A protect solution for data security in mobile cloud storage

NASA Astrophysics Data System (ADS)

Yu, Xiaojun; Wen, Qiaoyan

2013-03-01

It is popular to access the cloud storage by mobile devices. However, this application suffer data security risk, especial the data leakage and privacy violate problem. This risk exists not only in cloud storage system, but also in mobile client platform. To reduce the security risk, this paper proposed a new security solution. It makes full use of the searchable encryption and trusted computing technology. Given the performance limit of the mobile devices, it proposes the trusted proxy based protection architecture. The design basic idea, deploy model and key flows are detailed. The analysis from the security and performance shows the advantage.

Countries at Risk: Heightened Human Security Risk to States With Transboundary Water Resources and Instability

NASA Astrophysics Data System (ADS)

Veilleux, J. C.; Sullivan, G. S.; Paola, C.; Starget, A.; Watson, J. E.; Hwang, Y. J.; Picucci, J. A.; Choi, C. S.

2014-12-01

The Countries at Risk project is a global assessment of countries with transboundary water resources that are at risk for conflict because of high human security instability. Building upon Basins at Risk (BAR) research, our team used updated Transboundary Freshwater Dispute Database georeferenced social and environmental data, quantitative data from global indices, and qualitative data from news media sources. Our assessment considered a combination of analyzing 15 global indices related to water or human security to identify which countries scored as highest risk in each index. From this information, we were able to assess the highest risk countries' human security risk by using a new human security measurement tool, as well as comparing this analysis to the World Bank's Fragile States Index and the experimental Human Security Index. In addition, we identified which countries have the highest number of shared basins, the highest percentage of territory covered by a transboundary basin, and the highest dependency of withdrawal from transboundary waters from outside their country boundaries. By synthesizing these social and environmental data assessments, we identified five countries to analyze as case studies. These five countries are Afghanistan, China, Iraq, Moldova, and Sudan. We created a series of 30 maps to spatial analyze the relationship between the transboundary basins and social and environmental parameters to include population, institutional capacity, and physical geography by country. Finally, we synthesized our spatial analysis, Human Security Key scores, and current events scored by using the BAR scale to determine what aspects and which basins are most at risk with each country in our case studies and how this concerns future global water resources.

C-Band Airport Surface Communications System Engineering-Initial High-Level Safety Risk Assessment and Mitigation

NASA Technical Reports Server (NTRS)

Zelkin, Natalie; Henriksen, Stephen

2011-01-01

This document is being provided as part of ITT's NASA Glenn Research Center Aerospace Communication Systems Technical Support (ACSTS) contract: "New ATM Requirements--Future Communications, C-Band and L-Band Communications Standard Development." ITT has completed a safety hazard analysis providing a preliminary safety assessment for the proposed C-band (5091- to 5150-MHz) airport surface communication system. The assessment was performed following the guidelines outlined in the Federal Aviation Administration Safety Risk Management Guidance for System Acquisitions document. The safety analysis did not identify any hazards with an unacceptable risk, though a number of hazards with a medium risk were documented. This effort represents an initial high-level safety hazard analysis and notes the triggers for risk reassessment. A detailed safety hazards analysis is recommended as a follow-on activity to assess particular components of the C-band communication system after the profile is finalized and system rollout timing is determined. A security risk assessment has been performed by NASA as a parallel activity. While safety analysis is concerned with a prevention of accidental errors and failures, the security threat analysis focuses on deliberate attacks. Both processes identify the events that affect operation of the system; and from a safety perspective the security threats may present safety risks.

Food Security and Cardiovascular Disease Risk Among Adults in the United States: Findings From the National Health and Nutrition Examination Survey, 2003–2008

PubMed Central

2013-01-01

Introduction Little is known about the relationship between food security status and predicted 10-year cardiovascular disease risk. The objective of this study was to examine the associations between food security status and cardiovascular disease risk factors and predicted 10-year risk in a national sample of US adults. Methods A cross-sectional analysis using data from 10,455 adults aged 20 years or older from the National Health and Nutrition Examination Survey 2003–2008 was conducted. Four levels of food security status were defined by using 10 questions. Results Among all participants, 83.9% had full food security, 6.7% had marginal food security, 5.8% had low food security, and 3.6% had very low food security. After adjustment, mean hemoglobin A1c was 0.15% greater and mean concentration of C-reactive protein was 0.8 mg/L greater among participants with very low food security than among those with full food security. The adjusted mean concentration of cotinine among participants with very low food security was almost double that of participants with full food security (112.8 vs 62.0 ng/mL, P < .001). No significant associations between food security status and systolic blood pressure or concentrations of total cholesterol, high-density lipoprotein cholesterol, or non-high-density lipoprotein cholesterol were observed. Participants aged 30 to 59 years with very low food security were more likely to have a predicted 10-year cardiovascular disease risk greater than 20% than fully food secure participants (adjusted prevalence ratio, 2.38; 95% CI, 1.31–4.31). Conclusion Adults aged 30 to 59 years with very low food security showed evidence of increased predicted 10-year cardiovascular disease risk. PMID:24309090

Food security and cardiovascular disease risk among adults in the United States: findings from the National Health and Nutrition Examination Survey, 2003-2008.

PubMed

Ford, Earl S

2013-12-05

Little is known about the relationship between food security status and predicted 10-year cardiovascular disease risk. The objective of this study was to examine the associations between food security status and cardiovascular disease risk factors and predicted 10-year risk in a national sample of US adults. A cross-sectional analysis using data from 10,455 adults aged 20 years or older from the National Health and Nutrition Examination Survey 2003-2008 was conducted. Four levels of food security status were defined by using 10 questions. Among all participants, 83.9% had full food security, 6.7% had marginal food security, 5.8% had low food security, and 3.6% had very low food security. After adjustment, mean hemoglobin A1c was 0.15% greater and mean concentration of C-reactive protein was 0.8 mg/L greater among participants with very low food security than among those with full food security. The adjusted mean concentration of cotinine among participants with very low food security was almost double that of participants with full food security (112.8 vs 62.0 ng/mL, P < .001). No significant associations between food security status and systolic blood pressure or concentrations of total cholesterol, high-density lipoprotein cholesterol, or non-high-density lipoprotein cholesterol were observed. Participants aged 30 to 59 years with very low food security were more likely to have a predicted 10-year cardiovascular disease risk greater than 20% than fully food secure participants (adjusted prevalence ratio, 2.38; 95% CI, 1.31-4.31). Adults aged 30 to 59 years with very low food security showed evidence of increased predicted 10-year cardiovascular disease risk.

Portfolio analysis of layered security measures.

PubMed

Chatterjee, Samrat; Hora, Stephen C; Rosoff, Heather

2015-03-01

Layered defenses are necessary for protecting the public from terrorist attacks. Designing a system of such defensive measures requires consideration of the interaction of these countermeasures. In this article, we present an analysis of a layered security system within the lower Manhattan area. It shows how portfolios of security measures can be evaluated through portfolio decision analysis. Consideration is given to the total benefits and costs of the system. Portfolio diagrams are created that help communicate alternatives among stakeholders who have differing views on the tradeoffs between security and economic activity. © 2014 Society for Risk Analysis.

38 CFR 75.115 - Risk analysis.

Code of Federal Regulations, 2014 CFR

2014-07-01

... preparation of the risk analysis may include data mining if necessary for the development of relevant...) INFORMATION SECURITY MATTERS Data Breaches § 75.115 Risk analysis. If a data breach involving sensitive... possible after the data breach, a non-VA entity with relevant expertise in data breach assessment and risk...

38 CFR 75.115 - Risk analysis.

Code of Federal Regulations, 2012 CFR

2012-07-01

... preparation of the risk analysis may include data mining if necessary for the development of relevant...) INFORMATION SECURITY MATTERS Data Breaches § 75.115 Risk analysis. If a data breach involving sensitive... possible after the data breach, a non-VA entity with relevant expertise in data breach assessment and risk...

38 CFR 75.115 - Risk analysis.

Code of Federal Regulations, 2013 CFR

2013-07-01

... preparation of the risk analysis may include data mining if necessary for the development of relevant...) INFORMATION SECURITY MATTERS Data Breaches § 75.115 Risk analysis. If a data breach involving sensitive... possible after the data breach, a non-VA entity with relevant expertise in data breach assessment and risk...

38 CFR 75.115 - Risk analysis.

Code of Federal Regulations, 2011 CFR

2011-07-01

... preparation of the risk analysis may include data mining if necessary for the development of relevant...) INFORMATION SECURITY MATTERS Data Breaches § 75.115 Risk analysis. If a data breach involving sensitive... possible after the data breach, a non-VA entity with relevant expertise in data breach assessment and risk...

Security risk assessment: applying the concepts of fuzzy logic.

PubMed

Bajpai, Shailendra; Sachdeva, Anish; Gupta, J P

2010-01-15

Chemical process industries (CPI) handling hazardous chemicals in bulk can be attractive targets for deliberate adversarial actions by terrorists, criminals and disgruntled employees. It is therefore imperative to have comprehensive security risk management programme including effective security risk assessment techniques. In an earlier work, it has been shown that security risk assessment can be done by conducting threat and vulnerability analysis or by developing Security Risk Factor Table (SRFT). HAZOP type vulnerability assessment sheets can be developed that are scenario based. In SRFT model, important security risk bearing factors such as location, ownership, visibility, inventory, etc., have been used. In this paper, the earlier developed SRFT model has been modified using the concepts of fuzzy logic. In the modified SRFT model, two linguistic fuzzy scales (three-point and four-point) are devised based on trapezoidal fuzzy numbers. Human subjectivity of different experts associated with previous SRFT model is tackled by mapping their scores to the newly devised fuzzy scale. Finally, the fuzzy score thus obtained is defuzzyfied to get the results. A test case of a refinery is used to explain the method and compared with the earlier work.

A 3S Risk ?3SR? Assessment Approach for Nuclear Power: Safety Security and Safeguards.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Forrest, Robert; Reinhardt, Jason Christian; Wheeler, Timothy A.

Safety-focused risk analysis and assessment approaches struggle to adequately include malicious, deliberate acts against the nuclear power industry's fissile and waste material, infrastructure, and facilities. Further, existing methods do not adequately address non- proliferation issues. Treating safety, security, and safeguards concerns independently is inefficient because, at best, it may not take explicit advantage of measures that provide benefits against multiple risk domains, and, at worst, it may lead to implementations that increase overall risk due to incompatibilities. What is needed is an integrated safety, security and safeguards risk (or "3SR") framework for describing and assessing nuclear power risks that canmore » enable direct trade-offs and interactions in order to inform risk management processes -- a potential paradigm shift in risk analysis and management. These proceedings of the Sandia ePRA Workshop (held August 22-23, 2017) are an attempt to begin the discussions and deliberations to extend and augment safety focused risk assessment approaches to include security concerns and begin moving towards a 3S Risk approach. Safeguards concerns were not included in this initial workshop and are left to future efforts. This workshop focused on four themes in order to begin building out a the safety and security portions of the 3S Risk toolkit: 1. Historical Approaches and Tools 2. Current Challenges 3. Modern Approaches 4. Paths Forward and Next Steps This report is organized along the four areas described above, and concludes with a summary of key points. 2 Contact: rforres@sandia.gov; +1 (925) 294-2728« less

Application of the API/NPRA SVA methodology to transportation security issues.

PubMed

Moore, David A

2006-03-17

Security vulnerability analysis (SVA) is becoming more prevalent as the issue of chemical process security is of greater concern. The American Petroleum Institute (API) and the National Petrochemical and Refiner's Association (NPRA) have developed a guideline for conducting SVAs of petroleum and petrochemical facilities in May 2003. In 2004, the same organizations enhanced the guidelines by adding the ability to evaluate transportation security risks (pipeline, truck, and rail). The importance of including transportation and value chain security in addition to fixed facility security in a SVA is that these issues may be critically important to understanding the total risk of the operation. Most of the SVAs done using the API/NPRA SVA and other SVA methods were centered on the fixed facility and the operations within the plant fence. Transportation interfaces alone are normally studied as a part of the facility SVA, and the entire transportation route impacts and value chain disruption are not commonly considered. Particularly from a national, regional, or local infrastructure analysis standpoint, understanding the interdependencies is critical to the risk assessment. Transportation risks may include weaponization of the asset by direct attack en route, sabotage, or a Trojan Horse style attack into a facility. The risks differ in the level of access control and the degree of public exposures, as well as the dynamic nature of the assets. The public exposures along the transportation route need to be carefully considered. Risks may be mitigated by one of many strategies including internment, staging, prioritization, conscription, or prohibition, as well as by administrative security measures and technology for monitoring and isolating the assets. This paper illustrates how these risks can be analyzed by the API/NPRA SVA methodology. Examples are given of a pipeline operation, and other examples are found in the guidelines.

Probabilistic risk analysis and terrorism risk.

PubMed

Ezell, Barry Charles; Bennett, Steven P; von Winterfeldt, Detlof; Sokolowski, John; Collins, Andrew J

2010-04-01

Since the terrorist attacks of September 11, 2001, and the subsequent establishment of the U.S. Department of Homeland Security (DHS), considerable efforts have been made to estimate the risks of terrorism and the cost effectiveness of security policies to reduce these risks. DHS, industry, and the academic risk analysis communities have all invested heavily in the development of tools and approaches that can assist decisionmakers in effectively allocating limited resources across the vast array of potential investments that could mitigate risks from terrorism and other threats to the homeland. Decisionmakers demand models, analyses, and decision support that are useful for this task and based on the state of the art. Since terrorism risk analysis is new, no single method is likely to meet this challenge. In this article we explore a number of existing and potential approaches for terrorism risk analysis, focusing particularly on recent discussions regarding the applicability of probabilistic and decision analytic approaches to bioterrorism risks and the Bioterrorism Risk Assessment methodology used by the DHS and criticized by the National Academies and others.

Methodology development for quantitative optimization of security enhancement in medical information systems -Case study in a PACS and a multi-institutional radiotherapy database-.

PubMed

Haneda, Kiyofumi; Umeda, Tokuo; Koyama, Tadashi; Harauchi, Hajime; Inamura, Kiyonari

2002-01-01

The target of our study is to establish the methodology for analyzing level of security requirements, for searching suitable security measures and for optimizing security distribution to every portion of medical practice. Quantitative expression must be introduced to our study as possible for the purpose of easy follow up of security procedures and easy evaluation of security outcomes or results. Results of system analysis by fault tree analysis (FTA) clarified that subdivided system elements in detail contribute to much more accurate analysis. Such subdivided composition factors very much depended on behavior of staff, interactive terminal devices, kinds of service, and routes of network. As conclusion, we found the methods to analyze levels of security requirements for each medical information systems employing FTA, basic events for each composition factor and combination of basic events. Methods for searching suitable security measures were found. Namely risk factors for each basic event, number of elements for each composition factor and candidates of security measure elements were found. Method to optimize the security measures for each medical information system was proposed. Namely optimum distribution of risk factors in terms of basic events were figured out, and comparison of them between each medical information systems became possible.

Economic Evaluation of the Information Security Levels Achieved by Electric Energy Providers in North Arctic Region

NASA Astrophysics Data System (ADS)

Sushko, O. P.; Kaznin, A. A.; Babkin, A. V.; Bogdanov, D. A.

2017-10-01

The study we are conducting involves the analysis of information security levels achieved by energy providers operating in the North Arctic Region. We look into whether the energy providers’ current information security levels meet reliability standards and determine what further actions may be needed for upgrading information security in the context of the digital transformation that the world community is undergoing. When developing the information security systems for electric energy providers or selecting the protection means for them, we are governed by the fact that the assets to be protected are process technologies. While information security risk can be assessed using different methods, the evaluation of the economic damage from these risks appears to be a difficult task. The most probable and harmful risks we have identified when evaluating the electric energy providers’ information security will be used by us as variables. To provide the evaluation, it is necessary to calculate the costs relating to elimination of the risks identified. The final stage of the study will involve the development of an operation algorithm for the North Arctic Region’s energy provider’s business information protection security system - a set of information security services, and security software and hardware.

NSI security task: Overview

NASA Technical Reports Server (NTRS)

Tencati, Ron

1991-01-01

An overview is presented of the NASA Science Internet (NSI) security task. The task includes the following: policies and security documentation; risk analysis and management; computer emergency response team; incident handling; toolkit development; user consulting; and working groups, conferences, and committees.

Adversarial Risk Analysis for Urban Security Resource Allocation.

PubMed

Gil, César; Rios Insua, David; Rios, Jesus

2016-04-01

Adversarial risk analysis (ARA) provides a framework to deal with risks originating from intentional actions of adversaries. We show how ARA may be used to allocate security resources in the protection of urban spaces. We take into account the spatial structure and consider both proactive and reactive measures, in that we aim at both trying to reduce criminality as well as recovering as best as possible from it, should it happen. We deal with the problem by deploying an ARA model over each spatial unit, coordinating the models through resource constraints, value aggregation, and proximity. We illustrate our approach with an example that uncovers several relevant policy issues. © 2016 Society for Risk Analysis.

MAVEN Information Security Governance, Risk Management, and Compliance (GRC): Lessons Learned

NASA Technical Reports Server (NTRS)

Takamura, Eduardo; Gomez-Rosa, Carlos A.; Mangum, Kevin; Wasiak, Fran

2014-01-01

As the first interplanetary mission managed by the NASA Goddard Space Flight Center, the Mars Atmosphere and Volatile EvolutioN (MAVEN) had three IT security goals for its ground system: COMPLIANCE, (IT) RISK REDUCTION, and COST REDUCTION. In a multiorganizational environment in which government, industry and academia work together in support of the ground system and mission operations, information security governance, risk management, and compliance (GRC) becomes a challenge as each component of the ground system has and follows its own set of IT security requirements. These requirements are not necessarily the same or even similar to each other's, making the auditing of the ground system security a challenging feat. A combination of standards-based information security management based on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), due diligence by the Mission's leadership, and effective collaboration among all elements of the ground system enabled MAVEN to successfully meet NASA's requirements for IT security, and therefore meet Federal Information Security Management Act (FISMA) mandate on the Agency. Throughout the implementation of GRC on MAVEN during the early stages of the mission development, the Project faced many challenges some of which have been identified in this paper. The purpose of this paper is to document these challenges, and provide a brief analysis of the lessons MAVEN learned. The historical information documented herein, derived from an internal pre-launch lessons learned analysis, can be used by current and future missions and organizations implementing and auditing GRC.

Automating Risk Analysis of Software Design Models

PubMed Central

Ruiz, Guifré; Heymann, Elisa; César, Eduardo; Miller, Barton P.

2014-01-01

The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in secure development methodologies, by automating threat modeling. Reducing the dependency on security experts aims at reducing the cost of secure development by allowing non-security-aware developers to apply secure development with little to no additional cost, making secure development more accessible. To automate threat modeling two data structures are introduced, identification trees and mitigation trees, to identify threats in software designs and advise mitigation techniques, while taking into account specification requirements and cost concerns. These are the components of our model for automated threat modeling, AutSEC. We validated AutSEC by implementing it in a tool based on data flow diagrams, from the Microsoft security development methodology, and applying it to VOMS, a grid middleware component, to evaluate our model's performance. PMID:25136688

Automating risk analysis of software design models.

PubMed

Frydman, Maxime; Ruiz, Guifré; Heymann, Elisa; César, Eduardo; Miller, Barton P

2014-01-01

The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in secure development methodologies, by automating threat modeling. Reducing the dependency on security experts aims at reducing the cost of secure development by allowing non-security-aware developers to apply secure development with little to no additional cost, making secure development more accessible. To automate threat modeling two data structures are introduced, identification trees and mitigation trees, to identify threats in software designs and advise mitigation techniques, while taking into account specification requirements and cost concerns. These are the components of our model for automated threat modeling, AutSEC. We validated AutSEC by implementing it in a tool based on data flow diagrams, from the Microsoft security development methodology, and applying it to VOMS, a grid middleware component, to evaluate our model's performance.

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2010 CFR

2010-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2014 CFR

2014-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2012 CFR

2012-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2013 CFR

2013-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

32 CFR Appendix J to Part 154 - ADP Position Categories and Criteria for Designating Positions

Code of Federal Regulations, 2011 CFR

2011-07-01

..., and implementation of a computer security program; major responsibility for the direction, planning... agency computer security programs, and also including direction and control of risk analysis and/or... OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Pt. 154, App. J...

FlySec: a risk-based airport security management system based on security as a service concept

NASA Astrophysics Data System (ADS)

Kyriazanos, Dimitris M.; Segou, Olga E.; Zalonis, Andreas; Thomopoulos, Stelios C. A.

2016-05-01

Complementing the ACI/IATA efforts, the FLYSEC European H2020 Research and Innovation project (http://www.fly-sec.eu/) aims to develop and demonstrate an innovative, integrated and end-to-end airport security process for passengers, enabling a guided and streamlined procedure from the landside to airside and into the boarding gates, and offering for an operationally validated innovative concept for end-to-end aviation security. FLYSEC ambition turns through a well-structured work plan into: (i) innovative processes facilitating risk-based screening; (ii) deployment and integration of new technologies and repurposing existing solutions towards a risk-based Security paradigm shift; (iii) improvement of passenger facilitation and customer service, bringing security as a real service in the airport of tomorrow;(iv) achievement of measurable throughput improvement and a whole new level of Quality of Service; and (v) validation of the results through advanced "in-vitro" simulation and "in-vivo" pilots. On the technical side, FLYSEC achieves its ambitious goals by integrating new technologies on video surveillance, intelligent remote image processing and biometrics combined with big data analysis, open-source intelligence and crowdsourcing. Repurposing existing technologies is also in the FLYSEC objectives, such as mobile application technologies for improved passenger experience and positive boarding applications (i.e. services to facilitate boarding and landside/airside way finding) as well as RFID for carry-on luggage tracking and quick unattended luggage handling. In this paper, the authors will describe the risk based airport security management system which powers FLYSEC intelligence and serves as the backend on top of which FLYSEC's front end technologies reside for security services management, behaviour and risk analysis.

[Security of the medicinal therapy: Cartography of risks a priori within service of orthopaedic surgery].

PubMed

Razurel, A; Bertrand, É; Deranlot, J; Benhamou, F; Tritz, T; Le Mercier, F; Hardy, P

2015-11-01

Security and quality of the Medicinal Therapy are one of the most important objectives of the April 6th, 2011 order. The objective is to realize this study of the risks incurred by patients related to management and security of medicinal therapy in order to establish a plan to reduce the risks of drug's dispensation. The method of the Preliminary Risk Analysis (PRA) has been implemented by a multidisciplinary group in a hospital service of orthopaedic surgery. The study focused on the dispensation phase of medicinal circuit. This analysis revealed 148 scenarii, 35 were criticality unacceptable. Fifty-four initial risk control actions were proposed and their stress levels to put them in place were evaluated. The main measures of risk management are: training, information, communication, computerization, automation, dual control, updating the documentation system, drug reconciliation and respect for Best Practices Hospitallers (BPH). Risk management requires a significant human and financial investment as well as, material resources and multidisciplinary expertise in order to offer the best solutions. Copyright © 2015 Académie Nationale de Pharmacie. Published by Elsevier Masson SAS. All rights reserved.

2016 Emerging Technology Domains Risk Survey

DTIC Science & Technology

2016-04-05

2016 Emerging Technology Domains Risk Survey Christopher King Dan Klinedinst Todd Lewellen Garret Wassermann April 2016 TECHNICAL REPORT...Unlimited [Checkoway 2011] Checkoway, Stephen; McCoy, Damon; Kantor, Brian; Anderson, Danny; Shacham, Hovav; Savage, Stefan. Comprehensive Experimental ...Koscher 2010] Koscher, Karl et al. “ Experimental Security Analysis of a Modern Automobile,” 447-462. IEEE Symposium on Security and Privacy

Intelligence-Led Risk Management for Homeland Security: A Collaborative Approach for a Common Goal

DTIC Science & Technology

2011-12-01

phases of research into a summary analysis of the risk management policy within the homeland security enterprise. The result of the multi-goal policy ...management and policy decisions with emphasis on social aspects and efforts to support local and regional decision making, and to avoid cascading...independent variables. The second order social and economic effects of terrorism have been largely overlooked so far in accounting for the risk from

Development of a security vulnerability assessment process for the RAMCAP chemical sector.

PubMed

Moore, David A; Fuller, Brad; Hazzan, Michael; Jones, J William

2007-04-11

The Department of Homeland Security (DHS), Directorate of Information Analysis & Infrastructure Protection (IAIP), Protective Services Division (PSD), contracted the American Society of Mechanical Engineers Innovative Technologies Institute, LLC (ASME ITI, LLC) to develop guidance on Risk Analysis and Management for Critical Asset Protection (RAMCAP). AcuTech Consulting Group (AcuTech) has been contracted by ASME ITI, LLC, to provide assistance by facilitating the development of sector-specific guidance on vulnerability analysis and management for critical asset protection for the chemical manufacturing, petroleum refining, and liquefied natural gas (LNG) sectors. This activity involves two key tasks for these three sectors: Development of a screening to supplement DHS understanding of the assets that are important to protect against terrorist attack and to prioritize the activities. Development of a standard security vulnerability analysis (SVA) framework for the analysis of consequences, vulnerabilities, and threats. This project involves the cooperative effort of numerous leading industrial companies, industry trade associations, professional societies, and security and safety consultants representative of those sectors. Since RAMCAP is a voluntary program for ongoing risk management for homeland security, sector coordinating councils are being asked to assist in communicating the goals of the program and in encouraging participation. The RAMCAP project will have a profound and positive impact on all sectors as it is fully developed, rolled-out and implemented. It will help define the facilities and operations of national and regional interest for the threat of terrorism, define standardized methods for analyzing consequences, vulnerabilities, and threats, and describe best security practices of the industry. This paper will describe the results of the security vulnerability analysis process that was developed and field tested for the chemical manufacturing sector. This method was developed through the cooperation of the many organizations and the individuals involved from the chemical sector RAMCAP development activities. The RAMCAP SVA method is intended to provide a common basis for making vulnerability assessments and risk-based decisions for homeland security. Mr. Moore serves as the coordinator for the chemical manufacturing, petroleum refining, and LNG sectors for the RAMCAP project and Dr. Jones is the chief technology officer for ASME-ITI, LLC for RAMCAP.

Mass and Elite Views on Nuclear Security: US National Security Surveys 1993-1999

DOE Office of Scientific and Technical Information (OSTI.GOV)

HERRON,KERRY G.; JENKINS-SMITH,HANK C.; HUGHES,SCOTT D.

This is the fourth report in an ongoing series of studies examining how US perspectives about nuclear security are evolving in the post-Cold War era. In Volume 1 the authors present findings from a nationwide telephone survey of randomly selected members of the US general public conducted from 13 September to 14 October 1999. Results are compared to findings from previous surveys in this series conducted in 1993, 1995, and 1997, and trends are analyzed. Key areas of investigation reported in Volume 1 include evolving perceptions of nuclear weapons risks and benefits, preferences for related policy and spending issues, andmore » views about three emerging issue areas: deterrent utility of precision guided munitions; response options to attacks in which mass casualty weapons are used; and expectations about national missile defenses. In this volume they relate respondent beliefs about nuclear security to perceptions of nuclear risks and benefits and to policy preferences. They develop causal models to partially explain key preferences, and they employ cluster analysis to group respondents into four policy relevant clusters characterized by similar views and preferences about nuclear security within each cluster. Systematic links are found among respondent demographic characteristics, perceptions of nuclear risks and benefits, policy beliefs, and security policy and spending preferences. In Volume 2 they provide analysis of in-depth interviews with fifty members of the US security policy community.« less

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

PubMed Central

Watzlaf, Valerie J.M.; Moeini, Sohrab; Firouzan, Patti

2010-01-01

Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR. PMID:25945172

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance.

PubMed

Watzlaf, Valerie J M; Moeini, Sohrab; Firouzan, Patti

2010-01-01

Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR.

Health Security and Risk Aversion.

PubMed

Herington, Jonathan

2016-09-01

Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy. © 2016 John Wiley & Sons Ltd.

Optimal security investments and extreme risk.

PubMed

Mohtadi, Hamid; Agiwal, Swati

2012-08-01

In the aftermath of 9/11, concern over security increased dramatically in both the public and the private sector. Yet, no clear algorithm exists to inform firms on the amount and the timing of security investments to mitigate the impact of catastrophic risks. The goal of this article is to devise an optimum investment strategy for firms to mitigate exposure to catastrophic risks, focusing on how much to invest and when to invest. The latter question addresses the issue of whether postponing a risk mitigating decision is an optimal strategy or not. Accordingly, we develop and estimate both a one-period model and a multiperiod model within the framework of extreme value theory (EVT). We calibrate these models using probability measures for catastrophic terrorism risks associated with attacks on the food sector. We then compare our findings with the purchase of catastrophic risk insurance. © 2012 Society for Risk Analysis.

Explore Awareness of Information Security: Insights from Cognitive Neuromechanism.

PubMed

Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

2015-01-01

With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment.

Explore Awareness of Information Security: Insights from Cognitive Neuromechanism

PubMed Central

Han, Dongmei; Han, Tianlin; Dai, Xingyun

2015-01-01

With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment. PMID:26587017

Cyber security risk management: public policy implications of correlated risk, imperfect ability to prove loss, and observability of self-protection.

PubMed

Oğüt, Hulisi; Raghunathan, Srinivasan; Menon, Nirup

2011-03-01

The correlated nature of security breach risks, the imperfect ability to prove loss from a breach to an insurer, and the inability of insurers and external agents to observe firms' self-protection efforts have posed significant challenges to cyber security risk management. Our analysis finds that a firm invests less than the social optimal levels in self-protection and in insurance when risks are correlated and the ability to prove loss is imperfect. We find that the appropriate social intervention policy to induce a firm to invest at socially optimal levels depends on whether insurers can verify a firm's self-protection levels. If self-protection of a firm is observable to an insurer so that it can design a contract that is contingent on the self-protection level, then self-protection and insurance behave as complements. In this case, a social planner can induce a firm to choose the socially optimal self-protection and insurance levels by offering a subsidy on self-protection. We also find that providing a subsidy on insurance does not provide a similar inducement to a firm. If self-protection of a firm is not observable to an insurer, then self-protection and insurance behave as substitutes. In this case, a social planner should tax the insurance premium to achieve socially optimal results. The results of our analysis hold regardless of whether the insurance market is perfectly competitive or not, implying that solely reforming the currently imperfect insurance market is insufficient to achieve the efficient outcome in cyber security risk management. © 2010 Society for Risk Analysis.

Measuring the Effectiveness of Information Security Training: A Comparative Analysis of Computer-Based Training and Instructor-Based Training

ERIC Educational Resources Information Center

Kim, Philip

2010-01-01

Financial institutions are increasingly finding difficulty defending against information security risks and threats, as they are often the number one target for information thieves. An effective information security training and awareness program can be a critical component of protecting an organization's information assets. Many financial…

Security and privacy qualities of medical devices: an analysis of FDA postmarket surveillance.

PubMed

Kramer, Daniel B; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R

2012-01-01

Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients' stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware.

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

PubMed Central

Kramer, Daniel B.; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R.

2012-01-01

Background Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware. PMID:22829874

TH-A-12A-01: Medical Physicist's Role in Digital Information Security: Threats, Vulnerabilities and Best Practices

DOE Office of Scientific and Technical Information (OSTI.GOV)

McDonald, K; Curran, B

I. Information Security Background (Speaker = Kevin McDonald) Evolution of Medical Devices Living and Working in a Hostile Environment Attack Motivations Attack Vectors Simple Safety Strategies Medical Device Security in the News Medical Devices and Vendors Summary II. Keeping Radiation Oncology IT Systems Secure (Speaker = Bruce Curran) Hardware Security Double-lock Requirements “Foreign” computer systems Portable Device Encryption Patient Data Storage System Requirements Network Configuration Isolating Critical Devices Isolating Clinical Networks Remote Access Considerations Software Applications / Configuration Passwords / Screen Savers Restricted Services / access Software Configuration Restriction Use of DNS to restrict accesse. Patches / Upgrades Awareness Intrusionmore » Prevention Intrusion Detection Threat Risk Analysis Conclusion Learning Objectives: Understanding how Hospital IT Requirements affect Radiation Oncology IT Systems. Illustrating sample practices for hardware, network, and software security. Discussing implementation of good IT security practices in radiation oncology. Understand overall risk and threats scenario in a networked environment.« less

Nuclear Power Plant Cyber Security Discrete Dynamic Event Tree Analysis (LDRD 17-0958) FY17 Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wheeler, Timothy A.; Denman, Matthew R.; Williams, R. A.

Instrumentation and control of nuclear power is transforming from analog to modern digital assets. These control systems perform key safety and security functions. This transformation is occurring in new plant designs as well as in the existing fleet of plants as the operation of those plants is extended to 60 years. This transformation introduces new and unknown issues involving both digital asset induced safety issues and security issues. Traditional nuclear power risk assessment tools and cyber security assessment methods have not been modified or developed to address the unique nature of cyber failure modes and of cyber security threat vulnerabilities.more » iii This Lab-Directed Research and Development project has developed a dynamic cyber-risk in- formed tool to facilitate the analysis of unique cyber failure modes and the time sequencing of cyber faults, both malicious and non-malicious, and impose those cyber exploits and cyber faults onto a nuclear power plant accident sequence simulator code to assess how cyber exploits and cyber faults could interact with a plants digital instrumentation and control (DI&C) system and defeat or circumvent a plants cyber security controls. This was achieved by coupling an existing Sandia National Laboratories nuclear accident dynamic simulator code with a cyber emulytics code to demonstrate real-time simulation of cyber exploits and their impact on automatic DI&C responses. Studying such potential time-sequenced cyber-attacks and their risks (i.e., the associated impact and the associated degree of difficulty to achieve the attack vector) on accident management establishes a technical risk informed framework for developing effective cyber security controls for nuclear power.« less

Execution of a self-directed risk assessment methodology to address HIPAA data security requirements

NASA Astrophysics Data System (ADS)

Coleman, Johnathan

2003-05-01

This paper analyzes the method and training of a self directed risk assessment methodology entitled OCTAVE (Operationally Critical Threat Asset and Vulnerability Evaluation) at over 170 DOD medical treatment facilities. It focuses specifically on how OCTAVE built interdisciplinary, inter-hierarchical consensus and enhanced local capabilities to perform Health Information Assurance. The Risk Assessment Methodology was developed by the Software Engineering Institute at Carnegie Mellon University as part of the Defense Health Information Assurance Program (DHIAP). The basis for its success is the combination of analysis of organizational practices and technological vulnerabilities. Together, these areas address the core implications behind the HIPAA Security Rule and can be used to develop Organizational Protection Strategies and Technological Mitigation Plans. A key component of OCTAVE is the inter-disciplinary composition of the analysis team (Patient Administration, IT staff and Clinician). It is this unique composition of analysis team members, along with organizational and technical analysis of business practices, assets and threats, which enables facilities to create sound and effective security policies. The Risk Assessment is conducted in-house, and therefore the process, results and knowledge remain within the organization, helping to build consensus in an environment of differing organizational and disciplinary perspectives on Health Information Assurance.

Architecture and Assessment: Privacy Preserving Biometrically Secured Electronic Documents

DTIC Science & Technology

2015-01-01

very large public and private fingerprint databases comprehensive risk analysis and system security contribution to developing international ...Safety and Security Program which is led by Defence Research and Development Canada’s Centre for Security Science, in partnership with Public Safety...201 © Sa Majesté la Reine (en droit du Canada), telle que représentée par le ministre de la Défense nationale, 201 Science and Engineering

Defining the Synthetic Biology Supply Chain.

PubMed

Frazar, Sarah L; Hund, Gretchen E; Bonheyo, George T; Diggans, James; Bartholomew, Rachel A; Gehrig, Lindsey; Greaves, Mark

Several recent articles have described risks posed by synthetic biology and spurred vigorous discussion in the scientific, commercial, and government communities about how to best detect, prevent, regulate, and respond to these risks. The Pacific Northwest National Laboratory's (PNNL) deep experience working with dual-use technologies for the nuclear industry has shown that analysis of supply chains can reveal security vulnerabilities and ways to mitigate security risk without hindering beneficial research and commerce. In this article, a team of experts in synthetic biology, data analytics, and national security describe the overall supply chain surrounding synthetic biology to illustrate new insights about the effectiveness of current regulations, the possible need for different screening approaches, and new technical solutions that could help identify or mitigate risks in the synthetic biology supply chain.

Empirical analysis of the effects of cyber security incidents.

PubMed

Davis, Ginger; Garcia, Alfredo; Zhang, Weide

2009-09-01

We analyze the time series associated with web traffic for a representative set of online businesses that have suffered widely reported cyber security incidents. Our working hypothesis is that cyber security incidents may prompt (security conscious) online customers to opt out and conduct their business elsewhere or, at the very least, to refrain from accessing online services. For companies relying almost exclusively on online channels, this presents an important business risk. We test for structural changes in these time series that may have been caused by these cyber security incidents. Our results consistently indicate that cyber security incidents do not affect the structure of web traffic for the set of online businesses studied. We discuss various public policy considerations stemming from our analysis.

Risk Perception as the Quantitative Parameter of Ethics and Responsibility in Disaster Study

NASA Astrophysics Data System (ADS)

Kostyuchenko, Yuriy; Movchan, Dmytro

2014-05-01

Intensity of impacts of natural disasters is increasing with climate and ecological changes spread. Frequency of disasters is increasing, and recurrence of catastrophes characterizing by essential spatial heterogeneity. Distribution of losses is fundamentally non-linear and reflects complex interrelation of natural, social and environmental factor in the changing world on multi scale range. We faced with new types of risks, which require a comprehensive security concept. Modern understanding of complex security, and complex risk management require analysis of all natural and social phenomena, involvement of all available data, constructing of advanced analytical tools, and transformation of our perception of risk and security issues. Traditional deterministic models used for risk analysis are difficult applicable for analysis of social issues, as well as for analysis of multi scale multi-physics phenomena quantification. Also parametric methods are not absolutely effective because the system analyzed is essentially non-ergodic. The stochastic models of risk analysis are applicable for quantitative analysis of human behavior and risk perception. In framework of risk analysis models the risk perception issues were described. Risk is presented as the superposition of distribution (f(x,y)) and damage functions (p(x,y)): P →δΣ x,yf(x,y)p(x,y). As it was shown risk perception essentially influents to the damage function. Basing on the prospect theory and decision making under uncertainty on cognitive bias and handling of risk, modification of damage function is proposed: p(x,y|α(t)). Modified damage function includes an awareness function α(t), which is the system of risk perception function (rp) and function of education and log-term experience (c) as: α(t) → (c - rp). Education function c(t) describes the trend of education and experience. Risk perception function rp reflects security concept of human behavior, is the basis for prediction of socio-economic and socio-ecological processes. Also there is important positive feedback of risk perception function to distribution function. Risk perception is essentially depends of short-term recent events impact in multi agent media. This is managed function. The generalized view of awareness function is proposed: α(t) = δΣ ic - rpi. Using this form separate parameters has been calculated. For example, risk perception function is about 15-55% of awareness function depends of education, age and social status of people. Also it was estimated that fraction of awareness function in damage function, and so in function of risk is about 15-20%. It means that no less than 8-12% of direct losses depend of short-term responsible behavior of 'information agents': social activity of experts, scientists, correct discussions on ethical issues in geo-sciences and media. Other 6-9% of losses are connected with level of public and professional education. This area is also should be field of responsibility of geo-scientists.

49 CFR Appendix D to Part 172 - Rail Risk Analysis Factors

Code of Federal Regulations, 2012 CFR

2012-10-01

... nature of the rail system, each carrier must select and document the analysis method/model used and identify the routes to be analyzed. D. The safety and security risk analysis must consider current data and... curvature; 7. Presence or absence of signals and train control systems along the route (“dark” versus...

Literature Review on Modeling Cyber Networks and Evaluating Cyber Risks.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kelic, Andjelka; Campbell, Philip L

The National Infrastructure Simulations and Analysis Center (NISAC) conducted a literature review on modeling cyber networks and evaluating cyber risks. The literature review explores where modeling is used in the cyber regime and ways that consequence and risk are evaluated. The relevant literature clusters in three different spaces: network security, cyber-physical, and mission assurance. In all approaches, some form of modeling is utilized at varying levels of detail, while the ability to understand consequence varies, as do interpretations of risk. This document summarizes the different literature viewpoints and explores their applicability to securing enterprise networks.

Mission Assurance Modeling and Simulation: A Cyber Security Roadmap

NASA Technical Reports Server (NTRS)

Gendron, Gerald; Roberts, David; Poole, Donold; Aquino, Anna

2012-01-01

This paper proposes a cyber security modeling and simulation roadmap to enhance mission assurance governance and establish risk reduction processes within constrained budgets. The term mission assurance stems from risk management work by Carnegie Mellon's Software Engineering Institute in the late 19905. By 2010, the Defense Information Systems Agency revised its cyber strategy and established the Program Executive Officer-Mission Assurance. This highlights a shift from simply protecting data to balancing risk and begins a necessary dialogue to establish a cyber security roadmap. The Military Operations Research Society has recommended a cyber community of practice, recognizing there are too few professionals having both cyber and analytic experience. The authors characterize the limited body of knowledge in this symbiotic relationship. This paper identifies operational and research requirements for mission assurance M&S supporting defense and homeland security. M&S techniques are needed for enterprise oversight of cyber investments, test and evaluation, policy, training, and analysis.

Identifying changing aviation threat environments within an adaptive Homeland Security Advisory System.

PubMed

Lee, Adrian J; Jacobson, Sheldon H

2012-02-01

A critical component of aviation security consists of screening passengers and baggage to protect airports and aircraft from terrorist threats. Advancements in screening device technology have increased the ability to detect these threats; however, specifying the operational configurations of these devices in response to changes in the threat environment can become difficult. This article proposes to use Fisher information as a statistical measure for detecting changes in the threat environment. The perceived risk of passengers, according to prescreening information and behavior analysis, is analyzed as the passengers sequentially enter the security checkpoint. The alarm responses from the devices used to detect threats are also analyzed to monitor significant changes in the frequency of threat items uncovered. The key results are that this information-based measure can be used within the Homeland Security Advisory System to indicate changes in threat conditions in real time, and provide the flexibility of security screening detection devices to responsively and automatically adapt operational configurations to these changing threat conditions. © 2012 Society for Risk Analysis. All rights reserved.

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II

PubMed Central

Watzlaf, Valerie J.M.; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

2011-01-01

In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR. PMID:25945177

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II.

PubMed

Watzlaf, Valerie J M; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

2011-01-01

In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.

Development of a medical information system that minimizes staff workload and secures system safety at a small medical institution

NASA Astrophysics Data System (ADS)

Haneda, Kiyofumi; Koyama, Tadashi

2005-04-01

We developed a secure system that minimizes staff workload and secures safety of a medical information system. In this study, we assess the legal security requirements and risks occurring from the use of digitized data. We then analyze the security measures for ways of reducing these risks. In the analysis, not only safety, but also costs of security measures and ease of operability are taken into consideration. Finally, we assess the effectiveness of security measures by employing our system in small-sized medical institution. As a result of the current study, we developed and implemented several security measures, such as authentications, cryptography, data back-up, and secure sockets layer protocol (SSL) in our system. In conclusion, the cost for the introduction and maintenance of a system is one of the primary difficulties with its employment by a small-sized institution. However, with recent reductions in the price of computers, and certain advantages of small-sized medical institutions, the development of an efficient system configuration has become possible.

Dynamic Attack Tree Tool for Risk Assessments

DOE Office of Scientific and Technical Information (OSTI.GOV)

Black, Karl

2012-03-13

DATT enables interactive visualization, qualitative analysis and recording of cyber and other forms of risk. It facilitates dynamic risk-based approaches (as opposed to static compliance-based) to security and risk management in general. DATT allows decision makers to consistently prioritize risk mitigation strategies and quickly see where attention is most needed across the enterprise.

Spatio-temporal dynamics of security investments in an interdependent risk environment

NASA Astrophysics Data System (ADS)

Shafi, Kamran; Bender, Axel; Zhong, Weicai; Abbass, Hussein A.

2012-10-01

In a globalised world where risks spread through contagion, the decision of an entity to invest in securing its premises from stochastic risks no longer depends solely on its own actions but also on the actions of other interacting entities in the system. This phenomenon is commonly seen in many domains including airline, logistics and computer security and is referred to as Interdependent Security (IDS). An IDS game models this decision problem from a game-theoretic perspective and deals with the behavioural dynamics of risk-reduction investments in such settings. This paper enhances this model and investigates the spatio-temporal aspects of the IDS games. The spatio-temporal dynamics are studied using simple replicator dynamics on a variety of network structures and for various security cost tradeoffs that lead to different Nash equilibria in an IDS game. The simulation results show that the neighbourhood configuration has a greater effect on the IDS game dynamics than network structure. An in-depth empirical analysis of game dynamics is carried out on regular graphs, which leads to the articulation of necessary and sufficient conditions for dominance in IDS games under spatial constraints.

Protecting public surface transportation against terrorism and serious crime : an executive overview

DOT National Transportation Integrated Search

2001-10-01

Because terrorist threats are not easily quantifiable, it is difficult to determine the "right" level of security. Using cost-benefit analysis as the sole criterion to determine the level of security is inadequate. The risk of death to any individual...

A global assessment of wildfire risks to human and environmental water security

NASA Astrophysics Data System (ADS)

Robinne, François-Nicolas; Parisien, Marc-André; Flannigan, Mike; Miller, Carol; Bladon, Kevin D.

2017-04-01

Extreme wildfire events extensively affect hydrosystem stability and generate an important threat to the reliability of the water supply for human and natural communities. While actively studied at the watershed scale, the development of a global vision of wildfire risk to water security has only been undertaken recently, pointing at potential water security concerns in an era of global changes. In order to address this concern, we propose a global-scale analysis of the wildfire risk to surface water supplies based on the Driving forces-Pressures-States-Impacts-Responses (DPSIR) framework. This framework relies on the cause-and-effect relationships existing between the five categories of the DPSIR chain. Based on the literature, we gathered an extensive set of spatial indicators relevant to fire-induced hydrological hazards and water consumption patterns by human and natural communities. Each indicator was assigned a DPSIR category. Then, we collapsed the information in each category using a principal component analysis in order to extract the most relevant pixel-based information provided by each spatial indicator. Finally, we compiled our five categories using an additive indexation process to produce a spatially-explicit index of the wildfire-water risk (WWR). For comparison purposes, we aggregated index scores by global hydrological regions, or hydrobelts, for analysis. Overall, our results show a distinct pattern of medium-to-high risk levels in areas where sizeable wildfire activity, water resources, and water consumption are concomitant, which mainly encompasses temperate and sub-tropical zones. A closer look at hydrobelts reveals differences in the factors driving the risk, with fire activity being the primary factor of risk in the circumboreal forest, and freshwater resource density being prevalent in tropical areas. We also identified major urban areas across the world whose source waters should be protected from extreme fire events, particularly when they are dependent on mountainous headwaters. This study offers new insights towards a better understanding of global water security issues that can inform and help guide international water governance.

Risk-based principles for defining and managing water security

PubMed Central

Hall, Jim; Borgomeo, Edoardo

2013-01-01

The concept of water security implies concern about potentially harmful states of coupled human and natural water systems. Those harmful states may be associated with water scarcity (for humans and/or the environment), floods or harmful water quality. The theories and practices of risk analysis and risk management have been developed and elaborated to deal with the uncertain occurrence of harmful events. Yet despite their widespread application in public policy, theories and practices of risk management have well-known limitations, particularly in the context of severe uncertainties and contested values. Here, we seek to explore the boundaries of applicability of risk-based principles as a means of formalizing discussion of water security. Not only do risk concepts have normative appeal, but they also provide an explicit means of addressing the variability that is intrinsic to hydrological, ecological and socio-economic systems. We illustrate the nature of these interconnections with a simulation study, which demonstrates how water resources planning could take more explicit account of epistemic uncertainties, tolerability of risk and the trade-offs in risk among different actors. PMID:24080616

When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist.

PubMed

Blanke, Sandra J; McGrady, Elizabeth

2016-07-01

Health care stakeholders are concerned about the growing risk of protecting sensitive patient health information from breaches. The Federal Emergency Management Agency (FEMA) has identified cyber attacks as an emerging concern, and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased security requirements and are enforcing compliance through stiff financial penalties. The purpose of this study is to describe health care breaches of protected information, analyze the hazards and vulnerabilities of reported breach cases, and prescribe best practices of managing risk through security controls and countermeasures. Prescriptive findings were used to construct a checklist tool to assess and monitor common risks. This research uses a case methodology to describe specific examples of the 3 major types of cyber breach hazards: portable device, insider, and physical breaches. We utilize a risk management framework to prescribe preventative actions that organizations can take to assess, analyze, and mitigate these risks. The health care sector has the largest number of reported breaches, with 3 major types: portable device, insider, and physical breaches. Analysis of actual cases indicates security gaps requiring prescriptive fixes based on "best practices." Our research culminates in a 25-item checklist that organizations can use to assess existing practices and identify security gaps requiring improvement. © 2016 American Society for Healthcare Risk Management of the American Hospital Association.

Quantitative Risk Analysis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Helms, J.

2017-02-10

The US energy sector is vulnerable to multiple hazards including both natural disasters and malicious attacks from an intelligent adversary. The question that utility owners, operators and regulators face is how to prioritize their investments to mitigate the risks from a hazard that can have the most impact on the asset of interest. In order to be able to understand their risk landscape and develop a prioritized mitigation strategy, they must quantify risk in a consistent way across all hazards their asset is facing. Without being able to quantitatively measure risk, it is not possible to defensibly prioritize security investmentsmore » or evaluate trade-offs between security and functionality. Development of a methodology that will consistently measure and quantify risk across different hazards is needed.« less

Chronic disease risk factors among hotel workers

PubMed Central

Gawde, Nilesh Chandrakant; Kurlikar, Prashika R.

2016-01-01

Context: Non-communicable diseases have emerged as a global health issue. Role of occupation in pathogenesis of non-communicable diseases has not been explored much especially in the hospitality industry. Aims: Objectives of this study include finding risk factor prevalence among hotel workers and studying relationship between occupational group and chronic disease risk factors chiefly high body mass index. Settings and Design: A cross-sectional study was conducted among non-managerial employees from classified hotels in India. Materials and Methods: The study participants self-administered pre-designed pilot-tested questionnaires. Statistical analysis used: The risk factor prevalence rates were expressed as percentages. Chi-square test was used for bi-variate analysis. Overweight was chosen as ‘outcome’ variable of interest and binary multi-logistic regression analysis was used to identify determinants. Results: The prevalence rates of tobacco use, alcohol use, inadequate physical activity and inadequate intake of fruits and vegetables were 32%, 49%, 24% and 92% respectively among hotel employees. Tobacco use was significantly common among those in food preparation and service, alcohol use among those in food service and security and leisure time physical activity among front office workers. More than two-fifths (42.7%) were overweight. Among the hotel workers, those employed in food preparation and security had higher odds of 1.650 (CI: 1.025 – 2.655) and 3.245 (CI: 1.296 – 8.129) respectively of being overweight. Conclusions: Prevalence of chronic disease risk factors is high among hotel workers. Risk of overweight is significantly high in food preparation and security departments and workplace interventions are necessary to address these risks PMID:27390474

Usage of information safety requirements in improving tube bending process

NASA Astrophysics Data System (ADS)

Livshitz, I. I.; Kunakov, E.; Lontsikh, P. A.

2018-05-01

This article is devoted to an improvement of the technological process's analysis with the information security requirements implementation. The aim of this research is the competition increase analysis in aircraft industry enterprises due to the information technology implementation by the example of the tube bending technological process. The article analyzes tube bending kinds and current technique. In addition, a potential risks analysis in a tube bending technological process is carried out in terms of information security.

Constructing vulnerabilty and protective measures indices for the enhanced critical infrastructure protection program.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fisher, R. E.; Buehring, W. A.; Whitfield, R. G.

2009-10-14

The US Department of Homeland Security (DHS) has directed its Protective Security Advisors (PSAs) to form partnerships with the owners and operators of assets most essential to the Nation's well being - a subclass of critical infrastructure and key resources (CIKR) - and to conduct site visits for these and other high-risk assets as part of the Enhanced Critical Infrastructure Protection (ECIP) Program. During each such visit, the PSA documents information about the facility's current CIKR protection posture and overall security awareness. The primary goals for ECIP site visits (DHS 2009) are to: (1) inform facility owners and operators ofmore » the importance of their facilities as an identified high-priority CIKR and the need to be vigilant in light of the ever-present threat of terrorism; (2) identify protective measures currently in place at these facilities, provide comparisons of CIKR protection postures across like assets, and track the implementation of new protective measures; and (3) enhance existing relationships among facility owners and operators; DHS; and various Federal, State, local tribal, and territorial partners. PSAs conduct ECIP visits to assess overall site security; educate facility owners and operators about security; help owners and operators identify gaps and potential improvements; and promote communication and information sharing among facility owners and operators, DHS, State governments, and other security partners. Information collected during ECIP visits is used to develop metrics; conduct sector-by-sector and cross-sector vulnerability comparisons; identify security gaps and trends across CIKR sectors and subsectors; establish sector baseline security survey results; and track progress toward improving CIKR security through activities, programs, outreach, and training (Snyder 2009). The data being collected are used in a framework consistent with the National Infrastructure Protection Plan (NIPP) risk criteria (DHS 2009). The NIPP framework incorporates consequence, threat, and vulnerability components and addresses all hazards. The analysis of the vulnerability data needs to be reproducible, support risk analysis, and go beyond protection. It also needs to address important security/vulnerability topics, such as physical security, cyber security, systems analysis, and dependencies and interdependencies. This report provides an overview of the approach being developed to estimate vulnerability and provide vulnerability comparisons for sectors and subsectors. the information will be used to assist DHS in analyzing existing protective measures and vulnerability at facilities, to identify potential ways to reduce vulnerabilities, and to assist in preparing sector risk estimates. The owner/operator receives an analysis of the data collected for a specific asset, showing a comparison between the facility's protection posture/vulnerability index and those of DHS sector/subsector sites visited. This comparison gives the owner/operator an indication of the asset's security strengths and weaknesses that may be contributing factors to its vulnerability and protection posture. The information provided to the owner/operator shows how the asset compares to other similar assets within the asset's sector or subsector. A 'dashboard' display is used to illustrate the results in a convenient format. The dashboard allows the owner/operator to analyze the implementation of additional protective measures and to illustrate how such actions would impact the asset's Protective Measures Index (PMI) or Vulnerability Index (VI).« less

Cyber Incidents Involving Control Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert J. Turk

2005-10-01

The Analysis Function of the US-CERT Control Systems Security Center (CSSC) at the Idaho National Laboratory (INL) has prepared this report to document cyber security incidents for use by the CSSC. The description and analysis of incidents reported herein support three CSSC tasks: establishing a business case; increasing security awareness and private and corporate participation related to enhanced cyber security of control systems; and providing informational material to support model development and prioritize activities for CSSC. The stated mission of CSSC is to reduce vulnerability of critical infrastructure to cyber attack on control systems. As stated in the Incident Managementmore » Tool Requirements (August 2005) ''Vulnerability reduction is promoted by risk analysis that tracks actual risk, emphasizes high risk, determines risk reduction as a function of countermeasures, tracks increase of risk due to external influence, and measures success of the vulnerability reduction program''. Process control and Supervisory Control and Data Acquisition (SCADA) systems, with their reliance on proprietary networks and hardware, have long been considered immune to the network attacks that have wreaked so much havoc on corporate information systems. New research indicates this confidence is misplaced--the move to open standards such as Ethernet, Transmission Control Protocol/Internet Protocol, and Web technologies is allowing hackers to take advantage of the control industry's unawareness. Much of the available information about cyber incidents represents a characterization as opposed to an analysis of events. The lack of good analyses reflects an overall weakness in reporting requirements as well as the fact that to date there have been very few serious cyber attacks on control systems. Most companies prefer not to share cyber attack incident data because of potential financial repercussions. Uniform reporting requirements will do much to make this information available to Department of Homeland Security (DHS) and others who require it. This report summarizes the rise in frequency of cyber attacks, describes the perpetrators, and identifies the means of attack. This type of analysis, when used in conjunction with vulnerability analyses, can be used to support a proactive approach to prevent cyber attacks. CSSC will use this document to evolve a standardized approach to incident reporting and analysis. This document will be updated as needed to record additional event analyses and insights regarding incident reporting. This report represents 120 cyber security incidents documented in a number of sources, including: the British Columbia Institute of Technology (BCIT) Industrial Security Incident Database, the 2003 CSI/FBI Computer Crime and Security Survey, the KEMA, Inc., Database, Lawrence Livermore National Laboratory, the Energy Incident Database, the INL Cyber Incident Database, and other open-source data. The National Memorial Institute for the Prevention of Terrorism (MIPT) database was also interrogated but, interestingly, failed to yield any cyber attack incidents. The results of this evaluation indicate that historical evidence provides insight into control system related incidents or failures; however, that the limited available information provides little support to future risk estimates. The documented case history shows that activity has increased significantly since 1988. The majority of incidents come from the Internet by way of opportunistic viruses, Trojans, and worms, but a surprisingly large number are directed acts of sabotage. A substantial number of confirmed, unconfirmed, and potential events that directly or potentially impact control systems worldwide are also identified. Twelve selected cyber incidents are presented at the end of this report as examples of the documented case studies (see Appendix B).« less

An exploratory risk perception study of attitudes toward homeland security systems.

PubMed

Sanquist, Thomas F; Mahy, Heidi; Morris, Frederic

2008-08-01

Understanding the issues surrounding public acceptance of homeland security systems is important for balancing security needs and potential civil liberties infringements. A psychometric survey was used in an exploratory study of attitudes regarding homeland security systems. Psychometric rating data were obtained from 182 respondents on psychological attributes associated with 12 distinct types of homeland security systems. An inverse relationship was observed for the overall rating attributes of acceptability and risk of civil liberties infringement. Principal components analysis (PCA) yielded a two-factor solution with the rating scale loading pattern suggesting factors of perceived effectiveness and perceived intrusiveness. These factors also showed an inverse relationship. The 12 different homeland security systems showed significantly different scores on the rating scales and PCA factors. Of the 12 systems studied, airport screening, canine detectors, and radiation monitoring at borders were found to be the most acceptable, while email monitoring, data mining, and global positioning satellite (GPS) tracking were found to be least acceptable. Students rated several systems as more effective than professionals, but the overall pattern of results for both types of subjects was similar. The data suggest that risk perception research and the psychometric paradigm are useful approaches for quantifying attitudes regarding homeland security systems and policies and can be used to anticipate potentially significant public acceptance issues.

Ergonomic evaluation of a wheelchair transportation securement system.

PubMed

Ahmed, Madiha; Campbell-Kyureghyan, Naira; Frost, Karen; Bertocci, Gina

2012-01-01

The Americans with Disabilities Act (ADA) specifies guidelines covering the securement system and environment for wheeled mobility device (WhMD) passengers on the public bus system in the United States, referred to as the wheelchair tiedown and occupant restraint system (WTORS). The misuse or disuse of the WTORS system can be a source of injury for WhMD passengers riding the buses. The purpose of this study was to quantify the risks posed to the bus driver while performing the WTORS procedure using traditional ergonomic analysis methods. Four bus drivers completed the WTORS procedure for a representative passenger seated in three different WhMDs: manual wheelchair (MWC), scooter (SCTR), and power wheelchair (PWC). Potential work-related risks were identified using the four most applicable ergonomic assessment tools: PLIBEL, RULA, REBA, and iLMM. Task evaluation results revealed high levels of risk to be present to drivers during the WTORS procedure. The securement station space design and equipment layout were identified as contributing factors forcing drivers to adopt awkward postures while performing the WTORS task. These risk factors are known contributors to injury and the drivers could opt to improperly secure the passengers to avoid that risk.

A decision framework for managing risk to airports from terrorist attack.

PubMed

Shafieezadeh, Abdollah; Cha, Eun J; Ellingwood, Bruce R

2015-02-01

This article presents an asset-level security risk management framework to assist stakeholders of critical assets with allocating limited budgets for enhancing their safety and security against terrorist attack. The proposed framework models the security system of an asset, considers various threat scenarios, and models the sequential decision framework of attackers during the attack. Its novel contributions are the introduction of the notion of partial neutralization of attackers by defenders, estimation of total loss from successful, partially successful, and unsuccessful actions of attackers at various stages of an attack, and inclusion of the effects of these losses on the choices made by terrorists at various stages of the attack. The application of the proposed method is demonstrated in an example dealing with security risk management of a U.S. commercial airport, in which a set of plausible threat scenarios and risk mitigation options are considered. It is found that a combination of providing blast-resistant cargo containers and a video surveillance system on the airport perimeter fence is the best option based on minimum expected life-cycle cost considering a 10-year service period. © 2014 Society for Risk Analysis.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sanquist, Thomas F.; Mahy, Heidi A.; Morris, Fred A.

Understanding the issues surrounding public acceptance of homeland security systems is important for balancing security needs and potential civil liberties infringements. A psychometric survey was used to measure attitudes regarding homeland security systems. Psychometric rating data were obtained from 182 respondents on psychological attributes associated with 12 distinct types of homeland security systems. An inverse relationship was observed for the overall rating attributes of acceptability and risk of civil liberties infringement. Principal components analysis yielded a two factor solution, with the rating scale loading pattern suggesting factors of Perceived Effectiveness and Perceived Intrusiveness. These factors also showed an inverse relationship.more » The 12 different homeland security systems showed significantly different scores on the rating scales and PCA factors, which were used to rank the systems in terms of overall acceptability. Difference scores for the rating scales and PCA factors were used to compute a single acceptability value reflecting the relative weight of risks and benefits. Of the 12 systems studied, airport screening, canine detectors and radiation monitoring at borders were found to be relatively acceptable, i.e., the perceived benefits for homeland security outweighed the perceived risks to civil liberties. Students rated several systems as more effective than professionals, but the overall pattern of results for both types of subjects was similar. The data suggest that risk perception research and the psychometric paradigm are useful approaches for quantifying attitudes regarding homeland security systems and policies, and can be used to anticipate potentially significant public acceptance issues.« less

Security Notice To Federal, State and Local Officials Receiving Access to the Risk Management Program’s Off-site Consequence Analysis Information

EPA Pesticide Factsheets

Based on the Chemical Safety Information, Site Security and Fuels Regulatory Relief Act (CSISSFRRA), this notice states that while you may share with the public data from OCA sections, it is illegal to disclose/distribute the sections themselves.

Common Methods for Security Risk Analysis

DTIC Science & Technology

2005-01-12

recognized in the others. In Canada, three firms have been accredited as IT Security Evaluation and Testing (ITSET) Facility, under ISO / IEC 17025 -1999...harmonized security standards such as the Common Criteria and ISO 17799 may further increase the applicability of TRA approach. 3.4.8 MOST AUTOMATION...create something more suitable, the Common Criteria with Mutual Recognition Agreement (MRA) signed in October 1998. The CC became an ISO standard

Low-Cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup

NASA Astrophysics Data System (ADS)

Kuo, Cynthia; Walker, Jesse; Perrig, Adrian

Bluetooth Simple Pairing and Wi-Fi Protected Setup specify mechanisms for exchanging authentication credentials in wireless networks. Both Simple Pairing and Protected Setup support multiple setup mechanisms, which increases security risks and hurts the user experience. To improve the security and usability of these specifications, we suggest defining a common baseline for hardware features and a consistent, interoperable user experience across devices.

Data threats analysis and prevention on iOS platform

NASA Astrophysics Data System (ADS)

Gao, Bo; Wang, Yi; Chen, Zhou; Tang, Jiqiang

2015-12-01

Background: The rapid growth of mobile internet has driven the rapid popularity of smart mobiles. iOS device is chosen by more and more people for its humanity, stability and excellent industrial design, and the data security problem that followed it has gradually attracted the researchers' attention. Method & Result: This thesis focuses on the analysis of current situation of data security on iOS platform, from both security mechanism and data risk, and proposes countermeasures. Conclusion: From practical work, many problems of data security mechanism on iOS platform still exist. At present, the problem of malicious software towards iOS system has not been severe, but how to ensure the security of data on iOS platform will inevitably become one of the directions for our further study.

Security aspects of space operations data

NASA Technical Reports Server (NTRS)

Schmitz, Stefan

1993-01-01

This paper deals with data security. It identifies security threats to European Space Agency's (ESA) In Orbit Infrastructure Ground Segment (IOI GS) and proposes a method of dealing with its complex data structures from the security point of view. It is part of the 'Analysis of Failure Modes, Effects Hazards and Risks of the IOI GS for Operations, including Backup Facilities and Functions' carried out on behalf of the European Space Operations Center (ESOC). The security part of this analysis has been prepared with the following aspects in mind: ESA's large decentralized ground facilities for operations, the multiple organizations/users involved in the operations and the developments of ground data systems, and the large heterogeneous network structure enabling access to (sensitive) data which does involve crossing organizational boundaries. An IOI GS data objects classification is introduced to determine the extent of the necessary protection mechanisms. The proposal of security countermeasures is oriented towards the European 'Information Technology Security Evaluation Criteria (ITSEC)' whose hierarchically organized requirements can be directly mapped to the security sensitivity classification.

Information Security and Integrity Systems

NASA Technical Reports Server (NTRS)

1990-01-01

Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

Risk-Based Prioritization of Research for Aviation Security Using Logic-Evolved Decision Analysis

NASA Technical Reports Server (NTRS)

Eisenhawer, S. W.; Bott, T. F.; Sorokach, M. R.; Jones, F. P.; Foggia, J. R.

2004-01-01

The National Aeronautics and Space Administration is developing advanced technologies to reduce terrorist risk for the air transportation system. Decision support tools are needed to help allocate assets to the most promising research. An approach to rank ordering technologies (using logic-evolved decision analysis), with risk reduction as the metric, is presented. The development of a spanning set of scenarios using a logic-gate tree is described. Baseline risk for these scenarios is evaluated with an approximate reasoning model. Illustrative risk and risk reduction results are presented.

The governance dimensions of water security: a review.

PubMed

Bakker, Karen; Morinville, Cynthia

2013-11-13

Water governance is critical to water security, and to the long-term sustainability of the Earth's freshwater systems. This review examines recent debates regarding the governance dimensions of water security, including adaptive governance, polycentric governance, social learning and multi-level governance. The analysis emphasizes the political and institutional dimensions of water governance, and explores the relevance of social power-an overlooked yet important aspect of the water security debate. In addition, the review explores the intersection and potential synergies between water governance perspectives and risk-based approaches to water security, and offers critiques and suggestions for further research questions and agendas.

Threats and risks to information security: a practical analysis of free access wireless networks

NASA Astrophysics Data System (ADS)

Quirumbay, Daniel I.; Coronel, Iván. A.; Bayas, Marcia M.; Rovira, Ronald H.; Gromaszek, Konrad; Tleshova, Akmaral; Kozbekova, Ainur

2017-08-01

Nowadays, there is an ever-growing need to investigate, consult and communicate through the internet. This need leads to the intensification of free access to the web in strategic and functional points for the benefit of the community. However, this open access is also related to the increase of information insecurity. The existing works on computer security primarily focus on the development of techniques to reduce cyber-attacks. However, these approaches do not address the sector of inexperienced users who have difficulty understanding browser settings. Two methods can solve this problem: first the development of friendly browsers with intuitive setups for new users and on the other hand, by implementing awareness programs on essential security without deepening on technical information. This article addresses an analysis of the vulnerabilities of wireless equipment that provides internet service in the open access zones and the potential risks that could be found when using these means.

Measuring the Immeasurable: Applying Hierarchical Holographic Modeling to Developing Measures of Effectiveness for Stability, Security, Transition, and Reconstruction Operations

DTIC Science & Technology

2006-05-16

and Internally Displaced Persons (IDPs) Judicial Personnel and Infrastructure Trafficking in Persons Property Food Security Legal System Reform...Shelter and Non- Food Relief Human Rights Humanitarian Demining Corrections Public Health War Crime Courts and Tribunals Education Truth...Risk Analysis, 22(2) (2002): 385. 26 Ibid. 27 Ibid. 28 Dombroski, 20. 29 Keith R. Hayes, “Final Report: Inductive Hazard Analysis for GMOs

Chronic disease risk factors among hotel workers.

PubMed

Gawde, Nilesh Chandrakant; Kurlikar, Prashika R

2016-01-01

Non-communicable diseases have emerged as a global health issue. Role of occupation in pathogenesis of non-communicable diseases has not been explored much especially in the hospitality industry. Objectives of this study include finding risk factor prevalence among hotel workers and studying relationship between occupational group and chronic disease risk factors chiefly high body mass index. A cross-sectional study was conducted among non-managerial employees from classified hotels in India. The study participants self-administered pre-designed pilot-tested questionnaires. The risk factor prevalence rates were expressed as percentages. Chi-square test was used for bi-variate analysis. Overweight was chosen as 'outcome' variable of interest and binary multi-logistic regression analysis was used to identify determinants. The prevalence rates of tobacco use, alcohol use, inadequate physical activity and inadequate intake of fruits and vegetables were 32%, 49%, 24% and 92% respectively among hotel employees. Tobacco use was significantly common among those in food preparation and service, alcohol use among those in food service and security and leisure time physical activity among front office workers. More than two-fifths (42.7%) were overweight. Among the hotel workers, those employed in food preparation and security had higher odds of 1.650 (CI: 1.025 - 2.655) and 3.245 (CI: 1.296 - 8.129) respectively of being overweight. Prevalence of chronic disease risk factors is high among hotel workers. Risk of overweight is significantly high in food preparation and security departments and workplace interventions are necessary to address these risks.

A data protection scheme for a remote vital signs monitoring healthcare service.

PubMed

Gritzalis, D; Lambrinoudakis, C

2000-01-01

Personal and medical data processed by Healthcare Information Systems must be protected against unauthorized access, modification and withholding. Security measures should be selected to provide the required level of protection in a cost-efficient manner. This is only feasible if specific characteristics of the information system are examined on a basis of a risk analysis methodology. This paper presents the results of a risk analysis, based on the CRAMM methodology, for a healthcare organization offering a patient home-monitoring service through the transmission of vital signs, focusing on the identified security needs and the proposed countermeasures. The architectural and functional models of this service were utilized for identifying and valuating the system assets, the associated threats and vulnerabilities, as well as for assessing the impact on the patients and on the service provider, should the security of any of these assets is affected. A set of adequate organizational, administrative and technical countermeasures is described for the remote vital signs monitoring service, thus providing the healthcare organization with a data protection framework that can be utilized for the development of its own security plan.

Licensing Behavior Analysts: Risks and Alternatives

PubMed Central

Green, Gina; Johnston, James M

2009-01-01

Under certain conditions, obtaining state laws to license practitioners of behavior analysis might be feasible and could produce benefits for practitioners and consumers. Those conditions are not yet in place in most states, however, and pursuing licensure prematurely carries substantial risks for the entire field. We describe the most serious risks and the conditions that make it more or less likely that licensure initiatives will succeed. Finally, we recommend strategies for securing recognition of practitioners of behavior analysis in laws, regulations, and policies that can minimize risks. PMID:22477698

Examining Cybersecurity of Cyberphysical Systems for Critical Infrastructures Through Work Domain Analysis.

PubMed

Wang, Hao; Lau, Nathan; Gerdes, Ryan M

2018-04-01

The aim of this study was to apply work domain analysis for cybersecurity assessment and design of supervisory control and data acquisition (SCADA) systems. Adoption of information and communication technology in cyberphysical systems (CPSs) for critical infrastructures enables automated and distributed control but introduces cybersecurity risk. Many CPSs employ SCADA industrial control systems that have become the target of cyberattacks, which inflict physical damage without use of force. Given that absolute security is not feasible for complex systems, cyberintrusions that introduce unanticipated events will occur; a proper response will in turn require human adaptive ability. Therefore, analysis techniques that can support security assessment and human factors engineering are invaluable for defending CPSs. We conducted work domain analysis using the abstraction hierarchy (AH) to model a generic SCADA implementation to identify the functional structures and means-ends relations. We then adopted a case study approach examining the Stuxnet cyberattack by developing and integrating AHs for the uranium enrichment process, SCADA implementation, and malware to investigate the interactions between the three aspects of cybersecurity in CPSs. The AHs for modeling a generic SCADA implementation and studying the Stuxnet cyberattack are useful for mapping attack vectors, identifying deficiencies in security processes and features, and evaluating proposed security solutions with respect to system objectives. Work domain analysis is an effective analytical method for studying cybersecurity of CPSs for critical infrastructures in a psychologically relevant manner. Work domain analysis should be applied to assess cybersecurity risk and inform engineering and user interface design.

The double-edged sword of electronic health records: implications for patient disclosure.

PubMed

Campos-Castillo, Celeste; Anthony, Denise L

2015-04-01

Electronic health record (EHR) systems are linked to improvements in quality of care, yet also privacy and security risks. Results from research studies are mixed about whether patients withhold personal information from their providers to protect against the perceived EHR privacy and security risks. This study seeks to reconcile the mixed findings by focusing on whether accounting for patients' global ratings of care reveals a relationship between EHR provider-use and patient non-disclosure. A nationally representative sample from the 2012 Health Information National Trends Survey was analyzed using bivariate and multivariable logit regressions to examine whether global ratings of care suppress the relationship between EHR provider-use and patient non-disclosure. 13% of respondents reported having ever withheld information from a provider because of privacy/security concerns. Bivariate analysis showed that withholding information was unrelated to whether respondents' providers used an EHR. Multivariable analysis showed that accounting for respondents' global ratings of care revealed a positive relationship between having a provider who uses an EHR and withholding information. After accounting for global ratings of care, findings suggest that patients may non-disclose to providers to protect against the perceived EHR privacy and security risks. Despite evidence that EHRs inhibit patient disclosure, their advantages for promoting quality of care may outweigh the drawbacks. Clinicians should leverage the EHR's value in quality of care and discuss patients' privacy concerns during clinic visits, while policy makers should consider how to address the real and perceived privacy and security risks of EHRs. © The Author 2014. Published by Oxford University Press on behalf of the American Medical Informatics Association. All rights reserved. For Permissions, please email: journals.permissions@oup.com.

Assessment of risks of EMI for personal medical electronic devices (PMEDs) from emissions of millimeter-wave security screening systems

NASA Astrophysics Data System (ADS)

Witters, Donald; Bassen, Howard; Guag, Joshua; Addissie, Bisrat; LaSorte, Nickolas; Rafai, Hazem

2013-06-01

This paper describes research and testing of a representative group of high priority body worn and implantable personal medical electronic devices (PMEDs) for exposure to millimeter wave (MMW) advanced imaging technology (AIT) security systems used at airports. The sample PMEDs included in this study were implantable cardiac pacemakers, ICDs, neurostimulators and insulin pumps. These PMEDs are designed and tested for susceptibility to electromagnetic interference (EMI) under the present standards for medical device electromagnetic compatibility (EMC). However, the present standards for medical equipment do not address exposure to the much higher frequency fields that are emitted by MMW security systems. Initial AIT emissions measurements were performed to assess the PMED and passenger exposures. Testing protocols were developed and testing methods were tailored to the type of PMED. In addition, a novel exposure simulation system was developed to allow controlled EMC testing without the need of the MMW AIT system. Methodology, test results, and analysis are presented, along with an assessment of the human exposure and risks for PMED users. The results on this study reveal no effects on the medical devices from the exposure to the MMW security system. Furthermore, the human exposure measurements and analysis showed levels well below applicable standard, and the risks for PMED users and others we assessed to be very low. These findings apply to the types of PMEDs used in the study though these findings might suggest that the risks for other, similar PMEDs would likely be similar.

Analysis on the University’s Network Security Level System in the Big Data Era

NASA Astrophysics Data System (ADS)

Li, Tianli

2017-12-01

The rapid development of science and technology, the continuous expansion of the scope of computer network applications, has gradually improved the social productive forces, has had a positive impact on the increase production efficiency and industrial scale of China's different industries. Combined with the actual application of computer network in the era of large data, we can see the existence of influencing factors such as network virus, hacker and other attack modes, threatening network security and posing a potential threat to the safe use of computer network in colleges and universities. In view of this unfavorable development situation, universities need to pay attention to the analysis of the situation of large data age, combined with the requirements of network security use, to build a reliable network space security system from the equipment, systems, data and other different levels. To avoid the security risks exist in the network. Based on this, this paper will analyze the hierarchical security system of cyberspace security in the era of large data.

Maternal Resolution of Grief After Preterm Birth: Implications for Infant Attachment Security

PubMed Central

Clements, Melissa; Poehlmann, Julie

2011-01-01

OBJECTIVE: This study explored the association between mothers' unresolved grief regarding their infant's preterm birth and infant-mother attachment security. We hypothesized that mothers with unresolved grief would be more likely to have insecurely attached infants at 16 months and that this association would be partially mediated by maternal interaction quality. METHODS: This longitudinal study focused on 74 preterm infants (age of <36 weeks) and their mothers who were part of a larger study of high-risk infants. The present analysis included assessment of neonatal and socioeconomic risks at NICU discharge; maternal depression, Reaction to Preterm Birth Interview findings, and quality of parenting at a postterm age of 9 months; and infant-mother attachment at postterm age of 16 months. Associations among findings of grief resolution with the Reaction to Preterm Birth Interview, quality of parenting interactions, and attachment security were explored by using relative risk ratios and logistic and multivariate regression models. RESULTS: The relative risk of developing insecure attachment when mothers had unresolved grief was 1.59 (95% confidence interval: 1.03–2.44). Controlling for covariates (adjusted odds ratio: 2.94), maternal feelings of resolved grief regarding the preterm birth experience were associated with secure infant-mother attachment at 16 months. Maternal grief resolution and interaction quality were independent predictors of attachment security. CONCLUSION: Maternal grief resolution regarding the experience of preterm birth and the quality of maternal interactions have important implications for emerging attachment security for infants born prematurely. PMID:21242223

Maternal resolution of grief after preterm birth: implications for infant attachment security.

PubMed

Shah, Prachi E; Clements, Melissa; Poehlmann, Julie

2011-02-01

This study explored the association between mothers' unresolved grief regarding their infant's preterm birth and infant-mother attachment security. We hypothesized that mothers with unresolved grief would be more likely to have insecurely attached infants at 16 months and that this association would be partially mediated by maternal interaction quality. This longitudinal study focused on 74 preterm infants (age of <36 weeks) and their mothers who were part of a larger study of high-risk infants. The present analysis included assessment of neonatal and socioeconomic risks at NICU discharge; maternal depression, Reaction to Preterm Birth Interview findings, and quality of parenting at a postterm age of 9 months; and infant-mother attachment at postterm age of 16 months. Associations among findings of grief resolution with the Reaction to Preterm Birth Interview, quality of parenting interactions, and attachment security were explored by using relative risk ratios and logistic and multivariate regression models. The relative risk of developing insecure attachment when mothers had unresolved grief was 1.59 (95% confidence interval: 1.03-2.44). Controlling for covariates (adjusted odds ratio: 2.94), maternal feelings of resolved grief regarding the preterm birth experience were associated with secure infant-mother attachment at 16 months. Maternal grief resolution and interaction quality were independent predictors of attachment security. Maternal grief resolution regarding the experience of preterm birth and the quality of maternal interactions have important implications for emerging attachment security for infants born prematurely.

A Value Measure for Public-Sector Enterprise Risk Management: A TSA Case Study.

PubMed

Fletcher, Kenneth C; Abbas, Ali E

2018-05-01

This article presents a public value measure that can be used to aid executives in the public sector to better assess policy decisions and maximize value to the American people. Using Transportation Security Administration (TSA) programs as an example, we first identify the basic components of public value. We then propose a public value account to quantify the outcomes of various risk scenarios, and we determine the certain equivalent of several important TSA programs. We illustrate how this proposed measure can quantify the effects of two main challenges that government organizations face when conducting enterprise risk management: (1) short-term versus long-term incentives and (2) avoiding potential negative consequences even if they occur with low probability. Finally, we illustrate how this measure enables the use of various tools from decision analysis to be applied in government settings, such as stochastic dominance arguments and certain equivalent calculations. Regarding the TSA case study, our analysis demonstrates the value of continued expansion of the TSA trusted traveler initiative and increasing the background vetting for passengers who are afforded expedited security screening. © 2017 Society for Risk Analysis.

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2010 CFR

2010-10-01

..., contain, and correct security violations. (ii) Implementation specifications: (A) Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the... vulnerabilities to a reasonable and appropriate level to comply with § 164.306(a). (C) Sanction policy (Required...

An analysis of security price risk and return among publicly traded pharmacy corporations.

PubMed

Gilligan, Adrienne M; Skrepnek, Grant H

2013-01-01

Community pharmacies have been subject to intense and increasing competition in the past several decades. To determine the security price risk and rate of return of publicly traded pharmacy corporations present on the major U.S. stock exchanges from 1930 to 2009. The Center of Research in Security Prices (CRSP) database was used to examine monthly security-level stock market prices in this observational retrospective study. The primary outcome of interest was the equity risk premium, with analyses focusing upon financial metrics associated with risk and return based upon modern portfolio theory (MPT) including: abnormal returns (i.e., alpha), volatility (i.e., beta), and percentage of returns explained (i.e., adjusted R(2)). Three equilibrium models were estimated using random-effects generalized least squares (GLS): 1) the Capital Asset Pricing Model (CAPM); 2) Fama-French Three-Factor Model; and 3) Carhart Four-Factor Model. Seventy-five companies were examined from 1930 to 2009, with overall adjusted R(2) values ranging from 0.13 with the CAPM to 0.16 with the Four-Factor model. Alpha was not significant within any of the equilibrium models across the entire 80-year time period, though was found from 1999 to 2009 in the Three- and Four-Factor models to be associated with a large, significant, and negative risk-adjusted abnormal returns of -33.84%. Volatility varied across specific time periods based upon the financial model employed. This investigation of risk and return within publicly listed pharmacy corporations from 1930 to 2009 found that substantial losses were incurred particularly from 1999 to 2009, with risk-adjusted security valuations decreasing by one-third. Copyright © 2013 Elsevier Inc. All rights reserved.

78 FR 55270 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-DHS...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-10

... subsection (a) to add records containing the results from TSA's intelligence-driven risk- based analysis of... information. 49 CFR Sec. 1560. \\1\\ 77 FR 69491 (Nov. 19, 2012). Under sec. 4012(a)(1)-(2) of the Intelligence... the Central Intelligence Agency, the Secretary of the Treasury, and the Secretary of Defense. The...

Agency Problems and Airport Security: Quantitative and Qualitative Evidence on the Impact of Security Training.

PubMed

de Gramatica, Martina; Massacci, Fabio; Shim, Woohyun; Turhan, Uğur; Williams, Julian

2017-02-01

We analyze the issue of agency costs in aviation security by combining results from a quantitative economic model with a qualitative study based on semi-structured interviews. Our model extends previous principal-agent models by combining the traditional fixed and varying monetary responses to physical and cognitive effort with nonmonetary welfare and potentially transferable value of employees' own human capital. To provide empirical evidence for the tradeoffs identified in the quantitative model, we have undertaken an extensive interview process with regulators, airport managers, security personnel, and those tasked with training security personnel from an airport operating in a relatively high-risk state, Turkey. Our results indicate that the effectiveness of additional training depends on the mix of "transferable skills" and "emotional" buy-in of the security agents. Principals need to identify on which side of a critical tipping point their agents are to ensure that additional training, with attached expectations of the burden of work, aligns the incentives of employees with the principals' own objectives. © 2016 Society for Risk Analysis.

Optimizing Security of Cloud Computing within the DoD

DTIC Science & Technology

2010-12-01

information security governance and risk management; application security; cryptography; security architecture and design; operations security; business ...governance and risk management; application security; cryptography; security architecture and design; operations security; business continuity...20 7. Operational Security (OPSEC).........................................................20 8. Business Continuity Planning (BCP) and Disaster

6 CFR 27.205 - Determination that a chemical facility “presents a high level of security risk.”

Code of Federal Regulations, 2011 CFR

2011-01-01

... a high level of security risk.â 27.205 Section 27.205 Domestic Security DEPARTMENT OF HOMELAND... Program § 27.205 Determination that a chemical facility “presents a high level of security risk.” (a... a high level of security risk based on any information available (including any information...

A comprehensive Network Security Risk Model for process control networks.

PubMed

Henry, Matthew H; Haimes, Yacov Y

2009-02-01

The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example.

Can Parenting Intervention Prevent Cascading Effects From Placement Instability to Insecure Attachment to Externalizing Problems in Maltreated Toddlers?

PubMed

Pasalich, Dave S; Fleming, Charles B; Oxford, Monica L; Zheng, Yao; Spieker, Susan J

2016-08-01

Multiple placement changes disrupt continuity in caregiving and undermine well-being in children in child welfare. This study conducted secondary data analysis of a randomized controlled trial to examine whether a relationship-based intervention, Promoting First Relationships(©) (PFR), reduced risk for a maladaptive cascade from placement instability to less secure attachment to elevated externalizing problems. Participants included caregivers (birth or foster/kin) of toddlers (10-24 months) recently transitioned to their care because of child welfare placement decisions. Although main effects of PFR on security and externalizing problems were not previously observed, this study's results revealed that PFR attenuated the association between multiple placement changes (baseline) and less security (postintervention) and that the indirect effect of placement instability on greater externalizing problems (6-month follow-up) via less security was evident only in toddlers in the comparison condition. These findings shed light on how a history of multiple caregiver changes may influence toddlers' risk for poor adjustment in subsequent placements, and the promise of supporting caregivers through a parenting intervention to prevent such risk. © The Author(s) 2016.

Can parenting intervention prevent cascading effects from placement instability to insecure attachment to externalizing problems in maltreated toddlers?

PubMed Central

Pasalich, Dave S.; Fleming, Charles B.; Oxford, Monica L.; Zheng, Yao; Spieker, Susan J.

2016-01-01

Multiple placement changes disrupt continuity in caregiving and undermine well-being in children in child welfare. This study conducted secondary data analysis of a randomized controlled trial to examine whether a relationship-based intervention, Promoting First Relationships© (PFR), reduced risk for a maladaptive cascade from placement instability to less secure attachment to elevated externalizing problems. Participants included caregivers (birth or foster/kin) of toddlers (10–24 months) recently transitioned to their care because of child welfare placement decisions. Although main effects of PFR on security and externalizing problems were not previously observed, this study’s results revealed that PFR attenuated the association between multiple placement changes (baseline) and less security (postintervention), and that the indirect effect of placement instability on greater externalizing problems (6-month follow-up) via less security was evident only in toddlers in the comparison condition. These findings shed light on how a history of multiple caregiver changes may influence toddlers’ risk for poor adjustment in subsequent placements, and the promise of supporting caregivers through a parenting intervention to prevent such risk. PMID:27381935

Towards improving software security by using simulation to inform requirements and conceptual design

DOE PAGES

Nutaro, James J.; Allgood, Glenn O.; Kuruganti, Teja

2015-06-17

We illustrate the use of modeling and simulation early in the system life-cycle to improve security and reduce costs. The models that we develop for this illustration are inspired by problems in reliability analysis and supervisory control, for which similar models are used to quantify failure probabilities and rates. In the context of security, we propose that models of this general type can be used to understand trades between risk and cost while writing system requirements and during conceptual design, and thereby significantly reduce the need for expensive security corrections after a system enters operation

Cyber security risk assessment for SCADA and DCS networks.

PubMed

Ralston, P A S; Graham, J H; Hieb, J L

2007-10-01

The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

Cyber-security Considerations for Real-Time Physiological Status Monitoring: Threats, Goals, and Use Cases

DTIC Science & Technology

2016-11-01

low- power RF transmissions used by the OBAN system. B. Threat Analysis Methodology To analyze the risk presented by a particular threat we use a... power efficiency5 and in the absolute worst case a compromise of the wireless channel could result in death. Fitness trackers on the other hand are...analysis is intended to inform the development of secure RT-PSM architectures. I. INTRODUCTION The development of very low- power computing devices and

7 CFR 331.7 - Registration and related security risk assessments.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 7 Agriculture 5 2010-01-01 2010-01-01 false Registration and related security risk assessments... AGENTS AND TOXINS § 331.7 Registration and related security risk assessments. (a) Unless exempted under... be approved by the Administrator or the HHS Secretary based on a security risk assessment by the...

A cross-case comparative analysis of international security forces' impacts on health systems in conflict-affected and fragile states.

PubMed

Bourdeaux, Margaret; Kerry, Vanessa; Haggenmiller, Christian; Nickel, Karlheinz

2015-01-01

Destruction of health systems in fragile and conflict-affected states increases civilian mortality. Despite the size, scope, scale and political influence of international security forces intervening in fragile states, little attention has been paid to array of ways they may impact health systems beyond their effects on short-term humanitarian health aid delivery. Using case studies we published on international security forces' impacts on health systems in Haiti, Kosovo, Afghanistan and Libya, we conducted a comparative analysis that examined three questions: What aspects, or building blocks, of health systems did security forces impact across the cases and what was the nature of these impacts? What forums or mechanisms did international security forces use to interact with health system actors? What policies facilitated or hindered security forces from supporting health systems? We found international security forces impacted health system governance, information systems and indigenous health delivery organizations. Positive impacts included bolstering the authority, transparency and capability of health system leadership. Negative impacts included undermining the impartial nature of indigenous health institutions by using health projects to achieve security objectives. Interactions between security and health actors were primarily ad hoc, often to the detriment of health system support efforts. When international security forces were engaged in health system support activities, the most helpful communication and consultative mechanisms to manage their involvement were ones that could address a wide array of problems, were nimble enough to accommodate rapidly changing circumstances, leveraged the power of personal relationships, and were able to address the tensions that arose between security and health system supporting strategies. Policy barriers to international security organizations participating in health system support included lack of mandate, conflicts between security strategies and health system preservation, and lack of interoperability between security and indigenous health organizations with respect to logistics and sharing information. The cases demonstrate both the opportunities and risks of international security organizations involvement in health sector protection, recovery and reconstruction. We discuss two potential approaches to engaging these organizations in health system support that may increase the chances of realizing these opportunities while mitigating risks.

Security Risks: Management and Mitigation in the Software Life Cycle

NASA Technical Reports Server (NTRS)

Gilliam, David P.

2004-01-01

A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.

Risk factors and visual fatigue of baggage X-ray security screeners: a structural equation modelling analysis.

PubMed

Yu, Rui-Feng; Yang, Lin-Dong; Wu, Xin

2017-05-01

This study identified the risk factors influencing visual fatigue in baggage X-ray security screeners and estimated the strength of correlations between those factors and visual fatigue using structural equation modelling approach. Two hundred and five X-ray security screeners participated in a questionnaire survey. The result showed that satisfaction with the VDT's physical features and the work environment conditions were negatively correlated with the intensity of visual fatigue, whereas job stress and job burnout had direct positive influences. The path coefficient between the image quality of VDT and visual fatigue was not significant. The total effects of job burnout, job stress, the VDT's physical features and the work environment conditions on visual fatigue were 0.471, 0.469, -0.268 and -0.251 respectively. These findings indicated that both extrinsic factors relating to VDT and workplace environment and psychological factors including job burnout and job stress should be considered in the workplace design and work organisation of security screening tasks to reduce screeners' visual fatigue. Practitioner Summary: This study identified the risk factors influencing visual fatigue in baggage X-ray security screeners and estimated the strength of correlations between those factors and visual fatigue. The findings were of great importance to the workplace design and the work organisation of security screening tasks to reduce screeners' visual fatigue.

Creating a spatially-explicit index: a method for assessing the global wildfire-water risk

NASA Astrophysics Data System (ADS)

Robinne, François-Nicolas; Parisien, Marc-André; Flannigan, Mike; Miller, Carol; Bladon, Kevin D.

2017-04-01

The wildfire-water risk (WWR) has been defined as the potential for wildfires to adversely affect water resources that are important for downstream ecosystems and human water needs for adequate water quantity and quality, therefore compromising the security of their water supply. While tools and methods are numerous for watershed-scale risk analysis, the development of a toolbox for the large-scale evaluation of the wildfire risk to water security has only started recently. In order to provide managers and policy-makers with an adequate tool, we implemented a method for the spatial analysis of the global WWR based on the Driving forces-Pressures-States-Impacts-Responses (DPSIR) framework. This framework relies on the cause-and-effect relationships existing between the five categories of the DPSIR chain. As this approach heavily relies on data, we gathered an extensive set of spatial indicators relevant to fire-induced hydrological hazards and water consumption patterns by human and natural communities. When appropriate, we applied a hydrological routing function to our indicators in order to simulate downstream accumulation of potentially harmful material. Each indicator was then assigned a DPSIR category. We collapsed the information in each category using a principal component analysis in order to extract the most relevant pixel-based information provided by each spatial indicator. Finally, we compiled our five categories using an additive indexation process to produce a spatially-explicit index of the WWR. A thorough sensitivity analysis has been performed in order to understand the relationship between the final risk values and the spatial pattern of each category used during the indexation. For comparison purposes, we aggregated index scores by global hydrological regions, or hydrobelts, to get a sense of regional DPSIR specificities. This rather simple method does not necessitate the use of complex physical models and provides a scalable and efficient tool for the analysis of global water security issues.

Improving organisational resilience through enterprise security risk management.

PubMed

Petruzzi, John; Loyear, Rachelle

Enterprise Security Risk Management (ESRM) is a new philosophy and method of managing security programmes through the use of traditional risk principles. As a philosophy and life cycle, ESRM is focused on creating a business partnership between security practitioners and business leaders to more effectively provide protection against security risks in line with acceptable risk tolerances as defined by business asset owners and stakeholders. This paper explores the basics of the ESRM philosophy and life cycle and also shows how embracing the ESRM philosophy and implementing a risk-based security management model in the business organisation can lead to higher levels of organisational resilience as desired by organisation leaders, executives and the board of directors.

An Emerging New Risk Analysis Science: Foundations and Implications.

PubMed

Aven, Terje

2018-05-01

To solve real-life problems-such as those related to technology, health, security, or climate change-and make suitable decisions, risk is nearly always a main issue. Different types of sciences are often supporting the work, for example, statistics, natural sciences, and social sciences. Risk analysis approaches and methods are also commonly used, but risk analysis is not broadly accepted as a science in itself. A key problem is the lack of explanatory power and large uncertainties when assessing risk. This article presents an emerging new risk analysis science based on novel ideas and theories on risk analysis developed in recent years by the risk analysis community. It builds on a fundamental change in thinking, from the search for accurate predictions and risk estimates, to knowledge generation related to concepts, theories, frameworks, approaches, principles, methods, and models to understand, assess, characterize, communicate, and (in a broad sense) manage risk. Examples are used to illustrate the importance of this distinct/separate risk analysis science for solving risk problems, supporting science in general and other disciplines in particular. © 2017 The Authors Risk Analysis published by Wiley Periodicals, Inc. on behalf of Society for Risk Analysis.

9 CFR 121.7 - Registration and related security risk assessments.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 9 Animals and Animal Products 1 2010-01-01 2010-01-01 false Registration and related security risk..., USE, AND TRANSFER OF SELECT AGENTS AND TOXINS § 121.7 Registration and related security risk... Administrator or the HHS Secretary based on a security risk assessment by the Attorney General: (i) The...

Hybrid network defense model based on fuzzy evaluation.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.

Information risk and security modeling

NASA Astrophysics Data System (ADS)

Zivic, Predrag

2005-03-01

This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

Information security risk management for computerized health information systems in hospitals: a case study of Iran.

PubMed

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

The Use of BS7799 Information Security Standard to Construct Mechanisms for the Management of Medical Organization Information Security

NASA Astrophysics Data System (ADS)

Liu, Shu-Fan; Chueh, Hao-En; Liao, Kuo-Hsiung

According to surveys, 80 % of security related events threatening information in medical organizations is due to improper management. Most research on information security has focused on information and security technology, such as network security and access control; rarely addressing issues at the management issues. The main purpose of this study is to construct a BS7799 based mechanism for the management of information with regard to security as it applies to medical organizations. This study analyzes and identifies the most common events related to information security in medical organizations and categorizes these events as high-risk, transferable-risk, and controlled-risk to facilitate the management of such risk.

Risk Management as Strategic Change in National Homeland Security Policy

DTIC Science & Technology

2007-09-01

HSI is operated under contract by Analytic Services Inc., with oversight from DHS Science and Technology (S& T ). 94 Threat and risk analysis are...Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management and Budget...risk management to the nation’s critical infrastructure owners and operators . This paper explores the challenges involved in implementing the risk

Governing for Enterprise Security

DTIC Science & Technology

2005-06-01

1 2 W hat Is Governing for Enterprise Security? ................................................ 5 3 W hat Are the Risks ...oversight and coordination 2. Areas of responsibility 3. Risk measurement 4. Monitoring and testing 5 . Reporting 6. Acceptable residual risk These...and O pportunities? ............................................... 10 3.1 Enterprise Risk and Enterprise Security Risk

Perception of health risks of electromagnetic fields by MRI radiographers and airport security officers compared to the general Dutch working population: a cross sectional analysis

PubMed Central

2011-01-01

Background The amount of exposure to electromagnetic fields (EMF) at work is mainly determined by an individual's occupation and may differ from exposure at home. It is, however, unknown how different occupational groups perceive possible adverse health effects of EMF. Methods Three occupational groups, the general Dutch working population (n = 567), airport security officers who work with metal detectors (n = 106), and MRI radiographers who work with MRI (n = 193), were compared on perceived risk of and positive and negative feelings towards EMF in general and of different EMF sources, and health concerns by using analyses of variances. Data were collected via an internet survey. Results Overall, MRI radiographers had a lower perceived risk, felt less negative, and more positive towards EMF and different sources of EMF than the general working population and the security officers. For security officers, feeling more positive about EMF was not significantly related to perceived risk of EMF in general or EMF of domestic sources. Feeling positive about a source did not generalize to a lower perceived risk, while negative feelings were stronger related to perceived risk. MRI radiographers had fewer health concerns regarding EMF than the other two groups, although they considered it more likely that EMF could cause physical complaints. Conclusions These data show that although differences in occupation appear to be reflected in different perceptions of EMF, the level of occupational exposure to EMF as such does not predict the perceived health risk of EMF. PMID:22070906

Perception of health risks of electromagnetic fields by MRI radiographers and airport security officers compared to the general Dutch working population: a cross sectional analysis.

PubMed

van Dongen, Diana; Smid, Tjabe; Timmermans, Daniëlle R M

2011-11-09

The amount of exposure to electromagnetic fields (EMF) at work is mainly determined by an individual's occupation and may differ from exposure at home. It is, however, unknown how different occupational groups perceive possible adverse health effects of EMF. Three occupational groups, the general Dutch working population (n = 567), airport security officers who work with metal detectors (n = 106), and MRI radiographers who work with MRI (n = 193), were compared on perceived risk of and positive and negative feelings towards EMF in general and of different EMF sources, and health concerns by using analyses of variances. Data were collected via an internet survey. Overall, MRI radiographers had a lower perceived risk, felt less negative, and more positive towards EMF and different sources of EMF than the general working population and the security officers. For security officers, feeling more positive about EMF was not significantly related to perceived risk of EMF in general or EMF of domestic sources. Feeling positive about a source did not generalize to a lower perceived risk, while negative feelings were stronger related to perceived risk. MRI radiographers had fewer health concerns regarding EMF than the other two groups, although they considered it more likely that EMF could cause physical complaints. These data show that although differences in occupation appear to be reflected in different perceptions of EMF, the level of occupational exposure to EMF as such does not predict the perceived health risk of EMF. © 2011 van Dongen et al; licensee BioMed Central Ltd.

Cyber / Physical Security Vulnerability Assessment Integration

DOE Office of Scientific and Technical Information (OSTI.GOV)

MacDonald, Douglas G.; Simpkins, Bret E.

Abstract Both physical protection and cyber security domains offer solutions for the discovery of vulnerabilities through the use of various assessment processes and software tools. Each vulnerability assessment (VA) methodology provides the ability to identify and categorize vulnerabilities, and quantifies the risks within their own areas of expertise. Neither approach fully represents the true potential security risk to a site and/or a facility, nor comprehensively assesses the overall security posture. The technical approach to solving this problem was to identify methodologies and processes that blend the physical and cyber security assessments, and develop tools to accurately quantify the unaccounted formore » risk. SMEs from both the physical and the cyber security domains developed the blending methodologies, and cross trained each other on the various aspects of the physical and cyber security assessment processes. A local critical infrastructure entity volunteered to host a proof of concept physical/cyber security assessment, and the lessons learned have been leveraged by this effort. The four potential modes of attack an adversary can use in approaching a target are; Physical Only Attack, Cyber Only Attack, Physical Enabled Cyber Attack, and the Cyber Enabled Physical Attack. The Physical Only and the Cyber Only pathway analysis are two of the most widely analyzed attack modes. The pathway from an off-site location to the desired target location is dissected to ensure adversarial activity can be detected and neutralized by the protection strategy, prior to completion of a predefined task. This methodology typically explores a one way attack from the public space (or common area) inward towards the target. The Physical Enabled Cyber Attack and the Cyber Enabled Physical Attack are much more intricate. Both scenarios involve beginning in one domain to affect change in the other, then backing outward to take advantage of the reduced system effectiveness, before penetrating further into the defenses. The proper identification and assessment of the overlapping areas (and interaction between these areas) in the VA process is necessary to accurately assess the true risk.« less

Using probabilistic terrorism risk modeling for regulatory benefit-cost analysis: application to the Western hemisphere travel initiative in the land environment.

PubMed

Willis, Henry H; LaTourrette, Tom

2008-04-01

This article presents a framework for using probabilistic terrorism risk modeling in regulatory analysis. We demonstrate the framework with an example application involving a regulation under consideration, the Western Hemisphere Travel Initiative for the Land Environment, (WHTI-L). First, we estimate annualized loss from terrorist attacks with the Risk Management Solutions (RMS) Probabilistic Terrorism Model. We then estimate the critical risk reduction, which is the risk-reducing effectiveness of WHTI-L needed for its benefit, in terms of reduced terrorism loss in the United States, to exceed its cost. Our analysis indicates that the critical risk reduction depends strongly not only on uncertainties in the terrorism risk level, but also on uncertainty in the cost of regulation and how casualties are monetized. For a terrorism risk level based on the RMS standard risk estimate, the baseline regulatory cost estimate for WHTI-L, and a range of casualty cost estimates based on the willingness-to-pay approach, our estimate for the expected annualized loss from terrorism ranges from $2.7 billion to $5.2 billion. For this range in annualized loss, the critical risk reduction for WHTI-L ranges from 7% to 13%. Basing results on a lower risk level that results in halving the annualized terrorism loss would double the critical risk reduction (14-26%), and basing the results on a higher risk level that results in a doubling of the annualized terrorism loss would cut the critical risk reduction in half (3.5-6.6%). Ideally, decisions about terrorism security regulations and policies would be informed by true benefit-cost analyses in which the estimated benefits are compared to costs. Such analyses for terrorism security efforts face substantial impediments stemming from the great uncertainty in the terrorist threat and the very low recurrence interval for large attacks. Several approaches can be used to estimate how a terrorism security program or regulation reduces the distribution of risks it is intended to manage. But, continued research to develop additional tools and data is necessary to support application of these approaches. These include refinement of models and simulations, engagement of subject matter experts, implementation of program evaluation, and estimating the costs of casualties from terrorism events.

Information Analysis Methodology for Border Security Deployment Prioritization and Post Deployment Evaluation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Booker, Paul M.; Maple, Scott A.

2010-06-08

Due to international commerce, cross-border conflicts, and corruption, a holistic, information driven, approach to border security is required to best understand how resources should be applied to affect sustainable improvements in border security. The ability to transport goods and people by land, sea, and air across international borders with relative ease for legitimate commercial purposes creates a challenging environment to detect illicit smuggling activities that destabilize national level border security. Smuggling activities operated for profit or smuggling operations driven by cross border conflicts where militant or terrorist organizations facilitate the transport of materials and or extremists to advance a causemore » add complexity to smuggling interdiction efforts. Border security efforts are further hampered when corruption thwarts interdiction efforts or reduces the effectiveness of technology deployed to enhance border security. These issues necessitate the implementation of a holistic approach to border security that leverages all available data. Large amounts of information found in hundreds of thousands of documents can be compiled to assess national or regional borders to identify variables that influence border security. Location data associated with border topics of interest may be extracted and plotted to better characterize the current border security environment for a given country or region. This baseline assessment enables further analysis, but also documents the initial state of border security that can be used to evaluate progress after border security improvements are made. Then, border security threats are prioritized via a systems analysis approach. Mitigation factors to address risks can be developed and evaluated against inhibiting factor such as corruption. This holistic approach to border security helps address the dynamic smuggling interdiction environment where illicit activities divert to a new location that provides less resistance to smuggling activities after training or technology is deployed at a given location. This paper will present an approach to holistic border security information analysis.« less

A cooperative model for IS security risk management in distributed environment.

PubMed

Feng, Nan; Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

78 FR 8128 - Request for Nominations of Experts to the EPA Office of Research and Development's Board of...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-05

... Program; Homeland Security Research Program; Human Health Risk Assessment Research Program; Safe and... --atmospheric physics Biology --biogeochemistry --cell biology --endocrinology (endocrine disruptors... analysis --uncertainty analysis Nanotechnology Public Health --children's health --community health...

Information security risk management for computerized health information systems in hospitals: a case study of Iran

PubMed Central

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

The Need for Cyber-Informed Engineering Expertise for Nuclear Research Reactors

DOE Office of Scientific and Technical Information (OSTI.GOV)

Anderson, Robert Stephen

Engineering disciplines may not currently understand or fully embrace cyber security aspects as they apply towards analysis, design, operation, and maintenance of nuclear research reactors. Research reactors include a wide range of diverse co-located facilities and designs necessary to meet specific operational research objectives. Because of the nature of research reactors (reduced thermal energy and fission product inventory), hazards and risks may not have received the same scrutiny as normally associated with power reactors. Similarly, security may not have been emphasized either. However, the lack of sound cybersecurity defenses may lead to both safety and security impacts. Risk management methodologiesmore » may not contain the foundational assumptions required to address the intelligent adversary’s capabilities in malevolent cyber attacks. Although most research reactors are old and may not have the same digital footprint as newer facilities, any digital instrument and control function must be considered as a potential attack platform that can lead to sabotage or theft of nuclear material, especially for some research reactors that store highly enriched uranium. This paper will provide a discussion about the need for cyber-informed engineering practices that include the entire engineering lifecycle. Cyber-informed engineering as referenced in this paper is the inclusion of cybersecurity aspects into the engineering process. A discussion will consider several attributes of this process evaluating the long-term goal of developing additional cyber safety basis analysis and trust principles. With a culture of free information sharing exchanges, and potentially a lack of security expertise, new risk analysis and design methodologies need to be developed to address this rapidly evolving (cyber) threatscape.« less

Model based verification of the Secure Socket Layer (SSL) Protocol for NASA systems

NASA Technical Reports Server (NTRS)

Powell, John D.; Gilliam, David

2004-01-01

The National Aeronautics and Space Administration (NASA) has tens of thousands of networked computer systems and applications. Software Security vulnerabilities present risks such as lost or corrupted data, information theft, and unavailability of critical systems. These risks represent potentially enormous costs to NASA. The NASA Code Q research initiative 'Reducing Software Security Risk (RSSR) Trough an Integrated Approach' offers formal verification of information technology (IT), through the creation of a Software Security Assessment Instrument (SSAI), to address software security risks.

Working to eat: Vulnerability, food insecurity, and obesity among migrant and seasonal farmworker families.

PubMed

Borre, Kristen; Ertle, Luke; Graff, Mariaelisa

2010-04-01

Food insecurity and obesity have potential health consequences for migrant and seasonal farm workers (MSFW). Thirty-six Latino MSFW working in eastern North Carolina whose children attended Migrant Head Start completed interviews, focus groups and home visits. Content analysis, nutrient analysis, and non-parametric statistical analysis produced results. MSFW (63.8%) families were food insecure; of those, 34.7% experienced hunger. 32% of pre-school children were food insecure. Food secure families spent more money on food. Obesity was prevalent in adults and children but the relationship to food insecurity remains unclear. Strategies to reduce risk of foods insecurity were employed by MSFW, but employer and community assistance is needed to reduce their risk. Food insecurity is rooted in the cultural lifestyle of farmwork, poverty, and dependency. MSFW obesity and food insecurity require further study to determine the relationship with migration and working conditions. Networking and social support are important for MSFW families to improve food security. Policies and community/workplace interventions could reduce risk of food insecurity and improve the health of workers. (c) 2010 Wiley-Liss, Inc.

A Cooperative Model for IS Security Risk Management in Distributed Environment

PubMed Central

Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively. PMID:24563626

School Security Assessment Programme in Australia

ERIC Educational Resources Information Center

Marrapodi, John

2007-01-01

This article describes a successful security risk management programme in Australia. The state-wide programme follows a structured risk management approach focusing on the safety and security of people, information, provision, and assets in the school environment. To assist school principals, a Security Risk Assessment Programme was developed on a…

Managing information technology security risk

NASA Technical Reports Server (NTRS)

Gilliam, David

2003-01-01

Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

[Principles and methodology for ecological rehabilitation and security pattern design in key project construction].

PubMed

Chen, Li-Ding; Lu, Yi-He; Tian, Hui-Ying; Shi, Qian

2007-03-01

Global ecological security becomes increasingly important with the intensive human activities. The function of ecological security is influenced by human activities, and in return, the efficiency of human activities will also be affected by the patterns of regional ecological security. Since the 1990s, China has initiated the construction of key projects "Yangtze Three Gorges Dam", "Qinghai-Tibet Railway", "West-to-East Gas Pipeline", "West-to-East Electricity Transmission" and "South-to-North Water Transfer" , etc. The interaction between these projects and regional ecological security has particularly attracted the attention of Chinese government. It is not only important for the regional environmental protection, but also of significance for the smoothly implementation of various projects aimed to develop an ecological rehabilitation system and to design a regional ecological security pattern. This paper made a systematic analysis on the types and characteristics of key project construction and their effects on the environment, and on the basis of this, brought forward the basic principles and methodology for ecological rehabilitation and security pattern design in this construction. It was considered that the following issues should be addressed in the implementation of a key project: 1) analysis and evaluation of current regional ecological environment, 2) evaluation of anthropogenic disturbances and their ecological risk, 3) regional ecological rehabilitation and security pattern design, 4) scenario analysis of environmental benefits of regional ecological security pattern, 5) re-optimization of regional ecological system framework, and 6) establishment of regional ecosystem management plan.

Secrecy vs. the need for ecological information: challenges to environmental activism in Russia.

PubMed

Jandl, T

1998-01-01

This article identifies the lessons learned from the Nikitin case study in Russia. The Nikitin case involves the analysis of sources of radioactive contamination in several Russian counties and in the Russian Northern Fleet. Norway was interested in the issue due to proximity to the storage sites. The issue involved national security and environmental protection. It was learned that mixing national security issues with environmental issues offers dangerous and multiple challenges. Environmental groups must build relationships with a wide audience. International security policy must include the issues of globalization of trade and the spread of environmental problems into the global commons (oceans and atmosphere). The risk of an environmentally dangerous accident as a consequence of Cold War activities is greater than the risk of nuclear war. Secrecy in military affairs is not justified when there is inadequate storage of nuclear weapons and contaminated materials. In Russia, the concern is great due to their economic transition and shortages of funds for even the most basic needs, which excludes nuclear waste clean up. The Bellona Foundation studied the extent of nuclear pollution from military nuclear reactors in the Kola peninsula of northwest Russia, in 1994 and 1996. Russian security police arrested one of the report authors for alleged national security violations. A valuable lesson learned was that local Russian environmental groups needed international support. The military nuclear complex poses an enormous hazard. Limiting inspections is an unacceptable national security risk. The new Russian law on state secrets is too broad.

Nuclear security policy in the context of counter-terrorism in Cambodia

NASA Astrophysics Data System (ADS)

Khun, Vuthy; Wongsawaeng, Doonyapong

2016-01-01

The risk of nuclear or dirty bomb attack by terrorists is one of the most urgent and threatening danger. The Cambodian national strategy to combat weapons of mass destruction (WMD) depicts a layered system of preventive measures ranging from securing materials at foreign sources to interdicting weapons or nuclear or other radioactive materials at ports, border crossings, and within the Cambodian institutions dealing with the nuclear security to manage the preventive programs. The aim of this study is to formulate guidance, to identify scenario of threat and risk, and to pinpoint necessary legal frameworks on nuclear security in the context of counterterrorism based on the International Atomic Energy Agency nuclear security series. The analysis of this study is guided by theoretical review, the review of international laws and politics, by identifying and interpreting applicable rules and norms establishing the nuclear security regime and how well enforcement of the regime is carried out and, what is the likelihood of the future reform might be. This study will examine the existing national legal frameworks of Cambodia in the context of counterterrorism to prevent acts of nuclear terrorism and the threat of a terrorist nuclear attack within the Cambodia territory. It will shed light on departmental lanes of national nuclear security responsibility, and provide a holistic perspective on the needs of additional resources and emphasis regarding nuclear security policy in the context of counterterrorism in Cambodia.

6 CFR 27.200 - Information regarding security risk for a chemical facility.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Information regarding security risk for a chemical facility. 27.200 Section 27.200 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information...

Iron deficiency is associated with food insecurity in pregnant females in the United States: National Health and Nutrition Examination Survey 1999-2010.

PubMed

Park, Clara Y; Eicher-Miller, Heather A

2014-12-01

Food-insecure pregnant females may be at greater risk of iron deficiency (ID) because nutrition needs increase and more resources are needed to secure food during pregnancy. This may result in a higher risk of infant low birth weight and possibly cognitive impairment in the neonate. The relationships of food insecurity and poverty income ratio (PIR) with iron intake and ID among pregnant females in the United States were investigated using National Health and Nutrition Examination Survey 1999-2010 data (n=1,045). Food security status was classified using the US Food Security Survey Module. One 24-hour dietary recall and a 30-day supplement recall were used to assess iron intake. Ferritin, soluble transferrin receptor, or total body iron classified ID. Difference of supplement intake prevalence, difference in mean iron intake, and association of ID and food security status or PIR were assessed using χ(2) analysis, Student t test, and logistic regression analysis (adjusted for age, race, survey year, PIR/food security status, education, parity, trimester, smoking, C-reactive protein level, and health insurance coverage), respectively. Mean dietary iron intake was similar among groups. Mean supplemental and total iron intake were lower, whereas odds of ID, classified by ferritin status, were 2.90 times higher for food-insecure pregnant females compared with food-secure pregnant females. Other indicators of ID were not associated with food security status. PIR was not associated with iron intake or ID. Food insecurity status may be a better indicator compared with income status to identify populations at whom to direct interventions aimed at improving access and education regarding iron-rich foods and supplements. Copyright © 2014 Academy of Nutrition and Dietetics. Published by Elsevier Inc. All rights reserved.

Implementation and evaluation of an efficient secure computation system using ‘R’ for healthcare statistics

PubMed Central

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-01-01

Background and objective While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Materials and methods Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software ‘R’ by effectively combining secret-sharing-based secure computation with original computation. Results Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50 000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. Discussion If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using ‘R’ that works interactively while secure computation protocols generally require a significant amount of processing time. Conclusions We propose a secure statistical analysis system using ‘R’ for medical data that effectively integrates secret-sharing-based secure computation and original computation. PMID:24763677

Implementation and evaluation of an efficient secure computation system using 'R' for healthcare statistics.

PubMed

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-10-01

While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software 'R' by effectively combining secret-sharing-based secure computation with original computation. Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50,000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using 'R' that works interactively while secure computation protocols generally require a significant amount of processing time. We propose a secure statistical analysis system using 'R' for medical data that effectively integrates secret-sharing-based secure computation and original computation. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

Family cumulative risk and at-risk kindergarteners' social competence: the mediating role of parent representations of the attachment relationship.

PubMed

Sparks, Lauren A; Trentacosta, Christopher J; Owusu, Erika; McLear, Caitlin; Smith-Darden, Joanne

2018-08-01

Secure attachment relationships have been linked to social competence in at-risk children. In the current study, we examined the role of parent secure base scripts in predicting at-risk kindergarteners' social competence. Parent representations of secure attachment were hypothesized to mediate the relationship between lower family cumulative risk and children's social competence. Participants included 106 kindergarteners and their primary caregivers recruited from three urban charter schools serving low-income families as a part of a longitudinal study. Lower levels of cumulative risk predicted greater secure attachment representations in parents, and scores on the secure base script assessment predicted children's social competence. An indirect relationship between lower cumulative risk and kindergarteners' social competence via parent secure base script scores was also supported. Parent script-based representations of the attachment relationship appear to be an important link between lower levels of cumulative risk and low-income kindergarteners' social competence. Implications of these findings for future interventions are discussed.

Security Events and Vulnerability Data for Cybersecurity Risk Estimation.

PubMed

Allodi, Luca; Massacci, Fabio

2017-08-01

Current industry standards for estimating cybersecurity risk are based on qualitative risk matrices as opposed to quantitative risk estimates. In contrast, risk assessment in most other industry sectors aims at deriving quantitative risk estimations (e.g., Basel II in Finance). This article presents a model and methodology to leverage on the large amount of data available from the IT infrastructure of an organization's security operation center to quantitatively estimate the probability of attack. Our methodology specifically addresses untargeted attacks delivered by automatic tools that make up the vast majority of attacks in the wild against users and organizations. We consider two-stage attacks whereby the attacker first breaches an Internet-facing system, and then escalates the attack to internal systems by exploiting local vulnerabilities in the target. Our methodology factors in the power of the attacker as the number of "weaponized" vulnerabilities he/she can exploit, and can be adjusted to match the risk appetite of the organization. We illustrate our methodology by using data from a large financial institution, and discuss the significant mismatch between traditional qualitative risk assessments and our quantitative approach. © 2017 Society for Risk Analysis.

Security engineering: systems engineering of security through the adaptation and application of risk management

NASA Technical Reports Server (NTRS)

Gilliam, David P.; Feather, Martin S.

2004-01-01

Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.

A spatial evaluation of global wildfire-water risks to human and natural systems.

PubMed

Robinne, François-Nicolas; Bladon, Kevin D; Miller, Carol; Parisien, Marc-André; Mathieu, Jérôme; Flannigan, Mike D

2018-01-01

The large mediatic coverage of recent massive wildfires across the world has emphasized the vulnerability of freshwater resources. The extensive hydrogeomorphic effects from a wildfire can impair the ability of watersheds to provide safe drinking water to downstream communities and high-quality water to maintain riverine ecosystem health. Safeguarding water use for human activities and ecosystems is required for sustainable development; however, no global assessment of wildfire impacts on water supply is currently available. Here, we provide the first global evaluation of wildfire risks to water security, in the form of a spatially explicit index. We adapted the Driving forces-Pressure-State-Impact-Response risk analysis framework to select a comprehensive set of indicators of fire activity and water availability, which we then aggregated to a single index of wildfire-water risk using a simple additive weighted model. Our results show that water security in many regions of the world is potentially vulnerable, regardless of socio-economic status. However, in developing countries, a critical component of the risk is the lack of socio-economic capability to respond to disasters. Our work highlights the importance of addressing wildfire-induced risks in the development of water security policies; the geographic differences in the components of the overall risk could help adapting those policies to different regional contexts. Crown Copyright © 2017. Published by Elsevier B.V. All rights reserved.

Hybrid Network Defense Model Based on Fuzzy Evaluation

PubMed Central

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture. PMID:24574870

Video calls from lay bystanders to dispatch centers - risk assessment of information security.

PubMed

Bolle, Stein R; Hasvold, Per; Henriksen, Eva

2011-09-30

Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

Video calls from lay bystanders to dispatch centers - risk assessment of information security

PubMed Central

2011-01-01

Background Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Methods Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Results Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Conclusions Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers. PMID:21958387

Chemical facility vulnerability assessment project.

PubMed

Jaeger, Calvin D

2003-11-14

Sandia National Laboratories, under the direction of the Office of Science and Technology, National Institute of Justice, conducted the chemical facility vulnerability assessment (CFVA) project. The primary objective of this project was to develop, test and validate a vulnerability assessment methodology (VAM) for determining the security of chemical facilities against terrorist or criminal attacks (VAM-CF). The project also included a report to the Department of Justice for Congress that in addition to describing the VAM-CF also addressed general observations related to security practices, threats and risks at chemical facilities and chemical transport. In the development of the VAM-CF Sandia leveraged the experience gained from the use and development of VAs in other areas and the input from the chemical industry and Federal agencies. The VAM-CF is a systematic, risk-based approach where risk is a function of the severity of consequences of an undesired event, the attack potential, and the likelihood of adversary success in causing the undesired event. For the purpose of the VAM-CF analyses Risk is a function of S, L(A), and L(AS), where S is the severity of consequence of an event, L(A) is the attack potential and L(AS) likelihood of adversary success in causing a catastrophic event. The VAM-CF consists of 13 basic steps. It involves an initial screening step, which helps to identify and prioritize facilities for further analysis. This step is similar to the prioritization approach developed by the American Chemistry Council (ACC). Other steps help to determine the components of the risk equation and ultimately the risk. The VAM-CF process involves identifying the hazardous chemicals and processes at a chemical facility. It helps chemical facilities to focus their attention on the most critical areas. The VAM-CF is not a quantitative analysis but, rather, compares relative security risks. If the risks are deemed too high, recommendations are developed for measures to reduce the risk. This paper will briefly discuss the CFVA project and VAM-CF process.

Enhancing Public Helicopter Safety as a Component of Homeland Security

DTIC Science & Technology

2016-12-01

Risk Assessment Tool GPS Global Positioning System IFR instrument flight rules ILS instrument landing system IMC instrument meteorological...flight rules ( IFR ) flying and the lack of a pre-flight risk assessment. Pilot fatigue is a factor that appeared in two of the accident reports (New...three common factors that emerged from the qualitative analysis of coding: inadequate proficiency of IFR flying, lack of a pre- flight risk assessment

Risk-Based Explosive Safety Analysis

DTIC Science & Technology

2016-11-30

safety siting of energetic liquids and propellants can be greatly aided by the use of risk-based methodologies. The low probability of exposed...liquids or propellants . 15. SUBJECT TERMS N/A 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18. NUMBER OF PAGES 19a. NAME OF...of energetic liquids and propellants can be greatly aided by the use of risk-based methodologies. The low probability of exposed personnel and the

Creating a National Framework for Cybersecurity: An Analysis of Issues and Options

DTIC Science & Technology

2005-02-22

of those measures; and the associated field of professional endeavor. Virtually any element of cyberspace can be at risk , and the degree of...weaknesses in U.S. cybersecurity is an area of some controversy. However, some components appear to be sources of potentially significant risk because either...security into enterprise architecture, using risk management, and using metrics. These different approaches all have different strengths and weaknesses

School Security and Crisis Preparedness: Make It Your Business.

ERIC Educational Resources Information Center

Trump, Kenneth S.

1999-01-01

The top five security risks in today's schools include aggressive behavior, weapons possession or use, drug trafficking, gangs, and "stranger danger." Home-made bomb threats are common. This article also discusses security system costs, risk-reduction frameworks, security assessments, crisis-preparedness guidelines, and security-related…

Protecting water and wastewater infrastructure from cyber attacks

NASA Astrophysics Data System (ADS)

Panguluri, Srinivas; Phillips, William; Cusimano, John

2011-12-01

Multiple organizations over the years have collected and analyzed data on cyber attacks and they all agree on one conclusion: cyber attacks are real and can cause significant damages. This paper presents some recent statistics on cyber attacks and resulting damages. Water and wastewater utilities must adopt countermeasures to prevent or minimize the damage in case of such attacks. Many unique challenges are faced by the water and wastewater industry while selecting and implementing security countermeasures; the key challenges are: 1) the increasing interconnection of their business and control system networks, 2) large variation of proprietary industrial control equipment utilized, 3) multitude of cross-sector cyber-security standards, and 4) the differences in the equipment vendor's approaches to meet these security standards. The utilities can meet these challenges by voluntarily selecting and adopting security standards, conducting a gap analysis, performing vulnerability/risk analysis, and undertaking countermeasures that best meets their security and organizational requirements. Utilities should optimally utilize their limited resources to prepare and implement necessary programs that are designed to increase cyber-security over the years. Implementing cyber security does not necessarily have to be expensive, substantial improvements can be accomplished through policy, procedure, training and awareness. Utilities can also get creative and allocate more funding through annual budgets and reduce dependence upon capital improvement programs to achieve improvements in cyber-security.

6 CFR 27.205 - Determination that a chemical facility “presents a high level of security risk.”

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Determination that a chemical facility âpresents a high level of security risk.â 27.205 Section 27.205 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security...

Security risks in nuclear waste management: Exceptionalism, opaqueness and vulnerability.

PubMed

Vander Beken, Tom; Dorn, Nicholas; Van Daele, Stijn

2010-01-01

This paper analyses some potential security risks, concerning terrorism or more mundane forms of crime, such as fraud, in management of nuclear waste using a PEST scan (of political, economic, social and technical issues) and some insights of criminologists on crime prevention. Nuclear waste arises as spent fuel from ongoing energy generation or other nuclear operations, operational contamination or emissions, and decommissioning of obsolescent facilities. In international and EU political contexts, nuclear waste management is a sensitive issue, regulated specifically as part of the nuclear industry as well as in terms of hazardous waste policies. The industry involves state, commercial and mixed public-private bodies. The social and cultural dimensions--risk, uncertainty, and future generations--resonate more deeply here than in any other aspect of waste management. The paper argues that certain tendencies in regulation of the industry, claimed to be justified on security grounds, are decreasing transparency and veracity of reporting, opening up invisible spaces for management frauds, and in doing allowing a culture of impunity in which more serious criminal or terrorist risks could arise. What is needed is analysis of this 'exceptional' industry in terms of the normal cannons of risk assessment - a task that this paper begins. Copyright 2009 Elsevier Ltd. All rights reserved.

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2011 CFR

2011-01-01

... training in system/application life cycle management, risk management, and contingency planning. (4) Chief... security management, system/application life cycle management, risk management, and contingency planning..., risk management, and contingency planning. (b) Provide the Federal information systems security...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2010 CFR

2010-01-01

... training in system/application life cycle management, risk management, and contingency planning. (4) Chief... security management, system/application life cycle management, risk management, and contingency planning..., risk management, and contingency planning. (b) Provide the Federal information systems security...

Analysis of Alternatives for Risk Assessment Methodologies and Tools

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nachtigal, Noel M.; Fruetel, Julia A.; Gleason, Nathaniel J.

The purpose of this document is to provide a basic overview and understanding of risk assessment methodologies and tools from the literature and to assess the suitability of these methodologies and tools for cyber risk assessment. Sandia National Laboratories (SNL) performed this review in support of risk modeling activities performed for the Stakeholder Engagement and Cyber Infrastructure Resilience (SECIR) division of the Department of Homeland Security (DHS) Office of Cybersecurity and Communications (CS&C). The set of methodologies and tools covered in this document is not intended to be exhaustive; instead, it focuses on those that are commonly used in themore » risk assessment community. The classification of methodologies and tools was performed by a group of analysts with experience in risk analysis and cybersecurity, and the resulting analysis of alternatives has been tailored to address the needs of a cyber risk assessment.« less

European Energy Policy and Its Effects on Gas Security

NASA Astrophysics Data System (ADS)

Radu, Victorita Stefana Anda

The goal of this study is to examine the effects of the energy policies of the European Union (EU) on its gas security in the period 2006 to 2016. While energy security is often given a broad meaning, this paper focuses on its external dimension: the EU?s relations with external gas suppliers. It is grounded on four pillars drawing from the compounded institutionalist and liberal theoretical frameworks: regulatory state, rational-choice, external governance, and regime effectiveness. The research question was investigated through a qualitative methodology with two main components: a legislative analysis and four case studies representing the main gas supply options--Russia, North African exporting countries, Norway, and liquefied natural gas (LNG). They highlighted that the EU framed the need for gas security mainly in the context of political risks associated with Russian gas supply, but it almost never took into account other equally important risks. Moreover, the research revealed two main issues. First, that the deeper and the more numerous EU?s energy policies were, the bigger was the magnitude of the effect. Specifically, competitiveness and infrastructure policies had the largest magnitude, while the sustainability and security of supply policies had the smallest effect. Second, EU energy policies only partially diminished the economic and political risks in relation to foreign gas suppliers. To conclude, to a certain extent the EU?s efforts made a positive contribution to the external dimension of the EU?s gas security, but the distinguishing trait remains that there is no consistency in terms of the magnitude of the effect and its nature.

Text messaging to communicate with public health audiences: how the HIPAA Security Rule affects practice.

PubMed

Karasz, Hilary N; Eiden, Amy; Bogan, Sharon

2013-04-01

Text messaging is a powerful communication tool for public health purposes, particularly because of the potential to customize messages to meet individuals' needs. However, using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is written with flexibility to account for changing technologies. In practice, however, the rule leads to uncertainty about how to make text messaging policy decisions. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule.

The experiences of security industry contractors working in Iraq: an interpretative phenomenological analysis.

PubMed

Messenger, Katy; Farquharson, Lorna; Stallworthy, Pippa; Cawkill, Paul; Greenberg, Neil

2012-07-01

To explore the occupational experiences of private security contractors working in a war zone and how it impacts on their mental health. Semistructured interviews were conducted with seven contractors employed by a large UK-based private security company. Interpretative phenomenological analysis was used to analyze the interview transcripts. Participants also completed the 12-item General Health Questionnaire and the Posttraumatic Stress Disorder Checklist. Four overarching themes emerged: the appeal of the job; vulnerability; keep going; and seeking help for stress in the workplace. No clinically significant levels of distress were reported. Contractors are frequently exposed to stressors known to increase risk of psychiatric difficulty in military personnel. A number of potential protective factors were identified. Only a minority of participants were open to seeking help for mental health difficulties.

Nuclear security policy in the context of counter-terrorism in Cambodia

DOE Office of Scientific and Technical Information (OSTI.GOV)

Khun, Vuthy, E-mail: vuthy.khun@gmail.com; Wongsawaeng, Doonyapong

The risk of nuclear or dirty bomb attack by terrorists is one of the most urgent and threatening danger. The Cambodian national strategy to combat weapons of mass destruction (WMD) depicts a layered system of preventive measures ranging from securing materials at foreign sources to interdicting weapons or nuclear or other radioactive materials at ports, border crossings, and within the Cambodian institutions dealing with the nuclear security to manage the preventive programs. The aim of this study is to formulate guidance, to identify scenario of threat and risk, and to pinpoint necessary legal frameworks on nuclear security in the contextmore » of counterterrorism based on the International Atomic Energy Agency nuclear security series. The analysis of this study is guided by theoretical review, the review of international laws and politics, by identifying and interpreting applicable rules and norms establishing the nuclear security regime and how well enforcement of the regime is carried out and, what is the likelihood of the future reform might be. This study will examine the existing national legal frameworks of Cambodia in the context of counterterrorism to prevent acts of nuclear terrorism and the threat of a terrorist nuclear attack within the Cambodia territory. It will shed light on departmental lanes of national nuclear security responsibility, and provide a holistic perspective on the needs of additional resources and emphasis regarding nuclear security policy in the context of counterterrorism in Cambodia.« less

Centralized Cryptographic Key Management and Critical Risk Assessment - CRADA Final Report For CRADA Number NFE-11-03562

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, R. K.; Peters, Scott

The Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) Cyber Security for Energy Delivery Systems (CSEDS) industry led program (DE-FOA-0000359) entitled "Innovation for Increasing Cyber Security for Energy Delivery Systems (12CSEDS)," awarded a contract to Sypris Electronics LLC to develop a Cryptographic Key Management System for the smart grid (Scalable Key Management Solutions for Critical Infrastructure Protection). Oak Ridge National Laboratory (ORNL) and Sypris Electronics, LLC as a result of that award entered into a CRADA (NFE-11-03562) between ORNL and Sypris Electronics, LLC. ORNL provided its Cyber Security Econometrics System (CSES) as a tool to be modifiedmore » and used as a metric to address risks and vulnerabilities in the management of cryptographic keys within the Advanced Metering Infrastructure (AMI) domain of the electric sector. ORNL concentrated our analysis on the AMI domain of which the National Electric Sector Cyber security Organization Resource (NESCOR) Working Group 1 (WG1) has documented 29 failure scenarios. The computational infrastructure of this metric involves system stakeholders, security requirements, system components and security threats. To compute this metric, we estimated the stakes that each stakeholder associates with each security requirement, as well as stochastic matrices that represent the probability of a threat to cause a component failure and the probability of a component failure to cause a security requirement violation. We applied this model to estimate the security of the AMI, by leveraging the recently established National Institute of Standards and Technology Interagency Report (NISTIR) 7628 guidelines for smart grid security and the International Electrotechnical Commission (IEC) 63351, Part 9 to identify the life cycle for cryptographic key management, resulting in a vector that assigned to each stakeholder an estimate of their average loss in terms of dollars per day of system operation. To further address probabilities of threats, information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. The strategy for the game was developed by analyzing five electric sector representative failure scenarios contained in the AMI functional domain from NESCOR WG1. From these five selected scenarios, we characterized them into three specific threat categories affecting confidentiality, integrity and availability (CIA). The analysis using our ABGT simulation demonstrated how to model the AMI functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the AMI network with respect to CIA.« less

Cryptographic Key Management and Critical Risk Assessment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K

The Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) CyberSecurity for Energy Delivery Systems (CSEDS) industry led program (DE-FOA-0000359) entitled "Innovation for Increasing CyberSecurity for Energy Delivery Systems (12CSEDS)," awarded a contract to Sypris Electronics LLC to develop a Cryptographic Key Management System for the smart grid (Scalable Key Management Solutions for Critical Infrastructure Protection). Oak Ridge National Laboratory (ORNL) and Sypris Electronics, LLC as a result of that award entered into a CRADA (NFE-11-03562) between ORNL and Sypris Electronics, LLC. ORNL provided its Cyber Security Econometrics System (CSES) as a tool to be modified and usedmore » as a metric to address risks and vulnerabilities in the management of cryptographic keys within the Advanced Metering Infrastructure (AMI) domain of the electric sector. ORNL concentrated our analysis on the AMI domain of which the National Electric Sector Cyber security Organization Resource (NESCOR) Working Group 1 (WG1) has documented 29 failure scenarios. The computational infrastructure of this metric involves system stakeholders, security requirements, system components and security threats. To compute this metric, we estimated the stakes that each stakeholder associates with each security requirement, as well as stochastic matrices that represent the probability of a threat to cause a component failure and the probability of a component failure to cause a security requirement violation. We applied this model to estimate the security of the AMI, by leveraging the recently established National Institute of Standards and Technology Interagency Report (NISTIR) 7628 guidelines for smart grid security and the International Electrotechnical Commission (IEC) 63351, Part 9 to identify the life cycle for cryptographic key management, resulting in a vector that assigned to each stakeholder an estimate of their average loss in terms of dollars per day of system operation. To further address probabilities of threats, information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. The strategy for the game was developed by analyzing five electric sector representative failure scenarios contained in the AMI functional domain from NESCOR WG1. From these five selected scenarios, we characterized them into three specific threat categories affecting confidentiality, integrity and availability (CIA). The analysis using our ABGT simulation demonstrated how to model the AMI functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the AMI network with respect to CIA.« less

Network Security Risk Assessment System Based on Attack Graph and Markov Chain

NASA Astrophysics Data System (ADS)

Sun, Fuxiong; Pi, Juntao; Lv, Jin; Cao, Tian

2017-10-01

Network security risk assessment technology can be found in advance of the network problems and related vulnerabilities, it has become an important means to solve the problem of network security. Based on attack graph and Markov chain, this paper provides a Network Security Risk Assessment Model (NSRAM). Based on the network infiltration tests, NSRAM generates the attack graph by the breadth traversal algorithm. Combines with the international standard CVSS, the attack probability of atomic nodes are counted, and then the attack transition probabilities of ones are calculated by Markov chain. NSRAM selects the optimal attack path after comprehensive measurement to assessment network security risk. The simulation results show that NSRAM can reflect the actual situation of network security objectively.

Agent of opportunity risk mitigation: people, engineering, and security efficacy.

PubMed

Graham, Margaret E; Tunik, Michael G; Farmer, Brenna M; Bendzans, Carly; McCrillis, Aileen M; Nelson, Lewis S; Portelli, Ian; Smith, Silas; Goldberg, Judith D; Zhang, Meng; Rosenberg, Sheldon D; Goldfrank, Lewis R

2010-12-01

Agents of opportunity (AO) are potentially harmful biological, chemical, radiological, and pharmaceutical substances commonly used for health care delivery and research. AOs are present in all academic medical centers (AMC), creating vulnerability in the health care sector; AO attributes and dissemination methods likely predict risk; and AMCs are inadequately secured against a purposeful AO dissemination, with limited budgets and competing priorities. We explored health care workers' perceptions of AMC security and the impact of those perceptions on AO risk. Qualitative methods (survey, interviews, and workshops) were used to collect opinions from staff working in a medical school and 4 AMC-affiliated hospitals concerning AOs and the risk to hospital infrastructure associated with their uncontrolled presence. Secondary to this goal, staff perception concerning security, or opinions about security behaviors of others, were extracted, analyzed, and grouped into themes. We provide a framework for depicting the interaction of staff behavior and access control engineering, including the tendency of staff to "defeat" inconvenient access controls. In addition, 8 security themes emerged: staff security behavior is a significant source of AO risk; the wide range of opinions about "open" front-door policies among AMC staff illustrates a disparity of perceptions about the need for security; interviewees expressed profound skepticism concerning the effectiveness of front-door access controls; an AO risk assessment requires reconsideration of the security levels historically assigned to areas such as the loading dock and central distribution sites, where many AOs are delivered and may remain unattended for substantial periods of time; researchers' view of AMC security is influenced by the ongoing debate within the scientific community about the wisdom of engaging in bioterrorism research; there was no agreement about which areas of the AMC should be subject to stronger access controls; security personnel play dual roles of security and customer service, creating the negative perception that neither role is done well; and budget was described as an important factor in explaining the state of security controls. We determined that AMCs seeking to reduce AO risk should assess their institutionally unique AO risks, understand staff security perceptions, and install access controls that are responsive to the staff's tendency to defeat them. The development of AO attribute fact sheets is desirable for AO risk assessment; new funding and administrative or legislative tools to improve AMC security are required; and security practices and methods that are convenient and effective should be engineered.

An Investigation of the Factors Related to Low Parent-Adolescent Attachment Security in Taiwan.

PubMed

Chen, Chen-Jung; Sung, Huei-Chuan; Chen, Yi-Chang; Wang, Chih-Hung

2017-09-01

Adolescence may involve increases in many behavioral problems and psychosocial maladaptation. Adolescents must successfully cope with these challenges to achieve positive developmental milestones. To investigate whether low parental attachment security among adolescents in Taiwan is associated with their demographic characteristics, psychosocial maladaptation, and depression. A cross-sectional survey. A total of 335 adolescents completed the questionnaires. The Inventory of Parent and Peer Attachment, the Chinese version of the Youth Self-Report, and the Beck Depression Inventory-II were used to survey the participants. Correlation and multiple linear regressions, using low attachment security as the response variable, were used in the statistical analysis. The prevalence of Taiwanese adolescents with low parental attachment security was 38.5%. Low parental attachment security in adolescents was significantly associated with parental remarriage status and psychosocial maladaptation. By considering these risk factors, nursing educators and nurses could develop effective interventions to strengthen parent-adolescent attachment security.

Characterization of Departures from Regulatory Requirements Identified During Inspections Conducted by the US Federal Select Agent Program, 2014-15.

PubMed

Bjork, Adam; Sosin, Daniel M

We studied departures from regulatory requirements identified on US Federal Select Agent Program (FSAP) inspections to increase transparency regarding biosafety and security risk at FSAP-regulated entities and identify areas for programmatic improvement. Regulatory departures from inspections led by Centers for Disease Control and Prevention inspectors during 2014-15 were grouped into "biosafety," "security," and "other" observation categories and assigned a risk level and score reflecting perceived severity. The resulting 2,267 biosafety (n = 1,153) and security (n = 1,114) observations from 296 inspections were analyzed by frequency and risk across entity and inspection characteristics. The greatest proportion of biosafety observations involved equipment and facilities (28%), and the greatest proportion of security observations involved access restrictions (33%). The greatest proportion of higher-risk observations for biosafety were containment issues and for security were inventory discrepancies. Commercial entities had the highest median cumulative risk score per inspection (17), followed by private (13), academic (10), federal government (10), and nonfederal government (8). Maximum containment (BSL-4) inspections had higher median biosafety risk per inspection (13) than other inspections (5) and lower security risk (0 vs 4). Unannounced inspections had proportionally more upper risk level observations than announced (biosafety, 21% vs 12%; security, 18% vs 7%). Possessors of select agents had higher median biosafety risk per inspection (6) than nonpossessors (4) and more upper risk level security observations (10% vs 0%). Programmatic changes to balance resources according to entity risk may strengthen FSAP oversight. Varying inspection methods by select agent possession and entity type, and conducting more unannounced inspections, may be beneficial.

Improving the Security of the U.S. Aeronautical Domain: Adopting an Intelligence-Led, Risk-Based Strategy and Partnership

DTIC Science & Technology

2010-12-01

Methodology RMAT Risk Management Assessment Tool SIDA Security Identification Display Area SIGINT Signals Intelligence SO18 Aviation Security...aircraft operate (§ 1542.203); • Provide detection and physical security measures for the “Security Identification Display Area” ( SIDA ), i.e., the area

The Subjective Experiences of Firesetting by Men With Mild Intellectual Disabilities Detained in a Secure Hospital.

PubMed

Rose, John; Lees-Warley, Gemma; Thrift, Su

2016-08-01

This article explores the lived experiences of men with mild intellectual disabilities who have deliberately set a fire and are detained in a secure hospital. Semi-structured interviews were used to explore the subjective experiential claims of seven male firesetters with mild intellectual disabilities residing in a forensic intellectual disability hospital. Interpretative Phenomenological Analysis was used to interpret participants' meaning making of their firesetting. Five super-ordinate themes emerged from the analysis: (a) "the importance of the first fire," (b) "firesetting to escape distress," (c) "firesetting to enable positive emotional experiences," (d) "firesetting to communicate with services," and (e) "Fire Setters Treatment Programme." The analysis provides an understanding of why some firesetting behaviours emerge and highlights factors that contribute to the maintenance and desistence of repeat firesetting acts. The findings are considered in relation to evolving risk assessment measures and risk reduction strategies for facilitating rehabilitation into community settings. © The Author(s) 2015.

A Game-Theoretical Model to Improve Process Plant Protection from Terrorist Attacks.

PubMed

Zhang, Laobing; Reniers, Genserik

2016-12-01

The New York City 9/11 terrorist attacks urged people from academia as well as from industry to pay more attention to operational security research. The required focus in this type of research is human intention. Unlike safety-related accidents, security-related accidents have a deliberate nature, and one has to face intelligent adversaries with characteristics that traditional probabilistic risk assessment techniques are not capable of dealing with. In recent years, the mathematical tool of game theory, being capable to handle intelligent players, has been used in a variety of ways in terrorism risk assessment. In this article, we analyze the general intrusion detection system in process plants, and propose a game-theoretical model for security management in such plants. Players in our model are assumed to be rational and they play the game with complete information. Both the pure strategy and the mixed strategy solutions are explored and explained. We illustrate our model by an illustrative case, and find that in our case, no pure strategy but, instead, a mixed strategy Nash equilibrium exists. © 2016 Society for Risk Analysis.

Profiles of Food Security for US Farmworker Households and Factors Related to Dynamic of Change.

PubMed

Ip, Edward H; Saldana, Santiago; Arcury, Thomas A; Grzywacz, Joseph G; Trejo, Grisel; Quandt, Sara A

2015-10-01

We recruited 248 farmworker families with preschool-aged children in North Carolina and examined food security indicators over 24 months to identify food security patterns and examine the dynamic of change over time. Participants in the Niños Sanos study, conducted 2011 to 2014, completed quarterly food security assessments. Based on responses to items in the US Household Food Security Survey Module, we identified different states of food security by using hidden Markov model analysis, and examined factors associated with different states. We delineated factors associated with changes in state by using mixed-effect ordinal logistic regression. About half of the households (51%) consistently stayed in the most food-secure state. The least food-secure state was transient, with only 29% probability of this state for 2 consecutive quarters. Seasonal (vs migrant) work status, having immigration documents (vs not documented), and season predicted higher levels of food security. Heterogeneity in food security among farmworker households calls for tailoring intervention strategies. The transiency and unpredictability of low food security suggest that access to safety-net programs could reduce low food security risk in this population.

Profiles of Food Security for US Farmworker Households and Factors Related to Dynamic of Change

PubMed Central

Saldana, Santiago; Arcury, Thomas A.; Grzywacz, Joseph G.; Trejo, Grisel; Quandt, Sara A.

2015-01-01

Objectives. We recruited 248 farmworker families with preschool-aged children in North Carolina and examined food security indicators over 24 months to identify food security patterns and examine the dynamic of change over time. Methods. Participants in the Niños Sanos study, conducted 2011 to 2014, completed quarterly food security assessments. Based on responses to items in the US Household Food Security Survey Module, we identified different states of food security by using hidden Markov model analysis, and examined factors associated with different states. We delineated factors associated with changes in state by using mixed-effect ordinal logistic regression. Results. About half of the households (51%) consistently stayed in the most food-secure state. The least food-secure state was transient, with only 29% probability of this state for 2 consecutive quarters. Seasonal (vs migrant) work status, having immigration documents (vs not documented), and season predicted higher levels of food security. Conclusions. Heterogeneity in food security among farmworker households calls for tailoring intervention strategies. The transiency and unpredictability of low food security suggest that access to safety-net programs could reduce low food security risk in this population. PMID:26270304

Risk in the Clouds?: Security Issues Facing Government Use of Cloud Computing

NASA Astrophysics Data System (ADS)

Wyld, David C.

Cloud computing is poised to become one of the most important and fundamental shifts in how computing is consumed and used. Forecasts show that government will play a lead role in adopting cloud computing - for data storage, applications, and processing power, as IT executives seek to maximize their returns on limited procurement budgets in these challenging economic times. After an overview of the cloud computing concept, this article explores the security issues facing public sector use of cloud computing and looks to the risk and benefits of shifting to cloud-based models. It concludes with an analysis of the challenges that lie ahead for government use of cloud resources.

[Violence in Mexican women using public health services].

PubMed

Gómez-Dantés, Héctor; Vázquez-Martínez, José Luis; Fernández-Cantón, Sonia B

2006-01-01

To compare the prevalence of violence and determine its risk factors among women who use Mexican Social Services (IMSS) clinics and do not have access to social security services. Sociodemographic data linked to domestic violence reported by women attending the Mexican Institute of Social Security (IMSS) health services was analyzed. Bivariate and multivariate analysis was performed using STATAV.7. Psychological violence in IMSS women was 18% followed by physical violence (9.1%), sexual (6.7%) and economic (5%). Prevalence of violence in women with no social security care was psychological (21.4%), physical (10.5%), sexual (7.5%) and economical (5%). Women between 25 and 44 years of age with basic schooling and married and with family background of violence were the most affected. The daily consumption of alcohol by their partners was an important predictor of domestic violence. Violence in women with no social security is higher. Partner's alcohol intake pattern is an important risk factor. Detection of domestic violence in the clinical setting is necessary to recognize its real magnitude as a social problem.

[Security agents on the front line against Ebola: roles, perceptions and knowledge in Fann Teaching Hospital, Dakar, Senegal].

PubMed

Lanièce, C; Sow, K; Desclaux, A

2016-10-01

Security agents are on the front line when patients arrive at health facilities, giving them a potential role to play in an Ebola virus disease (EVD) outbreak. The position of security agents within health services is poorly documented. A survey was conducted to clarify their understanding of Ebola pathology, to assess their need for information and to determine their role in patient management. The survey included both qualitative and quantitative aspects. 80 security agents of the Fann teaching hospital (Dakar) completed questionnaires, and 11 were interviewed. Qualitative analysis was performed with Dedoose and the quantitative analysis using Excel. The results show that security agents' activities go beyond their mission of security and control. They are involved in informing, orienting and assisting patients and those accompanying them in the hospital. The security agents have basic knowledge of EVD, but overestimate the risk of transmission. They want to be more informed and to have access to protective material. These results suggest that these professionals should be taken into account when developing response strategies to Ebola outbreaks. Their knowledge of and protection against the disease must be strengthened. Non-health professionals working in health facilities should be trained in order to be able to relay information to the public.

Analysis of Security Contractors in Deployed Environments

DTIC Science & Technology

2006-12-01

35 2. Proper Training and Education .......................................................36 3. Improve Overall Contract Visibility...like to acknowledge the work of P. W. Singer , author of the book titled “Corporate Warriors,” whose dedicated research and thorough analysis on the...skills, including combat operations, strategic planning, intelligence, risk assessment, operational support, training , and technical skills.”3 CPFF

System Theoretic Frameworks for Mitigating Risk Complexity in the Nuclear Fuel Cycle

DOE Office of Scientific and Technical Information (OSTI.GOV)

Williams, Adam David; Mohagheghi, Amir H.; Cohn, Brian

In response to the expansion of nuclear fuel cycle (NFC) activities -- and the associated suite of risks -- around the world, this project evaluated systems-based solutions for managing such risk complexity in multimodal and multi-jurisdictional international spent nuclear fuel (SNF) transportation. By better understanding systemic risks in SNF transportation, developing SNF transportation risk assessment frameworks, and evaluating these systems-based risk assessment frameworks, this research illustrated interdependency between safety, security, and safeguards risks is inherent in NFC activities and can go unidentified when each "S" is independently evaluated. Two novel system-theoretic analysis techniques -- dynamic probabilistic risk assessment (DPRA) andmore » system-theoretic process analysis (STPA) -- provide integrated "3S" analysis to address these interdependencies and the research results suggest a need -- and provide a way -- to reprioritize United States engagement efforts to reduce global nuclear risks. Lastly, this research identifies areas where Sandia National Laboratories can spearhead technical advances to reduce global nuclear dangers.« less

Critical asset and portfolio risk analysis: an all-hazards framework.

PubMed

Ayyub, Bilal M; McGill, William L; Kaminskiy, Mark

2007-08-01

This article develops a quantitative all-hazards framework for critical asset and portfolio risk analysis (CAPRA) that considers both natural and human-caused hazards. Following a discussion on the nature of security threats, the need for actionable risk assessments, and the distinction between asset and portfolio-level analysis, a general formula for all-hazards risk analysis is obtained that resembles the traditional model based on the notional product of consequence, vulnerability, and threat, though with clear meanings assigned to each parameter. Furthermore, a simple portfolio consequence model is presented that yields first-order estimates of interdependency effects following a successful attack on an asset. Moreover, depending on the needs of the decisions being made and available analytical resources, values for the parameters in this model can be obtained at a high level or through detailed systems analysis. Several illustrative examples of the CAPRA methodology are provided.

Analysis of CSIRT/SOC Incidents and Continuous Monitoring of Threats

NASA Technical Reports Server (NTRS)

Wang, John; Ishisoko, Katsutoshi C.

2012-01-01

Security Operations Centers (SOC) contain a wealth of data which, if properly classified and tagged upfront, can yield a wealth of real-time information about your organizations IT Security posture, risks, and threats. These include answers to relevant and actionable questions such as: What are our biggest threats? Who is attacking us and what do they want? What controls are working or not working? How effective was the new technology we just implemented? What is our ROI?

46 CFR 308.507 - Security for payment of premiums.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 46 Shipping 8 2013-10-01 2013-10-01 false Security for payment of premiums. 308.507 Section 308.507 Shipping MARITIME ADMINISTRATION, DEPARTMENT OF TRANSPORTATION EMERGENCY OPERATIONS WAR RISK INSURANCE War Risk Cargo Insurance Ii-Open Policy War Risk Cargo Insurance § 308.507 Security for payment of...

46 CFR 308.507 - Security for payment of premiums.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 46 Shipping 8 2014-10-01 2014-10-01 false Security for payment of premiums. 308.507 Section 308.507 Shipping MARITIME ADMINISTRATION, DEPARTMENT OF TRANSPORTATION EMERGENCY OPERATIONS WAR RISK INSURANCE War Risk Cargo Insurance Open Policy War Risk Cargo Insurance § 308.507 Security for payment of...

46 CFR 308.507 - Security for payment of premiums.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 46 Shipping 8 2010-10-01 2010-10-01 false Security for payment of premiums. 308.507 Section 308.507 Shipping MARITIME ADMINISTRATION, DEPARTMENT OF TRANSPORTATION EMERGENCY OPERATIONS WAR RISK INSURANCE War Risk Cargo Insurance Ii-Open Policy War Risk Cargo Insurance § 308.507 Security for payment of...

46 CFR 308.507 - Security for payment of premiums.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 46 Shipping 8 2012-10-01 2012-10-01 false Security for payment of premiums. 308.507 Section 308.507 Shipping MARITIME ADMINISTRATION, DEPARTMENT OF TRANSPORTATION EMERGENCY OPERATIONS WAR RISK INSURANCE War Risk Cargo Insurance Ii-Open Policy War Risk Cargo Insurance § 308.507 Security for payment of...

46 CFR 308.507 - Security for payment of premiums.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 8 2011-10-01 2011-10-01 false Security for payment of premiums. 308.507 Section 308.507 Shipping MARITIME ADMINISTRATION, DEPARTMENT OF TRANSPORTATION EMERGENCY OPERATIONS WAR RISK INSURANCE War Risk Cargo Insurance Ii-Open Policy War Risk Cargo Insurance § 308.507 Security for payment of...

Security issues of Internet-based biometric authentication systems: risks of Man-in-the-Middle and BioPhishing on the example of BioWebAuth

NASA Astrophysics Data System (ADS)

Zeitz, Christian; Scheidat, Tobias; Dittmann, Jana; Vielhauer, Claus; González Agulla, Elisardo; Otero Muras, Enrique; García Mateo, Carmen; Alba Castro, José L.

2008-02-01

Beside the optimization of biometric error rates the overall security system performance in respect to intentional security attacks plays an important role for biometric enabled authentication schemes. As traditionally most user authentication schemes are knowledge and/or possession based, firstly in this paper we present a methodology for a security analysis of Internet-based biometric authentication systems by enhancing known methodologies such as the CERT attack-taxonomy with a more detailed view on the OSI-Model. Secondly as proof of concept, the guidelines extracted from this methodology are strictly applied to an open source Internet-based biometric authentication system (BioWebAuth). As case studies, two exemplary attacks, based on the found security leaks, are investigated and the attack performance is presented to show that during the biometric authentication schemes beside biometric error performance tuning also security issues need to be addressed. Finally, some design recommendations are given in order to ensure a minimum security level.

Perceptions of randomized security schedules.

PubMed

Scurich, Nicholas; John, Richard S

2014-04-01

Security of infrastructure is a major concern. Traditional security schedules are unable to provide omnipresent coverage; consequently, adversaries can exploit predictable vulnerabilities to their advantage. Randomized security schedules, which randomly deploy security measures, overcome these limitations, but public perceptions of such schedules have not been examined. In this experiment, participants were asked to make a choice between attending a venue that employed a traditional (i.e., search everyone) or a random (i.e., a probability of being searched) security schedule. The absolute probability of detecting contraband was manipulated (i.e., 1/10, 1/4, 1/2) but equivalent between the two schedule types. In general, participants were indifferent to either security schedule, regardless of the probability of detection. The randomized schedule was deemed more convenient, but the traditional schedule was considered fairer and safer. There were no differences between traditional and random schedule in terms of perceived effectiveness or deterrence. Policy implications for the implementation and utilization of randomized schedules are discussed. © 2013 Society for Risk Analysis.

An ecological analysis of prison overcrowding and suicide rates in England and Wales, 2000-2014.

PubMed

van Ginneken, Esther F J C; Sutherland, Alex; Molleman, Toon

Prisoners are at a greatly increased risk of suicides compared to the general population. Differences in suicide risk can be partly explained by individual risk factors, but the contribution of prison characteristics remains unclear. Overcrowded prisons have higher suicide rates, but this may be related to prison function, security level, population size and turnover. The aim of the current study was to investigate the contribution of each of these prison characteristics to suicide rates, using data from the Ministry of Justice for adult prisons in England and Wales from 2000 to 2014. Negative binomial regression analysis showed that larger population size, higher turnover, higher security and public management were associated with higher suicide rates. When controlling for these factors, overcrowding was not found to be related to suicide rates. Questions remain about the causal mechanisms underlying variation in prison suicides and the impact of the lived experience of overcrowding. Further research is needed to examine the relative contribution of prison and prisoner characteristics to suicides. Copyright © 2016 Elsevier Ltd. All rights reserved.

Text Messaging to Communicate With Public Health Audiences: How the HIPAA Security Rule Affects Practice

PubMed Central

Karasz, Hilary N.; Eiden, Amy; Bogan, Sharon

2013-01-01

Text messaging is a powerful communication tool for public health purposes, particularly because of the potential to customize messages to meet individuals’ needs. However, using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is written with flexibility to account for changing technologies. In practice, however, the rule leads to uncertainty about how to make text messaging policy decisions. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule. PMID:23409902

Vulnerability survival analysis: a novel approach to vulnerability management

NASA Astrophysics Data System (ADS)

Farris, Katheryn A.; Sullivan, John; Cybenko, George

2017-05-01

Computer security vulnerabilities span across large, enterprise networks and have to be mitigated by security engineers on a routine basis. Presently, security engineers will assess their "risk posture" through quantifying the number of vulnerabilities with a high Common Vulnerability Severity Score (CVSS). Yet, little to no attention is given to the length of time by which vulnerabilities persist and survive on the network. In this paper, we review a novel approach to quantifying the length of time a vulnerability persists on the network, its time-to-death, and predictors of lower vulnerability survival rates. Our contribution is unique in that we apply the cox proportional hazards regression model to real data from an operational IT environment. This paper provides a mathematical overview of the theory behind survival analysis methods, a description of our vulnerability data, and an interpretation of the results.

Aviation Security: Biometric Technology and Risk Based Security Aviation Passenger Screening Program

DTIC Science & Technology

2012-12-01

distribution is unlimited 12b. DISTRIBUTION CODE A 13. ABSTRACT (maximum 200 words ) Since 9/11, the Transportation Security Administration (TSA...Council POE Point Of Entry RBS Risk-Based Security SENTRI Secure Electronic Network for Travelers Rapid Inspection SFPD Secure Flight Passenger...Committee on Biometrics provides the origins of biometrics; the term “biometrics” is derived from the Greek words “bio” (life) and “metrics” (to measure

Sustainability impact assessment to improve food security of smallholders in Tanzania

DOE Office of Scientific and Technical Information (OSTI.GOV)

Schindler, Jana, E-mail: jana.schindler@zalf.de; Humboldt Universität zu Berlin, Faculty of Agriculture and Horticulture, Invalidenstr. 42, 10099 Berlin; Graef, Frieder, E-mail: graef@zalf.de

The objective of this paper was to assess the sustainability impacts of planned agricultural development interventions, so called upgrading strategies (UPS), to enhance food security and to identify what advantages and risks are assessed from the farmer's point of view in regards to social life, the economy and the environment. We developed a participatory methodological procedure that links food security and sustainable development. Farmers in four different case study villages in rural Tanzania chose their priority UPS. For these UPS, they assessed the impacts on locally relevant food security criteria. The positive impacts identified were mainly attributed to increased agriculturalmore » production and its related positive impacts such as increased income and improved access to necessary means to diversify the diet. However, several risks of certain UPS were also indicated by farmers, such as increased workload, high maintenance costs, higher competition among farmers, loss of traditional knowledge and social conflicts. We discussed the strong interdependence of socio-economic and environmental criteria to improve food security for small-scale farmers and analysed several trade-offs in regards to UPS choices and food security criteria. We also identified and discussed the advantages and challenges of our methodological approach. In conclusion, the participatory impact assessment on the farmer level allowed a locally specific analysis of the various positive and negative impacts of UPS on social life, the economy and the environment. We emphasize that only a development approach that considers social, economic and environmental challenges simultaneously can enhance food security.« less

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

7 CFR 331.10 - Restricting access to select agents and toxins; security risk assessments.

Code of Federal Regulations, 2010 CFR

2010-01-01

...; security risk assessments. 331.10 Section 331.10 Agriculture Regulations of the Department of Agriculture (Continued) ANIMAL AND PLANT HEALTH INSPECTION SERVICE, DEPARTMENT OF AGRICULTURE POSSESSION, USE, AND TRANSFER OF SELECT AGENTS AND TOXINS § 331.10 Restricting access to select agents and toxins; security risk...

17 CFR 405.5 - Risk assessment reporting requirements for registered government securities brokers and dealers.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Risk assessment reporting requirements for registered government securities brokers and dealers. 405.5 Section 405.5 Commodity and... OF 1934 REPORTS AND AUDIT § 405.5 Risk assessment reporting requirements for registered government...

48 CFR 1352.237-70 - Security processing requirements-high or moderate risk contracts.

Code of Federal Regulations, 2011 CFR

2011-10-01

... requirements-high or moderate risk contracts. 1352.237-70 Section 1352.237-70 Federal Acquisition Regulations... Provisions and Clauses 1352.237-70 Security processing requirements—high or moderate risk contracts. As prescribed in 48 CFR 1337.110-70 (b), insert the following clause: Security Processing Requirements—High or...

Securing Location Services Infrastructures: Practical Criteria for Application Developers and Solutions Architects

ERIC Educational Resources Information Center

Karamanian, Andre

2013-01-01

This qualitative, exploratory, normative study examined the security and privacy of location based services in mobile applications. This study explored risk, and controls to implement privacy and security. This study was addressed using components of the FIPS Risk Management Framework. This study found that risk to location information was…

Application Analysis and Decision with Dynamic Analysis

DTIC Science & Technology

2014-12-01

pushes the application file and the JSON file containing the metadata from the database . When the 2 files are in place, the consumer thread starts...human analysts and stores it in a database . It would then use some of these data to generate a risk score for the application. However, static analysis...and store them in the primary A2D database for future analysis. 15. SUBJECT TERMS Android, dynamic analysis 16. SECURITY CLASSIFICATION OF: 17

The new risk paradigm for chemical process security and safety.

PubMed

Moore, David A

2004-11-11

The world of safety and security in the chemical process industries has certainly changed since 11 September, but the biggest challenges may be yet to come. This paper will explain that there is a new risk management paradigm for chemical security, discuss the differences in interpreting this risk versus accidental risk, and identify the challenges we can anticipate will occur in the future on this issue. Companies need to be ready to manage the new chemical security responsibilities and to exceed the expectations of the public and regulators. This paper will outline the challenge and a suggested course of action.

The State-Society/Citizen Relationship in Security Analysis: Implications for Planning and Implementation of U.S. Intervention and Peace/State-Building Operations

DTIC Science & Technology

2015-04-01

of the state. Such threats may come into existence when 9 the organizing principles of two states contradict each other in a context where the...security is that the normal condition of actors in a market econ - omy is one of risk, competition, and uncertainty.12 In other words, the actors in the...liberal principles , federative states have no natural unifying principle and, consequently, are more vulnerable to dismemberment, separatism, and

Information Systems: Opportunities Exist to Strengthen SEC’s Oversight of Capacity and Security

DTIC Science & Technology

2001-07-01

Strengthen SEC’s Oversight of Capacity and Security 5 . FUNDING NUMBERS 6. AUTHOR(S) GAO 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING...ANSI Std. Z39-18 298-102 Page i GAO-01-863 Information Systems Letter 1 Results in Brief 2 Background 4 Scope and Methodology 5 SEC Uses a Wide Range...or external organizations to conduct the independent reviews. These internal audits are performed cyclically based on an annual risk analysis. SEC

Risk Assessment Planning for Airborne Systems: An Information Assurance Failure Mode, Effects and Criticality Analysis Methodology

DTIC Science & Technology

2012-06-01

Visa Investigate Data Breach March 30, 2012 Visa and MasterCard are investigating whether a data security breach at one of the main companies that...30). MasterCard and Visa Investigate Data Breach . New York Times . Stamatis, D. (2003). Failure Mode Effect Analysis: FMEA from Theory to Execution

Methods for Calculating Frequency of Maintenance of Complex Information Security System Based on Dynamics of Its Reliability

NASA Astrophysics Data System (ADS)

Varlataya, S. K.; Evdokimov, V. E.; Urzov, A. Y.

2017-11-01

This article describes a process of calculating a certain complex information security system (CISS) reliability using the example of the technospheric security management model as well as ability to determine the frequency of its maintenance using the system reliability parameter which allows one to assess man-made risks and to forecast natural and man-made emergencies. The relevance of this article is explained by the fact the CISS reliability is closely related to information security (IS) risks. Since reliability (or resiliency) is a probabilistic characteristic of the system showing the possibility of its failure (and as a consequence - threats to the protected information assets emergence), it is seen as a component of the overall IS risk in the system. As it is known, there is a certain acceptable level of IS risk assigned by experts for a particular information system; in case of reliability being a risk-forming factor maintaining an acceptable risk level should be carried out by the routine analysis of the condition of CISS and its elements and their timely service. The article presents a reliability parameter calculation for the CISS with a mixed type of element connection, a formula of the dynamics of such system reliability is written. The chart of CISS reliability change is a S-shaped curve which can be divided into 3 periods: almost invariable high level of reliability, uniform reliability reduction, almost invariable low level of reliability. Setting the minimum acceptable level of reliability, the graph (or formula) can be used to determine the period of time during which the system would meet requirements. Ideally, this period should not be longer than the first period of the graph. Thus, the proposed method of calculating the CISS maintenance frequency helps to solve a voluminous and critical task of the information assets risk management.

Information security of power enterprises of North-Arctic region

NASA Astrophysics Data System (ADS)

Sushko, O. P.

2018-05-01

The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

Securing PCs and Data in Libraries and Schools: A Handbook with Menuing, Anti-Virus, and Other Protective Software.

ERIC Educational Resources Information Center

Benson, Allen C.

This handbook is designed to help readers identify and eliminate security risks, with sound recommendations and library-tested security software. Chapter 1 "Managing Your Facilities and Assessing Your Risks" addresses fundamental management responsibilities including planning for a secure system, organizing computer-related information, assessing…

Bio-Security Proficiencies Project for Beginning Producers in 4-H

ERIC Educational Resources Information Center

Smith, Martin H.; Meehan, Cheryl L.; Borba, John A.

2014-01-01

Improving bio-security practices among 4-H members who raise and show project animals is important. Bio-security measures can reduce the risk of disease spread and mitigate potential health and economic risks of disease outbreaks involving animal and zoonotic pathogens. Survey data provided statistical evidence that the Bio-Security Proficiencies…

Detection and Prevention of Insider Threats in Database Driven Web Services

NASA Astrophysics Data System (ADS)

Chumash, Tzvi; Yao, Danfeng

In this paper, we take the first step to address the gap between the security needs in outsourced hosting services and the protection provided in the current practice. We consider both insider and outsider attacks in the third-party web hosting scenarios. We present SafeWS, a modular solution that is inserted between server side scripts and databases in order to prevent and detect website hijacking and unauthorized access to stored data. To achieve the required security, SafeWS utilizes a combination of lightweight cryptographic integrity and encryption tools, software engineering techniques, and security data management principles. We also describe our implementation of SafeWS and its evaluation. The performance analysis of our prototype shows the overhead introduced by security verification is small. SafeWS will allow business owners to significantly reduce the security risks and vulnerabilities of outsourcing their sensitive customer data to third-party providers.

Welfare, Liberty, and Security for All? U.S. Sex Education Policy and the 1996 Title V Section 510 of the Social Security Act.

PubMed

Lerner, Justin E; Hawkins, Robert L

2016-07-01

When adolescents delay (meaning they wait until after middle school) engaging in sexual intercourse, they use condoms at higher rates and have fewer sexual partners than those who have sex earlier, thus resulting in a lower risk for unintended pregnancies and sexually transmitted infections. The 1996 Section 510 of Title V of the Social Security Act (often referred to as A-H) is a policy that promotes abstinence-only-until-marriage education (AOE) within public schools. Using Stone's (2012) policy analysis framework, this article explores how A-H limits welfare, liberty, and security among adolescents due to the poor empirical outcomes of AOE policy. We recommend incorporating theory-informed comprehensive sex education in addition to theory-informed abstinence education that utilizes Fishbein and Ajzen's (2010) reasoned action model within schools in order to begin to address adolescent welfare, liberty, and security.

An analysis of Indonesia’s information security index: a case study in a public university

NASA Astrophysics Data System (ADS)

Yustanti, W.; Qoiriah, A.; Bisma, R.; Prihanto, A.

2018-01-01

Ministry of Communication and Informatics of the Republic of Indonesia has issued the regulation number 4-2016 about Information Security Management System (ISMS) for all kind organizations. Public university as a government institution must apply this standard to assure its level of information security has complied ISO 27001:2013. This research is a preliminary study to evaluate the readiness of university IT services (case study in a public university) meets the requirement of ISO 27001:2013 using the Indonesia’s Information Security Index (IISI). There are six parameters used to measure the level of information security, these are the ICT role, governance, risk management, framework, asset management and technology. Each parameter consists of serial questions which must be answered and convert to a numeric value. The result shows the level of readiness and maturity to apply ISO 27001 standard.

An Updated Comprehensive Risk Analysis for Radioisotopes Identified of High Risk to National Security in the Event of a Radiological Dispersion Device Scenario

NASA Astrophysics Data System (ADS)

Robinson, Alexandra R.

An updated global survey of radioisotope production and distribution was completed and subjected to a revised "down-selection methodology" to determine those radioisotopes that should be classified as potential national security risks based on availability and key physical characteristics that could be exploited in a hypothetical radiological dispersion device. The potential at-risk radioisotopes then were used in a modeling software suite known as Turbo FRMAC, developed by Sandia National Laboratories, to characterize plausible contamination maps known as Protective Action Guideline Zone Maps. This software also was used to calculate the whole body dose equivalent for exposed individuals based on various dispersion parameters and scenarios. Derived Response Levels then were determined for each radioisotope using: 1) target doses to members of the public provided by the U.S. EPA, and 2) occupational dose limits provided by the U.S. Nuclear Regulatory Commission. The limiting Derived Response Level for each radioisotope also was determined.

Wavelet multiscale analysis for Hedge Funds: Scaling and strategies

NASA Astrophysics Data System (ADS)

Conlon, T.; Crane, M.; Ruskin, H. J.

2008-09-01

The wide acceptance of Hedge Funds by Institutional Investors and Pension Funds has led to an explosive growth in assets under management. These investors are drawn to Hedge Funds due to the seemingly low correlation with traditional investments and the attractive returns. The correlations and market risk (the Beta in the Capital Asset Pricing Model) of Hedge Funds are generally calculated using monthly returns data, which may produce misleading results as Hedge Funds often hold illiquid exchange-traded securities or difficult to price over-the-counter securities. In this paper, the Maximum Overlap Discrete Wavelet Transform (MODWT) is applied to measure the scaling properties of Hedge Fund correlation and market risk with respect to the S&P 500. It is found that the level of correlation and market risk varies greatly according to the strategy studied and the time scale examined. Finally, the effects of scaling properties on the risk profile of a portfolio made up of Hedge Funds is studied using correlation matrices calculated over different time horizons.

Framing risk in pandemic influenza policy and control.

PubMed

Seetoh, Theresa; Liverani, Marco; Coker, Richard

2012-01-01

This article explores differing understandings of 'risk' in relation to pandemic influenza policy and control. After a preliminary overview of methodological and practical problems in risk analysis, ways in which risk was framed and managed in three historical cases were examined. The interdependence between scientific empiricism and political decision-making led to the mismanagement of the 1976 swine influenza scare in the USA. The 2004 H5N1 avian influenza outbreak in Thailand, on the other hand, was undermined by questions of national economic interest and concerns over global health security. Finally, the recent global emergency of pandemic influenza H1N1 in 2009 demonstrated the difficulties of risk management under a context of pre-established perceptions about the characteristics and inevitability of a pandemic. Following the analysis of these cases, a conceptual framework is presented to illustrate ways in which changing relationships between risk assessment, risk perception and risk management can result in differing policy strategies.

Structuring Cooperative Nuclear RIsk Reduction Initiatives with China.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Brandt, Larry; Reinhardt, Jason Christian; Hecker, Siegfried

The Stanford Center for International Security and Cooperation engaged several Chinese nuclear organizations in cooperative research that focused on responses to radiological and nuclear terrorism. The objective was to identify joint research initiatives to reduce the global dangers of such threats and to pursue initial technical collaborations in several high priority areas. Initiatives were identified in three primary research areas: 1) detection and interdiction of smuggled nuclear materials; 2) nuclear forensics; and 3) radiological (“dirty bomb”) threats and countermeasures. Initial work emphasized the application of systems and risk analysis tools, which proved effective in structuring the collaborations. The extensive engagementsmore » between national security nuclear experts in China and the U.S. during the research strengthened professional relationships between these important communities.« less

Perceived interparental conflict and early adolescents' friendships: the role of attachment security and emotion regulation.

PubMed

Schwarz, Beate; Stutz, Melanie; Ledermann, Thomas

2012-09-01

Although there is strong evidence for the effect of interparental conflict on adolescents' internalizing and externalizing problems, little is known about the effect on the quality of adolescents' relationships. The current study investigates the link between adolescents' friendships and interparental conflict as reported by both parents and adolescents. It considers early adolescents' emotion regulation ability and attachment security as mediators. The analysis is based on a longitudinal study with two waves separated by 12 months. The participants were 180 two-parent families and their adolescent children (50.5 % girls), the average age of the latter being 10.61 years (SD = 0.41) at the outset (Time 1). Binomial logistic regression analysis revealed that perceived interparental conflict increased the risk of instability in friendship relationships across the 1-year period. Structural equation modeling analysis indicated that the association between perceived interparental conflict and friendship quality was mediated by emotion regulation and attachment security. The discussion focuses on mechanisms whereby interparental conflict influences early adolescents' friendship relationships.

Whither Risk Assessment: New Challenges and Opportunities a Third of a Century After the Red Book.

PubMed

Greenberg, Michael; Goldstein, Bernard D; Anderson, Elizabeth; Dourson, Michael; Landis, Wayne; North, D Warner

2015-11-01

Six multi-decade-long members of SRA reflect on the 1983 Red Book in order to examine the evolving relationship between risk assessment and risk management; the diffusion of risk assessment practice to risk areas such as homeland security and transportation; the quality of chemical risk databases; challenges from other groups to elements at the core of risk assessment practice; and our collective efforts to communicate risk assessment to a diverse set of critical groups that do not understand risk, risk assessment, or many other risk-related issues. The authors reflect on the 10 recommendations in the Red Book and present several pressing challenges for risk assessment practitioners. © 2015 Society for Risk Analysis.

Strengthening the Security of ESA Ground Data Systems

NASA Astrophysics Data System (ADS)

Flentge, Felix; Eggleston, James; Garcia Mateos, Marc

2013-08-01

A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.

Chemical Stockpile Disposal Program. Risk Analysis of the Disposal of Chemical Munitions at Regional or National Sites.

DTIC Science & Technology

1987-08-01

THE DISPOSAL OF CNEM.. CU) GA TECHNOLOGIES INC SRN DIEGO CA A H SARSELL ET AL. RUG 97 GA-C- i @563 UNLRSS FIED S APEO-CDE-IS- 9 ?SIGDRAA±5-85-D-822...F/ 15/.3 NL I ihhhhhhhhhhhhlm I fflfflffllfllfllfllf smhhhhhhhhhhh ~1.02 U.,5 A I *Pig- FiLE copy CHEMICAL STOCKPILE DISPOSAL PROGRAM RISK ANALYSIS...vr~. ’ . - a ’ a’ ’- . ,I1 - .V [ N- VW; W UU V. , U .U : , r ,,, - . ..... . SECURITY CLASSIFICATION OF THIS PAGE IM : I omApproved

Analysis of Multiple Data Hiding Combined Coloured Visual Cryptography and LSB

NASA Astrophysics Data System (ADS)

Maulana, Halim; Rahman Syahputra, Edy

2017-12-01

Currently the level of data security becoming a major factor in data transfer. As we know every process of sending data through any medium the risk of that data gets hacked will still be there. Some techniques for securing data such as steganography and cryptography also often used as a solution for securing data. But it does not last long because it has been found out the weaknesses of the algorithm so that the security be assured. So, in need of variety of new algorithms to be able to protect the data so that data security can be guaranteed. In this study tries to combine two visual algorithms that steganography and cryptography. Where in these experiments will try to secure two pieces of data type that is the type of image data and text data where both the data is regarded as a message so to obtain the correct information receiver should get that two types of data.

Clinicians, security and information technology support services in practice settings--a pilot study.

PubMed

Fernando, Juanita

2010-01-01

This case study of 9 information technology (IT) support staff in 3 Australian (Victoria) public hospitals juxtaposes their experiences at the user-level of eHealth security in the Natural Hospital Environment with that previously reported by 26 medical, nursing and allied healthcare clinicians. IT support responsibilities comprised the entire hospital, of which clinician eHealth security needs were only part. IT staff believed their support tasks were often fragmented while work responsibilities were hampered by resources shortages. They perceived clinicians as an ongoing security risk to private health information. By comparison clinicians believed IT staff would not adequately support the private and secure application of eHealth for patient care. Preliminary data analysis suggests the tension between these cohorts manifests as an eHealth environment where silos of clinical work are disconnected from silos of IT support work. The discipline-based silos hamper health privacy outcomes. Privacy and security policies, especially those influencing the audit process, will benefit by further research of this phenomenon.

Access to healthcare and financial risk protection for older adults in Mexico: secondary data analysis of a national survey

PubMed Central

Doubova, Svetlana V; Pérez-Cuevas, Ricardo; Canning, David; Reich, Michael R

2015-01-01

Objectives While the benefits of Seguro Popular health insurance in Mexico relative to no insurance have been widely documented, little has been reported on its effects relative to the pre-existing Social Security health insurance. We analyse the effects of Social Security and Seguro Popular health insurances in Mexico on access to healthcare of older adults, and on financial risk protection to their households, compared with older adults without health insurance. Setting Secondary data analysis was performed using the 2012 Mexican Survey of Health and Nutrition (ENSANUT). Participants The study population comprised 18 847 older adults and 13 180 households that have an elderly member. Outcome measures The dependent variables were access to healthcare given the reported need, the financial burden imposed by health expenditures measured through catastrophic health-related expenditures, and using savings for health-related expenditures. Separate propensity score matching analyses were conducted for each comparison. The analysis for access was performed at the individual level, and the analysis for financial burden at the household level. In each case, matching on a wide set of relevant characteristics was achieved. Results Seguro Popular showed a protective effect against lack of access to healthcare for older adults compared with those with no insurance. The average treatment effect on the treated (ATET) was ascertained through using the nearest-neighbour matching (−8.1%, t-stat −2.305) analysis. However, Seguro Popular did not show a protective effect against catastrophic expenditures in a household where an older adult lived. Social Security showed increased access to healthcare (ATET −11.3%, t-stat −3.138), and protective effect against catastrophic expenditures for households with an elderly member (ATET −1.9%, t-stat −2.178). Conclusions Seguro Popular increased access to healthcare for Mexican older adults. Social Security showed a significant protective effect against lack of access and catastrophic expenditures compared with those without health insurance. PMID:26198427

2008 Homeland Security S and T Stakeholders Conference West-Volume 3 Tuesday

DTIC Science & Technology

2008-01-16

Architecture ( PNNL SRS) • Online data collection / entry • Data Warehouse • On Demand Analysis and Reporting Tools • Reports, Charts & Graphs • Visual / Data...Sustainability 2007– 2016 Our region wide investment include all PANYNJ business areas Computer Statistical Analysis COMPSTAT •NYPD 1990’s •Personnel Management...Coast Guard, and public health Expertise, Depth, Agility Staff Degrees 6 Our Value Added Capabilities • Risk Analysis • Operations Analysis

Systems Security Engineering Capability Maturity Model SSE-CMM Model Description Document

DTIC Science & Technology

1999-04-01

management is the process of accessing and quantifying risk , and establishing an acceptable level of risk for the organization. Managing risk is an...Process of assessing and quantifying risk and establishing acceptable level of risk for the organization. [IEEE 13335-1:1996] Security Engineering

Improving Information Security Risk Management

ERIC Educational Resources Information Center

Singh, Anand

2009-01-01

manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

Impact modeling and prediction of attacks on cyber targets

NASA Astrophysics Data System (ADS)

Khalili, Aram; Michalk, Brian; Alford, Lee; Henney, Chris; Gilbert, Logan

2010-04-01

In most organizations, IT (information technology) infrastructure exists to support the organization's mission. The threat of cyber attacks poses risks to this mission. Current network security research focuses on the threat of cyber attacks to the organization's IT infrastructure; however, the risks to the overall mission are rarely analyzed or formalized. This connection of IT infrastructure to the organization's mission is often neglected or carried out ad-hoc. Our work bridges this gap and introduces analyses and formalisms to help organizations understand the mission risks they face from cyber attacks. Modeling an organization's mission vulnerability to cyber attacks requires a description of the IT infrastructure (network model), the organization mission (business model), and how the mission relies on IT resources (correlation model). With this information, proper analysis can show which cyber resources are of tactical importance in a cyber attack, i.e., controlling them enables a large range of cyber attacks. Such analysis also reveals which IT resources contribute most to the organization's mission, i.e., lack of control over them gravely affects the mission. These results can then be used to formulate IT security strategies and explore their trade-offs, which leads to better incident response. This paper presents our methodology for encoding IT infrastructure, organization mission and correlations, our analysis framework, as well as initial experimental results and conclusions.

[Security aspects on the Internet].

PubMed

Seibel, R M; Kocher, K; Landsberg, P

2000-04-01

Is it possible to use the Internet as a secure media for transport of telemedicine? Which risks exist for routine use? In this article state of the art methods of security were analysed. Telemedicine in the Internet has severe risks, because patient data and hospital data of a secure Intranet can be manipulated by connecting it to the Web. Establishing of a firewall and the introduction of HPC (Health Professional Card) are minimizing the risk of un-authorized access to the hospital server. HPC allows good safety with digital signature and authentication of host and client of medical data. For secure e-mail PGP (Pretty Good Privacy) is easy to use as a standard protocol. Planning all activities exactly as well as following legal regulations are important requisites for reduction of safety risks in Internet.

A layered trust information security architecture.

PubMed

de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

2014-12-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

Packaging and transportation of radioactive materials

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

The following topics are discussed in this volume: shielding and criticality; transportation accidents; physical security in transit; transport forecasting and logistics; transportation experience, operations and planning; regulation; standards and quality assurance; risk analysis; and environmental impacts. Separate abstracts are prepared for individual items. (DC)

A Methodology for Dynamic Security Risk Quantification and Optimal Resource Allocation of Security Assets

DOE Office of Scientific and Technical Information (OSTI.GOV)

Brigantic, Robert T.; Betzsold, Nick J.; Bakker, Craig KR

In this presentation we overview a methodology for dynamic security risk quantification and optimal resource allocation of security assets for high profile venues. This methodology is especially applicable to venues that require security screening operations such as mass transit (e.g., train or airport terminals), critical infrastructure protection (e.g., government buildings), and largescale public events (e.g., concerts or professional sports). The method starts by decomposing the three core components of risk -- threat, vulnerability, and consequence -- into their various subcomponents. For instance, vulnerability can be decomposed into availability, accessibility, organic security, and target hardness and each of these can bemore » evaluated against the potential threats of interest for the given venue. Once evaluated, these subcomponents are rolled back up to compute the specific value for the vulnerability core risk component. Likewise, the same is done for consequence and threat, and then risk is computed as the product of these three components. A key aspect of our methodology is dynamically quantifying risk. That is, we incorporate the ability to uniquely allow the subcomponents and core components, and in turn, risk, to be quantified as a continuous function of time throughout the day, week, month, or year as appropriate.« less

The utility of the Historical Clinical Risk-20 Scale as a predictor of outcomes in decisions to transfer patients from high to lower levels of security--a UK perspective.

PubMed

Dolan, Mairead; Blattner, Regine

2010-09-29

Structured Professional Judgment (SPJ) approaches to violence risk assessment are increasingly being adopted into clinical practice in international forensic settings. The aim of this study was to examine the predictive validity of the Historical Clinical Risk -20 (HCR-20) violence risk assessment scale for outcome following transfers from high to medium security in a United Kingdom setting. The sample was predominately male and mentally ill and the majority of cases were detained under the criminal section of the Mental Health Act (1986). The HCR-20 was rated based on detailed case file information on 72 cases transferred from high to medium security. Outcomes were examined, independent of risk score, and cases were classed as "success or failure" based on established criteria. The mean length of follow up was 6 years. The total HCR-20 score was a robust predictor of failure at lower levels of security and return to high security. The Clinical and Risk management items contributed most to predictive accuracy. Although the HCR-20 was designed as a violence risk prediction tool our findings suggest it has potential utility in decisions to transfer patients from high to lower levels of security.

The Effect of Knowledge of Online Security Risks on Consumer Decision Making in B2C e-Commerce

ERIC Educational Resources Information Center

Wang, Ping An

2010-01-01

This dissertation research studied how different degrees of knowledge of online security risks affect B2C (business-to-consumer) e-commerce consumer decision making. Online information security risks, such as identity theft, have increasingly become a major factor inhibiting the potential growth of e-commerce. On the other hand, e-commerce…

Prospective Relations among Low-Income African American Adolescents’ Maternal Attachment Security, Self-Worth, and Risk Behaviors

PubMed Central

Lockhart, Ginger; Phillips, Samantha; Bolland, Anneliese; Delgado, Melissa; Tietjen, Juliet; Bolland, John

2017-01-01

This study examined prospective mediating relations among mother-adolescent attachment security, self-worth, and risk behaviors, including substance use and violence, across ages 13–17 in a sample of 901 low-income African American adolescents. Path analyses revealed that self-worth was a significant mediator between attachment security and risk behaviors, such that earlier attachment security predicted self-worth 1 year later, which in turn, predicted substance use, weapon carrying, and fighting in the 3rd year. Implications for the role of the secure base concept within the context of urban poverty are discussed. PMID:28174548

Creation of security engineering programs by the Southwest Surety Institute

NASA Astrophysics Data System (ADS)

Romero, Van D.; Rogers, Bradley; Winfree, Tim; Walsh, Dan; Garcia, Mary Lynn

1998-12-01

The Southwest Surety Institute includes Arizona State University (ASU), Louisiana State University (LSU), New Mexico Institute of Mining and Technology (NM Tech), New Mexico State University (NMSU), and Sandia National Laboratories (SNL). The universities currently offer a full spectrum of post-secondary programs in security system design and evaluation, including an undergraduate minor, a graduate program, and continuing education programs. The programs are based on the methodology developed at Sandia National Laboratories over the past 25 years to protect critical nuclear assets. The programs combine basic concepts and principles from business, criminal justice, and technology to create an integrated performance-based approach to security system design and analysis. Existing university capabilities in criminal justice (NMSU), explosives testing and technology (NM Tech and LSU), and engineering technology (ASU) are leveraged to provide unique science-based programs that will emphasize the use of performance measures and computer analysis tools to prove the effectiveness of proposed systems in the design phase. Facility managers may then balance increased protection against the cost of implementation and risk mitigation, thereby enabling effective business decisions. Applications expected to benefit from these programs include corrections, law enforcement, counter-terrorism, critical infrastructure protection, financial and medical care fraud, industrial security, and border security.

Ecosystem and Food Security in a Changing Climate

NASA Astrophysics Data System (ADS)

Field, C. B.

2011-12-01

Observed and projected impacts of climate change for ecosystem and food security tend to appear as changes in the risk of both desirable and undesirable outcomes. As a consequence, it is useful to frame the challenge of adaptation to a changing climate as a problem in risk management. For some kinds of impacts, the risks are relatively well characterized. For others, they are poorly known. Especially for the cases where the risks are poorly known, effective adaptation will need to consider approaches that build dynamic portfolios of options, based on learning from experience. Effective adaptation approaches also need to consider the risks of threshold-type responses, where opportunities for gradual adaptation based on learning may be limited. Finally, effective adaptation should build on the understanding that negative impacts on ecosystems and food security often result from extreme events, where a link to climate change may be unclear now and far into the future. Ecosystem and food security impacts that potentially require adaptation to a changing climate vary from region to region and interact strongly with actions not related to climate. In many ecosystems, climate change shifts the risk profile to increase risks of wildfire and biological invasions. Higher order risks from factors like pests and pathogens remain difficult to quantify. For food security, observational evidence highlights threshold-like behavior to high temperature in yields of a number of crops. But the risks to food security may be much broader, encompassing risks to availability of irrigation, degradation of topsoil, and challenges of storage and distribution. A risk management approach facilitates consideration of all these challenges with a unified framework.

Cost-Benefit Analysis Methodology: Install Commercially Compliant Engines on National Security Exempted Vessels?

DTIC Science & Technology

2015-11-05

impact analyses) satisfactorily encompasses the fundamentals of environmental health risk and can be applied to all mobile and stationary equipment...regulations. This paper does not seek to justify the EPA MHB approach, but explains the fundamentals and describes how the MHB concept can be...satisfactorily encompasses the fundamentals of environmental health risk and can be applied to all mobile and stationary equipment types. 15. SUBJECT TERMS

Safety analysis of occupational exposure of healthcare workers to residual contaminations of cytotoxic drugs using FMECA security approach.

PubMed

Le, Laetitia Minh Mai; Reitter, Delphine; He, Sophie; Bonle, Franck Té; Launois, Amélie; Martinez, Diane; Prognon, Patrice; Caudron, Eric

2017-12-01

Handling cytotoxic drugs is associated with chemical contamination of workplace surfaces. The potential mutagenic, teratogenic and oncogenic properties of those drugs create a risk of occupational exposure for healthcare workers, from reception of starting materials to the preparation and administration of cytotoxic therapies. The Security Failure Mode Effects and Criticality Analysis (FMECA) was used as a proactive method to assess the risks involved in the chemotherapy compounding process. FMECA was carried out by a multidisciplinary team from 2011 to 2016. Potential failure modes of the process were identified based on the Risk Priority Number (RPN) that prioritizes corrective actions. Twenty-five potential failure modes were identified. Based on RPN results, the corrective actions plan was revised annually to reduce the risk of exposure and improve practices. Since 2011, 16 specific measures were implemented successively. In six years, a cumulative RPN reduction of 626 was observed, with a decrease from 912 to 286 (-69%) despite an increase of cytotoxic compounding activity of around 23.2%. In order to anticipate and prevent occupational exposure, FMECA is a valuable tool to identify, prioritize and eliminate potential failure modes for operators involved in the cytotoxic drug preparation process before the failures occur. Copyright © 2017 Elsevier B.V. All rights reserved.

Port Security Strategy 2012

DTIC Science & Technology

2007-06-15

the base -case, a series analysis can be performed by varying the various inputs to the network to examine the impact of potential changes to improve...successfully interrogated was the primary MOE. • Based solely on the cost benefit analysis , the RSTG found that the addition of an Unmanned Surface...cargo. The CBP uses a risk based analysis and intelligence to pre-screen, assess and examine 100% of suspicious containers. The remaining cargo is

Information Security Risk Assessment in Hospitals.

PubMed

Ayatollahi, Haleh; Shagerdi, Ghazal

2017-01-01

To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

A demonstration of a low cost approach to security at shipping facilities and ports

NASA Astrophysics Data System (ADS)

Huck, Robert C.; Al Akkoumi, Mouhammad K.; Herath, Ruchira W.; Sluss, James J., Jr.; Radhakrishnan, Sridhar; Landers, Thomas L.

2010-04-01

Government funding for the security at shipping facilities and ports is limited so there is a need for low cost scalable security systems. With over 20 million sea, truck, and rail containers entering the United States every year, these facilities pose a large risk to security. Securing these facilities and monitoring the variety of traffic that enter and leave is a major task. To accomplish this, the authors have developed and fielded a low cost fully distributed building block approach to port security at the inland Port of Catoosa in Oklahoma. Based on prior work accomplished in the design and fielding of an intelligent transportation system in the United States, functional building blocks, (e.g. Network, Camera, Sensor, Display, and Operator Console blocks) can be assembled, mixed and matched, and scaled to provide a comprehensive security system. The following functions are demonstrated and scaled through analysis and demonstration: Barge tracking, credential checking, container inventory, vehicle tracking, and situational awareness. The concept behind this research is "any operator on any console can control any device at any time."

Performance Analysis of MYSEA

DTIC Science & Technology

2012-09-01

Services FSD Federated Services Daemon I&A Identification and Authentication IKE Internet Key Exchange KPI Key Performance Indicator LAN Local Area...spection takes place in different processes in the server architecture. Key Performance Indica- tor ( KPI )s associated with the system need to be...application and risk analysis of security controls. Thus, measurement of the KPIs is needed before an informed tradeoff between the performance penalties

17 CFR 240.17i-4 - Internal risk management control system requirements for supervised investment bank holding...

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Internal risk management control system requirements for supervised investment bank holding companies. 240.17i-4 Section 240.17i-4 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934...

17 CFR 240.17i-4 - Internal risk management control system requirements for supervised investment bank holding...

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Internal risk management control system requirements for supervised investment bank holding companies. 240.17i-4 Section 240.17i-4 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934...

Climate Change and Risks to National Security

NASA Astrophysics Data System (ADS)

Titley, D.

2017-12-01

Climate change impacts national security in three ways: through changes in the operating environments of the military; by increasing risks to security infrastructure, specifically bases and training ranges; and by exacerbating and accelerating the risks of state collapse and conflict in regions that are already fragile and unstable. Additionally there will be unique security challenges in the Arctic as sea-ice melts out and human activities increase across multiple dimensions. Military forces will also likely see increased demand for Humanitarian Assistance and Disaster Relief resulting from a combination of increased human population, rising sea-level, and potentially stronger and wetter storms. The talk will explore some of the lesser known aspects of these changes, examine selected climate-driven 'wild cards' that have the potential to disrupt regional and global security, and explore how migration in the face of a changing climate may heighten security issues. I will assess the positions U.S. executive and legislative branches with respect to climate & security, and how those positions have evolved since the November 2016 election, sometimes in counter-intuitive ways. The talk will close with some recommended courses of action the security enterprise can take to manage this climate risk.

Risk management of key issues of FPSO

NASA Astrophysics Data System (ADS)

Sun, Liping; Sun, Hai

2012-12-01

Risk analysis of key systems have become a growing topic late of because of the development of offshore structures. Equipment failures of offloading system and fire accidents were analyzed based on the floating production, storage and offloading (FPSO) features. Fault tree analysis (FTA), and failure modes and effects analysis (FMEA) methods were examined based on information already researched on modules of relex reliability studio (RRS). Equipment failures were also analyzed qualitatively by establishing a fault tree and Boolean structure function based on the shortage of failure cases, statistical data, and risk control measures examined. Failure modes of fire accident were classified according to the different areas of fire occurrences during the FMEA process, using risk priority number (RPN) methods to evaluate their severity rank. The qualitative analysis of FTA gave the basic insight of forming the failure modes of FPSO offloading, and the fire FMEA gave the priorities and suggested processes. The research has practical importance for the security analysis problems of FPSO.

Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education.

PubMed

Henriksen, Eva; Burkow, Tatjana M; Johnsen, Elin; Vognild, Lars K

2013-08-09

Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient's TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO's standard for information security risk management. A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality risks in home are different from in a more controlled environment such as a hospital; and electronic equipment located in private homes and communicating via Internet, is more exposed to unauthorised access. By implementing the proposed measures, it has been possible to design a home-based service which ensures the necessary level of information security and privacy.

Climate risk and food security in Mali: A historical perspective on adaptation

NASA Astrophysics Data System (ADS)

Giannini, Alessandra; Krishnamurthy, P. Krishna; Cousin, Rémi; Labidi, Naouar; Choularton, Richard J.

2017-02-01

We combine socioeconomic data from a large-scale household survey with historical climate data to map the climate sensitivity of availability and access dimensions of food security in Mali, and infer the ways in which at-risk communities may have been impacted by persistent climatic shift. Thirty years after 1982-1984, the period of most intense drought during the protracted late 20th century drying of the Sahel, the impact of drought on livelihoods and food security is still recognizable in the Sahelian center of Mali. This impact is expressed in the larger fraction of households in this Sahelian center of the country—the agro-ecological transition between pastoralism in the north, and sedentary agriculture in the south—who practice agriculture but not livestock raising, despite environmental conditions that are suitable to their combination. These households have lower food security and rely more frequently on detrimental nutrition-based coping strategies, such as reducing the quantity or quality of meals. In contrast, the more food secure households show a clear tendency toward livelihood diversification away from subsistence agriculture. These households produce less of what they consume, yet spend less on food in proportion. The analysis points to the value of interdisciplinary research—in this case bridging climate science and vulnerability analysis—to gain a dynamical understanding of complex systems, understanding which may be exploited to address real-world challenges, offering lessons about food security and local adaptation strategies in places among the most vulnerable to climate.

38 CFR 75.116 - Secretary determination.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2011-07-01 2011-07-01 false Secretary determination... (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.116 Secretary determination. (a) Upon receipt of a risk analysis prepared under this subpart, the Secretary will consider the findings and other...

38 CFR 75.116 - Secretary determination.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2012-07-01 2012-07-01 false Secretary determination... (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.116 Secretary determination. (a) Upon receipt of a risk analysis prepared under this subpart, the Secretary will consider the findings and other...

38 CFR 75.116 - Secretary determination.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2013-07-01 2013-07-01 false Secretary determination... (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.116 Secretary determination. (a) Upon receipt of a risk analysis prepared under this subpart, the Secretary will consider the findings and other...

38 CFR 75.116 - Secretary determination.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2014-07-01 2014-07-01 false Secretary determination... (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.116 Secretary determination. (a) Upon receipt of a risk analysis prepared under this subpart, the Secretary will consider the findings and other...

Participatory environmental diagnosis and of health risks from the surrounding communities the Petrochemical Complex of Rio de Janeiro, Brazil.

PubMed

Moniz, Marcela de Abreu; Sabóia, Vera Maria; Carmo, Cleber Nascimento do; Hacon, Sandra de Souza

2017-11-01

The aim of this study was to diagnose the priority socio environmental problems and the health risks from the surrounding communities the Petrochemical Complex of Rio de Janeiro. Characterized by a participatory approach, the action research has led to the application of interviews, focal groups, meetings and workshop with social actors of Porto das Caixas and Sambaetiba districts, located in Itaboraí city/RJ from November 2013 to December 2014. A structural analysis of the problems prioritized by the communities (water supply, sewage treatment and risk of transmissible diseases; risk of air pollution and respiratory diseases; absence of public security and risk of violence) sketched out the cause-effect-intervention relationship, on the basis of the Protocol for Assessing Community Excellence in Environmental Health. The process revealed the absence of representativity of the social actors of the studied localities in spaces of decision-making on the environmental issue. Educational actions with professionals and inhabitants that aim to promote the formation of collective movements urge, indispensable to guarantee the rights of mitigation of situations of contamination of air and access to sanitation services and public security and thus of conditions of lower risk to health.

Extractive waste management: A risk analysis approach.

PubMed

Mehta, Neha; Dino, Giovanna Antonella; Ajmone-Marsan, Franco; Lasagna, Manuela; Romè, Chiara; De Luca, Domenico Antonio

2018-05-01

Abandoned mine sites continue to present serious environmental hazards because the heavy metals associated with extractive waste are continuously released into the environment, where they threaten human life and the environment. Remediating and securing extractive waste are complex, lengthy and costly processes. Thus, in most European countries, a site is considered for intervention when it poses a risk to human health and the surrounding environment. As a consequence, risk analysis presents a viable decisional approach towards the management of extractive waste. To evaluate the effects posed by extractive waste to human health and groundwater, a risk analysis approach was used for an abandoned nickel extraction site in Campello Monti in North Italy. This site is located in the Southern Italian Alps. The area consists of large and voluminous mafic rocks intruded by mantle peridotite. The mining activities in this area have generated extractive waste. A risk analysis of the site was performed using Risk Based Corrective Action (RBCA) guidelines, considering the properties of extractive waste and water for the properties of environmental matrices. The results showed the presence of carcinogenic risk due to arsenic and risks to groundwater due to nickel. The results of the risk analysis form a basic understanding of the current situation at the site, which is affected by extractive waste. Copyright © 2017 Elsevier B.V. All rights reserved.

Authentication techniques for smart cards

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nelson, R.A.

1994-02-01

Smart card systems are most cost efficient when implemented as a distributed system, which is a system without central host interaction or a local database of card numbers for verifying transaction approval. A distributed system, as such, presents special card and user authentication problems. Fortunately, smart cards offer processing capabilities that provide solutions to authentication problems, provided the system is designed with proper data integrity measures. Smart card systems maintain data integrity through a security design that controls data sources and limits data changes. A good security design is usually a result of a system analysis that provides a thoroughmore » understanding of the application needs. Once designers understand the application, they may specify authentication techniques that mitigate the risk of system compromise or failure. Current authentication techniques include cryptography, passwords, challenge/response protocols, and biometrics. The security design includes these techniques to help prevent counterfeit cards, unauthorized use, or information compromise. This paper discusses card authentication and user identity techniques that enhance security for microprocessor card systems. It also describes the analysis process used for determining proper authentication techniques for a system.« less

Security breaches: tips for assessing and limiting your risks.

PubMed

Coons, Leeanne R

2011-01-01

As part of their compliance planning, medical practices should undergo a risk assessment to determine any vulnerability within the practice relative to security breaches. Practices should also implement safeguards to limit their risks. Such safeguards include facility access controls, information and electronic media management, use of business associate agreements, and education and enforcement. Implementation of specific policies and procedures to address security incidents is another critical step that medical practices should take as part of their security incident prevention plan. Medical practices should not only develop policies and procedures to prevent, detect, contain, and correct security violations, but should make sure that such policies and procedures are actually implemented in their everyday operations.

Physical security and IT convergence: Managing the cyber-related risks.

PubMed

McCreight, Tim; Leece, Doug

The convergence of physical security devices into the corporate network is increasing, due to the perceived economic benefits and efficiencies gained from using one enterprise network. Bringing these two networks together is not without risk. Physical devices like closed circuit television cameras (CCTV), card access readers, and heating, ventilation and air conditioning controllers (HVAC) are typically not secured to the standards we expect for corporate computer networks. These devices can pose significant risks to the corporate network by creating new avenues to exploit vulnerabilities in less-than-secure implementations of physical systems. The ASIS Information Technology Security Council (ITSC) developed a white paper describing steps organisations can take to reduce the risks this convergence can pose, and presented these concepts at the 2015 ASIS/ISC2 Congress in Anaheim, California. 1 This paper expands upon the six characteristics described by ITSC, and provides business continuity planners with information on how to apply these recommendations to physical security devices that use the corporate network.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Almajali, Anas; Rice, Eric; Viswanathan, Arun

This paper presents a systems analysis approach to characterizing the risk of a Smart Grid to a load-drop attack. A characterization of the risk is necessary for the design of detection and remediation strategies to address the consequences of such attacks. Using concepts from systems health management and system engineering, this work (a) first identifies metrics that can be used to generate constraints for security features, and (b) lays out an end-to-end integrated methodology using separate network and power simulations to assess system risk. We demonstrate our approach by performing a systems-style analysis of a load-drop attack implemented over themore » AMI subsystem and targeted at destabilizing the underlying power grid.« less

Food Insecurity and Its Association With Central Obesity and Other Markers of Metabolic Syndrome Among Persons Aged 12 to 18 Years in the United States.

PubMed

Holben, David H; Taylor, Christopher A

2015-09-01

Food insecurity is a preventable health threat and may precipitate central obesity and metabolic syndrome in children and adolescents in the United States. To examine (1) health by household food security status; and (2) differences and prevalence of central obesity among persons aged 12 to 18 years in the United States. The National Health and Nutrition Examination Survey was administered to a cross-sectional sample of persons aged 12 to 18 years in 1999 to 2006. Controlling for age, race/ethnicity, and sex differences in mean obesity and chronic disease factors across levels of food insecurity (analysis of covariance [Bonferroni post hoc] and ORs [logistic regression analyses]) were examined, as were differences in the rates of risk factors (χ(2) statistics). A total of 7435 participants were analyzed. Those from marginally food secure (n=751) and low-food secure (n=1206) (population size estimate, 26,714,182) households were significantly more likely than their high-food secure counterparts (n=4831) to be overweight (P=.036) (OR, 1.44), and those from marginally food secure households were 1.3-times more likely to be obese (P=.036). Nearly 25% of respondents from marginally food secure, low-food secure, and very low-food secure (n=647) households reported central obesity (P=.002), which was 1.4 to 1.5 times more likely than those from high-food secure households. Participants from high-food secure households had significantly higher mean high-density lipoprotein values (P=.019). Risk factors indicative of metabolic syndrome were present in 3.1%. Household food insecurity was associated with an increased likelihood of being overweight and having central obesity. Limitations included the use of cross-sectional data and some self-reported data and the inability to control for all moderating variables in obesity and overall health status.

6 CFR 27.215 - Security vulnerability assessments.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Security vulnerability assessments. 27.215... FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.215 Security vulnerability...-risk, the facility must complete a Security Vulnerability Assessment. A Security Vulnerability...

Addressing software security risk mitigations in the life cycle

NASA Technical Reports Server (NTRS)

Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

2003-01-01

The NASA Office of Safety and Mission Assurance (OSMA) has funded the Jet Propulsion Laboratory (JPL) with a Center Initiative, 'Reducing Software Security Risk through an Integrated Approach' (RSSR), to address this need. The Initiative is a formal approach to addressing software security in the life cycle through the instantiation of a Software Security Assessment Instrument (SSAI) for the development and maintenance life cycles.

17 CFR 240.15c3-4 - Internal risk management control systems for OTC derivatives dealers.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Internal risk management control systems for OTC derivatives dealers. 240.15c3-4 Section 240.15c3-4 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934 Rules and Regulations Under the...

Special report. NIOSH: new facts about violence against healthcare workers and security officers.

PubMed

1996-09-01

A definitive compilation and analysis by NIOSH (National Institute For Occupational Safety and Health) of recent studies measuring violence in the workplace presents the clearest picture to date of the nature and frequency of such violence and which employees are at greatest risk. For managers in security and health care, the NIOSH statistics are especially important. In this report, we'll review what we believe are the most significant findings of NIOSH and other sources and present details of programs designed to prevent healthcare workers from becoming victims of violence.

A Model for the Development of an Organization’s Information System (IS) Security System

DTIC Science & Technology

1986-12-01

INTRODUCTION — = 52 B. A RISK ASSESSMENT 52 1. Background 52 2. Threat Identification -— — 53 3. Impact Analysis 54 C. LOGICAL DESIGN • — 59 D. PRACTICAL DESIGN...OF ESTIMATED IMPACT AND FREQUENCY • 93 APPENDIX H: COMBINED MATRIX OF 1, F, AND ALE 9 4 APPENDIX I: SECURITY RESOURCES (CONTROLS) 9 5 APPENDIX J...that have been developed, the computer’s impact is sometimes hard to discern. Except in recent years, with the increasing use of microcomputers, the

Information Uncertainty to Compare Qualitative Reasoning Security Risk Assessment Results

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chavez, Gregory M; Key, Brian P; Zerkle, David K

2009-01-01

The security risk associated with malevolent acts such as those of terrorism are often void of the historical data required for a traditional PRA. Most information available to conduct security risk assessments for these malevolent acts is obtained from subject matter experts as subjective judgements. Qualitative reasoning approaches such as approximate reasoning and evidential reasoning are useful for modeling the predicted risk from information provided by subject matter experts. Absent from these approaches is a consistent means to compare the security risk assessment results. Associated with each predicted risk reasoning result is a quantifiable amount of information uncertainty which canmore » be measured and used to compare the results. This paper explores using entropy measures to quantify the information uncertainty associated with conflict and non-specificity in the predicted reasoning results. The measured quantities of conflict and non-specificity can ultimately be used to compare qualitative reasoning results which are important in triage studies and ultimately resource allocation. Straight forward extensions of previous entropy measures are presented here to quantify the non-specificity and conflict associated with security risk assessment results obtained from qualitative reasoning models.« less

GEMSS: privacy and security for a medical Grid.

PubMed

Middleton, S E; Herveg, J A M; Crazzolara, F; Marvin, D; Poullet, Y

2005-01-01

The GEMSS project is developing a secure Grid infrastructure through which six medical simulations services can be invoked. We examine the legal and security framework within which GEMSS operates. We provide a legal qualification to the operations performed upon patient data, in view of EU directive 95/46, when using medical applications on the GEMSS Grid. We identify appropriate measures to ensure security and describe the legal rationale behind our choice of security technology. Our legal analysis demonstrates there must be an identified controller (typically a hospital) of patient data. The controller must then choose a processor (in this context a Grid service provider) that provides sufficient guarantees with respect to the security of their technical and organizational data processing procedures. These guarantees must ensure a level of security appropriate to the risks, with due regard to the state of the art and the cost of their implementation. Our security solutions are based on a public key infrastructure (PKI), transport level security and end-to-end security mechanisms in line with the web service (WS Security, WS Trust and SecureConversation) security specifications. The GEMSS infrastructure ensures a degree of protection of patient data that is appropriate for the health care sector, and is in line with the European directives. We hope that GEMSS will become synonymous with high security data processing, providing a framework by which GEMSS service providers can provide the security guarantees required by hospitals with regard to the processing of patient data.

A Layered Trust Information Security Architecture

PubMed Central

de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

2014-01-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

Information Security Risk Assessment in Hospitals

PubMed Central

Ayatollahi, Haleh; Shagerdi, Ghazal

2017-01-01

Background: To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. Objective: The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. Method: This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). Results: The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). Conclusion: The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies. PMID:29204226

Risk management and security services interaction--a must in today's health care environment.

PubMed

Stultz, M S

1990-01-01

The author shows why risk managers and security directors are natural partners in the effort of a hospital to reduce risks from such occurrences as baby kidnappings, serial killers, thefts, and rapes/sexual assaults.

Risks and responses to universal drinking water security.

PubMed

Hope, Robert; Rouse, Michael

2013-11-13

Risks to universal drinking water security are accelerating due to rapid demographic, climate and economic change. Policy responses are slow, uneven and largely inadequate to address the nature and scale of the global challenges. The challenges relate both to maintaining water security in increasingly fragile supply systems and to accelerating reliable access to the hundreds of millions who remain water-insecure. A conceptual framework illustrates the relationship between institutional, operational and financial risks and drinking water security outcomes. We apply the framework to nine case studies from rural and urban contexts in South Asia and sub-Saharan Africa. Case studies are purposively selected based on established and emerging examples of political, technological or institutional reforms that address water security risks. We find broad evidence that improved information flows reduce institutional costs and promote stronger and more transparent operational performance to increase financial sustainability. However, political barriers need to be overcome in all cases through internal or external interventions that require often decadal time frames and catalytic investments. No single model exists, though there is sufficient evidence to demonstrate that risks to drinking water security can be reduced even in the most difficult and challenging contexts.

Work-related violence against security guards--who is most at risk?

PubMed

Leino, Tuula; Selin, Risto; Summala, Heikki; Virtanen, Marianna

2011-01-01

Studies on violence in the work of security guards are largely lacking. This study is unique in that it focuses on security guards (n=1,010) in Finland, and assesses the different forms, prevalence, and risk factors of the work-related violence they often face. Information to a survey instrument was obtained by first interviewing 30 volunteers. Then we made a cross-sectional mailed survey that was sent to a randomized group of 2,000 security guards. The response rate was 52. We found the prevalence of verbal aggression, threats of assault, and physical acts against security guards at least once a month to be 39%, 19%, and 15% respectively. As regards risk factors and who is most at risk, our results show that male gender, young age, low work experience, late working hours, and time pressure were associated with all three forms of work-related violence. Unlike other forms of violence, verbal aggression was highly prevalent outside the metropolitan area and directed towards both more and less experienced security guards. In prevention policies for violence, it is important to identify high-risk groups such as those who have less work experience.

Risk assessment for physical and cyber attacks on critical infrastructures.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smith, Bryan J.; Sholander, Peter E.; Phelan, James M.

2005-08-01

Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies. Existing risk assessment methodologies consider physical security and cyber security separately. As such, they do not accurately model attacks that involve defeating both physical protection and cyber protection elements (e.g., hackers turning off alarm systems prior to forced entry). This paper presents a risk assessment methodology that accounts for both physical and cyber security. It also preserves the traditional security paradigm of detect, delay and respond, while accounting for the possibility that a facility may be able to recover from or mitigate the results ofmore » a successful attack before serious consequences occur. The methodology provides a means for ranking those assets most at risk from malevolent attacks. Because the methodology is automated the analyst can also play 'what if with mitigation measures to gain a better understanding of how to best expend resources towards securing the facilities. It is simple enough to be applied to large infrastructure facilities without developing highly complicated models. Finally, it is applicable to facilities with extensive security as well as those that are less well-protected.« less

12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for.... Definitions II. Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of...

12 CFR Appendix F to Part 225 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... Relationships Risk Management Principles,” Nov. 1, 2001; FDIC FIL 68-99, Risk Assessment Tools and Practices for.... Standards for Safeguarding Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B...

75 FR 47666 - Self-Regulatory Organizations; National Futures Association; Notice of Filing and Immediate...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-06

... a number of securities and futures exchanges. Among other things, this Risk Disclosure statement... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-62624; File No. SR-NFA-2010-02] Self-Regulatory... Interpretive Notice Entitled ``NFA Compliance Rule 2-30(b): Risk Disclosure Statement for Security Futures...

Impacts of Base-Case and Post-Contingency Constraint Relaxations on Static and Dynamic Operational Security

NASA Astrophysics Data System (ADS)

Salloum, Ahmed

Constraint relaxation by definition means that certain security, operational, or financial constraints are allowed to be violated in the energy market model for a predetermined penalty price. System operators utilize this mechanism in an effort to impose a price-cap on shadow prices throughout the market. In addition, constraint relaxations can serve as corrective approximations that help in reducing the occurrence of infeasible or extreme solutions in the day-ahead markets. This work aims to capture the impact constraint relaxations have on system operational security. Moreover, this analysis also provides a better understanding of the correlation between DC market models and AC real-time systems and analyzes how relaxations in market models propagate to real-time systems. This information can be used not only to assess the criticality of constraint relaxations, but also as a basis for determining penalty prices more accurately. Constraint relaxations practice was replicated in this work using a test case and a real-life large-scale system, while capturing both energy market aspects and AC real-time system performance. System performance investigation included static and dynamic security analysis for base-case and post-contingency operating conditions. PJM peak hour loads were dynamically modeled in order to capture delayed voltage recovery and sustained depressed voltage profiles as a result of reactive power deficiency caused by constraint relaxations. Moreover, impacts of constraint relaxations on operational system security were investigated when risk based penalty prices are used. Transmission lines in the PJM system were categorized according to their risk index and each category was as-signed a different penalty price accordingly in order to avoid real-time overloads on high risk lines. This work also extends the investigation of constraint relaxations to post-contingency relaxations, where emergency limits are allowed to be relaxed in energy market models. Various scenarios were investigated to capture and compare between the impacts of base-case and post-contingency relaxations on real-time system performance, including the presence of both relaxations simultaneously. The effect of penalty prices on the number and magnitude of relaxations was investigated as well.

Improvements to the Ionizing Radiation Risk Assessment Program for NASA Astronauts

NASA Technical Reports Server (NTRS)

Semones, E. J.; Bahadori, A. A.; Picco, C. E.; Shavers, M. R.; Flores-McLaughlin, J.

2011-01-01

To perform dosimetry and risk assessment, NASA collects astronaut ionizing radiation exposure data from space flight, medical imaging and therapy, aviation training activities and prior occupational exposure histories. Career risk of exposure induced death (REID) from radiation is limited to 3 percent at a 95 percent confidence level. The Radiation Health Office at Johnson Space Center (JSC) is implementing a program to integrate the gathering, storage, analysis and reporting of astronaut ionizing radiation dose and risk data and records. This work has several motivations, including more efficient analyses and greater flexibility in testing and adopting new methods for evaluating risks. The foundation for these improvements is a set of software tools called the Astronaut Radiation Exposure Analysis System (AREAS). AREAS is a series of MATLAB(Registered TradeMark)-based dose and risk analysis modules that interface with an enterprise level SQL Server database by means of a secure web service. It communicates with other JSC medical and space weather databases to maintain data integrity and consistency across systems. AREAS is part of a larger NASA Space Medicine effort, the Mission Medical Integration Strategy, with the goal of collecting accurate, high-quality and detailed astronaut health data, and then securely, timely and reliably presenting it to medical support personnel. The modular approach to the AREAS design accommodates past, current, and future sources of data from active and passive detectors, space radiation transport algorithms, computational phantoms and cancer risk models. Revisions of the cancer risk model, new radiation detection equipment and improved anthropomorphic computational phantoms can be incorporated. Notable hardware updates include the Radiation Environment Monitor (which uses Medipix technology to report real-time, on-board dosimetry measurements), an updated Tissue-Equivalent Proportional Counter, and the Southwest Research Institute Radiation Assessment Detector. Also, the University of Florida hybrid phantoms, which are flexible in morphometry and positioning, are being explored as alternatives to the current NASA computational phantoms.

A Comparative Analysis of Selected Federal Programs Serving Young Children. Steps toward Making These Programs Work in Your State.

ERIC Educational Resources Information Center

Smith, Barbara J.

Intended to help state planners understand and coordinate their program efforts, the guide provides an analysis of major federally funded programs for handicapped and at-risk children from birth to age 6. The following programs and their legislative authority are considered: Medicaid (Title XIX of the Social Security Act); The Early and Periodic…

How short should short-term risk assessment be? Determining the optimum interval for START reassessment in a secure mental health service.

PubMed

Dickens, G L; O'Shea, L E

2015-08-01

The Short-Term Assessment of Risk and Treatability (START) is a tool used in some mental health services to assess patients to see if they are at risk of violence, self-harm, self-neglect or victimization. The recommended time between assessments is 3 months but there is currently no evidence to show that this is best practice. We have investigated whether assessing at 1- or 2-month intervals would be more accurate and therefore facilitate more individualized risk management interventions. We found that many patients who were rated as low risk had been involved in risk behaviours before 3 months had passed; some patients who were rated at increased risk did not get involved in risk behaviours at all. Results are mixed for different outcomes but on balance, we think that the recommendation to conduct START assessment every 3 months is supported by the evidence. However, reassessment should be considered if risk behaviours are not prevented and teams should always consider whether risk management practices are too restrictive. The Short-Term Assessment of Risk and Treatability (START) guides assessment of potential adverse outcomes. Assessment is recommended every 3 months but there is no evidence for this interval. We aimed to inform whether earlier reassessment was warranted. We collated START assessments for N = 217 adults in a secure mental health hospital, and subsequent aggressive, self-harm, self-neglect and victimization incidents. We used receiver operating characteristic analysis to assess predictive validity; survival function analysis to examine differences between low-, medium-, and high-risk groups; and hazard function analysis to determine the optimum interval for reassessment. The START predicted aggression and self-harm at 1, 2 and 3 months. At-risk individuals engaged in adverse outcomes earlier than low-risk patients. About half warranted reassessment before 3 months due to engagement in risk behaviour before that point despite a low-risk rating, or because of non-engagement by that point despite an elevated risk rating. Risk assessment should occur at appropriate intervals so that management strategies can be individually tailored. Assessment at 3-month intervals is supported by the evidence. START assessments should be revisited earlier if risk behaviours are not prevented; teams should constantly re-evaluate the need for restrictive practices. © 2015 John Wiley & Sons Ltd.

Making Our Buildings Safer: Security Management and Equipment Issues.

ERIC Educational Resources Information Center

Clark, James H.

1997-01-01

Discusses three major components of library security: physical security of the environment; operating procedures for library staff, the public, and security personnel; and a contract security force (or campus security in academic institutions.) Topics include risk management; maintenance; appropriate technology, including security systems and…

Examining Long Term Climate Related Security Risks through the Use of Gaming and Scenario Planning

DTIC Science & Technology

2016-10-24

114 Examining Long-Term Climate-Related Security Risks through the Use of Gaming and Scenario Planning Catherine M. Schkoda, Shawna G. Cuan, and...E. D. McGrady Abstract: This paper examines four possible climate change-related security risks that emerged from an international game and scenario...potential for an emerging disparity between regions over the consensus and control of climate change-related technologies. Keywords: gaming , scenario

17 CFR 249.328T - Form 17-H, Risk assessment report for brokers and dealers pursuant to section 17(h) of the...

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Form 17-H, Risk assessment report for brokers and dealers pursuant to section 17(h) of the Securities Exchange Act of 1934 and rules... Under Sections 13 and 15(d) of the Securities Exchange Act of 1934 § 249.328T Form 17-H, Risk assessment...

An Extended Chaotic Maps-Based Three-Party Password-Authenticated Key Agreement with User Anonymity

PubMed Central

Lu, Yanrong; Li, Lixiang; Zhang, Hao; Yang, Yixian

2016-01-01

User anonymity is one of the key security features of an authenticated key agreement especially for communicating messages via an insecure network. Owing to the better properties and higher performance of chaotic theory, the chaotic maps have been introduced into the security schemes, and hence numerous key agreement schemes have been put forward under chaotic-maps. Recently, Xie et al. released an enhanced scheme under Farash et al.’s scheme and claimed their improvements could withstand the security loopholes pointed out in the scheme of Farash et al., i.e., resistance to the off-line password guessing and user impersonation attacks. Nevertheless, through our careful analysis, the improvements were released by Xie et al. still could not solve the problems troubled in Farash et al‥ Besides, Xie et al.’s improvements failed to achieve the user anonymity and the session key security. With the purpose of eliminating the security risks of the scheme of Xie et al., we design an anonymous password-based three-party authenticated key agreement under chaotic maps. Both the formal analysis and the formal security verification using AVISPA are presented. Also, BAN logic is used to show the correctness of the enhancements. Furthermore, we also demonstrate that the design thwarts most of the common attacks. We also make a comparison between the recent chaotic-maps based schemes and our enhancements in terms of performance. PMID:27101305

Ensuring the security of synthetic biology-towards a 5P governance strategy.

PubMed

Kelle, Alexander

2009-12-01

Over recent years the label "synthetic biology" has been attached to a number of diverse research and commercial activities, ranging from the search for a minimal cell to the quick delivery of customized genes by DNA synthesis companies. Based on the analysis of biosecurity issues surrounding synthetic biology during the SYNBIOSAFE project, this paper will first provide a rationale for taking security, in addition to safety aspects of this new field, seriously. It will then take stock of the initiatives and measures that have already been taken in this area and will lastly try to map out future areas of activities in order to minimise the security risks emanating from this promising new field of scientific inquiry and technological progress.

Optimisation of Critical Infrastructure Protection: The SiVe Project on Airport Security

NASA Astrophysics Data System (ADS)

Breiing, Marcus; Cole, Mara; D'Avanzo, John; Geiger, Gebhard; Goldner, Sascha; Kuhlmann, Andreas; Lorenz, Claudia; Papproth, Alf; Petzel, Erhard; Schwetje, Oliver

This paper outlines the scientific goals, ongoing work and first results of the SiVe research project on critical infrastructure security. The methodology is generic while pilot studies are chosen from airport security. The outline proceeds in three major steps, (1) building a threat scenario, (2) development of simulation models as scenario refinements, and (3) assessment of alternatives. Advanced techniques of systems analysis and simulation are employed to model relevant airport structures and processes as well as offences. Computer experiments are carried out to compare and optimise alternative solutions. The optimality analyses draw on approaches to quantitative risk assessment recently developed in the operational sciences. To exploit the advantages of the various techniques, an integrated simulation workbench is build up in the project.

Occupational injuries in times of labour market flexibility: the different stories of employment-secure and precarious workers.

PubMed

Giraudo, Massimiliano; Bena, Antonella; Leombruni, Roberto; Costa, Giuseppe

2016-02-13

The relationship between labour market flexibility, job insecurity and occupational injuries is not univocal. The literature generally focuses on the temporary character of work arrangements rather than on the precarity of careers. The aim of this paper is to identify, without defining a priori what a precarious career is, the most common professional profiles of young people who entered the labour market in the 2000s and to correlate them with occupational injury risks. Using the Whip-Salute database, which combines individual work and health histories, we selected the subjects under 30 years of age whose first appearance in the database is dated after 2000. The occupational history of each individual between 2000 and 2005 was described according to 6 variables (type of entry contract, number of contracts, number of jobs, economic activities, work intensity and duration of the longest period of non-employment). Workers were grouped into homogeneous categories using cluster analysis techniques, which enable to identify different career profiles. Injury rates were calculated for each cluster, and compared within and between the groups. We selected 56,760 workers in the study period, who were classified in 6 main career profiles. About 1/3 of the subjects presented an employment-secure career profile, while about 45 % of them were classified into 3 clusters showing precarious career profiles with different work intensities. Precarious workers present significantly higher injury rates than those with secure careers, with an increase in risk between 24 and 57 % (p < 0.05). The comparison of injury rates at the beginning and at the end of the study period revealed a significant decrease in all clusters, but the gap between secure and precarious workers remained wide. Cluster analysis allowed to identify career patterns with clearly different characteristics. A positive association between injury risk and the level of career fragmentation was found. The association cannot be fully interpreted in a causal way, since reversed causality and selection processes may be in action. However the study indicates a disadvantage for precarious workers, who face significantly higher risks of both minor and severe injuries.

Developing the security culture at the SEISMED Reference Centres.

PubMed

Fowler, J

1996-01-01

The paper gives a brief summary of the SEISMED project and the particular role played by the Reference Centres. Details are given of the hardware and application systems in use in the Royal Hospitals (NHS) Trust (RHT), one of the SEISMED Reference Centres. It proposes, without verification, a definition of a Security Culture based on three criteria. These are suggested to be the "Awareness" the "Acceptance" and the "Actions" of the management and staff to improve Information Systems Security throughout the RHT. The way that "Awareness" was increased is shown by the specific initiatives commenced as a result of a CRAMM Risk Analysis and the management and staff training programmes. The specific initiatives mentioned include, an Information Systems Security Policy, a contingency and disaster recovery plan, improvements in the physical protection of equipment and changes to the method of access control. The "Acceptance" by the staff of these measures is considered and the success or failure of "Developing A Security Culture" examined. The role of SEISMED in this process is assessed.

Factors influencing workplace violence risk among correctional health workers: insights from an Australian survey.

PubMed

Cashmore, Aaron W; Indig, Devon; Hampton, Stephen E; Hegney, Desley G; Jalaludin, Bin B

2016-11-01

Little is known about the environmental and organisational determinants of workplace violence in correctional health settings. This paper describes the views of health professionals working in these settings on the factors influencing workplace violence risk. All employees of a large correctional health service in New South Wales, Australia, were invited to complete an online survey. The survey included an open-ended question seeking the views of participants about the factors influencing workplace violence in correctional health settings. Responses to this question were analysed using qualitative thematic analysis. Participants identified several factors that they felt reduced the risk of violence in their workplace, including: appropriate workplace health and safety policies and procedures; professionalism among health staff; the presence of prison guards and the quality of security provided; and physical barriers within clinics. Conversely, participants perceived workplace violence risk to be increased by: low health staff-to-patient and correctional officer-to-patient ratios; high workloads; insufficient or underperforming security staff; and poor management of violence, especially horizontal violence. The views of these participants should inform efforts to prevent workplace violence among correctional health professionals.

Chemical Safety Information, Site Security and Fuels Regulatory Relief Act: Public Distribution of Off-Site Consequence Analysis Information Fact Sheet

EPA Pesticide Factsheets

Based on assessments of increased risk of terrorist/criminal activity, EPA and DOJ have issued a rule that allows public access to OCA information in ways that are designed to minimize likelihood of chemical accidents and public harm.

Should Cops Be Spies? Evaluating the Collection and Sharing of National Security Intelligence by State, Local and Tribal Law Enforcement

DTIC Science & Technology

2013-03-01

international organized crime , illegal immigration, financial institution fraud and money laundering. Policymakers increasingly view domestic law...approach to crime control, focusing upon the identification, analysis and management of persisting and developing problems or risks (de Lint, 2006

38 CFR 75.116 - Secretary determination.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 38 Pensions, Bonuses, and Veterans' Relief 2 2010-07-01 2010-07-01 false Secretary determination. 75.116 Section 75.116 Pensions, Bonuses, and Veterans' Relief DEPARTMENT OF VETERANS AFFAIRS (CONTINUED) INFORMATION SECURITY MATTERS Data Breaches § 75.116 Secretary determination. (a) Upon receipt of a risk analysis prepared under this subpart, th...

Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

NASA Astrophysics Data System (ADS)

Johnson, C. W.; Atencia Yepez, A.

2012-01-01

Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

Mitigating Inadvertent Insider Threats with Incentives

NASA Astrophysics Data System (ADS)

Liu, Debin; Wang, Xiaofeng; Camp, L. Jean

Inadvertent insiders are trusted insiders who do not have malicious intent (as with malicious insiders) but do not responsibly managing security. The result is often enabling a malicious outsider to use the privileges of the inattentive insider to implement an insider attack. This risk is as old as conversion of a weak user password into root access, but the term inadvertent insider is recently coined to identify the link between the behavior and the vulnerability. In this paper, we propose to mitigate this threat using a novel risk budget mechanism that offers incentives to an insider to behave according to the risk posture set by the organization. We propose assigning an insider a risk budget, which is a specific allocation of risk points, allowing employees to take a finite number of risk-seeking choice. In this way, the employee can complete her tasks without subverting the security system, as with absolute prohibitions. In the end, the organization penalizes the insider if she fails to accomplish her task within the budget while rewards her in the presence of a surplus. Most importantly. the risk budget requires that the user make conscious visible choices to take electronic risks. We describe the theory behind the system, including specific work on the insider threats. We evaluated this approach using human-subject experiments, which demonstrate the effectiveness of our risk budget mechanism. We also present a game theoretic analysis of the mechanism.

12 CFR Appendix C to Part 1720 - Policy Guidance; Safety and Soundness Standards for Information

Code of Federal Regulations, 2011 CFR

2011-01-01

... implementation and reviewing reports from management. 2. Assess Risk. Each Enterprise shall: a. Identify... control risks. 3. Manage and Control Risk. Each Enterprise shall: a. Design its information security... security program. The frequency and nature of such tests should be determined by the Enterprise's risk...

17 CFR 229.1103 - (Item 1103) Transaction summary and risk factors.

Code of Federal Regulations, 2010 CFR

2010-04-01

... summary and risk factors. 229.1103 Section 229.1103 Commodity and Securities Exchanges SECURITIES AND... (Regulation AB) § 229.1103 (Item 1103) Transaction summary and risk factors. (a) Prospectus summary. In... be assigned. (b) Risk factors. In providing the information required by Item 503(c) of Regulation S-K...

17 CFR 229.1103 - (Item 1103) Transaction summary and risk factors.

Code of Federal Regulations, 2011 CFR

2011-04-01

... summary and risk factors. 229.1103 Section 229.1103 Commodity and Securities Exchanges SECURITIES AND... (Regulation AB) § 229.1103 (Item 1103) Transaction summary and risk factors. (a) Prospectus summary. In... be assigned. (b) Risk factors. In providing the information required by Item 503(c) of Regulation S-K...

Evaluation of the awareness and effectiveness of IT security programs in a large publicly funded health care system.

PubMed

Hepp, Shelanne L; Tarraf, Rima C; Birney, Arden; Arain, Mubashir Aslam

2017-01-01

Electronic health records are becoming increasingly common in the health care industry. Although information technology (IT) poses many benefits to improving health care and ease of access to information, there are also security and privacy risks. Educating health care providers is necessary to ensure proper use of health information systems and IT and reduce undesirable outcomes. This study evaluated employees' awareness and perceptions of the effectiveness of two IT educational training modules within a large publicly funded health care system in Canada. Semi-structured interviews and focus groups included a variety of professional roles within the organisation. Participants also completed a brief demographic data sheet. With the consent of participants, all interviews and focus groups were audio recorded. Thematic analysis and descriptive statistics were used to evaluate the effectiveness of the IT security training modules. Five main themes emerged: (i) awareness of the IT training modules, (ii) the content of modules, (iii) staff perceptions about differences between IT security and privacy issues, (iv) common breaches of IT security and privacy, and (v) challenges and barriers to completing the training program. Overall, nonclinical staff were more likely to be aware of the training modules than were clinical staff. We found e-learning was a feasible way to educate a large number of employees. However, health care providers required a module on IT security and privacy that was relatable and applicable to their specific roles. Strategies to improve staff education and mitigate against IT security and privacy risks are discussed. Future research should focus on integrating health IT competencies into the educational programs for health care professionals.

Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education

PubMed Central

2013-01-01

Background Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient’s TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Methods Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO’s standard for information security risk management. Results A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Conclusions Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality risks in home are different from in a more controlled environment such as a hospital; and electronic equipment located in private homes and communicating via Internet, is more exposed to unauthorised access. By implementing the proposed measures, it has been possible to design a home-based service which ensures the necessary level of information security and privacy. PMID:23937965

Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

PubMed Central

Fernández, Gonzalo; López-Coronado, Miguel

2013-01-01

Background The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. Objective To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. Methods To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Results Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Conclusions Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed. PMID:23965254

Analysis of the security and privacy requirements of cloud-based electronic health records systems.

PubMed

Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

2013-08-21

The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed.

Import Security: Assessing the Risks of Imported Food.

PubMed

Welburn, Jonathan; Bier, Vicki; Hoerning, Steven

2016-11-01

We use data on food import violations from the FDA Operational and Administrative System for Import Support (OASIS) to address rising concerns associated with imported food, quantify import risks by product and by country of origin, and explore the usefulness of OASIS data for risk assessment. In particular, we assess whether there are significant trends in violations, whether import violations can be used to quantify risks by country and by product, and how import risks depend on economic factors of the country of origin. The results show that normalizing import violations by volume of imports provides a meaningful indicator of risk. We then use regression analysis to characterize import risks.  Using this model, we analyze import risks by product type, violation type, and economic factors of the country of origin.  We find that OASIS data are useful in quantifying food import risks, and that the rate of refusals provides a useful decision tool for risk management.  Furthermore, we find that some economic factors are significant indicators of food import risk by country. © 2016 Society for Risk Analysis.

17 CFR 240.3b-15 - Definition of ancillary portfolio management securities activities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... governing body of the dealer and included in the internal risk management control system for the dealer... of incidental trading activities for portfolio management purposes; and (3) Are limited to risk... portfolio management securities activities. 240.3b-15 Section 240.3b-15 Commodity and Securities Exchanges...

Addressing the Need for Independence in the CSE Model

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Ferragut, Erik M; Sheldon, Frederick T

2011-01-01

Abstract Information system security risk, defined as the product of the monetary losses associated with security incidents and the probability that they occur, is a suitable decision criterion when considering different information system architectures. Risk assessment is the widely accepted process used to understand, quantify, and document the effects of undesirable events on organizational objectives so that risk management, continuity of operations planning, and contingency planning can be performed. One technique, the Cyberspace Security Econometrics System (CSES), is a methodology for estimating security costs to stakeholders as a function of possible risk postures. In earlier works, we presented a computationalmore » infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain, as a result of security breakdowns. Additional work has applied CSES to specific business cases. The current state-of-the-art of CSES addresses independent events. In typical usage, analysts create matrices that capture their expert opinion, and then use those matrices to quantify costs to stakeholders. This expansion generalizes CSES to the common real-world case where events may be dependent.« less

For telehealth to succeed, privacy and security risks must be identified and addressed.

PubMed

Hall, Joseph L; McGraw, Deven

2014-02-01

The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

[The 20th century legal framework regarding risk at work and occupational health in Colombia].

PubMed

Arango-Soler, Juan M; Luna-García, Jairo E; Correa-Moreno, Yerson A; Campos, Adriana C

2013-01-01

Analyzing the 20th century Colombian legal framework from the point of view of labor law, social security and public health for identifying concepts regarding occupational health and professional risk and trying to establish convergence and differences between such foci and whether they fulfilled a complementary view. This work involved documentary research by means of thematic categorical analysis of the laws and statutes promulgated in 20th century Colombia, considering the main element or entity which should have regulated that related to professional risk or occupational health. The development of the 20th century Colombian legal framework regarding health at work was periodized, revealing the predominance of a view of social law focused on protecting dependent workers' work-related risks, as part of a tendency extending to the Colombian Sistema General de Riesgos Laborales. The proposed stages used for organizing the legal framework concerning social security regarding professional risk and occupational health facilitated some important elements being recognized concerning the social, legal and institutional context from which workers' health laws emerged. Tension was noted concerning statutes orientated towards redress and compensation regarding accidents at work and legislation emphasizing prevention.

A framework for analyzing the economic tradeoffs between urban commerce and security against terrorism.

PubMed

Rose, Adam; Avetisyan, Misak; Chatterjee, Samrat

2014-08-01

This article presents a framework for economic consequence analysis of terrorism countermeasures. It specifies major categories of direct and indirect costs, benefits, spillover effects, and transfer payments that must be estimated in a comprehensive assessment. It develops a spreadsheet tool for data collection, storage, and refinement, as well as estimation of the various components of the necessary economic accounts. It also illustrates the usefulness of the framework in the first assessment of the tradeoffs between enhanced security and changes in commercial activity in an urban area, with explicit attention to the role of spillover effects. The article also contributes a practical user interface to the model for emergency managers. © 2014 Society for Risk Analysis.

33 CFR 103.400 - General.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime Security (AMS) Assessment § 103.400 General. (a) The Area Maritime Security (AMS) Committee will ensure that a risk based AMS Assessment, is completed and meets the...

Aviation security : TSA has completed key activities associated with implementing secure flight, but additional actions are needed to mitigate risks.

DOT National Transportation Integrated Search

2009-05-01

To enhance aviation security, the Department of Homeland Securitys (DHS) Transportation Security Administration (TSA) developed a programknown as Secure Flightto assume from air carriers the function of matching passenger information against...

Security culture for nuclear facilities

NASA Astrophysics Data System (ADS)

Gupta, Deeksha; Bajramovic, Edita

2017-01-01

Natural radioactive elements are part of our environment and radioactivity is a natural phenomenon. There are numerous beneficial applications of radioactive elements (radioisotopes) and radiation, starting from power generation to usages in medical, industrial and agriculture applications. But the risk of radiation exposure is always attached to operational workers, the public and the environment. Hence, this risk has to be assessed and controlled. The main goal of safety and security measures is to protect human life, health, and the environment. Currently, nuclear security considerations became essential along with nuclear safety as nuclear facilities are facing rapidly increase in cybersecurity risks. Therefore, prevention and adequate protection of nuclear facilities from cyberattacks is the major task. Historically, nuclear safety is well defined by IAEA guidelines while nuclear security is just gradually being addressed by some new guidance, especially the IAEA Nuclear Security Series (NSS), IEC 62645 and some national regulations. At the overall level, IAEA NSS 7 describes nuclear security as deterrence and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer or other malicious acts involving nuclear, other radioactive substances and their associated facilities. Nuclear security should be included throughout nuclear facilities. Proper implementation of a nuclear security culture leads to staff vigilance and a high level of security posture. Nuclear security also depends on policy makers, regulators, managers, individual employees and members of public. Therefore, proper education and security awareness are essential in keeping nuclear facilities safe and secure.

Recovery-oriented care in a secure mental health setting: "striving for a good life".

PubMed

McKenna, Brian; Furness, Trentham; Dhital, Deepa; Park, Malcolm; Connally, Fiona

2014-01-01

Recovery-oriented care acknowledges the unique journey of the consumer to regain control of his or her life in order to live a good life. Recovery has become a dominant policy-directed model of mental health service delivery. Even services that have traditionally been institutional and custodial have been challenged to embrace a recovery-oriented model. The aim of this qualitative study was to provide a description of service delivery in a secure in-patient mental health service, which has developed a self-professed recovery-oriented model of service delivery. An in-depth case study of the secure in-patient service using an exploratory research design was undertaken to meet the aim of this study. Qualitative data was gathered from interviews with consumers and staff (n = 15) and a focus group with carers (n = 5). Data were analyzed using a content analysis approach. Ethical approval for the study was obtained. The stakeholders readily described the secure service within recovery domains. They described a common vision; ways to promote hope and autonomy; examples of collaborative partnership which enhanced the goal of community integration; a focus on strength-based, holistic care; and the management of risk by taking calculated risks. Discrepancies in the perceptions of stakeholders were determined. This case study research provides a demonstrable example of recovery-in-action in one secure mental health service in Australia. It is intended to assist mental health services and clinicians seeking guidance in developing strategies for building and maintaining partnerships with consumers and carers in order for secure services to become truly recovery-oriented.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Laughlin, Gary L.

The International, Homeland, and Nuclear Security (IHNS) Program Management Unit (PMU) oversees a broad portfolio of Sandia’s programs in areas ranging from global nuclear security to critical asset protection. We use science and technology, innovative research, and global engagement to counter threats, reduce dangers, and respond to disasters. The PMU draws on the skills of scientists and engineers from across Sandia. Our programs focus on protecting US government installations, safeguarding nuclear weapons and materials, facilitating nonproliferation activities, securing infrastructures, countering chemical and biological dangers, and reducing the risk of terrorist threats. We conduct research in risk and threat analysis, monitoringmore » and detection, decontamination and recovery, and situational awareness. We develop technologies for verifying arms control agreements, neutralizing dangerous materials, detecting intruders, and strengthening resiliency. Our programs use Sandia’s High-Performance Computing resources for predictive modeling and simulation of interdependent systems, for modeling dynamic threats and forecasting adaptive behavior, and for enabling decision support and processing large cyber data streams. In this report, we highlight four advanced computation projects that illustrate the breadth of the IHNS mission space.« less

[A systemic risk analysis of hospital management processes by medical employees--an effective basis for improving patient safety].

PubMed

Sobottka, Stephan B; Eberlein-Gonska, Maria; Schackert, Gabriele; Töpfer, Armin

2009-01-01

Due to the knowledge gap that exists between patients and health care staff the quality of medical treatment usually cannot be assessed securely by patients. For an optimization of safety in treatment-related processes of medical care, the medical staff needs to be actively involved in preventive and proactive quality management. Using voluntary, confidential and non-punitive systematic employee surveys, vulnerable topics and areas in patient care revealing preventable risks can be identified at an early stage. Preventive measures to continuously optimize treatment quality can be defined by creating a risk portfolio and a priority list of vulnerable topics. Whereas critical incident reporting systems are suitable for continuous risk assessment by detecting safety-relevant single events, employee surveys permit to conduct a systematic risk analysis of all treatment-related processes of patient care at any given point in time.

[Risk management--a new aspect of quality assessment in intensive care medicine: first results of an analysis of the DIVI's interdisciplinary quality assessment research group].

PubMed

Stiletto, R; Röthke, M; Schäfer, E; Lefering, R; Waydhas, Ch

2006-10-01

Patient security has become one of the major aspects of clinical management in recent years. The crucial point in research was focused on malpractice. In contradiction to the economic process in non medical fields, the analysis of errors during the in-patient treatment time was neglected. Patient risk management can be defined as a structured procedure in a clinical unit with the aim to reduce harmful events. A risk point model was created based on a Delphi process and founded on the DIVI data register. The risk point model was evaluated in clinically working ICU departments participating in the register data base. The results of the risk point evaluation will be integrated in the next data base update. This might be a step to improve the reliability of the register to measure quality assessment in the ICU.

17 CFR 23.609 - Clearing member risk management.

Code of Federal Regulations, 2014 CFR

2014-04-01

... management. 23.609 Section 23.609 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION... Clearing member risk management. (a) With respect to clearing activities in futures, security futures...) Monitor for adherence to the risk-based limits intra-day and overnight; (4) Conduct stress tests under...

17 CFR 23.609 - Clearing member risk management.

Code of Federal Regulations, 2013 CFR

2013-04-01

... management. 23.609 Section 23.609 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION... Clearing member risk management. (a) With respect to clearing activities in futures, security futures...) Monitor for adherence to the risk-based limits intra-day and overnight; (4) Conduct stress tests under...

Threats to information security of real-time disease surveillance systems.

PubMed

Henriksen, Eva; Johansen, Monika A; Baardsgaard, Anders; Bellika, Johan G

2009-01-01

This paper presents the main results from a qualitative risk assessment of information security aspects for a new real-time disease surveillance approach in general, and for the Snow surveillance system in particular. All possible security threats and acceptable solutions, and the implications these solutions had to the design of the system, were discussed. Approximately 30 threats were identified. None of these got an unacceptable high risk level originally, but two got medium risk level, of which one was concluded to be unacceptable after further investigation. Of the remaining low risk threats, some have severe consequence, thus requiring particular assessment. Since it is very important to identify and solve all security threats before real-time solutions can be used in a wide scale, additional investigations are needed.

Security controls in an integrated Biobank to protect privacy in data sharing: rationale and study design.

PubMed

Takai-Igarashi, Takako; Kinoshita, Kengo; Nagasaki, Masao; Ogishima, Soichi; Nakamura, Naoki; Nagase, Sachiko; Nagaie, Satoshi; Saito, Tomo; Nagami, Fuji; Minegishi, Naoko; Suzuki, Yoichi; Suzuki, Kichiya; Hashizume, Hiroaki; Kuriyama, Shinichi; Hozawa, Atsushi; Yaegashi, Nobuo; Kure, Shigeo; Tamiya, Gen; Kawaguchi, Yoshio; Tanaka, Hiroshi; Yamamoto, Masayuki

2017-07-06

With the goal of realizing genome-based personalized healthcare, we have developed a biobank that integrates personal health, genome, and omics data along with biospecimens donated by volunteers of 150,000. Such a large-scale of data integration involves obvious risks of privacy violation. The research use of personal genome and health information is a topic of global discussion with regard to the protection of privacy while promoting scientific advancement. The present paper reports on our plans, current attempts, and accomplishments in addressing security problems involved in data sharing to ensure donor privacy while promoting scientific advancement. Biospecimens and data have been collected in prospective cohort studies with the comprehensive agreement. The sample size of 150,000 participants was required for multiple researches including genome-wide screening of gene by environment interactions, haplotype phasing, and parametric linkage analysis. We established the T ohoku M edical M egabank (TMM) data sharing policy: a privacy protection rule that requires physical, personnel, and technological safeguards against privacy violation regarding the use and sharing of data. The proposed policy refers to that of NCBI and that of the Sanger Institute. The proposed policy classifies shared data according to the strength of re-identification risks. Local committees organized by TMM evaluate re-identification risk and assign a security category to a dataset. Every dataset is stored in an assigned segment of a supercomputer in accordance with its security category. A security manager should be designated to handle all security problems at individual data use locations. The proposed policy requires closed networks and IP-VPN remote connections. The mission of the biobank is to distribute biological resources most productively. This mission motivated us to collect biospecimens and health data and simultaneously analyze genome/omics data in-house. The biobank also has the mission of improving the quality and quantity of the contents of the biobank. This motivated us to request users to share the results of their research as feedback to the biobank. The TMM data sharing policy has tackled every security problem originating with the missions. We believe our current implementation to be the best way to protect privacy in data sharing.

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2012 CFR

2012-01-01

... risks. C. Manage and Control Risk. Each bank shall: 1. Design its information security program to... A. Involve the Board of Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service...) Aggregate information, such as the mean credit score, derived from a group of consumer reports; or (B) Blind...

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... risks. C. Manage and Control Risk. Each bank shall: 1. Design its information security program to... A. Involve the Board of Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service...) Aggregate information, such as the mean credit score, derived from a group of consumer reports; or (B) Blind...

Governing through time: preparing for future threats to health and security.

PubMed

Samimian-Darash, Limor

2011-09-01

During preparations for the Second Gulf War, Israel considered universal smallpox vaccination. In doing so, it faced a problem: how to legitimise carrying out a security action against an uncertain future danger (smallpox pandemic), when this action carried specific, known risks (vaccine complications). To solve this problem, the Israeli preparedness system created a new domain through which the security action could reach its goal with minimum risk: first responders (a group of medical personnel and security forces). First-responder vaccination represents a shift in the form of 'securing health' and in the governmental technology applied to this goal, in which past, present, and future occurrences are governed to enable the execution of a security action. Through this practice, risks are not located in the present or in the future but in a 'shared' temporal space and thus can be seen as existing simultaneously. Preparedness for emerging future biological events, then, involves more than questioning how the future is contingent on the present and how the present is contingent on the future's perception; it also recognises the need for a new time positioning that allows operating on both present and future risks simultaneously. Governing these risks, then, means governing through time. © 2011 The Author. Sociology of Health & Illness © 2011 Foundation for the Sociology of Health & Illness/Blackwell Publishing Ltd.

Risk to Water Security on Small Islands

NASA Astrophysics Data System (ADS)

Holding, S. T.; Allen, D. M.

2013-12-01

The majority of fresh water available on small islands is shallow groundwater that forms a freshwater lens. Freshwater lenses are generally limited in extent and as such are vulnerable to many stressors that impact water security. These include stressors related to climate change, such as sea level rise, as well as those related to human impacts, such as contamination. Traditionally, water security assessments have focussed on indicators that provide a snapshot of the current condition. However, recent work suggests that in order to effectively manage the water system, it is also important to consider uncertain future impacts to the system by evaluating how different stressors might impact water security. In this study, a framework for assessing risk to water security was developed and tested on Andros Island in The Bahamas. The assessment comprises two main components that characterise the water system: numerical modelling studies and a hazard survey. A baseline numerical model of the freshwater lens throughout Andros Island was developed to simulate the morphology of the freshwater lens and estimate the freshwater resources currently available. The model was prepared using SEAWAT, a density-dependent flow and solute transport code. Various stressors were simulated in the model to evaluate the response of the freshwater lens to predicted future shifts in climate patterns, sea level rise, and changes in water use. A hazard survey was also conducted on the island to collect information related to the storage of contaminants, sanitation infrastructure, waste disposal practices and groundwater abstraction rates. The results of the survey form a geo-spatial database of the location and associated hazards to the freshwater lens. The resulting risk framework provides a ranking of overall risk to water security based on information from the numerical modelling and hazard survey. The risk framework is implemented in a Geographic Information System (GIS) and provides a map of the risk to water security throughout Andros Island. It evaluates risk to water security for current and future scenarios and will enable water resource managers to effectively adapt to future impacts on water security.

Food security and food insecurity in Europe: An analysis of the academic discourse (1975-2013).

PubMed

Borch, Anita; Kjærnes, Unni

2016-08-01

In this paper we address the academic discourse on food insecurity and food security in Europe as expressed in articles published in scientific journals in the period 1975 to 2013. The analysis indicates that little knowledge has been produced on this subject, and that the limited research that has been produced tends to focus on the production of food rather than on people's access to food. The lack of knowledge about European food insecurity is particularly alarming in these times, which are characterised by increasing social inequalities and poverty, as well as shifting policy regimes. More empirical, comparative and longitudinal research is needed to survey the extent of food security problems across European countries over time. There is also a need to identify groups at risk of food insecurity as well as legal, economic, practical, social, and psychological constraints hindering access to appropriate and sufficient food. Copyright © 2016 Elsevier Ltd. All rights reserved.

Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Greitzer, Frank L.; Frincke, Deborah A.

2010-09-01

The purpose of this chapter is to motivate the combination of traditional cyber security audit data with psychosocial data, so as to move from an insider threat detection stance to one that enables prediction of potential insider presence. Two distinctive aspects of the approach are the objective of predicting or anticipating potential risks and the use of organizational data in addition to cyber data to support the analysis. The chapter describes the challenges of this endeavor and progress in defining a usable set of predictive indicators, developing a framework for integrating the analysis of organizational and cyber security data tomore » yield predictions about possible insider exploits, and developing the knowledge base and reasoning capability of the system. We also outline the types of errors that one expects in a predictive system versus a detection system and discuss how those errors can affect the usefulness of the results.« less

Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo

2006-01-01

The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglectedmore » or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .« less

Reducing the Risk of Dangerous Chemicals Getting into the Wrong Hands

ERIC Educational Resources Information Center

Matthews, Nancy

2008-01-01

Under the Department of Homeland Security (DHS) Appropriations Act of 2007, DHS has the authority and funding to regulate security at facilities storing chemicals considered to be high-risk (P. L. 109-295, Section 550). This article discusses the Department's efforts to enhance the security of facilities that store chemicals that could be stolen…

75 FR 77305 - Security-Based Swap Data Repository Registration, Duties, and Core Principles

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-10

... authorities can access and analyze the data from secure, central locations to better monitor for systemic risk... authorities information to help limit systemic risk and by promoting stability through enhanced transparency...) performing market surveillance, prudential supervision, and macroprudential (systemic risk) supervision; and...

17 CFR 38.255 - Risk controls for trading.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 1 2013-04-01 2013-04-01 false Risk controls for trading. 38.255 Section 38.255 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION DESIGNATED CONTRACT MARKETS Prevention of Market Disruption § 38.255 Risk controls for trading. The designated...

17 CFR 38.255 - Risk controls for trading.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 1 2014-04-01 2014-04-01 false Risk controls for trading. 38.255 Section 38.255 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION DESIGNATED CONTRACT MARKETS Prevention of Market Disruption § 38.255 Risk controls for trading. The designated...

12 CFR 234.4 - Standards for central securities depositories and central counterparties.

Code of Federal Regulations, 2013 CFR

2013-01-01

... it meets or exceeds the following risk-management standards with respect to the payment, clearing... central counterparty's risk-management procedures. (9) The central securities depository or central... plausible market conditions. (b) The Board, by order, may apply heightened risk-management standards to a...

12 CFR 234.4 - Standards for central securities depositories and central counterparties.

Code of Federal Regulations, 2014 CFR

2014-01-01

... it meets or exceeds the following risk-management standards with respect to the payment, clearing... central counterparty's risk-management procedures. (9) The central securities depository or central... plausible market conditions. (b) The Board, by order, may apply heightened risk-management standards to a...

Access to healthcare and financial risk protection for older adults in Mexico: secondary data analysis of a national survey.

PubMed

Doubova, Svetlana V; Pérez-Cuevas, Ricardo; Canning, David; Reich, Michael R

2015-07-21

While the benefits of Seguro Popular health insurance in Mexico relative to no insurance have been widely documented, little has been reported on its effects relative to the pre-existing Social Security health insurance. We analyse the effects of Social Security and Seguro Popular health insurances in Mexico on access to healthcare of older adults, and on financial risk protection to their households, compared with older adults without health insurance. Secondary data analysis was performed using the 2012 Mexican Survey of Health and Nutrition (ENSANUT). The study population comprised 18,847 older adults and 13,180 households that have an elderly member. The dependent variables were access to healthcare given the reported need, the financial burden imposed by health expenditures measured through catastrophic health-related expenditures, and using savings for health-related expenditures. Separate propensity score matching analyses were conducted for each comparison. The analysis for access was performed at the individual level, and the analysis for financial burden at the household level. In each case, matching on a wide set of relevant characteristics was achieved. Seguro Popular showed a protective effect against lack of access to healthcare for older adults compared with those with no insurance. The average treatment effect on the treated (ATET) was ascertained through using the nearest-neighbour matching (-8.1%, t-stat -2.305) analysis. However, Seguro Popular did not show a protective effect against catastrophic expenditures in a household where an older adult lived. Social Security showed increased access to healthcare (ATET -11.3%, t-stat -3.138), and protective effect against catastrophic expenditures for households with an elderly member (ATET -1.9%, t-stat -2.178). Seguro Popular increased access to healthcare for Mexican older adults. Social Security showed a significant protective effect against lack of access and catastrophic expenditures compared with those without health insurance. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

A Method of Signal Scrambling to Secure Data Storage for Healthcare Applications.

PubMed

Bao, Shu-Di; Chen, Meng; Yang, Guang-Zhong

2017-11-01

A body sensor network that consists of wearable and/or implantable biosensors has been an important front-end for collecting personal health records. It is expected that the full integration of outside-hospital personal health information and hospital electronic health records will further promote preventative health services as well as global health. However, the integration and sharing of health information is bound to bring with it security and privacy issues. With extensive development of healthcare applications, security and privacy issues are becoming increasingly important. This paper addresses the potential security risks of healthcare data in Internet-based applications and proposes a method of signal scrambling as an add-on security mechanism in the application layer for a variety of healthcare information, where a piece of tiny data is used to scramble healthcare records. The former is kept locally and the latter, along with security protection, is sent for cloud storage. The tiny data can be derived from a random number generator or even a piece of healthcare data, which makes the method more flexible. The computational complexity and security performance in terms of theoretical and experimental analysis has been investigated to demonstrate the efficiency and effectiveness of the proposed method. The proposed method is applicable to all kinds of data that require extra security protection within complex networks.

Metrics for the National SCADA Test Bed Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Craig, Philip A.; Mortensen, J.; Dagle, Jeffery E.

2008-12-05

The U.S. Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) National SCADA Test Bed (NSTB) Program is providing valuable inputs into the electric industry by performing topical research and development (R&D) to secure next generation and legacy control systems. In addition, the program conducts vulnerability and risk analysis, develops tools, and performs industry liaison, outreach and awareness activities. These activities will enhance the secure and reliable delivery of energy for the United States. This report will describe metrics that could be utilized to provide feedback to help enhance the effectiveness of the NSTB Program.

17 CFR 5.10 - Risk assessment recordkeeping requirements for retail foreign exchange dealers.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Risk assessment recordkeeping requirements for retail foreign exchange dealers. 5.10 Section 5.10 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION OFF-EXCHANGE FOREIGN CURRENCY TRANSACTIONS § 5.10 Risk assessment...

17 CFR 5.11 - Risk assessment reporting requirements for retail foreign exchange dealers.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Risk assessment reporting requirements for retail foreign exchange dealers. 5.11 Section 5.11 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION OFF-EXCHANGE FOREIGN CURRENCY TRANSACTIONS § 5.11 Risk assessment...

17 CFR 37.405 - Risk controls for trading.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 1 2014-04-01 2014-04-01 false Risk controls for trading. 37.405 Section 37.405 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION SWAP EXECUTION FACILITIES Monitoring of Trading and Trade Processing § 37.405 Risk controls for trading. The swap...

The long darkness: Psychological and moral perspectives on nuclear winter

DOE Office of Scientific and Technical Information (OSTI.GOV)

Grinspoon, L.

1986-01-01

This book presents papers on the risks of nuclear weapons. Topics considered include nuclear war and climatic catastrophe, evolutionary and developmental considerations, a biological comment on Erikson's notion of pseudospeciation, national security, unexamined assumptions and inescapable consequences, opposing the nuclear threat (the convergence of moral analysis and empirical data), and nuclear winter.

Identification d'indicateurs de risque des populations victimes de conflits par imagerie satellitaire. Etude de cas: Le nord de l'Irak

NASA Astrophysics Data System (ADS)

Mubareka, Sarah Betoul

Remote sensing and security, terms which are not usually associated, have found a common platform this decade with the conjuring of the GMOSS network (Global Monitoring for Security and Stability), whose mandate is to discover new applications for satellite-derived imagery to security issues. This study focuses on human security, concentrating on the characterisation of vulnerable areas to conflict. A time-series of satellite imagery taken from Landsat sensors from 1987 to 2001 and the SRTM mission imagery are used for this purpose over a site in northern Iraq. Human security issues include the exposure to any type of hazard. The region of study is first characterised in order to understand which hazards are and were present in the past for the region of study. The principal hazard for the region of study is armed conflict and the relative field data was analysed to determine the links between geographical indicators and vulnerable areas. This is done through historical research and the study of open-sourced information about disease outbreaks; the movements of refugees and the internally displaced; and humanitarian aid and security issues. These open sources offer information which are not always consistent, objective, or normalized and are therefore difficult to quantify. A method for the rapid mapping and graphing and subsequent analysis of the situation in a region where limited information is available is developed. This information is coupled with population numbers to create a "risk map": A disaggregated matrix of areas most at risk during conflict situations. The results show that describing the risk factor for a population to the hazard conflict depends on three complex indicators: Population density, remoteness and economic diversity. Each of these complex indicators is then derived from Landsat and SRTM imagery and a satellite-driven model is formulated. This model based on satellite imagery is applied to the study site for a temporal study. The output are three 90 m x 90 m resolution grids which describe, at a pixel level, the risk level within the region for each of the dates studies, and the changes which occur in northern Iraq as the result of the Anfal Campaigns. Results show that satellite imagery, with a minimum of processing, can yield indicators for characterising risk in a region. Although by no means a replacement for field data, this technological source, in the absence of local knowledge, can provide users with a starting point in understanding which areas are most at risk within a region. If this data is coupled with open sourced information such as political and cultural discrimination, economy and agricultural practices, a fairly accurate risk map can be generated in the absence of field data. Keywords. SRTM, Landsat, risk indicators, Iraq, conflict, population vulnerability, segmentation, land-use, fuzzy-classification, atmospheric corrections.

Privacy and Security Issues Surrounding the Protection of Data Generated by Continuous Glucose Monitors.

PubMed

Britton, Katherine E; Britton-Colonnese, Jennifer D

2017-03-01

Being able to track, analyze, and use data from continuous glucose monitors (CGMs) and through platforms and apps that communicate with CGMs helps achieve better outcomes and can advance the understanding of diabetes. The risks to patients' expectation of privacy are great, and their ability to control how their information is collected, stored, and used is virtually nonexistent. Patients' physical security is also at risk if adequate cybersecurity measures are not taken. Currently, data privacy and security protections are not robust enough to address the privacy and security risks and stymies the current and future benefits of CGM and the platforms and apps that communicate with them.

Privacy and Security Issues Surrounding the Protection of Data Generated by Continuous Glucose Monitors

PubMed Central

Britton, Katherine E.; Britton-Colonnese, Jennifer D.

2017-01-01

Being able to track, analyze, and use data from continuous glucose monitors (CGMs) and through platforms and apps that communicate with CGMs helps achieve better outcomes and can advance the understanding of diabetes. The risks to patients’ expectation of privacy are great, and their ability to control how their information is collected, stored, and used is virtually nonexistent. Patients’ physical security is also at risk if adequate cybersecurity measures are not taken. Currently, data privacy and security protections are not robust enough to address the privacy and security risks and stymies the current and future benefits of CGM and the platforms and apps that communicate with them. PMID:28264188

NARRATIVE AND META-ANALYTIC REVIEW OF INTERVENTIONS AIMING TO IMPROVE MATERNAL-CHILD ATTACHMENT SECURITY.

PubMed

Letourneau, Nicole; Tryphonopoulos, Panagiota; Giesbrecht, Gerald; Dennis, Cindy-Lee; Bhogal, Sanjit; Watson, Barry

2015-01-01

Early secure maternal-child attachment relationships lay the foundation for children's healthy social and mental development. Interventions targeting maternal sensitivity and maternal reflective function during the first year of infant life may be the key to promoting secure attachment. We conducted a narrative systematic review and meta-analysis to examine the effectiveness of interventions aimed at promoting maternal sensitivity and reflective function on maternal-child attachment security, as measured by the gold standard Strange Situation (M. Ainsworth, M. Blehar, B. Waters, & S. Wall, 1978) and Q-set (E. Waters & K. Deane, 1985). Studies were identified from electronic database searches and included randomized or quasi-randomized controlled parallel-group designs. Participants were mothers and their infants who were followed up to 36 months' postpartum. Ten trials, involving 1,628 mother-infant pairs, were included. Examination of the trials that provided sufficient data for combination in meta-analysis revealed that interventions of both types increased the odds of secure maternal-child attachment, as compared with no intervention or standard intervention (n = 7 trials; odds ratio: 2.77; 95% confidence interval: 1.69, 4.53, n = 965). Of the three trials not included in the meta-analyses, two improved the likelihood of secure attachment. We conclude that interventions aimed at improving maternal sensitivity alone or in combination with maternal reflection, implemented in the first year of infants' lives, are effective in promoting secure maternal-child attachments. Intervention aimed at the highest risk families produced the most beneficial effects. © 2015 Michigan Association for Infant Mental Health.

[System construction of early warning for ecological security at cultural and natural heritage mixed sites and its application: a case study of Wuyishan Scenery District].

PubMed

You, Wei-Bin; He, Dong-Jin; Qin, De-Hua; Ji, Zhi-Rong; Wu, Li-Yun; Yu, Jian-An; Chen, Bing-Rong; Tan, Yong

2014-05-01

This paper proposed a new concept of ecological security for protection by a comprehensive analysis of the contents and standards of world heritage sites. A frame concept model named "Pressure-State-Control" for early warning of ecological security at world heritage mixed sites was constructed and evaluation indicators of this frame were also selected. Wuyishan Scenery District was chosen for a case study, which has been severely disturbed by natural and artificial factors. Based on the frame model of "Pressure-State-Control" and by employing extension analysis, the matter-element model was established to assess the ecological security status of this cultural and natural world heritage mixed site. The results showed that the accuracy of ecological security early warning reached 84%. Early warning rank was I level (no alert status) in 1997 and 2009, but that in 2009 had a higher possibility to convert into II level. Likewise, the early-warning indices of sensitive ranks were different between 1997 and 2009. Population density, population growth rate, area index for tea garden, cultivated land owned per capita, level of drought, and investment for ecological and environmental construction were the main limiting factors to hinder the development of ecological security from 2009 to future. In general, the status of Wuyishan Scenery District ecological security was relatively good and considered as no alert level, while risk conditions also existed in terms of a few early-warning indicators. We still need to pay more attention to serious alert indicators and adopt effective prevention and control measures to maintain a good ecological security status of this heritage site.

Building a Secure Library System.

ERIC Educational Resources Information Center

Benson, Allen C.

1998-01-01

Presents tips for building a secure library system to guard against threats like hackers, viruses, and theft. Topics include: determining what is at risk; recovering from disasters; developing security policies; developing front-end security; securing menu systems; accessing control programs; protecting against damage from viruses; developing…

Security Risk Assessment Process for UAS in the NAS CNPC Architecture

NASA Technical Reports Server (NTRS)

Iannicca, Dennis C.; Young, Dennis P.; Thadani, Suresh K.; Winter, Gilbert A.

2013-01-01

This informational paper discusses the risk assessment process conducted to analyze Control and Non-Payload Communications (CNPC) architectures for integrating civil Unmanned Aircraft Systems (UAS) into the National Airspace System (NAS). The assessment employs the National Institute of Standards and Technology (NIST) Risk Management framework to identify threats, vulnerabilities, and risks to these architectures and recommends corresponding mitigating security controls. This process builds upon earlier work performed by RTCA Special Committee (SC) 203 and the Federal Aviation Administration (FAA) to roadmap the risk assessment methodology and to identify categories of information security risks that pose a significant impact to aeronautical communications systems. A description of the deviations from the typical process is described in regards to this aeronautical communications system. Due to the sensitive nature of the information, data resulting from the risk assessment pertaining to threats, vulnerabilities, and risks is beyond the scope of this paper.

Security Risk Assessment Process for UAS in the NAS CNPC Architecture

NASA Technical Reports Server (NTRS)

Iannicca, Dennis Christopher; Young, Daniel Paul; Suresh, Thadhani; Winter, Gilbert A.

2013-01-01

This informational paper discusses the risk assessment process conducted to analyze Control and Non-Payload Communications (CNPC) architectures for integrating civil Unmanned Aircraft Systems (UAS) into the National Airspace System (NAS). The assessment employs the National Institute of Standards and Technology (NIST) Risk Management framework to identify threats, vulnerabilities, and risks to these architectures and recommends corresponding mitigating security controls. This process builds upon earlier work performed by RTCA Special Committee (SC) 203 and the Federal Aviation Administration (FAA) to roadmap the risk assessment methodology and to identify categories of information security risks that pose a significant impact to aeronautical communications systems. A description of the deviations from the typical process is described in regards to this aeronautical communications system. Due to the sensitive nature of the information, data resulting from the risk assessment pertaining to threats, vulnerabilities, and risks is beyond the scope of this paper

A randomized controlled trial comparing Circle of Security Intervention and treatment as usual as interventions to increase attachment security in infants of mentally ill mothers: Study Protocol.

PubMed

Ramsauer, Brigitte; Lotzin, Annett; Mühlhan, Christine; Romer, Georg; Nolte, Tobias; Fonagy, Peter; Powell, Bert

2014-01-30

Psychopathology in women after childbirth represents a significant risk factor for parenting and infant mental health. Regarding child development, these infants are at increased risk for developing unfavorable attachment strategies to their mothers and for subsequent behavioral, emotional and cognitive impairments throughout childhood. To date, the specific efficacy of an early attachment-based parenting group intervention under standard clinical outpatient conditions, and the moderators and mediators that promote attachment security in infants of mentally ill mothers, have been poorly evaluated. This randomized controlled clinical trial tests whether promoting attachment security in infancy with the Circle of Security (COS) Intervention will result in a higher rate of securely attached children compared to treatment as usual (TAU). Furthermore, we will determine whether the distributions of securely attached children are moderated or mediated by variations in maternal sensitivity, mentalizing, attachment representations, and psychopathology obtained at baseline and at follow-up. We plan to recruit 80 mother-infant dyads when infants are aged 4-9 months with 40 dyads being randomized to each treatment arm. Infants and mothers will be reassessed when the children are 16-18 months of age. Methodological aspects of the study are systematic recruitment and randomization, explicit inclusion and exclusion criteria, research assessors and coders blinded to treatment allocation, advanced statistical analysis, manualized treatment protocols and assessments of treatment adherence and integrity. The aim of this clinical trial is to determine whether there are specific effects of an attachment-based intervention that promotes attachment security in infants. Additionally, we anticipate being able to utilize data on maternal and child outcome measures to obtain preliminary indications about potential moderators of the intervention and inform hypotheses about which intervention may be most suitable when offered in a clinical psychiatric outpatient context. Current Controlled Trials ISRCTN88988596.

A randomized controlled trial comparing Circle of Security Intervention and treatment as usual as interventions to increase attachment security in infants of mentally ill mothers: Study Protocol

PubMed Central

2014-01-01

Background Psychopathology in women after childbirth represents a significant risk factor for parenting and infant mental health. Regarding child development, these infants are at increased risk for developing unfavorable attachment strategies to their mothers and for subsequent behavioral, emotional and cognitive impairments throughout childhood. To date, the specific efficacy of an early attachment-based parenting group intervention under standard clinical outpatient conditions, and the moderators and mediators that promote attachment security in infants of mentally ill mothers, have been poorly evaluated. Methods/Design This randomized controlled clinical trial tests whether promoting attachment security in infancy with the Circle of Security (COS) Intervention will result in a higher rate of securely attached children compared to treatment as usual (TAU). Furthermore, we will determine whether the distributions of securely attached children are moderated or mediated by variations in maternal sensitivity, mentalizing, attachment representations, and psychopathology obtained at baseline and at follow-up. We plan to recruit 80 mother-infant dyads when infants are aged 4-9 months with 40 dyads being randomized to each treatment arm. Infants and mothers will be reassessed when the children are 16-18 months of age. Methodological aspects of the study are systematic recruitment and randomization, explicit inclusion and exclusion criteria, research assessors and coders blinded to treatment allocation, advanced statistical analysis, manualized treatment protocols and assessments of treatment adherence and integrity. Discussion The aim of this clinical trial is to determine whether there are specific effects of an attachment-based intervention that promotes attachment security in infants. Additionally, we anticipate being able to utilize data on maternal and child outcome measures to obtain preliminary indications about potential moderators of the intervention and inform hypotheses about which intervention may be most suitable when offered in a clinical psychiatric outpatient context. Trial registration Current Controlled Trials ISRCTN88988596 PMID:24476106

Global water risks and national security: Building resilience (Invited)

NASA Astrophysics Data System (ADS)

Pulwarty, R. S.

2013-12-01

The UN defines water security as the capacity of a population to safeguard sustainable access to adequate quantities of acceptable quality water for sustaining livelihoods, human well-being, and socio-economic development, for ensuring protection against water-borne pollution and water-related disasters, and for preserving ecosystems in a climate of peace and political stability. This definition highlights complex and interconnected challenges and underscores the centrality of water for environmental services and human aactivities. Global risks are expressed at the national level. The 2010 Quadrennial Defense Review and the 2010 National Security Strategy identify climate change as likely to trigger outcomes that will threaten U.S. security including how freshwater resources can become a security issue. Impacts will be felt on the National Security interest through water, food and energy security, and critical infrastructure. This recognition focuses the need to consider the rates of change in climate extremes, in the context of more traditional political, economic, and social indicators that inform security analyses. There is a long-standing academic debate over the extent to which resource constraints and environmental challenges lead to inter-state conflict. It is generally recognized that water resources as a security issue to date exists mainly at the substate level and has not led to physical conflict between nation states. In conflict and disaster zones, threats to water security increase through inequitable and difficult access to water supply and related services, which may aggravate existing social fragility, tensions, violence, and conflict. This paper will (1) Outline the dimensions of water security and its links to national security (2) Analyze water footprints and management risks for key basins in the US and around the world, (3) map the link between global water security and national concerns, drawing lessons from the drought of 2012 and elsewhere, and (3) Identify preventable risks, public leadership and private innovation needed for developing adaptive water resource management institutions that take advantage of climate and hydrologic information and changes. The presentation will conclude with a preliminary framework for assessing and implementing water security measures given insecure conditions introduced by a changing climate and in the context of national security.

Brief Report: Attachment Security in Infants At-Risk for Autism Spectrum Disorders

ERIC Educational Resources Information Center

Haltigan, John D.; Ekas, Naomi V.; Seifer, Ronald; Messinger, Daniel S.

2011-01-01

Little is known about attachment security and disorganization in children who are at genetic risk for an Autism Spectrum Disorder (ASD) prior to a possible diagnosis. The present study examined distributions of attachment security and disorganization at 15-months of age in a sample of infant siblings of older children with (ASD-sibs; n = 51) or…

Are food insecurity's health impacts underestimated in the U.S. population? Marginal food security also predicts adverse health outcomes in young U.S. children and mothers.

PubMed

Cook, John T; Black, Maureen; Chilton, Mariana; Cutts, Diana; Ettinger de Cuba, Stephanie; Heeren, Timothy C; Rose-Jacobs, Ruth; Sandel, Megan; Casey, Patrick H; Coleman, Sharon; Weiss, Ingrid; Frank, Deborah A

2013-01-01

This review addresses epidemiological, public health, and social policy implications of categorizing young children and their adult female caregivers in the United States as food secure when they live in households with "marginal food security," as indicated by the U.S. Household Food Security Survey Module. Existing literature shows that households in the US with marginal food security are more like food-insecure households than food-secure households. Similarities include socio-demographic characteristics, psychosocial profiles, and patterns of disease and health risk. Building on existing knowledge, we present new research on associations of marginal food security with health and developmental risks in young children (<48 mo) and health in their female caregivers. Marginal food security is positively associated with adverse health outcomes compared with food security, but the strength of the associations is weaker than that for food insecurity as usually defined in the US. Nonoverlapping CIs, when comparing odds of marginally food-secure children's fair/poor health and developmental risk and caregivers' depressive symptoms and fair/poor health with those in food-secure and -insecure families, indicate associations of marginal food security significantly and distinctly intermediate between those of food security and food insecurity. Evidence from reviewed research and the new research presented indicates that households with marginal food security should not be classified as food secure, as is the current practice, but should be reported in a separate discrete category. These findings highlight the potential underestimation of the prevalence of adverse health outcomes associated with exposure to lack of enough food for an active, healthy life in the US and indicate an even greater need for preventive action and policies to limit and reduce exposure among children and mothers.

Predictors of mother-child interaction quality and child attachment security in at-risk families.

PubMed

De Falco, Simona; Emer, Alessandra; Martini, Laura; Rigo, Paola; Pruner, Sonia; Venuti, Paola

2014-01-01

Child healthy development is largely influenced by parent-child interaction and a secure parent-child attachment is predictively associated with positive outcomes in numerous domains of child development. However, the parent-child relationship can be affected by several psychosocial and socio-demographic risk factors that undermine its quality and in turn play a negative role in short and long term child psychological health. Prevention and intervention programs that support parenting skills in at-risk families can efficiently reduce the impact of risk factors on mother and child psychological health. This study examines predictors of mother-child interaction quality and child attachment security in a sample of first-time mothers with psychosocial and/or socio-demographic risk factors. Forty primiparous women satisfying specific risk criteria participated in a longitudinal study with their children from pregnancy until 18 month of child age. A multiple psychological and socioeconomic assessment was performed. The Emotional Availability Scales were used to measure the quality of emotional exchanges between mother and child at 12 months and the Attachment Q-Sort served as a measure of child attachment security at 18 months. Results highlight both the effect of specific single factors, considered at a continuous level, and the cumulative risk effect of different co-occurring factors, considered at binary level, on mother-child interaction quality and child attachment security. Implication for the selection of inclusion criteria of intervention programs that support parenting skills in at-risk families are discussed.

Plant security during decommissioning; challenges and lessons learned from German phase out decision

DOE Office of Scientific and Technical Information (OSTI.GOV)

Renner, Andrea; Esch, Markus

2013-07-01

Purpose of this paper is to point out the security challenges that may occur during the decommissioning, based on the issues and lessons learned from the German phase out decision. Though national regulations may be different in other countries the basic problems and issues will be the same. Therefore presented solutions will be applicable in other countries as well. The radioactive material remaining at the NPP during decommissioning has the most influence on how the security measures have to be designed. The radioactive material defines the risk potential of the plant and this determines the needed security level. The followingmore » aspects have been challenging in Germany: - Scenarios varying from those, used for plants in operation, due to changed operating conditions - Spent fuel will stay in the spent fuel pool for a quite long period before it can be removed from the plant. Risk potential of the plant stays high and requires a high level of security measures - Security measures according to the existing operating license have to stay in place as they are, unless the first license for decommissioning is given respective the spent fuel is removed from the plant site. This even led to the question if improvements of security measures, planned and announced with focus on a plant remaining in operation for another couple of years, need to be done although they will not be required after removing the spent fuel from the plant. A further important aspect for the security design is the fact that a plant under decommissioning has completely different and strongly varying operating procedures, compared to the stable ones of an operating plant. This leads to different needs concerning workspace, infrastructure on plant site, access to buildings etc. An optimized and highly flexible security concept is needed to ensure an adequate level of security as well as an efficient decommissioning. A deep analysis of the vital plant functions, depending on the different decommissioning stages, is required to determine the vital equipment, its location and its need for protection. (authors)« less

The strategy of training staff for a new type of helicopter as an element of raising the security level of flight operations.

PubMed

Gałązkowski, Robert; Wołkowski, Władysław; Mikos, Marcin; Szajda, Sławomir; Wejnarski, Arkadiusz; Świeżewski, Stanisław Paweł

2015-01-01

In 2008, the Polish Medical Air Rescue started replacing its fleet with modern EC135 machines. To ensure the maximum possible safety of the missions performed both in the period of implementing the change and later on, the management prepared a strategy of training its crews to use the new type of helicopter. The analysis of incidents that occurred during 2006-2009 showed that both the human and the technical factors must be carefully considered. Moreover, a risk analysis was conducted to reduce the risk both during general crew training and in the course of particular flight operations. A four-stage strategy of training pilots and crew members was worked out by weighing up all the risks. The analysis of data from 2010 to 2013 confirmed that the risk connected with flying and with all the activities involved in direct support aircraft operations is under control and lowered to an acceptable level.

The strategy of training staff for a new type of helicopter as an element of raising the security level of flight operations

PubMed Central

Gałązkowski, Robert; Wołkowski, Władysław; Mikos, Marcin; Szajda, Sławomir; Wejnarski, Arkadiusz; Świeżewski, Stanisław Paweł

2015-01-01

In 2008, the Polish Medical Air Rescue started replacing its fleet with modern EC135 machines. To ensure the maximum possible safety of the missions performed both in the period of implementing the change and later on, the management prepared a strategy of training its crews to use the new type of helicopter. The analysis of incidents that occurred during 2006–2009 showed that both the human and the technical factors must be carefully considered. Moreover, a risk analysis was conducted to reduce the risk both during general crew training and in the course of particular flight operations. A four-stage strategy of training pilots and crew members was worked out by weighing up all the risks. The analysis of data from 2010 to 2013 confirmed that the risk connected with flying and with all the activities involved in direct support aircraft operations is under control and lowered to an acceptable level. PMID:26694009

Food insecurity is associated with high risk glycemic control and higher health care utilization among youth and young adults with type 1 diabetes.

PubMed

Mendoza, Jason A; Haaland, Wren; D'Agostino, Ralph B; Martini, Lauren; Pihoker, Catherine; Frongillo, Edward A; Mayer-Davis, Elizabeth J; Liu, Lenna L; Dabelea, Dana; Lawrence, Jean M; Liese, Angela D

2018-04-01

Household food insecurity (FI), i.e., limited availability of nutritionally adequate foods, is associated with poor glycemic control among adults with type 2 diabetes. We evaluated the association of FI among youth and young adults (YYA) with type 1 diabetes to inform recent clinical recommendations from the American Diabetes Association for providers to screen all patients with diabetes for FI. Using data from the Washington and South Carolina SEARCH for Diabetes in Youth Study sites, we conducted an observational, cross-sectional evaluation of associations between FI and glycemic control, hospitalizations, and emergency department (ED) visits among YYA with type 1 diabetes. FI was assessed using the Household Food Security Survey Module, which queries conditions and behaviors typical of households unable to meet basic food needs. Participants' HbA 1c were measured from blood drawn at the research visit; socio-demographics and medical history were collected by survey. The prevalence of FI was 19.5%. In adjusted logistic regression analysis, YYAs from food-insecure households had 2.37 higher odds (95% CI: 1.10, 5.09) of high risk glycemic control, i.e., HbA 1c >9.0%, vs. peers from food-secure households. In adjusted binomial regression analysis for ED visits, YYAs from food-insecure households had an adjusted prevalence rate that was 2.95 times (95% CI [1.17, 7.45]) as great as those from food secure households. FI was associated with high risk glycemic control and more ED visits. Targeted efforts should be developed and tested to alleviate FI among YYA with type 1 diabetes. Copyright © 2018 Elsevier B.V. All rights reserved.

Examining Ecological Constraints on the Intergenerational Transmission of Attachment Via Individual Participant Data Meta-analysis.

PubMed

Verhage, Marije L; Fearon, R M Pasco; Schuengel, Carlo; van IJzendoorn, Marinus H; Bakermans-Kranenburg, Marian J; Madigan, Sheri; Roisman, Glenn I; Oosterman, Mirjam; Behrens, Kazuko Y; Wong, Maria S; Mangelsdorf, Sarah; Priddis, Lynn E; Brisch, Karl-Heinz

2018-05-09

Parents' attachment representations and child-parent attachment have been shown to be associated, but these associations vary across populations (Verhage et al., 2016). The current study examined whether ecological factors may explain variability in the strength of intergenerational transmission of attachment, using individual participant data (IPD) meta-analysis. Analyses on 4,396 parent-child dyads (58 studies, child age 11-96 months) revealed a combined effect size of r = .29. IPD meta-analyses revealed that effect sizes for the transmission of autonomous-secure representations to secure attachments were weaker under risk conditions and weaker in adolescent parent-child dyads, whereas transmission was stronger for older children. Findings support the ecological constraints hypothesis on attachment transmission. Implications for attachment theory and the use of IPD meta-analysis are discussed. © 2018 The Authors. Child Development published by Wiley Periodicals, Inc. on behalf of Society for Research in Child Development.

48 CFR 1352.237-72 - Security processing requirements-national security contracts.

Code of Federal Regulations, 2010 CFR

2010-10-01

.... National Security Contracts require contractor employees to gain access to national security information in.... (c) Security Procedures. Position sensitivity/risk assessments must be conducted on all functions... same manner as assessment of those functions performed by government employees. The Contracting Officer...

48 CFR 1352.237-72 - Security processing requirements-national security contracts.

Code of Federal Regulations, 2012 CFR

2012-10-01

.... National Security Contracts require contractor employees to gain access to national security information in.... (c) Security procedures. Position sensitivity/risk assessments must be conducted on all functions... same manner as assessment of those functions performed by government employees. The Contracting Officer...

48 CFR 1352.237-72 - Security processing requirements-national security contracts.

Code of Federal Regulations, 2014 CFR

2014-10-01

.... National Security Contracts require contractor employees to gain access to national security information in.... (c) Security procedures. Position sensitivity/risk assessments must be conducted on all functions... same manner as assessment of those functions performed by government employees. The Contracting Officer...

48 CFR 1352.237-72 - Security processing requirements-national security contracts.

Code of Federal Regulations, 2011 CFR

2011-10-01

.... National Security Contracts require contractor employees to gain access to national security information in.... (c) Security Procedures. Position sensitivity/risk assessments must be conducted on all functions... same manner as assessment of those functions performed by government employees. The Contracting Officer...

Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes

PubMed Central

2018-01-01

The Internet of Things (IoT) is an emerging paradigm focusing on the connection of devices, objects, or “things” to each other, to the Internet, and to users. IoT technology is anticipated to become an essential requirement in the development of smart homes, as it offers convenience and efficiency to home residents so that they can achieve better quality of life. Application of the IoT model to smart homes, by connecting objects to the Internet, poses new security and privacy challenges in terms of the confidentiality, authenticity, and integrity of the data sensed, collected, and exchanged by the IoT objects. These challenges make smart homes extremely vulnerable to different types of security attacks, resulting in IoT-based smart homes being insecure. Therefore, it is necessary to identify the possible security risks to develop a complete picture of the security status of smart homes. This article applies the operationally critical threat, asset, and vulnerability evaluation (OCTAVE) methodology, known as OCTAVE Allegro, to assess the security risks of smart homes. The OCTAVE Allegro method focuses on information assets and considers different information containers such as databases, physical papers, and humans. The key goals of this study are to highlight the various security vulnerabilities of IoT-based smart homes, to present the risks on home inhabitants, and to propose approaches to mitigating the identified risks. The research findings can be used as a foundation for improving the security requirements of IoT-based smart homes. PMID:29518023

Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes.

PubMed

Ali, Bako; Awad, Ali Ismail

2018-03-08

The Internet of Things (IoT) is an emerging paradigm focusing on the connection of devices, objects, or "things" to each other, to the Internet, and to users. IoT technology is anticipated to become an essential requirement in the development of smart homes, as it offers convenience and efficiency to home residents so that they can achieve better quality of life. Application of the IoT model to smart homes, by connecting objects to the Internet, poses new security and privacy challenges in terms of the confidentiality, authenticity, and integrity of the data sensed, collected, and exchanged by the IoT objects. These challenges make smart homes extremely vulnerable to different types of security attacks, resulting in IoT-based smart homes being insecure. Therefore, it is necessary to identify the possible security risks to develop a complete picture of the security status of smart homes. This article applies the operationally critical threat, asset, and vulnerability evaluation (OCTAVE) methodology, known as OCTAVE Allegro, to assess the security risks of smart homes. The OCTAVE Allegro method focuses on information assets and considers different information containers such as databases, physical papers, and humans. The key goals of this study are to highlight the various security vulnerabilities of IoT-based smart homes, to present the risks on home inhabitants, and to propose approaches to mitigating the identified risks. The research findings can be used as a foundation for improving the security requirements of IoT-based smart homes.

[The urgent problems of the improvement of the environment management system based on the analysis of health risk assessment].

PubMed

Avaliani, S L; Novikov, S M; Shashina, T A; Dodina, N S; Kislitsin, V A; Mishina, A L

2014-01-01

The lack of adequate legislative and regulatory framework for ensuring minimization of the health risks in the field of environmental protection is the obstacle for the application of the risk analysis methodology as a leading tool for administrative activity in Russia. "Principles of the state policy in the sphere of ensuring chemical and biological safety of the Russian Federation for the period up to 2025 and beyond", approved by the President of the Russian Federation on 01 November 2013, No PR-25 73, are aimed at the legal support for the health risk analysis methodology. In the article there have been supposed the main stages of the operative control of the environmental quality, which lead to the reduction of the health risk to the acceptable level. The further improvement of the health risk analysis methodology in Russia should contribute to the implementation of the state policy in the sphere of chemical and biological safety through the introduction of complex measures on neutralization of chemical and biological threats to the human health and the environment, as well as evaluation of the economic effectiveness of these measures. The primary step should be the legislative securing of the quantitative value for the term: "acceptable risk".

Data Hemorrhages in the Health-Care Sector

NASA Astrophysics Data System (ADS)

Johnson, M. Eric

Confidential data hemorrhaging from health-care providers pose financial risks to firms and medical risks to patients. We examine the consequences of data hemorrhages including privacy violations, medical fraud, financial identity theft, and medical identity theft. We also examine the types and sources of data hemorrhages, focusing on inadvertent disclosures. Through an analysis of leaked files, we examine data hemorrhages stemming from inadvertent disclosures on internet-based file sharing networks. We characterize the security risk for a group of health-care organizations using a direct analysis of leaked files. These files contained highly sensitive medical and personal information that could be maliciously exploited by criminals seeking to commit medical and financial identity theft. We also present evidence of the threat by examining user-issued searches. Our analysis demonstrates both the substantial threat and vulnerability for the health-care sector and the unique complexity exhibited by the US health-care system.

Protecting Privacy of Shared Epidemiologic Data without Compromising Analysis Potential

DOE PAGES

Cologne, John; Grant, Eric J.; Nakashima, Eiji; ...

2012-01-01

Objective . Ensuring privacy of research subjects when epidemiologic data are shared with outside collaborators involves masking (modifying) the data, but overmasking can compromise utility (analysis potential). Methods of statistical disclosure control for protecting privacy may be impractical for individual researchers involved in small-scale collaborations. Methods . We investigated a simple approach based on measures of disclosure risk and analytical utility that are straightforward for epidemiologic researchers to derive. The method is illustrated using data from the Japanese Atomic-bomb Survivor population. Results . Masking by modest rounding did not adequately enhance security but rounding to remove several digits of relativemore » accuracy effectively reduced the risk of identification without substantially reducing utility. Grouping or adding random noise led to noticeable bias. Conclusions . When sharing epidemiologic data, it is recommended that masking be performed using rounding. Specific treatment should be determined separately in individual situations after consideration of the disclosure risks and analysis needs.« less

Protecting Privacy of Shared Epidemiologic Data without Compromising Analysis Potential

PubMed Central

Cologne, John; Grant, Eric J.; Nakashima, Eiji; Chen, Yun; Funamoto, Sachiyo; Katayama, Hiroaki

2012-01-01

Objective. Ensuring privacy of research subjects when epidemiologic data are shared with outside collaborators involves masking (modifying) the data, but overmasking can compromise utility (analysis potential). Methods of statistical disclosure control for protecting privacy may be impractical for individual researchers involved in small-scale collaborations. Methods. We investigated a simple approach based on measures of disclosure risk and analytical utility that are straightforward for epidemiologic researchers to derive. The method is illustrated using data from the Japanese Atomic-bomb Survivor population. Results. Masking by modest rounding did not adequately enhance security but rounding to remove several digits of relative accuracy effectively reduced the risk of identification without substantially reducing utility. Grouping or adding random noise led to noticeable bias. Conclusions. When sharing epidemiologic data, it is recommended that masking be performed using rounding. Specific treatment should be determined separately in individual situations after consideration of the disclosure risks and analysis needs. PMID:22505949

Protecting privacy of shared epidemiologic data without compromising analysis potential.

PubMed

Cologne, John; Grant, Eric J; Nakashima, Eiji; Chen, Yun; Funamoto, Sachiyo; Katayama, Hiroaki

2012-01-01

Ensuring privacy of research subjects when epidemiologic data are shared with outside collaborators involves masking (modifying) the data, but overmasking can compromise utility (analysis potential). Methods of statistical disclosure control for protecting privacy may be impractical for individual researchers involved in small-scale collaborations. We investigated a simple approach based on measures of disclosure risk and analytical utility that are straightforward for epidemiologic researchers to derive. The method is illustrated using data from the Japanese Atomic-bomb Survivor population. Masking by modest rounding did not adequately enhance security but rounding to remove several digits of relative accuracy effectively reduced the risk of identification without substantially reducing utility. Grouping or adding random noise led to noticeable bias. When sharing epidemiologic data, it is recommended that masking be performed using rounding. Specific treatment should be determined separately in individual situations after consideration of the disclosure risks and analysis needs.

Risk assessment of climate systems for national security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Backus, George A.; Boslough, Mark Bruce Elrick; Brown, Theresa Jean

2012-10-01

Climate change, through drought, flooding, storms, heat waves, and melting Arctic ice, affects the production and flow of resource within and among geographical regions. The interactions among governments, populations, and sectors of the economy require integrated assessment based on risk, through uncertainty quantification (UQ). This project evaluated the capabilities with Sandia National Laboratories to perform such integrated analyses, as they relate to (inter)national security. The combining of the UQ results from climate models with hydrological and economic/infrastructure impact modeling appears to offer the best capability for national security risk assessments.

12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2014 CFR

2014-01-01

.... Design its information security program to control the identified risks, commensurate with the... Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the... score, derived from a group of consumer reports; or (B) Blind data, such as payment history on accounts...

12 CFR Appendix D-2 to Part 208 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

.... Design its information security program to control the identified risks, commensurate with the... Directors B. Assess Risk C. Manage and Control Risk D. Oversee Service Provider Arrangements E. Adjust the... score, derived from a group of consumer reports; or (B) Blind data, such as payment history on accounts...

Aviation Security, Risk Assessment, and Risk Aversion for Public Decisionmaking

ERIC Educational Resources Information Center

Stewart, Mark G.; Mueller, John

2013-01-01

This paper estimates risk reductions for each layer of security designed to prevent commercial passenger airliners from being commandeered by terrorists, kept under control for some time, and then crashed into specific targets. Probabilistic methods are used to characterize the uncertainty of rates of deterrence, detection, and disruption, as well…

17 CFR 5.5 - Distribution of “Risk Disclosure Statement” by retail foreign exchange dealers, futures...

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Distribution of âRisk... brokers regarding retail forex transactions. 5.5 Section 5.5 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION OFF-EXCHANGE FOREIGN CURRENCY TRANSACTIONS § 5.5 Distribution of “Risk...

Fuzzy portfolio model with fuzzy-input return rates and fuzzy-output proportions

NASA Astrophysics Data System (ADS)

Tsaur, Ruey-Chyn

2015-02-01

In the finance market, a short-term investment strategy is usually applied in portfolio selection in order to reduce investment risk; however, the economy is uncertain and the investment period is short. Further, an investor has incomplete information for selecting a portfolio with crisp proportions for each chosen security. In this paper we present a new method of constructing fuzzy portfolio model for the parameters of fuzzy-input return rates and fuzzy-output proportions, based on possibilistic mean-standard deviation models. Furthermore, we consider both excess or shortage of investment in different economic periods by using fuzzy constraint for the sum of the fuzzy proportions, and we also refer to risks of securities investment and vagueness of incomplete information during the period of depression economics for the portfolio selection. Finally, we present a numerical example of a portfolio selection problem to illustrate the proposed model and a sensitivity analysis is realised based on the results.

A macro-economic framework for evaluation of cyber security risks related to protection of intellectual property.

PubMed

Andrijcic, Eva; Horowitz, Barry

2006-08-01

The article is based on the premise that, from a macro-economic viewpoint, cyber attacks with long-lasting effects are the most economically significant, and as a result require more attention than attacks with short-lasting effects that have historically been more represented in literature. In particular, the article deals with evaluation of cyber security risks related to one type of attack with long-lasting effects, namely, theft of intellectual property (IP) by foreign perpetrators. An International Consequence Analysis Framework is presented to determine (1) the potential macro-economic consequences of cyber attacks that result in stolen IP from companies in the United States, and (2) the likely sources of such attacks. The framework presented focuses on IP theft that enables foreign companies to make economic gains that would have otherwise benefited the U.S. economy. Initial results are presented.

Patient choice of providers in a preferred provider organization.

PubMed

Wouters, A V; Hester, J

1988-03-01

This article is an analysis of patient choice of providers by the employees of the Security Pacific Bank of California and their dependents who have access to the Med Network Preferred Provider Organization (PPO). The empirical results show that not only is the PPO used by individuals who require relatively little medical care (as measured by predicted office visit charges) but that the PPO is most intensively used for low-risk services such as treatment for minor illness and preventive care. Also, the most likely Security Pacific Health Care beneficiary to use a PPO provider is a recently hired employee who lives in the south urban region, has a relatively low income, does not have supplemental insurance coverage, and is without previous attachments to non-PPO primary care providers. In order to maximize their ability to reduce plan paid benefits, insurers who contract with PPOs should focus on increasing PPO utilization among poorer health risks.

[Application of classified protection of information security in the information system of air pollution and health impact monitoring].

PubMed

Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

2018-01-01

To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

A secure distributed logistic regression protocol for the detection of rare adverse drug events

PubMed Central

El Emam, Khaled; Samet, Saeed; Arbuckle, Luk; Tamblyn, Robyn; Earle, Craig; Kantarcioglu, Murat

2013-01-01

Background There is limited capacity to assess the comparative risks of medications after they enter the market. For rare adverse events, the pooling of data from multiple sources is necessary to have the power and sufficient population heterogeneity to detect differences in safety and effectiveness in genetic, ethnic and clinically defined subpopulations. However, combining datasets from different data custodians or jurisdictions to perform an analysis on the pooled data creates significant privacy concerns that would need to be addressed. Existing protocols for addressing these concerns can result in reduced analysis accuracy and can allow sensitive information to leak. Objective To develop a secure distributed multi-party computation protocol for logistic regression that provides strong privacy guarantees. Methods We developed a secure distributed logistic regression protocol using a single analysis center with multiple sites providing data. A theoretical security analysis demonstrates that the protocol is robust to plausible collusion attacks and does not allow the parties to gain new information from the data that are exchanged among them. The computational performance and accuracy of the protocol were evaluated on simulated datasets. Results The computational performance scales linearly as the dataset sizes increase. The addition of sites results in an exponential growth in computation time. However, for up to five sites, the time is still short and would not affect practical applications. The model parameters are the same as the results on pooled raw data analyzed in SAS, demonstrating high model accuracy. Conclusion The proposed protocol and prototype system would allow the development of logistic regression models in a secure manner without requiring the sharing of personal health information. This can alleviate one of the key barriers to the establishment of large-scale post-marketing surveillance programs. We extended the secure protocol to account for correlations among patients within sites through generalized estimating equations, and to accommodate other link functions by extending it to generalized linear models. PMID:22871397

A secure distributed logistic regression protocol for the detection of rare adverse drug events.

PubMed

El Emam, Khaled; Samet, Saeed; Arbuckle, Luk; Tamblyn, Robyn; Earle, Craig; Kantarcioglu, Murat

2013-05-01

There is limited capacity to assess the comparative risks of medications after they enter the market. For rare adverse events, the pooling of data from multiple sources is necessary to have the power and sufficient population heterogeneity to detect differences in safety and effectiveness in genetic, ethnic and clinically defined subpopulations. However, combining datasets from different data custodians or jurisdictions to perform an analysis on the pooled data creates significant privacy concerns that would need to be addressed. Existing protocols for addressing these concerns can result in reduced analysis accuracy and can allow sensitive information to leak. To develop a secure distributed multi-party computation protocol for logistic regression that provides strong privacy guarantees. We developed a secure distributed logistic regression protocol using a single analysis center with multiple sites providing data. A theoretical security analysis demonstrates that the protocol is robust to plausible collusion attacks and does not allow the parties to gain new information from the data that are exchanged among them. The computational performance and accuracy of the protocol were evaluated on simulated datasets. The computational performance scales linearly as the dataset sizes increase. The addition of sites results in an exponential growth in computation time. However, for up to five sites, the time is still short and would not affect practical applications. The model parameters are the same as the results on pooled raw data analyzed in SAS, demonstrating high model accuracy. The proposed protocol and prototype system would allow the development of logistic regression models in a secure manner without requiring the sharing of personal health information. This can alleviate one of the key barriers to the establishment of large-scale post-marketing surveillance programs. We extended the secure protocol to account for correlations among patients within sites through generalized estimating equations, and to accommodate other link functions by extending it to generalized linear models.

Risk Unbound: Threat, Catastrophe, and the End of Homeland Security

DTIC Science & Technology

2015-09-01

Defense (DOD) models ) is now the prevalent model for developing plans.63 Capabilities- based within the national preparedness system is defined as...capabilities- based planning is the accounting for scenarios through organizational capability development , and the search for commonality and structure...of providing perfect security, and demonstrate the limitations of risk- based security practices. This thesis presents an argument in three parts

33 CFR 127.007 - Letter of intent and waterway suitability assessment.

Code of Federal Regulations, 2010 CFR

2010-07-01

... facility and LNG or LHG tanker route; (iii) Risk assessment for maritime safety and security; (iv) Risk management strategies; and (v) Resource needs for maritime safety, security, and response. (g) The Follow-on...

Risk assessment of integrated electronic health records.

PubMed

Bjornsson, Bjarni Thor; Sigurdardottir, Gudlaug; Stefansson, Stefan Orri

2010-01-01

The paper describes the security concerns related to Electronic Health Records (EHR) both in registration of data and integration of systems. A description of the current state of EHR systems in Iceland is provided, along with the Ministry of Health's future vision and plans. New legislation provides the opportunity for increased integration of EHRs and further collaboration between institutions. Integration of systems, along with greater availability and access to EHR data, requires increased security awareness since additional risks are introduced. The paper describes the core principles of information security as it applies to EHR systems and data. The concepts of confidentiality, integrity, availability, accountability and traceability are introduced and described. The paper discusses the legal requirements and importance of performing risk assessment for EHR data. Risk assessment methodology according to the ISO/IEC 27001 information security standard is described with examples on how it is applied to EHR systems.

Using incident response trees as a tool for risk management of online financial services.

PubMed

Gorton, Dan

2014-09-01

The article introduces the use of probabilistic risk assessment for modeling the incident response process of online financial services. The main contribution is the creation of incident response trees, using event tree analysis, which provides us with a visual tool and a systematic way to estimate the probability of a successful incident response process against the currently known risk landscape, making it possible to measure the balance between front-end and back-end security measures. The model is presented using an illustrative example, and is then applied to the incident response process of a Swedish bank. Access to relevant data is verified and the applicability and usability of the proposed model is verified using one year of historical data. Potential advantages and possible shortcomings are discussed, referring to both the design phase and the operational phase, and future work is presented. © 2014 Society for Risk Analysis.

A GIS-based approach for comparative analysis of potential fire risk assessment

NASA Astrophysics Data System (ADS)

Sun, Ying; Hu, Lieqiu; Liu, Huiping

2007-06-01

Urban fires are one of the most important sources of property loss and human casualty and therefore it is necessary to assess the potential fire risk with consideration of urban community safety. Two evaluation models are proposed, both of which are integrated with GIS. One is the single factor model concerning the accessibility of fire passage and the other is grey clustering approach based on the multifactor system. In the latter model, fourteen factors are introduced and divided into four categories involving security management, evacuation facility, construction resistance and fire fighting capability. A case study on campus of Beijing Normal University is presented to express the potential risk assessment models in details. A comparative analysis of the two models is carried out to validate the accuracy. The results are approximately consistent with each other. Moreover, modeling with GIS promotes the efficiency the potential risk assessment.

Sustainable Biofuel Crops Project, Final Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Juhn, Daniel; Grantham, Hedley

2014-05-28

Over the last six years, the Food and Agriculture Organization of the United Nations (FAO) has developed the Bioenergy and Food Security (BEFS) Approach to help countries design and implement sustainable bioenergy policies and strategies. The BEFS Approach consists of two sets of multidisciplinary and integrated tools and guidance (the BEFS Rapid Appraisal and the BEFS Detailed Analysis) to facilitate better decision on bioenergy development which should foster both food and energy security, and contribute to agricultural and rural development. The development of the BEFS Approach was for the most part funded by the German Federal Ministry of Food andmore » Agriculture. Recognizing the need to provide support to countries that wanted an initial assessment of their sustainable bioenergy potential, and of the associated opportunities, risks and trade offs, FAO began developing the BEFS-RA (Rapid Appraisal). The BEFS RA is a spreadsheet–based assessment and analysis tool designed to outline the country's basic energy, agriculture and food security context, the natural resources potential, the bioenergy end use options, including initial financial and economic implications, and the identification of issues that might require fuller investigation with the BEFS Detailed Analysis.« less

Designing and Operating Through Compromise: Architectural Analysis of CKMS for the Advanced Metering Infrastructure

DOE Office of Scientific and Technical Information (OSTI.GOV)

Duren, Mike; Aldridge, Hal; Abercrombie, Robert K

2013-01-01

Compromises attributable to the Advanced Persistent Threat (APT) highlight the necessity for constant vigilance. The APT provides a new perspective on security metrics (e.g., statistics based cyber security) and quantitative risk assessments. We consider design principals and models/tools that provide high assurance for energy delivery systems (EDS) operations regardless of the state of compromise. Cryptographic keys must be securely exchanged, then held and protected on either end of a communications link. This is challenging for a utility with numerous substations that must secure the intelligent electronic devices (IEDs) that may comprise complex control system of systems. For example, distribution andmore » management of keys among the millions of intelligent meters within the Advanced Metering Infrastructure (AMI) is being implemented as part of the National Smart Grid initiative. Without a means for a secure cryptographic key management system (CKMS) no cryptographic solution can be widely deployed to protect the EDS infrastructure from cyber-attack. We consider 1) how security modeling is applied to key management and cyber security concerns on a continuous basis from design through operation, 2) how trusted models and key management architectures greatly impact failure scenarios, and 3) how hardware-enabled trust is a critical element to detecting, surviving, and recovering from attack.« less

An Online Risk Monitor System (ORMS) to Increase Safety and Security Levels in Industry

NASA Astrophysics Data System (ADS)

Zubair, M.; Rahman, Khalil Ur; Hassan, Mehmood Ul

2013-12-01

The main idea of this research is to develop an Online Risk Monitor System (ORMS) based on Living Probabilistic Safety Assessment (LPSA). The article highlights the essential features and functions of ORMS. The basic models and modules such as, Reliability Data Update Model (RDUM), running time update, redundant system unavailability update, Engineered Safety Features (ESF) unavailability update and general system update have been described in this study. ORMS not only provides quantitative analysis but also highlights qualitative aspects of risk measures. ORMS is capable of automatically updating the online risk models and reliability parameters of equipment. ORMS can support in the decision making process of operators and managers in Nuclear Power Plants.

[Associated factors in newborns with intrauterine growth retardation].

PubMed

Thompson-Chagoyán, Oscar C; Vega-Franco, Leopoldo

2008-01-01

To identify the risk factors implicated in the intrauterine growth retardation (IUGR) of neonates born in a social security institution. Case controls design study in 376 neonates: 188 with IUGR (weight < 10 percentile) and 188 without IUGR. When they born, information about 30 variables of risk for IUGR were obtained from mothers. Risk analysis and logistical regression (stepwise) were used. Odds ratios were significant for 12 of the variables. The model obtains by stepwise regression included: weight gain at pregnancy, prenatal care attendance, toxemia, chocolate ingestion, father's weight, and the environmental house. Must of the variables included in the model are related to socioeconomic disadvantages related to the risk of RCIU in the population.

Using climate model simulations to assess the current climate risk to maize production

NASA Astrophysics Data System (ADS)

Kent, Chris; Pope, Edward; Thompson, Vikki; Lewis, Kirsty; Scaife, Adam A.; Dunstone, Nick

2017-05-01

The relationship between the climate and agricultural production is of considerable importance to global food security. However, there has been relatively little exploration of climate-variability related yield shocks. The short observational yield record does not adequately sample natural inter-annual variability thereby limiting the accuracy of probability assessments. Focusing on the United States and China, we present an innovative use of initialised ensemble climate simulations and a new agro-climatic indicator, to calculate the risk of severe water stress. Combined, these regions provide 60% of the world’s maize, and therefore, are crucial to global food security. To probe a greater range of inter-annual variability, the indicator is applied to 1400 simulations of the present day climate. The probability of severe water stress in the major maize producing regions is quantified, and in many regions an increased risk is found compared to calculations from observed historical data. Analysis suggests that the present day climate is also capable of producing unprecedented severe water stress conditions. Therefore, adaptation plans and policies based solely on observed events from the recent past may considerably under-estimate the true risk of climate-related maize shocks. The probability of a major impact event occurring simultaneously across both regions—a multi-breadbasket failure—is estimated to be up to 6% per decade and arises from a physically plausible climate state. This novel approach highlights the significance of climate impacts on crop production shocks and provides a platform for considerably improving food security assessments, in the present day or under a changing climate, as well as development of new risk based climate services.

75 FR 8088 - Privacy Act of 1974; Department of Homeland Security/ALL-023 Personnel Security Management System...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-23

... risk of harm to economic or property interests, identity theft or fraud, or harm to the security or... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2009-0041] Privacy Act of 1974; Department of Homeland Security/ALL--023 Personnel Security Management System of Records AGENCY...

Department of Homeland Security Assistance to States and Localities: A Summary and Issues for the 111th Congress

DTIC Science & Technology

2009-04-21

6 Intercity Passenger Rail Program (Amtrak) .....................................................................6... Intercity Bus Security Grant Program..............................................................................7 Trucking Security Program...continue security enhancements for its intercity rail services between high-risk urban areas. 20 U.S. Department of Homeland Security, Federal Emergency

Computer Network Security: Best Practices for Alberta School Jurisdictions.

ERIC Educational Resources Information Center

Alberta Dept. of Education, Edmonton.

This paper provides a snapshot of the computer network security industry and addresses specific issues related to network security in public education. The following topics are covered: (1) security policy, including reasons for establishing a policy, risk assessment, areas to consider, audit tools; (2) workstations, including physical security,…

Risk-based decision making for terrorism applications.

PubMed

Dillon, Robin L; Liebe, Robert M; Bestafka, Thomas

2009-03-01

This article describes the anti-terrorism risk-based decision aid (ARDA), a risk-based decision-making approach for prioritizing anti-terrorism measures. The ARDA model was developed as part of a larger effort to assess investments for protecting U.S. Navy assets at risk and determine whether the most effective anti-terrorism alternatives are being used to reduce the risk to the facilities and war-fighting assets. With ARDA and some support from subject matter experts, we examine thousands of scenarios composed of 15 attack modes against 160 facility types on two installations and hundreds of portfolios of 22 mitigation alternatives. ARDA uses multiattribute utility theory to solve some of the commonly identified challenges in security risk analysis. This article describes the process and documents lessons learned from applying the ARDA model for this application.

Energy Security of Army Installations and Islanding Methodologies: A Multiple Criteria Decision Aid to Innovation with Emergent Conditions of the Energy Environment

DTIC Science & Technology

2010-06-16

Clemen and Reilly (2001) Risk analysis Haimes (2009); Kaplan et al. (2001): Lowrance (1976); Kaplan and Garrick (1981) Source: The US Army Energy...collect solar energy and convert to heat (NREL presentation) • Wind turbines capture energy in wind and convert it into electricity (NREL

Cigarette Smoking Outcomes at Four Years of Follow-Up, Psychosocial Factors, and Reactions to Group Intervention.

ERIC Educational Resources Information Center

Benfari, Robert C.; Eaker, Elaine

1984-01-01

Studied male smokers (N=182) at high risk of coronary heart disease to determine variables that discriminated between successful and nonsuccessful quitters. Analysis revealed that baseline level of smoking, life events, personal security, and selected group process variables were predictive of success or failure in the intervention program.…

Small-Scale Farming in Semi-Arid Areas: Livelihood Dynamics between 1997 and 2010 in Laikipia, Kenya

ERIC Educational Resources Information Center

Ulrich, Anne; Speranza, Chinwe Ifejika; Roden, Paul; Kiteme, Boniface; Wiesmann, Urs; Nusser, Marcus

2012-01-01

The rural population of semi-arid lands in Kenya face multiple challenges that result from population growth, poor markets, land use and climatic changes. In particular, subsistence oriented farmers face various risks and opportunities in their attempt to secure their livelihoods. This paper presents an analysis on how livelihood assets and…

New Rules of the Game: Youth Training in Brazil and Finland as Examples of the New Global Network Governance

ERIC Educational Resources Information Center

Brunila, Kristiina; Ryynänen, Sanna

2017-01-01

Young people labelled "disadvantaged" or "at risk of social exclusion" are increasingly directed into publicly funded or NGO-based, partly privately financed projects in order to secure their desired integration into society through work or further education. In this article, we carry out a comparative analysis of youth…

Diplomatic Security: State Department Should Better Manage Risks to Residences and Other Soft Targets Overseas

DTIC Science & Technology

2015-07-09

Page ii GAO-15-700 Diplomatic Security Figure 2: Time Frames for Updates to Overseas Security Policy Board Residential Security...Standards since 2005 14 Abbreviations ARB Accountability Review Board DS Bureau of Diplomatic Security DS/C DS Directorate...Overseas Buildings Operations OSPB Overseas Security Policy Board RSO Regional Security Officer State Department of State This is a work of

Protecting Location Privacy for Outsourced Spatial Data in Cloud Storage

PubMed Central

Gui, Xiaolin; An, Jian; Zhao, Jianqiang; Zhang, Xuejun

2014-01-01

As cloud computing services and location-aware devices are fully developed, a large amount of spatial data needs to be outsourced to the cloud storage provider, so the research on privacy protection for outsourced spatial data gets increasing attention from academia and industry. As a kind of spatial transformation method, Hilbert curve is widely used to protect the location privacy for spatial data. But sufficient security analysis for standard Hilbert curve (SHC) is seldom proceeded. In this paper, we propose an index modification method for SHC (SHC∗) and a density-based space filling curve (DSC) to improve the security of SHC; they can partially violate the distance-preserving property of SHC, so as to achieve better security. We formally define the indistinguishability and attack model for measuring the privacy disclosure risk of spatial transformation methods. The evaluation results indicate that SHC∗ and DSC are more secure than SHC, and DSC achieves the best index generation performance. PMID:25097865

Protecting location privacy for outsourced spatial data in cloud storage.

PubMed

Tian, Feng; Gui, Xiaolin; An, Jian; Yang, Pan; Zhao, Jianqiang; Zhang, Xuejun

2014-01-01

As cloud computing services and location-aware devices are fully developed, a large amount of spatial data needs to be outsourced to the cloud storage provider, so the research on privacy protection for outsourced spatial data gets increasing attention from academia and industry. As a kind of spatial transformation method, Hilbert curve is widely used to protect the location privacy for spatial data. But sufficient security analysis for standard Hilbert curve (SHC) is seldom proceeded. In this paper, we propose an index modification method for SHC (SHC(∗)) and a density-based space filling curve (DSC) to improve the security of SHC; they can partially violate the distance-preserving property of SHC, so as to achieve better security. We formally define the indistinguishability and attack model for measuring the privacy disclosure risk of spatial transformation methods. The evaluation results indicate that SHC(∗) and DSC are more secure than SHC, and DSC achieves the best index generation performance.

Evaluating the risk of industrial espionage

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bott, T.F.

1998-12-31

A methodology for estimating the relative probabilities of different compromise paths for protected information by insider and visitor intelligence collectors has been developed based on an event-tree analysis of the intelligence collection operation. The analyst identifies target information and ultimate users who might attempt to gain that information. The analyst then uses an event tree to develop a set of compromise paths. Probability models are developed for each of the compromise paths that user parameters based on expert judgment or historical data on security violations. The resulting probability estimates indicate the relative likelihood of different compromise paths and provide anmore » input for security resource allocation. Application of the methodology is demonstrated using a national security example. A set of compromise paths and probability models specifically addressing this example espionage problem are developed. The probability models for hard-copy information compromise paths are quantified as an illustration of the results using parametric values representative of historical data available in secure facilities, supplemented where necessary by expert judgment.« less

LANL Safeguards and Security Assurance Program. Revision 6

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

1995-04-03

The Safeguards and Security (S and S) Assurance Program provides a continuous quality improvement approach to ensure effective, compliant S and S program implementation throughout the Los Alamos National Laboratory. Any issues identified through the various internal and external assessments are documented, tracked and closed using the Safeguards and Security Issue Management Program. The Laboratory utilizes an integrated S and S systems approach to protect US Department of Energy (DOE) interests from theft or diversion of special nuclear material (SNM), sabotage, espionage, loss or theft of classified/controlled matter or government property, and other hostile acts that may cause unacceptable impactsmore » on national security, health and safety of employees and the public, and the environment. This document explains the basis, scope, and conduct of the S and S process to include: self-assessments, issue management, risk assessment, and root cause analysis. It also provides a discussion of S and S topical areas, roles and responsibilities, process flow charts, minimum requirements, methodology, terms, and forms.« less

To amend the Homeland Security Act of 2002 to require annual risk assessments for purposes of the State Homeland Security Grant Program, and to require that risk assessments conducted for purposes of the Urban Area Security Initiative be conducted jointly with appropriate eligible metropolitan area officials.

THOMAS, 111th Congress

Rep. Titus, Dina [D-NV-3

2010-06-21

House - 06/28/2010 Referred to the Subcommittee on Emergency Communications, Preparedness, and Response. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

Manufacturing and Security Challenges in 3D Printing

NASA Astrophysics Data System (ADS)

Zeltmann, Steven Eric; Gupta, Nikhil; Tsoutsos, Nektarios Georgios; Maniatakos, Michail; Rajendran, Jeyavijayan; Karri, Ramesh

2016-07-01

As the manufacturing time, quality, and cost associated with additive manufacturing (AM) continue to improve, more and more businesses and consumers are adopting this technology. Some of the key benefits of AM include customizing products, localizing production and reducing logistics. Due to these and numerous other benefits, AM is enabling a globally distributed manufacturing process and supply chain spanning multiple parties, and hence raises concerns about the reliability of the manufactured product. In this work, we first present a brief overview of the potential risks that exist in the cyber-physical environment of additive manufacturing. We then evaluate the risks posed by two different classes of modifications to the AM process which are representative of the challenges that are unique to AM. The risks posed are examined through mechanical testing of objects with altered printing orientation and fine internal defects. Finite element analysis and ultrasonic inspection are also used to demonstrate the potential for decreased performance and for evading detection. The results highlight several scenarios, intentional or unintentional, that can affect the product quality and pose security challenges for the additive manufacturing supply chain.

Social Security Disability Insurance May Reduce Benefits by 2016: Population at Financial Risk from Reductions.

PubMed

Siordia, Carlos

2016-10-01

In the United States, 10.9 million people are receiving Social Security Disability Insurance (SSDI) benefits with an average pay of $12,000 per year. If the U.S. House of Congress fails to enact a new bill by the end of fiscal-year 2016, SSDI benefits are estimated to be reduced by $2,300 per-person per year. In the pass, the U.S. Congress has always found a way to enact new bills capable of maintains benefits at existing levels. The specific aim of this project was to report the number of people potentially at risk for experiencing an economic impact if SSDI benefits are reduced. The cross-sectional analysis used data from the American Community Survey, 2009-2013 Public Use Microdata Sample file. Characteristics on a total of 153,627 actual survey participants were used to generalize findings to 2,748,735 residents of the United States. Results indicate non-Hispanic Whites, the Pacific and South Atlantic geographic divisions are at the largest risk for being affected by changes to SSDI benefits.

Privacy and security in teleradiology.

PubMed

Ruotsalainen, Pekka

2010-01-01

Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper. Copyright (c) 2009 Elsevier Ireland Ltd. All rights reserved.

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2012 CFR

2012-01-01

... training in system/application life cycle management, risk management, and contingency planning. (4) Chief... security management, system/application life cycle management, risk management, and contingency planning... management; and management and implementation level training in system/application life cycle management...

Food Insecurity and Peripheral Arterial Disease in Older Adult Populations.

PubMed

Redmond, M L; Dong, F; Goetz, J; Jacobson, L T; Collins, T C

2016-01-01

Food insecurity, defined as the limited or uncertain availability of nutritious and safe foods, is a complex phenomenon and is linked to poor nutrition and diet-sensitive chronic diseases. Dietary patterns that include saturated fats and meat products are potential risk factors for the progression of peripheral arterial disease (PAD). This study explored whether there is a relationship between food insecurity and PAD among a national sample of older adults. We conducted a cross-sectional data analysis using data from the 1999-2004 National Health and Nutrition Examination Survey (NHANES). Food security was assessed using the US Household Food Security Survey Module. Bivariate analyses were conducted using the Rao-Scott Chi-square test to examine associations between PAD and sociodemographic variables. Multivariable generalized logistic regression was employed to assess the effect of food security on the presence of PAD, with adjustment for respondent's socio demographic characteristics. A total of 2,027 adults with PAD were included (Ankle Brachial Index (ABI) score ≤ 0.90).We excluded participants less than 60 years of age. Compared to older adults who are food secure, those who are food insecure have an increased risk for PAD. Food insecurity is associated with peripheral arterial disease among older adults (adults adjusted odds ratio, 1.50 [95% CI 1.11-2.03). Older adults with peripheral arterial disease are experiencing food insecurity. While nutrition and PAD are not well-defined, previous literature indicates there is a connection between food insecurity and diet-sensitive chronic diseases (diabetes and hypertension) which are risk factors for PAD. Food insecurity should be taken into consideration when treating older adults with PAD to help decrease poor health outcomes that are linked to an insufficient amount of nutritious foods.

Association between kindergarten and first-grade food insecurity and weight status in U.S. children.

PubMed

Lee, Arthur M; Scharf, Rebecca J; DeBoer, Mark D

The aim of this study was to determine if food insecurity is an independent risk factor for obesity in U.S. children. We analyzed data from a nationally representative sample of children participating in the Early Childhood Longitudinal Study-Kindergarten Cohort 2011. Statistical analyses were performed to evaluate longitudinal associations between food security and body mass index (BMI) z-score. All regression models included race/ethnicity, household income, and parental education. Survey and anthropometric data was collected from teachers and parents of 8167 U.S. children entering kindergarten in fall 2010 with regular follow-up through third grade. Complete data regarding food security, socioeconomic assessment, and BMI z-score data were included for statistical analyses. All analyses were weighted to be nationally representative. Children with household food insecurity had increased obesity prevalence from kindergarten through grade 3; for example, at kindergarten, with food insecurity 16.4% (95% confidence interval [CI], 13.7-19) versus food secure 12.4% (95% CI, 11.3-13.6). Adjusted means analysis showed first-grade food insecurity was significantly correlated with increased BMI z-score in first through third grades; for example, at first grade, with food insecurity 0.6 (95% CI, 0.5-0.7) versus food secure 0.4 (95% CI, 0.4-0.5). Logistic regression showed first-grade food insecurity was correlated with increased risk for obesity in that grade (odds ratio 1.4; 95% CI, 1.1-2). Obesity is more prevalent among food-insecure children. First-grade food insecurity is an independent risk factor for longitudinal increases in BMI z-score. There are differences in the association between food insecurity and weight status between kindergarten and first grade. Copyright © 2018 Elsevier Inc. All rights reserved.

Novel Threat-risk Index Using Probabilistic Risk Assessment and Human Reliability Analysis - Final Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

George A. Beitel

2004-02-01

In support of a national need to improve the current state-of-the-art in alerting decision makers to the risk of terrorist attack, a quantitative approach employing scientific and engineering concepts to develop a threat-risk index was undertaken at the Idaho National Engineering and Environmental Laboratory (INEEL). As a result of this effort, a set of models has been successfully integrated into a single comprehensive model known as Quantitative Threat-Risk Index Model (QTRIM), with the capability of computing a quantitative threat-risk index on a system level, as well as for the major components of the system. Such a threat-risk index could providemore » a quantitative variant or basis for either prioritizing security upgrades or updating the current qualitative national color-coded terrorist threat alert.« less

Environmental security: a geographic information system analysis approach--the case of Kenya.

PubMed

Bocchi, Stefano; Disperati, Stefano Peppino; Rossi, Simone

2006-02-01

Studies into the relationships between environmental factors and violence or conflicts constitute a very debated research field called environmental security. Several authors think that environmental scarcity, which is scarcity of renewable resources, can contribute to generate violence or social unrest, particularly within states scarcely endowed with technical know-how and social structures, such as developing countries. In this work, we referred to the theoretical model developed by the Environmental Change and Acute Conflict Project. Our goal was to use easily available spatial databases to map the various sources of environmental scarcity through geographic information systems, in order to locate the areas apparently most at risk of suffering negative social effects and their consequences in terms of internal security. The analysis was carried out at a subnational level and applied to the case of Kenya. A first phase of the work included a careful selection of databases relative to renewable resources. Spatial operations among these data allowed us to obtain new information on the availability of renewable resources (cropland, forests, water), on the present and foreseen demographic pressure, as well as on the social and technical ingenuity. The results made it possible to identify areas suffering from scarcity of one or more renewable resources, indicating different levels of gravity. Accounts from Kenya seem to confirm our results, reporting clashes between tribal groups over the access to scarce resources in areas that our work showed to be at high risk.

Systems Security Engineering

DTIC Science & Technology

2010-08-22

practice for information security management ( ISO /IEC 27002 ),” “Information technology — Security techniques — Information security management...systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security techniques — Information security risk management ( ISO /IEC 27005).” from...associated practice aids. Perhaps the most germane discovery from this effort was a draft ISO standard on Systems and software engineering, Systems and

The Enterprise 2.0 Concept: Challenges on Data and Information Security

NASA Astrophysics Data System (ADS)

Silva, Ana; Moreira, Fernando; Varajão, João

The Web 2.0 wave has "hit" businesses all over the world, with companies taking advantage of the 2.0 concept and new applications stimulating collaboration between employees, and also with external partners (suppliers, contractors, universities, R&D organizations and others). However, the use of Web 2.0 applications inside organizations has created additional security challenges, especially regarding data and information security. Companies need to be aware of these risks when deploying the 2.0 concept and take a proactive approach on security. In this paper are identified and discussed some of the challenges and risks of the use of Web 2.0 tools, namely when it comes to securing companies' intellectual property.

[Smallpox preparedness in Denmark].

PubMed

Heegaard, Erik Deichmann; Fomsgaard, Anders

2005-09-05

Although the likelihood of a deliberate release is considered to be minor, smallpox virus poses a worldwide terrorism security risk because it (1) can easily be disseminated and transmitted from person to person; (2) results in high mortality rates and has the potential to create a major public health impact; (3) might cause public panic and social disruption; and (4) requires special action for public health preparedness. Consequently, Statens Serum Institute and the National Board of Health have developed a Danish smallpox preparedness plan. This article discusses critical aspects of the plan, including risk analysis and a multi-tiered action plan, vaccination, analysis of clinical specimens, the establishment of active surveillance teams and generic contingency elements.

Computer Security and the Data Encryption Standard. Proceedings of the Conference on Computer Security and the Data Encryption Standard.

ERIC Educational Resources Information Center

Branstad, Dennis K., Ed.

The 15 papers and summaries of presentations in this collection provide technical information and guidance offered by representatives from federal agencies and private industry. Topics discussed include physical security, risk assessment, software security, computer network security, and applications and implementation of the Data Encryption…

Governing for Enterprise Security (Briefing Charts)

DTIC Science & Technology

2005-01-01

governance/stakeholder.html © 2005 by Carnegie Mellon University page 16 Adequate Security and Operational Risk “Appropriate business security is that which...Sherwood 03] Sherwood, John; Clark; Andrew; Lynas, David. “Systems and Business Security Architecture.” SABSA Limited, 17 September 2003. Available at

6 CFR 27.220 - Tiering.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 6 Domestic Security 1 2014-01-01 2014-01-01 false Tiering. 27.220 Section 27.220 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical... Risk-Based Tiering. Following review of a covered facility's Security Vulnerability Assessment, the...

6 CFR 27.220 - Tiering.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 6 Domestic Security 1 2013-01-01 2013-01-01 false Tiering. 27.220 Section 27.220 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical... Risk-Based Tiering. Following review of a covered facility's Security Vulnerability Assessment, the...

6 CFR 27.220 - Tiering.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 6 Domestic Security 1 2011-01-01 2011-01-01 false Tiering. 27.220 Section 27.220 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical... Risk-Based Tiering. Following review of a covered facility's Security Vulnerability Assessment, the...

6 CFR 27.220 - Tiering.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 6 Domestic Security 1 2012-01-01 2012-01-01 false Tiering. 27.220 Section 27.220 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical... Risk-Based Tiering. Following review of a covered facility's Security Vulnerability Assessment, the...

Are Food Insecurity’s Health Impacts Underestimated in the U.S. Population? Marginal Food Security Also Predicts Adverse Health Outcomes in Young U.S. Children and Mothers123

PubMed Central

Cook, John T.; Black, Maureen; Chilton, Mariana; Cutts, Diana; Ettinger de Cuba, Stephanie; Heeren, Timothy C.; Rose-Jacobs, Ruth; Sandel, Megan; Casey, Patrick H.; Coleman, Sharon; Weiss, Ingrid; Frank, Deborah A.

2013-01-01

This review addresses epidemiological, public health, and social policy implications of categorizing young children and their adult female caregivers in the United States as food secure when they live in households with “marginal food security,” as indicated by the U.S. Household Food Security Survey Module. Existing literature shows that households in the US with marginal food security are more like food-insecure households than food-secure households. Similarities include socio-demographic characteristics, psychosocial profiles, and patterns of disease and health risk. Building on existing knowledge, we present new research on associations of marginal food security with health and developmental risks in young children (<48 mo) and health in their female caregivers. Marginal food security is positively associated with adverse health outcomes compared with food security, but the strength of the associations is weaker than that for food insecurity as usually defined in the US. Nonoverlapping CIs, when comparing odds of marginally food-secure children’s fair/poor health and developmental risk and caregivers’ depressive symptoms and fair/poor health with those in food-secure and -insecure families, indicate associations of marginal food security significantly and distinctly intermediate between those of food security and food insecurity. Evidence from reviewed research and the new research presented indicates that households with marginal food security should not be classified as food secure, as is the current practice, but should be reported in a separate discrete category. These findings highlight the potential underestimation of the prevalence of adverse health outcomes associated with exposure to lack of enough food for an active, healthy life in the US and indicate an even greater need for preventive action and policies to limit and reduce exposure among children and mothers. PMID:23319123

DefenseLink.mil - Special Report: Travels with Gates

Science.gov Websites

Robert M. Gates said here today. Story >> Iran Puts Middle East Security at Risk ANKARA, Turkey , Feb. 6, 2010 – Iran’s nuclear program continues to put security in the Middle East at risk despite

[Chemical, physical and biological risks in law enforcement].

PubMed

Magrini, Andrea; Grana, Mario; Vicentini, Laura

2014-01-01

Chemical, physical and biological risks among public safety and security forces. Law enforcement personnel, involved in routine tasks and in emergency situations, are exposed to numerous and several occupational hazards (chemical, physical and biological) whith likely health and security consequences. These risks are particularly high when the organization and preparation are inadequate, there is a lacking or insufficient coordination, information, education and communication and safety and personal protective equipment are inadequate or insufficient. Despite the objective difficulties, caused by the actual special needs related to the service performed or the organizational peculiarities, the risk identification and assessment is essential for worker health and safety of personnel, as provided for by Legislative Decree no. 81/2008. Chemical risks include airborne pollutants due to vehicular traffic (carbon monoxide, ultrafine particles, benzene, polycyclic aromatic hydrocarbons, aldehydes, nitrogen and sulfur oxides, lead), toxic gases generated by combustion process following fires (aromatic hydrocarbons, PAHs, dioxins and furans, biphenyls, formaldehyde, metals and cyanides), substances emitted in case of chemical accidents (solvents, pesticides, toxic gases, caustics), drugs (methylamphetamine), riot control agents and self-defence spray, lead at firing ranges, and several materials and reagents used in forensic laboratory. The physical hazards are often caused by activities that induce biomechanical overload aid the onset of musculoskeletal disorders, the use of visual display terminals and work environments that may expose to heat stress and discomfort, high and low pressure, noise, vibrations, ionizing and non-ionizing radiation. The main biological risks are blood-borne diseases (viral hepatitis, AIDS), airborne diseases (eg, tuberculosis, meningitis, SARS, anthrax), MRSA, and vector-borne diseases. Many of these risk factors are unavoidable or are not predictable; so a proper risk assessment is very important, especially in case of emergencies, and also the necessary preventive measures, a careful analysis of alternative options for action and decision-making, implementation of security measures due to the provision of appropriate PPE and effective management of risk communication have great importance. Another important aspect is the education and training of staff, as in emergency situations should be able to take protective measures as quickly as possible.

Wireless local area network security.

PubMed

Bergeron, Bryan P

2004-01-01

Wireless local area networks (WLANs) are increasingly popular in clinical settings because they facilitate the use of wireless PDAs, laptops, and other pervasive computing devices at the point of care. However, because of the relative immaturity of wireless network technology and evolving standards, WLANs, if improperly configured, can present significant security risks. Understanding the security limitations of the technology and available fixes can help minimize the risks of clinical data loss and maintain compliance with HIPAA guidelines.

Risk Assessment Methodology Based on the NISTIR 7628 Guidelines

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Hauser, Katie R

2013-01-01

Earlier work describes computational models of critical infrastructure that allow an analyst to estimate the security of a system in terms of the impact of loss per stakeholder resulting from security breakdowns. Here, we consider how to identify, monitor and estimate risk impact and probability for different smart grid stakeholders. Our constructive method leverages currently available standards and defined failure scenarios. We utilize the National Institute of Standards and Technology (NIST) Interagency or Internal Reports (NISTIR) 7628 as a basis to apply Cyberspace Security Econometrics system (CSES) for comparing design principles and courses of action in making security-related decisions.

Global Security Sciences Home - Global Security Sciences

Science.gov Websites

Us About Our Research Global Security Sciences Leadership Strategic Initiatives Research Centers Center for Strategic Security Overview Leadership Risk and Infrastructure Science Center Overview Leadership Strategic Alliance for Global Energy Solutions Overview Leadership Systems Science Center Overview

Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

NASA Technical Reports Server (NTRS)

Gilliam, D. P.; Powell, J. D.

2002-01-01

This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

Asset securitization and rate of return: A study on letters of guarantee

NASA Astrophysics Data System (ADS)

Wu, Binghui

2018-01-01

Using the theory of asset securitization, we analyze the feasibility of the securitization of letters of guarantee in theory. In the process of constructing the model of rate of return of securities backed by letters of guarantee, we propose two indices: the risk probability of asset-backed securities and the loss rate of asset-backed securities to analyze the cash flow of securities. On the basis of no arbitrage principle, the expression of rate of return of securities backed by letters of guarantee is put forward. In order to study the relationship between the rate of return of securities and other influential factor in the model, a simulation experiment is designed. The experiment results show that (i) an increasing risk probability of cash flow or a short maturity date also make the return rate of securities increase and (ii) the return rate of securities is higher in economic boom than that in economic recession when other parameters remain unchanged.

Patient-generated secure messages and eVisits on a patient portal: are patients at risk?

PubMed Central

North, Frederick; Crane, Sarah J; Stroebel, Robert J; Cha, Stephen S; Edell, Eric S; Tulledge-Scheitel, Sidna M

2013-01-01

Background Patient portals are becoming increasingly common, but the safety of patient messages and eVisits has not been well studied. Unlike patient-to-nurse telephonic communication, patient messages and eVisits involve an asynchronous process that could be hazardous if patients were using it for time-sensitive symptoms such as chest pain or dyspnea. Methods We retrospectively analyzed 7322 messages (6430 secure messages and 892 eVisits). To assess the overall risk associated with the messages, we looked for deaths within 30 days of the message and hospitalizations and emergency department (ED) visits within 7 days following the message. We also examined message content for symptoms of chest pain, breathing concerns, and other symptoms associated with high risk. Results Two deaths occurred within 30 days of a patient-generated message, but were not related to the message. There were six hospitalizations related to a previous secure message (0.09% of secure messages), and two hospitalizations related to a previous eVisit (0.22% of eVisits). High-risk symptoms were present in 3.5% of messages but a subject line search to identify these high-risk messages had a sensitivity of only 15% and a positive predictive value of 29%. Conclusions Patients use portal messages 3.5% of the time for potentially high-risk symptoms of chest pain, breathing concerns, abdominal pain, palpitations, lightheadedness, and vomiting. Death, hospitalization, or an ED visit was an infrequent outcome following a secure message or eVisit. Screening the message subject line for high-risk symptoms was not successful in identifying high-risk message content. PMID:23703826

75 FR 2445 - Chemical Facility Anti-Terrorism Standards

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-15

... Homeland Security EPA--Environmental Protection Agency RMP--Risk Management Program SSP--Site Security Plan...) under the Clean Air Act's Risk Management Program (RMP) for counting-- or excluding--flammable chemicals... of flammable chemicals in gasoline from the RMP rules was mandated by the Chemical Safety...

75 FR 2564 - Virginia Electric and Power Company D/B/A Dominion Virginia Power and Old Dominion Electric...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-15

..., submit an annual update to the application's final safety analysis report (FSAR), which is a part of the... public health or safety, and are consistent with the common defense and security; and (2) special... is authorized by law. No Undue Risk to Public Health and Safety The underlying purpose of 10 CFR 50...

Hydrocomplexity: Addressing water security and emergent environmental risks

NASA Astrophysics Data System (ADS)

Kumar, Praveen

2015-07-01

Water security and emergent environmental risks are among the most significant societal concerns. They are highly interlinked to other global risks such as those related to climate, human health, food, human migration, biodiversity loss, urban sustainability, etc. Emergent risks result from the confluence of unanticipated interactions from evolving interdependencies between complex systems, such as those embedded in the water cycle. They are associated with the novelty of dynamical possibilities that have significant potential consequences to human and ecological systems, and not with probabilities based on historical precedence. To ensure water security we need to be able to anticipate the likelihood of risk possibilities as they present the prospect of the most impact through cascade of vulnerabilities. They arise due to a confluence of nonstationary drivers that include growing population, climate change, demographic shifts, urban growth, and economic expansion, among others, which create novel interdependencies leading to a potential of cascading network effects. Hydrocomplexity aims to address water security and emergent risks through the development of science, methods, and practices with the potential to foster a "Blue Revolution" akin to the Green revolution for food security. It blends both hard infrastructure based solution with soft knowledge driven solutions to increase the range of planning and design, management, mitigation and adaptation strategies. It provides a conceptual and synthetic framework to enable us to integrate discovery science and engineering, observational and information science, computational and communication systems, and social and institutional approaches to address consequential water and environmental challenges.

6 CFR 27.220 - Tiering.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Tiering. 27.220 Section 27.220 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.220 Tiering. (a) Preliminary Determination of Risk-Based Tiering. Based on...

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Part 364—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

The School Breakfast Program strengthens household food security among low-income households with elementary school children.

PubMed

Bartfeld, Judith S; Ahn, Hong-Min

2011-03-01

The School Breakfast Program is an important component of the nutritional safety net and has been linked to positive changes in meal patterns and nutritional outcomes. By offering a breakfast, which for low-income children is available either at no cost or reduced price, the program also has the potential to increase household food security. This study examined the relationship between availability of the School Breakfast Program and household food security among low-income third-grade students by using data from the Early Childhood Longitudinal Survey-Kindergarten Cohort. The primary sample included 3010 students. Availability of school breakfast was assessed by surveys of school administrators. Food security was assessed by parents' reports by using the standard 18-item food security scale and considering 2 different food security thresholds. A probit model was estimated to measure the relationship between school breakfast availability and household food security while controlling for a range of other characteristics. Access to school breakfast reduced the risk of marginal food insecurity but not the risk of food insecurity at the standard threshold. That is, the program appeared beneficial in offsetting food-related concerns among at-risk families, although not necessarily in alleviating food insecurity once hardships had crossed the food insecurity threshold. Increasing the availability of school breakfast may be an effective strategy to maintain food security among low-income households with elementary school children.

Computer Security: Improvements Needed to Reduce Risk to Critical Federal Operations and Assets

DTIC Science & Technology

2001-11-09

COMPUTER SECURITY Improvements Needed to Reduce Risk to Critical Federal Operations and Assets Statement of Robert F. Dacey Director, Information...Improvements Needed to Reduce Risk to Critical Federal Operations and Assets Contract Number Grant Number Program Element Number Author(s...The benefits have been enormous. Vast amounts of information are now literally at our fingertips, facilitating research on virtually every topic

Origins of Secure Base Script Knowledge and the Developmental Construction of Attachment Representations

PubMed Central

Waters, Theodore E. A.; Ruiz, Sarah K.; Roisman, Glenn I.

2016-01-01

Increasing evidence suggests that attachment representations take at least two forms—a secure base script and an autobiographical narrative of childhood caregiving experiences. This study presents data from the first 26 years of the Minnesota Longitudinal Study of Risk and Adaptation (N = 169), examining the developmental origins of secure base script knowledge in a high-risk sample, and testing alternative models of the developmental sequencing of the construction of attachment representations. Results demonstrated that secure base script knowledge was predicted by observations of maternal sensitivity across childhood and adolescence. Further, findings suggest that the construction of a secure base script supports the development of a coherent autobiographical representation of childhood attachment experiences with primary caregivers by early adulthood. PMID:27302650

Importance of biometrics to addressing vulnerabilities of the U.S. infrastructure

NASA Astrophysics Data System (ADS)

Arndt, Craig M.; Hall, Nathaniel A.

2004-08-01

Human identification technologies are important threat countermeasures in minimizing select infrastructure vulnerabilities. Properly targeted countermeasures should be selected and integrated into an overall security solution based on disciplined analysis and modeling. Available data on infrastructure value, threat intelligence, and system vulnerabilities are carefully organized, analyzed and modeled. Prior to design and deployment of an effective countermeasure; the proper role and appropriateness of technology in addressing the overall set of vulnerabilities is established. Deployment of biometrics systems, as with other countermeasures, introduces potentially heightened vulnerabilities into the system. Heightened vulnerabilities may arise from both the newly introduced system complexities and an unfocused understanding of the set of vulnerabilities impacted by the new countermeasure. The countermeasure's own inherent vulnerabilities and those introduced by the system's integration with the existing system are analyzed and modeled to determine the overall vulnerability impact. The United States infrastructure is composed of government and private assets. The infrastructure is valued by their potential impact on several components: human physical safety, physical/information replacement/repair cost, potential contribution to future loss (criticality in weapons production), direct productivity output, national macro-economic output/productivity, and information integrity. These components must be considered in determining the overall impact of an infrastructure security breach. Cost/benefit analysis is then incorporated in the security technology deployment decision process. Overall security risks based on system vulnerabilities and threat intelligence determines areas of potential benefit. Biometric countermeasures are often considered when additional security at intended points of entry would minimize vulnerabilities.

Focus on Resiliency: A Process-Oriented Approach to Security

DTIC Science & Technology

2005-11-01

by ANSI Std Z39-18 © 2005 Carnegie Mellon University CSI v1.0 2 Agenda About the SEI Characterizing the problem Security, resiliency, and risk A...2005 Carnegie Mellon University CSI v1.0 5 SEI Technical Programs Product Line Systems Dynamic Systems Software Engineering Process Management...University CSI v1.0 7 What is the problem? Is your organization’s security capability sufficient to identify and manage risks that result from failed

Risk Assessment of Power System considering the CPS of Transformers

NASA Astrophysics Data System (ADS)

Zhou, Long; Peng, Zewu; Liu, Xindong; Li, Canbing; Chen, Can

2018-02-01

This paper constructs a risk assessment framework of power system for device-level information security, analyzes the typical protection configuration of power transformers, and takes transformer gas protection and differential protection as examples to put forward a method that analyzes the cyber security in electric power system, which targets transformer protection parameters. We estimate the risk of power system accounting for the cyber security of transformer through utilizing Monte Carlo method and two indexes, which are the loss of load probability and the expected demand not supplied. The proposed approach is tested with IEEE 9 bus system and IEEE 118 bus system.

An Integrated Approach for Physical and Cyber Security Risk Assessment: The U.S. Army Corps of Engineers Common Risk Model for Dams

DTIC Science & Technology

2016-07-01

Common Risk Model for Dams ( CRM -D) Methodology,” for the Director, Cost Assessment and Program Evaluation, Office of Secretary of Defense and the...for Dams ( CRM -D), developed by the U.S. Army Corps of Engineers (USACE) in collaboration with the Institute for Defense Analyses (IDA) and the U.S...and cyber security risks across a portfolio of dams, and informing decisions on how to mitigate those risks. The CRM -D can effectively quantify the

How ISO/IEC 17799 can be used for base lining information assurance among entities using data mining for defense, homeland security, commercial, and other civilian/commercial domains

NASA Astrophysics Data System (ADS)

Perry, William G.

2006-04-01

One goal of database mining is to draw unique and valid perspectives from multiple data sources. Insights that are fashioned from closely-held data stores are likely to possess a high degree of reliability. The degree of information assurance comes into question, however, when external databases are accessed, combined and analyzed to form new perspectives. ISO/IEC 17799, Information technology-Security techniques-Code of practice for information security management, can be used to establish a higher level of information assurance among disparate entities using data mining in the defense, homeland security, commercial and other civilian/commercial domains. Organizations that meet ISO/IEC information security standards have identified and assessed risks, threats and vulnerabilities and have taken significant proactive steps to meet their unique security requirements. The ISO standards address twelve domains: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management and business continuity management and compliance. Analysts can be relatively confident that if organizations are ISO 17799 compliant, a high degree of information assurance is likely to be a characteristic of the data sets being used. The reverse may be true. Extracting, fusing and drawing conclusions based upon databases with a low degree of information assurance may be wrought with all of the hazards that come from knowingly using bad data to make decisions. Using ISO/IEC 17799 as a baseline for information assurance can help mitigate these risks.

Public views on multiple dimensions of security : nuclear waepons, terrorism, energy, and the environment : 2007.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Herron, Kerry Gale; Jenkins-Smith, Hank C.

2008-01-01

We analyze and compare findings from identical national surveys of the US general public on nuclear security and terrorism administered by telephone and Internet in mid-2007. Key areas of investigation include assessments of threats to US security; valuations of US nuclear weapons and nuclear deterrence; perspectives on nuclear proliferation, including the specific cases of North Korea and Iran; and support for investments in nuclear weapons capabilities. Our analysis of public views on terrorism include assessments of the current threat, progress in the struggle against terrorism, preferences for responding to terrorist attacks at different levels of assumed casualties, and support formore » domestic policies intended to reduce the threat of terrorism. Also we report findings from an Internet survey conducted in mid 2007 that investigates public views of US energy security, to include: energy supplies and reliability; energy vulnerabilities and threats, and relationships among security, costs, energy dependence, alternative sources, and research and investment priorities. We analyze public assessments of nuclear energy risks and benefits, nuclear materials management issues, and preferences for the future of nuclear energy in the US. Additionally, we investigate environmental issues as they relate to energy security, to include expected implications of global climate change, and relationships among environmental issues and potential policy options.« less

Food Security and Leukocyte Telomere Length in Adult Americans.

PubMed

Mazidi, Mohsen; Kengne, Andre Pascal; Vatanparast, Hassan

2017-01-01

Leukocyte telomere length (LTL) is a biomarker of biologic age. Whether food security status modulates LTL is still unknown. We investigated the association between food security and LTL in participants of the 1999-2002 US National Health and Nutrition Examination Survey (NHANES). Analysis of covariance (ANCOVA) was used to evaluate the association between food security categories and LTL controlling for sex, race, and education and accounting for the survey design and sample weights. We included 10,888 participants with 5228 (48.0%) being men. They were aged on average 44.1 years. In all, 2362 (21.7%) had less than high school, 2787 (25.6%) had achieved high school, while 5705 (52.5%) had done more than high school. In sex-, race-, and education-adjusted ANCOVA, average LTL (T/S ratio) for participants with high food security versus those with marginal, low, or very low food security was 1.32 versus 1.20 for the age group 25-35 years and 1.26 versus 1.11 for the 35-45 years, ( p < 0.001). The association between food insecurity and LTL shortening in young adults suggest that some of the future effects of food insecurity on chronic disease risk in this population could be mediated by telomere shortening.

78 FR 33995 - Nuclear Proliferation Assessment in Licensing Process for Enrichment or Reprocessing Facilities

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-06

... designed to minimize proliferation risks world-wide, including the Nuclear Non- Proliferation Treaty, the U... and licensees ensure that they comply with requirements designed to minimize proliferation risks... NRC's regulations on physical security, information security, material control and accounting, cyber...

Deterrence and Risk Preferences in Sequential Attacker-Defender Games with Continuous Efforts.

PubMed

Payyappalli, Vineet M; Zhuang, Jun; Jose, Victor Richmond R

2017-11-01

Most attacker-defender games consider players as risk neutral, whereas in reality attackers and defenders may be risk seeking or risk averse. This article studies the impact of players' risk preferences on their equilibrium behavior and its effect on the notion of deterrence. In particular, we study the effects of risk preferences in a single-period, sequential game where a defender has a continuous range of investment levels that could be strategically chosen to potentially deter an attack. This article presents analytic results related to the effect of attacker and defender risk preferences on the optimal defense effort level and their impact on the deterrence level. Numerical illustrations and some discussion of the effect of risk preferences on deterrence and the utility of using such a model are provided, as well as sensitivity analysis of continuous attack investment levels and uncertainty in the defender's beliefs about the attacker's risk preference. A key contribution of this article is the identification of specific scenarios in which the defender using a model that takes into account risk preferences would be better off than a defender using a traditional risk-neutral model. This study provides insights that could be used by policy analysts and decisionmakers involved in investment decisions in security and safety. © 2017 Society for Risk Analysis.

Security analysis for biometric data in ID documents

NASA Astrophysics Data System (ADS)

Schimke, Sascha; Kiltz, Stefan; Vielhauer, Claus; Kalker, Ton

2005-03-01

In this paper we analyze chances and challenges with respect to the security of using biometrics in ID documents. We identify goals for ID documents, set by national and international authorities, and discuss the degree of security, which is obtainable with the inclusion of biometric into documents like passports. Starting from classical techniques for manual authentication of ID card holders, we expand our view towards automatic methods based on biometrics. We do so by reviewing different human biometric attributes by modality, as well as by discussing possible techniques for storing and handling the particular biometric data on the document. Further, we explore possible vulnerabilities of potential biometric passport systems. Based on the findings of that discussion we will expand upon two exemplary approaches for including digital biometric data in the context of ID documents and present potential risks attack scenarios along with technical aspects such as capacity and robustness.

ASSOCIATIONS BETWEEN EARLY MATERNAL DEPRESSIVE SYMPTOM TRAJECTORIES AND TODDLERS' FELT SECURITY AT 18 MONTHS: ARE BOYS AND GIRLS AT DIFFERENTIAL RISK?

PubMed

Beeghly, Marjorie; Partridge, Ty; Tronick, Ed; Muzik, Maria; Rahimian Mashhadi, Mahya; Boeve, Jordan L; Irwin, Jessica L

2017-01-01

The goal of this study was to evaluate whether there are sex differences in children's vulnerability to caregiving risk, as indexed by trajectories of maternal depressive symptoms assessed from 2 to 18 months' postpartum, and children's rated attachment security in toddlerhood, adjusting for maternal social support and demographic risk. Analyses utilized longitudinal data collected for 182 African American mother-child dyads from economically diverse backgrounds. Participants were recruited at the time of the child's birth and followed to 18 months' postpartum. Results of conditional latent growth models indicated that an increasing rate of change in level of maternal depressive symptoms over time negatively predicted toddlers' felt attachment security. Higher social support was associated with decreasing levels of maternal depressive symptoms over time whereas higher demographic risk was associated with increasing levels of maternal depressive symptoms. A subsequent multigroup conditional latent growth model revealed that child sex moderated these associations. For male (but not female) children, a rapid increase in maternal depressive symptoms was associated with lower felt attachment security at 18 months. These findings suggest that boys, as compared to girls, may be more vulnerable to early caregiving risks such as maternal depression, with negative consequences for mother-child attachment security in toddlerhood. © 2017 Michigan Association for Infant Mental Health.

Patient and public views about the security and privacy of Electronic Health Records (EHRs) in the UK: results from a mixed methods study.

PubMed

Papoutsi, Chrysanthi; Reed, Julie E; Marston, Cicely; Lewis, Ruth; Majeed, Azeem; Bell, Derek

2015-10-14

Although policy discourses frame integrated Electronic Health Records (EHRs) as essential for contemporary healthcare systems, increased information sharing often raises concerns among patients and the public. This paper examines patient and public views about the security and privacy of EHRs used for health provision, research and policy in the UK. Sequential mixed methods study with a cross-sectional survey (in 2011) followed by focus group discussions (in 2012-2013). Survey participants (N = 5331) were recruited from primary and secondary care settings in West London (UK). Complete data for 2761 (51.8 %) participants were included in the final analysis for this paper. The survey results were discussed in 13 focus groups with people living with a range of different health conditions, and in 4 mixed focus groups with patients, health professionals and researchers (total N = 120). Qualitative data were analysed thematically. In the survey, 79 % of participants reported that they would worry about the security of their record if this was part of a national EHR system and 71 % thought the National Health Service (NHS) was unable to guarantee EHR safety at the time this work was carried out. Almost half (47 %) responded that EHRs would be less secure compared with the way their health record was held at the time of the survey. Of those who reported being worried about EHR security, many would nevertheless support their development (55 %), while 12 % would not support national EHRs and a sizeable proportion (33 %) were undecided. There were also variations by age, ethnicity and education. In focus group discussions participants weighed up perceived benefits against potential security and privacy threats from wider sharing of information, as well as discussing other perceived risks: commercial exploitation, lack of accountability, data inaccuracies, prejudice and inequalities in health provision. Patient and public worries about the security risks associated with integrated EHRs highlight the need for intensive public awareness and engagement initiatives, together with the establishment of trustworthy security and privacy mechanisms for health information sharing.

Developing an assessment of fire-setting to guide treatment in secure settings: the St Andrew's Fire and Arson Risk Instrument (SAFARI).

PubMed

Long, Clive G; Banyard, Ellen; Fulton, Barbara; Hollin, Clive R

2014-09-01

Arson and fire-setting are highly prevalent among patients in secure psychiatric settings but there is an absence of valid and reliable assessment instruments and no evidence of a significant approach to intervention. To develop a semi-structured interview assessment specifically for fire-setting to augment structured assessments of risk and need. The extant literature was used to frame interview questions relating to the antecedents, behaviour and consequences necessary to formulate a functional analysis. Questions also covered readiness to change, fire-setting self-efficacy, the probability of future fire-setting, barriers to change, and understanding of fire-setting behaviour. The assessment concludes with indications for assessment and a treatment action plan. The inventory was piloted with a sample of women in secure care and was assessed for comprehensibility, reliability and validity. Staff rated the St Andrews Fire and Risk Instrument (SAFARI) as acceptable to patients and easy to administer. SAFARI was found to be comprehensible by over 95% of the general population, to have good acceptance, high internal reliability, substantial test-retest reliability and validity. SAFARI helps to provide a clear explanation of fire-setting in terms of the complex interplay of antecedents and consequences and facilitates the design of an individually tailored treatment programme in sympathy with a cognitive-behavioural approach. Further studies are needed to verify the reliability and validity of SAFARI with male populations and across settings.

17 CFR 402.2 - Capital requirements for registered government securities brokers and dealers.

Code of Federal Regulations, 2010 CFR

2010-04-01

...) Options on those futures contracts described in paragraph (e)(1)(vii) of this section, settled on a cash... determining net worth, all long and short positions in unlisted options that are Treasury market risk... securities, debt instruments, and derivative instruments: (i) Government securities, except equity securities...

Department of Homeland Security Assistance to States and Localities: A Summary and Issues for the 111th Congress

DTIC Science & Technology

2009-06-08

Security Grant Program ...............................................................................6 Intercity Passenger Rail Program (Amtrak...6 Intercity Bus Security Grant Program...fy2009.pdf. 19 Additionally Amtrak is eligible to receive funding to continue security enhancements for its intercity rail services between high-risk

76 FR 15006 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-18

... risks of using securities depositories while assigning appropriate responsibilities to the fund's... SECURITIES AND EXCHANGE COMMISSION Proposed Collection; Comment Request Upon Written Request, Copies Available From: Securities and Exchange Commission, Office of Investor Education and Advocacy...

Trends in Research on the Security of Medical Information in Korea: Focused on Information Privacy Security in Hospitals.

PubMed

Kim, Yong-Woon; Cho, Namin; Jang, Hye-Jung

2018-01-01

Information technology involves a risk of privacy violation in providing easy access to confidential information,such as personal information and medical information through the Internet. In this study, we investigated medical information security to gain a better understanding of trends in research related to medical information security. We researched papers published on '의료정보' and 'medical information' in various Korean journals during a 10-year period from 2005 to 2015. We also analyzed these journal papers for each fiscal year; these papers were categorized into the areas of literature research and empirical research, and were further subdivided according to themes and subjects. It was confirmed that 48 papers were submitted to 35 academic journals. There were 33 (68.8%) literature review articles, and analysis of secondary data was not carried out at all. In terms of empirical research, 8 (16.7%) surveys and 7 (14.6%) program developments were studied. As a result of analyzing these papers according to the research theme by research method, 17 (35.4%) papers on laws, systems, and policies were the most numerous. It was found that among the literature research papers on medical personnel were the most common, and among the empirical research papers, research on experts in information protection and medical personnel were the most common. We suggest that further research should be done in terms of social perception, human resource development, and technology development to improve risk management in medical information systems.

Global maize trade and food security: implications from a social network model.

PubMed

Wu, Felicia; Guclu, Hasan

2013-12-01

In this study, we developed a social network model of the global trade of maize: one of the most important food, feed, and industrial crops worldwide, and critical to food security. We used this model to analyze patterns of maize trade among nations, and to determine where vulnerabilities in food security might arise if maize availability was decreased due to factors such as diversion to nonfood uses, climatic factors, or plant diseases. Using data on imports and exports from the U.N. Commodity Trade Statistics Database for each year from 2000 to 2009 inclusive, we summarized statistics on volumes of maize trade between pairs of nations for 217 nations. There is evidence of market segregation among clusters of nations; with three prominent clusters representing Europe, Brazil and Argentina, and the United States. The United States is by far the largest exporter of maize worldwide, whereas Japan and the Republic of Korea are the largest maize importers. In particular, the star-shaped cluster of the network that represents U.S. maize trade to other nations indicates the potential for food security risks because of the lack of trade these other nations conduct with other maize exporters. If a scenario arose in which U.S. maize could not be exported in as large quantities, maize supplies in many nations could be jeopardized. We discuss this in the context of recent maize ethanol production and its attendant impacts on food prices elsewhere worldwide. © 2013 Society for Risk Analysis.

Impact of Long-Term Care on Retirement Wellness.

PubMed

Rappaport, Anna M

2015-01-01

Retirement wellness is the result of retiring at an appropriate age, saving enough and managing risks appropriately. One of the major risks that often is not addressed effectively is the long-term care (LTC) risk, i.e., the risk of needing help due to physical or cognitive limitations. In 2014, the Society of Actuaries issued a call for papers on the link between LTC and retirement security. This article will discuss the topic of LTC and retirement security broadly, drawing from several of the papers. Some of the topics include the impact of LTC on the individual, family members and caregivers; modeling results showing the impact of LTC on assets needed for a secure retirement; alternative methods of financing LTC; the link between housing decisions and LTC; and some ideas for the future.

Wireless Sensor Network Security Enhancement Using Directional Antennas: State of the Art and Research Challenges.

PubMed

Curiac, Daniel-Ioan

2016-04-07

Being often deployed in remote or hostile environments, wireless sensor networks are vulnerable to various types of security attacks. A possible solution to reduce the security risks is to use directional antennas instead of omnidirectional ones or in conjunction with them. Due to their increased complexity, higher costs and larger sizes, directional antennas are not traditionally used in wireless sensor networks, but recent technology trends may support this method. This paper surveys existing state of the art approaches in the field, offering a broad perspective of the future use of directional antennas in mitigating security risks, together with new challenges and open research issues.

Prospective in-patient cohort study of moves between levels of therapeutic security: the DUNDRUM-1 triage security, DUNDRUM-3 programme completion and DUNDRUM-4 recovery scales and the HCR-20.

PubMed

Davoren, Mary; O'Dwyer, Sarah; Abidin, Zareena; Naughton, Leena; Gibbons, Olivia; Doyle, Elaine; McDonnell, Kim; Monks, Stephen; Kennedy, Harry G

2012-07-13

We examined whether new structured professional judgment instruments for assessing need for therapeutic security, treatment completion and recovery in forensic settings were related to moves from higher to lower levels of therapeutic security and added anything to assessment of risk. This was a prospective naturalistic twelve month observational study of a cohort of patients in a forensic hospital placed according to their need for therapeutic security along a pathway of moves from high to progressively less secure units in preparation for discharge. Patients were assessed using the DUNDRUM-1 triage security scale, the DUNDRUM-3 programme completion scale and the DUNDRUM-4 recovery scale and assessments of risk of violence, self harm and suicide, symptom severity and global function. Patients were subsequently observed for positive moves to less secure units and negative moves to more secure units. There were 86 male patients at baseline with mean follow-up 0.9 years, 11 positive and 9 negative moves. For positive moves, logistic regression indicated that along with location at baseline, the DUNDRUM-1, HCR-20 dynamic and PANSS general symptom scores were associated with subsequent positive moves. The receiver operating characteristic was significant for the DUNDRUM-1 while ANOVA co-varying for both location at baseline and HCR-20 dynamic score was significant for DUNDRUM-1. For negative moves, logistic regression showed DUNDRUM-1 and HCR-20 dynamic scores were associated with subsequent negative moves, along with DUNDRUM-3 and PANSS negative symptoms in some models. The receiver operating characteristic was significant for the DUNDRUM-4 recovery and HCR-20 dynamic scores with DUNDRUM-1, DUNDRUM-3, PANSS general and GAF marginal. ANOVA co-varying for both location at baseline and HCR-20 dynamic scores showed only DUNDRUM-1 and PANSS negative symptoms associated with subsequent negative moves. Clinicians appear to decide moves based on combinations of current and imminent (dynamic) risk measured by HCR-20 dynamic score and historical seriousness of risk as measured by need for therapeutic security (DUNDRUM-1) in keeping with Scott's formulation of risk and seriousness. The DUNDRUM-3 programme completion and DUNDRUM-4 recovery scales have utility as dynamic measures that can off-set perceived 'dangerousness'.

Prospective in-patient cohort study of moves between levels of therapeutic security: the DUNDRUM-1 triage security, DUNDRUM-3 programme completion and DUNDRUM-4 recovery scales and the HCR-20

PubMed Central

2012-01-01

Background We examined whether new structured professional judgment instruments for assessing need for therapeutic security, treatment completion and recovery in forensic settings were related to moves from higher to lower levels of therapeutic security and added anything to assessment of risk. Methods This was a prospective naturalistic twelve month observational study of a cohort of patients in a forensic hospital placed according to their need for therapeutic security along a pathway of moves from high to progressively less secure units in preparation for discharge. Patients were assessed using the DUNDRUM-1 triage security scale, the DUNDRUM-3 programme completion scale and the DUNDRUM-4 recovery scale and assessments of risk of violence, self harm and suicide, symptom severity and global function. Patients were subsequently observed for positive moves to less secure units and negative moves to more secure units. Results There were 86 male patients at baseline with mean follow-up 0.9 years, 11 positive and 9 negative moves. For positive moves, logistic regression indicated that along with location at baseline, the DUNDRUM-1, HCR-20 dynamic and PANSS general symptom scores were associated with subsequent positive moves. The receiver operating characteristic was significant for the DUNDRUM-1 while ANOVA co-varying for both location at baseline and HCR-20 dynamic score was significant for DUNDRUM-1. For negative moves, logistic regression showed DUNDRUM-1 and HCR-20 dynamic scores were associated with subsequent negative moves, along with DUNDRUM-3 and PANSS negative symptoms in some models. The receiver operating characteristic was significant for the DUNDRUM-4 recovery and HCR-20 dynamic scores with DUNDRUM-1, DUNDRUM-3, PANSS general and GAF marginal. ANOVA co-varying for both location at baseline and HCR-20 dynamic scores showed only DUNDRUM-1 and PANSS negative symptoms associated with subsequent negative moves. Conclusions Clinicians appear to decide moves based on combinations of current and imminent (dynamic) risk measured by HCR-20 dynamic score and historical seriousness of risk as measured by need for therapeutic security (DUNDRUM-1) in keeping with Scott's formulation of risk and seriousness. The DUNDRUM-3 programme completion and DUNDRUM-4 recovery scales have utility as dynamic measures that can off-set perceived 'dangerousness'. PMID:22794187

75 FR 1552 - Chemical Facility Anti-Terrorism Standards

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-12

... Protection Agency RMP--Risk Management Program SSP--Site Security Plan STQ--Screening Threshold Quantity SVA... Protection Agency (EPA) under the Clean Air Act's Risk Management Program (RMP) for counting-- or excluding... Safety, Information, Site Security and Fuels Regulatory Relief Act, Public Law 106-40. Cf. 72 FR 65410...

28 CFR 105.11 - Individuals not requiring a security risk assessment.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 28 Judicial Administration 2 2011-07-01 2011-07-01 false Individuals not requiring a security risk assessment. 105.11 Section 105.11 Judicial Administration DEPARTMENT OF JUSTICE (CONTINUED) CRIMINAL HISTORY BACKGROUND CHECKS Aviation Training for Aliens and Other Designated Individuals § 105.11 Individuals not...

28 CFR 105.11 - Individuals not requiring a security risk assessment.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 28 Judicial Administration 2 2013-07-01 2013-07-01 false Individuals not requiring a security risk assessment. 105.11 Section 105.11 Judicial Administration DEPARTMENT OF JUSTICE (CONTINUED) CRIMINAL HISTORY BACKGROUND CHECKS Aviation Training for Aliens and Other Designated Individuals § 105.11 Individuals not...

28 CFR 105.11 - Individuals not requiring a security risk assessment.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 28 Judicial Administration 2 2012-07-01 2012-07-01 false Individuals not requiring a security risk assessment. 105.11 Section 105.11 Judicial Administration DEPARTMENT OF JUSTICE (CONTINUED) CRIMINAL HISTORY BACKGROUND CHECKS Aviation Training for Aliens and Other Designated Individuals § 105.11 Individuals not...

28 CFR 105.11 - Individuals not requiring a security risk assessment.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 28 Judicial Administration 2 2014-07-01 2014-07-01 false Individuals not requiring a security risk assessment. 105.11 Section 105.11 Judicial Administration DEPARTMENT OF JUSTICE (CONTINUED) CRIMINAL HISTORY BACKGROUND CHECKS Aviation Training for Aliens and Other Designated Individuals § 105.11 Individuals not...

28 CFR 105.11 - Individuals not requiring a security risk assessment.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Individuals not requiring a security risk assessment. 105.11 Section 105.11 Judicial Administration DEPARTMENT OF JUSTICE (CONTINUED) CRIMINAL HISTORY BACKGROUND CHECKS Aviation Training for Aliens and Other Designated Individuals § 105.11 Individuals not...

Research on energy strategy and Chinese energy investment in the middle east

NASA Astrophysics Data System (ADS)

Huang, Yiling

2017-08-01

The Middle East is a key node of “One Belt and One Road strategy”. Energy investment is an important part of Chinese investment in the Middle East. The political turmoil in the Middle East has brought the political risks to Chinese investors. In the future, with the globalization of Chinese resource distribution and the expansion of Chinese outward investment, it is significant for China to ensure its energy security. Based on the analysis of the situation of Chinese energy strategy in the Middle East, this paper tries to put forward some suggestion about Chinese energy investment in the Middle East in order to protect Chinese energy security effectively.

Risk management. National Aeronautics and Space Administration (NASA). Interim rule adopted as final with changes.

PubMed

2000-11-22

This is a final rule amending the NASA FAR Supplement (NFS) to emphasize considerations of risk management, including safety, security (including information technology security), health, export control, and damage to the environment, within the acquisition process. This final rule addresses risk management within the context of acquisition planning, selecting sources, choosing contract type, structuring award fee incentives, administering contracts, and conducting contractor surveillance.

Potential terrorist uses of highway-borne hazardous materials.

DOT National Transportation Integrated Search

2010-01-01

The Department of Homeland Security (DHS) has requested that the Mineta Transportation Institutes National Transportation Security Center of Excellence (MTI NTSCOE) provide any research it has or insights it can provide on the security risks creat...

Safe teleradiology: information assurance as project planning methodology.

PubMed

Collmann, Jeff; Alaoui, Adil; Nguyen, Dan; Lindisch, David

2005-01-01

The Georgetown University Medical Center Department of Radiology used a tailored version of OCTAVE, a self-directed information security risk assessment method, to design a teleradiology system that complied with the regulation implementing the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The system addressed threats to and vulnerabilities in the privacy and security of protected health information. By using OCTAVE, Georgetown identified the teleradiology program's critical assets, described threats to the assurance of those assets, developed and ran vulnerability scans of a system pilot, evaluated the consequences of security breaches, and developed a risk management plan to mitigate threats to program assets, thereby implementing good information assurance practices. This case study illustrates the basic point that prospective, comprehensive planning to protect the privacy and security of an information system strategically benefits program management as well as system security.

How to implement security controls for an information security program at CBRN facilities

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in anmore » easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.« less

Comparing 2 Adhesive Methods on Skin Integrity in the High-Risk Neonate.

PubMed

Boswell, Nicole; Waker, Cheryl L

2016-12-01

Nurses have a primary role in promoting neonatal skin integrity and skin care management of the critically ill neonate. Adhesive products are essential to secure needed medical devices but can be a significant factor contributing to skin breakdown. Current literature does not offer a definitive answer regarding which products most safely and effectively work to secure needed devices in the high-risk neonatal population. To determine which adhesive method is best practice to safely and effectively secure lines/tubes in the high-risk neonate population. The only main effect that was significant was age group with mean skin scores. Subjects in the younger group (24-28 weeks) had higher skin scores than in the older group (28-34 weeks), validating that younger gestations are at higher risk of breakdown with the use of adhesives. The findings did not clearly identify which product was superior to secure tubes and lines, or was the least injurious to skin of the high-risk neonate. Neither a transparent dressing only or transparent dressing over hydrocolloid method clearly demonstrated an advantage in the high-risk, preterm neonate. Anecdotal comments suggested staff preferred the transparent dressing over hydrocolloid method as providing better adhesive while protecting skin integrity. The findings validated that younger gestations are at higher risk of breakdown with the use of adhesives and therefore require close vigilance to maintain skin integrity.

Vulnerability Analysis and Evaluation of Urban Road System in Tianjin

NASA Astrophysics Data System (ADS)

Liu, Y. Q.; Wu, X.

In recent years, with the development of economy, the road construction of our country has entered into a period of rapid growth. The road transportation network has been expanding and the risk of disasters is increasing. In this paper we study the vulnerability of urban road system in Tianjin. After analyzed many risk factors of the urban road system security, including road construction, road traffic and the natural environment, we proposed an evaluation index of vulnerability of urban road system and established the corresponding evaluation index system. Based on the results of analysis and comprehensive evaluation, appropriate improvement measures and suggestions which may reduce the vulnerability of the road system and improve the safety and reliability of the road system are proposed.

Israel security in the 21st century: Risks and opportunities. Research report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Eisenkot, G.

Unlike the United States which publicizes its national security strategy and national military strategy in official public documents, Israel, does not produce such documents for the general public. This may appear paradoxical in that the State of Israel, from its very inception, has invested enormous energy in its security. Nevertheless, Israel has no detailed security doctrine approved and updated by the Cabinet, the Knesset (Israel`s parliament) or the General Staff. The lack of an official, published, security doctrine does not imply that Israel lacks a coherent political and military strategy based on doctrine-like concepts. Israel`s political and military successes aremore » proof to the contrary. Our purpose, then, is to identify a number of the critical Security Principles that have shaped Israeli strategy. This will provide us the foundation for our main discussion which is the risks and challenges to Israeli security in the 21st century and possible responses to those challenges.« less

Endogeneity in prison risk classification.

PubMed

Shermer, Lauren O'Neill; Bierie, David M; Stock, Amber

2013-10-01

Security designation tools are a key feature of all prisons in the United States, intended as objective measures of risk that funnel inmates into security levels-to prison environments varying in degree of intrusiveness, restriction, dangerousness, and cost. These tools are mostly (if not all) validated by measuring inmates on a set of characteristics, using scores from summations of that information to assign inmates to prisons of varying security level, and then observing whether inmates assumed more risky did in fact offend more. That approach leaves open the possibility of endogeneity--that the harsher prisons are themselves bringing about higher misconduct and thus biasing coefficients assessing individual risk. The current study assesses this potential bias by following an entry cohort of inmates to more than 100 facilities in the Federal Bureau of Prisons (BOP) and exploiting the substantial variation in classification scores within a given prison that derive from systematic overrides of security-level designations for reasons not associated with risk of misconduct. By estimating pooled models of misconduct along with prison-fixed effects specifications, the data show that a portion of the predictive accuracy thought associated with the risk-designation tool used in BOP was a function of facility-level contamination (endogeneity).

Functional-analytical capabilities of GIS technology in the study of water use risks

NASA Astrophysics Data System (ADS)

Nevidimova, O. G.; Yankovich, E. P.; Yankovich, K. S.

2015-02-01

Regional security aspects of economic activities are of great importance for legal regulation in environmental management. This has become a critical issue due to climate change, especially in regions where severe climate conditions have a great impact on almost all types of natural resource uses. A detailed analysis of climate and hydrological situation in Tomsk Oblast considering water use risks was carried out. Based on developed author's techniques an informational and analytical database was created using ArcGIS software platform, which combines statistical (quantitative) and spatial characteristics of natural hazards and socio-economic factors. This system was employed to perform areal zoning according to the degree of water use risks involved.

Small numbers, disclosure risk, security, and reliability issues in Web-based data query systems.

PubMed

Rudolph, Barbara A; Shah, Gulzar H; Love, Denise

2006-01-01

This article describes the process for developing consensus guidelines and tools for releasing public health data via the Web and highlights approaches leading agencies have taken to balance disclosure risk with public dissemination of reliable health statistics. An agency's choice of statistical methods for improving the reliability of released data for Web-based query systems is based upon a number of factors, including query system design (dynamic analysis vs preaggregated data and tables), population size, cell size, data use, and how data will be supplied to users. The article also describes those efforts that are necessary to reduce the risk of disclosure of an individual's protected health information.

Community Savings Groups, Financial Security, and HIV Risk Among Female Sex Workers in Iringa, Tanzania.

PubMed

Mantsios, Andrea; Galai, Noya; Mbwambo, Jessie; Likindikoki, Samuel; Shembilu, Catherine; Mwampashi, Ard; Beckham, S W; Leddy, Anna; Davis, Wendy; Sherman, Susan; Kennedy, Caitlin; Kerrigan, Deanna

2018-02-24

This study assessed the association between community savings group participation and consistent condom use (CCU) among female sex workers (FSW) in Iringa, Tanzania. Using cross-sectional data from a survey of venue-based FSW (n = 496), logistic regression was used to examine the associations between financial indicators including community savings group participation and CCU. Over one-third (35%) of the women participated in a savings group. Multivariable regression results indicated that participating in a savings group was significantly associated with nearly two times greater odds of CCU with new clients in the last 30 days (aOR = 1.77, 95% CI 1.10-2.86). Exploratory mediation analysis indicated that the relationship between savings group participation and CCU was partially mediated by financial security, as measured by monthly income. Findings indicate that community savings groups may play an important role in reducing sexual risk behaviors of FSW and hold promise as part of comprehensive, community-led HIV prevention strategies among FSW.

Climate smart agriculture, farm household typologies and food security: An ex-ante assessment from Eastern India.

PubMed

Lopez-Ridaura, Santiago; Frelat, Romain; van Wijk, Mark T; Valbuena, Diego; Krupnik, Timothy J; Jat, M L

2018-01-01

One of the great challenges in agricultural development and sustainable intensification is the assurance of social equity in food security oriented interventions. Development practitioners, researchers, and policy makers alike could benefit from prior insight into what interventions or environmental shocks might differentially affect farmers' food security status, in order to move towards more informed and equitable development. We examined the food security status and livelihood activities of 269 smallholder farm households (HHs) in Bihar, India. Proceeding with a four-step analysis, we first applied a multivariate statistical methodology to differentiate five primary farming system types. We next applied an indicator of food security in the form of HH potential food availability (PFA), and examined the contribution of crop, livestock, and on- and off-farm income generation to PFA within each farm HH type. Lastly, we applied scenario analysis to examine the potential impact of the adoption of 'climate smart' agricultural (CSA) practices in the form of conservation agriculture (CA) and improved livestock husbandry, and environmental shocks on HH PFA. Our results indicate that compared to livestock interventions, CA may hold considerable potential to boost HH PFA, though primarily for wealthier and medium-scale cereal farmers. These farm HH types were however considerably more vulnerable to food insecurity risks resulting from simulated drought, while part-time farmers and resource-poor agricultural laborers generating income from off-farm pursuits were comparatively less vulnerable, due in part to their more diversified income sources and potential to migrate in search of work. Our results underscore the importance of prior planning for development initiatives aimed at increasing smallholder food security while maintaining social equity, while providing a robust methodology to vet the implications of agricultural interventions on an ex ante basis.

'Haven of safety' and 'secure base': a qualitative inquiry into factors affecting child attachment security in Nairobi, Kenya.

PubMed

Polkovnikova-Wamoto, Anastasia; Mathai, Muthoni; Stoep, Ann Vander; Kumar, Manasi

2016-01-01

Secure attachment in childhood and adolescence protects children from engagement in high risk behaviors and development of mental health problems over the life span. Poverty has been shown to create impoverishment in certain aspects of caregiving and correspondingly to compromise development of secure attachment in children. Nineteen children 8 to 14 years old from two schools in a middle income area and an urban informal settlement area of Nairobi were interviewed using an adapted Child Attachment Interview (CAI) protocol. CAI was developed to provide a glimpse into the 'meta-theories' children have about themselves, parents, parenting and their attachment ties with parents and extended family members. Narratives obtained with the CAI were analyzed using thematic analysis. Both Bowlby's idea of 'secure base' as well as Bronfrenbrenner's 'ecological niche' are used as reference points to situate child attachment and parenting practices in the larger Kenyan context. We found that with slight linguistic alterations CAI can be used to assess attachment security of Kenyan children in this particular age range. We also found that the narration ability in both groups of children was generally good such that formal coding was possible, despite cultural differences. Our analysis suggested differences in narrative quality across the children from middle class and lower socio-economic class schools on specific themes such as: sensitivity of parenting (main aspects of sensitivity were associated with disciplinary methods and child's access to education), birth order , parental emotional availability , and severity of inter-parental conflicts and child's level of exposure. The paper puts in context a few cultural practices such as greater household responsibility accorded to the eldest child and stern to harsh disciplinary methods adopted by parents in the Kenyan setting.

Guidelines for Working with Law Enforcement Agencies

ERIC Educational Resources Information Center

Corn, Michael

2007-01-01

Many security professionals choose the career because of an interest in the technology of security. Few realize the degree to which a contemporary security office interacts with law enforcement agencies (LEAs) such as the FBI and state, local, and campus police. As the field of information security has matured, the language of risk management is…

Information Data Security Specialists' and Business Leaders' Experiences Regarding Communication Challenges

ERIC Educational Resources Information Center

Lopez, Robert H.

2012-01-01

The problem addressed was the need to maintain data security in the field of information technology. Specifically, the breakdown of communication between business leaders and data security specialists create risks to data security. The purpose of this qualitative phenomenological study was to determine which factors would improve communication…

75 FR 23274 - Privacy Act of 1974; Department of Homeland Security United States Immigration Customs and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-03

... is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2010-0031] Privacy Act of 1974; Department of Homeland Security United States Immigration Customs and Enforcement--011...

A Study on the Security Levels of Spread-Spectrum Embedding Schemes in the WOA Framework.

PubMed

Wang, Yuan-Gen; Zhu, Guopu; Kwong, Sam; Shi, Yun-Qing

2017-08-23

Security analysis is a very important issue for digital watermarking. Several years ago, according to Kerckhoffs' principle, the famous four security levels, namely insecurity, key security, subspace security, and stego-security, were defined for spread-spectrum (SS) embedding schemes in the framework of watermarked-only attack. However, up to now there has been little application of the definition of these security levels to the theoretical analysis of the security of SS embedding schemes, due to the difficulty of the theoretical analysis. In this paper, based on the security definition, we present a theoretical analysis to evaluate the security levels of five typical SS embedding schemes, which are the classical SS, the improved SS (ISS), the circular extension of ISS, the nonrobust and robust natural watermarking, respectively. The theoretical analysis of these typical SS schemes are successfully performed by taking advantage of the convolution of probability distributions to derive the probabilistic models of watermarked signals. Moreover, simulations are conducted to illustrate and validate our theoretical analysis. We believe that the theoretical and practical analysis presented in this paper can bridge the gap between the definition of the four security levels and its application to the theoretical analysis of SS embedding schemes.

Chemical Industry Security: Voluntary or Mandatory Approach?

DTIC Science & Technology

2007-03-01

reasonably ask ourselves whether we run the risk of comparing apples and oranges when trying to learn something new from them.35 The main...Myriam Dunn’s caution of comparing apples and oranges in CIP strategies. The European Union strategy of classifying CI information does not appear...level to establish an effective oversight program. SWOT Analysis – New Jersey Department of Environmental Protection Strengths: • Existing

Perspectives on Cybersecurity Information Sharing among Multiple Stakeholders Using a Decision-Theoretic Approach.

PubMed

He, Meilin; Devine, Laura; Zhuang, Jun

2018-02-01

The government, private sectors, and others users of the Internet are increasingly faced with the risk of cyber incidents. Damage to computer systems and theft of sensitive data caused by cyber attacks have the potential to result in lasting harm to entities under attack, or to society as a whole. The effects of cyber attacks are not always obvious, and detecting them is not a simple proposition. As the U.S. federal government believes that information sharing on cybersecurity issues among organizations is essential to safety, security, and resilience, the importance of trusted information exchange has been emphasized to support public and private decision making by encouraging the creation of the Information Sharing and Analysis Center (ISAC). Through a decision-theoretic approach, this article provides new perspectives on ISAC, and the advent of the new Information Sharing and Analysis Organizations (ISAOs), which are intended to provide similar benefits to organizations that cannot fit easily into the ISAC structure. To help understand the processes of information sharing against cyber threats, this article illustrates 15 representative information sharing structures between ISAC, government, and other participating entities, and provide discussions on the strategic interactions between different stakeholders. This article also identifies the costs of information sharing and information security borne by different parties in this public-private partnership both before and after cyber attacks, as well as the two main benefits. This article provides perspectives on the mechanism of information sharing and some detailed cost-benefit analysis. © 2017 Society for Risk Analysis.

On determining specifications and selections of alternative technologies for airport checked-baggage security screening.

PubMed

Feng, Qianmei

2007-10-01

Federal law mandates that every checked bag at all commercial airports be screened by explosive detection systems (EDS), explosive trace detection systems (ETD), or alternative technologies. These technologies serve as critical components of airport security systems that strive to reduce security risks at both national and global levels. To improve the operational efficiency and airport security, emerging image-based technologies have been developed, such as dual-energy X-ray (DX), backscatter X-ray (BX), and multiview tomography (MVT). These technologies differ widely in purchasing cost, maintenance cost, operating cost, processing rate, and accuracy. Based on a mathematical framework that takes into account all these factors, this article investigates two critical issues for operating screening devices: setting specifications for continuous security responses by different technologies; and selecting technology or combination of technologies for efficient 100% baggage screening. For continuous security responses, specifications or thresholds are used for classifying threat items from nonthreat items. By investigating the setting of specifications on system security responses, this article assesses the risk and cost effectiveness of various technologies for both single-device and two-device systems. The findings provide the best selection of image-based technologies for both single-device and two-device systems. Our study suggests that two-device systems outperform single-device systems in terms of both cost effectiveness and accuracy. The model can be readily extended to evaluate risk and cost effectiveness of multiple-device systems for airport checked-baggage security screening.