an additional level of protection exploiting both password and pattern recognitions. The proposed system could have the potential to come up with highly secured combinatorial locks at the molecular level that could pose valuable real time and on-site applications for user authentication.

A Strategic Design of an Opto-Chemical Security Device with Resettable and Reconfigurable Password Based Upon Dual Channel Two-in-One Chemosensor Molecule

NASA Astrophysics Data System (ADS)

Majumdar, Tapas; Haldar, Basudeb; Mallick, Arabinda

2017-02-01

A simple strategy is proposed to design and develop an intelligent device based on dual channel ion responsive spectral properties of a commercially available molecule, harmine (HM). The system can process different sets of opto-chemical inputs generating different patterns as fluorescence outputs at specific wavelengths which can provide an additional level of protection exploiting both password and pattern recognitions. The proposed system could have the potential to come up with highly secured combinatorial locks at the molecular level that could pose valuable real time and on-site applications for user authentication.

Critical Infrastructure Protection and Federal Statutory Authority for the Departments of Homeland Security and Defense to Perform Two Key Tasks

DTIC Science & Technology

2017-04-13

Highway, Suite 1204, Arlington, VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law , no person shall be...policy, and law . The research question is whether the Departments of Homeland Security (DHS) and Defense (DOD) have federal statutory authority to... law ); Department of Homeland Security; Department of Defense; establish standards; physical protection and security; national security 16. SECURITY

Research in DRM architecture based on watermarking and PKI

NASA Astrophysics Data System (ADS)

Liu, Ligang; Chen, Xiaosu; Xiao, Dao-ju; Yi, Miao

2005-02-01

Analyze the virtue and disadvantage of the present digital copyright protecting system, design a kind of security protocol model of digital copyright protection, which equilibrium consider the digital media"s use validity, integrality, security of transmission, and trade equity, make a detailed formalize description to the protocol model, analyze the relationship of the entities involved in the digital work copyright protection. The analysis of the security and capability of the protocol model shows that the model is good at security and practicability.

76 FR 47947 - Re-Proposal of Shelf Eligibility Conditions for Asset-Backed Securities

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-05

...We are revising and re-proposing certain rules that were initially proposed in April 2010 related to asset-backed securities in light of the provisions added by the Dodd-Frank Wall Street Reform and Consumer Protection Act and comments received on our April 2010 proposals. Specifically, we are re-proposing registrant and transaction requirements related to shelf registration of asset-backed securities and changes to exhibit filing deadlines. In addition, we are requesting additional comment on our proposal to require asset-level information about the pool assets. We continue to consider the other matters in our April 2010 proposing release.

10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 2 2012-01-01 2012-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material control...

10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 2 2011-01-01 2011-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material control...

10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 2 2014-01-01 2014-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material control...

10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 2 2013-01-01 2013-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material control...

[System construction of early warning for ecological security at cultural and natural heritage mixed sites and its application: a case study of Wuyishan Scenery District].

PubMed

You, Wei-Bin; He, Dong-Jin; Qin, De-Hua; Ji, Zhi-Rong; Wu, Li-Yun; Yu, Jian-An; Chen, Bing-Rong; Tan, Yong

2014-05-01

This paper proposed a new concept of ecological security for protection by a comprehensive analysis of the contents and standards of world heritage sites. A frame concept model named "Pressure-State-Control" for early warning of ecological security at world heritage mixed sites was constructed and evaluation indicators of this frame were also selected. Wuyishan Scenery District was chosen for a case study, which has been severely disturbed by natural and artificial factors. Based on the frame model of "Pressure-State-Control" and by employing extension analysis, the matter-element model was established to assess the ecological security status of this cultural and natural world heritage mixed site. The results showed that the accuracy of ecological security early warning reached 84%. Early warning rank was I level (no alert status) in 1997 and 2009, but that in 2009 had a higher possibility to convert into II level. Likewise, the early-warning indices of sensitive ranks were different between 1997 and 2009. Population density, population growth rate, area index for tea garden, cultivated land owned per capita, level of drought, and investment for ecological and environmental construction were the main limiting factors to hinder the development of ecological security from 2009 to future. In general, the status of Wuyishan Scenery District ecological security was relatively good and considered as no alert level, while risk conditions also existed in terms of a few early-warning indicators. We still need to pay more attention to serious alert indicators and adopt effective prevention and control measures to maintain a good ecological security status of this heritage site.

49 CFR 40.43 - What steps must operators of collection sites take to protect the security and integrity of urine...

Code of Federal Regulations, 2010 CFR

2010-10-01

... to protect the security and integrity of urine collections? 40.43 Section 40.43 Transportation Office... PROGRAMS Collection Sites, Forms, Equipment and Supplies Used in DOT Urine Collections § 40.43 What steps must operators of collection sites take to protect the security and integrity of urine collections? (a...

49 CFR 40.43 - What steps must operators of collection sites take to protect the security and integrity of urine...

Code of Federal Regulations, 2012 CFR

2012-10-01

... to protect the security and integrity of urine collections? 40.43 Section 40.43 Transportation Office... PROGRAMS Collection Sites, Forms, Equipment and Supplies Used in DOT Urine Collections § 40.43 What steps must operators of collection sites take to protect the security and integrity of urine collections? (a...

49 CFR 40.43 - What steps must operators of collection sites take to protect the security and integrity of urine...

Code of Federal Regulations, 2011 CFR

2011-10-01

... to protect the security and integrity of urine collections? 40.43 Section 40.43 Transportation Office... PROGRAMS Collection Sites, Forms, Equipment and Supplies Used in DOT Urine Collections § 40.43 What steps must operators of collection sites take to protect the security and integrity of urine collections? (a...

49 CFR 40.43 - What steps must operators of collection sites take to protect the security and integrity of urine...

Code of Federal Regulations, 2014 CFR

2014-10-01

... to protect the security and integrity of urine collections? 40.43 Section 40.43 Transportation Office... PROGRAMS Collection Sites, Forms, Equipment and Supplies Used in DOT Urine Collections § 40.43 What steps must operators of collection sites take to protect the security and integrity of urine collections? (a...

49 CFR 40.43 - What steps must operators of collection sites take to protect the security and integrity of urine...

Code of Federal Regulations, 2013 CFR

2013-10-01

... to protect the security and integrity of urine collections? 40.43 Section 40.43 Transportation Office... PROGRAMS Collection Sites, Forms, Equipment and Supplies Used in DOT Urine Collections § 40.43 What steps must operators of collection sites take to protect the security and integrity of urine collections? (a...

76 FR 67755 - Privacy Act of 1974; Department of Homeland Security U.S. Customs and Border Protection DHS/CBP...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

... 1974; Department of Homeland Security U.S. Customs and Border Protection DHS/CBP-003 Credit/Debit Card... Security/U.S Customs and Border Protection--003 Credit/Debit Card Data System of Records.'' This system... any credit and debit card transactions with it has with individuals. Additionally, the Department of...

49 CFR 40.223 - What steps must be taken to protect the security of alcohol testing sites?

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 1 2010-10-01 2010-10-01 false What steps must be taken to protect the security of alcohol testing sites? 40.223 Section 40.223 Transportation Office of the Secretary of..., Equipment and Supplies Used in Alcohol Testing § 40.223 What steps must be taken to protect the security of...

People Crossing Borders: An Analysis of U.S. Border Protection Policies

DTIC Science & Technology

2010-05-13

evaluate the policies that have been pursued in providing border protection, especially as these policies might impact other elements of the U.S. border...evaluate the impact of the current framework. Lastly, this report offers some policy options—both short-term and long-term—for addressing the...to account for the commercial consequences of ever-climbing levels of security at the U.S. border. In the end, balancing the economic impact of

MulVAL Extensions for Dynamic Asset Protection

DTIC Science & Technology

2006-04-01

called Skybox Security and an AI-based project called CycSecure were identified as interesting and relatively mature projects, which deserve closer...dynamic asset protection solution. A critique of the Skybox Security and CycSecure solutions, with respect to the requirements of dynamic asset...particulièrement, un produit du commerce appelé Skybox Security et un projet d’IA appelé CycSecure ont été désignés comme étant des projets

Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hadley, Mark D.; Clements, Samuel L.

2009-01-01

Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets aremore » considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.« less

The Attractiveness of Materials in Advanced Nuclear Fuel Cycles for Various Proliferation and Theft Scenarios

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bathke, C. G.; Wallace, R. K.; Ireland, J. R.

2010-09-01

This paper is an extension to earlier studies1,2 that examined the attractiveness of materials mixtures containing special nuclear materials (SNM) and alternate nuclear materials (ANM) associated with the PUREX, UREX, COEX, THOREX, and PYROX reprocessing schemes. This study extends the figure of merit (FOM) for evaluating attractiveness to cover a broad range of proliferant state and sub-national group capabilities. The primary conclusion of this study is that all fissile material needs to be rigorously safeguarded to detect diversion by a state and provided the highest levels of physical protection to prevent theft by sub-national groups; no “silver bullet” has beenmore » found that will permit the relaxation of current international safeguards or national physical security protection levels. This series of studies has been performed at the request of the United States Department of Energy (DOE) and is based on the calculation of "attractiveness levels" that are expressed in terms consistent with, but normally reserved for nuclear materials in DOE nuclear facilities.3 The expanded methodology and updated findings are presented. Additionally, how these attractiveness levels relate to proliferation resistance and physical security are discussed.« less

The attractiveness of materials in advanced nuclear fuel cycles for various proliferation and theft scenarios

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bathke, Charles G; Wallace, Richard K; Ireland, John R

2009-01-01

This paper is an extension to earlier studies that examined the attractiveness of materials mixtures containing special nuclear materials (SNM) and alternate nuclear materials (ANM) associated with the PUREX, UREX, COEX, THOREX, and PYROX reprocessing schemes. This study extends the figure of merit (FOM) for evaluating attractiveness to cover a broad range of proliferant state and sub-national group capabilities. The primary conclusion of this study is that all fissile material needs to be rigorously safeguarded to detect diversion by a state and provided the highest levels of physical protection to prevent theft by sub-national groups; no 'silver bullet' has beenmore » found that will permit the relaxation of current international safeguards or national physical security protection levels. This series of studies has been performed at the request of the United States Department of Energy (DOE) and is based on the calculation of 'attractiveness levels' that are expressed in terms consistent with, but normally reserved for nuclear materials in DOE nuclear facilities. The expanded methodology and updated findings are presented. Additionally, how these attractiveness levels relate to proliferation resistance and physical security are discussed.« less

Toward Proper Authentication Methods in Electronic Medical Record Access Compliant to HIPAA and C.I.A. Triangle.

PubMed

Tipton, Stephen J; Forkey, Sara; Choi, Young B

2016-04-01

This paper examines various methods encompassing the authentication of users in accessing Electronic Medical Records (EMRs). From a methodological perspective, multiple authentication methods have been researched from both a desktop and mobile accessibility perspective. Each method is investigated at a high level, along with comparative analyses, as well as real world examples. The projected outcome of this examination is a better understanding of the sophistication required in protecting the vital privacy constraints of an individual's Protected Health Information (PHI). In understanding the implications of protecting healthcare data in today's technological world, the scope of this paper is to grasp an overview of confidentiality as it pertains to information security. In addressing this topic, a high level overview of the three goals of information security are examined; in particular, the goal of confidentiality is the primary focus. Expanding upon the goal of confidentiality, healthcare accessibility legal aspects are considered, with a focus upon the Health Insurance Portability and Accountability Act of 1996 (HIPAA). With the primary focus of this examination being access to EMRs, the paper will consider two types of accessibility of concern: access from a physician, or group of physicians; and access from an individual patient.

The Application of materials attractiveness in a graded approach to nuclear materials security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ebbinghaus, B.; Bathke, C.; Dalton, D.

2013-07-01

The threat from terrorist groups has recently received greater attention. In this paper, material quantity and material attractiveness are addressed through the lens of a minimum security strategy needed to prevent the construction of a nuclear explosive device (NED) by an adversary. Nuclear materials are placed into specific security categories (3 or 4 categories) , which define a number of security requirements to protect the material. Materials attractiveness can be divided into four attractiveness levels, High, Medium, Low, and Very Low that correspond to the utility of the material to the adversary and to a minimum security strategy that ismore » necessary to adequately protect the nuclear material. We propose a graded approach to materials attractiveness that recognizes for instance substantial differences in attractiveness between pure reactor-grade Pu oxide (High attractiveness) and fresh MOX fuel (Low attractiveness). In either case, an adversary's acquisition of a Category I quantity of plutonium would be a major incident, but the acquisition of Pu oxide by the adversary would be substantially worse than the acquisition of fresh MOX fuel because of the substantial differences in the time and complexity required of the adversary to process the material and fashion it into a NED.« less

[Resources of person psychological security depending on the employment status of a pensioner.

PubMed

Krasnyanskaya, T M; Tylets, V G

2018-01-01

200 pensioners aged of 55 to 65 years differing in employment status (working or resting) after retirement age and character of his choice (voluntary or forced) were surveyed. The content and the structure of the resources of the pensioners' personality, of external determinants of the choice of their employment status, the connection of the external determinants of the choice of employment status and the resources of psychological security of the pensioners' personality were analyzed. The psychological resources consist of development and protection resources, proving the priority of resources security of the pensioners' person. The significance of resource development for working pensioners and the protection resources for real pensioners is established. The level of psychological safety of the personality of pensioners is determined by a combination of nature and voluntary choice of employment status. The choice of employment status depends on a complex assessment of macro-, meso- and microaspects of life. The self-estimation of the development resources is prioritized to save a pensioner work activities.

Protecting genomic data analytics in the cloud: state of the art and opportunities.

PubMed

Tang, Haixu; Jiang, Xiaoqian; Wang, Xiaofeng; Wang, Shuang; Sofia, Heidi; Fox, Dov; Lauter, Kristin; Malin, Bradley; Telenti, Amalio; Xiong, Li; Ohno-Machado, Lucila

2016-10-13

The outsourcing of genomic data into public cloud computing settings raises concerns over privacy and security. Significant advancements in secure computation methods have emerged over the past several years, but such techniques need to be rigorously evaluated for their ability to support the analysis of human genomic data in an efficient and cost-effective manner. With respect to public cloud environments, there are concerns about the inadvertent exposure of human genomic data to unauthorized users. In analyses involving multiple institutions, there is additional concern about data being used beyond agreed research scope and being prcoessed in untrused computational environments, which may not satisfy institutional policies. To systematically investigate these issues, the NIH-funded National Center for Biomedical Computing iDASH (integrating Data for Analysis, 'anonymization' and SHaring) hosted the second Critical Assessment of Data Privacy and Protection competition to assess the capacity of cryptographic technologies for protecting computation over human genomes in the cloud and promoting cross-institutional collaboration. Data scientists were challenged to design and engineer practical algorithms for secure outsourcing of genome computation tasks in working software, whereby analyses are performed only on encrypted data. They were also challenged to develop approaches to enable secure collaboration on data from genomic studies generated by multiple organizations (e.g., medical centers) to jointly compute aggregate statistics without sharing individual-level records. The results of the competition indicated that secure computation techniques can enable comparative analysis of human genomes, but greater efficiency (in terms of compute time and memory utilization) are needed before they are sufficiently practical for real world environments.

Simultaneous multiplexing and encoding of multiple images based on a double random phase encryption system

NASA Astrophysics Data System (ADS)

Alfalou, Ayman; Mansour, Ali

2009-09-01

Nowadays, protecting information is a major issue in any transmission system, as showed by an increasing number of research papers related to this topic. Optical encoding methods, such as a Double Random Phase encryption system i.e. DRP, are widely used and cited in the literature. DRP systems have very simple principle and they are easily applicable to most images (B&W, gray levels or color). Moreover, some applications require an enhanced encoding level based on multiencryption scheme and including biometric keys (as digital fingerprints). The enhancement should be done without increasing transmitted or stored information. In order to achieve that goal, a new approach for simultaneous multiplexing & encoding of several target images is developed in this manuscript. By introducing two additional security levels, our approach enhances the security level of a classic "DRP" system. Our first security level consists in using several independent image-keys (randomly and structurally) along with a new multiplexing algorithm. At this level, several target images (multiencryption) are used. This part can reduce needed information (encoding information). At the second level a standard DRP system is included. Finally, our approach can detect if any vandalism attempt has been done on transmitted encrypted images.

36 CFR Appendix A to Part 1234 - Minimum Security Standards for Level III Federal Facilities

Code of Federal Regulations, 2014 CFR

2014-07-01

... technology and blast standards. Immediate review of ongoing projects may generate savings in the... critical systems (alarm systems, radio communications, computer facilities, etc.) Required. Occupant... all exterior windows (shatter protection) Recommended. Review current projects for blast standards...

36 CFR Appendix A to Part 1234 - Minimum Security Standards for Level III Federal Facilities

Code of Federal Regulations, 2013 CFR

2013-07-01

... construction projects should be reviewed if possible, to incorporate current technology and blast standards... critical systems (alarm systems, radio communications, computer facilities, etc.) Required. Occupant... all exterior windows (shatter protection) Recommended. Review current projects for blast standards...

36 CFR Appendix A to Part 1234 - Minimum Security Standards for Level III Federal Facilities

Code of Federal Regulations, 2012 CFR

2012-07-01

... technology and blast standards. Immediate review of ongoing projects may generate savings in the... critical systems (alarm systems, radio communications, computer facilities, etc.) Required. Occupant... all exterior windows (shatter protection) Recommended. Review current projects for blast standards...

Marketing and reputation aspects of neonatal safeguards and hospital-security systems.

PubMed

Smith, Alan D

2009-01-01

Technological advancements have migrated from personal-use electronics into the healthcare setting for security enhancements. Within maternity wards and nurseries, technology was seen as one of best way to protect newborns from abduction. The present study is a focus on what systems and methods are used in neonatal security, the security arrangements, staff training, and impacts outside the control of the hospital, customer satisfaction and customer relations management. Through hypothesis-testing and exploratory analysis, gender biases and extremely high levels of security were found within a web-enabled and professional sample of 200 respondents. The factor-based constructs were found to be, in order of the greatest explained variance: security concerns, personal technology usage, work technology applications, and demographic maturity concerns, resulting in four factor-based scores with significant combined variance of 61.5%. It was found that through a better understanding on the importance and vital need for hospitals to continue to improve on their technology-based security policies significantly enhanced their reputation in the highly competitive local healthcare industry.

An Unequal Secure Encryption Scheme for H.264/AVC Video Compression Standard

NASA Astrophysics Data System (ADS)

Fan, Yibo; Wang, Jidong; Ikenaga, Takeshi; Tsunoo, Yukiyasu; Goto, Satoshi

H.264/AVC is the newest video coding standard. There are many new features in it which can be easily used for video encryption. In this paper, we propose a new scheme to do video encryption for H.264/AVC video compression standard. We define Unequal Secure Encryption (USE) as an approach that applies different encryption schemes (with different security strength) to different parts of compressed video data. This USE scheme includes two parts: video data classification and unequal secure video data encryption. Firstly, we classify the video data into two partitions: Important data partition and unimportant data partition. Important data partition has small size with high secure protection, while unimportant data partition has large size with low secure protection. Secondly, we use AES as a block cipher to encrypt the important data partition and use LEX as a stream cipher to encrypt the unimportant data partition. AES is the most widely used symmetric cryptography which can ensure high security. LEX is a new stream cipher which is based on AES and its computational cost is much lower than AES. In this way, our scheme can achieve both high security and low computational cost. Besides the USE scheme, we propose a low cost design of hybrid AES/LEX encryption module. Our experimental results show that the computational cost of the USE scheme is low (about 25% of naive encryption at Level 0 with VEA used). The hardware cost for hybrid AES/LEX module is 4678 Gates and the AES encryption throughput is about 50Mbps.

75 FR 5487 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Customs...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-03

...The Department of Homeland Security is issuing a final rule to amend its regulations to exempt portions of a Department of Homeland Security/U.S. Customs and Border Protection system of records entitled the, ``Department of Homeland Security/U.S. Customs and Border Protection--006 Automated Targeting System of Records'' from certain provisions of the Privacy Act. Specifically, the Department exempts portions of the Department of Homeland Security/U.S. Customs and Border Protection--006 Automated Targeting system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements.

76 FR 27897 - Security and Safety Zone Regulations, Large Passenger Vessel Protection, Captain of the Port...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-13

... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2011-0342] Security and Safety Zone Regulations, Large Passenger Vessel Protection, Captain of the Port Columbia River... will enforce the security and safety zone in 33 CFR 165.1318 for large passenger vessels operating in...

77 FR 9528 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-17

... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2012-0087] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound AGENCY: Coast Guard, DHS... Waterway Security Zone in Commencement Bay, Tacoma, Washington from 6 a.m. on February 17, 2012, through 11...

46 CFR 503.59 - Safeguarding classified information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Information Security Program § 503.59 Safeguarding classified information. (a) All classified information... security; (2) Takes appropriate steps to protect classified information from unauthorized disclosure or... security check; (2) To protect the classified information in accordance with the provisions of Executive...

78 FR 5116 - NASA Information Security Protection

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-24

... 2700-AD61 NASA Information Security Protection AGENCY: National Aeronautics and Space Administration... implement the provisions of Executive Order (E.O.) 13526, Classified National Security Information, and... Information, that establishes the Agency's requirements for the proper implementation and management of a...

6 CFR 29.3 - Effect of provisions.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE... utilize the PCII only for purposes appropriate under the CII Act, including securing critical infrastructure or protected systems. Such PCII may not be utilized for any other collateral regulatory purposes...

6 CFR 29.3 - Effect of provisions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE... utilize the PCII only for purposes appropriate under the CII Act, including securing critical infrastructure or protected systems. Such PCII may not be utilized for any other collateral regulatory purposes...

6 CFR 29.3 - Effect of provisions.

Code of Federal Regulations, 2013 CFR

2013-01-01

... Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE... utilize the PCII only for purposes appropriate under the CII Act, including securing critical infrastructure or protected systems. Such PCII may not be utilized for any other collateral regulatory purposes...

6 CFR 29.3 - Effect of provisions.

Code of Federal Regulations, 2014 CFR

2014-01-01

... Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE... utilize the PCII only for purposes appropriate under the CII Act, including securing critical infrastructure or protected systems. Such PCII may not be utilized for any other collateral regulatory purposes...

6 CFR 29.3 - Effect of provisions.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE... utilize the PCII only for purposes appropriate under the CII Act, including securing critical infrastructure or protected systems. Such PCII may not be utilized for any other collateral regulatory purposes...

76 FR 27642 - Department of Homeland Security; Transfer of Data

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-12

... Subjects Environmental protection, Business and industry, Government property, Security measures. Dated... Security; Transfer of Data AGENCY: Environmental Protection Agency (EPA). ACTION: Notice. SUMMARY: This... Cosmetic Act (FFDCA), including information that may have been claimed as Confidential Business Information...

14 CFR 193.5 - How may I submit safety or security information and have it protected from disclosure?

Code of Federal Regulations, 2011 CFR

2011-01-01

... SUBMITTED INFORMATION § 193.5 How may I submit safety or security information and have it protected from... 14 Aeronautics and Space 3 2011-01-01 2011-01-01 false How may I submit safety or security information and have it protected from disclosure? 193.5 Section 193.5 Aeronautics and Space FEDERAL AVIATION...

14 CFR 193.5 - How may I submit safety or security information and have it protected from disclosure?

Code of Federal Regulations, 2010 CFR

2010-01-01

... SUBMITTED INFORMATION § 193.5 How may I submit safety or security information and have it protected from... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false How may I submit safety or security information and have it protected from disclosure? 193.5 Section 193.5 Aeronautics and Space FEDERAL AVIATION...

76 FR 65207 - U.S. Customs and Border Protection

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-20

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Notice of Cancellation of Customs Broker Licenses AGENCY: U.S. Customs and Border Protection, U.S. Department of Homeland Security.... 1641) and the U.S. Customs and Border Protection regulations (19 CFR 111.51), the following Customs...

Stakeholders' views on data sharing in multicenter studies.

PubMed

Mazor, Kathleen M; Richards, Allison; Gallagher, Mia; Arterburn, David E; Raebel, Marsha A; Nowell, W Benjamin; Curtis, Jeffrey R; Paolino, Andrea R; Toh, Sengwee

2017-09-01

To understand stakeholders' views on data sharing in multicenter comparative effectiveness research studies and the value of privacy-protecting methods. Semistructured interviews with five US stakeholder groups. We completed 11 interviews, involving patients (n = 15), researchers (n = 10), Institutional Review Board and regulatory staff (n = 3), multicenter research governance experts (n = 2) and healthcare system leaders (n = 4). Perceptions of the benefits and value of research were the strongest influences toward data sharing; cost and security risks were primary influences against sharing. Privacy-protecting methods that share summary-level data were acknowledged as being appealing, but there were concerns about increased cost and potential loss of research validity. Stakeholders were open to data sharing in multicenter studies that offer value and minimize security risks.

Protected interoperability of telecommunications and digital products

NASA Astrophysics Data System (ADS)

Hampel, Viktor E.; Cartier, Gene N.; Craft, James P.

1994-11-01

New federal standards for the protection of sensitive data now make it possible to ensure the authenticity, integrity and confidentiality of digital products, and non-repudiation of digital telecommunications. Under review and comment since 1991, the new Federal standards were confirmed this year and provide standard means for the protection of voice and data communications from accidental and wilful abuse. The standards are initially tailored to protect only `sensitive-but-unclassified' (SBU) data in compliance with the Computer Security Act of 1987. These data represent the majority of transactions in electronic commerce, including sensitive procurement information, trade secrets, financial data, product definitions, and company-proprietary information classified as `intellectual property.' Harmonization of the new standards with international requirements is in progress. In the United States, the confirmation of the basic standards marks the beginning of a long-range program to assure discretionary and mandatory access controls to digital resources. Upwards compatibility into the classified domain with multi-level security is a core requirement of the National Information Infrastructure. In this report we review the powerful capabilities of standard Public-Key-Cryptology, the availability of commercial and Federal products for data protection, and make recommendations for their cost-effective use to assure reliable telecommunications and process controls.

A biometric method to secure telemedicine systems.

PubMed

Zhang, G H; Poon, Carmen C Y; Li, Ye; Zhang, Y T

2009-01-01

Security and privacy are among the most crucial issues for data transmission in telemedicine systems. This paper proposes a solution for securing wireless data transmission in telemedicine systems, i.e. within a body sensor network (BSN), between the BSN and server as well as between the server and professionals who have assess to the server. A unique feature of this solution is the generation of random keys by physiological data (i.e. a biometric approach) for securing communication at all 3 levels. In the performance analysis, inter-pulse interval of photoplethysmogram is used as an example to generate these biometric keys to protect wireless data transmission. The results of statistical analysis and computational complexity suggest that this type of key is random enough to make telemedicine systems resistant to attacks.

Security Issues for Mobile Medical Imaging: A Primer.

PubMed

Choudhri, Asim F; Chatterjee, Arindam R; Javan, Ramin; Radvany, Martin G; Shih, George

2015-10-01

The end-user of mobile device apps in the practice of clinical radiology should be aware of security measures that prevent unauthorized use of the device, including passcode policies, methods for dealing with failed login attempts, network manager-controllable passcode enforcement, and passcode enforcement for the protection of the mobile device itself. Protection of patient data must be in place that complies with the Health Insurance Portability and Accountability Act and U.S. Federal Information Processing Standards. Device security measures for data protection include methods for locally stored data encryption, hardware encryption, and the ability to locally and remotely clear data from the device. As these devices transfer information over both local wireless networks and public cell phone networks, wireless network security protocols, including wired equivalent privacy and Wi-Fi protected access, are important components in the chain of security. Specific virtual private network protocols, Secure Sockets Layer and related protocols (especially in the setting of hypertext transfer protocols), native apps, virtual desktops, and nonmedical commercial off-the-shelf apps require consideration in the transmission of medical data over both private and public networks. Enterprise security and management of both personal and enterprise mobile devices are discussed. Finally, specific standards for hardware and software platform security, including prevention of hardware tampering, protection from malicious software, and application authentication methods, are vital components in establishing a secure platform for the use of mobile devices in the medical field. © RSNA, 2015.

Smartphone users: Understanding how security mechanisms are perceived and new persuasive methods

PubMed Central

Alsaleh, Mansour; Alomar, Noura; Alarifi, Abdulrahman

2017-01-01

Protecting smartphones against security threats is a multidimensional problem involving human and technological factors. This study investigates how smartphone users’ security- and privacy-related decisions are influenced by their attitudes, perceptions, and understanding of various security threats. In this work, we seek to provide quantified insights into smartphone users’ behavior toward multiple key security features including locking mechanisms, application repositories, mobile instant messaging, and smartphone location services. To the best of our knowledge, this is the first study that reveals often unforeseen correlations and dependencies between various privacy- and security-related behaviors. Our work also provides evidence that making correct security decisions might not necessarily correlate with individuals’ awareness of the consequences of security threats. By comparing participants’ behavior and their motives for adopting or ignoring certain security practices, we suggest implementing additional persuasive approaches that focus on addressing social and technological aspects of the problem. On the basis of our findings and the results presented in the literature, we identify the factors that might influence smartphone users’ security behaviors. We then use our understanding of what might drive and influence significant behavioral changes to propose several platform design modifications that we believe could improve the security levels of smartphones. PMID:28297719

Smartphone users: Understanding how security mechanisms are perceived and new persuasive methods.

PubMed

Alsaleh, Mansour; Alomar, Noura; Alarifi, Abdulrahman

2017-01-01

Protecting smartphones against security threats is a multidimensional problem involving human and technological factors. This study investigates how smartphone users' security- and privacy-related decisions are influenced by their attitudes, perceptions, and understanding of various security threats. In this work, we seek to provide quantified insights into smartphone users' behavior toward multiple key security features including locking mechanisms, application repositories, mobile instant messaging, and smartphone location services. To the best of our knowledge, this is the first study that reveals often unforeseen correlations and dependencies between various privacy- and security-related behaviors. Our work also provides evidence that making correct security decisions might not necessarily correlate with individuals' awareness of the consequences of security threats. By comparing participants' behavior and their motives for adopting or ignoring certain security practices, we suggest implementing additional persuasive approaches that focus on addressing social and technological aspects of the problem. On the basis of our findings and the results presented in the literature, we identify the factors that might influence smartphone users' security behaviors. We then use our understanding of what might drive and influence significant behavioral changes to propose several platform design modifications that we believe could improve the security levels of smartphones.

Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.

PubMed

Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

2014-11-01

Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS.

A novel anti-theft security system for photovoltaic modules

NASA Astrophysics Data System (ADS)

Khan, Wasif Ali; Lim, Boon-Han; Lai, An-Chow; Chong, Kok-Keong

2017-04-01

Solar farms are considered as easy target for thieves because of insufficient protection measures. Existing anti-theft approaches are based on system level and are not very preventive and efficient because these can be bypassed with some technical knowledge. Additionally, it is difficult for security guards to tackle them as robbers come in a form of a gang equipped with heavy weapons. In this paper, a low power auto shut-off and non-destructive system is proposed for photovoltaic (PV) modules to achieve better level of security at module level. In proposed method, the power generation function of the PV module will be shut-off internally and cannot be re-activated by unauthorized personnel, in the case of theft. Hence, the PV module will not be functional even sold to new customers. The system comprises of a microcontroller, a low power position sensor, a controllable semiconductor switch and a wireless reactive-able system. The anti-theft system is developed to be laminated inside PV module and will be interconnected with solar cells so it becomes difficult for thieves to temper. The position of PV module is retrieved by position sensor and stored in a microcontroller as an initial reference value. Microcontroller uses this stored reference value to control power supply of PV module via power switch. The stored reference value can be altered using wireless circuitry by following authentication protocol. It makes the system non-destructive as anti-theft function can be reset again by authorized personnel, if it is recovered after theft or moved for maintenance purposes. The research component includes the design of a position sensing circuit, an auto shut-off circuit, a reactive-able wireless security protection algorithm and finally the integration of the multiple circuits.

Termination of Safeguards for Accountable Nuclear Materials at the Idaho National Laboratory

DOE Office of Scientific and Technical Information (OSTI.GOV)

Michael Holzemer; Alan Carvo

2012-04-01

Termination of safeguards ends requirements of Nuclear Material Control and Accountability (MC&A) and thereby removes the safeguards basis for applying physical protection requirements for theft and diversion of nuclear material, providing termination requirements are met as described. Department of Energy (DOE) M 470.4 6 (Nuclear Material Control and Accountability [8/26/05]) stipulates: 1. Section A, Chapter I (1)( q) (1): Safeguards can be terminated on nuclear materials provided the following conditions are met: (a) 'If the material is special nuclear material (SNM) or protected as SNM, it must be attractiveness level E and have a measured value.' (b) 'The material hasmore » been determined by DOE line management to be of no programmatic value to DOE.' (c) 'The material is transferred to the control of a waste management organization where the material is accounted for and protected in accordance with waste management regulations. The material must not be collocated with other accountable nuclear materials.' Requirements for safeguards termination depend on the safeguards attractiveness levels of the material. For attractiveness level E, approval has been granted from the DOE Idaho Operations Office (DOE ID) to Battelle Energy Alliance, LLC (BEA) Safeguards and Security (S&S). In some cases, it may be necessary to dispose of nuclear materials of attractiveness level D or higher. Termination of safeguards for such materials must be approved by the Departmental Element (this is the DOE Headquarters Office of Nuclear Energy) after consultation with the Office of Security.« less

45 CFR 164.302 - Applicability.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164..., implementation specifications, and requirements of this subpart with respect to electronic protected health...

45 CFR 164.302 - Applicability.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164... specifications, and requirements of this subpart with respect to electronic protected health information. ...

40 CFR 11.1 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 40 Protection of Environment 1 2010-07-01 2010-07-01 false Purpose. 11.1 Section 11.1 Protection of Environment ENVIRONMENTAL PROTECTION AGENCY GENERAL SECURITY CLASSIFICATION REGULATIONS PURSUANT... the classification and declassification of national security information. They apply also to...

78 FR 7265 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-01

... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2012-0087] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA AGENCY: Coast Guard, DHS... Security Zone in Commencement Bay, Tacoma, Washington from 6 a.m. on February 1, 2013, through 11:59 p.m...

78 FR 57485 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-19

... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2012-0087] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound AGENCY: Coast Guard, DHS... Security Zone in Commencement Bay, Tacoma, Washington from 6 a.m. on September 12, 2013 through 11:59 p.m...

78 FR 54588 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-05

... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2012-0087] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound AGENCY: Coast Guard, DHS... Security Zone in Commencement Bay, Tacoma, Washington from 6:00 a.m. on September 2, 2013 through 11:59 p.m...

78 FR 11981 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-21

... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2012-0087] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA AGENCY: Coast Guard, DHS... Security Zone in Commencement Bay, Tacoma, Washington from 6 a.m. on February 23, 2013, through 11:59 p.m...

A Goal VPN Protection Profile for Protecting Sensitive Information

DTIC Science & Technology

2000-07-10

security for the systems in which they are used. Nothing could be further from the truth . There are no perfect security solutions, and no...establishment/termination, failures, and errors); • provide for directly connected (local hard -wire connection) and remote (over the network) interfaces... the TOERU is left unattended procedures such as media encryption or secure storage of the hard drive, will be used to insure the protection of stored

Low-Cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup

NASA Astrophysics Data System (ADS)

Kuo, Cynthia; Walker, Jesse; Perrig, Adrian

Bluetooth Simple Pairing and Wi-Fi Protected Setup specify mechanisms for exchanging authentication credentials in wireless networks. Both Simple Pairing and Protected Setup support multiple setup mechanisms, which increases security risks and hurts the user experience. To improve the security and usability of these specifications, we suggest defining a common baseline for hardware features and a consistent, interoperable user experience across devices.

Practical Computer Security through Cryptography

NASA Technical Reports Server (NTRS)

McNab, David; Twetev, David (Technical Monitor)

1998-01-01

The core protocols upon which the Internet was built are insecure. Weak authentication and the lack of low level encryption services introduce vulnerabilities that propagate upwards in the network stack. Using statistics based on CERT/CC Internet security incident reports, the relative likelihood of attacks via these vulnerabilities is analyzed. The primary conclusion is that the standard UNIX BSD-based authentication system is by far the most commonly exploited weakness. Encryption of Sensitive password data and the adoption of cryptographically-based authentication protocols can greatly reduce these vulnerabilities. Basic cryptographic terminology and techniques are presented, with attention focused on the ways in which technology such as encryption and digital signatures can be used to protect against the most commonly exploited vulnerabilities. A survey of contemporary security software demonstrates that tools based on cryptographic techniques, such as Kerberos, ssh, and PGP, are readily available and effectively close many of the most serious security holes. Nine practical recommendations for improving security are described.

78 FR 39712 - Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-02

... DEPARTMENT OF COMMERCE International Trade Administration Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait Clarification and Amendment AGENCY... cyber-security firms and trade organizations which have not already submitted an application are...

Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

PubMed

Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

2015-01-01

This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

Autonomous Byte Stream Randomizer

NASA Technical Reports Server (NTRS)

Paloulian, George K.; Woo, Simon S.; Chow, Edward T.

2013-01-01

Net-centric networking environments are often faced with limited resources and must utilize bandwidth as efficiently as possible. In networking environments that span wide areas, the data transmission has to be efficient without any redundant or exuberant metadata. The Autonomous Byte Stream Randomizer software provides an extra level of security on top of existing data encryption methods. Randomizing the data s byte stream adds an extra layer to existing data protection methods, thus making it harder for an attacker to decrypt protected data. Based on a generated crypto-graphically secure random seed, a random sequence of numbers is used to intelligently and efficiently swap the organization of bytes in data using the unbiased and memory-efficient in-place Fisher-Yates shuffle method. Swapping bytes and reorganizing the crucial structure of the byte data renders the data file unreadable and leaves the data in a deconstructed state. This deconstruction adds an extra level of security requiring the byte stream to be reconstructed with the random seed in order to be readable. Once the data byte stream has been randomized, the software enables the data to be distributed to N nodes in an environment. Each piece of the data in randomized and distributed form is a separate entity unreadable on its own right, but when combined with all N pieces, is able to be reconstructed back to one. Reconstruction requires possession of the key used for randomizing the bytes, leading to the generation of the same cryptographically secure random sequence of numbers used to randomize the data. This software is a cornerstone capability possessing the ability to generate the same cryptographically secure sequence on different machines and time intervals, thus allowing this software to be used more heavily in net-centric environments where data transfer bandwidth is limited.

Building a highly available and intrusion tolerant Database Security and Protection System (DSPS).

PubMed

Cai, Liang; Yang, Xiao-Hu; Dong, Jin-Xiang

2003-01-01

Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.

A Network Access Control Framework for 6LoWPAN Networks

PubMed Central

Oliveira, Luís M. L.; Rodrigues, Joel J. P. C.; de Sousa, Amaro F.; Lloret, Jaime

2013-01-01

Low power over wireless personal area networks (LoWPAN), in particular wireless sensor networks, represent an emerging technology with high potential to be employed in critical situations like security surveillance, battlefields, smart-grids, and in e-health applications. The support of security services in LoWPAN is considered a challenge. First, this type of networks is usually deployed in unattended environments, making them vulnerable to security attacks. Second, the constraints inherent to LoWPAN, such as scarce resources and limited battery capacity, impose a careful planning on how and where the security services should be deployed. Besides protecting the network from some well-known threats, it is important that security mechanisms be able to withstand attacks that have not been identified before. One way of reaching this goal is to control, at the network access level, which nodes can be attached to the network and to enforce their security compliance. This paper presents a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes. PMID:23334610

Security Enhancement of Wireless Sensor Networks Using Signal Intervals

PubMed Central

Moon, Jaegeun; Jung, Im Y.; Yoo, Jaesoo

2017-01-01

Various wireless technologies, such as RF, Bluetooth, and Zigbee, have been applied to sensor communications. However, the applications of Bluetooth-based wireless sensor networks (WSN) have a security issue. In one pairing process during Bluetooth communication, which is known as simple secure pairing (SSP), the devices are required to specify I/O capability or user interference to prevent man-in-the-middle (MITM) attacks. This study proposes an enhanced SSP in which a nonce to be transferred is converted to a corresponding signal interval. The quantization level, which is used to interpret physical signal intervals, is renewed at every connection by the transferred nonce and applied to the next nonce exchange so that the same signal intervals can represent different numbers. Even if attackers eavesdrop on the signals, they cannot understand what is being transferred because they cannot determine the quantization level. Furthermore, the proposed model does not require exchanging passkeys as data, and the devices are secure in the case of using a fixed PIN. Subsequently, the new quantization level is calculated automatically whenever the same devices attempt to connect with each other. Therefore, the pairing process can be protected from MITM attacks and be convenient for users. PMID:28368341

Security Enhancement of Wireless Sensor Networks Using Signal Intervals.

PubMed

Moon, Jaegeun; Jung, Im Y; Yoo, Jaesoo

2017-04-02

Various wireless technologies, such as RF, Bluetooth, and Zigbee, have been applied to sensor communications. However, the applications of Bluetooth-based wireless sensor networks (WSN) have a security issue. In one pairing process during Bluetooth communication, which is known as simple secure pairing (SSP), the devices are required to specify I/O capability or user interference to prevent man-in-the-middle (MITM) attacks. This study proposes an enhanced SSP in which a nonce to be transferred is converted to a corresponding signal interval. The quantization level, which is used to interpret physical signal intervals, is renewed at every connection by the transferred nonce and applied to the next nonce exchange so that the same signal intervals can represent different numbers. Even if attackers eavesdrop on the signals, they cannot understand what is being transferred because they cannot determine the quantization level. Furthermore, the proposed model does not require exchanging passkeys as data, and the devices are secure in the case of using a fixed PIN. Subsequently, the new quantization level is calculated automatically whenever the same devices attempt to connect with each other. Therefore, the pairing process can be protected from MITM attacks and be convenient for users.

Design of the national health security preparedness index.

PubMed

Uzun Jacobson, Evin; Inglesby, Tom; Khan, Ali S; Rajotte, James C; Burhans, Robert L; Slemp, Catherine C; Links, Jonathan M

2014-01-01

The importance of health security in the United States has been highlighted by recent emergencies such as the H1N1 influenza pandemic, Superstorm Sandy, and the Boston Marathon bombing. The nation's health security remains a high priority today, with federal, state, territorial, tribal, and local governments, as well as nongovernment organizations and the private sector, engaging in activities that prevent, protect, mitigate, respond to, and recover from health threats. The Association of State and Territorial Health Officials (ASTHO), through a cooperative agreement with the Centers for Disease Control and Prevention (CDC) Office of Public Health Preparedness and Response (OPHPR), led an effort to create an annual measure of health security preparedness at the national level. The collaborative released the National Health Security Preparedness Index (NHSPI(™)) in December 2013 and provided composite results for the 50 states and for the nation as a whole. The Index results represent current levels of health security preparedness in a consistent format and provide actionable information to drive decision making for continuous improvement of the nation's health security. The overall 2013 National Index result was 7.2 on the reported base-10 scale, with areas of greater strength in the domains of health surveillance, incident and information management, and countermeasure management. The strength of the Index relies on the interdependencies of the many elements in health security preparedness, making the sum greater than its parts. Moving forward, additional health security-related disciplines and measures will be included alongside continued validation efforts.

A Cryptographic SoC for Robust Protection of Secret Keys in IPTV DRM Systems

NASA Astrophysics Data System (ADS)

Lee, Sanghan; Yang, Hae-Yong; Yeom, Yongjin; Park, Jongsik

The security level of an internet protocol television (IPTV) digital right management (DRM) system ultimately relies on protection of secret keys. Well known devices for the key protection include smartcards and battery backup SRAMs (BB-SRAMs); however, these devices could be vulnerable to various physical attacks. In this paper, we propose a secure and cost-effective design of a cryptographic system on chip (SoC) that integrates the BB-SRAM with a cell-based design technique. The proposed SoC provides robust safeguard against the physical attacks, and satisfies high-speed and low-price requirements of IPTV set-top boxes. Our implementation results show that the maximum encryption rate of the SoC is 633Mb/s. In order to verify the data retention capabilities, we made a prototype chip using 0.18µm standard cell technology. The experimental results show that the integrated BB-SRAM can reliably retain data with a 1.4µA leakage current.

78 FR 77139 - Agency Information Collection Activities: Small Vessel Reporting System

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-20

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Agency Information Collection... Security. ACTION: 30-Day notice and request for comments; Extension of an existing information collection: 1651-0137. SUMMARY: U.S. Customs and Border Protection (CBP) of the Department of Homeland Security...

78 FR 5122 - NASA Security and Protective Services Enforcement

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-24

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION 14 CFR Parts 1203a, 1203b, and 1204 [Docket No NASA-2012-0007] RIN 2700-AD89 NASA Security and Protective Services Enforcement AGENCY: National Aeronautics... nonsubstantive changes to NASA regulations to clarify the procedures for establishing controlled/ secure areas...

Developing a Security Profile.

ERIC Educational Resources Information Center

Woodcock, Chris

1999-01-01

Examines the questions schools should address when re-evaluating how to protect people, property, and assets. Questions addressed include where and how to begin to improve security in a school, getting the most protection economically, establishing where electronic security should be used, using surveillance cameras and systems, and what the role…

HOW TO SELECT THE PROPER SECURITY AND EQUIPMENT SURVEILLANCE SYSTEMS TO PROTECT YOUR FACILITIES.

ERIC Educational Resources Information Center

Honeywell, Inc., Minneapolis, Minn.

IN PRESENTING A SURVEY OF MODERN SECURITY SYSTEMS, THIS BOOKLET DISCUSSES THE REQUIREMENTS FOR SURVEILLANCE AND PROTECTION OF AREAS, PERIMETER, AND OBJECTS. A VARIETY OF EQUIPMENT IS DESCRIBED WITH DISCUSSION OF OPERATING PROCEDURES, COSTS, AND RECENT DEVELOPMENTS IN SECURITY SYSTEMS. (JT)

17 CFR 300.300 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-04-01

... to Part 285 RULES OF THE SECURITIES INVESTOR PROTECTION CORPORATION Closeout Or Completion of Open...) of the Securities Investor Protection Act of 1970, as amended (hereinafter referred to as “the Act... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Definitions. 300.300 Section...

Radiological Threat Reduction (RTR) program : implementing physical security to protect large radioactive sources worldwide.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lowe, Daniel L.

2004-11-01

The U.S. Department of Energy's Radiological Threat Reduction (RTR) Program strives to reduce the threat of a Radiological Dispersion Device (RDD) incident that could affect U.S. interests worldwide. Sandia National Laboratories supports the RTR program on many different levels. Sandia works directly with DOE to develop strategies, including the selection of countries to receive support and the identification of radioactive materials to be protected. Sandia also works with DOE in the development of guidelines and in training DOE project managers in physical protection principles. Other support to DOE includes performing rapid assessments and providing guidance for establishing foreign regulatory andmore » knowledge infrastructure. Sandia works directly with foreign governments to establish cooperative agreements necessary to implement the RTR Program efforts to protect radioactive sources. Once necessary agreements are in place, Sandia works with in-country organizations to implement various security related initiatives, such as installing security systems and searching for (and securing) orphaned radioactive sources. The radioactive materials of interest to the RTR program include Cobalt 60, Cesium 137, Strontium 90, Iridium 192, Radium 226, Plutonium 238, Americium 241, Californium 252, and Others. Security systems are implemented using a standardized approach that provides consistency through out the RTR program efforts at Sandia. The approach incorporates a series of major tasks that overlap in order to provide continuity. The major task sequence is to: Establish in-country contacts - integrators, Obtain material characterizations, Perform site assessments and vulnerability assessments, Develop upgrade plans, Procure and install equipment, Conduct acceptance testing and performance testing, Develop procedures, and Conduct training. Other tasks are incorporated as appropriate and commonly include such as support of reconfiguring infrastructure, and developing security plans, etc. This standardized approach is applied to specific country and regional needs. Recent examples (FY 2003-2004) include foreign missions to Lithuania, Russian Federation Navy, Russia - PNPI, Greece (joint mission with IAEA), Tanzania, Iraq, Chile, Ecuador, and Egypt. Some of the ambitions and results of the RTR program may be characterized by the successes in Lithuania, Greece, and Russia.« less

Device Data Protection in Mobile Healthcare Applications

NASA Astrophysics Data System (ADS)

Weerasinghe, Dasun; Rajarajan, Muttukrishnan; Rakocevic, Veselin

The rapid growth in mobile technology makes the delivery of healthcare data and services on mobile phones a reality. However, the healthcare data is very sensitive and has to be protected against unauthorized access. While most of the development work on security of mobile healthcare today focuses on the data encryption and secure authentication in remote servers, protection of data on the mobile device itself has gained very little attention. This paper analyses the requirements and the architecture for a secure mobile capsule, specially designed to protect the data that is already on the device. The capsule is a downloadable software agent with additional functionalities to enable secure external communication with healthcare service providers, network operators and other relevant communication parties.

75 FR 63884 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Order Approving Proposed...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-18

... unfairly allows institutional and sophisticated investors to more easily access information about a... information directly to EMMA is a more efficient way of disseminating information to investors, noting that... in the level of investor protection provided by the MSRB's information systems and [[Page 63886...

Reading between the Lines

ERIC Educational Resources Information Center

Waters, John K.

2009-01-01

Biometrics has been making its way into school districts for the past decade. Biometric tools draw information from a person's identifying physical components, providing a virtually fail-safe level of protection for K-12 schools. In addition to their security uses, biometric systems are currently used in schools for cafeteria purchases, library…

19 CFR 10.608 - Submission of certificate of eligibility.

Code of Federal Regulations, 2010 CFR

2010-04-01

...-Central America-United States Free Trade Agreement Tariff Preference Level § 10.608 Submission of... 19 Customs Duties 1 2010-04-01 2010-04-01 false Submission of certificate of eligibility. 10.608 Section 10.608 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY...

6 CFR 29.7 - Safeguarding of Protected Critical Infrastructure Information.

Code of Federal Regulations, 2012 CFR

2012-01-01

... prevents unauthorized retrieval, such as shredding or incineration. (f) Transmission of information. PCII... Infrastructure Information. 29.7 Section 29.7 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.7 Safeguarding of Protected Critical...

6 CFR 29.7 - Safeguarding of Protected Critical Infrastructure Information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... prevents unauthorized retrieval, such as shredding or incineration. (f) Transmission of information. PCII... Infrastructure Information. 29.7 Section 29.7 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.7 Safeguarding of Protected Critical...

6 CFR 29.7 - Safeguarding of Protected Critical Infrastructure Information.

Code of Federal Regulations, 2013 CFR

2013-01-01

... prevents unauthorized retrieval, such as shredding or incineration. (f) Transmission of information. PCII... Infrastructure Information. 29.7 Section 29.7 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.7 Safeguarding of Protected Critical...

6 CFR 29.7 - Safeguarding of Protected Critical Infrastructure Information.

Code of Federal Regulations, 2014 CFR

2014-01-01

... prevents unauthorized retrieval, such as shredding or incineration. (f) Transmission of information. PCII... Infrastructure Information. 29.7 Section 29.7 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.7 Safeguarding of Protected Critical...

6 CFR 29.7 - Safeguarding of Protected Critical Infrastructure Information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... prevents unauthorized retrieval, such as shredding or incineration. (f) Transmission of information. PCII... Infrastructure Information. 29.7 Section 29.7 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.7 Safeguarding of Protected Critical...

Acquisition Systems Protection Planning the Manhatten Project: A Case Study

DTIC Science & Technology

1994-06-03

This study examines the counterintelligence and security programs of the Manhattan Project , the United States acquisition of the atomic bomb, using...assessment methodology and counterintelligence techniques and procedures. Acquisition systems, Program protection, Manhattan Project , Atomic bomb, Technology protection, Counterintelligence, Security.

45 CFR 164.312 - Technical safeguards.

Code of Federal Regulations, 2012 CFR

2012-10-01

... REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health... that maintain electronic protected health information to allow access only to those persons or software... specifications: (i) Unique user identification (Required). Assign a unique name and/or number for identifying and...

Analysis of Multiple Data Hiding Combined Coloured Visual Cryptography and LSB

NASA Astrophysics Data System (ADS)

Maulana, Halim; Rahman Syahputra, Edy

2017-12-01

Currently the level of data security becoming a major factor in data transfer. As we know every process of sending data through any medium the risk of that data gets hacked will still be there. Some techniques for securing data such as steganography and cryptography also often used as a solution for securing data. But it does not last long because it has been found out the weaknesses of the algorithm so that the security be assured. So, in need of variety of new algorithms to be able to protect the data so that data security can be guaranteed. In this study tries to combine two visual algorithms that steganography and cryptography. Where in these experiments will try to secure two pieces of data type that is the type of image data and text data where both the data is regarded as a message so to obtain the correct information receiver should get that two types of data.

Assessing staff attitudes towards information security in a European healthcare establishment.

PubMed

Furnell, S M; Gaunt, P N; Holben, R F; Sanders, P W; Stockel, C T; Warren, M J

1996-01-01

Information security is now recognized as an important consideration in modern healthcare establishments (HCEs), with a variety of guidelines and standards currently available to enable the environments to be properly protected. However, financial and operational constraints often exist which influence the practicality of these recommendations. This paper establishes that the staff culture of the organization is of particular importance in determining the level and types of security that will be accepted. This culture will be based upon staff awareness of and attitudes towards security and it is, therefore, important to have a clear idea of what these attitudes are. To this end, two surveys have been conducted within a reference environment to establish the attitudes of general users and technical staff, allowing the results to be fed back to HCE management to enable security policy to be appropriately defined. These results indicated that, although the establishment had participated in a European healthcare security initiative, staff attitudes and awareness were still weak in some areas.

Security and privacy issues in implantable medical devices: A comprehensive survey.

PubMed

Camara, Carmen; Peris-Lopez, Pedro; Tapiador, Juan E

2015-06-01

Bioengineering is a field in expansion. New technologies are appearing to provide a more efficient treatment of diseases or human deficiencies. Implantable Medical Devices (IMDs) constitute one example, these being devices with more computing, decision making and communication capabilities. Several research works in the computer security field have identified serious security and privacy risks in IMDs that could compromise the implant and even the health of the patient who carries it. This article surveys the main security goals for the next generation of IMDs and analyzes the most relevant protection mechanisms proposed so far. On the one hand, the security proposals must have into consideration the inherent constraints of these small and implanted devices: energy, storage and computing power. On the other hand, proposed solutions must achieve an adequate balance between the safety of the patient and the security level offered, with the battery lifetime being another critical parameter in the design phase. Copyright © 2015 Elsevier Inc. All rights reserved.

International migration: security concerns and human rights standards.

PubMed

Crépeau, François; Nakache, Delphine; Atak, Idil

2007-09-01

Over the last two decades, the reinforcement of security-related migration policies has resulted in the perception of the foreigner, and especially the irregular migrant, as a category outside the circle of legality. The rights of foreigners in host countries have deteriorated due to the connection made between immigration and criminality. Restrictions imposed upon irregular migrants' basic political and civil rights have been accompanied by major obstacles to their access to economic and social rights, including the right to health. The events of 9/11 further contributed to this trend, which contradicts the basic premises of the human rights paradigm. Recent policy developments and ongoing international cooperation implementing systematic interception and interdiction mechanisms have led to the securitization of migration. The preventive and deterrent measures reinforce the security paradigm. By contrast, various national and international actors have been successful in defending irregular migrants' rights. At the domestic level, the involvement of the judiciary and civil society enhances the rights-based approach to foreigners. The role of judges is vital in holding policy-makers accountable for respecting the high national standards of human rights protection. This article elaborates on the dichotomy between the state's legitimate interest to ensure national security, and its domestic and international obligations to protect human rights for all, including irregular migrants. It focuses on the changing relationship between migration and security, on the one hand, and between state and individual, on the other hand. It affirms the necessity to recognize the pre-eminence of fundamental rights upon security concerns.

6 CFR 25.10 - Confidentiality and protection of Intellectual Property.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Confidentiality and protection of Intellectual Property. 25.10 Section 25.10 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY REGULATIONS TO SUPPORT ANTI-TERRORISM BY FOSTERING EFFECTIVE TECHNOLOGIES § 25.10 Confidentiality and...

76 FR 82314 - Agency Information Collection Activities: Small Vessel Reporting System

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-30

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Agency Information Collection... Security. ACTION: 30-Day notice and request for comments; Establishment of a new collection of information. SUMMARY: U.S. Customs and Border Protection (CBP) of the Department of Homeland Security will be...

36 CFR 1202.30 - How does NARA safeguard its systems of records?

Code of Federal Regulations, 2012 CFR

2012-07-01

... records are protected in accordance with the Computer Security Act, OMB Circular A-11 requiring privacy... appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of records. In order to protect against any threats or hazards to their security or loss of...

36 CFR 1202.30 - How does NARA safeguard its systems of records?

Code of Federal Regulations, 2011 CFR

2011-07-01

... records are protected in accordance with the Computer Security Act, OMB Circular A-11 requiring privacy... appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of records. In order to protect against any threats or hazards to their security or loss of...

36 CFR 1202.30 - How does NARA safeguard its systems of records?

Code of Federal Regulations, 2010 CFR

2010-07-01

... records are protected in accordance with the Computer Security Act, OMB Circular A-11 requiring privacy... appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of records. In order to protect against any threats or hazards to their security or loss of...

36 CFR 1202.30 - How does NARA safeguard its systems of records?

Code of Federal Regulations, 2014 CFR

2014-07-01

... records are protected in accordance with the Computer Security Act, OMB Circular A-11 requiring privacy... appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of records. In order to protect against any threats or hazards to their security or loss of...

32 CFR Appendix A to Part 223 - Procedures for Identifying and Controlling DoD UCNI

Code of Federal Regulations, 2011 CFR

2011-07-01

... security measures, including security plans, procedures, and equipment, for the physical protection of DoD... stand-alone personal computers, or shared-logic work processing systems, if protection from unauthorized... and security by increasing significantly the likelihood of the illegal production of nuclear weapons...

Differentiated protection services with failure probability guarantee for workflow-based applications

NASA Astrophysics Data System (ADS)

Zhong, Yaoquan; Guo, Wei; Jin, Yaohui; Sun, Weiqiang; Hu, Weisheng

2010-12-01

A cost-effective and service-differentiated provisioning strategy is very desirable to service providers so that they can offer users satisfactory services, while optimizing network resource allocation. Providing differentiated protection services to connections for surviving link failure has been extensively studied in recent years. However, the differentiated protection services for workflow-based applications, which consist of many interdependent tasks, have scarcely been studied. This paper investigates the problem of providing differentiated services for workflow-based applications in optical grid. In this paper, we develop three differentiated protection services provisioning strategies which can provide security level guarantee and network-resource optimization for workflow-based applications. The simulation demonstrates that these heuristic algorithms provide protection cost-effectively while satisfying the applications' failure probability requirements.

Sexuality and human rights in europe.

PubMed

Graupner, Helmut

2005-01-01

Written human rights law in Europe is as scanty as in the rest of the world. Case-law however provides considerable protection of sexual rights. It guarantees comprehensive protection of autonomy in sexual life, also for minors, and provides protection against discrimination based on sexual orientation. Negative attitudes of a majority may not justify interferences with the sexual rights of a minority and society could be expected to tolerate a certain inconvenience to enable individuals to live in dignity and worth in accordance with the sexual identity chosen by them. Compensation for interference with sexual autonomy and freedom is awarded. This high-level protection (as compared to other parts of the world) is however limited. It seems to be granted only in areas where it corresponds with public attitudes and social developments. And it is seldom secured on the national level but nearly exclusively by the European Court of Human Rights, whose case-law is often weakened by inconsistency.

77 FR 73038 - Agency Information Collection Activities: Foreign Assembler's Declaration

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-07

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Agency Information Collection Activities: Foreign Assembler's Declaration AGENCY: U.S. Customs and Border Protection, Department of... information. SUMMARY: U.S. Customs and Border Protection (CBP) of the Department of Homeland Security will be...

Taiwan's perspective on electronic medical records' security and privacy protection: lessons learned from HIPAA.

PubMed

Yang, Che-Ming; Lin, Herng-Ching; Chang, Polun; Jian, Wen-Shan

2006-06-01

The protection of patients' health information is a very important concern in the information age. The purpose of this study is to ascertain what constitutes an effective legal framework in protecting both the security and privacy of health information, especially electronic medical records. All sorts of bills regarding electronic medical data protection have been proposed around the world including Health Insurance Portability and Accountability Act (HIPAA) of the U.S. The trend of a centralized bill that focuses on managing computerized health information is the part that needs our further attention. Under the sponsor of Taiwan's Department of Health (DOH), our expert panel drafted the "Medical Information Security and Privacy Protection Guidelines", which identifies nine principles and entails 12 articles, in the hope that medical organizations will have an effective reference in how to manage their medical information in a confidential and secured fashion especially in electronic transactions.

Exploring Public Health's roles and limitations in advancing food security in British Columbia.

PubMed

Seed, Barbara A; Lang, Tim M; Caraher, Martin J; Ostry, Aleck S

2014-07-22

This research analyzes the roles and limitations of Public Health in British Columbia in advancing food security through the integration of food security initiatives into its policies and programs. It asks the question, can Public Health advance food security? If so, how, and what are its limitations? This policy analysis merges findings from 38 key informant interviews conducted with government and civil society stakeholders involved in the development of food security initiatives, along with an examination of relevant documents. The Population Health Template is used to delineate and analyze Public Health roles in food security. Public Health was able to advance food security in some ways, such as the adoption of food security as a core public health program. Public Health's leadership role in food security is constrained by a restricted mandate, limited ability to collaborate across a wide range of sectors and levels, as well as internal conflict within Public Health between Food Security and Food Protection programs. Public Health has a role in advancing food security, but it also faces limitations. As the limitations are primarily systemic and institutional, recommendations to overcome them are not simple but, rather, require movement toward embracing the determinants of health and regulatory pluralism. The results also suggest that the historic role of Public Health in food security remains salient today.

Type-Based Access Control in Data-Centric Systems

NASA Astrophysics Data System (ADS)

Caires, Luís; Pérez, Jorge A.; Seco, João Costa; Vieira, Hugo Torres; Ferrão, Lúcio

Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.

45 CFR 164.402 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-10-01

... SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.402... acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E of this part which compromises the security or privacy of the protected health information. (1...

75 FR 81284 - National Protection and Programs Directorate; National Infrastructure Advisory Council Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-27

... Homeland Security with advice on the security of the critical infrastructure sectors and their information systems. The NIAC will meet to address issues relevant to the protection of critical infrastructure as... Directorate; National Infrastructure Advisory Council Meeting AGENCY: National Protection and Programs...

Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks

PubMed Central

Lin, Zhaowen; Tao, Dan; Wang, Zhenji

2017-01-01

For a Software Defined Network (SDN), security is an important factor affecting its large-scale deployment. The existing security solutions for SDN mainly focus on the controller itself, which has to handle all the security protection tasks by using the programmability of the network. This will undoubtedly involve a heavy burden for the controller. More devastatingly, once the controller itself is attacked, the entire network will be paralyzed. Motivated by this, this paper proposes a novel security protection architecture for SDN. We design a security service orchestration center in the control plane of SDN, and this center physically decouples from the SDN controller and constructs SDN security services. We adopt virtualization technology to construct a security meta-function library, and propose a dynamic security service composition construction algorithm based on web service composition technology. The rule-combining method is used to combine security meta-functions to construct security services which meet the requirements of users. Moreover, the RETE algorithm is introduced to improve the efficiency of the rule-combining method. We evaluate our solutions in a realistic scenario based on OpenStack. Substantial experimental results demonstrate the effectiveness of our solutions that contribute to achieve the effective security protection with a small burden of the SDN controller. PMID:28430155

Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks.

PubMed

Lin, Zhaowen; Tao, Dan; Wang, Zhenji

2017-04-21

For a Software Defined Network (SDN), security is an important factor affecting its large-scale deployment. The existing security solutions for SDN mainly focus on the controller itself, which has to handle all the security protection tasks by using the programmability of the network. This will undoubtedly involve a heavy burden for the controller. More devastatingly, once the controller itself is attacked, the entire network will be paralyzed. Motivated by this, this paper proposes a novel security protection architecture for SDN. We design a security service orchestration center in the control plane of SDN, and this center physically decouples from the SDN controller and constructs SDN security services. We adopt virtualization technology to construct a security meta-function library, and propose a dynamic security service composition construction algorithm based on web service composition technology. The rule-combining method is used to combine security meta-functions to construct security services which meet the requirements of users. Moreover, the RETE algorithm is introduced to improve the efficiency of the rule-combining method. We evaluate our solutions in a realistic scenario based on OpenStack. Substantial experimental results demonstrate the effectiveness of our solutions that contribute to achieve the effective security protection with a small burden of the SDN controller.

77 FR 40521 - Security Zones, Seattle's Seafair Fleet Week Moving Vessels, Puget Sound, WA

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-10

... 1625-AA87 Security Zones, Seattle's Seafair Fleet Week Moving Vessels, Puget Sound, WA AGENCY: Coast Guard, DHS. ACTION: Final rule. SUMMARY: The U.S. Coast Guard is establishing security zones around designated participating vessels that are not protected by the Naval Vessel Protection Zone in Seattle's...

33 CFR 165.1317 - Security and Safety Zone; Large Passenger Vessel Protection, Puget Sound and adjacent waters...

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security and Safety Zone; Large Passenger Vessel Protection, Puget Sound and adjacent waters, Washington. 165.1317 Section 165.1317 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PORTS AND WATERWAYS...

77 FR 10657 - Protecting the Public and Our Employees in Our Hearing Process

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-23

... SOCIAL SECURITY ADMINISTRATION 20 CFR Parts 404 and 416 [Docket No. SSA-2011-0008] RIN 0960-AH29 Protecting the Public and Our Employees in Our Hearing Process AGENCY: Social Security Administration. ACTION... INFORMATION CONTACT: Glen Colvin, Social Security Administration, 5107 Leesburg Pike, Falls Church, VA 22041...

36 CFR § 1202.30 - How does NARA safeguard its systems of records?

Code of Federal Regulations, 2013 CFR

2013-07-01

... records are protected in accordance with the Computer Security Act, OMB Circular A-11 requiring privacy... appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of records. In order to protect against any threats or hazards to their security or loss of...

Security Considerations of Doing Business via the Internet: Cautions To Be Considered.

ERIC Educational Resources Information Center

Aldridge, Alicia; White, Michele; Forcht, Karen

1997-01-01

Lack of security is perceived as a major roadblock to doing business online. This article examines system, user, and commercial transaction privacy on the World Wide Web and discusses methods of protection: operating systems security, file and data protection, user education, access restrictions, data authentication, perimeter and transaction…

Company's Data Security - Case Study

NASA Astrophysics Data System (ADS)

Stera, Piotr

This paper describes a computer network and data security problems in an existing company. Two main issues were pointed out: data loss protection and uncontrolled data copying. Security system was designed and implemented. The system consists of many dedicated programs. This system protect from data loss and detected unauthorized file copying from company's server by a dishonest employee.

The Training Deficiency in Corporate America: Training Security Professionals to Protect Sensitive Information

ERIC Educational Resources Information Center

Johnson, Kenneth T.

2017-01-01

Increased internal and external training approaches are elements senior leaders need to know before creating a training plan for security professionals to protect sensitive information. The purpose of this qualitative case study was to explore training strategies telecommunication industry leaders use to ensure security professionals can protect…

An Examination of Organizational Information Protection in the Era of Social Media: A Study of Social Network Security and Privacy Protection

ERIC Educational Resources Information Center

Maar, Michael C.

2013-01-01

This study investigates information protection for professional users of online social networks. It addresses management's desire to motivate their employees to adopt protective measures while accessing online social networks and to help their employees improve their proficiency in information security and ability to detect deceptive…

Critical Infrastructure Protection- Los Alamos National Laboratory

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bofman, Ryan K.

Los Alamos National Laboratory (LANL) has been a key facet of Critical National Infrastructure since the nuclear bombing of Hiroshima exposed the nature of the Laboratory’s work in 1945. Common knowledge of the nature of sensitive information contained here presents a necessity to protect this critical infrastructure as a matter of national security. This protection occurs in multiple forms beginning with physical security, followed by cybersecurity, safeguarding of classified information, and concluded by the missions of the National Nuclear Security Administration.

78 FR 23280 - Agency Information Collection Activities: United States-Caribbean Basin Trade Partnership Act...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-18

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Agency Information Collection... Protection (CBP), Department of Homeland Security. ACTION: 60-Day Notice and request for comments; Extension... assured of consideration. ADDRESSES: Direct all written comments to U.S. Customs and Border Protection...

77 FR 55486 - Agency Information Collection Activities: Importer ID Input Record

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-10

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Agency Information Collection Activities: Importer ID Input Record AGENCY: U.S. Customs and Border Protection, Department of Homeland... information. SUMMARY: U.S. Customs and Border Protection (CBP) of the Department of Homeland Security will be...

78 FR 48458 - Notice of Reinstatement of Customs Broker License

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-08

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Notice of Reinstatement of Customs Broker License AGENCY: U.S. Customs and Border Protection, Department of Homeland Security. ACTION...) on December 6, 2012, U.S. Customs and Border Protection, pursuant to section 641 of the Tariff Act of...

77 FR 45647 - Notice of Cancellation of Customs Broker Licenses

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-01

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Notice of Cancellation of Customs Broker Licenses AGENCY: U.S. Customs and Border Protection, U.S. Department of Homeland Security... 1641) and the U.S. Customs and Border Protection regulations (19 CFR 111.51), the following Customs...

78 FR 2416 - Agency Information Collection Activities: Application To Establish a Centralized Examination Station

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-11

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Agency Information Collection... Protection, Department of Homeland Security. ACTION: 60-Day notice and request for comments; Extension of an...: Direct all written comments to U.S. Customs and Border Protection, Attn: Tracey Denning, Office of...

78 FR 16520 - Agency Information Collection Activities: Application To Establish a Centralized Examination Station

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-15

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Agency Information Collection... Protection, Department of Homeland Security. ACTION: 30-Day notice and request for comments; Extension of an existing information collection: 1651-0061. SUMMARY: U.S. Customs and Border Protection (CBP) of the...

77 FR 26776 - Agency Information Collection Activities: Declaration of Persons Who Performed Repairs or...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-07

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Agency Information Collection... Protection, Department of Homeland Security. ACTION: 30-Day notice and request for comments; Extension of an existing information collection. SUMMARY: U.S. Customs and Border Protection (CBP) of the Department of...

77 FR 9954 - Agency Information Collection Activities: Declaration of Owner and Declaration of Consignee When...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-21

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs And Border Protection Agency Information Collection.... Customs and Border Protection, Department of Homeland Security. ACTION: 30-Day notice and request for comments; Extension of an existing information collection. SUMMARY: U.S. Customs and Border Protection (CBP...

Research on Quantum Authentication Methods for the Secure Access Control Among Three Elements of Cloud Computing

NASA Astrophysics Data System (ADS)

Dong, Yumin; Xiao, Shufen; Ma, Hongyang; Chen, Libo

2016-12-01

Cloud computing and big data have become the developing engine of current information technology (IT) as a result of the rapid development of IT. However, security protection has become increasingly important for cloud computing and big data, and has become a problem that must be solved to develop cloud computing. The theft of identity authentication information remains a serious threat to the security of cloud computing. In this process, attackers intrude into cloud computing services through identity authentication information, thereby threatening the security of data from multiple perspectives. Therefore, this study proposes a model for cloud computing protection and management based on quantum authentication, introduces the principle of quantum authentication, and deduces the quantum authentication process. In theory, quantum authentication technology can be applied in cloud computing for security protection. This technology cannot be cloned; thus, it is more secure and reliable than classical methods.

10 CFR 95.27 - Protection while in use.

Code of Federal Regulations, 2011 CFR

2011-01-01

... SECURITY INFORMATION AND RESTRICTED DATA Physical Security § 95.27 Protection while in use. While in use... disclosure authorization (see § 95.36 for additional information concerning disclosure authorizations). [64...

Maintenance Facilities for Ammunition, Explosives, and Toxics. Design Manual 28.3.

DTIC Science & Technology

1981-11-01

LOADING DOCK RAMP PROTECTION 28.3-2 8. FIRE PROTECTION 28.3-2 9. SECURITY 28.3-2 10. SAFETY 28.3-2 Section 2. GENERAL AMMUNITION MAINTENANCE SHOPS 28.3...protection in accordance with Section 3 1910.23c, Occupatioual Safety and Health Act Standards Manual. 5 8. FIRE PROTECTION. Fire protection for all...Volume 1, and Fire Protection Engineering, NAVFAC DM-8. 9. SECURITY. Maintenance facilities for ammunition, explosives, and I toxics shall be located so

THE ATTRACTIVENESS OF MATERIALS IN ADVANCED NUCLEAR FUEL CYCLES FOR VARIOUS PROLIFERATION AND THEFT SCENARIOS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bathke, C. G.; Ebbinghaus, Bartley B.; Collins, Brian A.

2012-08-29

We must anticipate that the day is approaching when details of nuclear weapons design and fabrication will become common knowledge. On that day we must be particularly certain that all special nuclear materials (SNM) are adequately accounted for and protected and that we have a clear understanding of the utility of nuclear materials to potential adversaries. To this end, this paper examines the attractiveness of materials mixtures containing SNM and alternate nuclear materials associated with the plutonium-uranium reduction extraction (Purex), uranium extraction (UREX), coextraction (COEX), thorium extraction (THOREX), and PYROX (an electrochemical refining method) reprocessing schemes. This paper provides amore » set of figures of merit for evaluating material attractiveness that covers a broad range of proliferant state and subnational group capabilities. The primary conclusion of this paper is that all fissile material must be rigorously safeguarded to detect diversion by a state and must be provided the highest levels of physical protection to prevent theft by subnational groups; no 'silver bullet' fuel cycle has been found that will permit the relaxation of current international safeguards or national physical security protection levels. The work reported herein has been performed at the request of the U.S. Department of Energy (DOE) and is based on the calculation of 'attractiveness levels' that are expressed in terms consistent with, but normally reserved for, the nuclear materials in DOE nuclear facilities. The methodology and findings are presented. Additionally, how these attractiveness levels relate to proliferation resistance and physical security is discussed.« less

10 CFR 73.51 - Requirements for the physical protection of stored spent nuclear fuel and high-level radioactive...

Code of Federal Regulations, 2014 CFR

2014-01-01

... security organization must include sufficient personnel per shift to provide for monitoring of detection... authorization and visually searched for explosives before entry. (10) Written response procedures must be... termination of the license. (11) All detection systems and supporting subsystems must be tamper indicating...

10 CFR 73.51 - Requirements for the physical protection of stored spent nuclear fuel and high-level radioactive...

Code of Federal Regulations, 2011 CFR

2011-01-01

... security organization must include sufficient personnel per shift to provide for monitoring of detection... authorization and visually searched for explosives before entry. (10) Written response procedures must be... termination of the license. (11) All detection systems and supporting subsystems must be tamper indicating...

10 CFR 73.51 - Requirements for the physical protection of stored spent nuclear fuel and high-level radioactive...

Code of Federal Regulations, 2012 CFR

2012-01-01

... security organization must include sufficient personnel per shift to provide for monitoring of detection... authorization and visually searched for explosives before entry. (10) Written response procedures must be... termination of the license. (11) All detection systems and supporting subsystems must be tamper indicating...

10 CFR 73.51 - Requirements for the physical protection of stored spent nuclear fuel and high-level radioactive...

Code of Federal Regulations, 2013 CFR

2013-01-01

... security organization must include sufficient personnel per shift to provide for monitoring of detection... authorization and visually searched for explosives before entry. (10) Written response procedures must be... termination of the license. (11) All detection systems and supporting subsystems must be tamper indicating...

Radionuclides in bats using a contaminated pond on the Nevada National Security Site, USA

DOE Office of Scientific and Technical Information (OSTI.GOV)

Warren, Ronald W.; Hall, Derek B.; Greger, Paul D.

In this study, perched groundwater percolating through radionuclide contamination in the E Tunnel Complex on the Nevada National Security Site, formerly the Nevada Test Site, emerges and is stored in a series of ponds making it available to wildlife, including bats. Since many bat species using the ponds are considered sensitive or protected/regulated and little information is available on dose to bats from radioactive water sources, bats were sampled to determine if the dose they were receiving exceeded the United States Department of Energy dose limit of 1.0E-3 Gy/day. Radionuclide concentrations in water, sediment, and flying insects were also measuredmore » as input parameters to the dose rate model and to examine trophic level relationships. The RESRAD-Biota model was used to calculate dose rates to bats using different screening levels. Efficacy of RESRAD-Biota and suggested improvements are discussed. Finally, dose to bats foraging and drinking at these ponds is well below the dose limit set to protect terrestrial biota populations.« less

Radionuclides in bats using a contaminated pond on the Nevada National Security Site, USA

DOE PAGES

Warren, Ronald W.; Hall, Derek B.; Greger, Paul D.

2014-01-03

In this study, perched groundwater percolating through radionuclide contamination in the E Tunnel Complex on the Nevada National Security Site, formerly the Nevada Test Site, emerges and is stored in a series of ponds making it available to wildlife, including bats. Since many bat species using the ponds are considered sensitive or protected/regulated and little information is available on dose to bats from radioactive water sources, bats were sampled to determine if the dose they were receiving exceeded the United States Department of Energy dose limit of 1.0E-3 Gy/day. Radionuclide concentrations in water, sediment, and flying insects were also measuredmore » as input parameters to the dose rate model and to examine trophic level relationships. The RESRAD-Biota model was used to calculate dose rates to bats using different screening levels. Efficacy of RESRAD-Biota and suggested improvements are discussed. Finally, dose to bats foraging and drinking at these ponds is well below the dose limit set to protect terrestrial biota populations.« less

Strengthening Data Confidentiality and Integrity Protection in the Context of a Multi-Centric Information System Dedicated to Autism Spectrum Disorder.

PubMed

Ben Said, Mohamed; Robel, Laurence; Golse, Bernard; Jais, Jean Philippe

2017-01-01

Autism spectrum disorders (ASD) are complex neuro-developmental disorders affecting children in early age. Diagnosis relies on multidisciplinary investigations, in psychiatry, neurology, genetics, electrophysiology, neuro-imagery, audiology, and ophthalmology. To support clinicians, researchers, and public health decision makers, we developed an information system dedicated to ASD, called TEDIS. It was designed to manage systematic, exhaustive and continuous multi-centric patient data collection via secured internet connections. TEDIS will be deployed in nine ASD expert assessment centers in Ile-DeFrance district. We present security policy and infrastructure developed in context of TEDIS to protect patient privacy and clinical information. TEDIS security policy was organized around governance, ethical and organisational chart-agreement, patients consents, controlled user access, patients' privacy protection, constrained patients' data access. Security infrastructure was enriched by further technical solutions to reinforce ASD patients' privacy protection. Solutions were tested on local secured intranet environment and showed fluid functionality with consistent, transparent and safe encrypting-decrypting results.

Finite Energy and Bounded Actuator Attacks on Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Djouadi, Seddik M; Melin, Alexander M; Ferragut, Erik M

As control system networks are being connected to enterprise level networks for remote monitoring, operation, and system-wide performance optimization, these same connections are providing vulnerabilities that can be exploited by malicious actors for attack, financial gain, and theft of intellectual property. Much effort in cyber-physical system (CPS) protection has focused on protecting the borders of the system through traditional information security techniques. Less effort has been applied to the protection of cyber-physical systems from intelligent attacks launched after an attacker has defeated the information security protections to gain access to the control system. In this paper, attacks on actuator signalsmore » are analyzed from a system theoretic context. The threat surface is classified into finite energy and bounded attacks. These two broad classes encompass a large range of potential attacks. The effect of theses attacks on a linear quadratic (LQ) control are analyzed, and the optimal actuator attacks for both finite and infinite horizon LQ control are derived, therefore the worst case attack signals are obtained. The closed-loop system under the optimal attack signals is given and a numerical example illustrating the effect of an optimal bounded attack is provided.« less

77 FR 44642 - Privacy Act of 1974; Department of Homeland Security U.S. Customs and Border Protection-DHS/CBP...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-30

... 1974; Department of Homeland Security U.S. Customs and Border Protection-DHS/CBP-009 Electronic System for Travel Authorization (ESTA) System of Records AGENCY: Privacy Office, Department of Homeland Security. ACTION: Notice of Privacy Act system of records. SUMMARY: In accordance with the Privacy Act of...

33 CFR 165.1318 - Security and Safety Zone Regulations, Large Passenger Vessel Protection, Portland, OR Captain of...

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security and Safety Zone Regulations, Large Passenger Vessel Protection, Portland, OR Captain of the Port Zone 165.1318 Section 165.1318 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PORTS AND...

21 CFR 205.50 - Minimum requirements for the storage and handling of prescription drugs and for the establishment...

Code of Federal Regulations, 2012 CFR

2012-04-01

... facilities shall be equipped with a security system that will provide suitable protection against theft and diversion. When appropriate, the security system shall provide protection against theft or diversion that is..., equipment, and security conditions; (3) Have a quarantine area for storage of prescription drugs that are...

21 CFR 205.50 - Minimum requirements for the storage and handling of prescription drugs and for the establishment...

Code of Federal Regulations, 2011 CFR

2011-04-01

... facilities shall be equipped with a security system that will provide suitable protection against theft and diversion. When appropriate, the security system shall provide protection against theft or diversion that is..., equipment, and security conditions; (3) Have a quarantine area for storage of prescription drugs that are...

21 CFR 205.50 - Minimum requirements for the storage and handling of prescription drugs and for the establishment...

Code of Federal Regulations, 2014 CFR

2014-04-01

... facilities shall be equipped with a security system that will provide suitable protection against theft and diversion. When appropriate, the security system shall provide protection against theft or diversion that is..., equipment, and security conditions; (3) Have a quarantine area for storage of prescription drugs that are...

21 CFR 205.50 - Minimum requirements for the storage and handling of prescription drugs and for the establishment...

Code of Federal Regulations, 2010 CFR

2010-04-01

... facilities shall be equipped with a security system that will provide suitable protection against theft and diversion. When appropriate, the security system shall provide protection against theft or diversion that is..., equipment, and security conditions; (3) Have a quarantine area for storage of prescription drugs that are...

Interrelatedness of child health, protection and well-being: an application of the SAFE model in Rwanda.

PubMed

Betancourt, Theresa S; Williams, Timothy P; Kellner, Sarah E; Gebre-Medhin, Joy; Hann, Katrina; Kayiteshonga, Yvonne

2012-05-01

This study examines the core components of children's basic security and well-being in order to examine issues central to improving child protection in Rwanda. Sources of data included 15 focus groups with adults, 7 focus groups with children ages 10-17, and 11 key informant interviews with child protection stakeholders, including representatives from international NGOs, community-based groups, and the Rwandan Government, all of which took place in April and May of 2010. Participants painted a complex picture of threats to children's basic security in Rwanda. Three key themes were pervasive across all interviews: (1) deterioration of social and community cohesion in post-genocide Rwanda; (2) the cascading effects of poverty; and (3) the impact of caregiver illness and death on the caregiving environment. Consistent with the SAFE (Safety/freedom from harm; Access to basic physiological needs and healthcare; Family and connection to others; Education and economic security) model of child protection, participants rarely elaborated on a child protection threat independent of other basic security needs and rights. Findings suggest a need for integrated approaches to child protection that recognize this interrelatedness and extend beyond issue-specific child protection responses. This study contributes to a growing body of work highlighting the interrelated nature of child protection threats and the implications of adaptive and dangerous survival strategies that children and families engage in to meet their basic security needs. Analysis of this interrelatedness provides a roadmap for improving policies and implementing integrated and robust child protection strategies in Rwanda and other settings. Copyright © 2012 Elsevier Ltd. All rights reserved.

40 CFR 11.5 - Procedures.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Protection of Environment ENVIRONMENTAL PROTECTION AGENCY GENERAL SECURITY CLASSIFICATION REGULATIONS..., safekeeping, accountability, transmission, disposition, and destruction of classification information and... shall conform with the National Security Council Directive of May 17, 1972, governing the classification...

40 CFR 11.5 - Procedures.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Protection of Environment ENVIRONMENTAL PROTECTION AGENCY GENERAL SECURITY CLASSIFICATION REGULATIONS..., safekeeping, accountability, transmission, disposition, and destruction of classification information and... shall conform with the National Security Council Directive of May 17, 1972, governing the classification...

40 CFR 11.5 - Procedures.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Protection of Environment ENVIRONMENTAL PROTECTION AGENCY GENERAL SECURITY CLASSIFICATION REGULATIONS..., safekeeping, accountability, transmission, disposition, and destruction of classification information and... shall conform with the National Security Council Directive of May 17, 1972, governing the classification...

40 CFR 11.5 - Procedures.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Protection of Environment ENVIRONMENTAL PROTECTION AGENCY GENERAL SECURITY CLASSIFICATION REGULATIONS..., safekeeping, accountability, transmission, disposition, and destruction of classification information and... shall conform with the National Security Council Directive of May 17, 1972, governing the classification...

33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

Code of Federal Regulations, 2013 CFR

2013-07-01

... security; (ii) Structural integrity; (iii) Personnel protection systems; (iv) Procedural policies; (v... 33 Navigation and Navigable Waters 1 2013-07-01 2013-07-01 false Vessel Security Assessment (VSA... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.305 Vessel...

33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

Code of Federal Regulations, 2011 CFR

2011-07-01

... security; (ii) Structural integrity; (iii) Personnel protection systems; (iv) Procedural policies; (v... 33 Navigation and Navigable Waters 1 2011-07-01 2011-07-01 false Vessel Security Assessment (VSA... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.305 Vessel...

33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

Code of Federal Regulations, 2014 CFR

2014-07-01

... security; (ii) Structural integrity; (iii) Personnel protection systems; (iv) Procedural policies; (v... 33 Navigation and Navigable Waters 1 2014-07-01 2014-07-01 false Vessel Security Assessment (VSA... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.305 Vessel...

33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

Code of Federal Regulations, 2012 CFR

2012-07-01

... security; (ii) Structural integrity; (iii) Personnel protection systems; (iv) Procedural policies; (v... 33 Navigation and Navigable Waters 1 2012-07-01 2012-07-01 false Vessel Security Assessment (VSA... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.305 Vessel...

33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

Code of Federal Regulations, 2010 CFR

2010-07-01

... security; (ii) Structural integrity; (iii) Personnel protection systems; (iv) Procedural policies; (v... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Vessel Security Assessment (VSA... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.305 Vessel...

Resilience in homeless youth: the key role of self-esteem.

PubMed

Kidd, Sean; Shahar, Golan

2008-04-01

This study examined the protective role of self-esteem, social involvement, and secure attachment among homeless youths. These protective factors were examined as they ameliorate risks among 208 homeless youths surveyed in New York City and Toronto. Both mental and physical health indicators were employed in this study, including loneliness, feeling trapped, suicidal ideation, subjective health status, and substance use. Self-esteem emerged as a key protective factor, predicting levels of loneliness, feeling trapped, and suicide ideation, and buffering against the deleterious effect of fearful attachment on loneliness. Findings highlight the role of the self-concept in risk and resilience among homeless youth. Copyright 2008 APA, all rights reserved.

Connecting to the Internet Securely; Protecting Home Networks CIAC-2324

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orvis, W J; Krystosek, P; Smith, J

2002-11-27

With more and more people working at home and connecting to company networks via the Internet, the risk to company networks to intrusion and theft of sensitive information is growing. Working from home has many positive advantages for both the home worker and the company they work for. However, as companies encourage people to work from home, they need to start considering the interaction of the employee's home network and the company network he connects to. This paper discusses problems and solutions related to protection of home computers from attacks on those computers via the network connection. It does notmore » consider protection of those systems from people who have physical access to the computers nor does it consider company laptops taken on-the-road. Home networks are often targeted by intruders because they are plentiful and they are usually not well secured. While companies have departments of professionals to maintain and secure their networks, home networks are maintained by the employee who may be less knowledgeable about network security matters. The biggest problems with home networks are that: Home networks are not designed to be secure and may use technologies (wireless) that are not secure; The operating systems are not secured when they are installed; The operating systems and applications are not maintained (for security considerations) after they are installed; and The networks are often used for other activities that put them at risk for being compromised. Home networks that are going to be connected to company networks need to be cooperatively secured by the employee and the company so they do not open up the company network to intruders. Securing home networks involves many of the same operations as securing a company network: Patch and maintain systems; Securely configure systems; Eliminate unneeded services; Protect remote logins; Use good passwords; Use current antivirus software; and Moderate your Internet usage habits. Most of these items do not take a lot of work, but require an awareness of the risks involved in not doing them or doing them incorrectly. The security of home networks and communications with company networks can be significantly improved by adding an appropriate software or hardware firewall to the home network and using a protected protocol such as Secure Sockets Layer (SSL), a Virtual Private Network (VPN), or Secure Shell (SSH) for connecting to the company network.« less

Secure and Efficient Two-Factor User Authentication Scheme with User Anonymity for Network Based E-Health Care Applications.

PubMed

Li, Xiong; Niu, Jianwei; Karuppiah, Marimuthu; Kumari, Saru; Wu, Fan

2016-12-01

Benefited from the development of network and communication technologies, E-health care systems and telemedicine have got the fast development. By using the E-health care systems, patient can enjoy the remote medical service provided by the medical server. Medical data are important privacy information for patient, so it is an important issue to ensure the secure of transmitted medical data through public network. Authentication scheme can thwart unauthorized users from accessing services via insecure network environments, so user authentication with privacy protection is an important mechanism for the security of E-health care systems. Recently, based on three factors (password, biometric and smart card), an user authentication scheme for E-health care systems was been proposed by Amin et al., and they claimed that their scheme can withstand most of common attacks. Unfortunate, we find that their scheme cannot achieve the untraceability feature of the patient. Besides, their scheme lacks a password check mechanism such that it is inefficient to find the unauthorized login by the mistake of input a wrong password. Due to the same reason, their scheme is vulnerable to Denial of Service (DoS) attack if the patient updates the password mistakenly by using a wrong password. In order improve the security level of authentication scheme for E-health care application, a robust user authentication scheme with privacy protection is proposed for E-health care systems. Then, security prove of our scheme are analysed. Security and performance analyses show that our scheme is more powerful and secure for E-health care systems when compared with other related schemes.

78 FR 26648 - Agency Information Collection Activities: Passenger List/Crew List (CBP Form I-418)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-07

... DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Agency Information Collection Activities: Passenger List/Crew List (CBP Form I-418) AGENCY: U.S. Customs and Border Protection (CBP... prescribed by the Department of Homeland Security, Customs and Border Protection (CBP), for use by masters...

Protecting privacy in a clinical data warehouse.

PubMed

Kong, Guilan; Xiao, Zhichun

2015-06-01

Peking University has several prestigious teaching hospitals in China. To make secondary use of massive medical data for research purposes, construction of a clinical data warehouse is imperative in Peking University. However, a big concern for clinical data warehouse construction is how to protect patient privacy. In this project, we propose to use a combination of symmetric block ciphers, asymmetric ciphers, and cryptographic hashing algorithms to protect patient privacy information. The novelty of our privacy protection approach lies in message-level data encryption, the key caching system, and the cryptographic key management system. The proposed privacy protection approach is scalable to clinical data warehouse construction with any size of medical data. With the composite privacy protection approach, the clinical data warehouse can be secure enough to keep the confidential data from leaking to the outside world. © The Author(s) 2014.

49 CFR 1520.1 - Scope.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY... of records and information that TSA has determined to be Sensitive Security Information, as defined...

Computer Security Systems Enable Access.

ERIC Educational Resources Information Center

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

Protecting the confidentiality and security of personal health information in low- and middle-income countries in the era of SDGs and Big Data.

PubMed

Beck, Eduard J; Gill, Wayne; De Lay, Paul R

2016-01-01

As increasing amounts of personal information are being collected through a plethora of electronic modalities by statutory and non-statutory organizations, ensuring the confidentiality and security of such information has become a major issue globally. While the use of many of these media can be beneficial to individuals or populations, they can also be open to abuse by individuals or statutory and non-statutory organizations. Recent examples include collection of personal information by national security systems and the development of national programs like the Chinese Social Credit System. In many low- and middle-income countries, an increasing amount of personal health information is being collected. The collection of personal health information is necessary, in order to develop longitudinal medical records and to monitor and evaluate the use, cost, outcome, and impact of health services at facility, sub-national, and national levels. However, if personal health information is not held confidentially and securely, individuals with communicable or non-communicable diseases (NCDs) may be reluctant to use preventive or therapeutic health services, due to fear of being stigmatized or discriminated against. While policymakers and other stakeholders in these countries recognize the need to develop and implement policies for protecting the privacy, confidentiality and security of personal health information, to date few of these countries have developed, let alone implemented, coherent policies. The global HIV response continues to emphasize the importance of collecting HIV-health information, recently re-iterated by the Fast Track to End AIDS by 2030 program and the recent changes in the Guidelines on When to Start Antiretroviral Therapy and on Pre-exposure Prophylaxis for HIV . The success of developing HIV treatment cascades in low- and middle-income countries will require the development of National Health Identification Systems. The success of programs like Universal Health Coverage, under the recently ratified Sustainable Development Goals is also contingent on the availability of personal health information for communicable and non-communicable diseases. Guidance for countries to develop and implement their own guidelines for protecting HIV-information formed the basis of identifying a number of fundamental principles, governing the areas of privacy, confidentiality and security. The use of individual-level data must balance maximizing the benefits from their most effective and fullest use, and minimizing harm resulting from their malicious or inadvertent release. These general principles are described in this paper, as along with a bibliography referring to more detailed technical information. A country assessment tool and user's manual, based on these principles, have been developed to support countries to assess the privacy, confidentiality, and security of personal health information at facility, data warehouse/repository, and national levels. The successful development and implementation of national guidance will require strong collaboration at local, regional, and national levels, and this is a pre-condition for the successful implementation of a range of national and global programs. This paper is a call for action for stakeholders in low- and middle-income countries to develop and implement such coherent policies and provides fundamental principles governing the areas of privacy, confidentiality, and security of personal health information being collected in low- and middle-income countries.

Mobile code security

NASA Astrophysics Data System (ADS)

Ramalingam, Srikumar

2001-11-01

A highly secure mobile agent system is very important for a mobile computing environment. The security issues in mobile agent system comprise protecting mobile hosts from malicious agents, protecting agents from other malicious agents, protecting hosts from other malicious hosts and protecting agents from malicious hosts. Using traditional security mechanisms the first three security problems can be solved. Apart from using trusted hardware, very few approaches exist to protect mobile code from malicious hosts. Some of the approaches to solve this problem are the use of trusted computing, computing with encrypted function, steganography, cryptographic traces, Seal Calculas, etc. This paper focuses on the simulation of some of these existing techniques in the designed mobile language. Some new approaches to solve malicious network problem and agent tampering problem are developed using public key encryption system and steganographic concepts. The approaches are based on encrypting and hiding the partial solutions of the mobile agents. The partial results are stored and the address of the storage is destroyed as the agent moves from one host to another host. This allows only the originator to make use of the partial results. Through these approaches some of the existing problems are solved.

Guidelines for computer security in general practice.

PubMed

Schattner, Peter; Pleteshner, Catherine; Bhend, Heinz; Brouns, Johan

2007-01-01

As general practice becomes increasingly computerised, data security becomes increasingly important for both patient health and the efficient operation of the practice. To develop guidelines for computer security in general practice based on a literature review, an analysis of available information on current practice and a series of key stakeholder interviews. While the guideline was produced in the context of Australian general practice, we have developed a template that is also relevant for other countries. Current data on computer security measures was sought from Australian divisions of general practice. Semi-structured interviews were conducted with general practitioners (GPs), the medical software industry, senior managers within government responsible for health IT (information technology) initiatives, technical IT experts, divisions of general practice and a member of a health information consumer group. The respondents were asked to assess both the likelihood and the consequences of potential risks in computer security being breached. The study suggested that the most important computer security issues in general practice were: the need for a nominated IT security coordinator; having written IT policies, including a practice disaster recovery plan; controlling access to different levels of electronic data; doing and testing backups; protecting against viruses and other malicious codes; installing firewalls; undertaking routine maintenance of hardware and software; and securing electronic communication, for example via encryption. This information led to the production of computer security guidelines, including a one-page summary checklist, which were subsequently distributed to all GPs in Australia. This paper maps out a process for developing computer security guidelines for general practice. The specific content will vary in different countries according to their levels of adoption of IT, and cultural, technical and other health service factors. Making these guidelines relevant to local contexts should help maximise their uptake.

An empirical test of Maslow's theory of need hierarchy using hologeistic comparison by statistical sampling.

PubMed

Davis-Sharts, J

1986-10-01

Maslow's hierarchy of basic human needs provides a major theoretical framework in nursing science. The purpose of this study was to empirically test Maslow's need theory, specifically at the levels of physiological and security needs, using a hologeistic comparative method. Thirty cultures taken from the 60 cultural units in the Health Relations Area Files (HRAF) Probability Sample were found to have data available for examining hypotheses about thermoregulatory (physiological) and protective (security) behaviors practiced prior to sleep onset. The findings demonstrate there is initial worldwide empirical evidence to support Maslow's need hierarchy.

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing

PubMed Central

Měsíček, Libor; Choi, Jongsun

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely. PMID:29796233

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing.

PubMed

Ko, Hoon; Měsíček, Libor; Choi, Jongsun; Hwang, Seogchan

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely.

Water Security - National and Global Issues

NASA Astrophysics Data System (ADS)

Tindall, J. A.; Campbell, A. A.; Moran, E. H.

2010-12-01

Water is fundamental to human life. Disruption of water supplies by the Water Threats and Hazards Triad (WTHT) — man-made, natural, and technological hazards — could threaten the delivery of vital human services, endanger public health and the environment, potentially cause mass casualties, and threaten population sustainability, social stability, and homeland security. Water distribution systems extend over vast areas and are therefore vulnerable to a wide spectrum of threats — from natural hazards such as large forest fires that result in runoff and debris flow that clog reservoirs, and reduce, disrupt, or contaminate water supply and quality to threats from natural, man-made, or political extremist attacks. Our research demonstrates how devising concepts and counter measures to protect water supplies will assist the public, policy makers, and planners at local, Tribal, State, and Federal levels to develop solutions for national and international water-security and sustainability issues. Water security is an issue in which the entire global community is stakeholders.

Invisible Security Ink Based on Water-Soluble Graphitic Carbon Nitride Quantum Dots.

PubMed

Song, Zhiping; Lin, Tianran; Lin, Lihua; Lin, Sen; Fu, Fengfu; Wang, Xinchen; Guo, Liangqia

2016-02-18

Stimuli-responsive photoluminescent (PL) materials have been widely used as fluorescent ink for data security applications. However, traditional fluorescent inks are limited in maintaining the secrecy of information because the inks are usually visible by naked eyes either under ambient light or UV-light illumination. Here, we introduced metal-free water-soluble graphitic carbon nitride quantum dots (g-CNQDs) as invisible security ink for information coding, encryption, and decryption. The information written by the g-CNQDs is invisible in ambient light and UV light, but it can be readable by a fluorescence microplate reader. Moreover, the information can be encrypted and decrypted by using oxalic acid and sodium bicarbonate as encryption reagent and decryption reagent, respectively. Our findings provide new opportunities for high-level information coding and protection by using water-soluble g-CNQDs as invisible security ink. © 2016 WILEY-VCH Verlag GmbH & Co. KGaA, Weinheim.

Cryptanalysis and improvement of an optical image encryption scheme using a chaotic Baker map and double random phase encoding

NASA Astrophysics Data System (ADS)

Chen, Jun-Xin; Zhu, Zhi-Liang; Fu, Chong; Zhang, Li-Bo; Zhang, Yushu

2014-12-01

In this paper, we evaluate the security of an enhanced double random phase encoding (DRPE) image encryption scheme (2013 J. Lightwave Technol. 31 2533). The original system employs a chaotic Baker map prior to DRPE to provide more protection to the plain image and hence promote the security level of DRPE, as claimed. However, cryptanalysis shows that this scheme is vulnerable to a chosen-plaintext attack, and the ciphertext can be precisely recovered. The corresponding improvement is subsequently reported upon the basic premise that no extra equipment or computational complexity is required. The simulation results and security analyses prove its effectiveness and security. The proposed achievements are suitable for all cryptosystems under permutation and, following that, the DRPE architecture, and we hope that our work can motivate the further research on optical image encryption.

75 FR 18850 - National Protection and Programs Directorate; Chemical Facility Anti-Terrorism Standards...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-13

... Programs Directorate (NPPD), Office of Infrastructure Protection (IP), Infrastructure Security Compliance... submitted by mail to the DHS/NPPD/ IP/ISCD CFATS Program Manager at the Department of Homeland Security, 245...

Smart Sensing Based on DNA-Metal Interaction Enables a Label-Free and Resettable Security Model of Electrochemical Molecular Keypad Lock.

PubMed

Du, Yan; Han, Xu; Wang, Chenxu; Li, Yunhui; Li, Bingling; Duan, Hongwei

2018-01-26

Recently, molecular keypad locks have received increasing attention. As a new subgroup of smart biosensors, they show great potential for protecting information as a molecular security data processor, rather than merely molecular recognition and quantitation. Herein, label-free electrochemically transduced Ag + and cysteine (Cys) sensors were developed. A molecular keypad lock model with reset function was successfully realized based on the balanced interaction of metal ion with its nucleic acid and chemical ligands. The correct input of "1-2-3" (i.e., "Ag + -Cys-cDNA") is the only password of such molecular keypad lock. Moreover, the resetting process of either correct or wrong input order could be easily made by Cys, buffer, and DI water treatment. Therefore, our system provides an even smarter system of molecular keypad lock, which could inhibit illegal access of unauthorized users, holding great promise in information protection at the molecular level.

PRINCESS: Privacy-protecting Rare disease International Network Collaboration via Encryption through Software guard extensionS

PubMed Central

Chen, Feng; Wang, Shuang; Jiang, Xiaoqian; Ding, Sijie; Lu, Yao; Kim, Jihoon; Sahinalp, S. Cenk; Shimizu, Chisato; Burns, Jane C.; Wright, Victoria J.; Png, Eileen; Hibberd, Martin L.; Lloyd, David D.; Yang, Hai; Telenti, Amalio; Bloss, Cinnamon S.; Fox, Dov; Lauter, Kristin; Ohno-Machado, Lucila

2017-01-01

Abstract Motivation: We introduce PRINCESS, a privacy-preserving international collaboration framework for analyzing rare disease genetic data that are distributed across different continents. PRINCESS leverages Software Guard Extensions (SGX) and hardware for trustworthy computation. Unlike a traditional international collaboration model, where individual-level patient DNA are physically centralized at a single site, PRINCESS performs a secure and distributed computation over encrypted data, fulfilling institutional policies and regulations for protected health information. Results: To demonstrate PRINCESS’ performance and feasibility, we conducted a family-based allelic association study for Kawasaki Disease, with data hosted in three different continents. The experimental results show that PRINCESS provides secure and accurate analyses much faster than alternative solutions, such as homomorphic encryption and garbled circuits (over 40 000× faster). Availability and Implementation: https://github.com/achenfengb/PRINCESS_opensource Contact: shw070@ucsd.edu Supplementary information: Supplementary data are available at Bioinformatics online. PMID:28065902

A Security Analysis of the 802.11s Wireless Mesh Network Routing Protocol and Its Secure Routing Protocols

PubMed Central

Tan, Whye Kit; Lee, Sang-Gon; Lam, Jun Huy; Yoo, Seong-Moo

2013-01-01

Wireless mesh networks (WMNs) can act as a scalable backbone by connecting separate sensor networks and even by connecting WMNs to a wired network. The Hybrid Wireless Mesh Protocol (HWMP) is the default routing protocol for the 802.11s WMN. The routing protocol is one of the most important parts of the network, and it requires protection, especially in the wireless environment. The existing security protocols, such as the Broadcast Integrity Protocol (BIP), Counter with cipher block chaining message authentication code protocol (CCMP), Secure Hybrid Wireless Mesh Protocol (SHWMP), Identity Based Cryptography HWMP (IBC-HWMP), Elliptic Curve Digital Signature Algorithm HWMP (ECDSA-HWMP), and Watchdog-HWMP aim to protect the HWMP frames. In this paper, we have analyzed the vulnerabilities of the HWMP and developed security requirements to protect these identified vulnerabilities. We applied the security requirements to analyze the existing secure schemes for HWMP. The results of our analysis indicate that none of these protocols is able to satisfy all of the security requirements. We also present a quantitative complexity comparison among the protocols and an example of a security scheme for HWMP to demonstrate how the result of our research can be utilized. Our research results thus provide a tool for designing secure schemes for the HWMP. PMID:24002231

A security analysis of the 802.11s wireless mesh network routing protocol and its secure routing protocols.

PubMed

Tan, Whye Kit; Lee, Sang-Gon; Lam, Jun Huy; Yoo, Seong-Moo

2013-09-02

Wireless mesh networks (WMNs) can act as a scalable backbone by connecting separate sensor networks and even by connecting WMNs to a wired network. The Hybrid Wireless Mesh Protocol (HWMP) is the default routing protocol for the 802.11s WMN. The routing protocol is one of the most important parts of the network, and it requires protection, especially in the wireless environment. The existing security protocols, such as the Broadcast Integrity Protocol (BIP), Counter with cipher block chaining message authentication code protocol (CCMP), Secure Hybrid Wireless Mesh Protocol (SHWMP), Identity Based Cryptography HWMP (IBC-HWMP), Elliptic Curve Digital Signature Algorithm HWMP (ECDSA-HWMP), and Watchdog-HWMP aim to protect the HWMP frames. In this paper, we have analyzed the vulnerabilities of the HWMP and developed security requirements to protect these identified vulnerabilities. We applied the security requirements to analyze the existing secure schemes for HWMP. The results of our analysis indicate that none of these protocols is able to satisfy all of the security requirements. We also present a quantitative complexity comparison among the protocols and an example of a security scheme for HWMP to demonstrate how the result of our research can be utilized. Our research results thus provide a tool for designing secure schemes for the HWMP.

INcreasing Security and Protection through Infrastructure REsilience: The INSPIRE Project

NASA Astrophysics Data System (ADS)

D'Antonio, Salvatore; Romano, Luigi; Khelil, Abdelmajid; Suri, Neeraj

The INSPIRE project aims at enhancing the European potential in the field of security by ensuring the protection of critical information infrastructures through (a) the identification of their vulnerabilities and (b) the development of innovative techniques for securing networked process control systems. To increase the resilience of such systems INSPIRE will develop traffic engineering algorithms, diagnostic processes and self-reconfigurable architectures along with recovery techniques. Hence, the core idea of the INSPIRE project is to protect critical information infrastructures by appropriately configuring, managing, and securing the communication network which interconnects the distributed control systems. A working prototype will be implemented as a final demonstrator of selected scenarios. Controls/Communication Experts will support project partners in the validation and demonstration activities. INSPIRE will also contribute to standardization process in order to foster multi-operator interoperability and coordinated strategies for securing lifeline systems.

Smart security and securing data through watermarking

NASA Astrophysics Data System (ADS)

Singh, Ritesh; Kumar, Lalit; Banik, Debraj; Sundar, S.

2017-11-01

The growth of image processing in embedded system has provided the boon of enhancing the security in various sectors. This lead to the developing of various protective strategies, which will be needed by private or public sectors for cyber security purposes. So, we have developed a method which uses digital water marking and locking mechanism for the protection of any closed premises. This paper describes a contemporary system based on user name, user id, password and encryption technique which can be placed in banks, protected offices to beef the security up. The burglary can be abated substantially by using a proactive safety structure. In this proposed framework, we are using water-marking in spatial domain to encode and decode the image and PIR(Passive Infrared Sensor) sensor to detect the existence of person in any close area.

Information Security Analysis: A Study to Analyze the Extent to Which Information Security Systems Can Be Utilized to Prevent Intoxicated Individuals from Driving

ERIC Educational Resources Information Center

Pierre, Joseph D.

2011-01-01

Information security systems (ISS) have been designed to protect assets from damages and from unauthorized access internally as well as externally. This research is promising similar protection from ISS methods that could prevent intoxicated individuals under the influence of alcohol from driving. However, previous research has shown significant…

78 FR 57402 - Privacy Act of 1974; Department of Homeland Security/U.S. Customs and Border Protection-019 Air...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-18

... forth in this system of records notice. AMOSS also has users from the Department of Defense (DOD... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0021] Privacy Act of 1974; Department of Homeland Security/U.S. Customs and Border Protection--019 Air and Marine Operations...

Navy Ship Propulsion Technologies: Options for Reducing Oil Use - Background for Congress

DTIC Science & Technology

2006-12-11

Change, Energy Efficiency, and Ozone Protection, Protecting National Security and the Environment. Washington, 2000. (Office of the Deputy Under...Shipboard Fuel Consumption and Emissions,” op. cit., and Climate Change, Energy Efficiency, and Ozone Protection, Protecting National Security and the...with the SkySails technology trouble-free.74 CRS-28 75 “The Economic and Sustainable Utilisation in the Cargo Shipping Industry of Wind Power,” HSB

Future of Assurance: Ensuring that a System is Trustworthy

NASA Astrophysics Data System (ADS)

Sadeghi, Ahmad-Reza; Verbauwhede, Ingrid; Vishik, Claire

Significant efforts are put in defining and implementing strong security measures for all components of the comput-ing environment. It is equally important to be able to evaluate the strength and robustness of these measures and establish trust among the components of the computing environment based on parameters and attributes of these elements and best practices associated with their production and deployment. Today the inventory of techniques used for security assurance and to establish trust -- audit, security-conscious development process, cryptographic components, external evaluation - is somewhat limited. These methods have their indisputable strengths and have contributed significantly to the advancement in the area of security assurance. However, shorter product and tech-nology development cycles and the sheer complexity of modern digital systems and processes have begun to decrease the efficiency of these techniques. Moreover, these approaches and technologies address only some aspects of security assurance and, for the most part, evaluate assurance in a general design rather than an instance of a product. Additionally, various components of the computing environment participating in the same processes enjoy different levels of security assurance, making it difficult to ensure adequate levels of protection end-to-end. Finally, most evaluation methodologies rely on the knowledge and skill of the evaluators, making reliable assessments of trustworthiness of a system even harder to achieve. The paper outlines some issues in security assurance that apply across the board, with the focus on the trustworthiness and authenticity of hardware components and evaluates current approaches to assurance.

Privacy Protection for Telecare Medicine Information Systems Using a Chaotic Map-Based Three-Factor Authenticated Key Agreement Scheme.

PubMed

Zhang, Liping; Zhu, Shaohui; Tang, Shanyu

2017-03-01

Telecare medicine information systems (TMIS) provide flexible and convenient e-health care. However, the medical records transmitted in TMIS are exposed to unsecured public networks, so TMIS are more vulnerable to various types of security threats and attacks. To provide privacy protection for TMIS, a secure and efficient authenticated key agreement scheme is urgently needed to protect the sensitive medical data. Recently, Mishra et al. proposed a biometrics-based authenticated key agreement scheme for TMIS by using hash function and nonce, they claimed that their scheme could eliminate the security weaknesses of Yan et al.'s scheme and provide dynamic identity protection and user anonymity. In this paper, however, we demonstrate that Mishra et al.'s scheme suffers from replay attacks, man-in-the-middle attacks and fails to provide perfect forward secrecy. To overcome the weaknesses of Mishra et al.'s scheme, we then propose a three-factor authenticated key agreement scheme to enable the patient to enjoy the remote healthcare services via TMIS with privacy protection. The chaotic map-based cryptography is employed in the proposed scheme to achieve a delicate balance of security and performance. Security analysis demonstrates that the proposed scheme resists various attacks and provides several attractive security properties. Performance evaluation shows that the proposed scheme increases efficiency in comparison with other related schemes.

Breaking the cyber-security dilemma: aligning security needs and removing vulnerabilities.

PubMed

Dunn Cavelty, Myriam

2014-09-01

Current approaches to cyber-security are not working. Rather than producing more security, we seem to be facing less and less. The reason for this is a multi-dimensional and multi-faceted security dilemma that extends beyond the state and its interaction with other states. It will be shown how the focus on the state and "its" security crowds out consideration for the security of the individual citizen, with detrimental effects on the security of the whole system. The threat arising from cyberspace to (national) security is presented as possible disruption to a specific way of life, one building on information technologies and critical functions of infrastructures, with relatively little consideration for humans directly. This non-focus on people makes it easier for state actors to militarize cyber-security and (re-)assert their power in cyberspace, thereby overriding the different security needs of human beings in that space. Paradoxically, the use of cyberspace as a tool for national security, both in the dimension of war fighting and the dimension of mass-surveillance, has detrimental effects on the level of cyber-security globally. A solution out of this dilemma is a cyber-security policy that is decidedly anti-vulnerability and at the same time based on strong considerations for privacy and data protection. Such a security would have to be informed by an ethics of the infosphere that is based on the dignity of information related to human beings.

Seasonal food insecurity and perceived social support in rural Tanzania.

PubMed

Hadley, Craig; Mulder, Monique Borgerhoff; Fitzherbert, Emily

2007-06-01

To examine whether the occurrence of seasonal food insecurity was related to ethnicity, household wealth and perceived social support, and to assess whether social support was more efficacious in protecting against food insecurity in wealthier households. Secondary objectives were to assess the association between past food insecurity, current dietary intake and perceived health. A sample of 208 randomly selected mothers from two ethnic groups living in the same villages in rural Tanzania participated in a cross-sectional survey. Food insecurity was highly prevalent in this area, particularly among the poorer ethnic group. Half of ethnically Sukuma households fell into the most food-secure category, compared with only 20% of ethnically Pimbwe households. Among both groups, measures of household wealth and social support were strongly associated with food security. Interestingly, social support appeared to be more effective among the wealthier ethnic group/community. Past food insecurity was also related to current indicators of dietary intake and women's self-perceptions of health. Greater social support is associated with food security, suggesting that it may protect against the occurrence of seasonal food insecurity. Social support also interacts with wealth to offer greater protection against food insecurity, suggesting that increasing wealth at the community level may influence food insecurity through both direct and indirect means. Seasonal food insecurity also appears to have lasting effects that likely create and reinforce poverty.

49 CFR 1520.17 - Consequences of unauthorized disclosure of SSI.

Code of Federal Regulations, 2010 CFR

2010-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.17 Consequences of unauthorized disclosure of...

SecureMA: protecting participant privacy in genetic association meta-analysis.

PubMed

Xie, Wei; Kantarcioglu, Murat; Bush, William S; Crawford, Dana; Denny, Joshua C; Heatherly, Raymond; Malin, Bradley A

2014-12-01

Sharing genomic data is crucial to support scientific investigation such as genome-wide association studies. However, recent investigations suggest the privacy of the individual participants in these studies can be compromised, leading to serious concerns and consequences, such as overly restricted access to data. We introduce a novel cryptographic strategy to securely perform meta-analysis for genetic association studies in large consortia. Our methodology is useful for supporting joint studies among disparate data sites, where privacy or confidentiality is of concern. We validate our method using three multisite association studies. Our research shows that genetic associations can be analyzed efficiently and accurately across substudy sites, without leaking information on individual participants and site-level association summaries. Our software for secure meta-analysis of genetic association studies, SecureMA, is publicly available at http://github.com/XieConnect/SecureMA. Our customized secure computation framework is also publicly available at http://github.com/XieConnect/CircuitService. © The Author 2014. Published by Oxford University Press. All rights reserved. For Permissions, please e-mail: journals.permissions@oup.com.

32 CFR 228.11 - Restrictions on the taking of photographs.

Code of Federal Regulations, 2012 CFR

2012-07-01

... photographs. In order to protect the security of the Agency's facilities, photographs may be taken on protected property only with the consent of the NSA Director of Security or his designee. The taking of...

32 CFR 228.11 - Restrictions on the taking of photographs.

Code of Federal Regulations, 2010 CFR

2010-07-01

... photographs. In order to protect the security of the Agency's facilities, photographs may be taken on protected property only with the consent of the NSA Director of Security or his designee. The taking of...

32 CFR 228.11 - Restrictions on the taking of photographs.

Code of Federal Regulations, 2011 CFR

2011-07-01

... photographs. In order to protect the security of the Agency's facilities, photographs may be taken on protected property only with the consent of the NSA Director of Security or his designee. The taking of...

32 CFR 228.11 - Restrictions on the taking of photographs.

Code of Federal Regulations, 2013 CFR

2013-07-01

... photographs. In order to protect the security of the Agency's facilities, photographs may be taken on protected property only with the consent of the NSA Director of Security or his designee. The taking of...

75 FR 21011 - Critical Infrastructure Partnership Advisory Council

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-22

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2010-0032] Critical Infrastructure Partnership... Infrastructure Partnership Advisory Council (CIPAC) charter renewal. SUMMARY: The Department of Homeland Security... and Outreach Division, Office of Infrastructure Protection, National Protection and Programs...

Leveraging social media for flood emergency management: an experience in Campania region (southern Italy)

NASA Astrophysics Data System (ADS)

Biafore, Mauro

2017-04-01

Campania is the Italian region with the highest population density (419 inhabitants/km2). Almost 20% of its territory (13669 km2) is exposed to severe hydrogeological risk scenarios, triggered by extreme rainfall events with duration ranging from a few tens of minutes to several hours. Many of these risk scenarios can only be mitigated by non-structural measures, which are mainly designed to increase the resilience of the exposed communities. Several studies have evidenced that the effectiveness of civil protection actions can be enhanced by using social media for disseminating and collecting information relevant for crisis preparedness, response and recovery. However, the application of social media in the management of hydrogeological risks is still in its infancy. The civil protection of Campania Region, as part of a FP7 project called SUPER (Social sensors for secUrity Assessments and Proactive EmeRgencies management), has been validating an integrated framework enabling optimal blending of social media in the emergency management processes. The SUPER project is a joint effort of social media experts (including social network providers) and security experts (including security and civil protection agencies), towards introducing an integrated and privacy-friendly approach to the use of social media in emergencies and security incidents. As part of the project outcomes, the "SUPER platform" has been developed. It consists of a set of social media processing components integrated in a Common Operational Picture, designed for supporting security and emergency management. A demonstration was primarily setup to evaluate how the SUPER platform can effectively facilitate the exploitation of social media data for improving civil protection actions during a simulated emergency scenario. To this purpose, a civil protection exercise took place in the city of Sorrento (Naples, Italy), involving tens of volunteers and emergency operators. The simulated emergency scenario was represented by simultaneous flash floods associated with shallow landslides, triggered by a severe thunderstorm in the city centre of Sorrento. Volunteers on the field simulated the social media engagement during such an event. The SUPER platform was successfully evaluated with respect to the following real-time operations: i) filtering the relevant information posted on Twitter during the simulated emergency; ii) geo-localising the relevant information within the Command Operational Picture; iii) enhancing the situation awareness at Command and Control level.

17 CFR 300.502 - Claim for securities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Claim for securities. 300.502 Section 300.502 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) Schedule A to Part 285 RULES OF THE SECURITIES INVESTOR PROTECTION CORPORATION Rules Relating to Satisfaction...

A Hybrid Approach to Protect Palmprint Templates

PubMed Central

Sun, Dongmei; Xiong, Ke; Qiu, Zhengding

2014-01-01

Biometric template protection is indispensable to protect personal privacy in large-scale deployment of biometric systems. Accuracy, changeability, and security are three critical requirements for template protection algorithms. However, existing template protection algorithms cannot satisfy all these requirements well. In this paper, we propose a hybrid approach that combines random projection and fuzzy vault to improve the performances at these three points. Heterogeneous space is designed for combining random projection and fuzzy vault properly in the hybrid scheme. New chaff point generation method is also proposed to enhance the security of the heterogeneous vault. Theoretical analyses of proposed hybrid approach in terms of accuracy, changeability, and security are given in this paper. Palmprint database based experimental results well support the theoretical analyses and demonstrate the effectiveness of proposed hybrid approach. PMID:24982977

A hybrid approach to protect palmprint templates.

PubMed

Liu, Hailun; Sun, Dongmei; Xiong, Ke; Qiu, Zhengding

2014-01-01

Biometric template protection is indispensable to protect personal privacy in large-scale deployment of biometric systems. Accuracy, changeability, and security are three critical requirements for template protection algorithms. However, existing template protection algorithms cannot satisfy all these requirements well. In this paper, we propose a hybrid approach that combines random projection and fuzzy vault to improve the performances at these three points. Heterogeneous space is designed for combining random projection and fuzzy vault properly in the hybrid scheme. New chaff point generation method is also proposed to enhance the security of the heterogeneous vault. Theoretical analyses of proposed hybrid approach in terms of accuracy, changeability, and security are given in this paper. Palmprint database based experimental results well support the theoretical analyses and demonstrate the effectiveness of proposed hybrid approach.

The Insider Threat Security Architecture: An Integrated, Inseparable, and Uninterrupted Self-Protection Autonomic Framework

ERIC Educational Resources Information Center

Jabbour, Ghassan

2010-01-01

The increasing proliferation of globally interconnected complex information systems has elevated the magnitude of attacks and the level of damage that they inflict on such systems. This open environment of intertwined financial, medical, defense, and other systems has attracted hackers to increase their malicious activities to cause harm or to…

Game theoretic analysis of physical protection system design

DOE Office of Scientific and Technical Information (OSTI.GOV)

Canion, B.; Schneider, E.; Bickel, E.

The physical protection system (PPS) of a fictional small modular reactor (SMR) facility have been modeled as a platform for a game theoretic approach to security decision analysis. To demonstrate the game theoretic approach, a rational adversary with complete knowledge of the facility has been modeled attempting a sabotage attack. The adversary adjusts his decisions in response to investments made by the defender to enhance the security measures. This can lead to a conservative physical protection system design. Since defender upgrades were limited by a budget, cost benefit analysis may be conducted upon security upgrades. One approach to cost benefitmore » analysis is the efficient frontier, which depicts the reduction in expected consequence per incremental increase in the security budget.« less

Security of electronic medical information and patient privacy: what you need to know.

PubMed

Andriole, Katherine P

2014-12-01

The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.

76 FR 20995 - Critical Infrastructure Partnership Advisory Council (CIPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-14

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0028] Critical Infrastructure Partnership... Critical Infrastructure Partnership Advisory Council (CIPAC) by notice published in the Federal Register... Infrastructure Protection, National Protection and Programs Directorate, U.S. Department of Homeland Security...

49 CFR 8.5 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-10-01

... that information requires, in the interest of national security, protection against unauthorized... of protection, and the unauthorized disclosure of which could reasonably be expected to cause exceptionally grave damage to the national security that the original classification authority is able to...

The experiences of security industry contractors working in Iraq: an interpretative phenomenological analysis.

PubMed

Messenger, Katy; Farquharson, Lorna; Stallworthy, Pippa; Cawkill, Paul; Greenberg, Neil

2012-07-01

To explore the occupational experiences of private security contractors working in a war zone and how it impacts on their mental health. Semistructured interviews were conducted with seven contractors employed by a large UK-based private security company. Interpretative phenomenological analysis was used to analyze the interview transcripts. Participants also completed the 12-item General Health Questionnaire and the Posttraumatic Stress Disorder Checklist. Four overarching themes emerged: the appeal of the job; vulnerability; keep going; and seeking help for stress in the workplace. No clinically significant levels of distress were reported. Contractors are frequently exposed to stressors known to increase risk of psychiatric difficulty in military personnel. A number of potential protective factors were identified. Only a minority of participants were open to seeking help for mental health difficulties.

Remote secure observing for the Faulkes Telescopes

NASA Astrophysics Data System (ADS)

Smith, Robert J.; Steele, Iain A.; Marchant, Jonathan M.; Fraser, Stephen N.; Mucke-Herzberg, Dorothea

2004-09-01

Since the Faulkes Telescopes are to be used by a wide variety of audiences, both powerful engineering level and simple graphical interfaces exist giving complete remote and robotic control of the telescope over the internet. Security is extremely important to protect the health of both humans and equipment. Data integrity must also be carefully guarded for images being delivered directly into the classroom. The adopted network architecture is described along with the variety of security and intrusion detection software. We use a combination of SSL, proxies, IPSec, and both Linux iptables and Cisco IOS firewalls to ensure only authenticated and safe commands are sent to the telescopes. With an eye to a possible future global network of robotic telescopes, the system implemented is capable of scaling linearly to any moderate (of order ten) number of telescopes.

Protecting Secure Facilities From Underground Intrusion Using Seismic/Acoustic Sensor Arrays

DTIC Science & Technology

2009-08-01

the upper 6 meters of sediments were deposited as part of a delta during a time of higher sea level, when low-gradient rivers carried fine-grained...geological site characterization and stratigraphy and sedimentation processes. Dr. Jason R. McKenna is a geophysicist at the United States Army Engineer...doctrine is being revised to address the engineer force structure at all levels to ensure that emerging lessons learned from Iraq and Afghanistan are

An Assessment of the Attractiveness of Material Associated with a MOX Fuel Cycle from a Safeguards Perspective

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bathke, Charles G; Wallace, Richard K; Ireland, John R

2009-01-01

This paper is an extension to earlier studies that examined the attractiveness of materials mixtures containing special nuclear materials (SNM) and alternate nuclear materials (ANM) associated with the PUREX, UREX, coextraction, THOREX, and PYROX reprocessing schemes. This study extends the figure of merit (FOM) for evaluating attractiveness to cover a broad range of proliferant State and sub-national group capabilities. This study also considers those materials that will be recycled and burned, possibly multiple times, in LWRs [e.g., plutonium in the form of mixed oxide (MOX) fuel]. The primary conclusion of this study is that all fissile material needs to bemore » rigorously safeguarded to detect diversion by a State and provided the highest levels of physical protection to prevent theft by sub-national groups; no 'silver bullet' has been found that will permit the relaxation of current international safeguards or national physical security protection levels. This series of studies has been performed at the request of the United States Department of Energy (DOE) and is based on the calculation of 'attractiveness levels' that are expressed in terms consistent with, but normally reserved for nuclear materials in DOE nuclear facilities. The expanded methodology and updated findings are presented. Additionally, how these attractiveness levels relate to proliferation resistance and physical security are discussed.« less

AN ASSESSMENT OF THE ATTRACTIVENESS OF MATERIAL ASSOCIATED WITH A MOX FUEL CYCLE FROM A SAFEGUARDS PERSPECTIVE

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bathke, C. G.; Ebbinghaus, B. B.; Sleaford, Brad W.

2009-07-09

This paper is an extension to earlier studies [1,2] that examined the attractiveness of materials mixtures containing special nuclear materials (SNM) and alternate nuclear materials (ANM) associated with the PUREX, UREX, coextraction, THOREX, and PYROX reprocessing schemes. This study extends the figure of merit (FOM) for evaluating attractiveness to cover a broad range of proliferant State and sub-national group capabilities. This study also considers those materials that will be recycled and burned, possibly multiple times, in LWRs [e.g., plutonium in the form of mixed oxide (MOX) fuel]. The primary conclusion of this study is that all fissile material needs tomore » be rigorously safeguarded to detect diversion by a State and provided the highest levels of physical protection to prevent theft by sub-national groups; no “silver bullet” has been found that will permit the relaxation of current international safeguards or national physical security protection levels. This series of studies has been performed at the request of the United States Department of Energy (DOE) and is based on the calculation of "attractiveness levels" that are expressed in terms consistent with, but normally reserved for nuclear materials in DOE nuclear facilities [3]. The expanded methodology and updated findings are presented. Additionally, how these attractiveness levels relate to proliferation resistance and physical security are discussed.« less

Security auditing: a prescription for keeping protection programs healthy.

PubMed

Luizzo, Anthony

2010-01-01

The different aspects of security auditing and the role of the security auditor is explained in detail by the author in this primer for security professionals with specific advice on what should be included in a security audit report.

49 CFR 1520.5 - Sensitive security information.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Sensitive security information. 1520.5 Section 1520.5 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF...

Legal issues of the electronic dental record: security and confidentiality.

PubMed

Szekely, D G; Milam, S; Khademi, J A

1996-01-01

Computer-based, electronic dental record keeping involves complex issues of patient privacy and the dental practitioner's ethical duty of confidentiality. Federal and state law is responding to the new legal issues presented by computer technology. Authenticating the electronic record in terms of ensuring its reliability and accuracy is essential in order to protect its admissibility as evidence in legal actions. Security systems must be carefully planned to limit access and provide for back-up and storage of dental records. Carefully planned security systems protect the patient from disclosure without the patient's consent and also protect the practitioner from the liability that would arise from such disclosure. Human errors account for the majority of data security problems. Personnel security is assured through pre-employment screening, employment contracts, policies, and staff education. Contracts for health information systems should include provisions for indemnification and ensure the confidentiality of the system by the vendor.

Protecting Privacy and Securing the Gathering of Location Proofs - The Secure Location Verification Proof Gathering Protocol

NASA Astrophysics Data System (ADS)

Graham, Michelle; Gray, David

As wireless networks become increasingly ubiquitous, the demand for a method of locating a device has increased dramatically. Location Based Services are now commonplace but there are few methods of verifying or guaranteeing a location provided by a user without some specialised hardware, especially in larger scale networks. We propose a system for the verification of location claims, using proof gathered from neighbouring devices. In this paper we introduce a protocol to protect this proof gathering process, protecting the privacy of all involved parties and securing it from intruders and malicious claiming devices. We present the protocol in stages, extending the security of this protocol to allow for flexibility within its application. The Secure Location Verification Proof Gathering Protocol (SLVPGP) has been designed to function within the area of Vehicular Networks, although its application could be extended to any device with wireless & cryptographic capabilities.

Lightweight autonomous chemical identification system (LACIS)

NASA Astrophysics Data System (ADS)

Lozos, George; Lin, Hai; Burch, Timothy

2012-06-01

Smiths Detection and Intelligent Optical Systems have developed prototypes for the Lightweight Autonomous Chemical Identification System (LACIS) for the US Department of Homeland Security. LACIS is to be a handheld detection system for Chemical Warfare Agents (CWAs) and Toxic Industrial Chemicals (TICs). LACIS is designed to have a low limit of detection and rapid response time for use by emergency responders and could allow determination of areas having dangerous concentration levels and if protective garments will be required. Procedures for protection of responders from hazardous materials incidents require the use of protective equipment until such time as the hazard can be assessed. Such accurate analysis can accelerate operations and increase effectiveness. LACIS is to be an improved point detector employing novel CBRNE detection modalities that includes a militaryproven ruggedized ion mobility spectrometer (IMS) with an array of electro-resistive sensors to extend the range of chemical threats detected in a single device. It uses a novel sensor data fusion and threat classification architecture to interpret the independent sensor responses and provide robust detection at low levels in complex backgrounds with minimal false alarms. The performance of LACIS prototypes have been characterized in independent third party laboratory tests at the Battelle Memorial Institute (BMI, Columbus, OH) and indoor and outdoor field tests at the Nevada National Security Site (NNSS). LACIS prototypes will be entering operational assessment by key government emergency response groups to determine its capabilities versus requirements.

An Elliptic Curve Based Schnorr Cloud Security Model in Distributed Environment

PubMed Central

Muthurajan, Vinothkumar; Narayanasamy, Balaji

2016-01-01

Cloud computing requires the security upgrade in data transmission approaches. In general, key-based encryption/decryption (symmetric and asymmetric) mechanisms ensure the secure data transfer between the devices. The symmetric key mechanisms (pseudorandom function) provide minimum protection level compared to asymmetric key (RSA, AES, and ECC) schemes. The presence of expired content and the irrelevant resources cause unauthorized data access adversely. This paper investigates how the integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme. This paper proposes a virtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA) to remove the expired content. The HCSA-based auditing improves the malicious activity prediction during the data transfer. The duplication in the cloud server degrades the performance of EC-Schnorr based encryption schemes. This paper utilizes the blooming filter concept to avoid the cloud server duplication. The combination of EC-Schnorr and blooming filter efficiently improves the security performance. The comparative analysis between proposed HCSA and the existing Distributed Hash Table (DHT) regarding execution time, computational overhead, and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security model creation. PMID:26981584

An Elliptic Curve Based Schnorr Cloud Security Model in Distributed Environment.

PubMed

Muthurajan, Vinothkumar; Narayanasamy, Balaji

2016-01-01

Cloud computing requires the security upgrade in data transmission approaches. In general, key-based encryption/decryption (symmetric and asymmetric) mechanisms ensure the secure data transfer between the devices. The symmetric key mechanisms (pseudorandom function) provide minimum protection level compared to asymmetric key (RSA, AES, and ECC) schemes. The presence of expired content and the irrelevant resources cause unauthorized data access adversely. This paper investigates how the integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme. This paper proposes a virtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA) to remove the expired content. The HCSA-based auditing improves the malicious activity prediction during the data transfer. The duplication in the cloud server degrades the performance of EC-Schnorr based encryption schemes. This paper utilizes the blooming filter concept to avoid the cloud server duplication. The combination of EC-Schnorr and blooming filter efficiently improves the security performance. The comparative analysis between proposed HCSA and the existing Distributed Hash Table (DHT) regarding execution time, computational overhead, and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security model creation.

On the Adaptive Protection of Microgrids: A Review on How to Mitigate Cyber Attacks and Communication Failures

DOE Office of Scientific and Technical Information (OSTI.GOV)

Habib, Hany F; Lashway, Christopher R; Mohammed, Osama A

One main challenge in the practical implementation of a microgrid is the design of an adequate protection scheme in both grid connected and islanded modes. Conventional overcurrent protection schemes face selectivity and sensitivity issues during grid and microgrid faults since the fault current level is different in both cases for the same relay. Various approaches have been implemented in the past to deal with this problem, yet the most promising ones are the implementation of adaptive protection techniques abiding by the IEC 61850 communication standard. This paper presents a critical review of existing adaptive protection schemes, the technical challenges formore » the use of classical protection techniques and the need for an adaptive, smart protection system. However, the risk of communication link failures and cyber security threats still remain a challenge in implementing a reliable adaptive protection scheme. A contingency is needed where a communication issue prevents the relay from adjusting to a lower current level during islanded mode. An adaptive protection scheme is proposed that utilizes energy storage (ES) and hybrid ES (HESS) already available in the network as a mechanism to source the higher fault current. Four common grid ES and HESS are reviewed for their suitability in feeding the fault while some solutions are proposed.« less

Authentication Without Secrets

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pierson, Lyndon G.; Robertson, Perry J.

This work examines a new approach to authentication, which is the most fundamental security primitive that underpins all cyber security protections. Current Internet authentication techniques require the protection of one or more secret keys along with the integrity protection of the algorithms/computations designed to prove possession of the secret without actually revealing it. Protecting a secret requires physical barriers or encryption with yet another secret key. The reason to strive for "Authentication without Secret Keys" is that protecting secrets (even small ones only kept in a small corner of a component or device) is much harder than protecting the integritymore » of information that is not secret. Promising methods are examined for authentication of components, data, programs, network transactions, and/or individuals. The successful development of authentication without secret keys will enable far more tractable system security engineering for high exposure, high consequence systems by eliminating the need for brittle protection mechanisms to protect secret keys (such as are now protected in smart cards, etc.). This paper is a re-release of SAND2009-7032 with new figures numerous edits.« less

Information security of power enterprises of North-Arctic region

NASA Astrophysics Data System (ADS)

Sushko, O. P.

2018-05-01

The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

17 CFR 403.2 - Hypothecation of customer securities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Hypothecation of customer securities. 403.2 Section 403.2 Commodity and Securities Exchanges DEPARTMENT OF THE TREASURY REGULATIONS UNDER SECTION 15C OF THE SECURITIES EXCHANGE ACT OF 1934 PROTECTION OF CUSTOMER SECURITIES AND BALANCES...

17 CFR 300.307 - Completion with cash or securities of customer.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Completion with cash or securities of customer. 300.307 Section 300.307 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) Schedule A to Part 285 RULES OF THE SECURITIES INVESTOR PROTECTION CORPORATION...

The Shaping of Managers' Security Objectives through Information Security Awareness Training

ERIC Educational Resources Information Center

Harris, Mark A.

2010-01-01

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

6 CFR 29.5 - Requirements for protection.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL... PCII Program Manager or the PCII Program Manager's designee; (2) The information is submitted for... information initially provided received by the PCII Program Manager or the PCII Program Manager's designee...

6 CFR 29.5 - Requirements for protection.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL... PCII Program Manager or the PCII Program Manager's designee; (2) The information is submitted for... information initially provided received by the PCII Program Manager or the PCII Program Manager's designee...

76 FR 70730 - The Critical Infrastructure Partnership Advisory Council (CIPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-15

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0112] The Critical Infrastructure Partnership... Critical Infrastructure Partnership Advisory Council (CIPAC) by notice published in the Federal Register... Infrastructure Protection, National Protection and Programs Directorate, U.S. Department of Homeland Security...

76 FR 29775 - The Critical Infrastructure Partnership Advisory Council (CIPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-23

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0038] The Critical Infrastructure Partnership... Critical Infrastructure Partnership Advisory Council (CIPAC) by notice published in the Federal Register... Infrastructure Protection, National Protection and Programs Directorate, U.S. Department of Homeland Security...

75 FR 48983 - The Critical Infrastructure Partnership Advisory Council (CIPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-12

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2010-0062] The Critical Infrastructure Partnership... Critical Infrastructure Partnership Advisory Council (CIPAC) by notice published in the Federal Register... Infrastructure Protection, National Protection and Programs Directorate, Department of Homeland Security, 245...

ICRP Publication 125: Radiological Protection in Security Screening.

PubMed

Cool, D A; Lazo, E; Tattersall, P; Simeonov, G; Niu, S

2014-07-01

The use of technologies to provide security screening for individuals and objects has been increasing rapidly, in keeping with the significant increase in security concerns worldwide. Within the spectrum of technologies, the use of ionizing radiation to provide backscatter and transmission screening capabilities has also increased. The Commission has previously made a number of statements related to the general topic of deliberate exposures of individuals in non-medical settings. This report provides advice on how the radiological protection principles recommended by the Commission should be applied within the context of security screening. More specifically, the principles of justification, optimisation of protection, and dose limitation for planned exposure situations are directly applicable to the use of ionising radiation in security screening. In addition, several specific topics are considered in this report, including the situation in which individuals may be exposed because they are concealed (‘stowaways’) in a cargo container or conveyance that may be subject to screening. The Commission continues to recommend that careful justification of screening should be considered before decisions are made to employ the technology. If a decision is made that its use is justified, the framework for protection as a planned exposure situation should be employed, including optimization of protection with the use of dose constraints and the appropriate provisions for authorisation and inspection.

Building a Secure Library System.

ERIC Educational Resources Information Center

Benson, Allen C.

1998-01-01

Presents tips for building a secure library system to guard against threats like hackers, viruses, and theft. Topics include: determining what is at risk; recovering from disasters; developing security policies; developing front-end security; securing menu systems; accessing control programs; protecting against damage from viruses; developing…

76 FR 43696 - Nationwide Cyber Security Review (NCSR) Assessment

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-21

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0012] Nationwide Cyber Security Review (NCSR... Protection and Programs Directorate (NPPD), Office of Cybersecurity and Communications (CS&C), National Cyber Security Division (NCSD), Cyber Security Evaluation Program (CSEP), will submit the following Information...

A protect solution for data security in mobile cloud storage

NASA Astrophysics Data System (ADS)

Yu, Xiaojun; Wen, Qiaoyan

2013-03-01

It is popular to access the cloud storage by mobile devices. However, this application suffer data security risk, especial the data leakage and privacy violate problem. This risk exists not only in cloud storage system, but also in mobile client platform. To reduce the security risk, this paper proposed a new security solution. It makes full use of the searchable encryption and trusted computing technology. Given the performance limit of the mobile devices, it proposes the trusted proxy based protection architecture. The design basic idea, deploy model and key flows are detailed. The analysis from the security and performance shows the advantage.

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2012 CFR

2012-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2013 CFR

2013-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

48 CFR 39.101 - Policy.

Code of Federal Regulations, 2011 CFR

2011-10-01

..., including consideration of security of resources, protection of privacy, national security and emergency... information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of...

Two-dimensional modelling of internal arc effects in an enclosed MV cell provided with a protection porous filter

NASA Astrophysics Data System (ADS)

Rochette, D.; Clain, S.; André, P.; Bussière, W.; Gentils, F.

2007-05-01

Medium voltage (MV) cells have to respect standards (for example IEC ones (IEC TC 17C 2003 IEC 62271-200 High Voltage Switchgear and Controlgear—Part 200 1st edn)) that define security levels against internal arc faults such as an accidental electrical arc occurring in the apparatus. New protection filters based on porous materials are developed to provide better energy absorption properties and a higher protection level for people. To study the filter behaviour during a major electrical accident, a two-dimensional model is proposed. The main point is the use of a dedicated numerical scheme for a non-conservative hyperbolic problem. We present a numerical simulation of the process during the first 0.2 s when the safety valve bursts and we compare the numerical results with tests carried out in a high power test laboratory on real electrical apparatus.

U.S. Space Policy and Space Industry Strangulation

DTIC Science & Technology

2010-03-01

protecting U.S. national security, and creating an environment in which non-U.S. citizens can participate fully in the U.S. space industry. 14...still protecting U.S. national security, and creating an environment in which non-U.S. citizens can participate fully in the U.S. space industry...security, and creating and sustaining a globally competitive space industry. These realms are not mutually exclusive. If technologies are overly guarded

Exploring Factors Influencing Self-Efficacy in Information Security an Empirical Analysis by Integrating Multiple Theoretical Perspectives in the Context of Using Protective Information Technologies

ERIC Educational Resources Information Center

Reddy, Dinesh Sampangirama

2017-01-01

Cybersecurity threats confront the United States on a daily basis, making them one of the major national security challenges. One approach to meeting these challenges is to improve user cybersecurity behavior. End user security behavior hinges on end user acceptance and use of the protective information technologies such as anti-virus and…

45 CFR 164.302 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 45 Public Welfare 1 2010-10-01 2010-10-01 false Applicability. 164.302 Section 164.302 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164...

Separation Kernel Protection Profile Revisited: Choices and Rationale

DTIC Science & Technology

2010-12-01

provide the most stringent protection and rigorous security countermeasures” [ IATF ]. In other words, robustness is not the same as assurance. Figure 3... IATF Information Assurance Technical Framework, Chapter 4, Release 3.1, National Security Agency, September 2002. Karjoth01 G. Karjoth, “The

45 CFR 164.302 - Applicability.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 45 Public Welfare 1 2011-10-01 2011-10-01 false Applicability. 164.302 Section 164.302 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164...

45 CFR 164.312 - Technical safeguards.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 45 Public Welfare 1 2014-10-01 2014-10-01 false Technical safeguards. 164.312 Section 164.312 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health...

45 CFR 164.302 - Applicability.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 45 Public Welfare 1 2014-10-01 2014-10-01 false Applicability. 164.302 Section 164.302 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health Information § 164...

45 CFR 164.314 - Organizational requirements.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 45 Public Welfare 1 2014-10-01 2014-10-01 false Organizational requirements. 164.314 Section 164.314 Public Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health...

45 CFR 164.314 - Organizational requirements.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 45 Public Welfare 1 2011-10-01 2011-10-01 false Organizational requirements. 164.314 Section 164.314 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health...

45 CFR 164.314 - Organizational requirements.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 45 Public Welfare 1 2010-10-01 2010-10-01 false Organizational requirements. 164.314 Section 164.314 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Security Standards for the Protection of Electronic Protected Health...

Report: EPA Lacks Processes to Validate Whether Contractors Receive Specialized Role-Based Training for Network and Data Protection

EPA Pesticide Factsheets

Report #17-P-0344, July 31, 2017. The EPA is unaware whether information security contractors possess the skills and training needed to protect the agency’s information, data and network from security breaches.

PCASSO: a design for secure communication of personal health information via the internet.

PubMed

Baker, D B; Masys, D R

1999-05-01

The Internet holds both promise and peril for the communications of person-identifiable health information. Because of technical features designed to promote accessibility and interoperability rather than security, Internet addressing conventions and transport protocols are vulnerable to compromise by malicious persons and programs. In addition, most commonly used personal computer (PC) operating systems currently lack the hardware-based system software protection and process isolation that are essential for ensuring the integrity of trusted applications. Security approaches designed for electronic commerce, that trade known security weaknesses for limited financial liability, are not sufficient for personal health data, where the personal damage caused by unintentional disclosure may be far more serious. To overcome these obstacles, we are developing and evaluating an Internet-based communications system called PCASSO (Patient-centered access to secure systems online) that applies state of the art security to health information. PCASSO includes role-based access control, multi-level security, strong device and user authentication, session-specific encryption and audit trails. Unlike Internet-based electronic commerce 'solutions,' PCASSO secures data end-to-end: in the server; in the data repository; across the network; and on the client. PCASSO is designed to give patients as well as providers access to personal health records via the Internet.

Optical-electronic device based on diffraction optical element for control of special protective tags executed from luminophor

NASA Astrophysics Data System (ADS)

Polyakov, M.; Odinokov, S.

2017-05-01

The report focuses on special printing industry, which is called secure printing, which uses printing techniques to prevent forgery or falsification of security documents. The report considered the possibility of establishing a spectral device for determining the authenticity of certain documents that are protected by machine-readable luminophor labels. The device works in two spectral ranges - visible and near infrared that allows to register Stokes and anti-Stokes spectral components of protective tags. The proposed device allows verification of the authenticity of security documents based on multiple criteria in different spectral ranges. It may be used at enterprises related to the production of security printing products, expert units of law enforcement bodies at check of authenticity of banknotes and other structures.

77 FR 26023 - President's National Security Telecommunications Advisory Committee; Correction

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-02

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2012-0016] President's National Security Telecommunications Advisory Committee; Correction AGENCY: National Protection and Programs Directorate, DHS. [[Page... April 25, 2012, concerning the President's National Security Telecommunications Advisory Committee...

An Operational Utility Assessment: Measuring the Effectiveness of the Joint Concept Technology Demonstration (JCTD), Joint Forces Protection Advance Security System (JFPASS)

DTIC Science & Technology

2008-12-01

time- on-task in deploying a patrol force, for example. In its most basic form, an FOB consists of a ring of barbed wire around a position with a...Modernizing The Marine Corps’ CH- 53 Super Stallion Helicopter,” Thesis, NPS (December 2001). HIGH LEVEL OF IMPORTANCE LOW 62 TASKS

Plant security during decommissioning; challenges and lessons learned from German phase out decision

DOE Office of Scientific and Technical Information (OSTI.GOV)

Renner, Andrea; Esch, Markus

2013-07-01

Purpose of this paper is to point out the security challenges that may occur during the decommissioning, based on the issues and lessons learned from the German phase out decision. Though national regulations may be different in other countries the basic problems and issues will be the same. Therefore presented solutions will be applicable in other countries as well. The radioactive material remaining at the NPP during decommissioning has the most influence on how the security measures have to be designed. The radioactive material defines the risk potential of the plant and this determines the needed security level. The followingmore » aspects have been challenging in Germany: - Scenarios varying from those, used for plants in operation, due to changed operating conditions - Spent fuel will stay in the spent fuel pool for a quite long period before it can be removed from the plant. Risk potential of the plant stays high and requires a high level of security measures - Security measures according to the existing operating license have to stay in place as they are, unless the first license for decommissioning is given respective the spent fuel is removed from the plant site. This even led to the question if improvements of security measures, planned and announced with focus on a plant remaining in operation for another couple of years, need to be done although they will not be required after removing the spent fuel from the plant. A further important aspect for the security design is the fact that a plant under decommissioning has completely different and strongly varying operating procedures, compared to the stable ones of an operating plant. This leads to different needs concerning workspace, infrastructure on plant site, access to buildings etc. An optimized and highly flexible security concept is needed to ensure an adequate level of security as well as an efficient decommissioning. A deep analysis of the vital plant functions, depending on the different decommissioning stages, is required to determine the vital equipment, its location and its need for protection. (authors)« less

Analyzing the requirements for a robust security criteria and management of multi-level security in the clouds

NASA Astrophysics Data System (ADS)

Farroha, Bassam S.; Farroha, Deborah L.

2011-06-01

The new corporate approach to efficient processing and storage is migrating from in-house service-center services to the newly coined approach of Cloud Computing. This approach advocates thin clients and providing services by the service provider over time-shared resources. The concept is not new, however the implementation approach presents a strategic shift in the way organizations provision and manage their IT resources. The requirements on some of the data sets targeted to be run on the cloud vary depending on the data type, originator, user, and confidentiality level. Additionally, the systems that fuse such data would have to deal with the classifying the product and clearing the computing resources prior to allowing new application to be executed. This indicates that we could end up with a multi-level security system that needs to follow specific rules and can send the output to a protected network and systems in order not to have data spill or contaminated resources. The paper discusses these requirements and potential impact on the cloud architecture. Additionally, the paper discusses the unexpected advantages of the cloud framework providing a sophisticated environment for information sharing and data mining.

Multimodal biometric approach for cancelable face template generation

NASA Astrophysics Data System (ADS)

Paul, Padma Polash; Gavrilova, Marina

2012-06-01

Due to the rapid growth of biometric technology, template protection becomes crucial to secure integrity of the biometric security system and prevent unauthorized access. Cancelable biometrics is emerging as one of the best solutions to secure the biometric identification and verification system. We present a novel technique for robust cancelable template generation algorithm that takes advantage of the multimodal biometric using feature level fusion. Feature level fusion of different facial features is applied to generate the cancelable template. A proposed algorithm based on the multi-fold random projection and fuzzy communication scheme is used for this purpose. In cancelable template generation, one of the main difficulties is keeping interclass variance of the feature. We have found that interclass variations of the features that are lost during multi fold random projection can be recovered using fusion of different feature subsets and projecting in a new feature domain. Applying the multimodal technique in feature level, we enhance the interclass variability hence improving the performance of the system. We have tested the system for classifier fusion for different feature subset and different cancelable template fusion. Experiments have shown that cancelable template improves the performance of the biometric system compared with the original template.

Cyber-Physical Attack-Resilient Wide-Area Monitoring, Protection, and Control for the Power Grid

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ashok, Aditya; Govindarasu, Manimaran; Wang, Jianhui

Cyber security and resiliency of Wide-Area Monitoring, Protection and Control (WAMPAC) applications is critically important to ensure secure, reliable, and economic operation of the bulk power system. WAMPAC relies heavily on the security of measurements and control commands transmitted over wide-area communication networks for real-time operational, protection, and control functions. Also, the current “N-1 security criteria” for grid operation is inadequate to address malicious cyber events and therefore it is important to fundamentally redesign WAMPAC and to enhance Energy Management System (EMS) applications to make them attack-resilient. In this paper, we propose an end-to-end defense-in-depth architecture for attack-resilient WAMPAC thatmore » addresses resilience at both the infrastructure layer and the application layers. Also, we propose an attack-resilient cyber-physical security framework that encompasses the entire security life cycle including risk assessment, attack prevention, attack detection, attack mitigation, and attack resilience. The overarching objective of this paper is to provide a broad scope that comprehensively describes most of the major research issues and potential solutions in the context of cyber-physical security of WAMPAC for the power grid.« less

Applying the take-grant protection model

NASA Technical Reports Server (NTRS)

Bishop, Matt

1990-01-01

The Take-Grant Protection Model has in the past been used to model multilevel security hierarchies and simple protection systems. The models are extended to include theft of rights and sharing information, and additional security policies are examined. The analysis suggests that in some cases the basic rules of the Take-Grant Protection Model should be augmented to represent the policy properly; when appropriate, such modifications are made and their efforts with respect to the policy and its Take-Grant representation are discussed.

Smart photonic networks and computer security for image data

NASA Astrophysics Data System (ADS)

Campello, Jorge; Gill, John T.; Morf, Martin; Flynn, Michael J.

1998-02-01

Work reported here is part of a larger project on 'Smart Photonic Networks and Computer Security for Image Data', studying the interactions of coding and security, switching architecture simulations, and basic technologies. Coding and security: coding methods that are appropriate for data security in data fusion networks were investigated. These networks have several characteristics that distinguish them form other currently employed networks, such as Ethernet LANs or the Internet. The most significant characteristics are very high maximum data rates; predominance of image data; narrowcasting - transmission of data form one source to a designated set of receivers; data fusion - combining related data from several sources; simple sensor nodes with limited buffering. These characteristics affect both the lower level network design and the higher level coding methods.Data security encompasses privacy, integrity, reliability, and availability. Privacy, integrity, and reliability can be provided through encryption and coding for error detection and correction. Availability is primarily a network issue; network nodes must be protected against failure or routed around in the case of failure. One of the more promising techniques is the use of 'secret sharing'. We consider this method as a special case of our new space-time code diversity based algorithms for secure communication. These algorithms enable us to exploit parallelism and scalable multiplexing schemes to build photonic network architectures. A number of very high-speed switching and routing architectures and their relationships with very high performance processor architectures were studied. Indications are that routers for very high speed photonic networks can be designed using the very robust and distributed TCP/IP protocol, if suitable processor architecture support is available.

78 FR 72951 - Self-Regulatory Organizations; Financial Industry Regulatory Authority, Inc.; Order Approving...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-04

... To Adopt FINRA Rules 4314 (Securities Loans and Borrowings), 4330 (Customer Protection--Permissible Use of Customers' Securities) and 4340 (Callable Securities) in the Consolidated FINRA Rulebook, as... loans and borrowings, permissible use of customers' securities, and callable securities as FINRA Rules...

7 CFR 1780.14 - Security.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 7 Agriculture 12 2010-01-01 2010-01-01 false Security. 1780.14 Section 1780.14 Agriculture... (CONTINUED) WATER AND WASTE LOANS AND GRANTS General Policies and Requirements § 1780.14 Security. Loans will be secured by the best security position practicable in a manner which will adequately protect the...

7 CFR 1780.14 - Security.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 7 Agriculture 12 2011-01-01 2011-01-01 false Security. 1780.14 Section 1780.14 Agriculture... (CONTINUED) WATER AND WASTE LOANS AND GRANTS General Policies and Requirements § 1780.14 Security. Loans will be secured by the best security position practicable in a manner which will adequately protect the...

49 CFR 193.2913 - Security monitoring.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 49 Transportation 3 2012-10-01 2012-10-01 false Security monitoring. 193.2913 Section 193.2913...: FEDERAL SAFETY STANDARDS Security § 193.2913 Security monitoring. Each protective enclosure and the area.... Monitoring must be by visual observation in accordance with the schedule in the security procedures under...

19 CFR 122.182 - Security provisions.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 19 Customs Duties 1 2014-04-01 2014-04-01 false Security provisions. 122.182 Section 122.182 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY AIR COMMERCE REGULATIONS Access to Customs Security Areas § 122.182 Security provisions. (a...

7 CFR 1780.14 - Security.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 7 Agriculture 12 2012-01-01 2012-01-01 false Security. 1780.14 Section 1780.14 Agriculture... (CONTINUED) WATER AND WASTE LOANS AND GRANTS General Policies and Requirements § 1780.14 Security. Loans will be secured by the best security position practicable in a manner which will adequately protect the...

7 CFR 1780.14 - Security.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 7 Agriculture 12 2013-01-01 2013-01-01 false Security. 1780.14 Section 1780.14 Agriculture... (CONTINUED) WATER AND WASTE LOANS AND GRANTS General Policies and Requirements § 1780.14 Security. Loans will be secured by the best security position practicable in a manner which will adequately protect the...

49 CFR 193.2913 - Security monitoring.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 3 2010-10-01 2010-10-01 false Security monitoring. 193.2913 Section 193.2913...: FEDERAL SAFETY STANDARDS Security § 193.2913 Security monitoring. Each protective enclosure and the area.... Monitoring must be by visual observation in accordance with the schedule in the security procedures under...

19 CFR 122.182 - Security provisions.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 19 Customs Duties 1 2013-04-01 2013-04-01 false Security provisions. 122.182 Section 122.182 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY AIR COMMERCE REGULATIONS Access to Customs Security Areas § 122.182 Security provisions. (a...

19 CFR 122.182 - Security provisions.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 19 Customs Duties 1 2012-04-01 2012-04-01 false Security provisions. 122.182 Section 122.182 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY AIR COMMERCE REGULATIONS Access to Customs Security Areas § 122.182 Security provisions. (a...

49 CFR 193.2913 - Security monitoring.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 3 2011-10-01 2011-10-01 false Security monitoring. 193.2913 Section 193.2913...: FEDERAL SAFETY STANDARDS Security § 193.2913 Security monitoring. Each protective enclosure and the area.... Monitoring must be by visual observation in accordance with the schedule in the security procedures under...

7 CFR 1780.14 - Security.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 7 Agriculture 12 2014-01-01 2013-01-01 true Security. 1780.14 Section 1780.14 Agriculture... (CONTINUED) WATER AND WASTE LOANS AND GRANTS General Policies and Requirements § 1780.14 Security. Loans will be secured by the best security position practicable in a manner which will adequately protect the...

Global water risks and national security: Building resilience (Invited)

NASA Astrophysics Data System (ADS)

Pulwarty, R. S.

2013-12-01

The UN defines water security as the capacity of a population to safeguard sustainable access to adequate quantities of acceptable quality water for sustaining livelihoods, human well-being, and socio-economic development, for ensuring protection against water-borne pollution and water-related disasters, and for preserving ecosystems in a climate of peace and political stability. This definition highlights complex and interconnected challenges and underscores the centrality of water for environmental services and human aactivities. Global risks are expressed at the national level. The 2010 Quadrennial Defense Review and the 2010 National Security Strategy identify climate change as likely to trigger outcomes that will threaten U.S. security including how freshwater resources can become a security issue. Impacts will be felt on the National Security interest through water, food and energy security, and critical infrastructure. This recognition focuses the need to consider the rates of change in climate extremes, in the context of more traditional political, economic, and social indicators that inform security analyses. There is a long-standing academic debate over the extent to which resource constraints and environmental challenges lead to inter-state conflict. It is generally recognized that water resources as a security issue to date exists mainly at the substate level and has not led to physical conflict between nation states. In conflict and disaster zones, threats to water security increase through inequitable and difficult access to water supply and related services, which may aggravate existing social fragility, tensions, violence, and conflict. This paper will (1) Outline the dimensions of water security and its links to national security (2) Analyze water footprints and management risks for key basins in the US and around the world, (3) map the link between global water security and national concerns, drawing lessons from the drought of 2012 and elsewhere, and (3) Identify preventable risks, public leadership and private innovation needed for developing adaptive water resource management institutions that take advantage of climate and hydrologic information and changes. The presentation will conclude with a preliminary framework for assessing and implementing water security measures given insecure conditions introduced by a changing climate and in the context of national security.

49 CFR 1554.205 - Nondisclosure of certain information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRCRAFT REPAIR STATION... information or material not warranting disclosure or protected from disclosure under law or regulation. ...

A 21st century approach to assessing the protection of workers' health.

PubMed

Rosskam, Ellen

2011-01-01

This article presents a rights-based approach to the way occupational health and safety is understood, departing from medical, engineering, and technocratic approaches that dominated the field throughout the 20th century. Moving toward a 21st century concept of the good society - based on citizenship rights and principles of universalism - a social protection-based system of assessing governments' performance in protecting workers' health and well-being is proffered. A Work Security Index (WSI) is used as a benchmarking system for evaluating national or local level governments' performance in this domain. Data from 95 countries in all regions of the world were used. A pioneering tool the WSI grouped and ranked countries based on governments' protection of workers' health and safety. Data represent findings from 95 national governments, as well as workers and employers. Among 95 countries, most have much work to do to provide the minimum measures to protect their working populations. Results reveal that women workers face particular social and economic insecurities and inequalities. We attempt to inform a broad audience about the WSI, how it can be used at multiple levels in any country for the protection of workers' health, safety, and well-being, and the need to do so.

45 CFR 164.402 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Welfare Department of Health and Human Services ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Notification in the Case of Breach of Unsecured Protected Health Information § 164.402... subpart E of this part which compromises the security or privacy of the protected health information. (1...