Advanced approach to information security management system model for industrial control system.

PubMed

Park, Sanghyun; Lee, Kyungho

2014-01-01

Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

Advanced Approach to Information Security Management System Model for Industrial Control System

PubMed Central

2014-01-01

Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS. PMID:25136659

48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

Code of Federal Regulations, 2013 CFR

2013-10-01

... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive Information...

48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

Code of Federal Regulations, 2010 CFR

2010-10-01

... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive Information...

48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

Code of Federal Regulations, 2014 CFR

2014-10-01

... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive Information...

48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

Code of Federal Regulations, 2011 CFR

2011-10-01

... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive Information...

48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

Code of Federal Regulations, 2012 CFR

2012-10-01

... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive Information...

49 CFR 15.5 - Sensitive security information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... sources and methods used to gather or develop threat information, including threats against cyber infrastructure. (8) Security measures. Specific details of aviation or maritime transportation security measures... infrastructure asset information. Any list identifying systems or assets, whether physical or virtual, so vital...

49 CFR 15.5 - Sensitive security information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... sources and methods used to gather or develop threat information, including threats against cyber infrastructure. (8) Security measures. Specific details of aviation or maritime transportation security measures... infrastructure asset information. Any list identifying systems or assets, whether physical or virtual, so vital...

49 CFR 15.5 - Sensitive security information.

Code of Federal Regulations, 2013 CFR

2013-10-01

... sources and methods used to gather or develop threat information, including threats against cyber infrastructure. (8) Security measures. Specific details of aviation or maritime transportation security measures... infrastructure asset information. Any list identifying systems or assets, whether physical or virtual, so vital...

49 CFR 15.5 - Sensitive security information.

Code of Federal Regulations, 2012 CFR

2012-10-01

... sources and methods used to gather or develop threat information, including threats against cyber infrastructure. (8) Security measures. Specific details of aviation or maritime transportation security measures... infrastructure asset information. Any list identifying systems or assets, whether physical or virtual, so vital...

49 CFR 1520.9 - Restrictions on the disclosure of SSI.

Code of Federal Regulations, 2010 CFR

2010-10-01

... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.9 Restrictions on the disclosure of SSI. (a) Duty to... infrastructure information under section 214 of the Homeland Security Act, any covered person who is a Federal...

Implementing healthcare information security: standards can help.

PubMed

Orel, Andrej; Bernik, Igor

2013-01-01

Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.

78 FR 43230 - Agency Information Collection Activities: Submission to OMB for Reinstatement, Without Change, of...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-19

... Insured Credit Unions to maintain an information security program and an incident response plan that... Federally Insured Credit Unions to maintain an information security program and an incident response plan... credit unions to develop a written security program to safeguard sensitive member information. This...

Information security management system planning for CBRN facilities

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lenaeu, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.

The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

E-mail security. An overview of threats and safeguards.

PubMed

Stine, Kevin; Scholl, Matthew

2010-04-01

Not everyone in the organization needs to know how to secure the e-mail service, but anyone who handles patient information must understand e-mail's vulnerabilities and recognize when a system is secure enough to transmit sensitive information.

49 CFR 1520.5 - Sensitive security information.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., including threats against cyber infrastructure. (8) Security measures. Specific details of aviation...) Critical aviation, maritime, or rail infrastructure asset information. Any list identifying systems or...

49 CFR 1520.5 - Sensitive security information.

Code of Federal Regulations, 2012 CFR

2012-10-01

..., including threats against cyber infrastructure. (8) Security measures. Specific details of aviation...) Critical aviation, maritime, or rail infrastructure asset information. Any list identifying systems or...

49 CFR 1520.5 - Sensitive security information.

Code of Federal Regulations, 2011 CFR

2011-10-01

..., including threats against cyber infrastructure. (8) Security measures. Specific details of aviation...) Critical aviation, maritime, or rail infrastructure asset information. Any list identifying systems or...

49 CFR 1520.5 - Sensitive security information.

Code of Federal Regulations, 2013 CFR

2013-10-01

..., including threats against cyber infrastructure. (8) Security measures. Specific details of aviation...) Critical aviation, maritime, or rail infrastructure asset information. Any list identifying systems or...

Image Hashes as Templates for Verification

DOE Office of Scientific and Technical Information (OSTI.GOV)

Janik, Tadeusz; Jarman, Kenneth D.; Robinson, Sean M.

2012-07-17

Imaging systems can provide measurements that confidently assess characteristics of nuclear weapons and dismantled weapon components, and such assessment will be needed in future verification for arms control. Yet imaging is often viewed as too intrusive, raising concern about the ability to protect sensitive information. In particular, the prospect of using image-based templates for verifying the presence or absence of a warhead, or of the declared configuration of fissile material in storage, may be rejected out-of-hand as being too vulnerable to violation of information barrier (IB) principles. Development of a rigorous approach for generating and comparing reduced-information templates from images,more » and assessing the security, sensitivity, and robustness of verification using such templates, are needed to address these concerns. We discuss our efforts to develop such a rigorous approach based on a combination of image-feature extraction and encryption-utilizing hash functions to confirm proffered declarations, providing strong classified data security while maintaining high confidence for verification. The proposed work is focused on developing secure, robust, tamper-sensitive and automatic techniques that may enable the comparison of non-sensitive hashed image data outside an IB. It is rooted in research on so-called perceptual hash functions for image comparison, at the interface of signal/image processing, pattern recognition, cryptography, and information theory. Such perceptual or robust image hashing—which, strictly speaking, is not truly cryptographic hashing—has extensive application in content authentication and information retrieval, database search, and security assurance. Applying and extending the principles of perceptual hashing to imaging for arms control, we propose techniques that are sensitive to altering, forging and tampering of the imaged object yet robust and tolerant to content-preserving image distortions and noise. Ensuring that the information contained in the hashed image data (available out-of-IB) cannot be used to extract sensitive information about the imaged object is of primary concern. Thus the techniques are characterized by high unpredictability to guarantee security. We will present an assessment of the performance of our techniques with respect to security, sensitivity and robustness on the basis of a methodical and mathematically precise framework.« less

49 CFR 1520.17 - Consequences of unauthorized disclosure of SSI.

Code of Federal Regulations, 2010 CFR

2010-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.17 Consequences of unauthorized disclosure of...

Threat Modelling Adobe PDF

DTIC Science & Technology

2012-08-01

this attack sensitive information relating to their two-factor authentication process, employed within RSA’s products, was stolen; potentially... authenticated session the victim has with another website. This could allow the attacker to impersonate the victim or obtain sensitive information...all that is not blacklisted is authorised . We will outline relevant security settings in this section. 4.1 Adobe End-User Security Modification

48 CFR 3439.702 - Department security requirements.

Code of Federal Regulations, 2012 CFR

2012-10-01

... ACQUISITION REGULATION SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Department Requirements for Acquisition of Information Technology 3439.702 Department security requirements. The...) involves the design, operation, repair, or maintenance of information systems and access to sensitive but...

48 CFR 3439.702 - Department security requirements.

Code of Federal Regulations, 2013 CFR

2013-10-01

... ACQUISITION REGULATION SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Department Requirements for Acquisition of Information Technology 3439.702 Department security requirements. The...) involves the design, operation, repair, or maintenance of information systems and access to sensitive but...

48 CFR 3439.702 - Department security requirements.

Code of Federal Regulations, 2011 CFR

2011-10-01

... ACQUISITION REGULATION SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Department Requirements for Acquisition of Information Technology 3439.702 Department security requirements. The...) involves the design, operation, repair, or maintenance of information systems and access to sensitive but...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2011 CFR

2011-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

39 CFR 267.2 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... STATES POSTAL SERVICE ORGANIZATION AND ADMINISTRATION PROTECTION OF INFORMATION § 267.2 Policy..., and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These...

12 CFR Appendix B to Part 570 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2010 CFR

2010-01-01

... reports; or (B) Blind data, such as payment history on accounts that are not personally identifiable, that... technology, the sensitivity of your customer information, internal or external threats to information, and... Information Technology Examination Handbook, Information Security Booklet, Dec. 2002 available at http://www...

78 FR 7431 - Cbr Systems, Inc.; Analysis of Proposed Consent Order To Aid Public Comment

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-01

... include any sensitive personal information, like anyone's Social Security number, date of birth, driver's... limited to, the following: name, address, email address, telephone number, date of birth, Social Security... collects personal information, such as fathers' Social Security numbers, and the company collects...

Ultra-Wideband Multi-Dye-Sensitized Upconverting Nanoparticles for Information Security Application.

PubMed

Lee, Jongha; Yoo, Byeongjun; Lee, Hakyong; Cha, Gi Doo; Lee, Hee-Su; Cho, Youngho; Kim, Sang Yeon; Seo, Hyunseon; Lee, Woongchan; Son, Donghee; Kang, Myungjoo; Kim, Hyung Min; Park, Yong Il; Hyeon, Taeghwan; Kim, Dae-Hyeong

2017-01-01

Multi-dye-sensitized upconverting nanoparticles (UCNPs), which harvest photons of wide wavelength range (450-975 nm) are designed and synthesized. The UCNPs embedded in a photo-acid generating layer are integrated on destructible nonvolatile resistive memory device. Upon illumination of light, the system permanently erases stored data, achieving enhanced information security. © 2016 WILEY-VCH Verlag GmbH & Co. KGaA, Weinheim.

48 CFR 1352.237-72 - Security processing requirements-national security contracts.

Code of Federal Regulations, 2010 CFR

2010-10-01

.... National Security Contracts require contractor employees to gain access to national security information in.... (c) Security Procedures. Position sensitivity/risk assessments must be conducted on all functions... same manner as assessment of those functions performed by government employees. The Contracting Officer...

48 CFR 1352.237-72 - Security processing requirements-national security contracts.

Code of Federal Regulations, 2012 CFR

2012-10-01

.... National Security Contracts require contractor employees to gain access to national security information in.... (c) Security procedures. Position sensitivity/risk assessments must be conducted on all functions... same manner as assessment of those functions performed by government employees. The Contracting Officer...

48 CFR 1352.237-72 - Security processing requirements-national security contracts.

Code of Federal Regulations, 2014 CFR

2014-10-01

.... National Security Contracts require contractor employees to gain access to national security information in.... (c) Security procedures. Position sensitivity/risk assessments must be conducted on all functions... same manner as assessment of those functions performed by government employees. The Contracting Officer...

48 CFR 1352.237-72 - Security processing requirements-national security contracts.

Code of Federal Regulations, 2011 CFR

2011-10-01

.... National Security Contracts require contractor employees to gain access to national security information in.... (c) Security Procedures. Position sensitivity/risk assessments must be conducted on all functions... same manner as assessment of those functions performed by government employees. The Contracting Officer...

49 CFR 15.5 - Sensitive security information.

Code of Federal Regulations, 2010 CFR

2010-10-01

... requirements of Federal law. (5) Vulnerability assessments. Any vulnerability assessment directed, created... security requirements of Federal law that could reveal a security vulnerability, including the identity of... Guard responsible for conducting vulnerability assessments, security boardings, or engaged in operations...

49 CFR 1520.7 - Covered persons.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.7 Covered persons. Persons subject to the requirements of part 1520 are: (a...

49 CFR 1520.7 - Covered persons.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.7 Covered persons. Persons subject to the requirements of part 1520 are: (a...

49 CFR 1520.7 - Covered persons.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.7 Covered persons. Persons subject to the requirements of part 1520 are: (a...

49 CFR 1520.7 - Covered persons.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.7 Covered persons. Persons subject to the requirements of part 1520 are: (a...

49 CFR 1520.7 - Covered persons.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.7 Covered persons. Persons subject to the requirements of part 1520 are: (a...

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gilbert, Andrew J.; Miller, Brian W.; Robinson, Sean M.

Imaging technology is generally considered too invasive for arms control inspections due to the concern that it cannot properly secure sensitive features of the inspected item. But, this same sensitive information, which could include direct information on the form and function of the items under inspection, could be used for robust arms control inspections. The single-pixel X-ray imager (SPXI) is introduced as a method to make such inspections, capturing the salient spatial information of an object in a secure manner while never forming an actual image. We built this method on the theory of compressive sensing and the single pixelmore » optical camera. The performance of the system is quantified using simulated inspections of simple objects. Measures of the robustness and security of the method are introduced and used to determine how robust and secure such an inspection would be. Particularly, it is found that an inspection with low noise (<1%) and high undersampling (>256×) exhibits high robustness and security.« less

Automated Detection of Privacy Sensitive Conditions in C-CDAs: Security Labeling Services at the Department of Veterans Affairs

PubMed Central

Bouhaddou, Omar; Davis, Mike; Donahue, Margaret; Mallia, Anthony; Griffin, Stephania; Teal, Jennifer; Nebeker, Jonathan

2016-01-01

Care coordination across healthcare organizations depends upon health information exchange. Various policies and laws govern permissible exchange, particularly when the information includes privacy sensitive conditions. The Department of Veterans Affairs (VA) privacy policy has required either blanket consent or manual sensitivity review prior to exchanging any health information. The VA experience has been an expensive, administratively demanding burden on staffand Veterans alike, particularly for patients without privacy sensitive conditions. Until recently, automatic sensitivity determination has not been feasible. This paper proposes a policy-driven algorithmic approach (Security Labeling Service or SLS) to health information exchange that automatically detects the presence or absence of specific privacy sensitive conditions and then, to only require a Veteran signed consent for release when actually present. The SLS was applied successfully to a sample of real patient Consolidated-Clinical Document Architecture(C-CDA) documents. The SLS identified standard terminology codes by both parsing structured entries and analyzing textual information using Natural Language Processing (NLP). PMID:28269828

Automated Detection of Privacy Sensitive Conditions in C-CDAs: Security Labeling Services at the Department of Veterans Affairs.

PubMed

Bouhaddou, Omar; Davis, Mike; Donahue, Margaret; Mallia, Anthony; Griffin, Stephania; Teal, Jennifer; Nebeker, Jonathan

2016-01-01

Care coordination across healthcare organizations depends upon health information exchange. Various policies and laws govern permissible exchange, particularly when the information includes privacy sensitive conditions. The Department of Veterans Affairs (VA) privacy policy has required either blanket consent or manual sensitivity review prior to exchanging any health information. The VA experience has been an expensive, administratively demanding burden on staffand Veterans alike, particularly for patients without privacy sensitive conditions. Until recently, automatic sensitivity determination has not been feasible. This paper proposes a policy-driven algorithmic approach (Security Labeling Service or SLS) to health information exchange that automatically detects the presence or absence of specific privacy sensitive conditions and then, to only require a Veteran signed consent for release when actually present. The SLS was applied successfully to a sample of real patient Consolidated-Clinical Document Architecture(C-CDA) documents. The SLS identified standard terminology codes by both parsing structured entries and analyzing textual information using Natural Language Processing (NLP).

The Battle to Secure Our Public Access Computers

ERIC Educational Resources Information Center

Sendze, Monique

2006-01-01

Securing public access workstations should be a significant part of any library's network and information-security strategy because of the sensitive information patrons enter on these workstations. As the IT manager for the Johnson County Library in Kansas City, Kan., this author is challenged to make sure that thousands of patrons get the access…

48 CFR 3004.470-1 - Scope.

Code of Federal Regulations, 2010 CFR

2010-10-01

... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive Information Within Industry 3004.470-1 Scope. This section implements DHS's policies for assuring the security of unclassified facilities, Information Technology (IT) resources, and sensitive information during the...

A single-pixel X-ray imager concept and its application to secure radiographic inspections

DOE PAGES

Gilbert, Andrew J.; Miller, Brian W.; Robinson, Sean M.; ...

2017-07-01

Imaging technology is generally considered too invasive for arms control inspections due to the concern that it cannot properly secure sensitive features of the inspected item. But, this same sensitive information, which could include direct information on the form and function of the items under inspection, could be used for robust arms control inspections. The single-pixel X-ray imager (SPXI) is introduced as a method to make such inspections, capturing the salient spatial information of an object in a secure manner while never forming an actual image. We built this method on the theory of compressive sensing and the single pixelmore » optical camera. The performance of the system is quantified using simulated inspections of simple objects. Measures of the robustness and security of the method are introduced and used to determine how robust and secure such an inspection would be. Particularly, it is found that an inspection with low noise (<1%) and high undersampling (>256×) exhibits high robustness and security.« less

A single-pixel X-ray imager concept and its application to secure radiographic inspections

NASA Astrophysics Data System (ADS)

Gilbert, Andrew J.; Miller, Brian W.; Robinson, Sean M.; White, Timothy A.; Pitts, William Karl; Jarman, Kenneth D.; Seifert, Allen

2017-07-01

Imaging technology is generally considered too invasive for arms control inspections due to the concern that it cannot properly secure sensitive features of the inspected item. However, this same sensitive information, which could include direct information on the form and function of the items under inspection, could be used for robust arms control inspections. The single-pixel X-ray imager (SPXI) is introduced as a method to make such inspections, capturing the salient spatial information of an object in a secure manner while never forming an actual image. The method is built on the theory of compressive sensing and the single pixel optical camera. The performance of the system is quantified using simulated inspections of simple objects. Measures of the robustness and security of the method are introduced and used to determine how robust and secure such an inspection would be. In particular, it is found that an inspection with low noise ( < 1 %) and high undersampling ( > 256 ×) exhibits high robustness and security.

49 CFR 1520.13 - Marking SSI.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.13 Marking SSI. (a) Marking of paper records. In the case of paper records...

49 CFR 1520.19 - Destruction of SSI.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.19 Destruction of SSI. (a) DHS. Subject to the requirements of the Federal...

48 CFR 252.239-7016 - Telecommunications security equipment, devices, techniques, and services.

Code of Federal Regulations, 2010 CFR

2010-10-01

..., record, and data communications, including management information systems and local data networks that...) Sensitive information means any information the loss, misuse, or modification of which, or unauthorized... subcontractors to transmit— (i) Classified or sensitive information; (ii) Matters involving intelligence...

10 CFR 10.35 - Reconsideration of cases.

Code of Federal Regulations, 2014 CFR

2014-01-01

... DATA OR NATIONAL SECURITY INFORMATION OR AN EMPLOYMENT CLEARANCE Procedures § 10.35 Reconsideration of... Director for Corporate Management and Chief Information Officer or the Commission has made a determination... sensitivity of the Restricted Data or National Security Information to which the individual has or will have...

10 CFR 10.35 - Reconsideration of cases.

Code of Federal Regulations, 2013 CFR

2013-01-01

... DATA OR NATIONAL SECURITY INFORMATION OR AN EMPLOYMENT CLEARANCE Procedures § 10.35 Reconsideration of... Director for Corporate Management and Chief Information Officer or the Commission has made a determination... sensitivity of the Restricted Data or National Security Information to which the individual has or will have...

Approach to spatial information security based on digital certificate

NASA Astrophysics Data System (ADS)

Cong, Shengri; Zhang, Kai; Chen, Baowen

2005-11-01

With the development of the online applications of geographic information systems (GIS) and the spatial information services, the spatial information security becomes more important. This work introduced digital certificates and authorization schemes into GIS to protect the crucial spatial information combining the techniques of the role-based access control (RBAC), the public key infrastructure (PKI) and the privilege management infrastructure (PMI). We investigated the spatial information granularity suited for sensitivity marking and digital certificate model that fits the need of GIS security based on the semantics analysis of spatial information. It implements a secure, flexible, fine-grained data access based on public technologies in GIS in the world.

Big data, little security: Addressing security issues in your platform

NASA Astrophysics Data System (ADS)

Macklin, Thomas; Mathews, Joseph

2017-05-01

This paper describes some patterns for information security problems that consistently emerge among traditional enterprise networks and applications, both with respect to cyber threats and data sensitivity. We draw upon cases from qualitative studies and interviews of system developers, network operators, and certifiers of military applications. Specifically, the problems discussed involve sensitivity of data aggregates, training efficacy, and security decision support in the human machine interface. While proven techniques can address many enterprise security challenges, we provide additional recommendations on how to further improve overall security posture, and suggest additional research thrusts to address areas where known gaps remain.

Department of Defense Intelligence Information System (DoDIIS). Instructions 2000

DTIC Science & Technology

2000-02-01

DIA, November 1993, DoDIIS Site Certifier’s Guide, SC-2610-143-93. e) DIA, June 1995, DoDIIS Security Architecture Guidance and Directions ( SAGD ), Draft...Plan S&T Scientific & Technical SAGD Security Architecture Guidance and Directions SBU Sensitive But Unclassified SCI Sensitive Compartmented

Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

PubMed

Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

2015-01-01

This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

Information Resource Management Planning in the Office of the Under Secretary of Defense (Acquisition)

DTIC Science & Technology

1989-08-01

Include in this plan the role of the Defense Technical Information Center (DTIC), the Defense Technology Security Administration ( DTSA ), and ODDR&E’s...DTIC = Defense Technical Information Center DTSA = Defense Technology Security Administration DUSD = Deputy Under Secretary of Defense Gloss. 2 DUSD...technologically sensitive requests. The Defense Technology Security Administi ation ( DTSA ) is developing a large system to track foreign military sales

49 CFR 1520.15 - SSI disclosed by TSA or the Coast Guard.

Code of Federal Regulations, 2010 CFR

2010-10-01

... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.15 SSI disclosed by TSA or the Coast Guard. (a) In... allegations contained in a legal enforcement action document issued by TSA or the Coast Guard. (2) Security...

49 CFR 1520.11 - Persons with a need to know.

Code of Federal Regulations, 2010 CFR

2010-10-01

....11 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.11 Persons with a need to know. (a) In general. A person has a need to...

49 CFR 15.9 - Restrictions on the disclosure of SSI.

Code of Federal Regulations, 2011 CFR

2011-10-01

... information under section 214 of the Homeland Security Act, any covered person who is a Federal employee in... Section 15.9 Transportation Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.9 Restrictions on the disclosure of SSI. (a) Duty to protect information. A covered person...

49 CFR 15.9 - Restrictions on the disclosure of SSI.

Code of Federal Regulations, 2010 CFR

2010-10-01

... information under section 214 of the Homeland Security Act, any covered person who is a Federal employee in... Section 15.9 Transportation Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.9 Restrictions on the disclosure of SSI. (a) Duty to protect information. A covered person...

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gilbert, Andrew J.; Miller, Brian W.; Robinson, Sean M.

Imaging technology is generally considered too invasive for arms control inspections due to the concern that it cannot properly secure sensitive features of the inspected item. However, this same sensitive information, which could include direct information on the form and function of the items under inspection, could be used for robust arms control inspections. The single-pixel X-ray imager (SPXI) is introduced as a method to make such inspections, capturing the salient spatial information of an object in a secure manner while never forming an actual image. The method is built on the theory of compressive sensing and the single pixelmore » optical camera. The performance of the system is quantified here using simulated inspections of simple objects. Measures of the robustness and security of the method are introduced and used to determine how such an inspection would be made which can maintain high robustness and security. In particular, it is found that an inspection with low noise (<1%) and high undersampling (>256×) exhibits high robustness and security.« less

Development of an Internet Security Policy for health care establishments.

PubMed

Ilioudis, C; Pangalos, G

2000-01-01

The Internet provides unprecedented opportunities for interaction and data sharing among health care providers, patients and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality and integrity of information. This paper defines the basic security requirements that must be addressed in order to use the Internet to safely transmit patient and/or other sensitive Health Care information. It describes a suitable Internet Security Policy for Health Care Establishments and provides the set of technical measures that are needed for its implementation. The proposed security policy and technical approaches have been based on an extensive study of the related recommendations from the security and standard groups both in EU amid USA and our related work and experience. The results have been utilized in the framework of the Intranet Health Clinic project, where the use of the Internet for the transmission of sensitive Health Care information is of vital importance.

Privacy, security and access with sensitive health information.

PubMed

Croll, Peter

2010-01-01

This chapter gives an educational overview of: * Confidentiality issues and the challenges faced; * The fundamental differences between privacy and security; * The different access control mechanisms; * The challenges of Internet security; * How 'safety and quality' relate to all the above.

Audit Report on "Protection of the Department of Energy's Unclassified Sensitive Electronic Information"

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

The Department of Energy and its contractors store and process massive quantities of sensitive information to accomplish national security, energy, science, and environmental missions. Sensitive unclassified data, such as personally identifiable information (PII), official use only, and unclassified controlled nuclear information require special handling and protection to prevent misuse of the information for inappropriate purposes. Industry experts have reported that more than 203 million personal privacy records have been lost or stolen over the past three years, including information maintained by corporations, educational institutions, and Federal agencies. The loss of personal and other sensitive information can result in substantial financialmore » harm, embarrassment, and inconvenience to individuals and organizations. Therefore, strong protective measures, including data encryption, help protect against the unauthorized disclosure of sensitive information. Prior reports involving the loss of sensitive information have highlighted weaknesses in the Department's ability to protect sensitive data. Our report on Security Over Personally Identifiable Information (DOE/IG-0771, July 2007) disclosed that the Department had not fully implemented all measures recommended by the Office of Management and Budget (OMB) and required by the National Institute of Standards and Technology (NIST) to protect PII, including failures to identify and encrypt PII maintained on information systems. Similarly, the Government Accountability Office recently reported that the Department had not yet installed encryption technology to protect sensitive data on the vast majority of laptop computers and handheld devices. Because of the potential for harm, we initiated this audit to determine whether the Department and its contractors adequately safeguarded sensitive electronic information. The Department had taken a number of steps to improve protection of PII. Our review, however, identified opportunities to strengthen the protection of all types of sensitive unclassified electronic information and reduce the risk that such data could fall into the hands of individuals with malicious intent. In particular, for the seven sites we reviewed: (1) Four sites had either not ensured that sensitive information maintained on mobile devices was encrypted. Or, they had improperly permitted sensitive unclassified information to be transmitted unencrypted through email or to offsite backup storage facilities; (2) One site had not ensured that laptops taken on foreign travel, including travel to sensitive countries, were protected against security threats; and, (3) Although required by the OMB since 2003, we learned that programs and sites were still working to complete Privacy Impact Assessments - analyses designed to examine the risks and ramifications of using information systems to collect, maintain, and disseminate personal information. Our testing revealed that the weaknesses identified were attributable, at least in part, to Headquarters programs and field sites that had not implemented existing policies and procedures requiring protection of sensitive electronic information. In addition, a lack of performance monitoring contributed to the inability of the Department and the National Nuclear Security Administration (NNSA) to ensure that measures were in place to fully protect sensitive information. As demonstrated by previous computer intrusion-related data losses throughout the Department, without improvements, the risk or vulnerability for future losses remains unacceptably high. In conducting this audit, we recognized that data encryption and related techniques do not provide absolute assurance that sensitive data is fully protected. For example, encryption will not necessarily protect data in circumstances where organizational access controls are weak or are circumvented through phishing or other malicious techniques. However, as noted by NIST, when used appropriately, encryption is an effective tool that can, as part of an overall risk-management strategy, enhance security over critical personal and other sensitive information. The audit disclosed that Sandia National Laboratories had instituted a comprehensive program to protect laptops taken on foreign travel. In addition, the Department issued policy after our field work was completed that should standardize the Privacy Impact Assessment process, and, in so doing, provide increased accountability. While these actions are positive steps, additional effort is needed to help ensure that the privacy of individuals is adequately protected and that sensitive operational data is not compromised. To that end, our report contains several recommendations to implement a risk-based protection scheme for the protection of sensitive electronic information.« less

Securely Measuring the Overlap between Private Datasets with Cryptosets

PubMed Central

Swamidass, S. Joshua; Matlock, Matthew; Rozenblit, Leon

2015-01-01

Many scientific questions are best approached by sharing data—collected by different groups or across large collaborative networks—into a combined analysis. Unfortunately, some of the most interesting and powerful datasets—like health records, genetic data, and drug discovery data—cannot be freely shared because they contain sensitive information. In many situations, knowing if private datasets overlap determines if it is worthwhile to navigate the institutional, ethical, and legal barriers that govern access to sensitive, private data. We report the first method of publicly measuring the overlap between private datasets that is secure under a malicious model without relying on private protocols or message passing. This method uses a publicly shareable summary of a dataset’s contents, its cryptoset, to estimate its overlap with other datasets. Cryptosets approach “information-theoretic” security, the strongest type of security possible in cryptography, which is not even crackable with infinite computing power. We empirically and theoretically assess both the accuracy of these estimates and the security of the approach, demonstrating that cryptosets are informative, with a stable accuracy, and secure. PMID:25714898

32 CFR 806b.35 - Balancing protection.

Code of Federal Regulations, 2014 CFR

2014-07-01

..., Computer Security, 5 for procedures on safeguarding personal information in automated records. 5 http://www... automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and...

32 CFR 806b.35 - Balancing protection.

Code of Federal Regulations, 2013 CFR

2013-07-01

..., Computer Security, 5 for procedures on safeguarding personal information in automated records. 5 http://www... automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and...

32 CFR 806b.35 - Balancing protection.

Code of Federal Regulations, 2012 CFR

2012-07-01

..., Computer Security, 5 for procedures on safeguarding personal information in automated records. 5 http://www... automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and...

32 CFR 806b.35 - Balancing protection.

Code of Federal Regulations, 2011 CFR

2011-07-01

..., Computer Security, 5 for procedures on safeguarding personal information in automated records. 5 http://www... automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and...

32 CFR 806b.35 - Balancing protection.

Code of Federal Regulations, 2010 CFR

2010-07-01

..., Computer Security, 5 for procedures on safeguarding personal information in automated records. 5 http://www... automated system with a log-on protocol. Others may require more sophisticated security protection based on the sensitivity of the information. Classified computer systems or those with established audit and...

75 FR 68849 - Privacy Act of 1974: System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-09

... processing of personal information is conducted within established FAA computer security regulations. A risk... SECURITY CLASSIFICATION: Sensitive, unclassified SYSTEM LOCATION: Federal Aviation Administration (FAA... Enforcement Centers of the Drug Abatement Division; Office of Security and Hazardous Materials; Flight...

Petri net modeling of encrypted information flow in federated cloud

NASA Astrophysics Data System (ADS)

Khushk, Abdul Rauf; Li, Xiaozhong

2017-08-01

Solutions proposed and developed for the cost-effective cloud systems suffer from a combination of secure private clouds and less secure public clouds. Need to locate applications within different clouds poses a security risk to the information flow of the entire system. This study addresses this by assigning security levels of a given lattice to the entities of a federated cloud system. A dynamic flow sensitive security model featuring Bell-LaPadula procedures is explored that tracks and authenticates the secure information flow in federated clouds. Additionally, a Petri net model is considered as a case study to represent the proposed system and further validate the performance of the said system.

DoD Information Security Program and Protection of Sensitive Compartmented Information (SCI)

DTIC Science & Technology

2016-04-21

collateral, special access program, SCI, and controlled unclassified information ( CUI ) within an overarching DoD Information Security Program...classified, safeguarded, and declassified in accordance with References (c), (d), and DoD Manual 5200.01 (Reference (i)). CUI will be identified...Information will not be classified, continue to be maintained as classified, or fail to be declassified, or be designated CUI under any circumstances in

49 CFR 15.19 - Destruction of SSI.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Transportation Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.19... reconstruction of the information when the covered person no longer needs the SSI to carry out transportation security measures. (2) Exception. Paragraph (b)(1) of this section does not require a State or local...

49 CFR 15.19 - Destruction of SSI.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Transportation Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.19... reconstruction of the information when the covered person no longer needs the SSI to carry out transportation security measures. (2) Exception. Paragraph (b)(1) of this section does not require a State or local...

Explore Awareness of Information Security: Insights from Cognitive Neuromechanism.

PubMed

Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

2015-01-01

With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment.

Explore Awareness of Information Security: Insights from Cognitive Neuromechanism

PubMed Central

Han, Dongmei; Han, Tianlin; Dai, Xingyun

2015-01-01

With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment. PMID:26587017

77 FR 65048 - Privacy Act; System of Records: Personal Property Claims, State-27

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-24

... cyber security awareness training which covers the procedures for handling Sensitive but Unclassified... Property Claims. SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: Department of State, SA-3, Suite... which can include information such as names, birthdates, social security numbers (SSNs), employee IDs...

49 CFR 15.11 - Persons with a need to know.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Transportation Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.11... circumstances: (1) When the person requires access to specific SSI to carry out transportation security... training to carry out transportation security activities approved, accepted, funded, recommended, or...

49 CFR 15.11 - Persons with a need to know.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Transportation Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.11... circumstances: (1) When the person requires access to specific SSI to carry out transportation security... training to carry out transportation security activities approved, accepted, funded, recommended, or...

33 CFR 52.43 - Requests for further information; submissions of classified, privileged, and sensitive information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Requests for further information; submissions of classified, privileged, and sensitive information. 52.43 Section 52.43 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY PERSONNEL BOARD FOR CORRECTION OF MILITARY RECORDS OF THE COAST GUARD Submissions by...

Characterizing, Classifying, and Understanding Information Security Laws and Regulations: Considerations for Policymakers and Organizations Protecting Sensitive Information Assets

ERIC Educational Resources Information Center

Thaw, David Bernard

2011-01-01

Current scholarly understanding of information security regulation in the United States is limited. Several competing mechanisms exist, many of which are untested in the courts and before state regulators, and new mechanisms are being proposed on a regular basis. Perhaps of even greater concern, the pace at which technology and threats change far…

36 CFR 1008.6 - Assuring integrity of records.

Code of Federal Regulations, 2012 CFR

2012-07-01

... shall be maintained in a secure manner commensurate with the sensitivity of the information contained in the system of records. The Privacy Act Officer will periodically review these security measures to...

36 CFR 1008.6 - Assuring integrity of records.

Code of Federal Regulations, 2011 CFR

2011-07-01

... shall be maintained in a secure manner commensurate with the sensitivity of the information contained in the system of records. The Privacy Act Officer will periodically review these security measures to...

36 CFR 1008.6 - Assuring integrity of records.

Code of Federal Regulations, 2014 CFR

2014-07-01

... shall be maintained in a secure manner commensurate with the sensitivity of the information contained in the system of records. The Privacy Act Officer will periodically review these security measures to...

49 CFR 15.7 - Covered persons.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.7 Covered... owners, charterers, and operators, required to have a security plan under Federal or International law. (d) Each owner or operator of a maritime facility required to have a security plan under the Maritime...

49 CFR 15.7 - Covered persons.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.7 Covered... owners, charterers, and operators, required to have a security plan under Federal or International law. (d) Each owner or operator of a maritime facility required to have a security plan under the Maritime...

49 CFR 15.7 - Covered persons.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.7 Covered... owners, charterers, and operators, required to have a security plan under Federal or International law. (d) Each owner or operator of a maritime facility required to have a security plan under the Maritime...

49 CFR 15.7 - Covered persons.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.7 Covered... owners, charterers, and operators, required to have a security plan under Federal or International law. (d) Each owner or operator of a maritime facility required to have a security plan under the Maritime...

49 CFR 15.7 - Covered persons.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.7 Covered... owners, charterers, and operators, required to have a security plan under Federal or International law. (d) Each owner or operator of a maritime facility required to have a security plan under the Maritime...

48 CFR 252.204-7005 - Oral attestation of security responsibilities.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Sensitive Compartmented Information (SCI) shall attest orally that they will conform to the conditions and... employees currently cleared for access to TS, SAP, or SCI may attest orally to their security...

48 CFR 252.204-7005 - Oral attestation of security responsibilities.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Sensitive Compartmented Information (SCI) shall attest orally that they will conform to the conditions and... employees currently cleared for access to TS, SAP, or SCI may attest orally to their security...

36 CFR § 1008.6 - Assuring integrity of records.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Privacy Act shall be maintained in a secure manner commensurate with the sensitivity of the information contained in the system of records. The Privacy Act Officer will periodically review these security measures...

Agents Based e-Commerce and Securing Exchanged Information

NASA Astrophysics Data System (ADS)

Al-Jaljouli, Raja; Abawajy, Jemal

Mobile agents have been implemented in e-Commerce to search and filter information of interest from electronic markets. When the information is very sensitive and critical, it is important to develop a novel security protocol that can efficiently protect the information from malicious tampering as well as unauthorized disclosure or at least detect any malicious act of intruders. In this chapter, we describe robust security techniques that ensure a sound security of information gathered throughout agent’s itinerary against various security attacks, as well as truncation attacks. A sound security protocol is described, which implements the various security techniques that would jointly prevent or at least detect any malicious act of intruders. We reason about the soundness of the protocol usingSymbolic Trace Analyzer (STA), a formal verification tool that is based on symbolic techniques. We analyze the protocol in key configurations and show that it is free of flaws. We also show that the protocol fulfils the various security requirements of exchanged information in MAS, including data-integrity, data-confidentiality, data-authenticity, origin confidentiality and data non-repudiability.

75 FR 8092 - Privacy Act of 1974; Department of Homeland Security/ALL-027 The History of the Department of...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-23

... Homeland Security System of Records and will consist of information that is created and used by the... classified, sensitive, and unclassified information; system location to reflect the move of the History... interested individuals for research in writing dissertations, articles, books, and other documents for...

Controlled information destruction: the final frontier in preserving information security for every organisation

NASA Astrophysics Data System (ADS)

Curiac, Daniel-Ioan; Pachia, Mihai

2015-05-01

Information security represents the cornerstone of every data processing system that resides in an organisation's trusted network, implementing all necessary protocols, mechanisms and policies to be one step ahead of possible threats. Starting from the need to strengthen the set of security services, in this article we introduce a new and innovative process named controlled information destruction (CID) that is meant to secure sensitive data that are no longer needed for the organisation's future purposes but would be very damaging if revealed. The disposal of this type of data has to be controlled carefully in order to delete not only the information itself but also all its splinters spread throughout the network, thus denying any possibility of recovering the information after its alleged destruction. This process leads to a modified model of information assurance and also reconfigures the architecture of any information security management system. The scheme we envisioned relies on a reshaped information lifecycle, which reveals the impact of the CID procedure directly upon the information states.

The Operational Manager - Enemy or Hero of Secure Business Practice?

NASA Astrophysics Data System (ADS)

Goucher, Wendy

This paper will investigate the role of the non-IT manager in information security. He can, for example, be the reason why sensitive work is carried out on the move and security focused spending is given a low priority in the budget. Alternatively, he can also be the driving force behind empowering the team to have a dynamic attitude to protecting data both at work and at home. Now is the time for managers to stop pushing information security issues away from their desk and into the in-tray of the IT department.

Security and privacy issues of personal health.

PubMed

Blobel, Bernd; Pharow, Peter

2007-01-01

While health systems in developed countries and increasingly also in developing countries are moving from organisation-centred to person-centred health service delivery, the supporting communication and information technology is faced with new risks regarding security and privacy of stakeholders involved. The comprehensively distributed environment puts special burden on guaranteeing communication security services, but even more on guaranteeing application security services dealing with privilege management, access control and audit regarding social implication and connected sensitivity of personal information recorded, processed, communicated and stored in an even internationally distributed environment.

Sensitive Security Information (SSI) and Transportation Security: Background and Controversies

DTIC Science & Technology

2004-02-05

with airport security procedures, employee accountability, passenger screening, and airport secrecy agreements. In January 2003, the Dallas/Fort... Airport Security Flaws Bring Criticism,” Los Angeles Times, July 2, 2002, p. A8. 16 Charles Piller and Ricardo Alonso-Zaldivar, “A Suspect Computer...Secrecy in Airport Security Contract Criticized,” Des Moines Register, Sept. 27, 2003, p. 1A; James Andrews, “Here in Tristate, Security’s Tighter

Airport detectors and orthopaedic implants.

PubMed

van der Wal, Bart C H; Grimm, Bernd; Heyligers, Ide C

2005-08-01

As a result of the rising threats of terrorism, airport security has become a major issue. Patients with orthopaedic implants are concerned that they may activate alarms at airport security gates. A literature overview showed that the activation rate of the alarm by hand-held detectors is higher than for arch detectors (100% versus 56%). Arch detection rate has significantly increased from 0% before 1995 up to 83.3% after 1994. Reported factors which influence detection rates are implant mass, implant combinations, implant volume, transfer speed, side of implant, detector model, sensitivity settings, material and tissue masking. Detection rate has been improved by more sensitive devices and improved filter software. Doctors should be able to objectively inform patients. A form is presented which will easily inform the airport security staff.

Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android

PubMed Central

Dehling, Tobias; Gao, Fangjian; Schneider, Stephan

2015-01-01

Background Mobile health (mHealth) apps aim at providing seamless access to tailored health information technology and have the potential to alleviate global health burdens. Yet, they bear risks to information security and privacy because users need to reveal private, sensitive medical information to redeem certain benefits. Due to the plethora and diversity of available mHealth apps, implications for information security and privacy are unclear and complex. Objective The objective of this study was to establish an overview of mHealth apps offered on iOS and Android with a special focus on potential damage to users through information security and privacy infringements. Methods We assessed apps available in English and offered in the categories “Medical” and “Health & Fitness” in the iOS and Android App Stores. Based on the information retrievable from the app stores, we established an overview of available mHealth apps, tagged apps to make offered information machine-readable, and clustered the discovered apps to identify and group similar apps. Subsequently, information security and privacy implications were assessed based on health specificity of information available to apps, potential damage through information leaks, potential damage through information manipulation, potential damage through information loss, and potential value of information to third parties. Results We discovered 24,405 health-related apps (iOS; 21,953; Android; 2452). Absence or scarceness of ratings for 81.36% (17,860/21,953) of iOS and 76.14% (1867/2452) of Android apps indicates that less than a quarter of mHealth apps are in more or less widespread use. Clustering resulted in 245 distinct clusters, which were consolidated into 12 app archetypes grouping clusters with similar assessments of potential damage through information security and privacy infringements. There were 6426 apps that were excluded during clustering. The majority of apps (95.63%, 17,193/17,979; of apps) pose at least some potential damage through information security and privacy infringements. There were 11.67% (2098/17,979) of apps that scored the highest assessments of potential damages. Conclusions Various kinds of mHealth apps collect and offer critical, sensitive, private medical information, calling for a special focus on information security and privacy of mHealth apps. In order to foster user acceptance and trust, appropriate security measures and processes need to be devised and employed so that users can benefit from seamlessly accessible, tailored mHealth apps without exposing themselves to the serious repercussions of information security and privacy infringements. PMID:25599627

Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android.

PubMed

Dehling, Tobias; Gao, Fangjian; Schneider, Stephan; Sunyaev, Ali

2015-01-19

Mobile health (mHealth) apps aim at providing seamless access to tailored health information technology and have the potential to alleviate global health burdens. Yet, they bear risks to information security and privacy because users need to reveal private, sensitive medical information to redeem certain benefits. Due to the plethora and diversity of available mHealth apps, implications for information security and privacy are unclear and complex. The objective of this study was to establish an overview of mHealth apps offered on iOS and Android with a special focus on potential damage to users through information security and privacy infringements. We assessed apps available in English and offered in the categories "Medical" and "Health & Fitness" in the iOS and Android App Stores. Based on the information retrievable from the app stores, we established an overview of available mHealth apps, tagged apps to make offered information machine-readable, and clustered the discovered apps to identify and group similar apps. Subsequently, information security and privacy implications were assessed based on health specificity of information available to apps, potential damage through information leaks, potential damage through information manipulation, potential damage through information loss, and potential value of information to third parties. We discovered 24,405 health-related apps (iOS; 21,953; Android; 2452). Absence or scarceness of ratings for 81.36% (17,860/21,953) of iOS and 76.14% (1867/2452) of Android apps indicates that less than a quarter of mHealth apps are in more or less widespread use. Clustering resulted in 245 distinct clusters, which were consolidated into 12 app archetypes grouping clusters with similar assessments of potential damage through information security and privacy infringements. There were 6426 apps that were excluded during clustering. The majority of apps (95.63%, 17,193/17,979; of apps) pose at least some potential damage through information security and privacy infringements. There were 11.67% (2098/17,979) of apps that scored the highest assessments of potential damages. Various kinds of mHealth apps collect and offer critical, sensitive, private medical information, calling for a special focus on information security and privacy of mHealth apps. In order to foster user acceptance and trust, appropriate security measures and processes need to be devised and employed so that users can benefit from seamlessly accessible, tailored mHealth apps without exposing themselves to the serious repercussions of information security and privacy infringements.

An updated look at document security: from initiation to storage or shredder.

PubMed

McConnell, Charles R

2014-01-01

In these days of close attention to security of information handled electronically, there is often a tendency to overlook the security of hard-copy documents. Document security can involve many areas of business, but the health care department manager's concerns are primarily for patient records and employee documentation. Document security is closely related to growing concerns for individual privacy; guidelines are furnished for protecting employee privacy by separating retention practices for business information from personal information. Sensitive documentation requires rules and procedures for processing, retaining, accessing, storing, and eventually destroying. Also, documents that are missing or incomplete at times present unique problems for the organization. The department manager is provided with some simple rules for safeguarding employee and patient documentation.

Measuring the Level of Security in the K-12 IT Environment in Southern California

ERIC Educational Resources Information Center

Brown, Brandon R.

2016-01-01

Kindergartens through twelfth grade institutions (K-12) are susceptible to unauthorized breaches to the security of their networked systems. These systems house sensitive information for students and staff alike. K-12 organizations face a significant risk for loss of this information that can damage reputation and pose liability. Perpetrators have…

32 CFR 149.3 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-07-01

... access to classified national security information, restricted data, and/or sensitive but unclassified... ON TECHNICAL SURVEILLANCE COUNTERMEASURES § 149.3 Definitions. Classified National Security... is marked to indicate its classified status when in documentary form. Restricted Data (RD). All data...

A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems.

PubMed

Xu, Xin; Zhu, Ping; Wen, Qiaoyan; Jin, Zhengping; Zhang, Hua; He, Lian

2014-01-01

In the field of the Telecare Medicine Information System, recent researches have focused on consummating more convenient and secure healthcare delivery services for patients. In order to protect the sensitive information, various attempts such as access control have been proposed to safeguard patients' privacy in this system. However, these schemes suffered from some certain security defects and had costly consumption, which were not suitable for the telecare medicine information system. In this paper, based on the elliptic curve cryptography, we propose a secure and efficient two-factor mutual authentication and key agreement scheme to reduce the computational cost. Such a scheme enables to provide the patient anonymity by employing the dynamic identity. Compared with other related protocols, the security analysis and performance evaluation show that our scheme overcomes some well-known attacks and has a better performance in the telecare medicine information system.

Database Security: What Students Need to Know

ERIC Educational Resources Information Center

Murray, Meg Coffin

2010-01-01

Database security is a growing concern evidenced by an increase in the number of reported incidents of loss of or unauthorized exposure to sensitive data. As the amount of data collected, retained and shared electronically expands, so does the need to understand database security. The Defense Information Systems Agency of the US Department of…

Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

PubMed Central

Fernández, Gonzalo; López-Coronado, Miguel

2013-01-01

Background The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. Objective To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. Methods To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Results Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Conclusions Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed. PMID:23965254

Analysis of the security and privacy requirements of cloud-based electronic health records systems.

PubMed

Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

2013-08-21

The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed.

A Rich Client-Server Based Framework for Convenient Security and Management of Mobile Applications

NASA Astrophysics Data System (ADS)

Badan, Stephen; Probst, Julien; Jaton, Markus; Vionnet, Damien; Wagen, Jean-Frédéric; Litzistorf, Gérald

Contact lists, Emails, SMS or custom applications on a professional smartphone could hold very confidential or sensitive information. What could happen in case of theft or accidental loss of such devices? Such events could be detected by the separation between the smartphone and a Bluetooth companion device. This event should typically block the applications and delete personal and sensitive data. Here, a solution is proposed based on a secured framework application running on the mobile phone as a rich client connected to a security server. The framework offers strong and customizable authentication and secured connectivity. A security server manages all security issues. User applications are then loaded via the framework. User data can be secured, synchronized, pushed or pulled via the framework. This contribution proposes a convenient although secured environment based on a client-server architecture using external authentications. Several features of the proposed system are exposed and a practical demonstrator is described.

An Adaptive Multilevel Security Framework for the Data Stored in Cloud Environment

PubMed Central

Dorairaj, Sudha Devi; Kaliannan, Thilagavathy

2015-01-01

Cloud computing is renowned for delivering information technology services based on internet. Nowadays, organizations are interested in moving their massive data and computations into cloud to reap their significant benefits of on demand service, resource pooling, and rapid elasticity that helps to satisfy the dynamically changing infrastructure demand without the burden of owning, managing, and maintaining it. Since the data needs to be secured throughout its life cycle, security of the data in cloud is a major challenge to be concentrated on because the data is in third party's premises. Any uniform simple or high level security method for all the data either compromises the sensitive data or proves to be too costly with increased overhead. Any common multiple method for all data becomes vulnerable when the common security pattern is identified at the event of successful attack on any information and also encourages more attacks on all other data. This paper suggests an adaptive multilevel security framework based on cryptography techniques that provide adequate security for the classified data stored in cloud. The proposed security system acclimates well for cloud environment and is also customizable and more reliant to meet the required level of security of data with different sensitivity that changes with business needs and commercial conditions. PMID:26258165

An Adaptive Multilevel Security Framework for the Data Stored in Cloud Environment.

PubMed

Dorairaj, Sudha Devi; Kaliannan, Thilagavathy

2015-01-01

Cloud computing is renowned for delivering information technology services based on internet. Nowadays, organizations are interested in moving their massive data and computations into cloud to reap their significant benefits of on demand service, resource pooling, and rapid elasticity that helps to satisfy the dynamically changing infrastructure demand without the burden of owning, managing, and maintaining it. Since the data needs to be secured throughout its life cycle, security of the data in cloud is a major challenge to be concentrated on because the data is in third party's premises. Any uniform simple or high level security method for all the data either compromises the sensitive data or proves to be too costly with increased overhead. Any common multiple method for all data becomes vulnerable when the common security pattern is identified at the event of successful attack on any information and also encourages more attacks on all other data. This paper suggests an adaptive multilevel security framework based on cryptography techniques that provide adequate security for the classified data stored in cloud. The proposed security system acclimates well for cloud environment and is also customizable and more reliant to meet the required level of security of data with different sensitivity that changes with business needs and commercial conditions.

77 FR 7567 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-13

... authoritative source for clearance information resulting in accesses determinations to sensitive/classified... Personnel Security System and is the authoritative source for clearance information resulting in accesses...

Critical Infrastructure Protection- Los Alamos National Laboratory

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bofman, Ryan K.

Los Alamos National Laboratory (LANL) has been a key facet of Critical National Infrastructure since the nuclear bombing of Hiroshima exposed the nature of the Laboratory’s work in 1945. Common knowledge of the nature of sensitive information contained here presents a necessity to protect this critical infrastructure as a matter of national security. This protection occurs in multiple forms beginning with physical security, followed by cybersecurity, safeguarding of classified information, and concluded by the missions of the National Nuclear Security Administration.

Information barrier technology applied to less restrictive environments

DOE Office of Scientific and Technical Information (OSTI.GOV)

MacArthur, D. W.; Langner, D. C.; Hypes, P. A.

2004-01-01

The information barrier is an important part of any system that allows inspector verification of declared classified materials. In this context, the information barrier must protect classified information while allowing the inspectors to reach correct and independent conclusions concerning the veracity of the declaration. Although other applications may not involve national security, information barrier techniques can still be used to protect information considered sensitive by individuals, commercial entities, or national organizations. Other potential areas of application include homeland security and airport screening, personal information disclosed by modern scanning techniques, nuclear information not considered classified but still sensitive, and industrial secretmore » information that could be compromised during 3rd party acceptance testing. Modern personnel screening devices are limited more by their potential for release of personal information than by technology. Screening systems that could be used in airports and other sensitive areas are often not utilized because the same system that can show the details of weapons carried on a person's body can also reveal potentially embarrassing and sensitive details of the body itself. Much other nuclear information, as well as industrially secret information, while not actually classified, is not appropriate for widespread dissemination. In both cases an inspector may need to verify elements of the manufacturer's or owner's claims, but at the same time not disclose sensitive information to either the inspector or the general public. Thus, information barrier technology, although originally developed for protection of nuclear weapons information, is also directly usable in a number of counter-terrorism and nonproliferation applications. Although these applications may not (or may) require the same level of rigor as the original application to classified items, many of the same techniques can be used in protecting this non-classified, but still sensitive, information.« less

Securing the communication of medical information using local biometric authentication and commercial wireless links.

PubMed

Ivanov, Vladimir I; Yu, Paul L; Baras, John S

2010-09-01

Medical information is extremely sensitive in nature - a compromise, such as eavesdropping or tampering by a malicious third party, may result in identity theft, incorrect diagnosis and treatment, and even death. Therefore, it is important to secure the transfer of medical information from the patient to the recording system. We consider a portable, wireless device transferring medical information to a remote server. We decompose this problem into two sub-problems and propose security solutions to each of them: (1) to secure the link between the patient and the portable device, and (2) to secure the link between the portable device and the network. Thus we push the limits of the network security to the edge by authenticating the user using their biometric information; authenticating the device to the network at the physical layer; and strengthening the security of the wireless link with a key exchange mechanism. The proposed authentication methods can be used for recording the readings of medical data in a central database and for accessing medical records in various settings.

How secure is your information system? An investigation into actual healthcare worker password practices.

PubMed

Cazier, Joseph A; Medlin, B Dawn

2006-09-27

For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed.

How Secure Is Your Information System? An Investigation into Actual Healthcare Worker Password Practices

PubMed Central

Cazier, Joseph A; Medlin, B. Dawn

2006-01-01

For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed. PMID:18066366

Lock It Up! Computer Security.

ERIC Educational Resources Information Center

Wodarz, Nan

1997-01-01

The data contained on desktop computer systems and networks pose security issues for virtually every district. Sensitive information can be protected by educating users, altering the physical layout, using password protection, designating access levels, backing up data, reformatting floppy disks, using antivirus software, and installing encryption…

Disclosure Control of Natural Language Information to Enable Secure and Enjoyable Communication over the Internet

NASA Astrophysics Data System (ADS)

Kataoka, Haruno; Utsumi, Akira; Hirose, Yuki; Yoshiura, Hiroshi

Disclosure control of natural language information (DCNL), which we are trying to realize, is described. DCNL will be used for securing human communications over the internet, such as through blogs and social network services. Before sentences in the communications are disclosed, they are checked by DCNL and any phrases that could reveal sensitive information are transformed or omitted so that they are no longer revealing. DCNL checks not only phrases that directly represent sensitive information but also those that indirectly suggest it. Combinations of phrases are also checked. DCNL automatically learns the knowledge of sensitive phrases and the suggestive relations between phrases by using co-occurrence analysis and Web retrieval. The users' burden is therefore minimized, i.e., they do not need to define many disclosure control rules. DCNL complements the traditional access control in the fields where reliability needs to be balanced with enjoyment and objects classes for the access control cannot be predefined.

Protecting Sensitive Information in Directory Services Using Virtual Directories

NASA Astrophysics Data System (ADS)

Claycomb, William; Shin, Dongwan

Directory services are commonly used to store information related to individuals, and often act as a source for security services, such as authentication and access control, in collaborative applications within/across organizations. Hence, there is an urgent need to protect the sensitive information they contain. Existing solutions offer minimal protection against insider attacks, a growing threat to both government and industry data services. In this paper we present a solution for data protection that leverages virtual directories and data encryption to provide a user-centric approach to data protection, delegation, and collaboration. A security architecture is presented, along with the discussion of the benefits and vulnerabilities of our approach. We also discuss a proof-of-concept implementation and performance testing results.

Government Doublethink: Protection or Suppression in Information.

ERIC Educational Resources Information Center

Drake, Miriam A.

2003-01-01

Discusses regulations and actions related to government withholding, suppressing, and altering information since September 11, 2001. Topics include conflicting goals of an informed citizenry versus national security, science and technology progress versus protection of sensitive information, and public health versus ideology; political pressure;…

Efficient Authorization of Rich Presence Using Secure and Composed Web Services

NASA Astrophysics Data System (ADS)

Li, Li; Chou, Wu

This paper presents an extended Role-Based Access Control (RBAC) model for efficient authorization of rich presence using secure web services composed with an abstract presence data model. Following the information symmetry principle, the standard RBAC model is extended to support context sensitive social relations and cascaded authority. In conjunction with the extended RBAC model, we introduce an extensible presence architecture prototype using WS-Security and WS-Eventing to secure rich presence information exchanges based on PKI certificates. Applications and performance measurements of our presence system are presented to show that the proposed RBAC framework for presence and collaboration is well suited for real-time communication and collaboration.

Security aspects of space operations data

NASA Technical Reports Server (NTRS)

Schmitz, Stefan

1993-01-01

This paper deals with data security. It identifies security threats to European Space Agency's (ESA) In Orbit Infrastructure Ground Segment (IOI GS) and proposes a method of dealing with its complex data structures from the security point of view. It is part of the 'Analysis of Failure Modes, Effects Hazards and Risks of the IOI GS for Operations, including Backup Facilities and Functions' carried out on behalf of the European Space Operations Center (ESOC). The security part of this analysis has been prepared with the following aspects in mind: ESA's large decentralized ground facilities for operations, the multiple organizations/users involved in the operations and the developments of ground data systems, and the large heterogeneous network structure enabling access to (sensitive) data which does involve crossing organizational boundaries. An IOI GS data objects classification is introduced to determine the extent of the necessary protection mechanisms. The proposal of security countermeasures is oriented towards the European 'Information Technology Security Evaluation Criteria (ITSEC)' whose hierarchically organized requirements can be directly mapped to the security sensitivity classification.

An Information Policy for the Information Age.

ERIC Educational Resources Information Center

Blake, Virgil; Surprenant, Thomas

1988-01-01

Discusses recent federal information policies that pose a threat to access to information. A short-lived policy for protection of sensitive but unclassified information is criticized, and the Computer Security Act of 1987, currently under consideration in Congress, is described. Involvement by the library and information community in developing…

78 FR 70046 - Agency Information Collection Activities; Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-22

... Gans, Attorney, Division of Marketing Practices, Bureau of Consumer Protection, Federal Trade... that your comment does not include any sensitive personal information, such as anyone's Social Security...

78 FR 44930 - Agency Information Collection Activities: Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-25

.... Sensitive personal information, such as account numbers or social security numbers, should not be included... of receiving marketing materials and credit or insurance offers, that their credit report was used in...

49 CFR 1522.125 - Protection of information.

Code of Federal Regulations, 2010 CFR

2010-10-01

... VALIDATION FIRMS AND VALIDATORS TSA-Approved Validation Firms and Validators for the Certified Cargo Screening Program § 1522.125 Protection of information. (a) Sensitive Security Information. Each validation... 49 Transportation 9 2010-10-01 2010-10-01 false Protection of information. 1522.125 Section 1522...

32 CFR 154.6 - Standards for access to classified information or assignment to sensitive duties.

Code of Federal Regulations, 2010 CFR

2010-07-01

... OF THE SECRETARY OF DEFENSE SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION... person's loyalty, reliability, and trustworthiness are such that entrusting the person with classified... reasonable basis for doubting the person's loyalty to the Government of the United States. ...

An Exploration of Cyberspace Security R&D Investment Strategies for DARPA: "The Day After. . . in Cyberspace II",

DTIC Science & Technology

1996-01-01

Automated Teller Machine networks malfunction in Georgia 2000 May 20 CNN off air for 12 minutes; issues special report 2000 May 20 worm...password combinations, social security and credit card numbers, account information, health status, and innumerable other sensitive information...as follows: TW/AA Issues Recommended Technical Response Possible Implementation Obstacles 1. (re Tactical Warning) • Place automated software

Global Access-controlled Transfer e-frame (GATe)

DOE Office of Scientific and Technical Information (OSTI.GOV)

2012-05-30

Global Access-controlled Transfer e-frame (GATe) was designed to take advantage of the patterns that occur during an electronic record transfer process. The e-frame (or electronic framework or platform) is the foundation for developing secure information transfer to meet classified and unclassified business processes and is particularly useful when there is a need to share information with various entities in a controlled and secure environment. It can share, search, upload, download and retrieve sensitive information, as well as provides reporting capabilities.

TealLock 5.20 security software program for handheld devices.

PubMed

Tahil, Fatimah A

2004-07-01

The TealLock has a simple graphic interface, and the program is user-friendly with well thought out options to customize security settings. The program is inexpensive and works seamlessly with the Palm OS platform's built-in basic Security application. The developer offers a 30-day free trial version and there is no downside to trying it to see if it meets your needs. It seems to be an effective security software program for psychiatrists who keep confidential and sensitive patient information on their PDAs. In keeping with HIPAA regulations, the TealLock bolsters security for protected health information stored on PDAs or other handheld devices by providing safeguards that address authentication, access control, encryption, and selected aspects of transmission.

Homeland Security - Can It be Done?

DTIC Science & Technology

2003-04-07

and get past the shenanigans in Congress and implement homeland security strategies.ř The new DHS is scheduled to move 22 federal agencies and...uniform laws to license and regulate certain financial services, since terrorists exploit such services. The strategy also takes care with definitions...initiative from organizations interested in the security of sensitive information, such as financial services, healthcare, and government. 47Joseph R. Barnes

78 FR 50076 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Sensitive...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-16

... PRA Officer, Office of Information Technology (OIT), TSA-11, Transportation Security Administration... technological collection techniques or other forms of information technology. Information Collection Requirement... Paperwork Reduction Act Officer, Office of Information Technology. [FR Doc. 2013-19973 Filed 8-15-13; 8:45...

Exploring Information Security Awareness Training to Reduce Unauthorized Disclosure of Information in Public Schools

ERIC Educational Resources Information Center

Fleming, Antoine

2017-01-01

Advances in technological uses within public schools provide increased methods to collect and store non-public personal information (NPI) or personally identifiable information (PII) from both students and employees. Consequently, the sensitive information collected is susceptible to unauthorized disclosure, as various public school employees are…

Data Security Policy | High-Performance Computing | NREL

Science.gov Websites

to use its high-performance computing (HPC) systems. NREL HPC systems are operated as research systems and may only contain data related to scientific research. These systems are categorized as low per sensitive or non-sensitive. One example of sensitive data would be personally identifiable information (PII

SecureCore Security Architecture: Authority Mode and Emergency Management

DTIC Science & Technology

2007-10-16

can shield first responders from social vultures (e.g., “ambulance chasers”) or malicious parties who could intentionally interfere with emergency...hierarchical design Communications Management: network communication Process Management...and Emergency Management 1 I. Introduction During many crises, first- responder access to sensitive, restricted emergency information is

32 CFR Appendix C to Part 290 - For Official Use Only

Code of Federal Regulations, 2013 CFR

2013-07-01

... the top and bottom with the highest security classification of information appearing on the page. (iii... the additional expense balanced against the degree of sensitivity of the type of FOUO information...

48 CFR 1837.203-70 - Providing contractors access to sensitive information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION SPECIAL CATEGORIES OF CONTRACTING SERVICE CONTRACTING... contract, as a compliance document. (e) If the service provider will be operating an information technology... 1852.204-76, Security Requirements for Unclassified Information Technology Resources, which requires...

48 CFR 1837.203-70 - Providing contractors access to sensitive information.

Code of Federal Regulations, 2012 CFR

2012-10-01

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION SPECIAL CATEGORIES OF CONTRACTING SERVICE CONTRACTING... contract, as a compliance document. (e) If the service provider will be operating an information technology... 1852.204-76, Security Requirements for Unclassified Information Technology Resources, which requires...

48 CFR 1837.203-70 - Providing contractors access to sensitive information.

Code of Federal Regulations, 2013 CFR

2013-10-01

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION SPECIAL CATEGORIES OF CONTRACTING SERVICE CONTRACTING... contract, as a compliance document. (e) If the service provider will be operating an information technology... 1852.204-76, Security Requirements for Unclassified Information Technology Resources, which requires...

76 FR 79275 - Truth in Savings (Regulation DD)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-21

... disclosure. Sensitive personal information, such as account numbers or social security numbers, should not be... improved, and consumers' ability to make informed decisions regarding deposit accounts would be... regulations, while making information on the other regulations available. The Bureau expects to conduct...

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing

PubMed Central

Měsíček, Libor; Choi, Jongsun

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely. PMID:29796233

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing.

PubMed

Ko, Hoon; Měsíček, Libor; Choi, Jongsun; Hwang, Seogchan

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely.

75 FR 44974 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Sensitive...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-30

... TSA PRA Officer, Office of Information Technology (OIT), TSA-11, Transportation Security... technological collection techniques or other forms of information technology. Information Collection Requirement... history records check (CHRC), (2) a name-based check to determine whether the individual poses or is...

A Goal VPN Protection Profile for Protecting Sensitive Information

DTIC Science & Technology

2000-07-10

security for the systems in which they are used. Nothing could be further from the truth . There are no perfect security solutions, and no...establishment/termination, failures, and errors); • provide for directly connected (local hard -wire connection) and remote (over the network) interfaces... the TOERU is left unattended procedures such as media encryption or secure storage of the hard drive, will be used to insure the protection of stored

Comment on "Secure quantum private information retrieval using phase-encoded queries"

NASA Astrophysics Data System (ADS)

Shi, Run-hua; Mu, Yi; Zhong, Hong; Zhang, Shun

2016-12-01

In this Comment, we reexamine the security of phase-encoded quantum private query (QPQ). We find that the current phase-encoded QPQ protocols, including their applications, are vulnerable to a probabilistic entangle-and-measure attack performed by the owner of the database. Furthermore, we discuss how to overcome this security loophole and present an improved cheat-sensitive QPQ protocol without losing the good features of the original protocol.

Security bound of cheat sensitive quantum bit commitment.

PubMed

He, Guang Ping

2015-03-23

Cheat sensitive quantum bit commitment (CSQBC) loosens the security requirement of quantum bit commitment (QBC), so that the existing impossibility proofs of unconditionally secure QBC can be evaded. But here we analyze the common features in all existing CSQBC protocols, and show that in any CSQBC having these features, the receiver can always learn a non-trivial amount of information on the sender's committed bit before it is unveiled, while his cheating can pass the security check with a probability not less than 50%. The sender's cheating is also studied. The optimal CSQBC protocols that can minimize the sum of the cheating probabilities of both parties are found to be trivial, as they are practically useless. We also discuss the possibility of building a fair protocol in which both parties can cheat with equal probabilities.

32 CFR Appendix A to Part 295 - For Official Use Only (FOUO)

Code of Federal Regulations, 2013 CFR

2013-07-01

... bottom with the highest security classification of information appearing on the page. (3) Within a... degree of sensitivity of the type of FOUO information contained in the records. (2) Record copies of FOUO...

32 CFR Appendix A to Part 295 - For Official Use Only (FOUO)

Code of Federal Regulations, 2011 CFR

2011-07-01

... bottom with the highest security classification of information appearing on the page. (3) Within a... degree of sensitivity of the type of FOUO information contained in the records. (2) Record copies of FOUO...

A secure and robust information hiding technique for covert communication

NASA Astrophysics Data System (ADS)

Parah, S. A.; Sheikh, J. A.; Hafiz, A. M.; Bhat, G. M.

2015-08-01

The unprecedented advancement of multimedia and growth of the internet has made it possible to reproduce and distribute digital media easier and faster. This has given birth to information security issues, especially when the information pertains to national security, e-banking transactions, etc. The disguised form of encrypted data makes an adversary suspicious and increases the chance of attack. Information hiding overcomes this inherent problem of cryptographic systems and is emerging as an effective means of securing sensitive data being transmitted over insecure channels. In this paper, a secure and robust information hiding technique referred to as Intermediate Significant Bit Plane Embedding (ISBPE) is presented. The data to be embedded is scrambled and embedding is carried out using the concept of Pseudorandom Address Vector (PAV) and Complementary Address Vector (CAV) to enhance the security of the embedded data. The proposed ISBPE technique is fully immune to Least Significant Bit (LSB) removal/replacement attack. Experimental investigations reveal that the proposed technique is more robust to various image processing attacks like JPEG compression, Additive White Gaussian Noise (AWGN), low pass filtering, etc. compared to conventional LSB techniques. The various advantages offered by ISBPE technique make it a good candidate for covert communication.

Efficient proof of ownership for cloud storage systems

NASA Astrophysics Data System (ADS)

Zhong, Weiwei; Liu, Zhusong

2017-08-01

Cloud storage system through the deduplication technology to save disk space and bandwidth, but the use of this technology has appeared targeted security attacks: the attacker can deceive the server to obtain ownership of the file by get the hash value of original file. In order to solve the above security problems and the different security requirements of the files in the cloud storage system, an efficient and information-theoretical secure proof of ownership sceme is proposed to support the file rating. Through the K-means algorithm to implement file rating, and use random seed technology and pre-calculation method to achieve safe and efficient proof of ownership scheme. Finally, the scheme is information-theoretical secure, and achieve better performance in the most sensitive areas of client-side I/O and computation.

78 FR 75350 - Goldenshores Technologies, LLC and Erik M. Geidl; Analysis of Proposed Consent Order To Aid...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-11

... that your comment does not include any sensitive personal information, like anyone's Social Security... heightened security screening. As a result, we encourage you to submit your comments online. To make sure... Flashlight App'') to consumers for use on their Android mobile devices. The Brightest Flashlight App...

Logistic Map for Cancellable Biometrics

NASA Astrophysics Data System (ADS)

Supriya, V. G., Dr; Manjunatha, Ramachandra, Dr

2017-08-01

This paper presents design and implementation of secured biometric template protection system by transforming the biometric template using binary chaotic signals and 3 different key streams to obtain another form of template and demonstrating its efficiency by the results and investigating on its security through analysis including, key space analysis, information entropy and key sensitivity analysis.

Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

PubMed

Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

2000-05-01

The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.

Margin and sensitivity methods for security analysis of electric power systems

NASA Astrophysics Data System (ADS)

Greene, Scott L.

Reliable operation of large scale electric power networks requires that system voltages and currents stay within design limits. Operation beyond those limits can lead to equipment failures and blackouts. Security margins measure the amount by which system loads or power transfers can change before a security violation, such as an overloaded transmission line, is encountered. This thesis shows how to efficiently compute security margins defined by limiting events and instabilities, and the sensitivity of those margins with respect to assumptions, system parameters, operating policy, and transactions. Security margins to voltage collapse blackouts, oscillatory instability, generator limits, voltage constraints and line overloads are considered. The usefulness of computing the sensitivities of these margins with respect to interarea transfers, loading parameters, generator dispatch, transmission line parameters, and VAR support is established for networks as large as 1500 buses. The sensitivity formulas presented apply to a range of power system models. Conventional sensitivity formulas such as line distribution factors, outage distribution factors, participation factors and penalty factors are shown to be special cases of the general sensitivity formulas derived in this thesis. The sensitivity formulas readily accommodate sparse matrix techniques. Margin sensitivity methods are shown to work effectively for avoiding voltage collapse blackouts caused by either saddle node bifurcation of equilibria or immediate instability due to generator reactive power limits. Extremely fast contingency analysis for voltage collapse can be implemented with margin sensitivity based rankings. Interarea transfer can be limited by voltage limits, line limits, or voltage stability. The sensitivity formulas presented in this thesis apply to security margins defined by any limit criteria. A method to compute transfer margins by directly locating intermediate events reduces the total number of loadflow iterations required by each margin computation and provides sensitivity information at minimal additional cost. Estimates of the effect of simultaneous transfers on the transfer margins agree well with the exact computations for a network model derived from a portion of the U.S grid. The accuracy of the estimates over a useful range of conditions and the ease of obtaining the estimates suggest that the sensitivity computations will be of practical value.

CLARUS as a Cloud Security Framework: e-Health Use Case.

PubMed

Vidal, David; Iriso, Santiago; Mulero, Rafael

2017-01-01

Maintaining Passive Medical Health Records (PMHR) is an increasing cost and resource consumption problem. Moving to the cloud is the clearest solution to solve the problem as it offers a high amount of space and computation power. But the cloud is not safe enough when dealing with this kind of information because it can be easily accessed by attackers. The European Commission funded research project CLARUS contributes to protect healthcare-sensitive information in a secure way.

75 FR 78203 - Privacy Act of 1974: New System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-15

... Promotion Programs Information Retrieval (RPPIR) (New) SECURITY CLASSIFICATION: Unclassified, sensitive, for..., Agricultural Marketing Service. ACTION: Notice of a new system of records for information collected pursuant to... records to its inventory of records systems. The system of record will cover information collected under...

38 CFR 75.111 - Purpose and scope.

Code of Federal Regulations, 2011 CFR

2011-07-01

...) INFORMATION SECURITY MATTERS Data Breaches § 75.111 Purpose and scope. This subpart implements provisions of... Information Technology Act of 2006. It only concerns actions to address a data breach regarding sensitive personal information that is processed or maintained by VA. This subpart does not supersede the...

28 CFR 17.24 - Duration of classification.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 28 Judicial Administration 1 2010-07-01 2010-07-01 false Duration of classification. 17.24 Section... ACCESS TO CLASSIFIED INFORMATION Classified Information § 17.24 Duration of classification. (a) At the... based on the duration of the national security sensitivity of the information. If the original...

Bio-inspired secure data mules for medical sensor network

NASA Astrophysics Data System (ADS)

Muraleedharan, Rajani; Gao, Weihua; Osadciw, Lisa A.

2010-04-01

Medical sensor network consist of heterogeneous nodes, wireless, mobile and wired with varied functionality. The resources at each sensor require to be exploited minimally while sensitive information is sensed and communicated to its access points using secure data mules. In this paper, we analyze the flat architecture, where different functionality and priority information require varied resources forms a non-deterministic polynomial-time hard problem. Hence, a bio-inspired data mule that helps to obtain dynamic multi-objective solution with minimal resource and secure path is applied. The performance of the proposed approach is based on reduced latency, data delivery rate and resource cost.

Threshold Things That Think: Authorisation for Resharing

NASA Astrophysics Data System (ADS)

Peeters, Roel; Kohlweiss, Markulf; Preneel, Bart

As we are evolving towards ubiquitous computing, users carry an increasing number of mobile devices with sensitive information. The security of this information can be protected using threshold cryptography, in which secret computations are shared between multiple devices. Threshold cryptography can be made more robust by resharing protocols, which allow recovery from partial compromises. This paper introduces user-friendly and secure protocols for the authorisation of resharing protocols. We present both automatic and manual protocols, utilising a group manual authentication protocol to add a new device. We analyse the security of these protocols: our analysis considers permanent and temporary compromises, denial of service attacks and manual authentications errors of the user.

Associated diacritical watermarking approach to protect sensitive arabic digital texts

NASA Astrophysics Data System (ADS)

Kamaruddin, Nurul Shamimi; Kamsin, Amirrudin; Hakak, Saqib

2017-10-01

Among multimedia content, one of the most predominant medium is text content. There have been lots of efforts to protect and secure text information over the Internet. The limitations of existing works have been identified in terms of watermark capacity, time complexity and memory complexity. In this work, an invisible digital watermarking approach has been proposed to protect and secure the most sensitive text i.e. Digital Holy Quran. The proposed approach works by XOR-ing only those Quranic letters that has certain diacritics associated with it. Due to sensitive nature of Holy Quran, diacritics play vital role in the meaning of the particular verse. Hence, securing letters with certain diacritics will preserve the original meaning of Quranic verses in case of alternation attempt. Initial results have shown that the proposed approach is promising with less memory complexity and time complexity compared to existing approaches.

Breaching the security of the Kaiser Permanente Internet patient portal: the organizational foundations of information security.

PubMed

Collmann, Jeff; Cooper, Ted

2007-01-01

This case study describes and analyzes a breach of the confidentiality and integrity of personally identified health information (e.g. appointment details, answers to patients' questions, medical advice) for over 800 Kaiser Permanente (KP) members through KP Online, a web-enabled health care portal. The authors obtained and analyzed multiple types of qualitative data about this incident including interviews with KP staff, incident reports, root cause analyses, and media reports. Reasons at multiple levels account for the breach, including the architecture of the information system, the motivations of individual staff members, and differences among the subcultures of individual groups within as well as technical and social relations across the Kaiser IT program. None of these reasons could be classified, strictly speaking, as "security violations." This case study, thus, suggests that, to protect sensitive patient information, health care organizations should build safe organizational contexts for complex health information systems in addition to complying with good information security practice and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

75 FR 77783 - Designation of National Security Positions

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-14

... requiring eligibility for access to Top Secret or ``Q'' classified information; (ii) Positions involving... at the Top Secret or ``Q'' level; (xix) Positions working with significant life-critical/mission... Sensitive information, requiring involvement in Top Secret Special Access Programs (SAP), or positions which...

Notification: Audit of Security Categorization for EPA Systems That Handle Hazardous Material Information

EPA Pesticide Factsheets

Project #OA-FY18-0089, January 8, 2018. The OIG plans to begin preliminary research to determine whether the EPA classified the sensitivity of data for systems that handle hazardous waste material information as prescribed by NIST.

32 CFR 154.65 - General.

Code of Federal Regulations, 2014 CFR

2014-07-01

... of the sensitivity of personnel security reports and records, particularly with regard to individual... highest degree of discretion. Access to such information shall be afforded only for the purpose cited...

32 CFR 154.65 - General.

Code of Federal Regulations, 2010 CFR

2010-07-01

... of the sensitivity of personnel security reports and records, particularly with regard to individual... highest degree of discretion. Access to such information shall be afforded only for the purpose cited...

32 CFR 154.65 - General.

Code of Federal Regulations, 2011 CFR

2011-07-01

... of the sensitivity of personnel security reports and records, particularly with regard to individual... highest degree of discretion. Access to such information shall be afforded only for the purpose cited...

32 CFR 154.65 - General.

Code of Federal Regulations, 2013 CFR

2013-07-01

... of the sensitivity of personnel security reports and records, particularly with regard to individual... highest degree of discretion. Access to such information shall be afforded only for the purpose cited...

Clinical records anonymisation and text extraction (CRATE): an open-source software system.

PubMed

Cardinal, Rudolf N

2017-04-26

Electronic medical records contain information of value for research, but contain identifiable and often highly sensitive confidential information. Patient-identifiable information cannot in general be shared outside clinical care teams without explicit consent, but anonymisation/de-identification allows research uses of clinical data without explicit consent. This article presents CRATE (Clinical Records Anonymisation and Text Extraction), an open-source software system with separable functions: (1) it anonymises or de-identifies arbitrary relational databases, with sensitivity and precision similar to previous comparable systems; (2) it uses public secure cryptographic methods to map patient identifiers to research identifiers (pseudonyms); (3) it connects relational databases to external tools for natural language processing; (4) it provides a web front end for research and administrative functions; and (5) it supports a specific model through which patients may consent to be contacted about research. Creation and management of a research database from sensitive clinical records with secure pseudonym generation, full-text indexing, and a consent-to-contact process is possible and practical using entirely free and open-source software.

77 FR 39222 - Consumer Use of Reverse Mortgages

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-02

... influence reverse mortgage consumers' decision-making, consumers' use of reverse mortgage loan proceeds.... Sensitive personal information such as account numbers or Social Security numbers should not be included... personal information that could be used to identify an individual consumer or account, nor should they...

48 CFR 352.239-71 - Standard for encryption language.

Code of Federal Regulations, 2011 CFR

2011-10-01

... language. 352.239-71 Section 352.239-71 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES... Information Processing Standard (FIPS) 140-2-compliant encryption (Security Requirements for Cryptographic Module, as amended) to protect all instances of HHS sensitive information during storage and transmission...

Security in perspective; luxury or must?

PubMed

Bakker, A

1998-03-01

In this paper, security in health information systems is put into perspective. The further penetration of information technology into health care is discussed and it is concluded that information systems have already become a vital component, not only for the logistics of the health care institution but also for the rendering of care and cure. Health care depends heavily on adequate data, so availability and integrity are equally important. In view of the sensitive nature of many patient data, the importance of confidentiality was recognised long before computers were invented. For widespread use of IT in health care it is of vital importance that computers can be trusted in respect of confidentiality. This paper emphasises the need to pay attention to security and suggests a responsible approach with implementation of both technical and organisational measures.

A Standard Mutual Authentication Protocol for Cloud Computing Based Health Care System.

PubMed

Mohit, Prerna; Amin, Ruhul; Karati, Arijit; Biswas, G P; Khan, Muhammad Khurram

2017-04-01

Telecare Medical Information System (TMIS) supports a standard platform to the patient for getting necessary medical treatment from the doctor(s) via Internet communication. Security protection is important for medical records (data) of the patients because of very sensitive information. Besides, patient anonymity is another most important property, which must be protected. Most recently, Chiou et al. suggested an authentication protocol for TMIS by utilizing the concept of cloud environment. They claimed that their protocol is patient anonymous and well security protected. We reviewed their protocol and found that it is completely insecure against patient anonymity. Further, the same protocol is not protected against mobile device stolen attack. In order to improve security level and complexity, we design a light weight authentication protocol for the same environment. Our security analysis ensures resilience of all possible security attacks. The performance of our protocol is relatively standard in comparison with the related previous research.

Relativistic quantum private database queries

NASA Astrophysics Data System (ADS)

Sun, Si-Jia; Yang, Yu-Guang; Zhang, Ming-Ou

2015-04-01

Recently, Jakobi et al. (Phys Rev A 83, 022301, 2011) suggested the first practical private database query protocol (J-protocol) based on the Scarani et al. (Phys Rev Lett 92, 057901, 2004) quantum key distribution protocol. Unfortunately, the J-protocol is just a cheat-sensitive private database query protocol. In this paper, we present an idealized relativistic quantum private database query protocol based on Minkowski causality and the properties of quantum information. Also, we prove that the protocol is secure in terms of the user security and the database security.

Image encryption based on a delayed fractional-order chaotic logistic system

NASA Astrophysics Data System (ADS)

Wang, Zhen; Huang, Xia; Li, Ning; Song, Xiao-Na

2012-05-01

A new image encryption scheme is proposed based on a delayed fractional-order chaotic logistic system. In the process of generating a key stream, the time-varying delay and fractional derivative are embedded in the proposed scheme to improve the security. Such a scheme is described in detail with security analyses including correlation analysis, information entropy analysis, run statistic analysis, mean-variance gray value analysis, and key sensitivity analysis. Experimental results show that the newly proposed image encryption scheme possesses high security.

How strong are passwords used to protect personal health information in clinical trials?

PubMed

El Emam, Khaled; Moreau, Katherine; Jonker, Elizabeth

2011-02-11

Findings and statements about how securely personal health information is managed in clinical research are mixed. The objective of our study was to evaluate the security of practices used to transfer and share sensitive files in clinical trials. Two studies were performed. First, 15 password-protected files that were transmitted by email during regulated Canadian clinical trials were obtained. Commercial password recovery tools were used on these files to try to crack their passwords. Second, interviews with 20 study coordinators were conducted to understand file-sharing practices in clinical trials for files containing personal health information. We were able to crack the passwords for 93% of the files (14/15). Among these, 13 files contained thousands of records with sensitive health information on trial participants. The passwords tended to be relatively weak, using common names of locations, animals, car brands, and obvious numeric sequences. Patient information is commonly shared by email in the context of query resolution. Files containing personal health information are shared by email and, by posting them on shared drives with common passwords, to facilitate collaboration. If files containing sensitive patient information must be transferred by email, mechanisms to encrypt them and to ensure that password strength is high are necessary. More sophisticated collaboration tools are required to allow file sharing without password sharing. We provide recommendations to implement these practices.

How Strong are Passwords Used to Protect Personal Health Information in Clinical Trials?

PubMed Central

Moreau, Katherine; Jonker, Elizabeth

2011-01-01

Background Findings and statements about how securely personal health information is managed in clinical research are mixed. Objective The objective of our study was to evaluate the security of practices used to transfer and share sensitive files in clinical trials. Methods Two studies were performed. First, 15 password-protected files that were transmitted by email during regulated Canadian clinical trials were obtained. Commercial password recovery tools were used on these files to try to crack their passwords. Second, interviews with 20 study coordinators were conducted to understand file-sharing practices in clinical trials for files containing personal health information. Results We were able to crack the passwords for 93% of the files (14/15). Among these, 13 files contained thousands of records with sensitive health information on trial participants. The passwords tended to be relatively weak, using common names of locations, animals, car brands, and obvious numeric sequences. Patient information is commonly shared by email in the context of query resolution. Files containing personal health information are shared by email and, by posting them on shared drives with common passwords, to facilitate collaboration. Conclusion If files containing sensitive patient information must be transferred by email, mechanisms to encrypt them and to ensure that password strength is high are necessary. More sophisticated collaboration tools are required to allow file sharing without password sharing. We provide recommendations to implement these practices. PMID:21317106

Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers

PubMed Central

Agaku, Israel T; Adisa, Akinyele O; Ayo-Yusuf, Olalekan A; Connolly, Gregory N

2014-01-01

Introduction This study assessed the perceptions and behaviors of US adults about the security of their protected health information (PHI). Methods The first cycle of the fourth wave of the Health Information National Trends Survey was analyzed to assess respondents’ concerns about PHI breaches. Multivariate logistic regression was used to assess the effect of such concerns on disclosure of sensitive medical information to a healthcare professional (p<0.05). Results Most respondents expressed concerns about data breach when their PHI was being transferred between healthcare professionals by fax (67.0%; 95% CI 64.2% to 69.8%) or electronically (64.5%; 95% CI 61.7% to 67.3%). About 12.3% (95% CI 10.8% to 13.8%) of respondents had ever withheld information from a healthcare provider because of security concerns. The likelihood of information withholding was higher among respondents who perceived they had very little say about how their medical records were used (adjusted OR=1.42; 95% CI 1.03 to 1.96). Conclusions This study underscores the need for enhanced measures to secure patients’ PHI to avoid undermining their trust. PMID:23975624

Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers.

PubMed

Agaku, Israel T; Adisa, Akinyele O; Ayo-Yusuf, Olalekan A; Connolly, Gregory N

2014-01-01

This study assessed the perceptions and behaviors of US adults about the security of their protected health information (PHI). The first cycle of the fourth wave of the Health Information National Trends Survey was analyzed to assess respondents' concerns about PHI breaches. Multivariate logistic regression was used to assess the effect of such concerns on disclosure of sensitive medical information to a healthcare professional (p<0.05). Most respondents expressed concerns about data breach when their PHI was being transferred between healthcare professionals by fax (67.0%; 95% CI 64.2% to 69.8%) or electronically (64.5%; 95% CI 61.7% to 67.3%). About 12.3% (95% CI 10.8% to 13.8%) of respondents had ever withheld information from a healthcare provider because of security concerns. The likelihood of information withholding was higher among respondents who perceived they had very little say about how their medical records were used (adjusted OR=1.42; 95% CI 1.03 to 1.96). This study underscores the need for enhanced measures to secure patients' PHI to avoid undermining their trust.

75 FR 71704 - Agency Information Collection Activities; Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-24

... for decisions, and follow-up), recordkeeping, and annual audits. The Rule requires that IDSMs... not include any sensitive personal information, such as any individual's Social Security number, date..., staff has adjusted its previous estimates based on the following two factors. First, the annual audits...

Rfinity

ScienceCinema

Aaron R. Turner

2017-12-09

An innovation that offers a low-cost, plug-n-play option that enables virtually any wireless telecommunications device to safely store sensitive personal information and perform secure transactions. INL researchers include Steven McCown, Aaron Turner, Kur

Rfinity

DOE Office of Scientific and Technical Information (OSTI.GOV)

Aaron R. Turner

An innovation that offers a low-cost, plug-n-play option that enables virtually any wireless telecommunications device to safely store sensitive personal information and perform secure transactions. INL researchers include Steven McCown, Aaron Turner, Kur

49 CFR 15.15 - SSI disclosed by DOT.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Transportation Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.15 SSI... Freedom of Information Act (5 U.S.C. 552), the Privacy Act (5 U.S.C. 552a), and other laws, records... persons without a need to know. (b) Disclosure under the Freedom of Information Act and the Privacy Act...

49 CFR 15.15 - SSI disclosed by DOT.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Transportation Office of the Secretary of Transportation PROTECTION OF SENSITIVE SECURITY INFORMATION § 15.15 SSI... Freedom of Information Act (5 U.S.C. 552), the Privacy Act (5 U.S.C. 552a), and other laws, records... persons without a need to know. (b) Disclosure under the Freedom of Information Act and the Privacy Act...

48 CFR 3452.239-71 - Notice to offerors of Department security requirements.

Code of Federal Regulations, 2014 CFR

2014-10-01

... of the contractor position, the type of data to be accessed, and the type of information technology... DEPARTMENT OF EDUCATION ACQUISITION REGULATION CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES... involve the design, operation, repair, or maintenance of information systems and access to sensitive but...

48 CFR 3452.239-71 - Notice to offerors of Department security requirements.

Code of Federal Regulations, 2013 CFR

2013-10-01

... of the contractor position, the type of data to be accessed, and the type of information technology... DEPARTMENT OF EDUCATION ACQUISITION REGULATION CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES... involve the design, operation, repair, or maintenance of information systems and access to sensitive but...

48 CFR 3452.239-71 - Notice to offerors of Department security requirements.

Code of Federal Regulations, 2012 CFR

2012-10-01

... of the contractor position, the type of data to be accessed, and the type of information technology... DEPARTMENT OF EDUCATION ACQUISITION REGULATION CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES... involve the design, operation, repair, or maintenance of information systems and access to sensitive but...

48 CFR 3452.239-71 - Notice to offerors of Department security requirements.

Code of Federal Regulations, 2011 CFR

2011-10-01

... of the contractor position, the type of data to be accessed, and the type of information technology... DEPARTMENT OF EDUCATION ACQUISITION REGULATION CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES... involve the design, operation, repair, or maintenance of information systems and access to sensitive but...

76 FR 54998 - Request for Information on Consumer Financial Products and Services Offered to Servicemembers

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-06

... public disclosure. Sensitive personal information such as account numbers or Social Security numbers... in person and online? 4. What programs, policies, accommodations, or benefits do financial service... protections and fraud protections. 5. What unique assistance, if any, is currently offered by financial...

Integrity mechanism for eHealth tele-monitoring system in smart home environment.

PubMed

Mantas, Georgios; Lymberopoulos, Dimitrios; Komninos, Nikos

2009-01-01

During the past few years, a lot of effort has been invested in research and development of eHealth tele-monitoring systems that will provide many benefits for healthcare delivery from the healthcare provider to the patient's home. However, there is a plethora of security requirements in eHealth tele-monitoring systems. Data integrity of the transferred medical data is one of the most important security requirements that should be satisfied in these systems, since medical information is extremely sensitive information, and even sometimes life threatening information. In this paper, we present a data integrity mechanism for eHealth tele-monitoring system that operates in a smart home environment. Agent technology is applied to achieve data integrity with the use of cryptographic smart cards. Furthermore, the overall security infrastructure and its various components are described.

49 CFR 1520.17 - Consequences of unauthorized disclosure of SSI.

Code of Federal Regulations, 2014 CFR

2014-10-01

... TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.17 Consequences of unauthorized disclosure of... issuance of an order requiring retrieval of SSI to remedy unauthorized disclosure or an order to cease...

49 CFR 1520.17 - Consequences of unauthorized disclosure of SSI.

Code of Federal Regulations, 2012 CFR

2012-10-01

... TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.17 Consequences of unauthorized disclosure of... issuance of an order requiring retrieval of SSI to remedy unauthorized disclosure or an order to cease...

49 CFR 1520.17 - Consequences of unauthorized disclosure of SSI.

Code of Federal Regulations, 2013 CFR

2013-10-01

... TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.17 Consequences of unauthorized disclosure of... issuance of an order requiring retrieval of SSI to remedy unauthorized disclosure or an order to cease...

49 CFR 1520.17 - Consequences of unauthorized disclosure of SSI.

Code of Federal Regulations, 2011 CFR

2011-10-01

... TRANSPORTATION PROTECTION OF SENSITIVE SECURITY INFORMATION § 1520.17 Consequences of unauthorized disclosure of... issuance of an order requiring retrieval of SSI to remedy unauthorized disclosure or an order to cease...

Father Involvement, Paternal Sensitivity, and Father-Child Attachment Security in the First Three Years

PubMed Central

Brown, Geoffrey L.; Mangelsdorf, Sarah C.; Neff, Cynthia

2014-01-01

To reach a greater understanding of the early father-child attachment relationship, this study examined concurrent and longitudinal associations among father involvement, paternal sensitivity, and father-child attachment security at 13 months and 3 years of age. Analyses revealed few associations among these variables at 13 months of age, but involvement and sensitivity independently predicted father-child attachment security at age 3. Moreover, sensitivity moderated the association between involvement and attachment security at 3 years. Specifically, involvement was unrelated to attachment security when fathers were highly sensitive, but positively related to attachment security when fathers were relatively less sensitive. Father involvement was also moderately stable across the two timepoints, but paternal sensitivity was not. Furthermore, there was significant stability in father-child attachment security from 13 months to 3 years. Secure attachment at 13 months also predicted greater levels of paternal sensitivity at 3 years, with sensitivity at age 3 mediating the association between 13 month and 3 year attachment security. In sum, a secure father-child attachment relationship a) was related to both quantity and quality of fathering behavior, b) remained relatively stable across early childhood, and c) predicted increased paternal sensitivity over time. These findings further our understanding of the correlates of early father-child attachment, and underscore the need to consider multiple domains of fathers’ parenting and reciprocal relations between fathering behavior and father-child attachment security. PMID:22468691

Security Techniques for the Electronic Health Records.

PubMed

Kruse, Clemens Scott; Smith, Brenna; Vanderlinden, Hannah; Nealand, Alexandra

2017-08-01

The privacy of patients and the security of their information is the most imperative barrier to entry when considering the adoption of electronic health records in the healthcare industry. Considering current legal regulations, this review seeks to analyze and discuss prominent security techniques for healthcare organizations seeking to adopt a secure electronic health records system. Additionally, the researchers sought to establish a foundation for further research for security in the healthcare industry. The researchers utilized the Texas State University Library to gain access to three online databases: PubMed (MEDLINE), CINAHL, and ProQuest Nursing and Allied Health Source. These sources were used to conduct searches on literature concerning security of electronic health records containing several inclusion and exclusion criteria. Researchers collected and analyzed 25 journals and reviews discussing security of electronic health records, 20 of which mentioned specific security methods and techniques. The most frequently mentioned security measures and techniques are categorized into three themes: administrative, physical, and technical safeguards. The sensitive nature of the information contained within electronic health records has prompted the need for advanced security techniques that are able to put these worries at ease. It is imperative for security techniques to cover the vast threats that are present across the three pillars of healthcare.

MedBlock: Efficient and Secure Medical Data Sharing Via Blockchain.

PubMed

Fan, Kai; Wang, Shangyang; Ren, Yanhui; Li, Hui; Yang, Yintang

2018-06-21

With the development of electronic information technology, electronic medical records (EMRs) have been a common way to store the patients' data in hospitals. They are stored in different hospitals' databases, even for the same patient. Therefore, it is difficult to construct a summarized EMR for one patient from multiple hospital databases due to the security and privacy concerns. Meanwhile, current EMRs systems lack a standard data management and sharing policy, making it difficult for pharmaceutical scientists to develop precise medicines based on data obtained under different policies. To solve the above problems, we proposed a blockchain-based information management system, MedBlock, to handle patients' information. In this scheme, the distributed ledger of MedBlock allows the efficient EMRs access and EMRs retrieval. The improved consensus mechanism achieves consensus of EMRs without large energy consumption and network congestion. In addition, MedBlock also exhibits high information security combining the customized access control protocols and symmetric cryptography. MedBlock can play an important role in the sensitive medical information sharing.

Cyber security: a critical examination of information sharing versus data sensitivity issues for organisations at risk of cyber attack.

PubMed

Mallinder, Jason; Drabwell, Peter

Cyber threats are growing and evolving at an unprecedented rate.Consequently, it is becoming vitally important that organisations share information internally and externally before, during and after incidents they encounter so that lessons can be learned, good practice identified and new cyber resilience capabilities developed. Many organisations are reluctant to share such information for fear of divulging sensitive information or because it may be vague or incomplete. This provides organisations with a complex dilemma: how to share information as openly as possibly about cyber incidents, while protecting their confidentiality and focusing on service recovery from such incidents. This paper explores the dilemma of information sharing versus sensitivity and provides a practical overview of considerations every business continuity plan should address to plan effectively for information sharing in the event of a cyber incident.

Sampling-Based Stochastic Sensitivity Analysis Using Score Functions for RBDO Problems with Correlated Random Variables

DTIC Science & Technology

2010-08-01

a collection of information if it does not display a currently valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS. a ...SECURITY CLASSIFICATION OF: This study presents a methodology for computing stochastic sensitivities with respect to the design variables, which are the...Random Variables Report Title ABSTRACT This study presents a methodology for computing stochastic sensitivities with respect to the design variables

Protected interoperability of telecommunications and digital products

NASA Astrophysics Data System (ADS)

Hampel, Viktor E.; Cartier, Gene N.; Craft, James P.

1994-11-01

New federal standards for the protection of sensitive data now make it possible to ensure the authenticity, integrity and confidentiality of digital products, and non-repudiation of digital telecommunications. Under review and comment since 1991, the new Federal standards were confirmed this year and provide standard means for the protection of voice and data communications from accidental and wilful abuse. The standards are initially tailored to protect only `sensitive-but-unclassified' (SBU) data in compliance with the Computer Security Act of 1987. These data represent the majority of transactions in electronic commerce, including sensitive procurement information, trade secrets, financial data, product definitions, and company-proprietary information classified as `intellectual property.' Harmonization of the new standards with international requirements is in progress. In the United States, the confirmation of the basic standards marks the beginning of a long-range program to assure discretionary and mandatory access controls to digital resources. Upwards compatibility into the classified domain with multi-level security is a core requirement of the National Information Infrastructure. In this report we review the powerful capabilities of standard Public-Key-Cryptology, the availability of commercial and Federal products for data protection, and make recommendations for their cost-effective use to assure reliable telecommunications and process controls.

Computer Security: Governmentwide Planning Process Had Limited Impact. Report to the Chairman, Committee on Science, Space, and Technology, House of Representatives.

ERIC Educational Resources Information Center

General Accounting Office, Washington, DC. Information Management and Technology Div.

As required by the Computer Security Act of 1987, federal agencies have to identify systems that contain sensitive information and develop plans to safeguard them. The planning process was assessed in 10 civilian agencies as well as the extent to which they had implemented planning controls described in 22 selected plans. The National Institute of…

A privacy preserving protocol for tracking participants in phase I clinical trials.

PubMed

El Emam, Khaled; Farah, Hanna; Samet, Saeed; Essex, Aleksander; Jonker, Elizabeth; Kantarcioglu, Murat; Earle, Craig C

2015-10-01

Some phase 1 clinical trials offer strong financial incentives for healthy individuals to participate in their studies. There is evidence that some individuals enroll in multiple trials concurrently. This creates safety risks and introduces data quality problems into the trials. Our objective was to construct a privacy preserving protocol to track phase 1 participants to detect concurrent enrollment. A protocol using secure probabilistic querying against a database of trial participants that allows for screening during telephone interviews and on-site enrollment was developed. The match variables consisted of demographic information. The accuracy (sensitivity, precision, and negative predictive value) of the matching and its computational performance in seconds were measured under simulated environments. Accuracy was also compared to non-secure matching methods. The protocol performance scales linearly with the database size. At the largest database size of 20,000 participants, a query takes under 20s on a 64 cores machine. Sensitivity, precision, and negative predictive value of the queries were consistently at or above 0.9, and were very similar to non-secure versions of the protocol. The protocol provides a reasonable solution to the concurrent enrollment problems in phase 1 clinical trials, and is able to ensure that personal information about participants is kept secure. Copyright © 2015 The Authors. Published by Elsevier Inc. All rights reserved.

A Mutual Authentication Framework for Wireless Medical Sensor Networks.

PubMed

Srinivas, Jangirala; Mishra, Dheerendra; Mukhopadhyay, Sourav

2017-05-01

Wireless medical sensor networks (WMSN) comprise of distributed sensors, which can sense human physiological signs and monitor the health condition of the patient. It is observed that providing privacy to the patient's data is an important issue and can be challenging. The information passing is done via the public channel in WMSN. Thus, the patient, sensitive information can be obtained by eavesdropping or by unauthorized use of handheld devices which the health professionals use in monitoring the patient. Therefore, there is an essential need of restricting the unauthorized access to the patient's medical information. Hence, the efficient authentication scheme for the healthcare applications is needed to preserve the privacy of the patients' vital signs. To ensure secure and authorized communication in WMSN, we design a symmetric key based authentication protocol for WMSN environment. The proposed protocol uses only computationally efficient operations to achieve lightweight attribute. We analyze the security of the proposed protocol. We use a formal security proof algorithm to show the scheme security against known attacks. We also use the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulator to show protocol secure against man-in-the-middle attack and replay attack. Additionally, we adopt an informal analysis to discuss the key attributes of the proposed scheme. From the formal proof of security, we can see that an attacker has a negligible probability of breaking the protocol security. AVISPA simulator also demonstrates the proposed scheme security against active attacks, namely, man-in-the-middle attack and replay attack. Additionally, through the comparison of computational efficiency and security attributes with several recent results, proposed scheme seems to be battered.

Father involvement, paternal sensitivity, and father-child attachment security in the first 3 years.

PubMed

Brown, Geoffrey L; Mangelsdorf, Sarah C; Neff, Cynthia

2012-06-01

To reach a greater understanding of the early father-child attachment relationship, this study examined concurrent and longitudinal associations among father involvement, paternal sensitivity, and father-child attachment security at 13 months and 3 years of age. Analyses revealed few associations among these variables at 13 months of age, but involvement and sensitivity independently predicted father-child attachment security at age 3. Moreover, sensitivity moderated the association between involvement and attachment security at 3 years. Specifically, involvement was unrelated to attachment security when fathers were highly sensitive, but positively related to attachment security when fathers were relatively less sensitive. Father involvement was also moderately stable across the two time points, but paternal sensitivity was not. Furthermore, there was significant stability in father-child attachment security from 13 months to 3 years. Secure attachment at 13 months also predicted greater levels of paternal sensitivity at 3 years, with sensitivity at age 3 mediating the association between 13 month and 3 year attachment security. In sum, a secure father-child attachment relationship (a) was related to both quantity and quality of fathering behavior, (b) remained relatively stable across early childhood, and (c) predicted increased paternal sensitivity over time. These findings further our understanding of the correlates of early father-child attachment, and underscore the need to consider multiple domains of fathers' parenting and reciprocal relations between fathering behavior and father-child attachment security. PsycINFO Database Record (c) 2012 APA, all rights reserved.

The Privacy and Security Policy Vacuum in Higher Education

ERIC Educational Resources Information Center

Cate, Fred H.

2006-01-01

Colleges and universities face heightened responsibilities. They possess a large volume and variety of sensitive information on a wide range of individuals, and demands for this information are growing. The students that are educated, housed, and/or employed by colleges and universities tend to be in a vulnerable age cohort: eighteen- to…

Politic of Security, Privacy and Transparency in Human Learning Systems

ERIC Educational Resources Information Center

Jeghal, Adil; Oughdir, Lahcen; Tairi, Hamid

2016-01-01

The preservation of confidentiality has become a major issue for the majority of applications that process personal information, the sensitivity of this information requires creators to set rules for the sharing and use of access control policies. A great deal of research has already been conducted in educational environments. However, one aspect…

A bilinear pairing based anonymous authentication scheme in wireless body area networks for mHealth.

PubMed

Jiang, Qi; Lian, Xinxin; Yang, Chao; Ma, Jianfeng; Tian, Youliang; Yang, Yuanyuan

2016-11-01

Wireless body area networks (WBANs) have become one of the key components of mobile health (mHealth) which provides 24/7 health monitoring service and greatly improves the quality and efficiency of healthcare. However, users' concern about the security and privacy of their health information has become one of the major obstacles that impede the wide adoption of WBANs. Anonymous and unlinkable authentication is critical to protect the security and privacy of sensitive physiological information in transit from the client to the application provider. We first show that the anonymous authentication scheme of Wang and Zhang based on bilinear pairing is prone to client impersonation attack. Then, we propose an enhanced anonymous authentication scheme to remedy the flaw in Wang and Zhang's scheme. We give the security analysis to demonstrate that the enhanced scheme achieves the desired security features and withstands various known attacks.

Informatics in Radiology (infoRAD): personal computer security: part 2. Software Configuration and file protection.

PubMed

Caruso, Ronald D

2004-01-01

Proper configuration of software security settings and proper file management are necessary and important elements of safe computer use. Unfortunately, the configuration of software security options is often not user friendly. Safe file management requires the use of several utilities, most of which are already installed on the computer or available as freeware. Among these file operations are setting passwords, defragmentation, deletion, wiping, removal of personal information, and encryption. For example, Digital Imaging and Communications in Medicine medical images need to be anonymized, or "scrubbed," to remove patient identifying information in the header section prior to their use in a public educational or research environment. The choices made with respect to computer security may affect the convenience of the computing process. Ultimately, the degree of inconvenience accepted will depend on the sensitivity of the files and communications to be protected and the tolerance of the user. Copyright RSNA, 2004

Sharing the Knowledge: Government-Private Sector Partnerships to Enhance Information Security

DTIC Science & Technology

2000-05-01

private sector . However, substantial barriers threaten to block information exchanges between the government and private sector . These barriers include concerns over release of sensitive material under Freedom of Information Act requests, antitrust actions, protection of business confidential and other private material, possible liability due to shared information, disclosure of classified information, and burdens entailed with cooperating with law enforcement agencies. There is good cause to believe that the government and private

Insider Alert 1.0 Beta Version

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abbott, Robert

2004-02-01

Insider Alert 1.0 Beta Version supports interactive selection and graphical display of data generated by the Sandia Cognitive Framework, which simulates the examination of security data by experts of various specialties. Insider Alert also encompasses the configuration and data files input to the Cognitive Framework for this application. Insider Alert 1.0 Beta Version is a computer program for analyzing data indicative of possible espionage or improper handling of data by employees at Sandia National Laboratories (or other facilities with comparable policies and procedures for managing sensitive information) It prioritizes and displays information for review by security analysts.

Security Risk Assessment Process for UAS in the NAS CNPC Architecture

NASA Technical Reports Server (NTRS)

Iannicca, Dennis C.; Young, Dennis P.; Thadani, Suresh K.; Winter, Gilbert A.

2013-01-01

This informational paper discusses the risk assessment process conducted to analyze Control and Non-Payload Communications (CNPC) architectures for integrating civil Unmanned Aircraft Systems (UAS) into the National Airspace System (NAS). The assessment employs the National Institute of Standards and Technology (NIST) Risk Management framework to identify threats, vulnerabilities, and risks to these architectures and recommends corresponding mitigating security controls. This process builds upon earlier work performed by RTCA Special Committee (SC) 203 and the Federal Aviation Administration (FAA) to roadmap the risk assessment methodology and to identify categories of information security risks that pose a significant impact to aeronautical communications systems. A description of the deviations from the typical process is described in regards to this aeronautical communications system. Due to the sensitive nature of the information, data resulting from the risk assessment pertaining to threats, vulnerabilities, and risks is beyond the scope of this paper.

Security Risk Assessment Process for UAS in the NAS CNPC Architecture

NASA Technical Reports Server (NTRS)

Iannicca, Dennis Christopher; Young, Daniel Paul; Suresh, Thadhani; Winter, Gilbert A.

2013-01-01

This informational paper discusses the risk assessment process conducted to analyze Control and Non-Payload Communications (CNPC) architectures for integrating civil Unmanned Aircraft Systems (UAS) into the National Airspace System (NAS). The assessment employs the National Institute of Standards and Technology (NIST) Risk Management framework to identify threats, vulnerabilities, and risks to these architectures and recommends corresponding mitigating security controls. This process builds upon earlier work performed by RTCA Special Committee (SC) 203 and the Federal Aviation Administration (FAA) to roadmap the risk assessment methodology and to identify categories of information security risks that pose a significant impact to aeronautical communications systems. A description of the deviations from the typical process is described in regards to this aeronautical communications system. Due to the sensitive nature of the information, data resulting from the risk assessment pertaining to threats, vulnerabilities, and risks is beyond the scope of this paper

Secure and Privacy-Preserving Body Sensor Data Collection and Query Scheme.

PubMed

Zhu, Hui; Gao, Lijuan; Li, Hui

2016-02-01

With the development of body sensor networks and the pervasiveness of smart phones, different types of personal data can be collected in real time by body sensors, and the potential value of massive personal data has attracted considerable interest recently. However, the privacy issues of sensitive personal data are still challenging today. Aiming at these challenges, in this paper, we focus on the threats from telemetry interface and present a secure and privacy-preserving body sensor data collection and query scheme, named SPCQ, for outsourced computing. In the proposed SPCQ scheme, users' personal information is collected by body sensors in different types and converted into multi-dimension data, and each dimension is converted into the form of a number and uploaded to the cloud server, which provides a secure, efficient and accurate data query service, while the privacy of sensitive personal information and users' query data is guaranteed. Specifically, based on an improved homomorphic encryption technology over composite order group, we propose a special weighted Euclidean distance contrast algorithm (WEDC) for multi-dimension vectors over encrypted data. With the SPCQ scheme, the confidentiality of sensitive personal data, the privacy of data users' queries and accurate query service can be achieved in the cloud server. Detailed analysis shows that SPCQ can resist various security threats from telemetry interface. In addition, we also implement SPCQ on an embedded device, smart phone and laptop with a real medical database, and extensive simulation results demonstrate that our proposed SPCQ scheme is highly efficient in terms of computation and communication costs.

Secure and Privacy-Preserving Body Sensor Data Collection and Query Scheme

PubMed Central

Zhu, Hui; Gao, Lijuan; Li, Hui

2016-01-01

With the development of body sensor networks and the pervasiveness of smart phones, different types of personal data can be collected in real time by body sensors, and the potential value of massive personal data has attracted considerable interest recently. However, the privacy issues of sensitive personal data are still challenging today. Aiming at these challenges, in this paper, we focus on the threats from telemetry interface and present a secure and privacy-preserving body sensor data collection and query scheme, named SPCQ, for outsourced computing. In the proposed SPCQ scheme, users’ personal information is collected by body sensors in different types and converted into multi-dimension data, and each dimension is converted into the form of a number and uploaded to the cloud server, which provides a secure, efficient and accurate data query service, while the privacy of sensitive personal information and users’ query data is guaranteed. Specifically, based on an improved homomorphic encryption technology over composite order group, we propose a special weighted Euclidean distance contrast algorithm (WEDC) for multi-dimension vectors over encrypted data. With the SPCQ scheme, the confidentiality of sensitive personal data, the privacy of data users’ queries and accurate query service can be achieved in the cloud server. Detailed analysis shows that SPCQ can resist various security threats from telemetry interface. In addition, we also implement SPCQ on an embedded device, smart phone and laptop with a real medical database, and extensive simulation results demonstrate that our proposed SPCQ scheme is highly efficient in terms of computation and communication costs. PMID:26840319

Reviews on Security Issues and Challenges in Cloud Computing

NASA Astrophysics Data System (ADS)

An, Y. Z.; Zaaba, Z. F.; Samsudin, N. F.

2016-11-01

Cloud computing is an Internet-based computing service provided by the third party allowing share of resources and data among devices. It is widely used in many organizations nowadays and becoming more popular because it changes the way of how the Information Technology (IT) of an organization is organized and managed. It provides lots of benefits such as simplicity and lower costs, almost unlimited storage, least maintenance, easy utilization, backup and recovery, continuous availability, quality of service, automated software integration, scalability, flexibility and reliability, easy access to information, elasticity, quick deployment and lower barrier to entry. While there is increasing use of cloud computing service in this new era, the security issues of the cloud computing become a challenges. Cloud computing must be safe and secure enough to ensure the privacy of the users. This paper firstly lists out the architecture of the cloud computing, then discuss the most common security issues of using cloud and some solutions to the security issues since security is one of the most critical aspect in cloud computing due to the sensitivity of user's data.

Security Protection on Trust Delegated Data in Public Mobile Networks

NASA Astrophysics Data System (ADS)

Weerasinghe, Dasun; Rajarajan, Muttukrishnan; Rakocevic, Veselin

This paper provides detailed solutions for trust delegation and security protection for medical records in public mobile communication networks. The solutions presented in this paper enable the development of software for mobile devices that can be used by emergency medical units in urgent need of sensitive personal information about unconscious patients. In today's world, technical improvements in mobile communication systems mean that users can expect to have access to data at any time regardless of their location. This paper presents a token-based procedure for the data security at a mobile device and delegation of trust between a requesting mobile unit and secure medical data storage. The data security at the mobile device is enabled using identity based key generation methodology.

Internet of Things (IoT) Based Design of a Secure and Lightweight Body Area Network (BAN) Healthcare System.

PubMed

Deng, Yong-Yuan; Chen, Chin-Ling; Tsaur, Woei-Jiunn; Tang, Yung-Wen; Chen, Jung-Hsuan

2017-12-15

As sensor networks and cloud computation technologies have rapidly developed over recent years, many services and applications integrating these technologies into daily life have come together as an Internet of Things (IoT). At the same time, aging populations have increased the need for expanded and more efficient elderly care services. Fortunately, elderly people can now wear sensing devices which relay data to a personal wireless device, forming a body area network (BAN). These personal wireless devices collect and integrate patients' personal physiological data, and then transmit the data to the backend of the network for related diagnostics. However, a great deal of the information transmitted by such systems is sensitive data, and must therefore be subject to stringent security protocols. Protecting this data from unauthorized access is thus an important issue in IoT-related research. In regard to a cloud healthcare environment, scholars have proposed a secure mechanism to protect sensitive patient information. Their schemes provide a general architecture; however, these previous schemes still have some vulnerability, and thus cannot guarantee complete security. This paper proposes a secure and lightweight body-sensor network based on the Internet of Things for cloud healthcare environments, in order to address the vulnerabilities discovered in previous schemes. The proposed authentication mechanism is applied to a medical reader to provide a more comprehensive architecture while also providing mutual authentication, and guaranteeing data integrity, user untraceability, and forward and backward secrecy, in addition to being resistant to replay attack.

Self-Protecting Security for Assured Information Sharing

DTIC Science & Technology

2015-08-29

by Author Sophia Novitzky (Senior), Virginia Tech Mahalia Sapp (Senior), Virginia Tech Performance Sensitivity in Vertical Geothermal Energy...Harvesting Systems 9:15 AM, Annapolis Room, Student Center Residential geothermal energy systems have the potential to provide a cost-effective, low

48 CFR 239.7401 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-10-01

... equipment for lease. (e) Securing, sensitive information, and telecommunications systems have the meaning... 48 Federal Acquisition Regulations System 3 2011-10-01 2011-10-01 false Definitions. 239.7401 Section 239.7401 Federal Acquisition Regulations System DEFENSE ACQUISITION REGULATIONS SYSTEM, DEPARTMENT...

National Counterintelligence Strategy of the United States of America 2016

DTIC Science & Technology

2015-01-01

including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson...while protecting sensitive information and assets from FIE theft , manipulation, or exploitation;  Identify vulnerabilities and threats to...process into supply chain operations to secure the supply chain from exploitation and reduce its vulnerability to disruption;  Expand partnerships

Security Framework for Pervasive Healthcare Architectures Utilizing MPEG-21 IPMP Components.

PubMed

Fragopoulos, Anastasios; Gialelis, John; Serpanos, Dimitrios

2009-01-01

Nowadays in modern and ubiquitous computing environments, it is imperative more than ever the necessity for deployment of pervasive healthcare architectures into which the patient is the central point surrounded by different types of embedded and small computing devices, which measure sensitive physical indications, interacting with hospitals databases, allowing thus urgent medical response in occurrences of critical situations. Such environments must be developed satisfying the basic security requirements for real-time secure data communication, and protection of sensitive medical data and measurements, data integrity and confidentiality, and protection of the monitored patient's privacy. In this work, we argue that the MPEG-21 Intellectual Property Management and Protection (IPMP) components can be used in order to achieve protection of transmitted medical information and enhance patient's privacy, since there is selective and controlled access to medical data that sent toward the hospital's servers.

Digital watermarking in telemedicine applications--towards enhanced data security and accessibility.

PubMed

Giakoumaki, Aggeliki L; Perakis, Konstantinos; Tagaris, Anastassios; Koutsouris, Dimitris

2006-01-01

Implementing telemedical solutions has become a trend amongst the various research teams at an international level. Yet, contemporary information access and distribution technologies raise critical issues that urgently need to be addressed, especially those related to security. The paper suggests the use of watermarking in telemedical applications in order to enhance security of the transmitted sensitive medical data, familiarizes the users with a telemedical system and a watermarking module that have already been developed, and proposes an architecture that will enable the integration of the two systems, taking into account a variety of use cases and application scenarios.

A new image encryption algorithm based on the fractional-order hyperchaotic Lorenz system

NASA Astrophysics Data System (ADS)

Wang, Zhen; Huang, Xia; Li, Yu-Xia; Song, Xiao-Na

2013-01-01

We propose a new image encryption algorithm on the basis of the fractional-order hyperchaotic Lorenz system. While in the process of generating a key stream, the system parameters and the derivative order are embedded in the proposed algorithm to enhance the security. Such an algorithm is detailed in terms of security analyses, including correlation analysis, information entropy analysis, run statistic analysis, mean-variance gray value analysis, and key sensitivity analysis. The experimental results demonstrate that the proposed image encryption scheme has the advantages of large key space and high security for practical image encryption.

[Application of password manager software in health care].

PubMed

Ködmön, József

2016-12-01

When using multiple IT systems, handling of passwords in a secure manner means a potential source of problem. The most frequent issues are choosing the appropriate length and complexity, and then remembering the strong passwords. Password manager software provides a good solution for this problem, while greatly increasing the security of sensitive medical data. This article introduces a password manager software and provides basic information of the application. It also discusses how to select a really secure password manager software and suggests a practical application to efficient, safe and comfortable use for health care. Orv. Hetil., 2016, 157(52), 2066-2073.

Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education.

PubMed

Henriksen, Eva; Burkow, Tatjana M; Johnsen, Elin; Vognild, Lars K

2013-08-09

Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient's TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO's standard for information security risk management. A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality risks in home are different from in a more controlled environment such as a hospital; and electronic equipment located in private homes and communicating via Internet, is more exposed to unauthorised access. By implementing the proposed measures, it has been possible to design a home-based service which ensures the necessary level of information security and privacy.

PREMIX: PRivacy-preserving EstiMation of Individual admiXture.

PubMed

Chen, Feng; Dow, Michelle; Ding, Sijie; Lu, Yao; Jiang, Xiaoqian; Tang, Hua; Wang, Shuang

2016-01-01

In this paper we proposed a framework: PRivacy-preserving EstiMation of Individual admiXture (PREMIX) using Intel software guard extensions (SGX). SGX is a suite of software and hardware architectures to enable efficient and secure computation over confidential data. PREMIX enables multiple sites to securely collaborate on estimating individual admixture within a secure enclave inside Intel SGX. We implemented a feature selection module to identify most discriminative Single Nucleotide Polymorphism (SNP) based on informativeness and an Expectation Maximization (EM)-based Maximum Likelihood estimator to identify the individual admixture. Experimental results based on both simulation and 1000 genome data demonstrated the efficiency and accuracy of the proposed framework. PREMIX ensures a high level of security as all operations on sensitive genomic data are conducted within a secure enclave using SGX.

32 CFR 2004.22 - Operational Responsibilities [202(a)].

Code of Federal Regulations, 2010 CFR

2010-07-01

...; (3) Sign agreements with the Department of Defense as the Executive Agent for industrial security services; and, (4) Ensure applicable department and agency personnel having NISP implementation... of the Director of National Intelligence (ODNI) for Sensitive Compartmented Information, and DOE for...

32 CFR 154.19 - Reinvestigation.

Code of Federal Regulations, 2011 CFR

2011-07-01

... to Sensitive Compartmented Information (SCI). Each individual having current access to SCI shall be... certain SCI duties may require very special compartmentation and other special security measures. In such... for continued SCI access. (h) Foreign nationals employed by DoD organizations overseas. Foreign...

[Hospital information system performance for road traffic accidents analysis in a hospital recruitment based area].

PubMed

Jannot, A-S; Fauconnier, J

2013-06-01

Road traffic accidents in France are mainly analyzed through reports completed by the security forces (police and gendarmerie). But the hospital information systems can also identify road traffic accidents via specific documentary codes of the International Classification of Diseases (ICD-10). The aim of this study was therefore to determine whether hospital stays consecutive to road traffic accident were truly identified by these documentary codes in a facility that collects data routinely and to study the consistency of results from hospital information systems and from security forces during the 2002-2008 period. We retrieved all patients for whom a documentary code for road traffic accident was entered in 2002-2008. We manually checked the concordance of documentary code for road traffic accident and trauma origin in 350 patient files. The number of accidents in the Grenoble area was then inferred by combining with hospitalization regional data and compared to the number of persons injured by traffic accidents declared by the security force. These hospital information systems successfully report road traffic accidents with 96% sensitivity (95%CI: [92%, 100%]) and 97% specificity (95%CI: [95%, 99%]). The decrease in road traffic accidents observed was significantly less than that observed was significantly lower than that observed in the data from the security force (45% for security force data against 27% for hospital data). Overall, this study shows that hospital information systems are a powerful tool for studying road traffic accidents morbidity in hospital and are complementary to security force data. Copyright © 2013 Elsevier Masson SAS. All rights reserved.

Alerting device and method for reminding a person of a risk

DOEpatents

Runyon, Larry [Richland, WA; Gunter, Wayne M [West Richland, WA; Pratt, Richard M [Richland, WA

2001-11-27

An alerting device and method to remind personnel of a risk is disclosed. The device has at least two sensors, a logic controller, a power source, and an annunciator that delivers a visual message, with or without an audible alarm, about a risk to a person when the sensors detect the person exiting a predetermined space. In particular, the present invention reminds a person of a security, safety, or health risk upon exiting a predetermined space. More particularly, the present invention reminds a person of an information security risk relating to sensitive, proprietary, confidential, trade secret, classified, or intellectual property information.

Use of IPsec by Manned Space Missions

NASA Technical Reports Server (NTRS)

Pajevski, Michael J.

2009-01-01

NASA's Constellation Program is developing its next generation manned space systems for missions to the International Space Station (ISS) and the Moon. The Program is embarking on a path towards standards based Internet Protocol (IP) networking for space systems communication. The IP based communications will be paired with industry standard security mechanisms such as Internet Protocol Security (IPsec) to ensure the integrity of information exchanges and prevent unauthorized release of sensitive information in-transit. IPsec has been tested in simulations on the ground and on at least one Earth orbiting satellite, but the technology is still unproven in manned space mission situations and significant obstacles remain.

[Information security in health care].

PubMed

Ködmön, József; Csajbók, Zoltán Ernő

2015-07-05

Doctors, nurses and other medical professionals are spending more and more time in front of the computer, using applications developed for general practitioners, specialized care, or perhaps an integrated hospital system. The data they handle during healing and patient care are mostly sensitive data and, therefore, their management is strictly regulated. Finding our way in the jungle of laws, regulations and policies is not simple. Notwithstanding, our lack of information does not waive our responsibility. This study summarizes the most important points of international recommendations, standards and legal regulations of the field, as well as giving practical advices for managing medical and patient data securely and in compliance with the current legal regulations.

Space Shuttle security policies and programs

NASA Astrophysics Data System (ADS)

Keith, E. L.

The Space Shuttle vehicle consists of the orbiter, external tank, and two solid rocket boosters. In dealing with security two major protective categories are considered, taking into account resource protection and information protection. A review is provided of four basic programs which have to be satisfied. Aspects of science and technology transfer are discussed. The restrictions for the transfer of science and technology information are covered under various NASA Management Instructions (NMI's). There were two major events which influenced the protection of sensitive and private information on the Space Shuttle program. The first event was a manned space flight accident, while the second was the enactment of a congressional bill to establish the rights of privacy. Attention is also given to national resource protection and national defense classified operations.

Space Shuttle security policies and programs

NASA Technical Reports Server (NTRS)

Keith, E. L.

1985-01-01

The Space Shuttle vehicle consists of the orbiter, external tank, and two solid rocket boosters. In dealing with security two major protective categories are considered, taking into account resource protection and information protection. A review is provided of four basic programs which have to be satisfied. Aspects of science and technology transfer are discussed. The restrictions for the transfer of science and technology information are covered under various NASA Management Instructions (NMI's). There were two major events which influenced the protection of sensitive and private information on the Space Shuttle program. The first event was a manned space flight accident, while the second was the enactment of a congressional bill to establish the rights of privacy. Attention is also given to national resource protection and national defense classified operations.

A Framework for an Institutional High Level Security Policy for the Processing of Medical Data and their Transmission through the Internet

PubMed Central

Pangalos, George

2001-01-01

Background The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. Objective To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. Methods We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. Results We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. Conclusions The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented. PMID:11720956

A framework for an institutional high level security policy for the processing of medical data and their transmission through the Internet.

PubMed

Ilioudis, C; Pangalos, G

2001-01-01

The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented.

Strategies for Improving Polio Surveillance Performance in the Security-Challenged Nigerian States of Adamawa, Borno, and Yobe During 2009-2014.

PubMed

Hamisu, Abdullahi Walla; Johnson, Ticha Muluh; Craig, Kehinde; Mkanda, Pascal; Banda, Richard; Tegegne, Sisay G; Oyetunji, Ajiboye; Ningi, Nuhu; Mohammed, Said M; Adamu, Mohammed Isa; Abdulrahim, Khalid; Nsubuga, Peter; Vaz, Rui G; Muhammed, Ado J G

2016-05-01

The security-challenged states of Adamawa, Borno, and Yobe bear most of the brunt of the Boko Haram insurgency in Nigeria. The security challenge has led to the killing of health workers, destruction of health facilities, and displacement of huge populations. To identify areas of polio transmission and promptly detect possible cases of importation in these states, polio surveillance must be very sensitive. We conducted a retrospective review of acute flaccid paralysis surveillance in the security-compromised states between 2009 and 2014, using the acute flaccid paralysis database at the World Health Organization Nigeria Country Office. We also reviewed the reports of surveillance activities conducted in these security-challenged states, to identify strategies that were implemented to improve polio surveillance. Environmental surveillance was implemented in Borno in 2013 and in Yobe in 2014. All disease surveillance and notification officers in the 3 security-challenged states now receive annual training, and the number of community informants in these states has dramatically increased. Media-based messaging (via radio and television) is now used to sensitize the public to the importance of surveillance, and contact samples have been regularly collected in both states since 2014. The strategies implemented in the security-challenged states improved the quality of polio surveillance during the review period. © 2016 World Health Organization; licensee Oxford Journals.

Strategies for Improving Polio Surveillance Performance in the Security-Challenged Nigerian States of Adamawa, Borno, and Yobe During 2009–2014

PubMed Central

Hamisu, Abdullahi Walla; Johnson, Ticha Muluh; Craig, Kehinde; Mkanda, Pascal; Banda, Richard; Tegegne, Sisay G.; Oyetunji, Ajiboye; Ningi, Nuhu; Mohammed, Said M.; Adamu, Mohammed Isa; Abdulrahim, Khalid; Nsubuga, Peter; Vaz, Rui G.; Muhammed, Ado J. G.

2016-01-01

Background. The security-challenged states of Adamawa, Borno, and Yobe bear most of the brunt of the Boko Haram insurgency in Nigeria. The security challenge has led to the killing of health workers, destruction of health facilities, and displacement of huge populations. To identify areas of polio transmission and promptly detect possible cases of importation in these states, polio surveillance must be very sensitive. Methods. We conducted a retrospective review of acute flaccid paralysis surveillance in the security-compromised states between 2009 and 2014, using the acute flaccid paralysis database at the World Health Organization Nigeria Country Office. We also reviewed the reports of surveillance activities conducted in these security-challenged states, to identify strategies that were implemented to improve polio surveillance. Results. Environmental surveillance was implemented in Borno in 2013 and in Yobe in 2014. All disease surveillance and notification officers in the 3 security-challenged states now receive annual training, and the number of community informants in these states has dramatically increased. Media-based messaging (via radio and television) is now used to sensitize the public to the importance of surveillance, and contact samples have been regularly collected in both states since 2014. Conclusions. The strategies implemented in the security-challenged states improved the quality of polio surveillance during the review period. PMID:26655842

Defense Finance and Accounting Service Needs to Strengthen Procedures to Comply with the Federal Financial Management Improvement Act

DTIC Science & Technology

2012-08-14

Improvement Act requirements and secure access to two payroll offices at Indianapolis, Indiana, that process sensitive payroll information. We...Without adequate controls over physical access, individuals could gain unauthorized access to computers and sensitive payroll data contained in online...and resolved. 2  Personnel and payroll data transmitted to and from interfacing systems were transferred completely, accurately, and timely

Security protection of DICOM medical images using dual-layer reversible watermarking with tamper detection capability.

PubMed

Tan, Chun Kiat; Ng, Jason Changwei; Xu, Xiaotian; Poh, Chueh Loo; Guan, Yong Liang; Sheah, Kenneth

2011-06-01

Teleradiology applications and universal availability of patient records using web-based technology are rapidly gaining importance. Consequently, digital medical image security has become an important issue when images and their pertinent patient information are transmitted across public networks, such as the Internet. Health mandates such as the Health Insurance Portability and Accountability Act require healthcare providers to adhere to security measures in order to protect sensitive patient information. This paper presents a fully reversible, dual-layer watermarking scheme with tamper detection capability for medical images. The scheme utilizes concepts of public-key cryptography and reversible data-hiding technique. The scheme was tested using medical images in DICOM format. The results show that the scheme is able to ensure image authenticity and integrity, and to locate tampered regions in the images.

Assuring the privacy and security of transmitting sensitive electronic health information.

PubMed

Peng, Charlie; Kesarinath, Gautam; Brinks, Tom; Young, James; Groves, David

2009-11-14

The interchange of electronic health records between healthcare providers and public health organizations has become an increasingly desirable tool in reducing healthcare costs, improving healthcare quality, and protecting population health. Assuring privacy and security in nationwide sharing of Electronic Health Records (EHR) in an environment such as GRID has become a top challenge and concern. The Centers for Disease Control and Prevention's (CDC) and The Science Application International Corporation (SAIC) have jointly conducted a proof of concept study to find and build a common secure and reliable messaging platform (the SRM Platform) to handle this challenge. The SRM Platform is built on the open standards of OASIS, World Wide Web Consortium (W3C) web-services standards, and Web Services Interoperability (WS-I) specifications to provide the secure transport of sensitive EHR or electronic medical records (EMR). Transmitted data may be in any digital form including text, data, and binary files, such as images. This paper identifies the business use cases, architecture, test results, and new connectivity options for disparate health networks among PHIN, NHIN, Grid, and others.

77 FR 31894 - Portable Gauge Licenses

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-30

... include safety culture, security of radioactive materials, protection of sensitive information, a revised... draft NUREG and is especially interested in receiving comments on the examples and pictures used in... following questions regarding the examples and pictures in Appendix G: 1. Do the examples for two...

Internet of Things (IoT) Based Design of a Secure and Lightweight Body Area Network (BAN) Healthcare System

PubMed Central

Deng, Yong-Yuan; Chen, Chin-Ling; Tsaur, Woei-Jiunn; Tang, Yung-Wen; Chen, Jung-Hsuan

2017-01-01

As sensor networks and cloud computation technologies have rapidly developed over recent years, many services and applications integrating these technologies into daily life have come together as an Internet of Things (IoT). At the same time, aging populations have increased the need for expanded and more efficient elderly care services. Fortunately, elderly people can now wear sensing devices which relay data to a personal wireless device, forming a body area network (BAN). These personal wireless devices collect and integrate patients’ personal physiological data, and then transmit the data to the backend of the network for related diagnostics. However, a great deal of the information transmitted by such systems is sensitive data, and must therefore be subject to stringent security protocols. Protecting this data from unauthorized access is thus an important issue in IoT-related research. In regard to a cloud healthcare environment, scholars have proposed a secure mechanism to protect sensitive patient information. Their schemes provide a general architecture; however, these previous schemes still have some vulnerability, and thus cannot guarantee complete security. This paper proposes a secure and lightweight body-sensor network based on the Internet of Things for cloud healthcare environments, in order to address the vulnerabilities discovered in previous schemes. The proposed authentication mechanism is applied to a medical reader to provide a more comprehensive architecture while also providing mutual authentication, and guaranteeing data integrity, user untraceability, and forward and backward secrecy, in addition to being resistant to replay attack. PMID:29244776

Secure FAST: Security Enhancement in the NATO Time Sensitive Targeting Tool

DTIC Science & Technology

2010-11-01

designed to aid in the tracking and prosecuting of Time Sensitive Targets. The FAST tool provides user level authentication and authorisation in terms...level authentication and authorisation in terms of security. It uses operating system level security but does not provide application level security for...and collaboration tool, designed to aid in the tracking and prosecuting of Time Sensitive Targets. The FAST tool provides user level authentication and

Privacy and Access Control for IHE-Based Systems

NASA Astrophysics Data System (ADS)

Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian

Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.

A Novel Image Steganography Technique for Secured Online Transaction Using DWT and Visual Cryptography

NASA Astrophysics Data System (ADS)

Anitha Devi, M. D.; ShivaKumar, K. B.

2017-08-01

Online payment eco system is the main target especially for cyber frauds. Therefore end to end encryption is very much needed in order to maintain the integrity of secret information related to transactions carried online. With access to payment related sensitive information, which enables lot of money transactions every day, the payment infrastructure is a major target for hackers. The proposed system highlights, an ideal approach for secure online transaction for fund transfer with a unique combination of visual cryptography and Haar based discrete wavelet transform steganography technique. This combination of data hiding technique reduces the amount of information shared between consumer and online merchant needed for successful online transaction along with providing enhanced security to customer’s account details and thereby increasing customer’s confidence preventing “Identity theft” and “Phishing”. To evaluate the effectiveness of proposed algorithm Root mean square error, Peak signal to noise ratio have been used as evaluation parameters

Emergency Response Manual

NASA Technical Reports Server (NTRS)

Barnett, Traci M.

2004-01-01

Safety and security is very important at NASA. The Security Management and Safeguards Office goal is ensure safety and security for all NASA Lewis and Plum Brook Station visitors and workers. The office protects against theft, sabotage, malicious damage, espionage, and other threats or acts of violence. There are three types of security at NASA: physical, IT, and personnel. IT is concerned with sensitive and classified information and computers. Physical security includes the officers who check visitors and workers in and patrol the facility. Personnel security is concerned with background checks during hiring. During my internship, I met people from and gained knowledge about all three types of security. I primarily worked with Dr. Richard Soppet in physical security. During my experience with physical security, I observed and worked with many aspects of it. I attended various security meetings at both NASA Lewis and Plum Brook. The meetings were about homeland security and other improvements that will be made to both facilities. I also spent time with a locksmith. The locksmith makes copies of keys and unlocks doors for people who need them. I rode around in a security vehicle with an officer as he patrolled. I also observed the officer make a search of a visitor s vehicle. All visitors vehicles are searched upon entering NASA. I spent time and observed in the dispatch office. The officer answers calls and sends out officers when needed. The officer also monitors the security cameras. My primary task was completing an emergency response manual. This manual would assist local law enforcement and fire agencies in case of an emergency. The manual has pictures and descriptions of the buildings. It also contains the information about hazards inside of the buildings. This information will be very helpul to law enforcement so that when called upon during an emergency, they will not create an even bigger problem with collateral damage.

Connected vehicle pilot deployment program phase 2 : data privacy plan – New York City.

DOT National Transportation Integrated Search

2016-12-27

This document represents a data privacy plan for ensuring the data privacy and security of those participating in the New York City connected vehicle pilot. Personally Identifiable Information (PII) and Sensitive PII (SPII) will be collected from var...

Anonymous indexing of health conditions for a similarity measure.

PubMed

Song, Insu; Marsh, Nigel V

2012-07-01

A health social network is an online information service which facilitates information sharing between closely related members of a community with the same or a similar health condition. Over the years, many automated recommender systems have been developed for social networking in order to help users find their communities of interest. For health social networking, the ideal source of information for measuring similarities of patients is the medical information of the patients. However, it is not desirable that such sensitive and private information be shared over the Internet. This is also true for many other security sensitive domains. A new information-sharing scheme is developed where each patient is represented as a small number of (possibly disjoint) d-words (discriminant words) and the d-words are used to measure similarities between patients without revealing sensitive personal information. The d-words are simple words like "food,'' and thus do not contain identifiable personal information. This makes our method an effective one-way hashing of patient assessments for a similarity measure. The d-words can be easily shared on the Internet to find peers who might have similar health conditions.

Tort Suits Against Federal Contractors: An Overview of the Legal Issues

DTIC Science & Technology

2011-04-07

which has subsets of its own, such as negligent misrepresentation and the doctrine of “informed consent” in medical malpractice . Broadly speaking...for failure to perform). There is also a possibility that the government could assert the state secrets privilege, thereby effectively preventing the...see CRS Report R41741, The State Secrets Privilege: Preventing the Disclosure of Sensitive National Security Information During Civil Litigation

Interleaving Semantic Web Reasoning and Service Discovery to Enforce Context-Sensitive Security and Privacy Policies

DTIC Science & Technology

2005-07-01

policies in pervasive computing environments. In this context, the owner of information sources (e.g. user, sensor, application, or organization...work in decentralized trust management and semantic web technologies . Section 3 introduces an Information Disclosure Agent architecture for...Norman Sadeh July 2005 CMU-ISRI-05-113 School of Computer Science, Carnegie Mellon University 5000 Forbes Avenue, Pittsburgh, PA, 15213

Regulation, Privacy and Security: Chairman's Opening Remarks

PubMed Central

Gabrieli, E.R.

1979-01-01

Medical privacy is a keystone of a free democratic society. To conserve the right of the patient to medical privacy, computerization of the medical data must be regulated. This paper enumerates some steps to be taken urgently for the protection of computerized sensitive medical data. A computer-oriented medical lexicon is urgently needed for accurate coding. Health industry standards should be drafted. The goals of various data centers must be sharply defined to avoid conflicts of interest. Medical privacy should be studied further, and medical data centers should consider cost-effectiveness. State boards for medical privacy should be created to monitor data security procedures. There is a need for purposeful decentralization. A national medical information policy should be drafted, and a national clinical information board should implement the nation's medical information policy.

An improved control mode for the ping-pong protocol operation in imperfect quantum channels

NASA Astrophysics Data System (ADS)

Zawadzki, Piotr

2015-07-01

Quantum direct communication (QDC) can bring confidentiality of sensitive information without any encryption. A ping-pong protocol, a well-known example of entanglement-based QDC, offers asymptotic security in a perfect quantum channel. However, it has been shown (Wójcik in Phys Rev Lett 90(15):157901, 2003. doi:10.1103/PhysRevLett.90.157901) that it is not secure in the presence of losses. Moreover, legitimate parities cannot rely on dense information coding due to possible undetectable eavesdropping even in the perfect setting (Pavičić in Phys Rev A 87(4):042326, 2013. doi:10.1103/PhysRevA.87.042326). We have identified the source of the above-mentioned weaknesses in the incomplete check of the EPR pair coherence. We propose an improved version of the control mode, and we discuss its relation to the already-known attacks that undermine the QDC security. It follows that the new control mode detects these attacks with high probability and independently on a quantum channel type. As a result, an asymptotic security of the QDC communication can be maintained for imperfect quantum channels, also in the regime of dense information coding.

Taking aim at medical identity theft. Document security key element to comply with government regulations.

PubMed

Raymond, Colette

2010-01-01

Sensitive paper documents, such as patient records, customer data, and legal information, must be securely stored and destroyed when no longer needed. This is not only a good business practice that reduces costs and protects reputations, but also a legal and regulatory imperative. According to some experts, medical identity theft is the fastest-growing form of identity theft in North America. The Federal Trade Commission's Red Flags Rule, due to take effect June 1, 2010, requires banks; credit card companies; and, in some situations, retailers, hospitals, insurance companies, health clinics, and other organizations to store confidential personal information that can expose consumers to significant identity theft risks. This also includes healthcare providers and other organizations that are considered creditors according to their billing/payment procedures. This article highlights the steps healthcare providers must take to ensure data security.

Correlates of child-father and child-mother attachment in the preschool years.

PubMed

Bureau, Jean-François; Martin, Jodi; Yurkowski, Kim; Schmiedel, Sabrina; Quan, Jeffry; Moss, Ellen; Deneault, Audrey-Ann; Pallanca, Dominique

2017-04-01

The increase in fathers' involvement in childrearing, particularly beyond infancy, warrants research exploring factors influencing the quality of child-father attachment relationships, and the impact of these relationships on children's social development. The current investigation explored various correlates of preschoolers' child-father attachment security to both parents, including contextual factors (i.e., socioeconomic status, child temperament, parenting stress), parental play sensitivity, and child social adaptation. Participants included 107 preschool-aged children (59 girls; M = 46.67 months, SD = 8.57) and their fathers and mothers. Results revealed that both mothers' and fathers' play sensitivity were associated with child attachment security after controlling for different contextual factors. Furthermore, the magnitude of the association between child conduct problems and child-father attachment insecurity was stronger than the corresponding association with child-mother attachment insecurity. Findings provide important information on caregiving factors associated with child-father attachment security in the preschool years and the importance of this bond to children's social adaptation.

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Code of Federal Regulations, 2014 CFR

2014-07-01

... any repeatable deviation from normal Postage Evidencing System performance. (3) Cyber attacks that... misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber attacks... causing denial-of-service attacks on Web sites. Cyber attacks may be carried out by third parties or...

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Code of Federal Regulations, 2013 CFR

2013-07-01

... any repeatable deviation from normal Postage Evidencing System performance. (3) Cyber attacks that... misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber attacks... causing denial-of-service attacks on Web sites. Cyber attacks may be carried out by third parties or...

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Code of Federal Regulations, 2012 CFR

2012-07-01

... any repeatable deviation from normal Postage Evidencing System performance. (3) Cyber attacks that... misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber attacks... causing denial-of-service attacks on Web sites. Cyber attacks may be carried out by third parties or...

Interpretive Analysis of the Joint Maritime Command Information System (JMCIS) Sensitive Compartmented Information (SCI) Local Area Network (LAN) security Requirements

DTIC Science & Technology

1994-09-01

as Copernicus brought about a revolutionary paradigm shift in astronomy , the Copernicus Architecture was so named because it represents a...34 ........................................ 7 3. The Navy’s Copernicus Architecture .......................................... 8 B . SY ST E M S...evolution of JMCIS are DoD’s Corporate Information Management (CIM), The Joint Staffs "C41 for the Warrior", and the Navy’s Copernicus architecture programs

Tailoring NIST Security Controls for the Ground System: Selection and Implementation -- Recommendations for Information System Owners

NASA Technical Reports Server (NTRS)

Takamura, Eduardo; Mangum, Kevin

2016-01-01

The National Aeronautics and Space Administration (NASA) invests millions of dollars in spacecraft and ground system development, and in mission operations in the pursuit of scientific knowledge of the universe. In recent years, NASA sent a probe to Mars to study the Red Planet's upper atmosphere, obtained high resolution images of Pluto, and it is currently preparing to find new exoplanets, rendezvous with an asteroid, and bring a sample of the asteroid back to Earth for analysis. The success of these missions is enabled by mission assurance. In turn, mission assurance is backed by information assurance. The information systems supporting NASA missions must be reliable as well as secure. NASA - like every other U.S. Federal Government agency - is required to manage the security of its information systems according to federal mandates, the most prominent being the Federal Information Security Management Act (FISMA) of 2002 and the legislative updates that followed it. Like the management of enterprise information technology (IT), federal information security management takes a "one-size fits all" approach for protecting IT systems. While this approach works for most organizations, it does not effectively translate into security of highly specialized systems such as those supporting NASA missions. These systems include command and control (C&C) systems, spacecraft and instrument simulators, and other elements comprising the ground segment. They must be carefully configured, monitored and maintained, sometimes for several years past the missions' initially planned life expectancy, to ensure the ground system is protected and remains operational without any compromise of its confidentiality, integrity and availability. Enterprise policies, processes, procedures and products, if not effectively tailored to meet mission requirements, may not offer the needed security for protecting the information system, and they may even become disruptive to mission operations. Certain protective measures for the general enterprise may not be as efficient within the ground segment. This is what the authors have concluded through observations and analysis of patterns identified from the various security assessments performed on NASA missions such as MAVEN, OSIRIS-REx, New Horizons and TESS, to name a few. The security audits confirmed that the framework for managing information system security developed by the National Institute of Standards and Technology (NIST) for the federal government, and adopted by NASA, is indeed effective. However, the selection of the technical, operational and management security controls offered by the NIST model - and how they are implemented - does not always fit the nature and the environment where the ground system operates in even though there is no apparent impact on mission success. The authors observed that unfit controls, that is, controls that are not necessarily applicable or sufficiently effective in protecting the mission systems, are often selected to facilitate compliance with security requirements and organizational expectations even if the selected controls offer minimum or non-existent protection. This paper identifies some of the standard security controls that can in fact protect the ground system, and which of them offer little or no benefit at all. It offers multiple scenarios from real security audits in which the controls are not effective without, of course, disclosing any sensitive information about the missions assessed. In addition to selection and implementation of controls, the paper also discusses potential impact of recent legislation such as the Federal Information Security Modernization Act (FISMA) of 2014 - aimed at the enterprise - on the ground system, and offers other recommendations to Information System Owners (ISOs).

Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education

PubMed Central

2013-01-01

Background Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient’s TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Methods Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO’s standard for information security risk management. Results A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Conclusions Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality risks in home are different from in a more controlled environment such as a hospital; and electronic equipment located in private homes and communicating via Internet, is more exposed to unauthorised access. By implementing the proposed measures, it has been possible to design a home-based service which ensures the necessary level of information security and privacy. PMID:23937965

When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist.

PubMed

Blanke, Sandra J; McGrady, Elizabeth

2016-07-01

Health care stakeholders are concerned about the growing risk of protecting sensitive patient health information from breaches. The Federal Emergency Management Agency (FEMA) has identified cyber attacks as an emerging concern, and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased security requirements and are enforcing compliance through stiff financial penalties. The purpose of this study is to describe health care breaches of protected information, analyze the hazards and vulnerabilities of reported breach cases, and prescribe best practices of managing risk through security controls and countermeasures. Prescriptive findings were used to construct a checklist tool to assess and monitor common risks. This research uses a case methodology to describe specific examples of the 3 major types of cyber breach hazards: portable device, insider, and physical breaches. We utilize a risk management framework to prescribe preventative actions that organizations can take to assess, analyze, and mitigate these risks. The health care sector has the largest number of reported breaches, with 3 major types: portable device, insider, and physical breaches. Analysis of actual cases indicates security gaps requiring prescriptive fixes based on "best practices." Our research culminates in a 25-item checklist that organizations can use to assess existing practices and identify security gaps requiring improvement. © 2016 American Society for Healthcare Risk Management of the American Hospital Association.

The association between paternal sensitivity and infant-father attachment security: a meta-analysis of three decades of research.

PubMed

Lucassen, Nicole; Tharner, Anne; Van Ijzendoorn, Marinus H; Bakermans-Kranenburg, Marian J; Volling, Brenda L; Verhulst, Frank C; Lambregtse-Van den Berg, Mijke P; Tiemeier, Henning

2011-12-01

For almost three decades, the association between paternal sensitivity and infant-father attachment security has been studied. The first wave of studies on the correlates of infant-father attachment showed a weak association between paternal sensitivity and infant-father attachment security (r = .13, p < .001, k = 8, N = 546). In the current paper, a meta-analysis of the association between paternal sensitivity and infant-father attachment based on all studies currently available is presented, and the change over time of the association between paternal sensitivity and infant-father attachment is investigated. Studies using an observational measure of paternal interactive behavior with the infant, and the Strange Situation Procedure to observe the attachment relationship were included. Paternal sensitivity is differentiated from paternal sensitivity combined with stimulation in the interaction with the infant. Higher levels of paternal sensitivity were associated with more infant-father attachment security (r = .12, p < .001, k = 16, N = 1,355). Fathers' sensitive play combined with stimulation was not more strongly associated with attachment security than sensitive interactions without stimulation of play. Despite possible changes in paternal role patterns, we did not find stronger associations between paternal sensitivity and infant attachment in more recent years.

Privacy-Preserving and Secure Sharing of PHR in the Cloud.

PubMed

Zhang, Leyou; Wu, Qing; Mu, Yi; Zhang, Jingxia

2016-12-01

As a new summarized record of an individual's medical data and information, Personal Health Record (PHR) can be accessible online. The owner can control fully his/her PHR files to be shared with different users such as doctors, clinic agents, and friends. However, in an open network environment like in the Cloud, these sensitive privacy information may be gotten by those unauthorized parties and users. In this paper, we consider how to achieve PHR data confidentiality and provide fine-grained access control of PHR files in the public Cloud based on Attribute Based Encryption(ABE). Differing from previous works, we also consider the privacy preserving of the receivers since the attributes of the receivers relate to their identity or medical information, which would make some sensitive data exposed to third services. Anonymous ABE(AABE) not only enforces the security of PHR of the owners but also preserves the privacy of the receivers. But a normal AABE with a single private key generation(PKG) center may not match a PHR system in the hierarchical architecture. Therefore, we discuss not only the construction of the PHR sharing system base on AABE but also how to construct the PHR sharing system based on the hierarchical AABE. The proposed schemes(especially based on hierarchical AABE) have many advantages over the available such as short public keys, constant-size private keys, which overcome the weaknesses in the existing works. In the standard model, the introduced schemes achieve compact security in the prime order groups.

A Cluster-Based Framework for the Security of Medical Sensor Environments

NASA Astrophysics Data System (ADS)

Klaoudatou, Eleni; Konstantinou, Elisavet; Kambourakis, Georgios; Gritzalis, Stefanos

The adoption of Wireless Sensor Networks (WSNs) in the healthcare sector poses many security issues, mainly because medical information is considered particularly sensitive. The security mechanisms employed are expected to be more efficient in terms of energy consumption and scalability in order to cope with the constrained capabilities of WSNs and patients’ mobility. Towards this goal, cluster-based medical WSNs can substantially improve efficiency and scalability. In this context, we have proposed a general framework for cluster-based medical environments on top of which security mechanisms can rely. This framework fully covers the varying needs of both in-hospital environments and environments formed ad hoc for medical emergencies. In this paper, we further elaborate on the security of our proposed solution. We specifically focus on key establishment mechanisms and investigate the group key agreement protocols that can best fit in our framework.

Secure data sharing in public cloud

NASA Astrophysics Data System (ADS)

Venkataramana, Kanaparti; Naveen Kumar, R.; Tatekalva, Sandhya; Padmavathamma, M.

2012-04-01

Secure multi-party protocols have been proposed for entities (organizations or individuals) that don't fully trust each other to share sensitive information. Many types of entities need to collect, analyze, and disseminate data rapidly and accurately, without exposing sensitive information to unauthorized or untrusted parties. Solutions based on secure multiparty computation guarantee privacy and correctness, at an extra communication (too costly in communication to be practical) and computation cost. The high overhead motivates us to extend this SMC to cloud environment which provides large computation and communication capacity which makes SMC to be used between multiple clouds (i.e., it may between private or public or hybrid clouds).Cloud may encompass many high capacity servers which acts as a hosts which participate in computation (IaaS and PaaS) for final result, which is controlled by Cloud Trusted Authority (CTA) for secret sharing within the cloud. The communication between two clouds is controlled by High Level Trusted Authority (HLTA) which is one of the hosts in a cloud which provides MgaaS (Management as a Service). Due to high risk for security in clouds, HLTA generates and distributes public keys and private keys by using Carmichael-R-Prime- RSA algorithm for exchange of private data in SMC between itself and clouds. In cloud, CTA creates Group key for Secure communication between the hosts in cloud based on keys sent by HLTA for exchange of Intermediate values and shares for computation of final result. Since this scheme is extended to be used in clouds( due to high availability and scalability to increase computation power) it is possible to implement SMC practically for privacy preserving in data mining at low cost for the clients.

38 CFR 75.115 - Risk analysis.

Code of Federal Regulations, 2014 CFR

2014-07-01

... preparation of the risk analysis may include data mining if necessary for the development of relevant...) INFORMATION SECURITY MATTERS Data Breaches § 75.115 Risk analysis. If a data breach involving sensitive... possible after the data breach, a non-VA entity with relevant expertise in data breach assessment and risk...

38 CFR 75.115 - Risk analysis.

Code of Federal Regulations, 2012 CFR

2012-07-01

... preparation of the risk analysis may include data mining if necessary for the development of relevant...) INFORMATION SECURITY MATTERS Data Breaches § 75.115 Risk analysis. If a data breach involving sensitive... possible after the data breach, a non-VA entity with relevant expertise in data breach assessment and risk...

38 CFR 75.115 - Risk analysis.

Code of Federal Regulations, 2013 CFR

2013-07-01

... preparation of the risk analysis may include data mining if necessary for the development of relevant...) INFORMATION SECURITY MATTERS Data Breaches § 75.115 Risk analysis. If a data breach involving sensitive... possible after the data breach, a non-VA entity with relevant expertise in data breach assessment and risk...

77 FR 16225 - Ramey Motors, Inc.; Analysis of Proposed Consent Order to Aid Public Comment

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-20

..., like anyone's Social Security number, date of birth, driver's license number or other state... include competitively sensitive information such as costs, sales statistics, inventories, formulas..., the rate be stated as an ``annual percentage rate'' using that term or the abbreviation ``APR.'' In...

Discovering and Mitigating Software Vulnerabilities through Large-Scale Collaboration

ERIC Educational Resources Information Center

Zhao, Mingyi

2016-01-01

In today's rapidly digitizing society, people place their trust in a wide range of digital services and systems that deliver latest news, process financial transactions, store sensitive information, etc. However, this trust does not have a solid foundation, because software code that supports this digital world has security vulnerabilities. These…

38 CFR 75.115 - Risk analysis.

Code of Federal Regulations, 2011 CFR

2011-07-01

... preparation of the risk analysis may include data mining if necessary for the development of relevant...) INFORMATION SECURITY MATTERS Data Breaches § 75.115 Risk analysis. If a data breach involving sensitive... possible after the data breach, a non-VA entity with relevant expertise in data breach assessment and risk...

Optical security features for plastic card documents

NASA Astrophysics Data System (ADS)

Hossick Schott, Joachim

1998-04-01

Print-on-demand is currently a major trend in the production of paper based documents. This fully digital production philosophy will likely have ramifications also for the secure identification document market. Here, plastic cards increasingly replace traditionally paper based security sensitive documents such as drivers licenses and passports. The information content of plastic cards can be made highly secure by using chip cards. However, printed and other optical security features will continue to play an important role, both for machine readable and visual inspection. Therefore, on-demand high resolution print technologies, laser engraving, luminescent pigments and laminated features such as holograms, kinegrams or phase gratings will have to be considered for the production of secure identification documents. Very important are also basic optical, surface and material durability properties of the laminates as well as the strength and nature of the adhesion between the layers. This presentation will address some of the specific problems encountered when optical security features such as high resolution printing and laser engraving are to be integrated in the on-demand production of secure plastic card identification documents.

Mind matters: A meta-analysis on parental mentalization and sensitivity as predictors of infant-parent attachment.

PubMed

Zeegers, Moniek A J; Colonnesi, Cristina; Stams, Geert-Jan J M; Meins, Elizabeth

2017-12-01

Major developments in attachment research over the past 2 decades have introduced parental mentalization as a predictor of infant-parent attachment security. Parental mentalization is the degree to which parents show frequent, coherent, or appropriate appreciation of their infants' internal states. The present study examined the triangular relations between parental mentalization, parental sensitivity, and attachment security. A total of 20 effect sizes (N = 974) on the relation between parental mentalization and attachment, 82 effect sizes (N = 6,664) on the relation between sensitivity and attachment, and 24 effect sizes (N = 2,029) on the relation between mentalization and sensitivity were subjected to multilevel meta-analyses. The results showed a pooled correlation of r = .30 between parental mentalization and infant attachment security, and rs of .25 for the correlations between sensitivity and attachment security, and between parental mentalization and sensitivity. A meta-analytic structural equation model was performed to examine the combined effects of mentalization and sensitivity as predictors of infant attachment. Together, the predictors explained 12% of the variance in attachment security. After controlling for the effect of sensitivity, the relation between parental mentalization and attachment remained, r = .24; the relation between sensitivity and attachment remained after controlling for parental mentalization, r = .19. Sensitivity also mediated the relation between parental mentalization and attachment security, r = .07, suggesting that mentalization exerts both direct and indirect influences on attachment security. The results imply that parental mentalization should be incorporated into existing models that map the predictors of infant-parent attachment. (PsycINFO Database Record (c) 2017 APA, all rights reserved).

Access control based on attribute certificates for medical intranet applications.

PubMed

Mavridis, I; Georgiadis, C; Pangalos, G; Khair, M

2001-01-01

Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy.

Novel Image Encryption Scheme Based on Chebyshev Polynomial and Duffing Map

PubMed Central

2014-01-01

We present a novel image encryption algorithm using Chebyshev polynomial based on permutation and substitution and Duffing map based on substitution. Comprehensive security analysis has been performed on the designed scheme using key space analysis, visual testing, histogram analysis, information entropy calculation, correlation coefficient analysis, differential analysis, key sensitivity test, and speed test. The study demonstrates that the proposed image encryption algorithm shows advantages of more than 10113 key space and desirable level of security based on the good statistical results and theoretical arguments. PMID:25143970

A Secure Mobile-Based Authentication System for e-Banking

NASA Astrophysics Data System (ADS)

Rifà-Pous, Helena

Financial information is extremely sensitive. Hence, electronic banking must provide a robust system to authenticate its customers and let them access their data remotely. On the other hand, such system must be usable, affordable, and portable. We propose a challenge-response based one-time password (OTP) scheme that uses symmetric cryptography in combination with a hardware security module. The proposed protocol safeguards passwords from keyloggers and phishing attacks. Besides, this solution provides convenient mobility for users who want to bank online anytime and anywhere, not just from their own trusted computers.

Assessing and comparing information security in swiss hospitals.

PubMed

Landolt, Sarah; Hirschel, Jürg; Schlienger, Thomas; Businger, Walter; Zbinden, Alex M

2012-11-07

Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. The goal of this study was to assess information security in hospitals through a questionnaire based on the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002, evaluating Information technology - Security techniques - Code of practice for information-security management, with a special focus on the effect of the hospitals' size and type. The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs) of 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast and easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful way, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The scores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital. The participating hospitals were offered a benchmark report about their status. The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all items in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering "process and quality management" (average score 1.3 ± 0.8 out of a maximum of 3) and "organization and risk management" (average score 1.3 ± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the implementation of "security zones" and "backup" (P = .008). Half (50.00%, 8588/17,177) of all assessed hospital beds in German-speaking Switzerland are in hospitals that have a score of 49% or less of the maximum possible score in information security. Patient data need to be better protected because of the data protection laws and because sensitive, personal data should be guaranteed confidentiality, integrity, and availability.

Assessing and Comparing Information Security in Swiss Hospitals

PubMed Central

Hirschel, Jürg; Schlienger, Thomas; Businger, Walter; Zbinden, Alex M

2012-01-01

Background Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. Objective The goal of this study was to assess information security in hospitals through a questionnaire based on the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002, evaluating Information technology – Security techniques – Code of practice for information-security management, with a special focus on the effect of the hospitals’ size and type. Methods The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs) of 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast and easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful way, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The scores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital. The participating hospitals were offered a benchmark report about their status. Results The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all items in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering “process and quality management” (average score 1.3 ± 0.8 out of a maximum of 3) and “organization and risk management” (average score 1.3 ± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the implementation of “security zones” and “backup” (P = .008). Conclusions Half (50.00%, 8588/17,177) of all assessed hospital beds in German-speaking Switzerland are in hospitals that have a score of 49% or less of the maximum possible score in information security. Patient data need to be better protected because of the data protection laws and because sensitive, personal data should be guaranteed confidentiality, integrity, and availability. PMID:23611956

Access control and confidentiality in radiology

NASA Astrophysics Data System (ADS)

Noumeir, Rita; Chafik, Adil

2005-04-01

A medical record contains a large amount of data about the patient such as height, weight and blood pressure. It also contains sensitive information such as fertility, abortion, psychiatric data, sexually transmitted diseases and diagnostic results. Access to this information must be carefully controlled. Information technology has greatly improved patient care. The recent extensive deployment of digital medical images made diagnostic images promptly available to healthcare decision makers, regardless of their geographic location. Medical images are digitally archived, transferred on telecommunication networks, and visualized on computer screens. However, with the widespread use of computing and communication technologies in healthcare, the issue of data security has become increasingly important. Most of the work until now has focused on the security of data communication to ensure its integrity, authentication, confidentiality and user accountability. The mechanisms that have been proposed to achieve the security of data communication are not specific to healthcare. Data integrity can be achieved with data signature. Data authentication can be achieved with certificate exchange. Data confidentiality can be achieved with encryption. User accountability can be achieved with audits. Although these mechanisms are essential to ensure data security during its transfer on the network, access control is needed in order to ensure data confidentiality and privacy within the information system application. In this paper, we present and discuss an access control mechanism that takes into account the notion of a care process. Radiology information is categorized and a model to enforce data privacy is proposed.

Privacy preserving integration of health care data.

PubMed

Adam, Nabil; White, Tom; Shafiq, Basit; Vaidya, Jaideep; He, Xiaoyun

2007-10-11

For health care related research studies the medical records of patients may need to be retrieved from multiple sites with different regulations on the disclosure of health information. Given the sensitive nature of health care information, privacy is a major concern when patients' health care data is used for research purposes. In this paper, we propose an approach for integration and querying of health care data from multiple sources in a secure and privacy preserving manner.

77 FR 66841 - The Sherwin-Williams Company; Analysis of Proposed Consent Order To Aid Public Comment

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-07

... include any sensitive personal information, like anyone's Social Security number, date of birth, driver's... make final the agreement's proposed order. This matter involves Sherwin-Williams's marketing and sale... and practices in the future. Part I addresses the marketing of zero VOC paints. It prohibits Sherwin...

78 FR 46950 - Ecobaby Organics, Inc.; Analysis of Proposed Consent Order To Aid Public Comment

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-02

... any sensitive personal information, like anyone's Social Security number, date of birth, driver's... or make final the agreement's proposed order. This matter involves respondent's marketing and sale of... respondent from engaging in similar acts and practices in the future. Part I addresses the marketing of VOC...

32 CFR 154.25 - Prior personnel security determinations made by DoD authorities.

Code of Federal Regulations, 2011 CFR

2011-07-01

..., assignment to sensitive duties or access to classified information (including those pertaining to SCI) made... one pertaining to SCI) is on record, Components shall not request DIS or other DoD investigative... greater than 12 months subsequent to the issuance of a prior clearance. (4) The most recent SCI access...

32 CFR 154.25 - Prior personnel security determinations made by DoD authorities.

Code of Federal Regulations, 2010 CFR

2010-07-01

..., assignment to sensitive duties or access to classified information (including those pertaining to SCI) made... one pertaining to SCI) is on record, Components shall not request DIS or other DoD investigative... greater than 12 months subsequent to the issuance of a prior clearance. (4) The most recent SCI access...

Security model for picture archiving and communication systems.

PubMed

Harding, D B; Gac, R J; Reynolds, C T; Romlein, J; Chacko, A K

2000-05-01

The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement comprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both non-performance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model.

Security evaluation and assurance of electronic health records.

PubMed

Weber-Jahnke, Jens H

2009-01-01

Electronic Health Records (EHRs) maintain information of sensitive nature. Security requirements in this context are typically multilateral, encompassing the viewpoints of multiple stakeholders. Two main research questions arise from a security assurance point of view, namely how to demonstrate the internal correctness of EHRs and how to demonstrate their conformance in relation to multilateral security regulations. The above notions of correctness and conformance directly relate to the general concept of system verification, which asks the question "are we building the system right?" This should not be confused with the concept of system validation, which asks the question "are we building the right system?" Much of the research in the medical informatics community has been concerned with the latter aspect (validation). However, trustworthy security requires assurances that standards are followed and specifications are met. The objective of this paper is to contribute to filling this gap. We give an introduction to fundamentals of security assurance, summarize current assurance standards, and report on experiences with using security assurance methodology applied to the EHR domain, specifically focusing on case studies in the Canadian context.

Hybrid network defense model based on fuzzy evaluation.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.

A Secure Cloud-Assisted Wireless Body Area Network in Mobile Emergency Medical Care System.

PubMed

Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao

2016-05-01

Recent advances in medical treatment and emergency applications, the need of integrating wireless body area network (WBAN) with cloud computing can be motivated by providing useful and real time information about patients' health state to the doctors and emergency staffs. WBAN is a set of body sensors carried by the patient to collect and transmit numerous health items to medical clouds via wireless and public communication channels. Therefore, a cloud-assisted WBAN facilitates response in case of emergency which can save patients' lives. Since the patient's data is sensitive and private, it is important to provide strong security and protection on the patient's medical data over public and insecure communication channels. In this paper, we address the challenge of participant authentication in mobile emergency medical care systems for patients supervision and propose a secure cloud-assisted architecture for accessing and monitoring health items collected by WBAN. For ensuring a high level of security and providing a mutual authentication property, chaotic maps based authentication and key agreement mechanisms are designed according to the concept of Diffie-Hellman key exchange, which depends on the CMBDLP and CMBDHP problems. Security and performance analyses show how the proposed system guaranteed the patient privacy and the system confidentiality of sensitive medical data while preserving the low computation property in medical treatment and remote medical monitoring.

Mothers of Securely Attached Children with Autism Spectrum Disorder Are More Sensitive than Mothers of Insecurely Attached Children

ERIC Educational Resources Information Center

Koren-Karie, Nina; Oppenheim, David; Dolev, Smadar; Yirmiya, Nurit

2009-01-01

In the current study we examined the links between maternal sensitivity and children's secure attachment in a sample of 45 preschool-age boys with Autism Spectrum Disorders (ASD). We hypothesized that mothers of securely attached children would be more sensitive to their children than mothers of insecurely attached children. Children's attachment…

InfoSec-MobCop - Framework for Theft Detection and Data Security on Mobile Computing Devices

NASA Astrophysics Data System (ADS)

Gupta, Anand; Gupta, Deepank; Gupta, Nidhi

People steal mobile devices with the intention of making money either by selling the mobile or by taking the sensitive information stored inside it. Mobile thefts are rising even with existing deterrents in place. This is because; they are ineffective, as they generate unnecessary alerts and might require expensive hardware equipments. In this paper a novel framework termed as InfoSec-MobCop is proposed which secures a mobile user’s data and discovers theft by detecting any anomaly in the user behavior. The anomaly of the user is computed by extracting and monitoring user specific details (typing pattern and usage history). The result of any intrusion attempt by a masquerader is intimated to the service provider through an SMS. Effectiveness of the used approach is discussed using FAR and FRR graphs. The experimental system uses both real users and simulated studies to quantify the effectiveness of the InfoSec-MobCop (Information Security Mobile Cop).

Cloud Computing - A Unified Approach for Surveillance Issues

NASA Astrophysics Data System (ADS)

Rachana, C. R.; Banu, Reshma, Dr.; Ahammed, G. F. Ali, Dr.; Parameshachari, B. D., Dr.

2017-08-01

Cloud computing describes highly scalable resources provided as an external service via the Internet on a basis of pay-per-use. From the economic point of view, the main attractiveness of cloud computing is that users only use what they need, and only pay for what they actually use. Resources are available for access from the cloud at any time, and from any location through networks. Cloud computing is gradually replacing the traditional Information Technology Infrastructure. Securing data is one of the leading concerns and biggest issue for cloud computing. Privacy of information is always a crucial pointespecially when an individual’s personalinformation or sensitive information is beingstored in the organization. It is indeed true that today; cloud authorization systems are notrobust enough. This paper presents a unified approach for analyzing the various security issues and techniques to overcome the challenges in the cloud environment.

Privacy Protection for Telecare Medicine Information Systems Using a Chaotic Map-Based Three-Factor Authenticated Key Agreement Scheme.

PubMed

Zhang, Liping; Zhu, Shaohui; Tang, Shanyu

2017-03-01

Telecare medicine information systems (TMIS) provide flexible and convenient e-health care. However, the medical records transmitted in TMIS are exposed to unsecured public networks, so TMIS are more vulnerable to various types of security threats and attacks. To provide privacy protection for TMIS, a secure and efficient authenticated key agreement scheme is urgently needed to protect the sensitive medical data. Recently, Mishra et al. proposed a biometrics-based authenticated key agreement scheme for TMIS by using hash function and nonce, they claimed that their scheme could eliminate the security weaknesses of Yan et al.'s scheme and provide dynamic identity protection and user anonymity. In this paper, however, we demonstrate that Mishra et al.'s scheme suffers from replay attacks, man-in-the-middle attacks and fails to provide perfect forward secrecy. To overcome the weaknesses of Mishra et al.'s scheme, we then propose a three-factor authenticated key agreement scheme to enable the patient to enjoy the remote healthcare services via TMIS with privacy protection. The chaotic map-based cryptography is employed in the proposed scheme to achieve a delicate balance of security and performance. Security analysis demonstrates that the proposed scheme resists various attacks and provides several attractive security properties. Performance evaluation shows that the proposed scheme increases efficiency in comparison with other related schemes.

Access Control based on Attribute Certificates for Medical Intranet Applications

PubMed Central

Georgiadis, Christos; Pangalos, George; Khair, Marie

2001-01-01

Background Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. Objectives To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. Methods We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Results Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Conclusions Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy. PMID:11720951

Hacking and securing the AR.Drone 2.0 quadcopter: investigations for improving the security of a toy

NASA Astrophysics Data System (ADS)

Pleban, Johann-Sebastian; Band, Ricardo; Creutzburg, Reiner

2014-02-01

In this article we describe the security problems of the Parrot AR.Drone 2.0 quadcopter. Due to the fact that it is promoted as a toy with low acquisition costs, it may end up being used by many individuals which makes it a target for harmful attacks. In addition, the videostream of the drone could be of interest for a potential attacker due to its ability of revealing confidential information. Therefore, we will perform a security threat analysis on this particular drone. We will set the focus mainly on obvious security vulnerabilities like the unencrypted Wi-Fi connection or the user management of the GNU/Linux operating system which runs on the drone. We will show how the drone can be hacked in order to hijack the AR.Drone 2.0. Our aim is to sensitize the end-user of AR.Drones by describing the security vulnerabilities and to show how the AR.Drone 2.0 could be secured from unauthorized access. We will provide instructions to secure the drones Wi-Fi connection and its operation with the official Smartphone App and third party PC software.

Improving Cyber-Security of Smart Grid Systems via Anomaly Detection and Linguistic Domain Knowledge

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Milos Manic

The planned large scale deployment of smart grid network devices will generate a large amount of information exchanged over various types of communication networks. The implementation of these critical systems will require appropriate cyber-security measures. A network anomaly detection solution is considered in this work. In common network architectures multiple communications streams are simultaneously present, making it difficult to build an anomaly detection solution for the entire system. In addition, common anomaly detection algorithms require specification of a sensitivity threshold, which inevitably leads to a tradeoff between false positives and false negatives rates. In order to alleviate these issues, thismore » paper proposes a novel anomaly detection architecture. The designed system applies the previously developed network security cyber-sensor method to individual selected communication streams allowing for learning accurate normal network behavior models. Furthermore, the developed system dynamically adjusts the sensitivity threshold of each anomaly detection algorithm based on domain knowledge about the specific network system. It is proposed to model this domain knowledge using Interval Type-2 Fuzzy Logic rules, which linguistically describe the relationship between various features of the network communication and the possibility of a cyber attack. The proposed method was tested on experimental smart grid system demonstrating enhanced cyber-security.« less

Defense Logistics: Enhanced Policy and Procedures Needed to Improve Management of Sensitive Conventional Ammunition

DTIC Science & Technology

2016-02-01

Information System-Retail OIS-MC Ordnance Information System-Marine Corps SAAS -MOD Standard Army Ammunition System-Modernization SRC Security Risk...automated information systems. For the Army we used LMP, SAAS , and WARS-NT; for the Navy and Marine Corps we used OIS-W, OIS-R, and OIS-MC; and for the Air...Army we used LMP, SAAS , and WARS-NT; for the Navy and Marine Corps we used OIS-W, OIS-R, and OIS-MC; and for the Air Force we used CAS. Military

User Authentication in Smartphones for Telehealth

PubMed Central

SMITH, KATHERINE A.; ZHOU, LEMING; WATZLAF, VALERIE J. M.

2017-01-01

Many functions previously conducted on desktop computers are now performed on smartphones. Smartphones provide convenience, portability, and connectivity. When smartphones are used in the conduct of telehealth, sensitive data is invariably accessed, rendering the devices in need of user authentication to ensure data protection. User authentication of smartphones can help mitigate potential Health Insurance Portability and Accountability Act (HIPAA) breaches and keep sensitive patient information protected, while also facilitating the convenience of smartphones within everyday life and healthcare. This paper presents and examines several types of authentication methods available to smartphone users to help ensure security of sensitive data from attackers. The applications of these authentication methods in telehealth are discussed. PMID:29238444

User Authentication in Smartphones for Telehealth.

PubMed

Smith, Katherine A; Zhou, Leming; Watzlaf, Valerie J M

2017-01-01

Many functions previously conducted on desktop computers are now performed on smartphones. Smartphones provide convenience, portability, and connectivity. When smartphones are used in the conduct of telehealth, sensitive data is invariably accessed, rendering the devices in need of user authentication to ensure data protection. User authentication of smartphones can help mitigate potential Health Insurance Portability and Accountability Act (HIPAA) breaches and keep sensitive patient information protected, while also facilitating the convenience of smartphones within everyday life and healthcare. This paper presents and examines several types of authentication methods available to smartphone users to help ensure security of sensitive data from attackers. The applications of these authentication methods in telehealth are discussed.

Performance evaluation of various K- anonymity techniques

NASA Astrophysics Data System (ADS)

Maheshwarkar, Nidhi; Pathak, Kshitij; Chourey, Vivekanand

2011-12-01

Today's advanced scenario where each information is available in one click, data security is the main aspect. Individual information which sometimes needs to be hiding is easily available using some tricks. Medical information, income details are needed to be kept away from adversaries and so, are stored in private tables. Some publicly released information contains zip code, sex, birth date. When this released information is linked with the private table, adversary can detect the whole confidential information of individuals or respondents, i.e. name, medical status. So to protect respondents identity, a new concept k-anonymity is used which means each released record has at least (k-1) other records in the release whose values are distinct over those fields that appear in the external data. K-anonymity can be achieved easily in case of single sensitive attributes i.e. name, salary, medical status, but it is quiet difficult when multiple sensitive attributes are present. Generalization and Suppression are used to achieve k-anonymity. This paper provides a formal introduction of k-anonymity and some techniques used with it l-diversity, t-closeness. This paper covers k-anonymity model and the comparative study of these concepts along with a new proposed concept for multiple sensitive attributes.

Defense Transportation: DOD Needs to Improve the Evaluation of Safety and Performance Information for Carriers Transporting Security-Sensitive Materials

DTIC Science & Technology

2015-12-01

caught on fire in September 2014 near Crawfordville, Georgia. The tires and the trailer were burned off. See figure 11. There were no reported...Connect with GAO To Report Fraud, Waste, and Abuse in Federal Programs Congressional Relations Public Affairs Please Print on Recycled Paper.

77 FR 66843 - The PPG Architectural Finishes, Inc.; Analysis of Proposed Consent Order To Aid Public Comment

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-07

... does not include any sensitive personal information, like anyone's Social Security number, date of... the agreement or make final the agreement's proposed order. This matter involves PPG's marketing and... prevent PPG from engaging in similar acts and practices in the future. Part I addresses the marketing of...

Query-Biased Preview over Outsourced and Encrypted Data

PubMed Central

Luo, Guangchun; Qin, Ke; Chen, Aiguo

2013-01-01

For both convenience and security, more and more users encrypt their sensitive data before outsourcing it to a third party such as cloud storage service. However, searching for the desired documents becomes problematic since it is costly to download and decrypt each possibly needed document to check if it contains the desired content. An informative query-biased preview feature, as applied in modern search engine, could help the users to learn about the content without downloading the entire document. However, when the data are encrypted, securely extracting a keyword-in-context snippet from the data as a preview becomes a challenge. Based on private information retrieval protocol and the core concept of searchable encryption, we propose a single-server and two-round solution to securely obtain a query-biased snippet over the encrypted data from the server. We achieve this novel result by making a document (plaintext) previewable under any cryptosystem and constructing a secure index to support dynamic computation for a best matched snippet when queried by some keywords. For each document, the scheme has O(d) storage complexity and O(log(d/s) + s + d/s) communication complexity, where d is the document size and s is the snippet length. PMID:24078798

Query-biased preview over outsourced and encrypted data.

PubMed

Peng, Ningduo; Luo, Guangchun; Qin, Ke; Chen, Aiguo

2013-01-01

For both convenience and security, more and more users encrypt their sensitive data before outsourcing it to a third party such as cloud storage service. However, searching for the desired documents becomes problematic since it is costly to download and decrypt each possibly needed document to check if it contains the desired content. An informative query-biased preview feature, as applied in modern search engine, could help the users to learn about the content without downloading the entire document. However, when the data are encrypted, securely extracting a keyword-in-context snippet from the data as a preview becomes a challenge. Based on private information retrieval protocol and the core concept of searchable encryption, we propose a single-server and two-round solution to securely obtain a query-biased snippet over the encrypted data from the server. We achieve this novel result by making a document (plaintext) previewable under any cryptosystem and constructing a secure index to support dynamic computation for a best matched snippet when queried by some keywords. For each document, the scheme has O(d) storage complexity and O(log(d/s) + s + d/s) communication complexity, where d is the document size and s is the snippet length.

Secure chaotic transmission of electrocardiography signals with acousto-optic modulation under profiled beam propagation.

PubMed

Almehmadi, Fares S; Chatterjee, Monish R

2015-01-10

Electrocardiography (ECG) signals are used for both medical purposes and identifying individuals. It is often necessary to encrypt this highly sensitive information before it is transmitted over any channel. A closed-loop acousto-optic hybrid device acting as a chaotic modulator is applied to ECG signals to achieve this encryption. Recently improved modeling of this approach using profiled optical beams has shown it to be very sensitive to key parameters that characterize the encryption and decryption process, exhibiting its potential for secure transmission of analog and digital signals. Here the encryption and decryption is demonstrated for ECG signals, both analog and digital versions, illustrating strong encryption without significant distortion. Performance analysis pertinent to both analog and digital transmission of the ECG waveform is also carried out using output signal-to-noise, signal-to-distortion, and bit-error-rate measures relative to the key parameters and presence of channel noise in the system.

Two RFID standard-based security protocols for healthcare environments.

PubMed

Picazo-Sanchez, Pablo; Bagheri, Nasour; Peris-Lopez, Pedro; Tapiador, Juan E

2013-10-01

Radio Frequency Identification (RFID) systems are widely used in access control, transportation, real-time inventory and asset management, automated payment systems, etc. Nevertheless, the use of this technology is almost unexplored in healthcare environments, where potential applications include patient monitoring, asset traceability and drug administration systems, to mention just a few. RFID technology can offer more intelligent systems and applications, but privacy and security issues have to be addressed before its adoption. This is even more dramatical in healthcare applications where very sensitive information is at stake and patient safety is paramount. In Wu et al. (J. Med. Syst. 37:19, 43) recently proposed a new RFID authentication protocol for healthcare environments. In this paper we show that this protocol puts location privacy of tag holders at risk, which is a matter of gravest concern and ruins the security of this proposal. To facilitate the implementation of secure RFID-based solutions in the medical sector, we suggest two new applications (authentication and secure messaging) and propose solutions that, in contrast to previous proposals in this field, are fully based on ISO Standards and NIST Security Recommendations.

For telehealth to succeed, privacy and security risks must be identified and addressed.

PubMed

Hall, Joseph L; McGraw, Deven

2014-02-01

The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

NetWall distributed firewall in the use of campus network

NASA Astrophysics Data System (ADS)

He, Junhua; Zhang, Pengshuai

2011-10-01

Internet provides a modern means of education but also non-mainstream consciousness and poor dissemination of information opens the door, network and moral issues have become prominent, poor dissemination of information and network spread rumors and negative effects of new problems, ideological and political education in schools had a huge impact, poses a severe challenge. This paper presents a distributed firewall will NetWall deployed in a campus network solution. The characteristics of the campus network, using technology to filter out bad information on the means of control, of sensitive information related to the record, establish a complete information security management platform for the campus network.

Using Real-time Event Tracking Sensitivity Analysis to Overcome Sensor Measurement Uncertainties of Geo-Information Management in Drilling Disasters

NASA Astrophysics Data System (ADS)

Tavakoli, S.; Poslad, S.; Fruhwirth, R.; Winter, M.

2012-04-01

This paper introduces an application of a novel EventTracker platform for instantaneous Sensitivity Analysis (SA) of large scale real-time geo-information. Earth disaster management systems demand high quality information to aid a quick and timely response to their evolving environments. The idea behind the proposed EventTracker platform is the assumption that modern information management systems are able to capture data in real-time and have the technological flexibility to adjust their services to work with specific sources of data/information. However, to assure this adaptation in real time, the online data should be collected, interpreted, and translated into corrective actions in a concise and timely manner. This can hardly be handled by existing sensitivity analysis methods because they rely on historical data and lazy processing algorithms. In event-driven systems, the effect of system inputs on its state is of value, as events could cause this state to change. This 'event triggering' situation underpins the logic of the proposed approach. Event tracking sensitivity analysis method describes the system variables and states as a collection of events. The higher the occurrence of an input variable during the trigger of event, the greater its potential impact will be on the final analysis of the system state. Experiments were designed to compare the proposed event tracking sensitivity analysis with existing Entropy-based sensitivity analysis methods. The results have shown a 10% improvement in a computational efficiency with no compromise for accuracy. It has also shown that the computational time to perform the sensitivity analysis is 0.5% of the time required compared to using the Entropy-based method. The proposed method has been applied to real world data in the context of preventing emerging crises at drilling rigs. One of the major purposes of such rigs is to drill boreholes to explore oil or gas reservoirs with the final scope of recovering the content of such reservoirs; both in onshore regions as well as in offshore regions. Drilling a well is always guided by technical, economic and security constraints to prevent crew, equipment and environment from injury, damage and pollution. Although risk assessment and local practice provides a high degree of security, uncertainty is given by the behaviour of the formation which may cause crucial situations at the rig. To overcome such uncertainties real-time sensor measurements form a base to predict and thus prevent such crises, the proposed method supports the identification of the data necessary for that.

Location Privacy in RFID Applications

NASA Astrophysics Data System (ADS)

Sadeghi, Ahmad-Reza; Visconti, Ivan; Wachsmann, Christian

RFID-enabled systems allow fully automatic wireless identification of objects and are rapidly becoming a pervasive technology with various applications. However, despite their benefits, RFID-based systems also pose challenging risks, in particular concerning user privacy. Indeed, improvident use of RFID can disclose sensitive information about users and their locations allowing detailed user profiles. Hence, it is crucial to identify and to enforce appropriate security and privacy requirements of RFID applications (that are also compliant to legislation). This chapter first discusses security and privacy requirements for RFID-enabled systems, focusing in particular on location privacy issues. Then it explores the advances in RFID applications, stressing the security and privacy shortcomings of existing proposals. Finally, it presents new promising directions for privacy-preserving RFID systems, where as a case study we focus electronic tickets (e-tickets) for public transportation.

Wireless networks of opportunity in support of secure field operations

NASA Astrophysics Data System (ADS)

Stehle, Roy H.; Lewis, Mark

1997-02-01

Under funding from the Defense Advanced Research Projects Agency (DARPA) for joint military and law enforcement technologies, demonstrations of secure information transfer in support of law enforcement and military operations other than war, using wireless and wired technology, were held in September 1996 at several locations in the United States. In this paper, the network architecture, protocols, and equipment supporting the demonstration's scenarios are presented, together with initial results, including lessons learned and desired system enhancements. Wireless networks of opportunity encompassed in-building (wireless-LAN), campus-wide (Metricom Inc.), metropolitan (AMPS cellular, CDPD), and national (one- and two-way satellite) systems. Evolving DARPA-sponsored packet radio technology was incorporated. All data was encrypted, using multilevel information system security initiative (MISSI)FORTEZZA technology, for carriage over unsecured and unclassified commercial networks. The identification and authentication process inherent in the security system permitted logging for database accesses and provided an audit trail useful in evidence gathering. Wireless and wireline communications support, to and between modeled crisis management centers, was demonstrated. Mechanisms for the guarded transport of data through the secret-high military tactical Internet were included, to support joint law enforcement and crisis management missions. A secure World Wide Web (WWW) browser forms the primary, user-friendly interface for information retrieval and submission. The WWW pages were structured to be sensitive to the bandwidth, error rate, and cost of the communications medium in use (e.g., the use of and resolution for graphical data). Both still and motion compressed video were demonstrated, along with secure voice transmission from laptop computers in the field. Issues of network bandwidth, airtime costs, and deployment status are discussed.

Practices in security and confidentiality of HIV/AIDS patients' information: A national survey among staff at HIV outpatient clinics in Vietnam.

PubMed

Khac Hai, Nguyen; Lawpoolsri, Saranath; Jittamala, Podjanee; Thi Thu Huong, Phan; Kaewkungwal, Jaranit

2017-01-01

Breach of confidentiality or invasion of privacy from the collection and use of medical records, particularly those of patients with HIV/AIDS or other diseases sensitive to stigmatization, should be prevented by all related stakeholders in healthcare settings. The main focus of this study was to assess practices regarding security and confidentiality of HIV-related information among staff at HIV outpatient clinics (HIV-OPCs) in Vietnam. A descriptive cross-sectional study was conducted at all 312 HIV-OPCs across the country using an online survey technique. In general, the staff practices for securing and protecting patient information were at acceptable levels. Most staff had proper measures and practices for maintaining data security; however, the protection of patient confidentiality, particularly for data access, sharing, and transfer still required improvement. Most HIV-OPC staff had good or moderate knowledge and positive perceptions towards security and confidentiality issues. Staff who were not trained in the practice of security measures differed significantly from those who were trained (OR: 3.74; 95%CI: 1.44-9.67); staff needing improved knowledge levels differed significantly from those with good (OR: 5.20; 95%CI: 2.39-11.32) and moderate knowledge levels (OR: 5.10; 95%CI: 2.36-11.00); and staff needing improved perception levels differed significantly from those with good (i.e., with 100% proper practices) and moderate perception levels (OR: 5.67; 95%CI: 2.93-10.95). Staff who were not trained in the protection of data confidentiality differed significantly from those who were trained (OR: 2.18; 95%CI: 1.29-3.65). Training is an important factor to help raise the levels of proper practices regarding confidentiality and security, to improve knowledge and raise awareness about change among staff. The operation and management of HIV treatment and care in Vietnam are currently transitioning from separate healthcare clinics (HIV-OPC) into units integrated into general hospitals/healthcare facilities. The findings of this study highlight topics that could be used for improving management and operation of information system and revising guidelines and regulations on protection measures/strategies for data security and confidentiality of HIV/AIDS patients by Vietnam health authorities or other countries facing similar situations. Secure infrastructure and secure measures for data access and use are very important, worthwhile investments. The provision of continuous training and active enforcement and monitoring of the practices of healthcare personnel might lead to an improved understanding and acknowledegement of the importance of national policies/guidelines regarding HIV-related patient information.

Ethics Certification of Health Information Professionals.

PubMed

Kluge, Eike-Henner; Lacroix, Paulette; Ruotsalainen, Pekka

2018-04-22

 To provide a model for ensuring the ethical acceptability of the provisions that characterize the interjurisdictional use of eHealth, telemedicine, and associated modalities of health care deliveiy that are currently in place.  Following the approach initiated in their Global Protection of Health Data project within the Security in Health Information Systems (SiHIS) working group of the International Medical Informatics Association (IMIA), the authors analyze and evaluate relevant privacy and security approaches that are intended to stem the erosion of patients' trustworthiness in the handling of their sensitive information by health care and informatics professionals in the international context.  The authors found that while the majority of guidelines and ethical codes essentially focus on the role and functioning of the institutions that use EHRs and information technologies, little if any attention has been paid to the qualifications of the health informatics professionals (HIPs) who actualize and operate information systems to deal with or address relevant ethical issues.  The apparent failure to address this matter indicates that the ethical qualification of HIPs remains an important security issue and that the Global Protection of Health Data project initiated by the SiHIS working group in 2015 should be expanded to develop into an internationally viable method of certification. An initial model to this effect is sketched and discussed. Georg Thieme Verlag KG Stuttgart.

A Component-Based Approach for Securing Indoor Home Care Applications

PubMed Central

Estévez, Elisabet

2017-01-01

eHealth systems have adopted recent advances on sensing technologies together with advances in information and communication technologies (ICT) in order to provide people-centered services that improve the quality of life of an increasingly elderly population. As these eHealth services are founded on the acquisition and processing of sensitive data (e.g., personal details, diagnosis, treatments and medical history), any security threat would damage the public’s confidence in them. This paper proposes a solution for the design and runtime management of indoor eHealth applications with security requirements. The proposal allows applications definition customized to patient particularities, including the early detection of health deterioration and suitable reaction (events) as well as security needs. At runtime, security support is twofold. A secured component-based platform supervises applications execution and provides events management, whilst the security of the communications among application components is also guaranteed. Additionally, the proposed event management scheme adopts the fog computing paradigm to enable local event related data storage and processing, thus saving communication bandwidth when communicating with the cloud. As a proof of concept, this proposal has been validated through the monitoring of the health status in diabetic patients at a nursing home. PMID:29278370

Hybrid Network Defense Model Based on Fuzzy Evaluation

PubMed Central

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture. PMID:24574870

A Component-Based Approach for Securing Indoor Home Care Applications.

PubMed

Agirre, Aitor; Armentia, Aintzane; Estévez, Elisabet; Marcos, Marga

2017-12-26

eHealth systems have adopted recent advances on sensing technologies together with advances in information and communication technologies (ICT) in order to provide people-centered services that improve the quality of life of an increasingly elderly population. As these eHealth services are founded on the acquisition and processing of sensitive data (e.g., personal details, diagnosis, treatments and medical history), any security threat would damage the public's confidence in them. This paper proposes a solution for the design and runtime management of indoor eHealth applications with security requirements. The proposal allows applications definition customized to patient particularities, including the early detection of health deterioration and suitable reaction (events) as well as security needs. At runtime, security support is twofold. A secured component-based platform supervises applications execution and provides events management, whilst the security of the communications among application components is also guaranteed. Additionally, the proposed event management scheme adopts the fog computing paradigm to enable local event related data storage and processing, thus saving communication bandwidth when communicating with the cloud. As a proof of concept, this proposal has been validated through the monitoring of the health status in diabetic patients at a nursing home.

Maternal Sensitivity, Child Functional Level, and Attachment in Down Syndrome.

ERIC Educational Resources Information Center

Atkinson, Leslie; Chrisholm, Vivienne C.; Scott, Brian; Goldberg, Susan; Vaughn, Brian E.; Blackwell, Janis; Dickens, Susan; Tam, Frances

1999-01-01

Investigated the influence of child intellectual/adaptive functioning and maternal sensitivity on attachment security, using a sample of children with Down syndrome. Found a relationship between attachment security in DS related to the interaction of maternal sensitivity and cognitive competence. (JPB)

QuickCash: Secure Transfer Payment Systems

PubMed Central

Alhothaily, Abdulrahman; Alrawais, Arwa; Song, Tianyi; Lin, Bin; Cheng, Xiuzhen

2017-01-01

Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users’ needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN). In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties. PMID:28608846

QuickCash: Secure Transfer Payment Systems.

PubMed

Alhothaily, Abdulrahman; Alrawais, Arwa; Song, Tianyi; Lin, Bin; Cheng, Xiuzhen

2017-06-13

Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users' needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN). In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties.

Power Projection in the Digital Age: The Only Winning Move is to Play

DTIC Science & Technology

2017-12-21

and compromise or corrupt sensitive information. Without a corresponding cybersecurity focus to complement our developing physical capabilities...industry, and academia to participate in a series of cyber- security roundtables. These experts included heads of cybersecurity firms, Chief...cyber-degraded environments. These cybersecurity roundtables are now biannual events, designed to continuously expand the Command’s perspective and

An Axiology of Information Security for Futuristic Neuroprostheses: Upholding Human Values in the Context of Technological Posthumanization

PubMed Central

Gladden, Matthew E.

2017-01-01

Previous works exploring the challenges of ensuring information security for neuroprosthetic devices and their users have typically built on the traditional InfoSec concept of the “CIA Triad” of confidentiality, integrity, and availability. However, we argue that the CIA Triad provides an increasingly inadequate foundation for envisioning information security for neuroprostheses, insofar as it presumes that (1) any computational systems to be secured are merely instruments for expressing their human users' agency, and (2) computing devices are conceptually and practically separable from their users. Drawing on contemporary philosophy of technology and philosophical and critical posthumanist analysis, we contend that futuristic neuroprostheses could conceivably violate these basic InfoSec presumptions, insofar as (1) they may alter or supplant their users' biological agency rather than simply supporting it, and (2) they may structurally and functionally fuse with their users to create qualitatively novel “posthumanized” human-machine systems that cannot be secured as though they were conventional computing devices. Simultaneously, it is noted that many of the goals that have been proposed for future neuroprostheses by InfoSec researchers (e.g., relating to aesthetics, human dignity, authenticity, free will, and cultural sensitivity) fall outside the scope of InfoSec as it has historically been understood and touch on a wide range of ethical, aesthetic, physical, metaphysical, psychological, economic, and social values. We suggest that the field of axiology can provide useful frameworks for more effectively identifying, analyzing, and prioritizing such diverse types of values and goods that can (and should) be pursued through InfoSec practices for futuristic neuroprostheses. PMID:29163010

Risk analysis of information security in a mobile instant messaging and presence system for healthcare.

PubMed

Bønes, Erlend; Hasvold, Per; Henriksen, Eva; Strandenaes, Thomas

2007-09-01

Instant messaging (IM) is suited for immediate communication because messages are delivered almost in real time. Results from studies of IM use in enterprise work settings make us believe that IM based services may prove useful also within the healthcare sector. However, today's public instant messaging services do not have the level of information security required for adoption of IM in healthcare. We proposed MedIMob, our own architecture for a secure enterprise IM service for use in healthcare. MedIMob supports IM clients on mobile devices in addition to desktop based clients. Security threats were identified in a risk analysis of the MedIMob architecture. The risk analysis process consists of context identification, threat identification, analysis of consequences and likelihood, risk evaluation, and proposals for risk treatment. The risk analysis revealed a number of potential threats to the information security of a service like this. Many of the identified threats are general when dealing with mobile devices and sensitive data; others are threats which are more specific to our service and architecture. Individual threats identified in the risks analysis are discussed and possible counter measures presented. The risk analysis showed that most of the proposed risk treatment measures must be implemented to obtain an acceptable risk level; among others blocking much of the additional functionality of the smartphone. To conclude on the usefulness of this IM service, it will be evaluated in a trial study of the human-computer interaction. Further work also includes an improved design of the proposed MedIMob architecture. 2006 Elsevier Ireland Ltd

An Axiology of Information Security for Futuristic Neuroprostheses: Upholding Human Values in the Context of Technological Posthumanization.

PubMed

Gladden, Matthew E

2017-01-01

Previous works exploring the challenges of ensuring information security for neuroprosthetic devices and their users have typically built on the traditional InfoSec concept of the "CIA Triad" of confidentiality, integrity, and availability. However, we argue that the CIA Triad provides an increasingly inadequate foundation for envisioning information security for neuroprostheses, insofar as it presumes that (1) any computational systems to be secured are merely instruments for expressing their human users' agency, and (2) computing devices are conceptually and practically separable from their users. Drawing on contemporary philosophy of technology and philosophical and critical posthumanist analysis, we contend that futuristic neuroprostheses could conceivably violate these basic InfoSec presumptions, insofar as (1) they may alter or supplant their users' biological agency rather than simply supporting it, and (2) they may structurally and functionally fuse with their users to create qualitatively novel "posthumanized" human-machine systems that cannot be secured as though they were conventional computing devices. Simultaneously, it is noted that many of the goals that have been proposed for future neuroprostheses by InfoSec researchers (e.g., relating to aesthetics, human dignity, authenticity, free will, and cultural sensitivity) fall outside the scope of InfoSec as it has historically been understood and touch on a wide range of ethical, aesthetic, physical, metaphysical, psychological, economic, and social values. We suggest that the field of axiology can provide useful frameworks for more effectively identifying, analyzing, and prioritizing such diverse types of values and goods that can (and should) be pursued through InfoSec practices for futuristic neuroprostheses.

Security enhancement of optical encryption based on biometric array keys

NASA Astrophysics Data System (ADS)

Yan, Aimin; Wei, Yang; Zhang, Jingtao

2018-07-01

A novel optical image encryption method is proposed by using Dammann grating and biometric array keys. Dammann grating is utilized to create a 2D finite uniform-intensity spot array. In encryption, a fingerprint array is used as private encryption keys. An original image can be encrypted by a scanning Fresnel zone plate array. Encrypted signals are processed by an optical coherent heterodyne detection system. Biometric array keys and optical scanning cryptography are integrated with each other to enhance information security greatly. Numerical simulations are performed to demonstrate the feasibility and validity of this method. Analyses on key sensitivity and the resistance against to possible attacks are provided.

Programming secure mobile agents in healthcare environments using role-based permissions.

PubMed

Georgiadis, C K; Baltatzis, J; Pangalos, G I

2003-01-01

The healthcare environment consists of vast amounts of dynamic and unstructured information, distributed over a large number of information systems. Mobile agent technology is having an ever-growing impact on the delivery of medical information. It supports acquiring and manipulating information distributed in a large number of information systems. Moreover is suitable for the computer untrained medical stuff. But the introduction of mobile agents generates advanced threads to the sensitive healthcare information, unless the proper countermeasures are taken. By applying the role-based approach to the authorization problem, we ease the sharing of information between hospital information systems and we reduce the administering part. The different initiative of the agent's migration method, results in different methods of assigning roles to the agent.

Early Adverse Caregiving Experiences and Preschoolers' Current Attachment Affect Brain Responses during Facial Familiarity Processing: An ERP Study.

PubMed

Kungl, Melanie T; Bovenschen, Ina; Spangler, Gottfried

2017-01-01

When being placed into more benign environments like foster care, children from adverse rearing backgrounds are capable of forming attachment relationships to new caregivers within the first year of placement, while certain problematic social behaviors appear to be more persistent. Assuming that early averse experiences shape neural circuits underlying social behavior, neurophysiological studies on individual differences in early social-information processing have great informative value. More precisely, ERP studies have repeatedly shown face processing to be sensitive to experience especially regarding the caregiving background. However, studies on effects of early adverse caregiving experiences are restricted to children with a history of institutionalization. Also, no study has investigated effects of attachment security as a marker of the quality of the caregiver-child relationship. Thus, the current study asks how adverse caregiving experiences and attachment security to (new) caregivers affect early- and mid-latency ERPs sensitive to facial familiarity processing. Therefore, pre-school aged foster children during their second year within the foster home were compared to an age matched control group. Attachment was assessed using the AQS and neurophysiological data was collected during a passive viewing task presenting (foster) mother and stranger faces. Foster children were comparable to the control group with regard to attachment security. On a neurophysiological level, however, the foster group showed dampened N170 amplitudes for both face types. In both foster and control children, dampened N170 amplitudes were also found for stranger as compared to (foster) mother faces, and, for insecurely attached children as compared to securely attached children. This neural pattern may be viewed as a result of poorer social interactions earlier in life. Still, there was no effect on P1 amplitudes. Indicating heightened attentional processing, Nc amplitude responses to stranger faces were found to be enhanced in foster as compared to control children. Also, insecurely attached children allocated more attentional resources for the neural processing of mother faces. The study further confirms that early brain development is highly sensitive to the quality of caregiving. The findings are also relevant from a developmental perspective as miswiring of neural circuits may possibly play a critical role in children's psycho-social adjustment.

Efficiently hiding sensitive itemsets with transaction deletion based on genetic algorithms.

PubMed

Lin, Chun-Wei; Zhang, Binbin; Yang, Kuo-Tung; Hong, Tzung-Pei

2014-01-01

Data mining is used to mine meaningful and useful information or knowledge from a very large database. Some secure or private information can be discovered by data mining techniques, thus resulting in an inherent risk of threats to privacy. Privacy-preserving data mining (PPDM) has thus arisen in recent years to sanitize the original database for hiding sensitive information, which can be concerned as an NP-hard problem in sanitization process. In this paper, a compact prelarge GA-based (cpGA2DT) algorithm to delete transactions for hiding sensitive itemsets is thus proposed. It solves the limitations of the evolutionary process by adopting both the compact GA-based (cGA) mechanism and the prelarge concept. A flexible fitness function with three adjustable weights is thus designed to find the appropriate transactions to be deleted in order to hide sensitive itemsets with minimal side effects of hiding failure, missing cost, and artificial cost. Experiments are conducted to show the performance of the proposed cpGA2DT algorithm compared to the simple GA-based (sGA2DT) algorithm and the greedy approach in terms of execution time and three side effects.

Priming states of mind can affect disclosure of threatening self-information: Effects of self-affirmation, mortality salience, and attachment orientations.

PubMed

Davis, Deborah; Soref, Assaf; Villalobos, J Guillermo; Mikulincer, Mario

2016-08-01

Interviewers often face respondents reluctant to disclose sensitive, embarrassing or potentially damaging information. We explored effects of priming 5 states of mind on willingness to disclose: including 2 expected to facilitate disclosure (self-affirmation, attachment security), and 3 expected to inhibit disclosure (self-disaffirmation, attachment insecurity, mortality salience). Israeli Jewish participants completed a survey including a manipulation of 1 of these states of mind, followed by questions concerning hostile thoughts and behaviors toward the Israeli Arab outgroup, past minor criminal behaviors, and socially undesirable traits and behaviors. Self-affirmation led to more disclosures of all undesirable behaviors than neutral priming, whereas self-disaffirmation led to less disclosures. Mortality salience led to fewer disclosures of socially undesirable and criminal behaviors compared to neutral priming, but more disclosures of hostile thoughts and behaviors toward Israeli Arabs. Security priming facilitated disclosure of hostile attitudes toward Israeli Arabs. However, neither security nor insecurity priming had any other significant effects. (PsycINFO Database Record (c) 2016 APA, all rights reserved).

Optical asymmetric image encryption using gyrator wavelet transform

NASA Astrophysics Data System (ADS)

Mehra, Isha; Nishchal, Naveen K.

2015-11-01

In this paper, we propose a new optical information processing tool termed as gyrator wavelet transform to secure a fully phase image, based on amplitude- and phase-truncation approach. The gyrator wavelet transform constitutes four basic parameters; gyrator transform order, type and level of mother wavelet, and position of different frequency bands. These parameters are used as encryption keys in addition to the random phase codes to the optical cryptosystem. This tool has also been applied for simultaneous compression and encryption of an image. The system's performance and its sensitivity to the encryption parameters, such as, gyrator transform order, and robustness has also been analyzed. It is expected that this tool will not only update current optical security systems, but may also shed some light on future developments. The computer simulation results demonstrate the abilities of the gyrator wavelet transform as an effective tool, which can be used in various optical information processing applications, including image encryption, and image compression. Also this tool can be applied for securing the color image, multispectral, and three-dimensional images.

Wireless Technology Infrastructures for Authentication of Patients: PKI that Rings

PubMed Central

Sax, Ulrich; Kohane, Isaac; Mandl, Kenneth D.

2005-01-01

As the public interest in consumer-driven electronic health care applications rises, so do concerns about the privacy and security of these applications. Achieving a balance between providing the necessary security while promoting user acceptance is a major obstacle in large-scale deployment of applications such as personal health records (PHRs). Robust and reliable forms of authentication are needed for PHRs, as the record will often contain sensitive and protected health information, including the patient's own annotations. Since the health care industry per se is unlikely to succeed at single-handedly developing and deploying a large scale, national authentication infrastructure, it makes sense to leverage existing hardware, software, and networks. This report proposes a new model for authentication of users to health care information applications, leveraging wireless mobile devices. Cell phones are widely distributed, have high user acceptance, and offer advanced security protocols. The authors propose harnessing this technology for the strong authentication of individuals by creating a registration authority and an authentication service, and examine the problems and promise of such a system. PMID:15684133

Wireless technology infrastructures for authentication of patients: PKI that rings.

PubMed

Sax, Ulrich; Kohane, Isaac; Mandl, Kenneth D

2005-01-01

As the public interest in consumer-driven electronic health care applications rises, so do concerns about the privacy and security of these applications. Achieving a balance between providing the necessary security while promoting user acceptance is a major obstacle in large-scale deployment of applications such as personal health records (PHRs). Robust and reliable forms of authentication are needed for PHRs, as the record will often contain sensitive and protected health information, including the patient's own annotations. Since the health care industry per se is unlikely to succeed at single-handedly developing and deploying a large scale, national authentication infrastructure, it makes sense to leverage existing hardware, software, and networks. This report proposes a new model for authentication of users to health care information applications, leveraging wireless mobile devices. Cell phones are widely distributed, have high user acceptance, and offer advanced security protocols. The authors propose harnessing this technology for the strong authentication of individuals by creating a registration authority and an authentication service, and examine the problems and promise of such a system.

Detection of total hip prostheses at airport security checkpoints: how has heightened security affected patients?

PubMed

Johnson, Aaron J; Naziri, Qais; Hooper, Hasan A; Mont, Michael A

2012-04-04

The sensitivity of airport security screening measures has increased substantially during the past decade, but few reports have examined how this affects patients who have undergone hip arthroplasty. The purpose of this study was to determine the experiences of patients who had hip prostheses and who passed through airport security screenings. A consecutive series of 250 patients who presented to the office of a high-volume surgeon were asked whether they had had a hip prosthesis for at least one year and, if so, whether they had flown on a commercial airline within the past year. Patients who responded affirmatively to both questions were asked to complete a written survey that included questions about which joint(s) had been replaced, the number of encounters with airport security, the frequency and location of metal detector activation, any additional screening procedures that were utilized, whether security officials requested documentation regarding the prosthesis, the degree of inconvenience, and other relevant information. Of the 143 patients with hip replacements who traveled by air, 120 (84%) reported triggering the alarm and required wanding with a handheld detector. Twenty-five of these patients reported subsequently having to undergo further inspection, including additional wanding, being patted down, and in two cases having to undress in a private room to show the incision. Ninety-nine (69%) of the 143 patients reported that the prosthetic joint caused an inconvenience while traveling. This study provides interesting and critical information that allows physicians to understand the real-world implications of implanted orthopaedic devices for patients who are traveling where there has been heightened security since September 11, 2001. Patients should be counseled that they should expect delays and be prepared for such inconveniences, but that these are often only momentary. This information could relieve some anxiety and concerns that patients may have prior to traveling.

Caregiver Sensitivity, Contingent Social Responsiveness, and Secure Infant Attachment

ERIC Educational Resources Information Center

Dunst, Carl J.; Kassow, Danielle Z.

2008-01-01

Findings from two research syntheses of the relationship between caregiver sensitivity and secure infant attachment and one research synthesis of factors associated with increased caregiver use of a sensitive interactional style are presented. The main focus of analysis was the extent to which different measures of caregiver contingent social…

'Haven of safety' and 'secure base': a qualitative inquiry into factors affecting child attachment security in Nairobi, Kenya.

PubMed

Polkovnikova-Wamoto, Anastasia; Mathai, Muthoni; Stoep, Ann Vander; Kumar, Manasi

2016-01-01

Secure attachment in childhood and adolescence protects children from engagement in high risk behaviors and development of mental health problems over the life span. Poverty has been shown to create impoverishment in certain aspects of caregiving and correspondingly to compromise development of secure attachment in children. Nineteen children 8 to 14 years old from two schools in a middle income area and an urban informal settlement area of Nairobi were interviewed using an adapted Child Attachment Interview (CAI) protocol. CAI was developed to provide a glimpse into the 'meta-theories' children have about themselves, parents, parenting and their attachment ties with parents and extended family members. Narratives obtained with the CAI were analyzed using thematic analysis. Both Bowlby's idea of 'secure base' as well as Bronfrenbrenner's 'ecological niche' are used as reference points to situate child attachment and parenting practices in the larger Kenyan context. We found that with slight linguistic alterations CAI can be used to assess attachment security of Kenyan children in this particular age range. We also found that the narration ability in both groups of children was generally good such that formal coding was possible, despite cultural differences. Our analysis suggested differences in narrative quality across the children from middle class and lower socio-economic class schools on specific themes such as: sensitivity of parenting (main aspects of sensitivity were associated with disciplinary methods and child's access to education), birth order , parental emotional availability , and severity of inter-parental conflicts and child's level of exposure. The paper puts in context a few cultural practices such as greater household responsibility accorded to the eldest child and stern to harsh disciplinary methods adopted by parents in the Kenyan setting.

Attacks on practical quantum key distribution systems (and how to prevent them)

NASA Astrophysics Data System (ADS)

Jain, Nitin; Stiller, Birgit; Khan, Imran; Elser, Dominique; Marquardt, Christoph; Leuchs, Gerd

2016-07-01

With the emergence of an information society, the idea of protecting sensitive data is steadily gaining importance. Conventional encryption methods may not be sufficient to guarantee data protection in the future. Quantum key distribution (QKD) is an emerging technology that exploits fundamental physical properties to guarantee perfect security in theory. However, it is not easy to ensure in practice that the implementations of QKD systems are exactly in line with the theoretical specifications. Such theory-practice deviations can open loopholes and compromise security. Several such loopholes have been discovered and investigated in the last decade. These activities have motivated the proposal and implementation of appropriate countermeasures, thereby preventing future attacks and enhancing the practical security of QKD. This article introduces the so-called field of quantum hacking by summarising a variety of attacks and their prevention mechanisms.

An authenticated image encryption scheme based on chaotic maps and memory cellular automata

NASA Astrophysics Data System (ADS)

Bakhshandeh, Atieh; Eslami, Ziba

2013-06-01

This paper introduces a new image encryption scheme based on chaotic maps, cellular automata and permutation-diffusion architecture. In the permutation phase, a piecewise linear chaotic map is utilized to confuse the plain-image and in the diffusion phase, we employ the Logistic map as well as a reversible memory cellular automata to obtain an efficient and secure cryptosystem. The proposed method admits advantages such as highly secure diffusion mechanism, computational efficiency and ease of implementation. A novel property of the proposed scheme is its authentication ability which can detect whether the image is tampered during the transmission or not. This is particularly important in applications where image data or part of it contains highly sensitive information. Results of various analyses manifest high security of this new method and its capability for practical image encryption.

IMIRSEL: a secure music retrieval testing environment

NASA Astrophysics Data System (ADS)

Downie, John S.

2004-10-01

The Music Information Retrieval (MIR) and Music Digital Library (MDL) research communities have long noted the need for formal evaluation mechanisms. Issues concerning the unavailability of freely-available music materials have greatly hindered the creation of standardized test collections with which these communities could scientifically assess the strengths and weaknesses of their various music retrieval techniques. The International Music Information Retrieval Systems Evaluation Laboratory (IMIRSEL) is being developed at the University of Illinois at Urbana-Champaign (UIUC) specifically to overcome this hindrance to the scientific evaluation of MIR/MDL systems. Together with its subsidiary Human Use of Music Information Retrieval Systems (HUMIRS) project, IMIRSEL will allow MIR/MDL researchers access to the standardized large-scale collection of copyright-sensitive music materials and standardized test queries being housed at UIUC's National Center for Supercomputing Applications (NCSA). Virtual Research Labs (VRL), based upon NCSA's Data-to-Knowledge (D2K) tool set, are being developed through which MIR/MDL researchers will interact with the music materials under a "trusted code" security model.

Secure steganography designed for mobile platforms

NASA Astrophysics Data System (ADS)

Agaian, Sos S.; Cherukuri, Ravindranath; Sifuentes, Ronnie R.

2006-05-01

Adaptive steganography, an intelligent approach to message hiding, integrated with matrix encoding and pn-sequences serves as a promising resolution to recent security assurance concerns. Incorporating the above data hiding concepts with established cryptographic protocols in wireless communication would greatly increase the security and privacy of transmitting sensitive information. We present an algorithm which will address the following problems: 1) low embedding capacity in mobile devices due to fixed image dimensions and memory constraints, 2) compatibility between mobile and land based desktop computers, and 3) detection of stego images by widely available steganalysis software [1-3]. Consistent with the smaller available memory, processor capabilities, and limited resolution associated with mobile devices, we propose a more magnified approach to steganography by focusing adaptive efforts at the pixel level. This deeper method, in comparison to the block processing techniques commonly found in existing adaptive methods, allows an increase in capacity while still offering a desired level of security. Based on computer simulations using high resolution, natural imagery and mobile device captured images, comparisons show that the proposed method securely allows an increased amount of embedding capacity but still avoids detection by varying steganalysis techniques.

Robust ECC-based authenticated key agreement scheme with privacy protection for Telecare medicine information systems.

PubMed

Zhang, Liping; Zhu, Shaohui

2015-05-01

To protect the transmission of the sensitive medical data, a secure and efficient authenticated key agreement scheme should be deployed when the healthcare delivery session is established via Telecare Medicine Information Systems (TMIS) over the unsecure public network. Recently, Islam and Khan proposed an authenticated key agreement scheme using elliptic curve cryptography for TMIS. They claimed that their proposed scheme is provably secure against various attacks in random oracle model and enjoys some good properties such as user anonymity. In this paper, however, we point out that any legal but malicious patient can reveal other user's identity. Consequently, their scheme suffers from server spoofing attack and off-line password guessing attack. Moreover, if the malicious patient performs the same time of the registration as other users, she can further launch the impersonation attack, man-in-the-middle attack, modification attack, replay attack, and strong replay attack successfully. To eliminate these weaknesses, we propose an improved ECC-based authenticated key agreement scheme. Security analysis demonstrates that the proposed scheme can resist various attacks and enables the patient to enjoy the remote healthcare services with privacy protection. Through the performance evaluation, we show that the proposed scheme achieves a desired balance between security and performance in comparisons with other related schemes.

Increasing operational command and control security by the implementation of device independent quantum key distribution

NASA Astrophysics Data System (ADS)

Bovino, Fabio Antonio; Messina, Angelo

2016-10-01

In a very simplistic way, the Command and Control functions can be summarized as the need to provide the decision makers with an exhaustive, real-time, situation picture and the capability to convey their decisions down to the operational forces. This two-ways data and information flow is vital to the execution of current operations and goes far beyond the border of military operations stretching to Police and disaster recovery as well. The availability of off-the shelf technology has enabled hostile elements to endanger the security of the communication networks by violating the traditional security protocols and devices and hacking sensitive databases. In this paper an innovative approach based to implementing Device Independent Quantum Key Distribution system is presented. The use of this technology would prevent security breaches due to a stolen crypto device placed in an end-to-end communication chain. The system, operating with attenuated laser, is practical and provides the increasing of the distance between the legitimate users.

Human detection in sensitive security areas through recognition of omega shapes using MACH filters

NASA Astrophysics Data System (ADS)

Rehman, Saad; Riaz, Farhan; Hassan, Ali; Liaquat, Muwahida; Young, Rupert

2015-03-01

Human detection has gained considerable importance in aggravated security scenarios over recent times. An effective security application relies strongly on detailed information regarding the scene under consideration. A larger accumulation of humans than the number of personal authorized to visit a security controlled area must be effectively detected, amicably alarmed and immediately monitored. A framework involving a novel combination of some existing techniques allows an immediate detection of an undesirable crowd in a region under observation. Frame differencing provides a clear visibility of moving objects while highlighting those objects in each frame acquired by a real time camera. Training of a correlation pattern recognition based filter on desired shapes such as elliptical representations of human faces (variants of an Omega Shape) yields correct detections. The inherent ability of correlation pattern recognition filters caters for angular rotations in the target object and renders decision regarding the existence of the number of persons exceeding an allowed figure in the monitored area.

New Authentication Scheme for Wireless Body Area Networks Using the Bilinear Pairing.

PubMed

Wang, Chunzhi; Zhang, Yanmei

2015-11-01

Due to the development of information technologies and network technologies, healthcare systems have been employed in many countries. As an important part of healthcare systems, the wireless body area network (WBAN) could bring convenience to both patients and physicians because it could help physicians to monitor patients' physiological values remotely. It is essential to ensure secure communication in WBANs because patients' physiological values are very sensitive. Recently, Liu et al. proposed an efficient authentication scheme for WBANs. Unfortunately, Zhao pointed out that their scheme suffered from the stolen verifier-table attack. To improve security and efficiency, Zhao proposed an anonymous authentication scheme for WBANs. However, Zhao's scheme cannot provide real anonymity because the users' pseudo identities are constant value and the attack could tract the users. In this paper, we propose a new anonymous authentication scheme for WBANs. Security analysis shows that the proposed scheme could overcome weaknesses in previous scheme. We also use the BAN logic to demonstrate the security of the proposed scheme.

Data to DecisionsTerminate, Tolerate, Transfer, or Treat

DTIC Science & Technology

2016-07-25

and patching, a risk-based cyber - security decision model that enables a pre- dictive capability to respond to impending cyber -attacks is needed...States. This sensitive data includes business proprietary information on key programs of record and infrastructure, including government documents at...leverage nationally. The Institute for Defense Analyses (IDA) assisted the DoD CIO in formalizing a proof of concept for cyber initiatives and

Information accountability and usability: are there any connections?

PubMed

Sahama, Tony; Kushniruk, Andre; Kuwata, Shigeki

2013-01-01

Availability of health information is rapidly increasing and the expansion and proliferation of health information is inevitable. The Electronic Healthcare Record, Electronic Medical Record and Personal Health Record are at the core of this trend and are required for appropriate and practicable exchange and sharing of health information. However, it is becoming increasingly recognized that it is essential to preserve patient privacy and information security when utilising sensitive information for clinical, management and administrative processes. Furthermore, the usability of emerging healthcare applications is also becoming a growing concern. This paper proposes a novel approach for integrating consideration of information accountability with a perspective from usability engineering that can be applied when developing healthcare information technology applications. A social networking user case in the healthcare information exchange will be presented in the context of our approach.

An investigative analysis of information assurance issues associated with the GIG's P&P architecture

NASA Astrophysics Data System (ADS)

Farroha, B. S.; Cole, R. G.; Farroha, D. L.; DeSimone, A.

2007-04-01

The Global Information Grid (GIG) is a collection of systems, programs and initiatives aimed at building a secure network and set of information capabilities modeled after the Internet. The GIG is expected to facilitate DoD's transformation by allowing warfighters, policy makers and support personnel to engage in rapid decision making. The roadmap is designed to take advantage of converged services of voice, data, video, and imagery over common data links. The vision is to have commanders identify threats more effectively, make informed decisions, and respond with greater precision and lethality. The information advantage gained through the GIG and network-centric warfare (NCW) allows a warfighting force to achieve dramatically improved information positions, in the form of common operational pictures that provide the basis for shared situational awareness and knowledge, and a resulting increase in combat power. The GIG Precedence and Preemption (P&P) requirements stem from the need to utilize scarce resources at critical times in the most effective way in support of national security, the intelligence community and the war-fighter. Information Assurance (IA) enables all information and data to be available end-to-end to support any mission without delay in accordance to the sensitivity of the task. Together, P&P and IA ensure data availability integrity, authentication, confidentiality, and non-repudiation. This study addresses and analyzes the QoS and P & P requirements and architecture for the GIG. Threat scenarios are presented and used to evaluate the reference architectures. The goal of the study is to assess the Information Assurance concerns associated with implementing Precedence and Preemption within the GIG and to guarantee an acceptable minimum level of security and protection for DoD networks.

Fuzzy portfolio model with fuzzy-input return rates and fuzzy-output proportions

NASA Astrophysics Data System (ADS)

Tsaur, Ruey-Chyn

2015-02-01

In the finance market, a short-term investment strategy is usually applied in portfolio selection in order to reduce investment risk; however, the economy is uncertain and the investment period is short. Further, an investor has incomplete information for selecting a portfolio with crisp proportions for each chosen security. In this paper we present a new method of constructing fuzzy portfolio model for the parameters of fuzzy-input return rates and fuzzy-output proportions, based on possibilistic mean-standard deviation models. Furthermore, we consider both excess or shortage of investment in different economic periods by using fuzzy constraint for the sum of the fuzzy proportions, and we also refer to risks of securities investment and vagueness of incomplete information during the period of depression economics for the portfolio selection. Finally, we present a numerical example of a portfolio selection problem to illustrate the proposed model and a sensitivity analysis is realised based on the results.

Collaborative eHealth Meets Security: Privacy-Enhancing Patient Profile Management.

PubMed

Sanchez-Guerrero, Rosa; Mendoza, Florina Almenarez; Diaz-Sanchez, Daniel; Cabarcos, Patricia Arias; Lopez, Andres Marin

2017-11-01

Collaborative healthcare environments offer potential benefits, including enhancing the healthcare quality delivered to patients and reducing costs. As a direct consequence, sharing of electronic health records (EHRs) among healthcare providers has experienced a noteworthy growth in the last years, since it enables physicians to remotely monitor patients' health and enables individuals to manage their own health data more easily. However, these scenarios face significant challenges regarding security and privacy of the extremely sensitive information contained in EHRs. Thus, a flexible, efficient, and standards-based solution is indispensable to guarantee selective identity information disclosure and preserve patient's privacy. We propose a privacy-aware profile management approach that empowers the patient role, enabling him to bring together various healthcare providers as well as user-generated claims into an unique credential. User profiles are represented through an adaptive Merkle Tree, for which we formalize the underlying mathematical model. Furthermore, performance of the proposed solution is empirically validated through simulation experiments.

A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

ERIC Educational Resources Information Center

Francois, Michael T.

2016-01-01

Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

Practices in security and confidentiality of HIV/AIDS patients’ information: A national survey among staff at HIV outpatient clinics in Vietnam

PubMed Central

Khac Hai, Nguyen; Lawpoolsri, Saranath; Jittamala, Podjanee; Thi Thu Huong, Phan

2017-01-01

Introduction Breach of confidentiality or invasion of privacy from the collection and use of medical records, particularly those of patients with HIV/AIDS or other diseases sensitive to stigmatization, should be prevented by all related stakeholders in healthcare settings. The main focus of this study was to assess practices regarding security and confidentiality of HIV-related information among staff at HIV outpatient clinics (HIV-OPCs) in Vietnam. Methods A descriptive cross-sectional study was conducted at all 312 HIV-OPCs across the country using an online survey technique. Results In general, the staff practices for securing and protecting patient information were at acceptable levels. Most staff had proper measures and practices for maintaining data security; however, the protection of patient confidentiality, particularly for data access, sharing, and transfer still required improvement. Most HIV-OPC staff had good or moderate knowledge and positive perceptions towards security and confidentiality issues. Staff who were not trained in the practice of security measures differed significantly from those who were trained (OR: 3.74; 95%CI: 1.44–9.67); staff needing improved knowledge levels differed significantly from those with good (OR: 5.20; 95%CI: 2.39–11.32) and moderate knowledge levels (OR: 5.10; 95%CI: 2.36–11.00); and staff needing improved perception levels differed significantly from those with good (i.e., with 100% proper practices) and moderate perception levels (OR: 5.67; 95%CI: 2.93–10.95). Staff who were not trained in the protection of data confidentiality differed significantly from those who were trained (OR: 2.18; 95%CI: 1.29–3.65). Conclusions Training is an important factor to help raise the levels of proper practices regarding confidentiality and security, to improve knowledge and raise awareness about change among staff. The operation and management of HIV treatment and care in Vietnam are currently transitioning from separate healthcare clinics (HIV-OPC) into units integrated into general hospitals/healthcare facilities. The findings of this study highlight topics that could be used for improving management and operation of information system and revising guidelines and regulations on protection measures/strategies for data security and confidentiality of HIV/AIDS patients by Vietnam health authorities or other countries facing similar situations. Secure infrastructure and secure measures for data access and use are very important, worthwhile investments. The provision of continuous training and active enforcement and monitoring of the practices of healthcare personnel might lead to an improved understanding and acknowledegement of the importance of national policies/guidelines regarding HIV-related patient information. PMID:29136017

The Shaping of Managers' Security Objectives through Information Security Awareness Training

ERIC Educational Resources Information Center

Harris, Mark A.

2010-01-01

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

How Does Microanalysis of Mother-Infant Communication Inform Maternal Sensitivity and Infant Attachment?

PubMed Central

Beebe, Beatrice; Steele, Miriam

2013-01-01

Microanalysis research on 4-month mother-infant face-to-face communication operates like a “social microscope” and identifies aspects of maternal sensitivity and the origins of attachment with a more detailed lens. We hope to enhance a dialogue between these two paradigms, microanalysis of mother-infant communication and maternal sensitivity and emerging working models of attachment. The prediction of infant attachment from microanalytic approaches and their contribution to concepts of maternal sensitivity are described. We summarize aspects of one microanalytic study by Beebe and colleagues (2010) that documents new communication patterns between mothers and infants at 4 months that predict future disorganized (vs. secure) attachment. The microanalysis approach opens up a new window on the details of the micro-processes of face-to-face communication. It provides a new, rich set of behaviors with which to extend our understanding of the origins of infant attachment and of maternal sensitivity. PMID:24299136

How does microanalysis of mother-infant communication inform maternal sensitivity and infant attachment?

PubMed

Beebe, Beatrice; Steele, Miriam

2013-01-01

Microanalysis research on 4-month infant-mother face-to-face communication operates like a "social microscope" and identifies aspects of maternal sensitivity and the origins of attachment with a more detailed lens. We hope to enhance a dialogue between these two paradigms, microanalysis of mother-infant communication and maternal sensitivity and emerging working models of attachment. The prediction of infant attachment from microanalytic approaches and their contribution to concepts of maternal sensitivity are described. We summarize aspects of one microanalytic study by Beebe and colleagues published in 2010 that documents new communication patterns between mothers and infants at 4 months that predict future disorganized (vs. secure) attachment. The microanalysis approach opens up a new window on the details of the micro-processes of face-to-face communication. It provides a new, rich set of behaviors with which to extend our understanding of the origins of infant attachment and of maternal sensitivity.

Enhancing maternal sensitivity and infant attachment security with video feedback: an exploratory study in Italy.

PubMed

Cassibba, Rosalinda; Castoro, Germana; Costantino, Elisabetta; Sette, Giovanna; Van Ijzendoorn, Marinus H

2015-01-01

This study aims to explore whether a short-term and attachment-based video-feedback intervention, the Video-Feedback Intervention to Promote Positive Parenting With Discussions on the Representational Level (VIPP-R; F. Juffer, M.J. Bakermans-Kranenburg, & M.H. van IJzendoorn, 2008), might be effective in enhancing maternal sensitivity and in promoting infants' attachment security in an Italian sample of dyads with primiparous mothers. Moreover, we explore whether the effectiveness of VIPP-R might be different for parents with insecure attachment representations who might be most in need of preventive intervention, as compared to parents who already have a more balanced and secure state of mind. Thirty-two infants (40% female) and their mothers participated in the study. The sample was divided into an intervention group (n = 16) and a comparison group (n = 16). At 6 and 13 months of age, the Adult Attachment Interview (AAI; M. Main, N. Kaplan, & J. Cassidy, 1985) was administered. Moreover, a 30-min mother-infant play situation was videotaped and coded for maternal sensitivity with the Emotional Availability Scales (Z. Biringen, J. Robinson, & R.N. Emde, 2000). At 13 months of age, the Strange Situation Procedure (M.D.S. Ainsworth, M.D. Blehar, E. Waters, & S. Wall, 1978) was used to assess the security of mother-infant attachment. Results revealed a significant interaction effect between intervention and AAI security for infant attachment security; moreover, main effects of AAI security and intervention for maternal sensitivity were found. The VIPP-R appears effective in enhancing maternal sensitivity and infant attachment security, although only mothers with an insecure attachment representation may benefit from the intervention. © 2014 Michigan Association for Infant Mental Health.

Secure and Efficient k-NN Queries⋆

PubMed Central

Asif, Hafiz; Vaidya, Jaideep; Shafiq, Basit; Adam, Nabil

2017-01-01

Given the morass of available data, ranking and best match queries are often used to find records of interest. As such, k-NN queries, which give the k closest matches to a query point, are of particular interest, and have many applications. We study this problem in the context of the financial sector, wherein an investment portfolio database is queried for matching portfolios. Given the sensitivity of the information involved, our key contribution is to develop a secure k-NN computation protocol that can enable the computation k-NN queries in a distributed multi-party environment while taking domain semantics into account. The experimental results show that the proposed protocols are extremely efficient. PMID:29218333

A layered trust information security architecture.

PubMed

de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

2014-12-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

77 FR 12623 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National... Information Security Oversight Office no later than Friday, March 16, 2012. The Information Security Oversight... FURTHER INFORMATION CONTACT: David O. Best, Senior Program Analyst, The Information Security Oversight...

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

75 FR 49943 - New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-16

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY: Transportation... INFORMATION CONTACT: Joanna Johnson, Office of Information Technology, TSA-11, Transportation Security...

Autonomous Information Unit: Why Making Data Smart Can also Make Data Secured?

NASA Technical Reports Server (NTRS)

Chow, Edward T.

2006-01-01

In this paper, we introduce a new fine-grain distributed information protection mechanism which can self-protect, self-discover, self-organize, and self-manage. In our approach, we decompose data into smaller pieces and provide individualized protection. We also provide a policy control mechanism to allow 'smart' access control and context based re-assembly of the decomposed data. By combining smart policy with individually protected data, we are able to provide better protection of sensitive information and achieve more flexible access during emergency conditions. As a result, this new fine-grain protection mechanism can enable us to achieve better solutions for problems such as distributed information protection and identity theft.

Breastfeeding and its relation to maternal sensitivity and infant attachment.

PubMed

Tharner, Anne; Luijk, Maartje P C M; Raat, Hein; Ijzendoorn, Marinus H; Bakermans-Kranenburg, Marian J; Moll, Henriette A; Jaddoe, Vincent W V; Hofman, Albert; Verhulst, Frank C; Tiemeier, Henning

2012-06-01

To examine the association of breastfeeding with maternal sensitive responsiveness and infant-mother attachment security and disorganization. We included 675 participants of a prospective cohort study. Questionnaires about breastfeeding practices were administered at 2 and 6 months postpartum. At 14 months, maternal sensitive responsiveness was assessed in a 13-minute laboratory procedure using Ainsworth's sensitivity scales, and attachment quality was assessed with the Strange Situation Procedure. Mothers were genotyped for oxytocin receptor genes OXTR rs53576 and OXTR rs2254298. Linear regressions and analyses of covariance adjusted for various background variables were conducted. We tested for mediation and moderation by maternal sensitive responsiveness and maternal oxytocin receptor genotype. Continuous analyses showed that longer duration of breastfeeding was associated with more maternal sensitive responsiveness (B = 0.11, 95% confidence interval [CI] 0.02; 0.20, p < .05), more attachment security (B = 0.24, 95% CI = 0.02; 0.46, p < .05), and less attachment disorganization (B = -0.20, 95% CI -0.36; -0.03, p < .05). Duration of breastfeeding was not related to the risk of insecure-avoidant or insecure-resistant versus secure attachment classification, but longer duration of breastfeeding predicted a lower risk of disorganized versus secure attachment classification (n = 151; odds ratio [OR] = 0.81, 95% CI 0.66 to 0.99, p = .04). Maternal sensitive responsiveness did not mediate the associations, and maternal oxytocin receptor genotype was not a significant moderator. Although duration of breastfeeding was not associated with differences in infant-mother attachment classifications, we found subtle positive associations between duration of breastfeeding and sensitive responsiveness, attachment security, and disorganization.

[Application of classified protection of information security in the information system of air pollution and health impact monitoring].

PubMed

Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

2018-01-01

To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

14 CFR 1203.201 - Information security objectives.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

14 CFR 1203.201 - Information security objectives.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

Systems Security Engineering

DTIC Science & Technology

2010-08-22

Commission (IEC). “Information technology — Security techniques — Code of practice for information security management ( ISO /IEC 27002 ...Information technology — Security techniques — Information security management systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security...was a draft ISO standard on Systems and software engineering, Systems and software assurance [18]. Created by systems engineers for systems

Secure and Trustable Electronic Medical Records Sharing using Blockchain.

PubMed

Dubovitskaya, Alevtina; Xu, Zhigang; Ryu, Samuel; Schumacher, Michael; Wang, Fusheng

2017-01-01

Electronic medical records (EMRs) are critical, highly sensitive private information in healthcare, and need to be frequently shared among peers. Blockchain provides a shared, immutable and transparent history of all the transactions to build applications with trust, accountability and transparency. This provides a unique opportunity to develop a secure and trustable EMR data management and sharing system using blockchain. In this paper, we present our perspectives on blockchain based healthcare data management, in particular, for EMR data sharing between healthcare providers and for research studies. We propose a framework on managing and sharing EMR data for cancer patient care. In collaboration with Stony Brook University Hospital, we implemented our framework in a prototype that ensures privacy, security, availability, and fine-grained access control over EMR data. The proposed work can significantly reduce the turnaround time for EMR sharing, improve decision making for medical care, and reduce the overall cost.

Secure and Trustable Electronic Medical Records Sharing using Blockchain

PubMed Central

Dubovitskaya, Alevtina; Xu, Zhigang; Ryu, Samuel; Schumacher, Michael; Wang, Fusheng

2017-01-01

Electronic medical records (EMRs) are critical, highly sensitive private information in healthcare, and need to be frequently shared among peers. Blockchain provides a shared, immutable and transparent history of all the transactions to build applications with trust, accountability and transparency. This provides a unique opportunity to develop a secure and trustable EMR data management and sharing system using blockchain. In this paper, we present our perspectives on blockchain based healthcare data management, in particular, for EMR data sharing between healthcare providers and for research studies. We propose a framework on managing and sharing EMR data for cancer patient care. In collaboration with Stony Brook University Hospital, we implemented our framework in a prototype that ensures privacy, security, availability, and fine-grained access control over EMR data. The proposed work can significantly reduce the turnaround time for EMR sharing, improve decision making for medical care, and reduce the overall cost. PMID:29854130

Employment among Social Security disability program beneficiaries, 1996-2007.

PubMed

Mamun, Arif; O'Leary, Paul; Wittenburg, David C; Gregory, Jesse

2011-01-01

We use linked administrative data from program and earnings records to summarize the 2007 employment rates of Social Security disability program beneficiaries at the national and state levels, as well as changes in employment since 1996. The findings provide new information on the employment activities of beneficiaries that should be useful in assessing current agency policies and providing benchmarks for ongoing demonstration projects and future return-to-work initiatives. The overall employment rate--which we define as annual earnings over $1,000--was 12 percent in 2007. Substantial variation exists within the population. Disability Insurance beneficiaries and those younger than age 40 were much more likely to work relative to other Social Security beneficiaries. Additionally, substantial regional variation exists across states; employment rates ranged from 7 percent (West Virginia) to 23 percent (North Dakota). Moreover, we find that the employment rates among beneficiaries were sensitive to the business cycle and persistent over time.

Direct and indirect effects of contextual factors, caregiver depression, and parenting on attachment security in preschoolers.

PubMed

Hopkins, Joyce; Gouze, Karen R; Lavigne, John V

2013-01-01

The aim of this study was to develop a multiple-level-of-analysis model of preschool attachment security and to determine the processes (direct and indirect) whereby factors from different domains (e.g., stress and parenting) are related to attachment during this period. This study examined the direct and indirect effects of stress, family conflict, caregiver depression symptoms, and parenting on attachment security in a large (N = 796) and diverse sample of 4-year-olds. This study used the 3-Boxes Task to assess aspects of parenting critical to sensitivity in the preschool period, labeling this construct sensitivity/scaffolding. Parent-report questionnaires were used to assess stress, conflict, caregiver depressive symptoms, parent support/engagement, and parent hostility/coercion. Direct observation (3-Boxes Task) was used to assess sensitivity/scaffolding and attachment (Attachment Q-Sort) based on a 2½-3 hour home visit. Results of structural equation modeling indicated a good overall fit for the model. Among the parenting variables, sensitivity/scaffolding had the strongest effect on attachment. Depressive symptoms had both direct and indirect effects (mediated by parenting). The effects of stress and family conflict were mediated by caregiver depression symptoms and parenting. These data show that a developmentally appropriate measure of sensitivity plays a significant role in attachment security in preschoolers. Thus, strategies designed to enhance sensitivity/scaffolding may increase child resilience by enhancing attachment security.

Infant attachment, adult attachment, and maternal sensitivity: revisiting the intergenerational transmission gap.

PubMed

Behrens, Kazuko Y; Haltigan, John D; Bahm, Naomi I Gribneau

2016-08-01

This study investigated the intergenerational transmission of attachment, utilizing the Adult Attachment Interview (AAI), the Strange Situation Procedure (SSP), and the Maternal Behavioral Q-Set (MBQS). We revisited fundamental questions in attachment theory and research by examining: (1) the level of intergenerational agreement between maternal attachment representations and infant attachment security, and (2) whether maternal sensitivity serves as an intergenerational mediator between adult and infant attachment security. Significant categorical matches between the AAI and the SSP as well as mean differences for MBQS scores between adult attachment secure-insecure groups were found. Consistent with earlier intergenerational research, maternal sensitivity only partially mediated the AAI-SSP link, indicating the transmission gap remains. Consistent with recent mediation studies, using more contemporary analytical techniques, it was confirmed that maternal sensitivity did mediate the direct pathway between AAI security and SSP security. Thus, the transmission gap appears somewhat different depending on the statistical method used to measure mediation. Post hoc analyses considered mothers' childhood experiences of separation/divorce and this helped make sense of intergenerational mismatches.

76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-15

...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

New Technologies and Emerging Threats: Personnel Security Adjudicative Guidelines in the Age of Social Networking

DTIC Science & Technology

2012-12-01

behavior unless it becomes criminal or involves the publishing of sensitive information. This means that malicious doxing, cyberbullying or other...workplace or background investigation realms, as well as the many forms of cyberbullying and malicious rumor-spreading online could be addressed. Doxing...None Sexually harass another person online None Engage in cyberbullying by using the Internet to send offensive, inappropriate verbal allack

MDA DS COI Spiral 3 - NOA, SILO and ABAC

DTIC Science & Technology

2009-06-01

agencies. The National Plan to Achieve MDA, a by-product of the Maritime Security Policy, established the national maritime common operating picture...information about vessels determined to be of interest by intelligence and operational organizations and is normally classified or highly sensitive. Exposing...makes it available to its users. For Spiral 3, the Coast Guard team, consisting of CG-26, the Operations Systems Center (OSC), and the Coast Guard

Information Leakage Analysis by Abstract Interpretation

NASA Astrophysics Data System (ADS)

Zanioli, Matteo; Cortesi, Agostino

Protecting the confidentiality of information stored in a computer system or transmitted over a public network is a relevant problem in computer security. The approach of information flow analysis involves performing a static analysis of the program with the aim of proving that there will not be leaks of sensitive information. In this paper we propose a new domain that combines variable dependency analysis, based on propositional formulas, and variables' value analysis, based on polyhedra. The resulting analysis is strictly more accurate than the state of the art abstract interpretation based analyses for information leakage detection. Its modular construction allows to deal with the tradeoff between efficiency and accuracy by tuning the granularity of the abstraction and the complexity of the abstract operators.

44 CFR 8.3 - Senior FEMA official responsible for the information security program.

Code of Federal Regulations, 2011 CFR

2011-10-01

... responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.3 Senior FEMA official responsible for the information security program. The Director of the Security...

75 FR 44800 - Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-29

... DEPARTMENT OF HOMELAND SECURITY Notice of Meeting of the Homeland Security Information Network... Security. ACTION: Notice of open meeting. SUMMARY: The Homeland Security Information Network Advisory... (Pub. L. 92-463). The mission of the Homeland Security Information Network Advisory Committee is to...

Systems Security Engineering

DTIC Science & Technology

2010-08-22

practice for information security management ( ISO /IEC 27002 ),” “Information technology — Security techniques — Information security management...systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security techniques — Information security risk management ( ISO /IEC 27005).” from...associated practice aids. Perhaps the most germane discovery from this effort was a draft ISO standard on Systems and software engineering, Systems and

12 CFR 605.501 - Information Security Officer.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 12 Banks and Banking 6 2011-01-01 2011-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

12 CFR 605.501 - Information Security Officer.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

A secure distributed logistic regression protocol for the detection of rare adverse drug events

PubMed Central

El Emam, Khaled; Samet, Saeed; Arbuckle, Luk; Tamblyn, Robyn; Earle, Craig; Kantarcioglu, Murat

2013-01-01

Background There is limited capacity to assess the comparative risks of medications after they enter the market. For rare adverse events, the pooling of data from multiple sources is necessary to have the power and sufficient population heterogeneity to detect differences in safety and effectiveness in genetic, ethnic and clinically defined subpopulations. However, combining datasets from different data custodians or jurisdictions to perform an analysis on the pooled data creates significant privacy concerns that would need to be addressed. Existing protocols for addressing these concerns can result in reduced analysis accuracy and can allow sensitive information to leak. Objective To develop a secure distributed multi-party computation protocol for logistic regression that provides strong privacy guarantees. Methods We developed a secure distributed logistic regression protocol using a single analysis center with multiple sites providing data. A theoretical security analysis demonstrates that the protocol is robust to plausible collusion attacks and does not allow the parties to gain new information from the data that are exchanged among them. The computational performance and accuracy of the protocol were evaluated on simulated datasets. Results The computational performance scales linearly as the dataset sizes increase. The addition of sites results in an exponential growth in computation time. However, for up to five sites, the time is still short and would not affect practical applications. The model parameters are the same as the results on pooled raw data analyzed in SAS, demonstrating high model accuracy. Conclusion The proposed protocol and prototype system would allow the development of logistic regression models in a secure manner without requiring the sharing of personal health information. This can alleviate one of the key barriers to the establishment of large-scale post-marketing surveillance programs. We extended the secure protocol to account for correlations among patients within sites through generalized estimating equations, and to accommodate other link functions by extending it to generalized linear models. PMID:22871397

A secure distributed logistic regression protocol for the detection of rare adverse drug events.

PubMed

El Emam, Khaled; Samet, Saeed; Arbuckle, Luk; Tamblyn, Robyn; Earle, Craig; Kantarcioglu, Murat

2013-05-01

There is limited capacity to assess the comparative risks of medications after they enter the market. For rare adverse events, the pooling of data from multiple sources is necessary to have the power and sufficient population heterogeneity to detect differences in safety and effectiveness in genetic, ethnic and clinically defined subpopulations. However, combining datasets from different data custodians or jurisdictions to perform an analysis on the pooled data creates significant privacy concerns that would need to be addressed. Existing protocols for addressing these concerns can result in reduced analysis accuracy and can allow sensitive information to leak. To develop a secure distributed multi-party computation protocol for logistic regression that provides strong privacy guarantees. We developed a secure distributed logistic regression protocol using a single analysis center with multiple sites providing data. A theoretical security analysis demonstrates that the protocol is robust to plausible collusion attacks and does not allow the parties to gain new information from the data that are exchanged among them. The computational performance and accuracy of the protocol were evaluated on simulated datasets. The computational performance scales linearly as the dataset sizes increase. The addition of sites results in an exponential growth in computation time. However, for up to five sites, the time is still short and would not affect practical applications. The model parameters are the same as the results on pooled raw data analyzed in SAS, demonstrating high model accuracy. The proposed protocol and prototype system would allow the development of logistic regression models in a secure manner without requiring the sharing of personal health information. This can alleviate one of the key barriers to the establishment of large-scale post-marketing surveillance programs. We extended the secure protocol to account for correlations among patients within sites through generalized estimating equations, and to accommodate other link functions by extending it to generalized linear models.

A Layered Trust Information Security Architecture

PubMed Central

de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

2014-01-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a... have access to matter revealing Secret or Confidential National Security Information or Restricted Data...

Implementing an Information Security Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to covermore » information security best practices, planning for an information security management system, and implementing security controls for information security.« less

The Use of BS7799 Information Security Standard to Construct Mechanisms for the Management of Medical Organization Information Security

NASA Astrophysics Data System (ADS)

Liu, Shu-Fan; Chueh, Hao-En; Liao, Kuo-Hsiung

According to surveys, 80 % of security related events threatening information in medical organizations is due to improper management. Most research on information security has focused on information and security technology, such as network security and access control; rarely addressing issues at the management issues. The main purpose of this study is to construct a BS7799 based mechanism for the management of information with regard to security as it applies to medical organizations. This study analyzes and identifies the most common events related to information security in medical organizations and categorizes these events as high-risk, transferable-risk, and controlled-risk to facilitate the management of such risk.

Physical cryptographic verification of nuclear warheads

PubMed Central

Kemp, R. Scott; Danagoulian, Areg; Macdonald, Ruaridh R.; Vavrek, Jayson R.

2016-01-01

How does one prove a claim about a highly sensitive object such as a nuclear weapon without revealing information about the object? This paradox has challenged nuclear arms control for more than five decades. We present a mechanism in the form of an interactive proof system that can validate the structure and composition of an object, such as a nuclear warhead, to arbitrary precision without revealing either its structure or composition. We introduce a tomographic method that simultaneously resolves both the geometric and isotopic makeup of an object. We also introduce a method of protecting information using a provably secure cryptographic hash that does not rely on electronics or software. These techniques, when combined with a suitable protocol, constitute an interactive proof system that could reject hoax items and clear authentic warheads with excellent sensitivity in reasonably short measurement times. PMID:27432959

Access Control Model for Sharing Composite Electronic Health Records

NASA Astrophysics Data System (ADS)

Jin, Jing; Ahn, Gail-Joon; Covington, Michael J.; Zhang, Xinwen

The adoption of electronically formatted medical records, so called Electronic Health Records (EHRs), has become extremely important in healthcare systems to enable the exchange of medical information among stakeholders. An EHR generally consists of data with different types and sensitivity degrees which must be selectively shared based on the need-to-know principle. Security mechanisms are required to guarantee that only authorized users have access to specific portions of such critical record for legitimate purposes. In this paper, we propose a novel approach for modelling access control scheme for composite EHRs. Our model formulates the semantics and structural composition of an EHR document, from which we introduce a notion of authorized zones of the composite EHR at different granularity levels, taking into consideration of several important criteria such as data types, intended purposes and information sensitivities.

Physical cryptographic verification of nuclear warheads

NASA Astrophysics Data System (ADS)

Kemp, R. Scott; Danagoulian, Areg; Macdonald, Ruaridh R.; Vavrek, Jayson R.

2016-08-01

How does one prove a claim about a highly sensitive object such as a nuclear weapon without revealing information about the object? This paradox has challenged nuclear arms control for more than five decades. We present a mechanism in the form of an interactive proof system that can validate the structure and composition of an object, such as a nuclear warhead, to arbitrary precision without revealing either its structure or composition. We introduce a tomographic method that simultaneously resolves both the geometric and isotopic makeup of an object. We also introduce a method of protecting information using a provably secure cryptographic hash that does not rely on electronics or software. These techniques, when combined with a suitable protocol, constitute an interactive proof system that could reject hoax items and clear authentic warheads with excellent sensitivity in reasonably short measurement times.

Physical cryptographic verification of nuclear warheads.

PubMed

Kemp, R Scott; Danagoulian, Areg; Macdonald, Ruaridh R; Vavrek, Jayson R

2016-08-02

How does one prove a claim about a highly sensitive object such as a nuclear weapon without revealing information about the object? This paradox has challenged nuclear arms control for more than five decades. We present a mechanism in the form of an interactive proof system that can validate the structure and composition of an object, such as a nuclear warhead, to arbitrary precision without revealing either its structure or composition. We introduce a tomographic method that simultaneously resolves both the geometric and isotopic makeup of an object. We also introduce a method of protecting information using a provably secure cryptographic hash that does not rely on electronics or software. These techniques, when combined with a suitable protocol, constitute an interactive proof system that could reject hoax items and clear authentic warheads with excellent sensitivity in reasonably short measurement times.

Perimeter security alarm system based on fiber Bragg grating

NASA Astrophysics Data System (ADS)

Zhang, Cui; Wang, Lixin

2010-11-01

With the development of the society and economy and the improvement of living standards, people need more and more pressing security. Perimeter security alarm system is widely regarded as the first line of defense. A highly sensitive Fiber Bragg grating (FBG) vibration sensor based on the theory of the string vibration, combined with neural network adaptive dynamic programming algorithm for the perimeter security alarm system make the detection intelligently. Intelligent information processing unit identify the true cause of the vibration of the invasion or the natural environment by analyzing the frequency of vibration signals, energy, amplitude and duration. Compared with traditional perimeter security alarm systems, such as infrared perimeter security system and electric fence system, FBG perimeter security alarm system takes outdoor passive structures, free of electromagnetic interference, transmission distance through optical fiber can be as long as 20 km It is able to detect the location of event within short period of time (high-speed response, less than 3 second).This system can locate the fiber cable's breaking sites and alarm automatically if the cable were be cut. And the system can prevent effectively the false alarm from small animals, birds, strong wind, scattering things, snowfalls and vibration of sensor line itself. It can also be integrated into other security systems. This system can be widely used in variety fields such as military bases, nuclear sites, airports, warehouses, prisons, residence community etc. It will be a new force of perimeter security technology.

Secure Data Aggregation with Fully Homomorphic Encryption in Large-Scale Wireless Sensor Networks.

PubMed

Li, Xing; Chen, Dexin; Li, Chunyan; Wang, Liangmin

2015-07-03

With the rapid development of wireless communication technology, sensor technology, information acquisition and processing technology, sensor networks will finally have a deep influence on all aspects of people's lives. The battery resources of sensor nodes should be managed efficiently in order to prolong network lifetime in large-scale wireless sensor networks (LWSNs). Data aggregation represents an important method to remove redundancy as well as unnecessary data transmission and hence cut down the energy used in communication. As sensor nodes are deployed in hostile environments, the security of the sensitive information such as confidentiality and integrity should be considered. This paper proposes Fully homomorphic Encryption based Secure data Aggregation (FESA) in LWSNs which can protect end-to-end data confidentiality and support arbitrary aggregation operations over encrypted data. In addition, by utilizing message authentication codes (MACs), this scheme can also verify data integrity during data aggregation and forwarding processes so that false data can be detected as early as possible. Although the FHE increase the computation overhead due to its large public key size, simulation results show that it is implementable in LWSNs and performs well. Compared with other protocols, the transmitted data and network overhead are reduced in our scheme.

Edge-Based Efficient Search over Encrypted Data Mobile Cloud Storage

PubMed Central

Liu, Fang; Cai, Zhiping; Xiao, Nong; Zhao, Ziming

2018-01-01

Smart sensor-equipped mobile devices sense, collect, and process data generated by the edge network to achieve intelligent control, but such mobile devices usually have limited storage and computing resources. Mobile cloud storage provides a promising solution owing to its rich storage resources, great accessibility, and low cost. But it also brings a risk of information leakage. The encryption of sensitive data is the basic step to resist the risk. However, deploying a high complexity encryption and decryption algorithm on mobile devices will greatly increase the burden of terminal operation and the difficulty to implement the necessary privacy protection algorithm. In this paper, we propose ENSURE (EfficieNt and SecURE), an efficient and secure encrypted search architecture over mobile cloud storage. ENSURE is inspired by edge computing. It allows mobile devices to offload the computation intensive task onto the edge server to achieve a high efficiency. Besides, to protect data security, it reduces the information acquisition of untrusted cloud by hiding the relevance between query keyword and search results from the cloud. Experiments on a real data set show that ENSURE reduces the computation time by 15% to 49% and saves the energy consumption by 38% to 69% per query. PMID:29652810

Edge-Based Efficient Search over Encrypted Data Mobile Cloud Storage.

PubMed

Guo, Yeting; Liu, Fang; Cai, Zhiping; Xiao, Nong; Zhao, Ziming

2018-04-13

Smart sensor-equipped mobile devices sense, collect, and process data generated by the edge network to achieve intelligent control, but such mobile devices usually have limited storage and computing resources. Mobile cloud storage provides a promising solution owing to its rich storage resources, great accessibility, and low cost. But it also brings a risk of information leakage. The encryption of sensitive data is the basic step to resist the risk. However, deploying a high complexity encryption and decryption algorithm on mobile devices will greatly increase the burden of terminal operation and the difficulty to implement the necessary privacy protection algorithm. In this paper, we propose ENSURE (EfficieNt and SecURE), an efficient and secure encrypted search architecture over mobile cloud storage. ENSURE is inspired by edge computing. It allows mobile devices to offload the computation intensive task onto the edge server to achieve a high efficiency. Besides, to protect data security, it reduces the information acquisition of untrusted cloud by hiding the relevance between query keyword and search results from the cloud. Experiments on a real data set show that ENSURE reduces the computation time by 15% to 49% and saves the energy consumption by 38% to 69% per query.

Is Seeing Believing? Training Users on Information Security: Evidence from Java Applets

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Figueroa, Norilyz

2017-01-01

Information Security issues are one of the top concerns of CEOs. Accordingly, information systems education and research have addressed security issues. One of the main areas of research is the behavioral issues in Information Security, primarily focusing on users' compliance to information security policies. We contribute to this literature by…

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Establishing Information Security Standards Table of Contents I. Introduction A. Scope B. Preservation of... Security Program B. Objectives III. Development and Implementation of Customer Information Security Program.... Introduction The Interagency Guidelines Establishing Information Security Standards (Guidelines) set forth...

76 FR 67750 - Homeland Security Information Network Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0107] Homeland Security Information Network... Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network Advisory Committee (HSINAC) is necessary and in the...

78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-04

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0005] Homeland Security Information Network... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet... received by the (Homeland Security Information Network Advisory Committee), go to http://www.regulations...

78 FR 34665 - Homeland Security Information Network Advisory Committee (HSINAC); Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-10

... DEPARTMENT OF HOMELAND SECURITY [DHS-2013-0037] Homeland Security Information Network Advisory... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSINAC) will meet... posted beforehand at this link: http://www.dhs.gov/homeland-security-information-network-advisory...

Design and develop a video conferencing framework for real-time telemedicine applications using secure group-based communication architecture.

PubMed

Mat Kiah, M L; Al-Bakri, S H; Zaidan, A A; Zaidan, B B; Hussain, Muzammil

2014-10-01

One of the applications of modern technology in telemedicine is video conferencing. An alternative to traveling to attend a conference or meeting, video conferencing is becoming increasingly popular among hospitals. By using this technology, doctors can help patients who are unable to physically visit hospitals. Video conferencing particularly benefits patients from rural areas, where good doctors are not always available. Telemedicine has proven to be a blessing to patients who have no access to the best treatment. A telemedicine system consists of customized hardware and software at two locations, namely, at the patient's and the doctor's end. In such cases, the video streams of the conferencing parties may contain highly sensitive information. Thus, real-time data security is one of the most important requirements when designing video conferencing systems. This study proposes a secure framework for video conferencing systems and a complete management solution for secure video conferencing groups. Java Media Framework Application Programming Interface classes are used to design and test the proposed secure framework. Real-time Transport Protocol over User Datagram Protocol is used to transmit the encrypted audio and video streams, and RSA and AES algorithms are used to provide the required security services. Results show that the encryption algorithm insignificantly increases the video conferencing computation time.

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

Security Shift in Future Network Architectures

DTIC Science & Technology

2010-11-01

RTO-MP-IST-091 2 - 1 Security Shift in Future Network Architectures Tim Hartog, M.Sc Information Security Dept. TNO Information and...current practice military communication infrastructures are deployed as stand-alone networked information systems. Network -Enabled Capabilities (NEC) and...information architects and security specialists about the separation of network and information security, the consequences of this shift and our view

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mahan, Robert E.; Fluckiger, Jerry D.; Clements, Samuel L.

This document was developed to provide guidance for the implementation of secure data transfer in a complex computational infrastructure representative of the electric power and oil and natural gas enterprises and the control systems they implement. For the past 20 years the cyber security community has focused on preventative measures intended to keep systems secure by providing a hard outer shell that is difficult to penetrate. Over time, the hard exterior, soft interior focus changed to focus on defense-in-depth adding multiple layers of protection, introducing intrusion detection systems, more effective incident response and cleanup, and many other security measures. Despitemore » much larger expenditures and more layers of defense, successful attacks have only increased in number and severity. Consequently, it is time to re-focus the conventional approach to cyber security. While it is still important to implement measures to keep intruders out, a new protection paradigm is warranted that is aimed at discovering attempted or real compromises as early as possible. Put simply, organizations should take as fact that they have been, are now, or will be compromised. These compromises may be intended to steal information for financial gain as in the theft of intellectual property or credentials that lead to the theft of financial resources, or to lie silent until instructed to cause physical or electronic damage and/or denial of services. This change in outlook has been recently confirmed by the National Security Agency [19]. The discovery of attempted and actual compromises requires an increased focus on monitoring events by manual and/or automated log monitoring, detecting unauthorized changes to a system's hardware and/or software, detecting intrusions, and/or discovering the exfiltration of sensitive information and/or attempts to send inappropriate commands to ICS/SCADA (Industrial Control System/Supervisory Control And Data Acquisition) systems.« less

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 4 2011-10-01 2011-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 4 2014-10-01 2014-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 4 2012-10-01 2012-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 4 2013-10-01 2013-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-23

... Office, --Update of NIST Computer Security Division, and --Information Security and Privacy Advisory... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

Distributed Noise Generation for Density Estimation Based Clustering without Trusted Third Party

NASA Astrophysics Data System (ADS)

Su, Chunhua; Bao, Feng; Zhou, Jianying; Takagi, Tsuyoshi; Sakurai, Kouichi

The rapid growth of the Internet provides people with tremendous opportunities for data collection, knowledge discovery and cooperative computation. However, it also brings the problem of sensitive information leakage. Both individuals and enterprises may suffer from the massive data collection and the information retrieval by distrusted parties. In this paper, we propose a privacy-preserving protocol for the distributed kernel density estimation-based clustering. Our scheme applies random data perturbation (RDP) technique and the verifiable secret sharing to solve the security problem of distributed kernel density estimation in [4] which assumed a mediate party to help in the computation.

HEALER: homomorphic computation of ExAct Logistic rEgRession for secure rare disease variants analysis in GWAS

PubMed Central

Wang, Shuang; Zhang, Yuchen; Dai, Wenrui; Lauter, Kristin; Kim, Miran; Tang, Yuzhe; Xiong, Hongkai; Jiang, Xiaoqian

2016-01-01

Motivation: Genome-wide association studies (GWAS) have been widely used in discovering the association between genotypes and phenotypes. Human genome data contain valuable but highly sensitive information. Unprotected disclosure of such information might put individual’s privacy at risk. It is important to protect human genome data. Exact logistic regression is a bias-reduction method based on a penalized likelihood to discover rare variants that are associated with disease susceptibility. We propose the HEALER framework to facilitate secure rare variants analysis with a small sample size. Results: We target at the algorithm design aiming at reducing the computational and storage costs to learn a homomorphic exact logistic regression model (i.e. evaluate P-values of coefficients), where the circuit depth is proportional to the logarithmic scale of data size. We evaluate the algorithm performance using rare Kawasaki Disease datasets. Availability and implementation: Download HEALER at http://research.ucsd-dbmi.org/HEALER/ Contact: shw070@ucsd.edu Supplementary information: Supplementary data are available at Bioinformatics online. PMID:26446135

Interpreting international governance standards for health IT use within general medical practice.

PubMed

Mahncke, Rachel J; Williams, Patricia A H

2014-01-01

General practices in Australia recognise the importance of comprehensive protective security measures. Some elements of information security governance are incorporated into recommended standards, however the governance component of information security is still insufficiently addressed in practice. The International Organistion for Standardisation (ISO) released a new global standard in May 2013 entitled, ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security. This standard, applicable to organisations of all sizes, offers a framework against which to assess and implement the governance components of information security. The standard demonstrates the relationship between governance and the management of information security, provides strategic principles and processes, and forms the basis for establishing a positive information security culture. An analysis interpretation of this standard for use in Australian general practice was performed. This work is unique as such interpretation for the Australian healthcare environment has not been undertaken before. It demonstrates an application of the standard at a strategic level to inform existing development of an information security governance framework.

Information Security: Computer Hacker Information Available on the Internet

DTIC Science & Technology

1996-06-05

INFORMATION SECURITY Computer Hacker Information Available on the Internet Statement for the Record of...Report Type N/A Dates Covered (from... to) - Title and Subtitle INFORMATION SECURITY Computer Hacker Information Available on the Internet Contract...1996 4. TITLE AND SUBTITLE Information Security: Computer Hacker Information Available on the Internet 5. FUNDING NUMBERS 6. AUTHOR(S) Jack L.

Empirical Analysis and Automated Classification of Security Bug Reports

NASA Technical Reports Server (NTRS)

Tyo, Jacob P.

2016-01-01

With the ever expanding amount of sensitive data being placed into computer systems, the need for effective cybersecurity is of utmost importance. However, there is a shortage of detailed empirical studies of security vulnerabilities from which cybersecurity metrics and best practices could be determined. This thesis has two main research goals: (1) to explore the distribution and characteristics of security vulnerabilities based on the information provided in bug tracking systems and (2) to develop data analytics approaches for automatic classification of bug reports as security or non-security related. This work is based on using three NASA datasets as case studies. The empirical analysis showed that the majority of software vulnerabilities belong only to a small number of types. Addressing these types of vulnerabilities will consequently lead to cost efficient improvement of software security. Since this analysis requires labeling of each bug report in the bug tracking system, we explored using machine learning to automate the classification of each bug report as a security or non-security related (two-class classification), as well as each security related bug report as specific security type (multiclass classification). In addition to using supervised machine learning algorithms, a novel unsupervised machine learning approach is proposed. An ac- curacy of 92%, recall of 96%, precision of 92%, probability of false alarm of 4%, F-Score of 81% and G-Score of 90% were the best results achieved during two-class classification. Furthermore, an accuracy of 80%, recall of 80%, precision of 94%, and F-score of 85% were the best results achieved during multiclass classification.

A review of security of electronic health records.

PubMed

Win, Khin Than

The objective of this study is to answer the research question, "Are current information security technologies adequate for electronic health records (EHRs)?" In order to achieve this, the following matters have been addressed in this article: (i) What is information security in the context of EHRs? (ii) Why is information security important for EHRs? and (iii) What are the current technologies for information security available to EHRs? It is concluded that current EHR security technologies are inadequate and urgently require improvement. Further study regarding information security of EHRs is indicated.

49 CFR 1548.19 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an Information... security measures are necessary to respond to a threat assessment, or to a specific threat against civil...

Managing security and privacy concerns over data storage in healthcare research.

PubMed

Mackenzie, Isla S; Mantay, Brian J; McDonnell, Patrick G; Wei, Li; MacDonald, Thomas M

2011-08-01

Issues surrounding data security and privacy are of great importance when handling sensitive health-related data for research. The emphasis in the past has been on balancing the risks to individuals with the benefit to society of the use of databases for research. However, a new way of looking at such issues is that by optimising procedures and policies regarding security and privacy of data to the extent that there is no appreciable risk to the privacy of individuals, we can create a 'win-win' situation in which everyone benefits, and pharmacoepidemiological research can flourish with public support. We discuss holistic measures, involving both information technology and people, taken to improve the security and privacy of data storage. After an internal review, we commissioned an external audit by an independent consultant with a view to optimising our data storage and handling procedures. Improvements to our policies and procedures were implemented as a result of the audit. By optimising our storage of data, we hope to inspire public confidence and hence cooperation with the use of health care data in research. Copyright © 2011 John Wiley & Sons, Ltd.

Conception of a course for professional training and education in the field of computer and mobile forensics

NASA Astrophysics Data System (ADS)

Kröger, Knut; Creutzburg, Reiner

2012-06-01

IT security and computer forensics are important components in the information technology. From year to year, incidents and crimes increase that target IT systems or was done with their help. More and more companies and authorities have security problems in their own IT infrastructure. To respond to these incidents professionally, it is important to have well trained staff. The fact that many agencies and companies work with very sensitive data makes it necessary to further train the own employees in the field of IT forensics. Motivated by these facts, a training concept, which allows the creation of practical exercises, is presented in this paper. The focus is on the practical implementation of forensic important relationships.

Cyber threats to health information systems: A systematic review.

PubMed

Luna, Raul; Rhine, Emily; Myhra, Matthew; Sullivan, Ross; Kruse, Clemens Scott

2016-01-01

Recent legislation empowering providers to embrace the electronic exchange of health information leaves the healthcare industry increasingly vulnerable to cybercrime. The objective of this systematic review is to identify the biggest threats to healthcare via cybercrime. The rationale behind this systematic review is to provide a framework for future research by identifying themes and trends of cybercrime in the healthcare industry. The authors conducted a systematic search through the CINAHL, Academic Search Complete, PubMed, and ScienceDirect databases to gather literature relative to cyber threats in healthcare. All authors reviewed the articles collected and excluded literature that did not focus on the objective. Researchers selected and examined 19 articles for common themes. The most prevalent cyber-criminal activity in healthcare is identity theft through data breach. Other concepts identified are internal threats, external threats, cyber-squatting, and cyberterrorism. The industry has now come to rely heavily on digital technologies, which increase risks such as denial of service and data breaches. Current healthcare cyber-security systems do not rival the capabilities of cyber criminals. Security of information is a costly resource and therefore many HCOs may hesitate to invest what is required to protect sensitive information.

A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

ERIC Educational Resources Information Center

Waddell, Stanie Adolphus

2013-01-01

Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

49 CFR 8.9 - Information Security Review Committee.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 1 2011-10-01 2011-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... Clause 1352.239-73, Security Requirements for Information Technology Resources, is needed, contracting... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339...

49 CFR 8.9 - Information Security Review Committee.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 1 2010-10-01 2010-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

Defining Information Security.

PubMed

Lundgren, Björn; Möller, Niklas

2017-11-15

This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

6 CFR 27.200 - Information regarding security risk for a chemical facility.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Information regarding security risk for a chemical facility. 27.200 Section 27.200 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information...

Mind-Mindedness of Male and Female Caregivers in Childcare and the Relation to Sensitivity and Attachment: An Exploratory Study.

PubMed

Colonnesi, Cristina; van Polanen, Marleen; Tavecchio, Louis W C; Fukkink, Ruben G

2017-08-01

Mind-mindedness refers to the caregiver's ability to be attuned to the child's mental states. Within the parent-child relationship, mind-mindedness relates to parents' sensitive caregiving, and to children's secure attachment. However, the same relations are still unexplored in out-of-home care settings. We investigated the associations between childcare professionals' mind-mindedness, sensitive responsiveness and respect for autonomy, and child-caregiver attachment security. Moreover, we examined whether these relations are influenced by caregivers' and children's gender. Participants were 17 caregiver couples (17 males, 17 females) and 34 three-year-old children (17 boys, 17 girls), recruited in childcare centers. Mind-mindedness toward the boy or the girl (dyadic) or both children (non-dyadic), sensitive responsiveness and respect for autonomy were assessed during a semi-structured play. Attachment security was assessed through observations. Male and female caregivers had equivalent scores of mind-mindedness, sensitive responsiveness, and respect for autonomy. Similarly, children were securely attached to male and female caregivers. Girls' and boys' secure attachment was predicted by caregivers' use of non-dyadic mind-related comments. For girls, but not for boys, the relation was partially mediated by caregivers' respect for autonomy. The results are discussed in terms of their relevance for the quality of child-caregiver relationships, and children's socio-emotional development. Copyright © 2017 Elsevier Inc. All rights reserved.

Protecting Patient Records from Unwarranted Access

NASA Astrophysics Data System (ADS)

Gardner, Ryan; Garera, Sujata; Rubin, Aviel D.; Rajan, Anand; Rozas, Carlos V.; Sastry, Manoj

Securing access to medical information is vital to protecting patient privacy. However, Electronic Patient Record (EPR) systems are vulnerable to a number of inside and outside threats. Adversaries can compromise EPR client machines to obtain a variety of highly sensitive information including valid EPR login credentials, without detection. Furthermore, medical staff can covertly view records of their choosing for personal interest or more malicious purposes. In particular, we observe that the lack of integrity measurement and auditability in these systems creates a potential threat to the privacy of patient information. We explore the use of virtualization and trusted computing hardware to address these problems. We identify open problems and encourage further research in the area.

Dual-Level Security based Cyclic18 Steganographic Method and its Application for Secure Transmission of Keyframes during Wireless Capsule Endoscopy.

PubMed

Muhammad, Khan; Sajjad, Muhammad; Baik, Sung Wook

2016-05-01

In this paper, the problem of secure transmission of sensitive contents over the public network Internet is addressed by proposing a novel data hiding method in encrypted images with dual-level security. The secret information is divided into three blocks using a specific pattern, followed by an encryption mechanism based on the three-level encryption algorithm (TLEA). The input image is scrambled using a secret key, and the encrypted sub-message blocks are then embedded in the scrambled image by cyclic18 least significant bit (LSB) substitution method, utilizing LSBs and intermediate LSB planes. Furthermore, the cover image and its planes are rotated at different angles using a secret key prior to embedding, deceiving the attacker during data extraction. The usage of message blocks division, TLEA, image scrambling, and the cyclic18 LSB method results in an advanced security system, maintaining the visual transparency of resultant images and increasing the security of embedded data. In addition, employing various secret keys for image scrambling, data encryption, and data hiding using the cyclic18 LSB method makes the data recovery comparatively more challenging for attackers. Experimental results not only validate the effectiveness of the proposed framework in terms of visual quality and security compared to other state-of-the-art methods, but also suggest its feasibility for secure transmission of diagnostically important keyframes to healthcare centers and gastroenterologists during wireless capsule endoscopy.

In Search of Shared and Nonshared Environmental Factors in Security of Attachment: A Behavior-Genetic Study of the Association between Sensitivity and Attachment Security

ERIC Educational Resources Information Center

Fearon, R. M. Pasco; Van IJzendoorn, Marinus H.; Fonagy, Peter; Bakermans-Kranenburg, Marian J.; Schuengel, Carlo; Bokhorst, Caroline L.

2006-01-01

The current article presents results from a twin study of genetic and environmental components of maternal sensitivity and infant attachment and their association. The sample consisted of 136 twin pairs from 2 sites: Leiden, the Netherlands, and London, UK. Maternal sensitivity was assessed in the home at 9-10 months, and infant attachment…

14 CFR 1203.202 - Responsibilities.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.202 Responsibilities. (a) The Chairperson, NASA Information Security...) Ensuring effective compliance with and implementation of “the Order” and the Information Security Oversight...

14 CFR 1203.202 - Responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.202 Responsibilities. (a) The Chairperson, NASA Information Security...) Ensuring effective compliance with and implementation of “the Order” and the Information Security Oversight...

Legal issues concerning electronic health information: privacy, quality, and liability.

PubMed

Hodge, J G; Gostin, L O; Jacobson, P D

1999-10-20

Personally identifiable health information about individuals and general medical information is increasingly available in electronic form in health databases and through online networks. The proliferation of electronic data within the modern health information infrastructure presents significant benefits for medical providers and patients, including enhanced patient autonomy, improved clinical treatment, advances in health research and public health surveillance, and modern security techniques. However, it also presents new legal challenges in 3 interconnected areas: privacy of identifiable health information, reliability and quality of health data, and tortbased liability. Protecting health information privacy (by giving individuals control over health data without severely restricting warranted communal uses) directly improves the quality and reliability of health data (by encouraging individual uses of health services and communal uses of data), which diminishes tort-based liabilities (by reducing instances of medical malpractice or privacy invasions through improvements in the delivery of health care services resulting in part from better quality and reliability of clinical and research data). Following an analysis of the interconnectivity of these 3 areas and discussing existing and proposed health information privacy laws, recommendations for legal reform concerning health information privacy are presented. These include (1) recognizing identifiable health information as highly sensitive, (2) providing privacy safeguards based on fair information practices, (3) empowering patients with information and rights to consent to disclosure (4) limiting disclosures of health data absent consent, (5) incorporating industry-wide security protections, (6) establishing a national data protection authority, and (7) providing a national minimal level of privacy protections.

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Part 364—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

Economic Evaluation of the Information Security Levels Achieved by Electric Energy Providers in North Arctic Region

NASA Astrophysics Data System (ADS)

Sushko, O. P.; Kaznin, A. A.; Babkin, A. V.; Bogdanov, D. A.

2017-10-01

The study we are conducting involves the analysis of information security levels achieved by energy providers operating in the North Arctic Region. We look into whether the energy providers’ current information security levels meet reliability standards and determine what further actions may be needed for upgrading information security in the context of the digital transformation that the world community is undergoing. When developing the information security systems for electric energy providers or selecting the protection means for them, we are governed by the fact that the assets to be protected are process technologies. While information security risk can be assessed using different methods, the evaluation of the economic damage from these risks appears to be a difficult task. The most probable and harmful risks we have identified when evaluating the electric energy providers’ information security will be used by us as variables. To provide the evaluation, it is necessary to calculate the costs relating to elimination of the risks identified. The final stage of the study will involve the development of an operation algorithm for the North Arctic Region’s energy provider’s business information protection security system - a set of information security services, and security software and hardware.

75 FR 65526 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 6636 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-07

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 67484 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... must be submitted to the Information Security Oversight Office (ISOO) no later than Friday, November 11...

76 FR 28099 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-13

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

75 FR 39582 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-09

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 1 2010-01-01 2010-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 1 2011-01-01 2011-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Information and Restricted Data. 95.35 Section 95.35 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a...

Standoff detection: distinction of bacteria by hyperspectral laser induced fluorescence

NASA Astrophysics Data System (ADS)

Walter, Arne; Duschek, Frank; Fellner, Lea; Grünewald, Karin M.; Hausmann, Anita; Julich, Sandra; Pargmann, Carsten; Tomaso, Herbert; Handke, Jürgen

2016-05-01

Sensitive detection and rapid identification of hazardous bioorganic material with high sensitivity and specificity are essential topics for defense and security. A single method can hardly cover these requirements. While point sensors allow a highly specific identification, they only provide localized information and are comparatively slow. Laser based standoff systems allow almost real-time detection and classification of potentially hazardous material in a wide area and can provide information on how the aerosol may spread. The coupling of both methods may be a promising solution to optimize the acquisition and identification of hazardous substances. The capability of the outdoor LIF system at DLR Lampoldshausen test facility as an online classification tool has already been demonstrated. Here, we present promising data for further differentiation among bacteria. Bacteria species can express unique fluorescence spectra after excitation at 280 nm and 355 nm. Upon deactivation, the spectral features change depending on the deactivation method.

Approach to estimation of level of information security at enterprise based on genetic algorithm

NASA Astrophysics Data System (ADS)

V, Stepanov L.; V, Parinov A.; P, Korotkikh L.; S, Koltsov A.

2018-05-01

In the article, the way of formalization of different types of threats of information security and vulnerabilities of an information system of the enterprise and establishment is considered. In a type of complexity of ensuring information security of application of any new organized system, the concept and decisions in the sphere of information security are expedient. One of such approaches is the method of a genetic algorithm. For the enterprises of any fields of activity, the question of complex estimation of the level of security of information systems taking into account the quantitative and qualitative factors characterizing components of information security is relevant.

17 CFR 249.1001 - Form SIP, for application for registration as a securities information processor or to amend such...

Code of Federal Regulations, 2011 CFR

2011-04-01

... registration as a securities information processor or to amend such an application or registration. 249.1001..., SECURITIES EXCHANGE ACT OF 1934 Form for Registration of, and Reporting by Securities Information Processors § 249.1001 Form SIP, for application for registration as a securities information processor or to amend...

17 CFR 249.1001 - Form SIP, for application for registration as a securities information processor or to amend such...

Code of Federal Regulations, 2010 CFR

2010-04-01

... registration as a securities information processor or to amend such an application or registration. 249.1001..., SECURITIES EXCHANGE ACT OF 1934 Form for Registration of, and Reporting by Securities Information Processors § 249.1001 Form SIP, for application for registration as a securities information processor or to amend...

[Process and key points of clinical literature evaluation of post-marketing traditional Chinese medicine].

PubMed

Liu, Huan; Xie, Yanming

2011-10-01

The clinical literature evaluation of the post-marketing traditional Chinese medicine is a comprehensive evaluation by the comprehensive gain, analysis of the drug, literature of drug efficacy, safety, economy, based on the literature evidence and is part of the evaluation of evidence-based medicine. The literature evaluation in the post-marketing Chinese medicine clinical evaluation is in the foundation and the key position. Through the literature evaluation, it can fully grasp the information, grasp listed drug variety of traditional Chinese medicines second development orientation, make clear further clinical indications, perfect the medicines, etc. This paper discusses the main steps and emphasis of the clinical literature evaluation. Emphasizing security literature evaluation should attach importance to the security of a comprehensive collection drug information. Safety assessment should notice traditional Chinese medicine validity evaluation in improving syndrome, improveing the living quality of patients with special advantage. The economics literature evaluation should pay attention to reliability, sensitivity and practicability of the conclusion.

46 CFR 503.52 - Senior agency official.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 9 2011-10-01 2011-10-01 false Senior agency official. 503.52 Section 503.52 Shipping FEDERAL MARITIME COMMISSION GENERAL AND ADMINISTRATIVE PROVISIONS PUBLIC INFORMATION Information Security...'s information security program, which includes oversight (self-inspection) and security information...

Perspectives on Cybersecurity Information Sharing among Multiple Stakeholders Using a Decision-Theoretic Approach.

PubMed

He, Meilin; Devine, Laura; Zhuang, Jun

2018-02-01

The government, private sectors, and others users of the Internet are increasingly faced with the risk of cyber incidents. Damage to computer systems and theft of sensitive data caused by cyber attacks have the potential to result in lasting harm to entities under attack, or to society as a whole. The effects of cyber attacks are not always obvious, and detecting them is not a simple proposition. As the U.S. federal government believes that information sharing on cybersecurity issues among organizations is essential to safety, security, and resilience, the importance of trusted information exchange has been emphasized to support public and private decision making by encouraging the creation of the Information Sharing and Analysis Center (ISAC). Through a decision-theoretic approach, this article provides new perspectives on ISAC, and the advent of the new Information Sharing and Analysis Organizations (ISAOs), which are intended to provide similar benefits to organizations that cannot fit easily into the ISAC structure. To help understand the processes of information sharing against cyber threats, this article illustrates 15 representative information sharing structures between ISAC, government, and other participating entities, and provide discussions on the strategic interactions between different stakeholders. This article also identifies the costs of information sharing and information security borne by different parties in this public-private partnership both before and after cyber attacks, as well as the two main benefits. This article provides perspectives on the mechanism of information sharing and some detailed cost-benefit analysis. © 2017 Society for Risk Analysis.

75 FR 10507 - Information Security Oversight Office; National Industrial Security Program Policy Advisory...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-08

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... individuals planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later...

Invisibly Sanitizable Digital Signature Scheme

NASA Astrophysics Data System (ADS)

Miyazaki, Kunihiko; Hanaoka, Goichiro; Imai, Hideki

A digital signature does not allow any alteration of the document to which it is attached. Appropriate alteration of some signed documents, however, should be allowed because there are security requirements other than the integrity of the document. In the disclosure of official information, for example, sensitive information such as personal information or national secrets is masked when an official document is sanitized so that its nonsensitive information can be disclosed when it is requested by a citizen. If this disclosure is done digitally by using the current digital signature schemes, the citizen cannot verify the disclosed information because it has been altered to prevent the leakage of sensitive information. The confidentiality of official information is thus incompatible with the integrity of that information, and this is called the digital document sanitizing problem. Conventional solutions such as content extraction signatures and digitally signed document sanitizing schemes with disclosure condition control can either let the sanitizer assign disclosure conditions or hide the number of sanitized portions. The digitally signed document sanitizing scheme we propose here is based on the aggregate signature derived from bilinear maps and can do both. Moreover, the proposed scheme can sanitize a signed document invisibly, that is, no one can distinguish whether the signed document has been sanitized or not.

6 CFR 7.27 - Declassification and downgrading.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY INFORMATION Classified Information § 7.27 Declassification and downgrading. (a) Classified... Security Officer. (b) Information shall be declassified or downgraded by the official who authorized the... Secretary of Homeland Security or the Chief Security Officer. (c) It is presumed that information that...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2013 CFR

2013-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2013-01-01 2013-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2014 CFR

2014-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2014-01-01 2014-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

78 FR 26057 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-03

... Information Collection Activity Under OMB Review: Pipeline Corporate Security Review AGENCY: Transportation.... Information Collection Requirement Title: Pipeline Corporate Security Review (PCSR). Type of Request... current industry security practices through its Pipeline Corporate Security Review (PCSR) program. The...

Information Security Management (ISM)

NASA Astrophysics Data System (ADS)

Šalgovičová, Jarmila; Prajová, Vanessa

2012-12-01

Currently, all organizations have to tackle the issue of information security. The paper deals with various aspects of Information Security Management (ISM), including procedures, processes, organizational structures, policies and control processes. Introduction of Information Security Management should be a strategic decision. The concept and implementation of Information Security Management in an organization are determined by the corporate needs and objectives, security requirements, the processes deployed as well as the size and structure of the organization. The implementation of ISM should be carried out to the extent consistent with the needs of the organization.

Information security of power enterprises of North-Arctic region

NASA Astrophysics Data System (ADS)

Sushko, O. P.

2018-05-01

The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

Disaster at a University: A Case Study in Information Security

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Tyks, Jonathan

2012-01-01

Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

NASA guidelines for assuring the adequacy and appropriateness of security safeguards in sensitive applications

NASA Technical Reports Server (NTRS)

Tompkins, F. G.

1984-01-01

The Office of Management and Budget (OMB) Circular A-71, transmittal Memorandum No. 1, requires that each agency establish a management control process to assure that appropriate administrative, physical and technical safeguards are incorporated into all new computer applications. In addition to security specifications, the management control process should assure that the safeguards are adequate for the application. The security activities that should be integral to the system development process are examined. The software quality assurance process to assure that adequate and appropriate controls are incorporated into sensitive applications is also examined. Security for software packages is also discussed.

6 CFR 7.12 - Violations of classified information requirements.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Violations of classified information requirements. 7.12 Section 7.12 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION Administration § 7.12 Violations of classified information...

78 FR 77484 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline System Operator...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-23

... Federal agency for pipeline security, it is important for TSA to have contact information for company... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 1 2011-07-01 2011-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

75 FR 38595 - Guidance to States Regarding Driver History Record Information Security, Continuity of Operation...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-02

... Standards and Technology's (NIST) Computer Security Division maintains a Computer Security Resource Center... Regarding Driver History Record Information Security, Continuity of Operation Planning, and Disaster... (SDLAs) to support their efforts at maintaining the security of information contained in the driver...

14 CFR 1203.409 - Exceptional cases.

Code of Federal Regulations, 2010 CFR

2010-01-01

....409 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM... Information Security Program Committee, Security Division, Washington, DC 20546 for a classification..., to the Director, Information Security Oversight Office, GSA, for a determination. ...

The ISACA Business Model for Information Security: An Integrative and Innovative Approach

NASA Astrophysics Data System (ADS)

von Roessing, Rolf

In recent years, information security management has matured into a professional discipline that covers both technical and managerial aspects in an organisational environment. Information security is increasingly dependent on business-driven parameters and interfaces to a variety of organisational units and departments. In contrast, common security models and frameworks have remained largely technical. A review of extant models ranging from [LaBe73] to more recent models shows that technical aspects are covered in great detail, while the managerial aspects of security are often neglected.Likewise, the business view on organisational security is frequently at odds with the demands of information security personnel or information technology management. In practice, senior and executive level management remain comparatively distant from technical requirements. As a result, information security is generally regarded as a cost factor rather than a benefit to the organisation.

Dual-Layer Video Encryption using RSA Algorithm

NASA Astrophysics Data System (ADS)

Chadha, Aman; Mallik, Sushmit; Chadha, Ankit; Johar, Ravdeep; Mani Roja, M.

2015-04-01

This paper proposes a video encryption algorithm using RSA and Pseudo Noise (PN) sequence, aimed at applications requiring sensitive video information transfers. The system is primarily designed to work with files encoded using the Audio Video Interleaved (AVI) codec, although it can be easily ported for use with Moving Picture Experts Group (MPEG) encoded files. The audio and video components of the source separately undergo two layers of encryption to ensure a reasonable level of security. Encryption of the video component involves applying the RSA algorithm followed by the PN-based encryption. Similarly, the audio component is first encrypted using PN and further subjected to encryption using the Discrete Cosine Transform. Combining these techniques, an efficient system, invulnerable to security breaches and attacks with favorable values of parameters such as encryption/decryption speed, encryption/decryption ratio and visual degradation; has been put forth. For applications requiring encryption of sensitive data wherein stringent security requirements are of prime concern, the system is found to yield negligible similarities in visual perception between the original and the encrypted video sequence. For applications wherein visual similarity is not of major concern, we limit the encryption task to a single level of encryption which is accomplished by using RSA, thereby quickening the encryption process. Although some similarity between the original and encrypted video is observed in this case, it is not enough to comprehend the happenings in the video.

On the Relation between Maternal State of Mind and Sensitivity in the Prediction of Infant Attachment Security

ERIC Educational Resources Information Center

Atkinson, Leslie; Goldberg, Susan; Raval, Vaishali; Pederson, David; Benoit, Diane; Moran, Greg; Poulton, Lori; Myhal, Natalie; Zwiers, Michael; Leung, Eman

2005-01-01

Attachment theorists assume that maternal mental representations influence responsivity, which influences infant attachment security. However, primary studies do not support this mediation model. The authors tested mediation using 2 mother-infant samples and found no evidence of mediation. Therefore, the authors explored sensitivity as a…

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2014 CFR

2014-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2011 CFR

2011-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...