75 FR 55290 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-031...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-10

...; Department of Homeland Security/ALL-031 Information Sharing Environment Suspicious Activity Reporting... Environment Suspicious Activity Reporting Initiative System of Records'' and this proposed rulemaking. In this... establish a new DHS system of records titled, ``DHS/ALL-031 Information Sharing Environment (ISE) Suspicious...

Information-Pooling Bias in Collaborative Security Incident Correlation Analysis.

PubMed

Rajivan, Prashanth; Cooke, Nancy J

2018-03-01

Incident correlation is a vital step in the cybersecurity threat detection process. This article presents research on the effect of group-level information-pooling bias on collaborative incident correlation analysis in a synthetic task environment. Past research has shown that uneven information distribution biases people to share information that is known to most team members and prevents them from sharing any unique information available with them. The effect of such biases on security team collaborations are largely unknown. Thirty 3-person teams performed two threat detection missions involving information sharing and correlating security incidents. Incidents were predistributed to each person in the team based on the hidden profile paradigm. Participant teams, randomly assigned to three experimental groups, used different collaboration aids during Mission 2. Communication analysis revealed that participant teams were 3 times more likely to discuss security incidents commonly known to the majority. Unaided team collaboration was inefficient in finding associations between security incidents uniquely available to each member of the team. Visualizations that augment perceptual processing and recognition memory were found to mitigate the bias. The data suggest that (a) security analyst teams, when conducting collaborative correlation analysis, could be inefficient in pooling unique information from their peers; (b) employing off-the-shelf collaboration tools in cybersecurity defense environments is inadequate; and (c) collaborative security visualization tools developed considering the human cognitive limitations of security analysts is necessary. Potential applications of this research include development of team training procedures and collaboration tool development for security analysts.

Enterprise systems security management: a framework for breakthrough protection

NASA Astrophysics Data System (ADS)

Farroha, Bassam S.; Farroha, Deborah L.

2010-04-01

Securing the DoD information network is a tremendous task due to its size, access locations and the amount of network intrusion attempts on a daily basis. This analysis investigates methods/architecture options to deliver capabilities for secure information sharing environment. Crypto-binding and intelligent access controls are basic requirements for secure information sharing in a net-centric environment. We introduce many of the new technology components to secure the enterprise. The cooperative mission requirements lead to developing automatic data discovery and data stewards granting access to Cross Domain (CD) data repositories or live streaming data. Multiple architecture models are investigated to determine best-of-breed approaches including SOA and Private/Public Clouds.

MYSEA: The Monterey Security Architecture

DTIC Science & Technology

2009-01-01

Security and Protection, Organization and Design General Terms: Design; Security Keywords: access controls, authentication, information flow controls...Applicable environments include: mil- itary coalitions, agencies and organizations responding to security emergencies, and mandated sharing in business ...network architecture affords users the abil- ity to securely access information across networks at dif- ferent classifications using standardized

The Role of Health Care Experience and Consumer Information Efficacy in Shaping Privacy and Security Perceptions of Medical Records: National Consumer Survey Results

PubMed Central

Beckjord, Ellen; Moser, Richard P; Hughes, Penelope; Hesse, Bradford W

2015-01-01

Background Providers’ adoption of electronic health records (EHRs) is increasing and consumers have expressed concerns about the potential effects of EHRs on privacy and security. Yet, we lack a comprehensive understanding regarding factors that affect individuals’ perceptions regarding the privacy and security of their medical information. Objective The aim of this study was to describe national perceptions regarding the privacy and security of medical records and identify a comprehensive set of factors associated with these perceptions. Methods Using a nationally representative 2011-2012 survey, we reported on adults’ perceptions regarding privacy and security of medical records and sharing of health information between providers, and whether adults withheld information from a health care provider due to privacy or security concerns. We used multivariable models to examine the association between these outcomes and sociodemographic characteristics, health and health care experience, information efficacy, and technology-related variables. Results Approximately one-quarter of American adults (weighted n=235,217,323; unweighted n=3959) indicated they were very confident (n=989) and approximately half indicated they were somewhat confident (n=1597) in the privacy of their medical records; we found similar results regarding adults’ confidence in the security of medical records (very confident: n=828; somewhat confident: n=1742). In all, 12.33% (520/3904) withheld information from a health care provider and 59.06% (2100/3459) expressed concerns about the security of both faxed and electronic health information. Adjusting for other characteristics, adults who reported higher quality of care had significantly greater confidence in the privacy and security of their medical records and were less likely to withhold information from their health care provider due to privacy or security concerns. Adults with higher information efficacy had significantly greater confidence in the privacy and security of medical records and less concern about sharing of health information by both fax and electronic means. Individuals’ perceptions of whether their providers use an EHR was not associated with any privacy or security outcomes. Conclusions Although most adults are confident in the privacy and security of their medical records, many express concerns regarding sharing of information between providers; a minority report withholding information from their providers due to privacy and security concerns. Whether individuals thought their provider was using an EHR was not associated with negative privacy/security perceptions or withholding, suggesting the transition to EHRs is not associated with negative perceptions regarding the privacy and security of medical information. However, monitoring to see how this evolves will be important. Given that positive health care experiences and higher information efficacy were associated with more favorable perceptions of privacy and security, efforts should continue to encourage providers to secure medical records, provide patients with a “meaningful choice” in how their data are shared, and enable individuals to access information they need to manage their care. PMID:25843686

The role of health care experience and consumer information efficacy in shaping privacy and security perceptions of medical records: national consumer survey results.

PubMed

Patel, Vaishali; Beckjord, Ellen; Moser, Richard P; Hughes, Penelope; Hesse, Bradford W

2015-04-02

Providers' adoption of electronic health records (EHRs) is increasing and consumers have expressed concerns about the potential effects of EHRs on privacy and security. Yet, we lack a comprehensive understanding regarding factors that affect individuals' perceptions regarding the privacy and security of their medical information. The aim of this study was to describe national perceptions regarding the privacy and security of medical records and identify a comprehensive set of factors associated with these perceptions. Using a nationally representative 2011-2012 survey, we reported on adults' perceptions regarding privacy and security of medical records and sharing of health information between providers, and whether adults withheld information from a health care provider due to privacy or security concerns. We used multivariable models to examine the association between these outcomes and sociodemographic characteristics, health and health care experience, information efficacy, and technology-related variables. Approximately one-quarter of American adults (weighted n=235,217,323; unweighted n=3959) indicated they were very confident (n=989) and approximately half indicated they were somewhat confident (n=1597) in the privacy of their medical records; we found similar results regarding adults' confidence in the security of medical records (very confident: n=828; somewhat confident: n=1742). In all, 12.33% (520/3904) withheld information from a health care provider and 59.06% (2100/3459) expressed concerns about the security of both faxed and electronic health information. Adjusting for other characteristics, adults who reported higher quality of care had significantly greater confidence in the privacy and security of their medical records and were less likely to withhold information from their health care provider due to privacy or security concerns. Adults with higher information efficacy had significantly greater confidence in the privacy and security of medical records and less concern about sharing of health information by both fax and electronic means. Individuals' perceptions of whether their providers use an EHR was not associated with any privacy or security outcomes. Although most adults are confident in the privacy and security of their medical records, many express concerns regarding sharing of information between providers; a minority report withholding information from their providers due to privacy and security concerns. Whether individuals thought their provider was using an EHR was not associated with negative privacy/security perceptions or withholding, suggesting the transition to EHRs is not associated with negative perceptions regarding the privacy and security of medical information. However, monitoring to see how this evolves will be important. Given that positive health care experiences and higher information efficacy were associated with more favorable perceptions of privacy and security, efforts should continue to encourage providers to secure medical records, provide patients with a "meaningful choice" in how their data are shared, and enable individuals to access information they need to manage their care.

Combination of Sharing Matrix and Image Encryption for Lossless $(k,n)$ -Secret Image Sharing.

PubMed

Bao, Long; Yi, Shuang; Zhou, Yicong

2017-12-01

This paper first introduces a (k,n) -sharing matrix S (k, n) and its generation algorithm. Mathematical analysis is provided to show its potential for secret image sharing. Combining sharing matrix with image encryption, we further propose a lossless (k,n) -secret image sharing scheme (SMIE-SIS). Only with no less than k shares, all the ciphertext information and security key can be reconstructed, which results in a lossless recovery of original information. This can be proved by the correctness and security analysis. Performance evaluation and security analysis demonstrate that the proposed SMIE-SIS with arbitrary settings of k and n has at least five advantages: 1) it is able to fully recover the original image without any distortion; 2) it has much lower pixel expansion than many existing methods; 3) its computation cost is much lower than the polynomial-based secret image sharing methods; 4) it is able to verify and detect a fake share; and 5) even using the same original image with the same initial settings of parameters, every execution of SMIE-SIS is able to generate completely different secret shares that are unpredictable and non-repetitive. This property offers SMIE-SIS a high level of security to withstand many different attacks.

A Study on the Secure User Profiling Structure and Procedure for Home Healthcare Systems.

PubMed

Ko, Hoon; Song, MoonBae

2016-01-01

Despite of various benefits such as a convenience and efficiency, home healthcare systems have some inherent security risks that may cause a serious leak on personal health information. This work presents a Secure User Profiling Structure which has the patient information including their health information. A patient and a hospital keep it at that same time, they share the updated data. While they share the data and communicate, the data can be leaked. To solve the security problems, a secure communication channel with a hash function and an One-Time Password between a client and a hospital should be established and to generate an input value to an OTP, it uses a dual hash-function. This work presents a dual hash function-based approach to generate the One-Time Password ensuring a secure communication channel with the secured key. In result, attackers are unable to decrypt the leaked information because of the secured key; in addition, the proposed method outperforms the existing methods in terms of computation cost.

A secure EHR system based on hybrid clouds.

PubMed

Chen, Yu-Yi; Lu, Jun-Chao; Jan, Jinn-Ke

2012-10-01

Consequently, application services rendering remote medical services and electronic health record (EHR) have become a hot topic and stimulating increased interest in studying this subject in recent years. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. Sharing EHR information can provide professional medical programs with consultancy, evaluation, and tracing services can certainly improve accessibility to the public receiving medical services or medical information at remote sites. With the widespread use of EHR, building a secure EHR sharing environment has attracted a lot of attention in both healthcare industry and academic community. Cloud computing paradigm is one of the popular healthIT infrastructures for facilitating EHR sharing and EHR integration. In this paper, we propose an EHR sharing and integration system in healthcare clouds and analyze the arising security and privacy issues in access and management of EHRs.

Information Management and the Biological Warfare Threat

DTIC Science & Technology

2002-03-01

24 2. Scientific-Security Paradigm Interaction........................................ 25 3. Business - Security Paradigm...policies of openness and guardedness and discuss the three paradigms (scientific, business , security ) as a developing factor for information sharing...Trade Center. 3. Business - Security Paradigm Interaction Gene patenting (discussed previously) is utilized by business to protect their

Computing on quantum shared secrets

NASA Astrophysics Data System (ADS)

Ouyang, Yingkai; Tan, Si-Hui; Zhao, Liming; Fitzsimons, Joseph F.

2017-11-01

A (k ,n )-threshold secret-sharing scheme allows for a string to be split into n shares in such a way that any subset of at least k shares suffices to recover the secret string, but such that any subset of at most k -1 shares contains no information about the secret. Quantum secret-sharing schemes extend this idea to the sharing of quantum states. Here we propose a method of performing computation securely on quantum shared secrets. We introduce a (n ,n )-quantum secret sharing scheme together with a set of algorithms that allow quantum circuits to be evaluated securely on the shared secret without the need to decode the secret. We consider a multipartite setting, with each participant holding a share of the secret. We show that if there exists at least one honest participant, no group of dishonest participants can recover any information about the shared secret, independent of their deviations from the algorithm.

3 CFR - Classified Information and Controlled Unclassified Information

Code of Federal Regulations, 2010 CFR

2010-01-01

... declassification of information in the electronic environment, as recommended by the Commission on the Intelligence... need in recent years to enhance national security by establishing an information sharing environment... information within the information sharing environment. In the absence of a single, comprehensive framework...

Facilitating Secure Sharing of Personal Health Data in the Cloud.

PubMed

Thilakanathan, Danan; Calvo, Rafael A; Chen, Shiping; Nepal, Surya; Glozier, Nick

2016-05-27

Internet-based applications are providing new ways of promoting health and reducing the cost of care. Although data can be kept encrypted in servers, the user does not have the ability to decide whom the data are shared with. Technically this is linked to the problem of who owns the data encryption keys required to decrypt the data. Currently, cloud service providers, rather than users, have full rights to the key. In practical terms this makes the users lose full control over their data. Trust and uptake of these applications can be increased by allowing patients to feel in control of their data, generally stored in cloud-based services. This paper addresses this security challenge by providing the user a way of controlling encryption keys independently of the cloud service provider. We provide a secure and usable system that enables a patient to share health information with doctors and specialists. We contribute a secure protocol for patients to share their data with doctors and others on the cloud while keeping complete ownership. We developed a simple, stereotypical health application and carried out security tests, performance tests, and usability tests with both students and doctors (N=15). We developed the health application as an app for Android mobile phones. We carried out the usability tests on potential participants and medical professionals. Of 20 participants, 14 (70%) either agreed or strongly agreed that they felt safer using our system. Using mixed methods, we show that participants agreed that privacy and security of health data are important and that our system addresses these issues. We presented a security protocol that enables patients to securely share their eHealth data with doctors and nurses and developed a secure and usable system that enables patients to share mental health information with doctors.

Usability Assessment of Secure Messaging for Clinical Document Sharing between Health Care Providers and Patients.

PubMed

Jahn, Michelle A; Porter, Brian W; Patel, Himalaya; Zillich, Alan J; Simon, Steven R; Russ, Alissa L

2018-04-01

 Web-based patient portals feature secure messaging systems that enable health care providers and patients to communicate information. However, little is known about the usability of these systems for clinical document sharing.  This article evaluates the usability of a secure messaging system for providers and patients in terms of its ability to support sharing of electronic clinical documents.  We conducted usability testing with providers and patients in a human-computer interaction laboratory at a Midwestern U.S. hospital. Providers sent a medication list document to a fictitious patient via secure messaging. Separately, patients retrieved the clinical document from a secure message and returned it to a fictitious provider. We collected use errors, task completion, task time, and satisfaction.  Twenty-nine individuals participated: 19 providers (6 physicians, 6 registered nurses, and 7 pharmacists) and 10 patients. Among providers, 11 (58%) attached and sent the clinical document via secure messaging without requiring assistance, in a median (range) of 4.5 (1.8-12.7) minutes. No patients completed tasks without moderator assistance. Patients accessed the secure messaging system within 3.6 (1.2-15.0) minutes; retrieved the clinical document within 0.8 (0.5-5.7) minutes; and sent the attached clinical document in 6.3 (1.5-18.1) minutes. Although median satisfaction ratings were high, with 5.8 for providers and 6.0 for patients (scale, 0-7), we identified 36 different use errors. Physicians and pharmacists requested additional features to support care coordination via health information technology, while nurses requested features to support efficiency for their tasks.  This study examined the usability of clinical document sharing, a key feature of many secure messaging systems. Our results highlight similarities and differences between provider and patient end-user groups, which can inform secure messaging design to improve learnability and efficiency. The observations suggest recommendations for improving the technical aspects of secure messaging for clinical document sharing. Schattauer GmbH Stuttgart.

ISBP: Understanding the Security Rule of Users' Information-Sharing Behaviors in Partnership

PubMed Central

Wu, Hongchen; Wang, Xinjun

2016-01-01

The rapid growth of social network data has given rise to high security awareness among users, especially when they exchange and share their personal information. However, because users have different feelings about sharing their information, they are often puzzled about who their partners for exchanging information can be and what information they can share. Is it possible to assist users in forming a partnership network in which they can exchange and share information with little worry? We propose a modified information sharing behavior prediction (ISBP) model that can help in understanding the underlying rules by which users share their information with partners in light of three common aspects: what types of items users are likely to share, what characteristics of users make them likely to share information, and what features of users’ sharing behavior are easy to predict. This model is applied with machine learning techniques in WEKA to predict users’ decisions pertaining to information sharing behavior and form them into trustable partnership networks by learning their features. In the experiment section, by using two real-life datasets consisting of citizens’ sharing behavior, we identify the effect of highly sensitive requests on sharing behavior adjacent to individual variables: the younger participants’ partners are more difficult to predict than those of the older participants, whereas the partners of people who are not computer majors are easier to predict than those of people who are computer majors. Based on these findings, we believe that it is necessary and feasible to offer users personalized suggestions on information sharing decisions, and this is pioneering work that could benefit college researchers focusing on user-centric strategies and website owners who want to collect more user information without raising their privacy awareness or losing their trustworthiness. PMID:26950064

ISBP: Understanding the Security Rule of Users' Information-Sharing Behaviors in Partnership.

PubMed

Wu, Hongchen; Wang, Xinjun

2016-01-01

The rapid growth of social network data has given rise to high security awareness among users, especially when they exchange and share their personal information. However, because users have different feelings about sharing their information, they are often puzzled about who their partners for exchanging information can be and what information they can share. Is it possible to assist users in forming a partnership network in which they can exchange and share information with little worry? We propose a modified information sharing behavior prediction (ISBP) model that can help in understanding the underlying rules by which users share their information with partners in light of three common aspects: what types of items users are likely to share, what characteristics of users make them likely to share information, and what features of users' sharing behavior are easy to predict. This model is applied with machine learning techniques in WEKA to predict users' decisions pertaining to information sharing behavior and form them into trustable partnership networks by learning their features. In the experiment section, by using two real-life datasets consisting of citizens' sharing behavior, we identify the effect of highly sensitive requests on sharing behavior adjacent to individual variables: the younger participants' partners are more difficult to predict than those of the older participants, whereas the partners of people who are not computer majors are easier to predict than those of people who are computer majors. Based on these findings, we believe that it is necessary and feasible to offer users personalized suggestions on information sharing decisions, and this is pioneering work that could benefit college researchers focusing on user-centric strategies and website owners who want to collect more user information without raising their privacy awareness or losing their trustworthiness.

Exploring the Lack of Interoperability of Databases within Department of Homeland Security Interagency Environment Concerning Maritime Port Security

DTIC Science & Technology

2009-03-01

37 Figure 8 New Information Sharing Model from United States Intelligence Community Information Sharing...PRIDE while the Coast Guard has MISSLE and the newly constructed WATCHKEEPER. All these databases contain intelligence on incoming vessels...decisions making. Experts rely heavily on future projections as hallmarks of skilled performance." (Endsley et al. 2006) The SA model above

31 CFR 1023.540 - Voluntary information sharing among financial institutions.

Code of Federal Regulations, 2012 CFR

2012-07-01

... and Finance (Continued) FINANCIAL CRIMES ENFORCEMENT NETWORK, DEPARTMENT OF THE TREASURY RULES FOR BROKERS OR DEALERS IN SECURITIES Special Information Sharing Procedures To Deter Money Laundering and...

31 CFR 1023.540 - Voluntary information sharing among financial institutions.

Code of Federal Regulations, 2011 CFR

2011-07-01

... and Finance (Continued) FINANCIAL CRIMES ENFORCEMENT NETWORK, DEPARTMENT OF THE TREASURY RULES FOR BROKERS OR DEALERS IN SECURITIES Special Information Sharing Procedures To Deter Money Laundering and...

31 CFR 1023.540 - Voluntary information sharing among financial institutions.

Code of Federal Regulations, 2014 CFR

2014-07-01

... and Finance (Continued) FINANCIAL CRIMES ENFORCEMENT NETWORK, DEPARTMENT OF THE TREASURY RULES FOR BROKERS OR DEALERS IN SECURITIES Special Information Sharing Procedures To Deter Money Laundering and...

31 CFR 1023.540 - Voluntary information sharing among financial institutions.

Code of Federal Regulations, 2013 CFR

2013-07-01

... and Finance (Continued) FINANCIAL CRIMES ENFORCEMENT NETWORK, DEPARTMENT OF THE TREASURY RULES FOR BROKERS OR DEALERS IN SECURITIES Special Information Sharing Procedures To Deter Money Laundering and...

Homeland security: sharing and managing critical incident information

NASA Astrophysics Data System (ADS)

Ashley, W. R., III

2003-09-01

Effective critical incident response for homeland security requires access to real-time information from many organizations. Command and control, as well as basic situational awareness, are all dependant on quickly communicating a dynamically changing picture to a variety of decision makers. For the most part, critical information management is not unfamiliar or new to the public safety community. However, new challenges present themselves when that information needs to be seamlessly shared across multiple organizations at the local, state and federal level in real-time. The homeland security problem does not lend itself to the traditional military joint forces planning model where activities shift from a deliberate planning process to a crisis action planning process. Rather, the homeland security problem is more similar to a traditional public safety model where the current activity state moves from complete inactivity or low-level attention to immediate crisis action planning. More often than not the escalation occurs with no warning or baseline information. This paper addresses the challenges of sharing critical incident information and the impacts new technologies will have on this problem. The value of current and proposed approaches will be critiqued for operational value and areas will be identified for further development.

Cost-Benefit Analysis of Confidentiality Policies for Advanced Knowledge Management Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

May, D

Knowledge Discovery (KD) processes can create new information within a Knowledge Management (KM) system. In many domains, including government, this new information must be secured against unauthorized disclosure. Applying an appropriate confidentiality policy achieves this. However, it is not evident which confidentiality policy to apply, especially when the goals of sharing and disseminating knowledge have to be balanced with the requirements to secure knowledge. This work proposes to solve this problem by developing a cost-benefit analysis technique for examining the tradeoffs between securing and sharing discovered knowledge.

Secure medical information sharing in cloud computing.

PubMed

Shao, Zhiyi; Yang, Bo; Zhang, Wenzheng; Zhao, Yi; Wu, Zhenqiang; Miao, Meixia

2015-01-01

Medical information sharing is one of the most attractive applications of cloud computing, where searchable encryption is a fascinating solution for securely and conveniently sharing medical data among different medical organizers. However, almost all previous works are designed in symmetric key encryption environment. The only works in public key encryption do not support keyword trapdoor security, have long ciphertext related to the number of receivers, do not support receiver revocation without re-encrypting, and do not preserve the membership of receivers. In this paper, we propose a searchable encryption supporting multiple receivers for medical information sharing based on bilinear maps in public key encryption environment. In the proposed protocol, data owner stores only one copy of his encrypted file and its corresponding encrypted keywords on cloud for multiple designated receivers. The keyword ciphertext is significantly shorter and its length is constant without relation to the number of designated receivers, i.e., for n receivers the ciphertext length is only twice the element length in the group. Only the owner knows that with whom his data is shared, and the access to his data is still under control after having been put on the cloud. We formally prove the security of keyword ciphertext based on the intractability of Bilinear Diffie-Hellman problem and the keyword trapdoor based on Decisional Diffie-Hellman problem.

MedBlock: Efficient and Secure Medical Data Sharing Via Blockchain.

PubMed

Fan, Kai; Wang, Shangyang; Ren, Yanhui; Li, Hui; Yang, Yintang

2018-06-21

With the development of electronic information technology, electronic medical records (EMRs) have been a common way to store the patients' data in hospitals. They are stored in different hospitals' databases, even for the same patient. Therefore, it is difficult to construct a summarized EMR for one patient from multiple hospital databases due to the security and privacy concerns. Meanwhile, current EMRs systems lack a standard data management and sharing policy, making it difficult for pharmaceutical scientists to develop precise medicines based on data obtained under different policies. To solve the above problems, we proposed a blockchain-based information management system, MedBlock, to handle patients' information. In this scheme, the distributed ledger of MedBlock allows the efficient EMRs access and EMRs retrieval. The improved consensus mechanism achieves consensus of EMRs without large energy consumption and network congestion. In addition, MedBlock also exhibits high information security combining the customized access control protocols and symmetric cryptography. MedBlock can play an important role in the sensitive medical information sharing.

Global Access-controlled Transfer e-frame (GATe)

DOE Office of Scientific and Technical Information (OSTI.GOV)

2012-05-30

Global Access-controlled Transfer e-frame (GATe) was designed to take advantage of the patterns that occur during an electronic record transfer process. The e-frame (or electronic framework or platform) is the foundation for developing secure information transfer to meet classified and unclassified business processes and is particularly useful when there is a need to share information with various entities in a controlled and secure environment. It can share, search, upload, download and retrieve sensitive information, as well as provides reporting capabilities.

Supporting Case-Based Learning in Information Security with Web-Based Technology

ERIC Educational Resources Information Center

He, Wu; Yuan, Xiaohong; Yang, Li

2013-01-01

Case-based learning has been widely used in many disciplines. As an effective pedagogical method, case-based learning is also being used to support teaching and learning in the domain of information security. In this paper, we demonstrate case-based learning in information security by sharing our experiences in using a case study to teach security…

Comparison of consumers’ views on electronic data sharing for healthcare and research

PubMed Central

Joseph, Jill G; Ohno-Machado, Lucila

2015-01-01

New models of healthcare delivery such as accountable care organizations and patient-centered medical homes seek to improve quality, access, and cost. They rely on a robust, secure technology infrastructure provided by health information exchanges (HIEs) and distributed research networks and the willingness of patients to share their data. There are few large, in-depth studies of US consumers’ views on privacy, security, and consent in electronic data sharing for healthcare and research together. Objective This paper addresses this gap, reporting on a survey which asks about California consumers’ views of data sharing for healthcare and research together. Materials and Methods The survey conducted was a representative, random-digit dial telephone survey of 800 Californians, performed in Spanish and English. Results There is a great deal of concern that HIEs will worsen privacy (40.3%) and security (42.5%). Consumers are in favor of electronic data sharing but elements of transparency are important: individual control, who has access, and the purpose for use of data. Respondents were more likely to agree to share deidentified information for research than to share identified information for healthcare (76.2% vs 57.3%, p < .001). Discussion While consumers show willingness to share health information electronically, they value individual control and privacy. Responsiveness to these needs, rather than mere reliance on Health Insurance Portability and Accountability Act (HIPAA), may improve support of data networks. Conclusion Responsiveness to the public’s concerns regarding their health information is a pre-requisite for patient-centeredness. This is one of the first in-depth studies of attitudes about electronic data sharing that compares attitudes of the same individual towards healthcare and research. PMID:25829461

2011 Defense Industrial Base Critical Infrastructure Protection Conference (DIBCIP)

DTIC Science & Technology

2011-08-25

Office of the Program Manager, Information Sharing Environment u Mr. Vince Jarvie , Vice President, Corporate Security, L-3 Communications...National Defense University IRM College and in 2008 he obtained the Certified Information System Security Professional certificate. MR. VINCE JARVIE ...Vice President, Corporate Security, L-3 Communciations Corporation Mr. Vincent (Vince) Jarvie is the Vice President, Corporate Security for L-3

An Evaluation Methodology for the Usability and Security of Cloud-based File Sharing Technologies

DTIC Science & Technology

2012-09-01

FISMA, ISO 27001 , FIPS 140-2, and ISO 270001) indicate a cloud-based service’s compliance with industry standard security controls, management and...Information Assurance IEEE Institute of Electrical and Electronics Engineers IT Information Technology ITS Insider Threat Study ISO International...effectively, efficiently and with satisfaction” (International Organization for Standardization [ ISO ], 1998). Alternately, information security

A no-key-exchange secure image sharing scheme based on Shamir's three-pass cryptography protocol and the multiple-parameter fractional Fourier transform.

PubMed

Lang, Jun

2012-01-30

In this paper, we propose a novel secure image sharing scheme based on Shamir's three-pass protocol and the multiple-parameter fractional Fourier transform (MPFRFT), which can safely exchange information with no advance distribution of either secret keys or public keys between users. The image is encrypted directly by the MPFRFT spectrum without the use of phase keys, and information can be shared by transmitting the encrypted image (or message) three times between users. Numerical simulation results are given to verify the performance of the proposed algorithm.

Perspectives on Cybersecurity Information Sharing among Multiple Stakeholders Using a Decision-Theoretic Approach.

PubMed

He, Meilin; Devine, Laura; Zhuang, Jun

2018-02-01

The government, private sectors, and others users of the Internet are increasingly faced with the risk of cyber incidents. Damage to computer systems and theft of sensitive data caused by cyber attacks have the potential to result in lasting harm to entities under attack, or to society as a whole. The effects of cyber attacks are not always obvious, and detecting them is not a simple proposition. As the U.S. federal government believes that information sharing on cybersecurity issues among organizations is essential to safety, security, and resilience, the importance of trusted information exchange has been emphasized to support public and private decision making by encouraging the creation of the Information Sharing and Analysis Center (ISAC). Through a decision-theoretic approach, this article provides new perspectives on ISAC, and the advent of the new Information Sharing and Analysis Organizations (ISAOs), which are intended to provide similar benefits to organizations that cannot fit easily into the ISAC structure. To help understand the processes of information sharing against cyber threats, this article illustrates 15 representative information sharing structures between ISAC, government, and other participating entities, and provide discussions on the strategic interactions between different stakeholders. This article also identifies the costs of information sharing and information security borne by different parties in this public-private partnership both before and after cyber attacks, as well as the two main benefits. This article provides perspectives on the mechanism of information sharing and some detailed cost-benefit analysis. © 2017 Society for Risk Analysis.

Generating unique IDs from patient identification data using security models.

PubMed

Mohammed, Emad A; Slack, Jonathan C; Naugler, Christopher T

2016-01-01

The use of electronic health records (EHRs) has continued to increase within healthcare systems in the developed and developing nations. EHRs allow for increased patient safety, grant patients easier access to their medical records, and offer a wealth of data to researchers. However, various bioethical, financial, logistical, and information security considerations must be addressed while transitioning to an EHR system. The need to encrypt private patient information for data sharing is one of the foremost challenges faced by health information technology. We describe the usage of the message digest-5 (MD5) and secure hashing algorithm (SHA) as methods for encrypting electronic medical data. In particular, we present an application of the MD5 and SHA-1 algorithms in encrypting a composite message from private patient information. The results show that the composite message can be used to create a unique one-way encrypted ID per patient record that can be used for data sharing. The described software tool can be used to share patient EMRs between practitioners without revealing patients identifiable data.

Health Information Exchange: What do patients want?

PubMed

Medford-Davis, Laura N; Chang, Lawrence; Rhodes, Karin V

2017-12-01

To determine whether emergency department patients want to share their medical records across health systems through Health Information Exchange and if so, whether they prefer to sign consent or share their records automatically, 982 adult patients presenting to an emergency department participated in a questionnaire-based interview. The majority (N = 906; 92.3%) were willing to share their data in a Health Information Exchange. Half (N = 490; 49.9%) reported routinely getting healthcare outside the system and 78.6 percent reported having records in other systems. Of those who were willing to share their data in a Health Information Exchange, 54.3 percent wanted to sign consent but 90 percent of those would waive consent in the case of an emergency. Privacy and security were primary concerns of patients not willing to participate in Health Information Exchange and preferring to sign consent. Improved privacy and security protections could increase participation, and findings support consideration of "break-the-glass" provider access to Health Information Exchange records in an emergent situation.

77 FR 51817 - National Maritime Security Advisory Committee; Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-27

... the information sharing efforts of the Coast Guard and DHS. (2) Cyber-Security. The Committee will... DEPARTMENT OF HOMELAND SECURITY Coast Guard [USCG-2012-0797] National Maritime Security Advisory...: The National Maritime Security Advisory Committee (NMSAC) will meet on September 11-12, 2012 in the...

Facilitating Secure Sharing of Personal Health Data in the Cloud

PubMed Central

Nepal, Surya; Glozier, Nick

2016-01-01

Background Internet-based applications are providing new ways of promoting health and reducing the cost of care. Although data can be kept encrypted in servers, the user does not have the ability to decide whom the data are shared with. Technically this is linked to the problem of who owns the data encryption keys required to decrypt the data. Currently, cloud service providers, rather than users, have full rights to the key. In practical terms this makes the users lose full control over their data. Trust and uptake of these applications can be increased by allowing patients to feel in control of their data, generally stored in cloud-based services. Objective This paper addresses this security challenge by providing the user a way of controlling encryption keys independently of the cloud service provider. We provide a secure and usable system that enables a patient to share health information with doctors and specialists. Methods We contribute a secure protocol for patients to share their data with doctors and others on the cloud while keeping complete ownership. We developed a simple, stereotypical health application and carried out security tests, performance tests, and usability tests with both students and doctors (N=15). Results We developed the health application as an app for Android mobile phones. We carried out the usability tests on potential participants and medical professionals. Of 20 participants, 14 (70%) either agreed or strongly agreed that they felt safer using our system. Using mixed methods, we show that participants agreed that privacy and security of health data are important and that our system addresses these issues. Conclusions We presented a security protocol that enables patients to securely share their eHealth data with doctors and nurses and developed a secure and usable system that enables patients to share mental health information with doctors. PMID:27234691

Enabling private and public sector organizations as agents of homeland security

NASA Astrophysics Data System (ADS)

Glassco, David H. J.; Glassco, Jordan C.

2006-05-01

Homeland security and defense applications seek to reduce the risk of undesirable eventualities across physical space in real-time. With that functional requirement in mind, our work focused on the development of IP based agent telecommunication solutions for heterogeneous sensor / robotic intelligent "Things" that could be deployed across the internet. This paper explains how multi-organization information and device sharing alliances may be formed to enable organizations to act as agents of homeland security (in addition to other uses). Topics include: (i) using location-aware, agent based, real-time information sharing systems to integrate business systems, mobile devices, sensor and actuator based devices and embedded devices used in physical infrastructure assets, equipment and other man-made "Things"; (ii) organization-centric real-time information sharing spaces using on-demand XML schema formatted networks; (iii) object-oriented XML serialization as a methodology for heterogeneous device glue code; (iv) how complex requirements for inter / intra organization information and device ownership and sharing, security and access control, mobility and remote communication service, tailored solution life cycle management, service QoS, service and geographic scalability and the projection of remote physical presence (through sensing and robotics) and remote informational presence (knowledge of what is going elsewhere) can be more easily supported through feature inheritance with a rapid agent system development methodology; (v) how remote object identification and tracking can be supported across large areas; (vi) how agent synergy may be leveraged with analytics to complement heterogeneous device networks.

Secure and Trustable Electronic Medical Records Sharing using Blockchain.

PubMed

Dubovitskaya, Alevtina; Xu, Zhigang; Ryu, Samuel; Schumacher, Michael; Wang, Fusheng

2017-01-01

Electronic medical records (EMRs) are critical, highly sensitive private information in healthcare, and need to be frequently shared among peers. Blockchain provides a shared, immutable and transparent history of all the transactions to build applications with trust, accountability and transparency. This provides a unique opportunity to develop a secure and trustable EMR data management and sharing system using blockchain. In this paper, we present our perspectives on blockchain based healthcare data management, in particular, for EMR data sharing between healthcare providers and for research studies. We propose a framework on managing and sharing EMR data for cancer patient care. In collaboration with Stony Brook University Hospital, we implemented our framework in a prototype that ensures privacy, security, availability, and fine-grained access control over EMR data. The proposed work can significantly reduce the turnaround time for EMR sharing, improve decision making for medical care, and reduce the overall cost.

Secure and Trustable Electronic Medical Records Sharing using Blockchain

PubMed Central

Dubovitskaya, Alevtina; Xu, Zhigang; Ryu, Samuel; Schumacher, Michael; Wang, Fusheng

2017-01-01

Electronic medical records (EMRs) are critical, highly sensitive private information in healthcare, and need to be frequently shared among peers. Blockchain provides a shared, immutable and transparent history of all the transactions to build applications with trust, accountability and transparency. This provides a unique opportunity to develop a secure and trustable EMR data management and sharing system using blockchain. In this paper, we present our perspectives on blockchain based healthcare data management, in particular, for EMR data sharing between healthcare providers and for research studies. We propose a framework on managing and sharing EMR data for cancer patient care. In collaboration with Stony Brook University Hospital, we implemented our framework in a prototype that ensures privacy, security, availability, and fine-grained access control over EMR data. The proposed work can significantly reduce the turnaround time for EMR sharing, improve decision making for medical care, and reduce the overall cost. PMID:29854130

TRENCADIS - secure architecture to share and manage DICOM objects in a ontological framework based on OGSA.

PubMed

Blanquer, Ignacio; Hernandez, Vicente; Segrelles, Damià; Torres, Erik

2007-01-01

Today most European healthcare centers use the digital format for their databases of images. TRENCADIS is a software architecture comprising a set of services as a solution for interconnecting, managing and sharing selected parts of medical DICOM data for the development of training and decision support tools. The organization of the distributed information in virtual repositories is based on semantic criteria. Different groups of researchers could organize themselves to propose a Virtual Organization (VO). These VOs will be interested in specific target areas, and will share information concerning each area. Although the private part of the information to be shared will be removed, special considerations will be taken into account to avoid the access by non-authorized users. This paper describes the security model implemented as part of TRENCADIS. The paper is organized as follows. First introduces the problem and presents our motivations. Section 1 defines the objectives. Section 2 presents an overview of the existing proposals per objective. Section 3 outlines the overall architecture. Section 4 describes how TRENCADIS is architected to realize the security goals discussed in the previous sections. The different security services and components of the infrastructure are briefly explained, as well as the exposed interfaces. Finally, Section 5 concludes and gives some remarks on our future work.

How strong are passwords used to protect personal health information in clinical trials?

PubMed

El Emam, Khaled; Moreau, Katherine; Jonker, Elizabeth

2011-02-11

Findings and statements about how securely personal health information is managed in clinical research are mixed. The objective of our study was to evaluate the security of practices used to transfer and share sensitive files in clinical trials. Two studies were performed. First, 15 password-protected files that were transmitted by email during regulated Canadian clinical trials were obtained. Commercial password recovery tools were used on these files to try to crack their passwords. Second, interviews with 20 study coordinators were conducted to understand file-sharing practices in clinical trials for files containing personal health information. We were able to crack the passwords for 93% of the files (14/15). Among these, 13 files contained thousands of records with sensitive health information on trial participants. The passwords tended to be relatively weak, using common names of locations, animals, car brands, and obvious numeric sequences. Patient information is commonly shared by email in the context of query resolution. Files containing personal health information are shared by email and, by posting them on shared drives with common passwords, to facilitate collaboration. If files containing sensitive patient information must be transferred by email, mechanisms to encrypt them and to ensure that password strength is high are necessary. More sophisticated collaboration tools are required to allow file sharing without password sharing. We provide recommendations to implement these practices.

How Strong are Passwords Used to Protect Personal Health Information in Clinical Trials?

PubMed Central

Moreau, Katherine; Jonker, Elizabeth

2011-01-01

Background Findings and statements about how securely personal health information is managed in clinical research are mixed. Objective The objective of our study was to evaluate the security of practices used to transfer and share sensitive files in clinical trials. Methods Two studies were performed. First, 15 password-protected files that were transmitted by email during regulated Canadian clinical trials were obtained. Commercial password recovery tools were used on these files to try to crack their passwords. Second, interviews with 20 study coordinators were conducted to understand file-sharing practices in clinical trials for files containing personal health information. Results We were able to crack the passwords for 93% of the files (14/15). Among these, 13 files contained thousands of records with sensitive health information on trial participants. The passwords tended to be relatively weak, using common names of locations, animals, car brands, and obvious numeric sequences. Patient information is commonly shared by email in the context of query resolution. Files containing personal health information are shared by email and, by posting them on shared drives with common passwords, to facilitate collaboration. Conclusion If files containing sensitive patient information must be transferred by email, mechanisms to encrypt them and to ensure that password strength is high are necessary. More sophisticated collaboration tools are required to allow file sharing without password sharing. We provide recommendations to implement these practices. PMID:21317106

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ahn, Gail-Joon

The project seeks an innovative framework to enable users to access and selectively share resources in distributed environments, enhancing the scalability of information sharing. We have investigated secure sharing & assurance approaches for ad-hoc collaboration, focused on Grids, Clouds, and ad-hoc network environments.

75 FR 18558 - Self-Regulatory Organizations; NYSE Arca, Inc.; Order Granting Accelerated Approval of a Proposed...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-12

.... Information regarding the market price and trading volume of the Shares will be continually available on a... trading volume information for the Shares will be published daily in the financial sections of newspapers...), name of security or financial instrument, number of shares or dollar value of financial instruments...

A resolution expressing the sense of the Senate that effective sharing of passenger information from inbound international flight manifests is a crucial component of our national security and that the Department of Homeland Security must maintain the information sharing standards required under the 2007 Passenger Name Record Agreement between the United States and the European Union.

THOMAS, 112th Congress

Sen. Lieberman, Joseph I. [ID-CT

2011-05-09

Senate - 05/18/2011 Resolution agreed to in Senate without amendment and an amended preamble by Unanimous Consent. (All Actions) Tracker: This bill has the status Agreed to in SenateHere are the steps for Status of Legislation:

Understanding Mobile Apps

MedlinePlus

... share personal information let your kids spend real money — even if the app is free include ads link to social media What’s more, ... Money & Credit Homes & Mortgages Health & Fitness Jobs & Making ... Security "Free" Security Scans Computer Security Disposing of Old Computers ...

78 FR 7334 - Port Authority Access to Facility Vulnerability Assessments and the Integration of Security Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-01

... to Facility Vulnerability Assessments and the Integration of Security Systems AGENCY: Coast Guard...-sharing measures. Security System Integration Alternatives Require each MTSA-regulated facility owner or... other forms of security system integration. Information Requested 1. We request comments on the...

A study on an information security system of a regional collaborative medical platform.

PubMed

Zhao, Junping; Peng, Kun; Leng, Jinchang; Sun, Xiaowei; Zhang, Zhenjiang; Xue, Wanguo; Ren, Lianzhong

2010-01-01

The objective of this study was to share the experience of building an information security system for a regional collaborative medical platform (RCMP) and discuss the lessons learned from practical projects. Safety measures are analyzed from the perspective of system engineering. We present the essential requirements, critical architectures, and policies for system security of regional collaborative medical platforms.

Generating unique IDs from patient identification data using security models

PubMed Central

Mohammed, Emad A.; Slack, Jonathan C.; Naugler, Christopher T.

2016-01-01

Background: The use of electronic health records (EHRs) has continued to increase within healthcare systems in the developed and developing nations. EHRs allow for increased patient safety, grant patients easier access to their medical records, and offer a wealth of data to researchers. However, various bioethical, financial, logistical, and information security considerations must be addressed while transitioning to an EHR system. The need to encrypt private patient information for data sharing is one of the foremost challenges faced by health information technology. Method: We describe the usage of the message digest-5 (MD5) and secure hashing algorithm (SHA) as methods for encrypting electronic medical data. In particular, we present an application of the MD5 and SHA-1 algorithms in encrypting a composite message from private patient information. Results: The results show that the composite message can be used to create a unique one-way encrypted ID per patient record that can be used for data sharing. Conclusion: The described software tool can be used to share patient EMRs between practitioners without revealing patients identifiable data. PMID:28163977

Securely Measuring the Overlap between Private Datasets with Cryptosets

PubMed Central

Swamidass, S. Joshua; Matlock, Matthew; Rozenblit, Leon

2015-01-01

Many scientific questions are best approached by sharing data—collected by different groups or across large collaborative networks—into a combined analysis. Unfortunately, some of the most interesting and powerful datasets—like health records, genetic data, and drug discovery data—cannot be freely shared because they contain sensitive information. In many situations, knowing if private datasets overlap determines if it is worthwhile to navigate the institutional, ethical, and legal barriers that govern access to sensitive, private data. We report the first method of publicly measuring the overlap between private datasets that is secure under a malicious model without relying on private protocols or message passing. This method uses a publicly shareable summary of a dataset’s contents, its cryptoset, to estimate its overlap with other datasets. Cryptosets approach “information-theoretic” security, the strongest type of security possible in cryptography, which is not even crackable with infinite computing power. We empirically and theoretically assess both the accuracy of these estimates and the security of the approach, demonstrating that cryptosets are informative, with a stable accuracy, and secure. PMID:25714898

Information Technology Strategic Plan 2009-2013

DTIC Science & Technology

2009-01-01

and the absence of Enterprise funding models for shared services . Also, though progress has been made within the DHS IT community regarding...security access regulations for shared services ; and difficulties associated with 3 Office of the Chief Information Officer...infrastructure and shared services is the vision for the Infrastructure Transformation Program at DHS and is the means by which to reduce IT commodity

Teleradiology network system and computer-aided diagnosis workstation using the web medical image conference system with a new information security solution

NASA Astrophysics Data System (ADS)

Satoh, Hitoshi; Niki, Noboru; Eguchi, Kenji; Ohmatsu, Hironobu; Kaneko, Masahiro; Kakinuma, Ryutaru; Moriyama, Noriyuki

2011-03-01

We have developed the teleradiology network system with a new information security solution that provided with web medical image conference system. In the teleradiology network system, the security of information network is very important subjects. We are studying the secret sharing scheme as a method safely to store or to transmit the confidential medical information used with the teleradiology network system. The confidential medical information is exposed to the risk of the damage and intercept. Secret sharing scheme is a method of dividing the confidential medical information into two or more tallies. Individual medical information cannot be decoded by using one tally at all. Our method has the function of RAID. With RAID technology, if there is a failure in a single tally, there is redundant data already copied to other tally. Confidential information is preserved at an individual Data Center connected through internet because individual medical information cannot be decoded by using one tally at all. Therefore, even if one of the Data Centers is struck and information is damaged, the confidential medical information can be decoded by using the tallies preserved at the data center to which it escapes damage. We can safely share the screen of workstation to which the medical image of Data Center is displayed from two or more web conference terminals at the same time. Moreover, Real time biometric face authentication system is connected with Data Center. Real time biometric face authentication system analyzes the feature of the face image of which it takes a picture in 20 seconds with the camera and defends the safety of the medical information. We propose a new information transmission method and a new information storage method with a new information security solution.

Integrated secure solution for electronic healthcare records sharing

NASA Astrophysics Data System (ADS)

Yao, Yehong; Zhang, Chenghao; Sun, Jianyong; Jin, Jin; Zhang, Jianguo

2007-03-01

The EHR is a secure, real-time, point-of-care, patient-centric information resource for healthcare providers. Many countries and regional districts have set long-term goals to build EHRs, and most of EHRs are usually built based on the integration of different information systems with different information models and platforms. A number of hospitals in Shanghai are also piloting the development of an EHR solution based on IHE XDS/XDS-I profiles with a service-oriented architecture (SOA). The first phase of the project targets the Diagnostic Imaging domain and allows seamless sharing of images and reports across the multiple hospitals. To develop EHRs for regional coordinated healthcare, some factors should be considered in designing architecture, one of which is security issue. In this paper, we present some approaches and policies to improve and strengthen the security among the different hospitals' nodes, which are compliant with the security requirements defined by IHE IT Infrastructure (ITI) Technical Framework. Our security solution includes four components: Time Sync System (TSS), Digital Signature Manage System (DSMS), Data Exchange Control Component (DECC) and Single Sign-On (SSO) System. We give a design method and implementation strategy of these security components, and then evaluate the performance and overheads of the security services or features by integrating the security components into an image-based EHR system.

Koinonia: The Requirements and Vision for an Unclassified Information-Sharing System

DTIC Science & Technology

2013-06-01

of an effort to share information with multinational partners in Multinational Planning Augmentation Team (MPAT) ( Tempest Express Fact Sheet 2011... Tempest fact sheet. Global Security.org. May 7, 2011. Accessed May 3, 2013. http://www.globalsecurity.org/military/ops/ tempest -express.htm U.S

Communication security in open health care networks.

PubMed

Blobel, B; Pharow, P; Engel, K; Spiegel, V; Krohn, R

1999-01-01

Fulfilling the shared care paradigm, health care networks providing open systems' interoperability in health care are needed. Such communicating and co-operating health information systems, dealing with sensitive personal medical information across organisational, regional, national or even international boundaries, require appropriate security solutions. Based on the generic security model, within the European MEDSEC project an open approach for secure EDI like HL7, EDIFACT, XDT or XML has been developed. The consideration includes both securing the message in an unsecure network and the transport of the unprotected information via secure channels (SSL, TLS etc.). Regarding EDI, an open and widely usable security solution has been specified and practically implemented for the examples of secure mailing and secure file transfer (FTP) via wrapping the sensitive information expressed by the corresponding protocols. The results are currently prepared for standardisation.

Information security requirements in patient-centred healthcare support systems.

PubMed

Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

2013-01-01

Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

Classification of cognitive systems dedicated to data sharing

NASA Astrophysics Data System (ADS)

Ogiela, Lidia; Ogiela, Marek R.

2017-08-01

In this paper will be presented classification of new cognitive information systems dedicated to cryptographic data splitting and sharing processes. Cognitive processes of semantic data analysis and interpretation, will be used to describe new classes of intelligent information and vision systems. In addition, cryptographic data splitting algorithms and cryptographic threshold schemes will be used to improve processes of secure and efficient information management with application of such cognitive systems. The utility of the proposed cognitive sharing procedures and distributed data sharing algorithms will be also presented. A few possible application of cognitive approaches for visual information management and encryption will be also described.

Security Notice To Federal, State and Local Officials Receiving Access to the Risk Management Program’s Off-site Consequence Analysis Information

EPA Pesticide Factsheets

Based on the Chemical Safety Information, Site Security and Fuels Regulatory Relief Act (CSISSFRRA), this notice states that while you may share with the public data from OCA sections, it is illegal to disclose/distribute the sections themselves.

The Department of Homeland Security Intelligence Enterprise: Operational Overview and Oversight Challenges for Congress

DTIC Science & Technology

2009-05-27

technology network architecture to connect various DHS elements and promote information sharing.17 • Establish a DHS State, Local, and Regional...A Strategic Plan; training, and the implementation of a comprehensive information systems architecture .65 As part of its integration...information technology network architecture was submitted to Congress last year. See DHS I&A, Homeland Security Information Technology Network

High-Dimensional Circular Quantum Secret Sharing Using Orbital Angular Momentum

NASA Astrophysics Data System (ADS)

Tang, Dawei; Wang, Tie-jun; Mi, Sichen; Geng, Xiao-Meng; Wang, Chuan

2016-11-01

Quantum secret sharing is to distribute secret message securely between multi-parties. Here exploiting orbital angular momentum (OAM) state of single photons as the information carrier, we propose a high-dimensional circular quantum secret sharing protocol which increases the channel capacity largely. In the proposed protocol, the secret message is split into two parts, and each encoded on the OAM state of single photons. The security of the protocol is guaranteed by the laws of non-cloning theorem. And the secret messages could not be recovered except that the two receivers collaborated with each other. Moreover, the proposed protocol could be extended into high-level quantum systems, and the enhanced security could be achieved.

Infotech. Cyber security. Health care learns to share scares and solutions.

PubMed

Colias, Mike

2004-05-01

Health care information technology leaders and others are coming together to share scary experiences and develop best practices to guard against crippling computer viruses, scheming hackers and other cyber threats.

78 FR 55274 - Privacy Act of 1974; Department of Homeland Security/Transportation Security Administration-DHS...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-10

... enforcement, immigration, and intelligence databases, including a fingerprint-based criminal history records... boarding pass printing instruction. If the passenger's identifying information matches the entry on the TSA... enforcement, immigration, intelligence, or other homeland security functions. In addition, TSA may share...

Cloud Computing Security Issue: Survey

NASA Astrophysics Data System (ADS)

Kamal, Shailza; Kaur, Rajpreet

2011-12-01

Cloud computing is the growing field in IT industry since 2007 proposed by IBM. Another company like Google, Amazon, and Microsoft provides further products to cloud computing. The cloud computing is the internet based computing that shared recourses, information on demand. It provides the services like SaaS, IaaS and PaaS. The services and recourses are shared by virtualization that run multiple operation applications on cloud computing. This discussion gives the survey on the challenges on security issues during cloud computing and describes some standards and protocols that presents how security can be managed.

Secure Infrastructure-Less Network (SINET)

DTIC Science & Technology

2017-06-01

Protocol CNSA Commercial National Security Algorithm COMSEC Communications Security COTS Commercial off the Shelf CSfC Commercial Solutions for...ABSTRACT (maximum 200 words) Military leaders and first responders desire the familiarity of commercial -off-the-shelf lightweight mobile devices while...since they lack reliable or secure communication infrastructure. Routine and simple mobile information-sharing tasks become a challenge over the

Computer Security Awareness Guide for Department of Energy Laboratories, Government Agencies, and others for use with Lawrence Livermore National Laboratory`s (LLNL): Computer security short subjects videos

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education & Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1-3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices. Leaders may incorporate the Short Subjects into presentations. After talkingmore » about a subject area, one of the Short Subjects may be shown to highlight that subject matter. Another method for sharing them could be to show a Short Subject first and then lead a discussion about its topic. The cast of characters and a bit of information about their personalities in the LLNL Computer Security Short Subjects is included in this report.« less

A security mediator for health care information.

PubMed Central

Wiederhold, G.; Bilello, M.; Sarathy, V.; Qian, X.

1996-01-01

The TIHI (Trusted Interoperation of Healthcare Information) project addresses a security issue that arises when some information is being shared among collaborating enterprises, although not all enterprise information is sharable. It assumes that protection exists to prevent intrusion by adversaries through secure transmission and firewalls. The TIHI system design provides a gateway, owned by the enterprise security officer, to mediate queries and responses. The latter are typically transmitted via the Internet. The enterprise policy is determined by rules provided to the mediator. We show examples of typical rules. The problem and our solution, although developed in a healthcare context, is equally valid among collaborating enterprises. PMID:8947640

Simple group password-based authenticated key agreements for the integrated EPR information system.

PubMed

Lee, Tian-Fu; Chang, I-Pin; Wang, Ching-Cheng

2013-04-01

The security and privacy are important issues for electronic patient records (EPRs). The goal of EPRs is sharing the patients' medical histories such as the diagnosis records, reports and diagnosis image files among hospitals by the Internet. So the security issue for the integrated EPR information system is essential. That is, to ensure the information during transmission through by the Internet is secure and private. The group password-based authenticated key agreement (GPAKE) allows a group of users like doctors, nurses and patients to establish a common session key by using password authentication. Then the group of users can securely communicate by using this session key. Many approaches about GAPKE employ the public key infrastructure (PKI) in order to have higher security. However, it not only increases users' overheads and requires keeping an extra equipment for storing long-term secret keys, but also requires maintaining the public key system. This investigation presents a simple group password-based authenticated key agreement (SGPAKE) protocol for the integrated EPR information system. The proposed SGPAKE protocol does not require using the server or users' public keys. Each user only remembers his weak password shared with a trusted server, and then can obtain a common session key. Then all users can securely communicate by using this session key. The proposed SGPAKE protocol not only provides users with convince, but also has higher security.

31 CFR 1023.520 - Special information sharing procedures to deter money laundering and terrorist activity for...

Code of Federal Regulations, 2013 CFR

2013-07-01

...) FINANCIAL CRIMES ENFORCEMENT NETWORK, DEPARTMENT OF THE TREASURY RULES FOR BROKERS OR DEALERS IN SECURITIES... to deter money laundering and terrorist activity for brokers or dealers in securities. 1023.520... securities. (a) Refer to § 1010.520 of this chapter. (b) [Reserved] ...

31 CFR 1023.520 - Special information sharing procedures to deter money laundering and terrorist activity for...

Code of Federal Regulations, 2014 CFR

2014-07-01

...) FINANCIAL CRIMES ENFORCEMENT NETWORK, DEPARTMENT OF THE TREASURY RULES FOR BROKERS OR DEALERS IN SECURITIES... to deter money laundering and terrorist activity for brokers or dealers in securities. 1023.520... securities. (a) Refer to § 1010.520 of this chapter. (b) [Reserved] ...

31 CFR 1023.520 - Special information sharing procedures to deter money laundering and terrorist activity for...

Code of Federal Regulations, 2011 CFR

2011-07-01

...) FINANCIAL CRIMES ENFORCEMENT NETWORK, DEPARTMENT OF THE TREASURY RULES FOR BROKERS OR DEALERS IN SECURITIES... to deter money laundering and terrorist activity for brokers or dealers in securities. 1023.520... securities. (a) Refer to § 1010.520 of this chapter. (b) [Reserved] ...

31 CFR 1023.520 - Special information sharing procedures to deter money laundering and terrorist activity for...

Code of Federal Regulations, 2012 CFR

2012-07-01

...) FINANCIAL CRIMES ENFORCEMENT NETWORK, DEPARTMENT OF THE TREASURY RULES FOR BROKERS OR DEALERS IN SECURITIES... to deter money laundering and terrorist activity for brokers or dealers in securities. 1023.520... securities. (a) Refer to § 1010.520 of this chapter. (b) [Reserved] ...

The Department of Homeland Security Intelligence Enterprise: Operational Overview and Oversight Challenges for Congress

DTIC Science & Technology

2010-03-19

network architecture to connect various DHS elements and promote information sharing.17 • Establish a DHS State, Local, and Regional Fusion Center...of reports; the I&A Strategic Plan; training, and the implementation of a comprehensive information systems architecture .73 As part of its...comprehensive information technology network architecture was submitted to Congress last year. See DHS I&A, Homeland Security Information Technology Network

Cyber security: a critical examination of information sharing versus data sensitivity issues for organisations at risk of cyber attack.

PubMed

Mallinder, Jason; Drabwell, Peter

Cyber threats are growing and evolving at an unprecedented rate.Consequently, it is becoming vitally important that organisations share information internally and externally before, during and after incidents they encounter so that lessons can be learned, good practice identified and new cyber resilience capabilities developed. Many organisations are reluctant to share such information for fear of divulging sensitive information or because it may be vague or incomplete. This provides organisations with a complex dilemma: how to share information as openly as possibly about cyber incidents, while protecting their confidentiality and focusing on service recovery from such incidents. This paper explores the dilemma of information sharing versus sensitivity and provides a practical overview of considerations every business continuity plan should address to plan effectively for information sharing in the event of a cyber incident.

Sharing the Knowledge: Government-Private Sector Partnerships to Enhance Information Security

DTIC Science & Technology

2000-05-01

private sector . However, substantial barriers threaten to block information exchanges between the government and private sector . These barriers include concerns over release of sensitive material under Freedom of Information Act requests, antitrust actions, protection of business confidential and other private material, possible liability due to shared information, disclosure of classified information, and burdens entailed with cooperating with law enforcement agencies. There is good cause to believe that the government and private

Defending against Attribute-Correlation Attacks in Privacy-Aware Information Brokering

NASA Astrophysics Data System (ADS)

Li, Fengjun; Luo, Bo; Liu, Peng; Squicciarini, Anna C.; Lee, Dongwon; Chu, Chao-Hsien

Nowadays, increasing needs for information sharing arise due to extensive collaborations among organizations. Organizations desire to provide data access to their collaborators while preserving full control over the data and comprehensive privacy of their users. A number of information systems have been developed to provide efficient and secure information sharing. However, most of the solutions proposed so far are built atop of conventional data warehousing or distributed database technologies.

Exchange Network

EPA Pesticide Factsheets

The Environmental Information Exchange Network (EN) is an Internet-based system used by state, tribal and territorial partners to securely share environmental and health information with one another and EPA.

Quantum secret sharing with identity authentication based on Bell states

NASA Astrophysics Data System (ADS)

Abulkasim, Hussein; Hamad, Safwat; Khalifa, Amal; El Bahnasy, Khalid

Quantum secret sharing techniques allow two parties or more to securely share a key, while the same number of parties or less can efficiently deduce the secret key. In this paper, we propose an authenticated quantum secret sharing protocol, where a quantum dialogue protocol is adopted to authenticate the identity of the parties. The participants simultaneously authenticate the identity of each other based on parts of a prior shared key. Moreover, the whole prior shared key can be reused for deducing the secret data. Although the proposed scheme does not significantly improve the efficiency performance, it is more secure compared to some existing quantum secret sharing scheme due to the identity authentication process. In addition, the proposed scheme can stand against participant attack, man-in-the-middle attack, impersonation attack, Trojan-horse attack as well as information leaks.

The Safe and Effective Use of Shared Data Underpinned by Stakeholder Engagement and Evaluation Practice.

PubMed

Georgiou, Andrew; Magrabi, Farah; Hypponen, Hannele; Wong, Zoie Shui-Yee; Nykänen, Pirkko; Scott, Philip J; Ammenwerth, Elske; Rigby, Michael

2018-04-22

 The paper draws attention to: i) key considerations involving the confidentiality, privacy, and security of shared data; and ii) the requirements needed to build collaborative arrangements encompassing all stakeholders with the goal of ensuring safe, secure, and quality use of shared data.  A narrative review of existing research and policy approaches along with expert perspectives drawn from the International Medical Informatics Association (IMIA) Working Group on Technology Assessment and Quality Development in Health Care and the European Federation for Medical Informatics (EFMI) Working Group for Assessment of Health Information Systems.  The technological ability to merge, link, re-use, and exchange data has outpaced the establishment of policies, procedures, and processes to monitor the ethics and legality of shared use of data. Questions remain about how to guarantee the security of shared data, and how to establish and maintain public trust across large-scale shared data enterprises. This paper identifies the importance of data governance frameworks (incorporating engagement with all stakeholders) to underpin the management of the ethics and legality of shared data use. The paper also provides some key considerations for the establishment of national approaches and measures to monitor compliance with best practice. Data sharing endeavours can help to underpin new collaborative models of health care which provide shared information, engagement, and accountability amongst all stakeholders. We believe that commitment to rigorous evaluation and stakeholder engagement will be critical to delivering health data benefits and the establishment of collaborative models of health care into the future. Georg Thieme Verlag KG Stuttgart.

A Generalized Information Theoretical Model for Quantum Secret Sharing

NASA Astrophysics Data System (ADS)

Bai, Chen-Ming; Li, Zhi-Hui; Xu, Ting-Ting; Li, Yong-Ming

2016-11-01

An information theoretical model for quantum secret sharing was introduced by H. Imai et al. (Quantum Inf. Comput. 5(1), 69-80 2005), which was analyzed by quantum information theory. In this paper, we analyze this information theoretical model using the properties of the quantum access structure. By the analysis we propose a generalized model definition for the quantum secret sharing schemes. In our model, there are more quantum access structures which can be realized by our generalized quantum secret sharing schemes than those of the previous one. In addition, we also analyse two kinds of important quantum access structures to illustrate the existence and rationality for the generalized quantum secret sharing schemes and consider the security of the scheme by simple examples.

Securely and Flexibly Sharing a Biomedical Data Management System

PubMed Central

Wang, Fusheng; Hussels, Phillip; Liu, Peiya

2011-01-01

Biomedical database systems need not only to address the issues of managing complex data, but also to provide data security and access control to the system. These include not only system level security, but also instance level access control such as access of documents, schemas, or aggregation of information. The latter is becoming more important as multiple users can share a single scientific data management system to conduct their research, while data have to be protected before they are published or IP-protected. This problem is challenging as users’ needs for data security vary dramatically from one application to another, in terms of who to share with, what resources to be shared, and at what access level. We develop a comprehensive data access framework for a biomedical data management system SciPort. SciPort provides fine-grained multi-level space based access control of resources at not only object level (documents and schemas), but also space level (resources set aggregated in a hierarchy way). Furthermore, to simplify the management of users and privileges, customizable role-based user model is developed. The access control is implemented efficiently by integrating access privileges into the backend XML database, thus efficient queries are supported. The secure access approach we take makes it possible for multiple users to share the same biomedical data management system with flexible access management and high data security. PMID:21625285

75 FR 55335 - Privacy Act of 1974; Privacy Act of 1974: Department of Homeland Security/ALL-031 Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-10

... in a system of records in the possession or under the control of DHS by complying with DHS Privacy... 1974; Privacy Act of 1974: Department of Homeland Security/ALL-031 Information Sharing Environment Suspicious Activity Reporting Initiative System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of...

Database Security: What Students Need to Know

ERIC Educational Resources Information Center

Murray, Meg Coffin

2010-01-01

Database security is a growing concern evidenced by an increase in the number of reported incidents of loss of or unauthorized exposure to sensitive data. As the amount of data collected, retained and shared electronically expands, so does the need to understand database security. The Defense Information Systems Agency of the US Department of…

TENOR Follow-on

DTIC Science & Technology

2002-04-01

Training environments; Distance learning; Information sharing; System architecture; 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT Public... security , and the team members generally originate from different geographical locations and different units with varied operational mission and...Use of a server provides security and flexibility in the development and updating of training material. The lessons are created in HTML, a widely

Information Systems: The Status of Computer Security at the Department of Veterans Affairs

DTIC Science & Technology

1999-10-01

security weaknesses identified. The results of our underlying reviews were shared with VAs Office of Inspector General (OIG) for its use in auditing VA’s consolidated financial statements for fiscal year 1998.

The Wicked Problem of Information Sharing in Homeland Security - A Leadership Perspective

DTIC Science & Technology

2014-06-01

filled environment. One such coping strategy termed emotion work, describes how analysts manage their feelings to display a public face or bodily ...in many aspects of Western culture but 56 Jeff Conklin, Dialogue Mapping : Building Shared...effective, whether modifications should be 60 Conklin, Dialogue Mapping : Building Shared Understanding

Novel Threshold Changeable Secret Sharing Schemes Based on Polynomial Interpolation

PubMed Central

Li, Mingchu; Guo, Cheng; Choo, Kim-Kwang Raymond; Ren, Yizhi

2016-01-01

After any distribution of secret sharing shadows in a threshold changeable secret sharing scheme, the threshold may need to be adjusted to deal with changes in the security policy and adversary structure. For example, when employees leave the organization, it is not realistic to expect departing employees to ensure the security of their secret shadows. Therefore, in 2012, Zhang et al. proposed (t → t′, n) and ({t1, t2,⋯, tN}, n) threshold changeable secret sharing schemes. However, their schemes suffer from a number of limitations such as strict limit on the threshold values, large storage space requirement for secret shadows, and significant computation for constructing and recovering polynomials. To address these limitations, we propose two improved dealer-free threshold changeable secret sharing schemes. In our schemes, we construct polynomials to update secret shadows, and use two-variable one-way function to resist collusion attacks and secure the information stored by the combiner. We then demonstrate our schemes can adjust the threshold safely. PMID:27792784

Novel Threshold Changeable Secret Sharing Schemes Based on Polynomial Interpolation.

PubMed

Yuan, Lifeng; Li, Mingchu; Guo, Cheng; Choo, Kim-Kwang Raymond; Ren, Yizhi

2016-01-01

After any distribution of secret sharing shadows in a threshold changeable secret sharing scheme, the threshold may need to be adjusted to deal with changes in the security policy and adversary structure. For example, when employees leave the organization, it is not realistic to expect departing employees to ensure the security of their secret shadows. Therefore, in 2012, Zhang et al. proposed (t → t', n) and ({t1, t2,⋯, tN}, n) threshold changeable secret sharing schemes. However, their schemes suffer from a number of limitations such as strict limit on the threshold values, large storage space requirement for secret shadows, and significant computation for constructing and recovering polynomials. To address these limitations, we propose two improved dealer-free threshold changeable secret sharing schemes. In our schemes, we construct polynomials to update secret shadows, and use two-variable one-way function to resist collusion attacks and secure the information stored by the combiner. We then demonstrate our schemes can adjust the threshold safely.

[Study on network architecture of a tele-medical information sharing platform].

PubMed

Pan, Lin; Yu, Lun; Chen, Jin-xiong

2006-07-01

In the article,a plan of network construction which satisfies the demand of applications for a telemedical information sharing platform is proposed. We choice network access plans in view of user actual situation, through the analysis of the service demand and many kinds of network access technologies. Hospital servers that locate in LAN link sharing platform with node servers, should separate from the broadband network of sharing platform in order to ensure the security of the internal hospital network and the administration management. We use the VPN technology to realize the safe transmission of information in the platform network. Preliminary experiments have proved the plan is practicable.

General A Scheme to Share Information via Employing Discrete Algorithm to Quantum States

NASA Astrophysics Data System (ADS)

Kang, Guo-Dong; Fang, Mao-Fa

2011-02-01

We propose a protocol for information sharing between two legitimate parties (Bob and Alice) via public-key cryptography. In particular, we specialize the protocol by employing discrete algorithm under mod that maps integers to quantum states via photon rotations. Based on this algorithm, we find that the protocol is secure under various classes of attacks. Specially, owe to the algorithm, the security of the classical privacy contained in the quantum public-key and the corresponding ciphertext is guaranteed. And the protocol is robust against the impersonation attack and the active wiretapping attack by designing particular checking processing, thus the protocol is valid.

26 CFR 1.6045A-1 - Statements of information required in connection with transfers of securities.

Code of Federal Regulations, 2014 CFR

2014-04-01

... stock, how that stock is held, and how many shares each investor owns. O transfers the stock to D. (ii... statement that includes the information described in paragraph (b) of this section with respect to the transferred security. Except as provided in paragraphs (b)(1)(vii) and (b)(3) of this section (relating to...

26 CFR 1.6045A-1 - Statements of information required in connection with transfers of securities.

Code of Federal Regulations, 2013 CFR

2013-04-01

... stock, how that stock is held, and how many shares each investor owns. O transfers the stock to D. (ii... statement that includes the information described in paragraph (b) of this section with respect to the transferred security. Except as provided in paragraphs (b)(1)(vii) and (b)(3) of this section (relating to...

26 CFR 1.6045A-1 - Statements of information required in connection with transfers of securities.

Code of Federal Regulations, 2012 CFR

2012-04-01

... stock, how that stock is held, and how many shares each investor owns. O transfers the stock to D. (ii... statement that includes the information described in paragraph (b) of this section with respect to the transferred security. Except as provided in paragraphs (b)(1)(vii) and (b)(3) of this section (relating to...

26 CFR 1.6045A-1 - Statements of information required in connection with transfers of securities.

Code of Federal Regulations, 2011 CFR

2011-04-01

... stock, how that stock is held, and how many shares each investor owns. O transfers the stock to D. (ii... statement that includes the information described in paragraph (b) of this section with respect to the transferred security. Except as provided in paragraphs (b)(1)(vii) and (b)(3) of this section (relating to...

Final Report: Sensorpedia Phase 3

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gorman, Bryan L; Resseguie, David R

2011-02-01

This report is a summary of the Oak Ridge National Laboratory s (ORNL s) Phase 3 development of Sensorpedia, a sensor information sharing platform. Sensorpedia is ORNL s Wikipedia for Sensors. The overall goal of Sensorpedia is to enable global scale sensor information sharing for scientific research, national security and defense, public health and safety, emergency preparedness and response, and general community awareness and outreach.

International Cyber Incident Repository System: Information Sharing on a Global Scale

DOE Office of Scientific and Technical Information (OSTI.GOV)

Joyce, Amanda L.; Evans, PhD, Nathaniel; Tanzman, Edward A.

According to the 2016 Internet Security Threat Report, the largest number of cyber attacks were recorded last year (2015), reaching a total of 430 million incidents throughout the world. As the number of cyber incidents increases, the need for information and intelligence sharing increases, as well. This fairly large increase in cyber incidents is driving the need for an international cyber incident data reporting system. The goal of the cyber incident reporting system is to make available shared and collected information about cyber events among participating international parties. In its 2014 report, Insurance Industry Working Session Readout Report-Insurance for CyberRelatedmore » Critical Infrastructure Loss: Key Issues, on the outcomes of a working session on cyber insurance, the U.S. Department of Homeland Security observed that “many participants cited the need for a secure method through which organizations could pool and share cyber incident information” and noted that one underwriter emphasized the importance of internationally harmonized data taxonomies. This cyber incident data reporting system could benefit all nations that take part in reporting incidents to provide a more common operating picture. In addition, this reporting system could allow for trending and anticipated attacks and could potentially benefit participating members by enabling them to get in front of potential attacks. The purpose of this paper is to identify options for consideration for such a system in fostering cooperative cyber defense.« less

Accessing Your Health Information: How can I access my health information and medical records?

MedlinePlus

... Privacy & Security How can I access my health information/medical record? Know your rights. It is your ... to see and get copies of your health information, or share it with a third party, such ...

Anonymity Versus Privacy: Selective Information Sharing in Online Cancer Communities

PubMed Central

Vermeulen, Ivar E; Beekers, Nienke

2014-01-01

Background Active sharing in online cancer communities benefits patients. However, many patients refrain from sharing health information online due to privacy concerns. Existing research on privacy emphasizes data security and confidentiality, largely focusing on electronic medical records. Patient preferences around information sharing in online communities remain poorly understood. Consistent with the privacy calculus perspective adopted from e-commerce research, we suggest that patients approach online information sharing instrumentally, weighing privacy costs against participation benefits when deciding whether to share certain information. Consequently, we argue that patients prefer sharing clinical information over daily life and identity information that potentially compromises anonymity. Furthermore, we explore whether patients’ prior experiences, age, health, and gender affect perceived privacy costs and thus willingness to share information. Objective The goal of the present study is to document patient preferences for sharing information within online health platforms. Methods A total of 115 cancer patients reported sharing intentions for 15 different types of information, demographics, health status, prior privacy experiences, expected community utility, and privacy concerns. Results Factor analysis on the 15 information types revealed 3 factors coinciding with 3 proposed information categories: clinical, daily life, and identity information. A within-subject ANOVA showed a strong preference for sharing clinical information compared to daily life and identity information (F 1,114=135.59, P=.001, η2=.93). Also, adverse online privacy experiences, age, and health status negatively affected information-sharing intentions. Female patients shared information less willingly. Conclusions Respondents’ information-sharing intentions depend on dispositional and situational factors. Patients share medical details more willingly than daily life or identity information. The results suggest the need to focus on anonymity rather than privacy in online communities. PMID:24828114

Anonymity versus privacy: selective information sharing in online cancer communities.

PubMed

Frost, Jeana; Vermeulen, Ivar E; Beekers, Nienke

2014-05-14

Active sharing in online cancer communities benefits patients. However, many patients refrain from sharing health information online due to privacy concerns. Existing research on privacy emphasizes data security and confidentiality, largely focusing on electronic medical records. Patient preferences around information sharing in online communities remain poorly understood. Consistent with the privacy calculus perspective adopted from e-commerce research, we suggest that patients approach online information sharing instrumentally, weighing privacy costs against participation benefits when deciding whether to share certain information. Consequently, we argue that patients prefer sharing clinical information over daily life and identity information that potentially compromises anonymity. Furthermore, we explore whether patients' prior experiences, age, health, and gender affect perceived privacy costs and thus willingness to share information. The goal of the present study is to document patient preferences for sharing information within online health platforms. A total of 115 cancer patients reported sharing intentions for 15 different types of information, demographics, health status, prior privacy experiences, expected community utility, and privacy concerns. Factor analysis on the 15 information types revealed 3 factors coinciding with 3 proposed information categories: clinical, daily life, and identity information. A within-subject ANOVA showed a strong preference for sharing clinical information compared to daily life and identity information (F1,114=135.59, P=.001, η(2)=.93). Also, adverse online privacy experiences, age, and health status negatively affected information-sharing intentions. Female patients shared information less willingly. Respondents' information-sharing intentions depend on dispositional and situational factors. Patients share medical details more willingly than daily life or identity information. The results suggest the need to focus on anonymity rather than privacy in online communities.

To direct the Secretary of Homeland Security to close the National Applications Office of the Department of Homeland Security.

THOMAS, 111th Congress

Rep. Harman, Jane [D-CA-36

2009-06-04

House - 06/17/2009 Referred to the Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

Trust Management and Accountability for Internet Security

ERIC Educational Resources Information Center

Liu, Wayne W.

2011-01-01

Adversarial yet interacting interdependent relationships in information sharing and service provisioning have been a pressing issue of the Internet. Such relationships exist among autonomous software agents, in networking system peers, as well as between "service users and providers." Traditional "ad hoc" security approaches effective in…

Shared Awareness in Times of Crisis: A Framework for Collaboration

DTIC Science & Technology

2011-06-01

also affords a “ dashboard ” perspective allowing for centralization of resources. The U.S. Army’s Knowledge Online portal is one example of a single...labor, energy, materials, information, cash and technology into outputs of higher value • Organization’s values (criteria that managers and...follows: Challenges - Disabilities Inter-Organizational Cross-Organizational Privacy and Security high security (portal) blocks information flow Trust

Social Media - DoD’s Greatest Information Sharing Tool or Weakest Security Link?

DTIC Science & Technology

2010-04-15

porn . ―This makes us our own worst threat‖, writes one DoD network security specialist. ―There are a variety of reasons for this and most are tied to...great „toy‟ to talk to your friends and play video games. DHS Secretary Napolitano discussed the need to hire 1,000 cyber security experts over the

The DNA Bank: High-Security Bank Accounts to Protect and Share Your Genetic Identity.

PubMed

den Dunnen, Johan T

2015-07-01

With the cost of genome sequencing decreasing every day, DNA information has the potential of affecting the lives of everyone. Surprisingly, an individual has little knowledge about his own DNA information, can rarely access it, and has hardly any control over its use. This may result in preventable, life-threatening situations, and also significantly inhibits scientific progress. What we urgently need is a "DNA bank," a resource providing a secure personal account where, similar to a financial institution, you can store your DNA sequence. Using this private and secure DNA bank account, you govern your sequence-related business. For any genetic study performed, the data generated must be transferred (paid) to your DNA account. Using your account, you regulate access, knowing for what purpose (informed consent) and only for the genetic data you are willing to share. The DNA account ensures you are in the driver's seat, know what is known, and control what is happening with it. © 2015 WILEY PERIODICALS, INC.

Domestic embedded reporter program: saving lives and securing tactical operations

DTIC Science & Technology

2017-03-01

estimated to average 1 hour per response, including the time for reviewing instruction, searching existing data sources, gathering and maintaining the...13. ABSTRACT (maximum 200 words) Advances in technology have provided journalists the tools to obtain and share real- time information during domestic...terrorist and mass-shooting incidents. This real- time information-sharing compromises the safety of first responders, victims, and reporters. Real

Enhancing FBI Terrorism and Homeland Security Information Sharing With State, Local and Tribal Agencies

DTIC Science & Technology

2010-09-01

the proposed NSI implementation (PM-ISE, 2008). The ISE reported, in October 2009, that the Los Angeles Police Department ( LAPD ) ISE...position of the Department of Defense or the U.S. Government. IRB Protocol number ________________. 12a. DISTRIBUTION / AVAILABILITY STATEMENT...critical, priority issue for all levels of government. The consensus of all three categories of literature was that government information sharing

Cryptanalysis on a scheme to share information via employing a discrete algorithm to quantum states

NASA Astrophysics Data System (ADS)

Amellal, H.; Meslouhi, A.; El Baz, M.; Hassouni, Y.; El Allati, A.

2017-03-01

Recently, Yang and Hwang [Int. J. Theor. Phys. 53, 224 (2014)] demonstrated that the scheme to share information via employing discrete algorithm to quantum states presented by Kang and Fang [Commun. Theor. Phys. 55, 239 (2011)] suffers from a major vulnerability allowing an eavesdropper to perform a measurement and resend attack. By introducing an additional checking state framework, the authors have proposed an improved protocol to overcome this weakness. This work calls into question the invoked vulnerability in order to clarify a misinterpretation in the same protocol stages also introduce a possible leakage information strategy, known as a faked state attack, despite the proposed improvement, which means that the same security problem may persist. Finally, an upgrading technic was introduced in order to enhance the security transmission.

Digital Photograph Security: What Plastic Surgeons Need to Know.

PubMed

Thomas, Virginia A; Rugeley, Patricia B; Lau, Frank H

2015-11-01

Sharing and storing digital patient photographs occur daily in plastic surgery. Two major risks associated with the practice, data theft and Health Insurance Portability and Accountability Act (HIPAA) violations, have been dramatically amplified by high-speed data connections and digital camera ubiquity. The authors review what plastic surgeons need to know to mitigate those risks and provide recommendations for implementing an ideal, HIPAA-compliant solution for plastic surgeons' digital photography needs: smartphones and cloud storage. Through informal discussions with plastic surgeons, the authors identified the most common photograph sharing and storage methods. For each method, a literature search was performed to identify the risks of data theft and HIPAA violations. HIPAA violation risks were confirmed by the second author (P.B.R.), a compliance liaison and privacy officer. A comprehensive review of HIPAA-compliant cloud storage services was performed. When possible, informal interviews with cloud storage services representatives were conducted. The most common sharing and storage methods are not HIPAA compliant, and several are prone to data theft. The authors' review of cloud storage services identified six HIPAA-compliant vendors that have strong to excellent security protocols and policies. These options are reasonably priced. Digital photography and technological advances offer major benefits to plastic surgeons but are not without risks. A proper understanding of data security and HIPAA regulations needs to be applied to these technologies to safely capture their benefits. Cloud storage services offer efficient photograph sharing and storage with layers of security to ensure HIPAA compliance and mitigate data theft risk.

Network Computing Infrastructure to Share Tools and Data in Global Nuclear Energy Partnership

NASA Astrophysics Data System (ADS)

Kim, Guehee; Suzuki, Yoshio; Teshima, Naoya

CCSE/JAEA (Center for Computational Science and e-Systems/Japan Atomic Energy Agency) integrated a prototype system of a network computing infrastructure for sharing tools and data to support the U.S. and Japan collaboration in GNEP (Global Nuclear Energy Partnership). We focused on three technical issues to apply our information process infrastructure, which are accessibility, security, and usability. In designing the prototype system, we integrated and improved both network and Web technologies. For the accessibility issue, we adopted SSL-VPN (Security Socket Layer-Virtual Private Network) technology for the access beyond firewalls. For the security issue, we developed an authentication gateway based on the PKI (Public Key Infrastructure) authentication mechanism to strengthen the security. Also, we set fine access control policy to shared tools and data and used shared key based encryption method to protect tools and data against leakage to third parties. For the usability issue, we chose Web browsers as user interface and developed Web application to provide functions to support sharing tools and data. By using WebDAV (Web-based Distributed Authoring and Versioning) function, users can manipulate shared tools and data through the Windows-like folder environment. We implemented the prototype system in Grid infrastructure for atomic energy research: AEGIS (Atomic Energy Grid Infrastructure) developed by CCSE/JAEA. The prototype system was applied for the trial use in the first period of GNEP.

The Role of Healthcare Technology Management in Facilitating Medical Device Cybersecurity.

PubMed

Busdicker, Mike; Upendra, Priyanka

2017-09-02

This article discusses the role of healthcare technology management (HTM) in medical device cybersecurity and outlines concepts that are applicable to HTM professionals at a healthcare delivery organization or at an integrated delivery network, regardless of size. It provides direction for HTM professionals who are unfamiliar with the security aspects of managing healthcare technologies but are familiar with standards from The Joint Commission (TJC). It provides a useful set of recommendations, including relevant references for incorporating good security practices into HTM practice. Recommendations for policies, procedures, and processes referencing TJC standards are easily applicable to HTM departments with limited resources and to those with no resource concerns. The authors outline processes from their organization as well as best practices learned through information sharing at AAMI, National Health Information Sharing and Analysis Center (NH-ISAC), and Medical Device Innovation, Safety, and Security Consortium (MDISS) conferences and workshops.

Security controls in an integrated Biobank to protect privacy in data sharing: rationale and study design.

PubMed

Takai-Igarashi, Takako; Kinoshita, Kengo; Nagasaki, Masao; Ogishima, Soichi; Nakamura, Naoki; Nagase, Sachiko; Nagaie, Satoshi; Saito, Tomo; Nagami, Fuji; Minegishi, Naoko; Suzuki, Yoichi; Suzuki, Kichiya; Hashizume, Hiroaki; Kuriyama, Shinichi; Hozawa, Atsushi; Yaegashi, Nobuo; Kure, Shigeo; Tamiya, Gen; Kawaguchi, Yoshio; Tanaka, Hiroshi; Yamamoto, Masayuki

2017-07-06

With the goal of realizing genome-based personalized healthcare, we have developed a biobank that integrates personal health, genome, and omics data along with biospecimens donated by volunteers of 150,000. Such a large-scale of data integration involves obvious risks of privacy violation. The research use of personal genome and health information is a topic of global discussion with regard to the protection of privacy while promoting scientific advancement. The present paper reports on our plans, current attempts, and accomplishments in addressing security problems involved in data sharing to ensure donor privacy while promoting scientific advancement. Biospecimens and data have been collected in prospective cohort studies with the comprehensive agreement. The sample size of 150,000 participants was required for multiple researches including genome-wide screening of gene by environment interactions, haplotype phasing, and parametric linkage analysis. We established the T ohoku M edical M egabank (TMM) data sharing policy: a privacy protection rule that requires physical, personnel, and technological safeguards against privacy violation regarding the use and sharing of data. The proposed policy refers to that of NCBI and that of the Sanger Institute. The proposed policy classifies shared data according to the strength of re-identification risks. Local committees organized by TMM evaluate re-identification risk and assign a security category to a dataset. Every dataset is stored in an assigned segment of a supercomputer in accordance with its security category. A security manager should be designated to handle all security problems at individual data use locations. The proposed policy requires closed networks and IP-VPN remote connections. The mission of the biobank is to distribute biological resources most productively. This mission motivated us to collect biospecimens and health data and simultaneously analyze genome/omics data in-house. The biobank also has the mission of improving the quality and quantity of the contents of the biobank. This motivated us to request users to share the results of their research as feedback to the biobank. The TMM data sharing policy has tackled every security problem originating with the missions. We believe our current implementation to be the best way to protect privacy in data sharing.

Privacy-Preserving and Secure Sharing of PHR in the Cloud.

PubMed

Zhang, Leyou; Wu, Qing; Mu, Yi; Zhang, Jingxia

2016-12-01

As a new summarized record of an individual's medical data and information, Personal Health Record (PHR) can be accessible online. The owner can control fully his/her PHR files to be shared with different users such as doctors, clinic agents, and friends. However, in an open network environment like in the Cloud, these sensitive privacy information may be gotten by those unauthorized parties and users. In this paper, we consider how to achieve PHR data confidentiality and provide fine-grained access control of PHR files in the public Cloud based on Attribute Based Encryption(ABE). Differing from previous works, we also consider the privacy preserving of the receivers since the attributes of the receivers relate to their identity or medical information, which would make some sensitive data exposed to third services. Anonymous ABE(AABE) not only enforces the security of PHR of the owners but also preserves the privacy of the receivers. But a normal AABE with a single private key generation(PKG) center may not match a PHR system in the hierarchical architecture. Therefore, we discuss not only the construction of the PHR sharing system base on AABE but also how to construct the PHR sharing system based on the hierarchical AABE. The proposed schemes(especially based on hierarchical AABE) have many advantages over the available such as short public keys, constant-size private keys, which overcome the weaknesses in the existing works. In the standard model, the introduced schemes achieve compact security in the prime order groups.

Leveraging Service Oriented Architecture to Enhance Information Sharing for Surface Transportation Security

DTIC Science & Technology

2008-09-01

telephone, conference calls, emails, alert notifications, and blackberry . The RDTSF holds conference calls with its stakeholders to provide routine... tunnels ) is monitored by CCTV cameras with live feeds to WMATA’s Operations Control Center (OCC) to detect unauthorized entry into areas not intended for...message by email, blackberry and phone to the Security Coordinators. Dissemination of classified information however, is generally handled through the

To prohibit the Secretary of Homeland Security from obligating or expending funds for the National Applications Office of the Department of Homeland Security.

THOMAS, 111th Congress

Rep. Harman, Jane [D-CA-36

2009-06-04

House - 06/17/2009 Referred to the Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

78 FR 53736 - Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-30

...: Title, Associated Form and OMB Number: Defense Industrial Base Cyber Security/Information Assurance (DIB CS/IA) Cyber Incident Reporting; OMB Control Number 0704-0489. Type of Request: Reinstatement without.... The requested information supports the collaborative cyber threat information sharing and incident...

Network security vulnerabilities and personal privacy issues in Healthcare Information Systems: a case study in a private hospital in Turkey.

PubMed

Namoğlu, Nihan; Ulgen, Yekta

2013-01-01

Healthcare industry has become widely dependent on information technology and internet as it moves from paper to electronic records. Healthcare Information System has to provide a high quality service to patients and a productive knowledge share between healthcare staff by means of patient data. With the internet being commonly used across hospitals, healthcare industry got its own share from cyber threats like other industries in the world. The challenge is allowing knowledge transfer to hospital staff while still ensuring compliance with security mandates. Working in collaboration with a private hospital in Turkey; this study aims to reveal the essential elements of a 21st century business continuity plan for hospitals while presenting the security vulnerabilities in the current hospital information systems and personal privacy auditing standards proposed by regulations and laws. We will survey the accreditation criteria in Turkey and counterparts in US and EU. We will also interview with medical staff in the hospital to understand the needs for personal privacy and the technical staff to perceive the technical requirements in terms of network security configuration and deployment. As hospitals are adopting electronic transactions, it should be considered a must to protect these electronic health records in terms of personal privacy aspects.

Secure data sharing in public cloud

NASA Astrophysics Data System (ADS)

Venkataramana, Kanaparti; Naveen Kumar, R.; Tatekalva, Sandhya; Padmavathamma, M.

2012-04-01

Secure multi-party protocols have been proposed for entities (organizations or individuals) that don't fully trust each other to share sensitive information. Many types of entities need to collect, analyze, and disseminate data rapidly and accurately, without exposing sensitive information to unauthorized or untrusted parties. Solutions based on secure multiparty computation guarantee privacy and correctness, at an extra communication (too costly in communication to be practical) and computation cost. The high overhead motivates us to extend this SMC to cloud environment which provides large computation and communication capacity which makes SMC to be used between multiple clouds (i.e., it may between private or public or hybrid clouds).Cloud may encompass many high capacity servers which acts as a hosts which participate in computation (IaaS and PaaS) for final result, which is controlled by Cloud Trusted Authority (CTA) for secret sharing within the cloud. The communication between two clouds is controlled by High Level Trusted Authority (HLTA) which is one of the hosts in a cloud which provides MgaaS (Management as a Service). Due to high risk for security in clouds, HLTA generates and distributes public keys and private keys by using Carmichael-R-Prime- RSA algorithm for exchange of private data in SMC between itself and clouds. In cloud, CTA creates Group key for Secure communication between the hosts in cloud based on keys sent by HLTA for exchange of Intermediate values and shares for computation of final result. Since this scheme is extended to be used in clouds( due to high availability and scalability to increase computation power) it is possible to implement SMC practically for privacy preserving in data mining at low cost for the clients.

SoS Lablet; Perpetually Available and Secure Information Systems

DTIC Science & Technology

2015-11-16

settings, people simply err on the safe side and do a lot less sharing, which explains why all pull -based location sharing applications have failed so...number of data centers is raising concerns about their power consumption. Through an NSF GOALI Bruce Krogh and I have investigated the problem by

Unclassified Information Sharing and Coordination in Security, Stabilization, Transition and Reconstruction Efforts

DTIC Science & Technology

2008-03-01

is implemented using the Drupal (2007) content management system (CMS) and many of the baseline information sharing and collaboration tools have...been contributed through the Dru- pal open source community. Drupal is a very modular open source software written in PHP hypertext processor...needed to suit the particular problem domain. While other frameworks have the potential to provide similar advantages (“Ruby,” 2007), Drupal was

Command and Control Concepts and Solutions for Major Events Safety and Security: Lessons Learned from the Canadian Experience with Vancouver 2010 and G8/G20 Events

DTIC Science & Technology

2011-06-01

discuss best practices and the prerogatives of major events C2 solutions. In section 6, we present the conclusion. 2 Complexity of the Command and Control...best practices for sharing information, standard operating procedure (SOPs) and response plans have been investigated through formal studies and an...and contributed to the deployment of an information sharing solution on Command Network. This solution was based on Microsoft SharePoint. The team

EPPS: Efficient and Privacy-Preserving Personal Health Information Sharing in Mobile Healthcare Social Networks

PubMed Central

Jiang, Shunrong; Zhu, Xiaoyan; Wang, Liangmin

2015-01-01

Mobile healthcare social networks (MHSNs) have emerged as a promising next-generation healthcare system, which will significantly improve the quality of life. However, there are many security and privacy concerns before personal health information (PHI) is shared with other parities. To ensure patients’ full control over their PHI, we propose a fine-grained and scalable data access control scheme based on attribute-based encryption (ABE). Besides, policies themselves for PHI sharing may be sensitive and may reveal information about underlying PHI or about data owners or recipients. In our scheme, we let each attribute contain an attribute name and its value and adopt the Bloom filter to efficiently check attributes before decryption. Thus, the data privacy and policy privacy can be preserved in our proposed scheme. Moreover, considering the fact that the computational cost grows with the complexity of the access policy and the limitation of the resource and energy in a smart phone, we outsource ABE decryption to the cloud while preventing the cloud from learning anything about the content and access policy. The security and performance analysis is carried out to demonstrate that our proposed scheme can achieve fine-grained access policies for PHI sharing in MHSNs. PMID:26404300

EPPS: Efficient and Privacy-Preserving Personal Health Information Sharing in Mobile Healthcare Social Networks.

PubMed

Jiang, Shunrong; Zhu, Xiaoyan; Wang, Liangmin

2015-09-03

Mobile healthcare social networks (MHSNs) have emerged as a promising next-generation healthcare system, which will significantly improve the quality of life. However, there are many security and privacy concerns before personal health information (PHI) is shared with other parities. To ensure patients' full control over their PHI, we propose a fine-grained and scalable data access control scheme based on attribute-based encryption (ABE). Besides, policies themselves for PHI sharing may be sensitive and may reveal information about underlying PHI or about data owners or recipients. In our scheme, we let each attribute contain an attribute name and its value and adopt the Bloom filter to efficiently check attributes before decryption. Thus, the data privacy and policy privacy can be preserved in our proposed scheme. Moreover, considering the fact that the computational cost grows with the complexity of the access policy and the limitation of the resource and energy in a smart phone, we outsource ABE decryption to the cloud while preventing the cloud from learning anything about the content and access policy. The security and performance analysis is carried out to demonstrate that our proposed scheme can achieve fine-grained access policies for PHI sharing in MHSNs.

Medical Devices Transition to Information Systems: Lessons Learned

PubMed Central

Charters, Kathleen G.

2012-01-01

Medical devices designed to network can share data with a Clinical Information System (CIS), making that data available within clinician workflow. Some lessons learned by transitioning anesthesia reporting and monitoring devices (ARMDs) on a local area network (LAN) to integration of anesthesia documentation within a CIS include the following categories: access, contracting, deployment, implementation, planning, security, support, training and workflow integration. Areas identified for improvement include: Vendor requirements for access reconciled with the organizations’ security policies and procedures. Include clauses supporting transition from stand-alone devices to information integrated into clinical workflow in the medical device procurement contract. Resolve deployment and implementation barriers that make the process less efficient and more costly. Include effective field communication and creative alternatives in planning. Build training on the baseline knowledge of trainees. Include effective help desk processes and metrics. Have a process for determining where problems originate when systems share information. PMID:24199054

Research on models of Digital City geo-information sharing platform

NASA Astrophysics Data System (ADS)

Xu, Hanwei; Liu, Zhihui; Badawi, Rami; Liu, Haiwang

2009-10-01

The data related to Digital City has the property of large quantity, isomerous and multiple dimensions. In the original copy method of data sharing, the application departments can not solve the problem of data updating and data security in real-time. This paper firstly analyzes various patterns of sharing Digital City information and on this basis the author provides a new shared mechanism of GIS Services, with which the data producers provide Geographic Information Services to the application users through Web API, so as to the data producers and the data users can do their best respectively. Then the author takes the application system in supermarket management as an example to explain the correctness and effectiveness of the method provided in this paper.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Begoli, Edmon; Boehmann, Brant; DeNap, Frank A

In 2003 a joint effort between the U.S. Department of Homeland Security (DHS) and the U.S. Department of Justice created state and metropolitan intelligence fusion centers. These fusion centers were an effort to share law enforcement, disaster, and terrorism related information and intelligence between state and local jurisdictions and to share terrorism related intelligence between state and local law enforcement agencies and various federal entities. In 2006, DHS commissioned the Oak Ridge National Laboratory to establish and manage a groundbreaking program to assist local, state, and tribal leaders in developing the tools and methods required to anticipate and forestall terroristmore » events and to enhance disaster response. This program, called the Southeast Region Research Initiative (SERRI), combines science and technology with validated operational approaches to address regionally unique requirements and suggest regional solutions with the potential for national application. In 2009, SERRI sponsored the Multistate Sharing Initiative (MSSI) to assist state and metropolitan intelligence fusion centers with sharing information related to a wider variety of state interests than just terrorism. While these fusion centers have been effective at sharing data across organizations within their respective jurisdictions, their organizational structure makes bilateral communication with federal entities convenient and also allows information to be further disbursed to other local entities when appropriate. The MSSI-developed Suspicious Activity Report (SAR) sharing system allows state-to-state sharing of non-terrorism-related law enforcement and disaster information. Currently, the MSSI SAR system is deployed in Alabama, Kentucky, Tennessee, and South Carolina. About 1 year after implementation, cognizant fusion center personnel from each state were contacted to ascertain the status of their MSSI SAR systems. The overwhelming response from these individuals was that the MSSI SAR system was an outstanding success and contributed greatly to the security and resiliency of their states. At least one state commented that SERRI's implementation of the MSSI SAR actually 'jump started' and accelerated deployment and acceptance of the Nationwide Suspicious Activity Reporting Initiative (NSI). While all states were enthusiastic about their systems, South Carolina and Tennessee appeared to be the heaviest users of their respective systems. With NSI taking the load of sharing SARs with other states, Tennessee has redeployed the MSSI SAR system within Tennessee to allow SAR sharing between state and local organizations including Tennessee's three Homeland Security Regions, eleven Homeland Security Districts, and more than 500 police and sheriff offices, as well as with other states. In one success story from South Carolina, the Economy SAR System was used to compile similar SARs from throughout the state which were then forwarded to field liaison officers, emergency management personnel, and law enforcement officers for action.« less

An Image Secret Sharing Method

DTIC Science & Technology

2006-07-01

the secret image in lossless manner and (2) any or fewer image shares cannot get sufficient information to reveal the ... secret image. It is an effective, reliable and secure method to prevent the secret image from being lost, stolen or corrupted. In comparison with...other image secret sharing methods, this approach’s advantages are its large compression rate on the size of the image shares, its strong protection of the secret image and its ability for real-time

Is the biggest security threat to medical information simply a lack of understanding?

PubMed

Williams, Patricia A H

2011-01-01

Connecting Australian health services and the e-health initiative is a major focus in the current health environment. Many issues are presented as key to its success including solving issues with confidentiality and privacy. However, the main problem may not be these issues in sharing information but the fact that the point of origin of such records is still relatively insecure. This paper highlights why this may be the case. Research into the security of medical information has shown that many primary healthcare providers are unable to create an environment with effective information security. Numerous factors contribute to this complex situation including a trustful environment, the resultant security culture and the capability of individual healthcare organisations. Further, the growing importance of new directions in the use of patient information is considered. This paper discusses these issues and positions them within the complex environment that is healthcare. In our current health system infrastructure, the points of origin of patient information are our most vulnerable. This entwined with progressively new uses of this information expose additional security concerns, such as re-identification of information, that require attention.

78 FR 12337 - Published Privacy Impact Assessments on the Web

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-22

... system for intrusion detection, analysis, intrusion prevention, and information sharing capabilities that... equivalent protection to participating Federal civilian agencies pending deployment of EINSTEIN intrusion...-008 Homeland Security Information Network R3 User Accounts (HSIN). Component: Operations Coordination...

Survey of Collaboration Technologies in Multi-level Security Environments

DTIC Science & Technology

2014-04-28

infrastructure or resources. In this research program, the security implications of the US Air Force GeoBase (the US The problem is that in many cases...design structure. ORA uses a Java interface for ease of use, and a C++ computational backend . The current version ORA1.2 software is available on the...information: culture, policy, governance, economics and resources, and technology and infrastructure . This plan, the DoD Information Sharing

Caregiver and Health Care Provider Perspectives on Cloud-Based Shared Care Plans for Children With Medical Complexity.

PubMed

Desai, Arti D; Jacob-Files, Elizabeth A; Wignall, Julia; Wang, Grace; Pratt, Wanda; Mangione-Smith, Rita; Britto, Maria T

2018-06-05

Shared care plans play an essential role in coordinating care across health care providers and settings for children with medical complexity (CMC). However, existing care plans often lack shared ownership, are out-of-date, and lack universal accessibility. In this study, we aimed to establish requirements for shared care plans to meet the information needs of caregivers and providers and to mitigate current information barriers when caring for CMC. We followed a user-centered design methodology and conducted in-depth semistructured interviews with caregivers and providers of CMC who receive care at a tertiary care children's hospital. We applied inductive, thematic analysis to identify salient themes. Analysis occurred concurrently with data collection; therefore, the interview guide was iteratively revised as new questions and themes emerged. Interviews were conducted with 17 caregivers and 22 providers. On the basis of participant perspectives, we identified 4 requirements for shared care plans that would help meet information needs and mitigate current information barriers when caring for CMC. These requirements included the following: (1) supporting the accessibility of care plans from multiple locations (eg, cloud-based) and from multiple devices, with alert and search features; (2) ensuring the organization is tailored to the specific user; (3) including collaborative functionality such as real-time, multiuser content management and secure messaging; and (4) storing care plans on a secure platform with caregiver-controlled permission settings. Although further studies are needed to understand the optimal design and implementation strategies, shared care plans that meet these specified requirements could mitigate perceived information barriers and improve care for CMC. Copyright © 2018 by the American Academy of Pediatrics.

Informed use of patients' records on trusted health care services.

PubMed

Sahama, Tony; Miller, Evonne

2011-01-01

Health care is an information-intensive business. Sharing information in health care processes is a smart use of data enabling informed decision-making whilst ensuring. the privacy and security of patient information. To achieve this, we propose data encryption techniques embedded Information Accountability Framework (IAF) that establishes transitions of the technological concept, thus enabling understanding of shared responsibility, accessibility, and efficient cost effective informed decisions between health care professionals and patients. The IAF results reveal possibilities of efficient informed medical decision making and minimisation of medical errors. Of achieving this will require significant cultural changes and research synergies to ensure the sustainability, acceptability and durability of the IAF.

78 FR 6161 - Self-Regulatory Organizations; NYSE Arca, Inc.; Order Granting Approval of Proposed Rule Change...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-29

... national market system, and, in general, to protect investors and the public interest. The Commission notes..., and transactions in, securities. Quotation and last- sale information for the Shares will be available... exchanges trading such securities, automated quotation systems, published or other public sources, or on...

Patient and public views about the security and privacy of Electronic Health Records (EHRs) in the UK: results from a mixed methods study.

PubMed

Papoutsi, Chrysanthi; Reed, Julie E; Marston, Cicely; Lewis, Ruth; Majeed, Azeem; Bell, Derek

2015-10-14

Although policy discourses frame integrated Electronic Health Records (EHRs) as essential for contemporary healthcare systems, increased information sharing often raises concerns among patients and the public. This paper examines patient and public views about the security and privacy of EHRs used for health provision, research and policy in the UK. Sequential mixed methods study with a cross-sectional survey (in 2011) followed by focus group discussions (in 2012-2013). Survey participants (N = 5331) were recruited from primary and secondary care settings in West London (UK). Complete data for 2761 (51.8 %) participants were included in the final analysis for this paper. The survey results were discussed in 13 focus groups with people living with a range of different health conditions, and in 4 mixed focus groups with patients, health professionals and researchers (total N = 120). Qualitative data were analysed thematically. In the survey, 79 % of participants reported that they would worry about the security of their record if this was part of a national EHR system and 71 % thought the National Health Service (NHS) was unable to guarantee EHR safety at the time this work was carried out. Almost half (47 %) responded that EHRs would be less secure compared with the way their health record was held at the time of the survey. Of those who reported being worried about EHR security, many would nevertheless support their development (55 %), while 12 % would not support national EHRs and a sizeable proportion (33 %) were undecided. There were also variations by age, ethnicity and education. In focus group discussions participants weighed up perceived benefits against potential security and privacy threats from wider sharing of information, as well as discussing other perceived risks: commercial exploitation, lack of accountability, data inaccuracies, prejudice and inequalities in health provision. Patient and public worries about the security risks associated with integrated EHRs highlight the need for intensive public awareness and engagement initiatives, together with the establishment of trustworthy security and privacy mechanisms for health information sharing.

75 FR 9981 - Self-Regulatory Organizations; The Options Clearing Corporation; Order Approving Proposed Rule...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-04

... securities options or the clearing of such futures as security futures constitutes a violation of the CEA. \\3... same as the options and security futures on SPDR Gold Shares, iShares COMEX Gold Shares, and iShares... to help clarify that options and security futures on ETFS Physical Swiss Gold Shares and ETFS...

Final HAZMAT safety and security field operational test : public sector detailed test plans

DOT National Transportation Integrated Search

2004-02-03

Coordination and information sharing among law enforcement and emergency response agencies at the local, state, and national level is a constant challenge. Often, the inability to effectively gather and distribute information among public agencies is...

76 FR 54498 - Meeting of the Department of Justice Global Justice Information Sharing Initiative Federal...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-01

... (GAC) to discuss the Global Initiative, as described at http://www.it.ojp.gov/global . DATES: [email protected]gov . SUPPLEMENTARY INFORMATION: This meeting is open to the public. Due to security measures...

75 FR 56557 - Meeting of the Department of Justice's (DOJ's) Global Justice Information Sharing Initiative...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-16

... Committee (GAC) to discuss the Global Initiative, as described at http://www.it.ojp.gov/global . DATES: [email protected]gov . SUPPLEMENTARY INFORMATION: This meeting is open to the public. Due to security measures...

Can EHRs and HIEs get along with HIPAA security requirements?

PubMed

Sarrico, Christine; Hauenstein, Jim

2011-02-01

For Enloe Medical Center in California, a good-faith effort to self-report a breach in the privacy of a patient's medical record resulted in a six-figure fine imposed by a state regulatory agency. Hospitals face a "catch-22" situation in responding to the conflicting mandates of developing electronic health records that allow information sharing across institutions versus ensuring absolute protection and security of patients' individual health information. Some industry analysts suggest that the sanctions for security breaches such as the one experienced by Enloe will have the unintended effect of discouraging self-reporting of breaches.

Potential impact of HITECH security regulations on medical imaging.

PubMed

Prior, Fred; Ingeholm, Mary Lou; Levine, Betty A; Tarbox, Lawrence

2009-01-01

Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act (ARRA) of 2009 [1] include a provision commonly referred to as the "Health Information Technology for Economic and Clinical Health Act" or "HITECH Act" that is intended to promote the electronic exchange of health information to improve the quality of health care. Subtitle D of the HITECH Act includes key amendments to strengthen the privacy and security regulations issued under the Health Insurance Portability and Accountability Act (HIPAA). The HITECH act also states that "the National Coordinator" must consult with the National Institute of Standards and Technology (NIST) in determining what standards are to be applied and enforced for compliance with HIPAA. This has led to speculation that NIST will recommend that the government impose the Federal Information Security Management Act (FISMA) [2], which was created by NIST for application within the federal government, as requirements to the public Electronic Health Records (EHR) community in the USA. In this paper we will describe potential impacts of FISMA on medical image sharing strategies such as teleradiology and outline how a strict application of FISMA or FISMA-based regulations could have significant negative impacts on information sharing between care providers.

Anti-jamming communication for body area network using chaotic frequency hopping.

PubMed

Gopalakrishnan, Balamurugan; Bhagyaveni, Marcharla Anjaneyulu

2017-12-01

The healthcare industries research trends focus on patient reliable communication and security is a paramount requirement of healthcare applications. Jamming in wireless communication medium has become a major research issue due to the ease of blocking communication in wireless networks and throughput degradation. The most commonly used technique to overcome jamming is frequency hopping (FH). However, in traditional FH pre-sharing of key for channel selection and a high-throughput overhead is required. So to overcome this pre-sharing of key and to increase the security chaotic frequency hopping (CFH) has been proposed. The design of chaos-based hop selection is a new development that offers improved performance in transmission of information without pre-shared key and also increases the security. The authors analysed the performance of proposed CFH system under different reactive jamming durations. The percentage of error reduction by the reactive jamming for jamming duration 0.01 and 0.05 s for FH and CFH is 55.03 and 84.24%, respectively. The obtained result shows that CFH is more secure and difficult to jam by the reactive jammer.

Privacy protection for personal health information and shared care records.

PubMed

Neame, Roderick L B

2014-01-01

The protection of personal information privacy has become one of the most pressing security concerns for record keepers: this will become more onerous with the introduction of the European General Data Protection Regulation (GDPR) in mid-2014. Many institutions, both large and small, have yet to implement the essential infrastructure for data privacy protection and patient consent and control when accessing and sharing data; even more have failed to instil a privacy and security awareness mindset and culture amongst their staff. Increased regulation, together with better compliance monitoring, has led to the imposition of increasingly significant monetary penalties for failure to protect privacy: these too are set to become more onerous under the GDPR, increasing to a maximum of 2% of annual turnover. There is growing pressure in clinical environments to deliver shared patient care and to support this with integrated information. This demands that more information passes between institutions and care providers without breaching patient privacy or autonomy. This can be achieved with relatively minor enhancements of existing infrastructures and does not require extensive investment in inter-operating electronic records: indeed such investments to date have been shown not to materially improve data sharing. REQUIREMENTS FOR PRIVACY: There is an ethical duty as well as a legal obligation on the part of care providers (and record keepers) to keep patient information confidential and to share it only with the authorisation of the patient. To achieve this information storage and retrieval, communication systems must be appropriately configured. There are many components of this, which are discussed in this paper. Patients may consult clinicians anywhere and at any time: therefore, their data must be available for recipient-driven retrieval (i.e. like the World Wide Web) under patient control and kept private: a method for delivering this is outlined.

Geospatial cryptography: enabling researchers to access private, spatially referenced, human subjects data for cancer control and prevention.

PubMed

Jacquez, Geoffrey M; Essex, Aleksander; Curtis, Andrew; Kohler, Betsy; Sherman, Recinda; Emam, Khaled El; Shi, Chen; Kaufmann, Andy; Beale, Linda; Cusick, Thomas; Goldberg, Daniel; Goovaerts, Pierre

2017-07-01

As the volume, accuracy and precision of digital geographic information have increased, concerns regarding individual privacy and confidentiality have come to the forefront. Not only do these challenge a basic tenet underlying the advancement of science by posing substantial obstacles to the sharing of data to validate research results, but they are obstacles to conducting certain research projects in the first place. Geospatial cryptography involves the specification, design, implementation and application of cryptographic techniques to address privacy, confidentiality and security concerns for geographically referenced data. This article defines geospatial cryptography and demonstrates its application in cancer control and surveillance. Four use cases are considered: (1) national-level de-duplication among state or province-based cancer registries; (2) sharing of confidential data across cancer registries to support case aggregation across administrative geographies; (3) secure data linkage; and (4) cancer cluster investigation and surveillance. A secure multi-party system for geospatial cryptography is developed. Solutions under geospatial cryptography are presented and computation time is calculated. As services provided by cancer registries to the research community, de-duplication, case aggregation across administrative geographies and secure data linkage are often time-consuming and in some instances precluded by confidentiality and security concerns. Geospatial cryptography provides secure solutions that hold significant promise for addressing these concerns and for accelerating the pace of research with human subjects data residing in our nation's cancer registries. Pursuit of the research directions posed herein conceivably would lead to a geospatially encrypted geographic information system (GEGIS) designed specifically to promote the sharing and spatial analysis of confidential data. Geospatial cryptography holds substantial promise for accelerating the pace of research with spatially referenced human subjects data.

Notes on two multiparty quantum secret sharing schemes

NASA Astrophysics Data System (ADS)

Gao, Gan

In the paper [H. Abulkasim et al., Int. J. Quantum Inform. 15 (2017) 1750023], Abulkasim et al. proposed a quantum secret sharing scheme based on Bell states. We study the security of the multiparty case in the proposed scheme and detect that it is not secure. In the paper [Y. Du and W. Bao, Opt. Commun. 308 (2013) 159], Du and Bao listed Gao’s scheme and gave a attack strategy on the listed scheme. We point out that their listing scheme is not the genuine Gao’s scheme and their research method is not advisable.

The EGS Data Collaboration Platform: Enabling Scientific Discovery

DOE Office of Scientific and Technical Information (OSTI.GOV)

Weers, Jonathan D; Johnston, Henry; Huggins, Jay V

Collaboration in the digital age has been stifled in recent years. Reasonable responses to legitimate security concerns have created a virtual landscape of silos and fortified castles incapable of sharing information efficiently. This trend is unfortunately opposed to the geothermal scientific community's migration toward larger, more collaborative projects. To facilitate efficient sharing of information between team members from multiple national labs, universities, and private organizations, the 'EGS Collab' team has developed a universally accessible, secure data collaboration platform and has fully integrated it with the U.S. Department of Energy's (DOE) Geothermal Data Repository (GDR) and the National Geothermal Data Systemmore » (NGDS). This paper will explore some of the challenges of collaboration in the modern digital age, highlight strategies for active data management, and discuss the integration of the EGS Collab data management platform with the GDR to enable scientific discovery through the timely dissemination of information.« less

78 FR 23962 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-23

... transactions. The Commission staff estimates the costs of producing and sending a paper confirmation, including... broker-dealers to convey basic trade information to customers regarding their securities transactions. This information includes: the date and time of the transaction, the identity and number of shares...

77 FR 3527 - Self-Regulatory Organizations; Chicago Stock Exchange, Inc.; Notice of Filing of Proposed Rule...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-24

... order management systems which permit them to share information about orders or transactions being... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-66177; File No. SR-CHX-2012-02] Self-Regulatory.... Pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934 (``Act'') \\1\\ and Rule 19b-4 thereunder...

Harnessing the Risk-Related Data Supply Chain: An Information Architecture Approach to Enriching Human System Research and Operations Knowledge

NASA Technical Reports Server (NTRS)

Buquo, Lynn E.; Johnson-Throop, Kathy A.

2011-01-01

An Information Architecture facilitates the understanding and, hence, harnessing of the human system risk-related data supply chain which enhances the ability to securely collect, integrate, and share data assets that improve human system research and operations. By mapping the risk-related data flow from raw data to useable information and knowledge (think of it as a data supply chain), the Human Research Program (HRP) and Space Life Science Directorate (SLSD) are building an information architecture plan to leverage their existing, and often shared, IT infrastructure.

77 FR 30341 - Self-Regulatory Organizations; NYSE Arca, Inc.; Order Granting Approval of Proposed Rule Change...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-22

... procedures designed to prevent the use and dissemination of material non-public information regarding such... Intermarket Surveillance Group (``ISG''), which includes all U.S. national securities exchanges and certain... throughout the world. Global shares are the actual (ordinary) shares of a non-U.S. company which trade both...

A cognitive and economic decision theory for examining cyber defense strategies.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bier, Asmeret Brooke

Cyber attacks pose a major threat to modern organizations. Little is known about the social aspects of decision making among organizations that face cyber threats, nor do we have empirically-grounded models of the dynamics of cooperative behavior among vulnerable organizations. The effectiveness of cyber defense can likely be enhanced if information and resources are shared among organizations that face similar threats. Three models were created to begin to understand the cognitive and social aspects of cyber cooperation. The first simulated a cooperative cyber security program between two organizations. The second focused on a cyber security training program in which participantsmore » interact (and potentially cooperate) to solve problems. The third built upon the first two models and simulates cooperation between organizations in an information-sharing program.« less

Implementation of Medical Information Exchange System Based on EHR Standard

PubMed Central

Han, Soon Hwa; Kim, Sang Guk; Jeong, Jun Yong; Lee, Bi Na; Choi, Myeong Seon; Kim, Il Kon; Park, Woo Sung; Ha, Kyooseob; Cho, Eunyoung; Kim, Yoon; Bae, Jae Bong

2010-01-01

Objectives To develop effective ways of sharing patients' medical information, we developed a new medical information exchange system (MIES) based on a registry server, which enabled us to exchange different types of data generated by various systems. Methods To assure that patient's medical information can be effectively exchanged under different system environments, we adopted the standardized data transfer methods and terminologies suggested by the Center for Interoperable Electronic Healthcare Record (CIEHR) of Korea in order to guarantee interoperability. Regarding information security, MIES followed the security guidelines suggested by the CIEHR of Korea. This study aimed to develop essential security systems for the implementation of online services, such as encryption of communication, server security, database security, protection against hacking, contents, and network security. Results The registry server managed information exchange as well as the registration information of the clinical document architecture (CDA) documents, and the CDA Transfer Server was used to locate and transmit the proper CDA document from the relevant repository. The CDA viewer showed the CDA documents via connection with the information systems of related hospitals. Conclusions This research chooses transfer items and defines document standards that follow CDA standards, such that exchange of CDA documents between different systems became possible through ebXML. The proposed MIES was designed as an independent central registry server model in order to guarantee the essential security of patients' medical information. PMID:21818447

Implementation of Medical Information Exchange System Based on EHR Standard.

PubMed

Han, Soon Hwa; Lee, Min Ho; Kim, Sang Guk; Jeong, Jun Yong; Lee, Bi Na; Choi, Myeong Seon; Kim, Il Kon; Park, Woo Sung; Ha, Kyooseob; Cho, Eunyoung; Kim, Yoon; Bae, Jae Bong

2010-12-01

To develop effective ways of sharing patients' medical information, we developed a new medical information exchange system (MIES) based on a registry server, which enabled us to exchange different types of data generated by various systems. To assure that patient's medical information can be effectively exchanged under different system environments, we adopted the standardized data transfer methods and terminologies suggested by the Center for Interoperable Electronic Healthcare Record (CIEHR) of Korea in order to guarantee interoperability. Regarding information security, MIES followed the security guidelines suggested by the CIEHR of Korea. This study aimed to develop essential security systems for the implementation of online services, such as encryption of communication, server security, database security, protection against hacking, contents, and network security. The registry server managed information exchange as well as the registration information of the clinical document architecture (CDA) documents, and the CDA Transfer Server was used to locate and transmit the proper CDA document from the relevant repository. The CDA viewer showed the CDA documents via connection with the information systems of related hospitals. This research chooses transfer items and defines document standards that follow CDA standards, such that exchange of CDA documents between different systems became possible through ebXML. The proposed MIES was designed as an independent central registry server model in order to guarantee the essential security of patients' medical information.

A cloud-based home health care information sharing system to connect patients with home healthcare staff -A case report of a study in a mountainous region.

PubMed

Nomoto, Shinichi; Utsumi, Momoe; Sasayama, Satoshi; Dekigai, Hiroshi

2017-01-01

We have developed a cloud system, the e-Renraku Notebook (e-RN) for sharing of home care information based on the concept of "patient-centricity". In order to assess the likelihood that our system will enhance the communication and sharing of information between home healthcare staff members and home-care patients, we selected patients who were residing in mountainous regions for inclusion in our study. We herein report the findings.Eighteen staff members from 7 medical facilities and 9 patients participated in the present study.The e-RN was developed for two reasons: to allow patients to independently report their health status and to have staff members view and respond to the information received. The patients and staff members were given iPads with the pre-installed applications and the information being exchanged was reviewed over a 54-day period.Information was mainly input by the patients (61.6%), followed by the nurses who performed home visits (19.9%). The amount of information input by patients requiring high-level nursing care and their corresponding staff member was significantly greater than that input by patients who required low-level of nursing care.This patient-centric system in which patients can independently report and share information with a member of the healthcare staff provides a sense of security. It also allows staff members to understand the patient's health status before making a home visit, thereby giving them a sense of security and confidence. It was also noteworthy that elderly patients requiring high-level nursing care and their staff counterpart input information in the system significantly more frequently than patients who required low-level care.

Physical key-protected one-time pad

PubMed Central

Horstmeyer, Roarke; Judkewitz, Benjamin; Vellekoop, Ivo M.; Assawaworrarit, Sid; Yang, Changhuei

2013-01-01

We describe an encrypted communication principle that forms a secure link between two parties without electronically saving either of their keys. Instead, random cryptographic bits are kept safe within the unique mesoscopic randomness of two volumetric scattering materials. We demonstrate how a shared set of patterned optical probes can generate 10 gigabits of statistically verified randomness between a pair of unique 2 mm3 scattering objects. This shared randomness is used to facilitate information-theoretically secure communication following a modified one-time pad protocol. Benefits of volumetric physical storage over electronic memory include the inability to probe, duplicate or selectively reset any bits without fundamentally altering the entire key space. Our ability to securely couple the randomness contained within two unique physical objects can extend to strengthen hardware required by a variety of cryptographic protocols, which is currently a critically weak link in the security pipeline of our increasingly mobile communication culture. PMID:24345925

Experimental demonstration of graph-state quantum secret sharing.

PubMed

Bell, B A; Markham, D; Herrera-Martí, D A; Marin, A; Wadsworth, W J; Rarity, J G; Tame, M S

2014-11-21

Quantum communication and computing offer many new opportunities for information processing in a connected world. Networks using quantum resources with tailor-made entanglement structures have been proposed for a variety of tasks, including distributing, sharing and processing information. Recently, a class of states known as graph states has emerged, providing versatile quantum resources for such networking tasks. Here we report an experimental demonstration of graph state-based quantum secret sharing--an important primitive for a quantum network with applications ranging from secure money transfer to multiparty quantum computation. We use an all-optical setup, encoding quantum information into photons representing a five-qubit graph state. We find that one can reliably encode, distribute and share quantum information amongst four parties, with various access structures based on the complex connectivity of the graph. Our results show that graph states are a promising approach for realising sophisticated multi-layered communication protocols in quantum networks.

Project UNITY: Cross Domain Visualization Collaboration

NASA Astrophysics Data System (ADS)

Moore, J.; Havig, P.

UNITY is an International Cooperative Research and Development (ICR&D) project between the United States and Great Britain under the Research and Development Projects (RDP) Memorandum of Agreement (MOA). UNITYs objectives are to develop and evaluate the operational concepts and requirements for undertaking combined operations: a) pursuant to the interests of mission partners, b) develop, experiment, and demonstrate, transitionable emergent technologies, capabilities, or concepts, which facilitate the sharing of information and products between mission partners, and c) identify and define additional emerging technologies that may need to be developed to support current and future military information sharing. Collaboration between coalition partners is essentially for accurate and timely decision making in the ever increasing nature and tempo of global security. The purpose for this project is to develop engineering solutions in order to further investigate the human factors issues that arise while sharing information in a collaborative environment where security is an issue. The biggest difference between existing available solutions are in the presentation and interaction with the interface on both ends of the collaboration in order to preserve the expressed intent of shared situation awareness while also enabling markups and content on one screen that the other collaborator does not see and vice versa. The UNITY project stresses collaboration differently than all known realtime collaboration software in production, aka groupware, on the market today. The tradition of What You See Is What I See (WYSIWIS) as in typical implementations of shared whiteboards simply do not address the need for local and private information to be displayed in context with shareable data. This paper addresses the concerns, problems, and some solutions for shared 3D visualization and 2D tabular visualizations which are explored and presented within the space situation awareness problem set.

Enabling the MLSpOC (Multi-Level Space Operations Center) of the Future

NASA Astrophysics Data System (ADS)

Missal, D.

2012-09-01

The Intelligence Reform and Terrorism Prevention Act, passed by Congress in 2004, established the expectation that the "vast intelligence enterprise" of the United States would become more unified, coordinated, and effective. This law charged the intelligence community and government agencies to integrate foreign intelligence and domestic US intelligence components to reduce gaps in understanding threats to our national security and to improve our reaction. This intelligence strategy — designed to provide more comprehensive and accurate intelligence analysis—substantially increases requirements for secure data sharing capabilities. An information system must be Certified & Accredited (C&A) by the appropriate Accreditation Authority in accordance with each Authority's prescribed compliance requirements and governance. Cross-Domain Solutions (CDSs) can provide the ability to share data between multiple operating domains (e.g. among users on Top Secret and Secret networks). However, sharing sensitive data across security domains and networks has been impeded by both technical and cultural challenges. A viable CDS requires a tremendous investment for initial C&A and many solutions are limited with respect to the integration of an organization's applications. As a result, most of today's highly secured systems have been designed to restrict access to entire user populations rather than implement data sharing on the basis of mandatory access controls and an individual's need-to-know. Most CDSs today are based on one-way replication through data transfer guards that copy data from one network to another. This model inherently builds in additional and extensive Operations and Maintenance (O&M) costs. Oracle's National Security Group challenged its top engineers and security architects to engineer the first Cross-Domain database providing a practical and robust solution to the Cross-Domain security problem. The result is the MLSpOC, which is deployed, fielded, and accredited today at multiple sites both CONUS and OCONUS. It is designed to assist information systems developers achieve DCID 6/3 Protection Level 4 or 5 (PL4 or PL5) or DoD SABI C&A for SECRET-to-UNCLASSIFIED systems (PL3). The product is on the DoD/DNI Unified Cross-domain Management Office's (UCDMO) Baseline of accredited solutions, and is the only solution on the Baseline which the Government considers to be an "All-in-One" approach to the Cross-domain Security challenge. Our solution is also the only PL-4 Cloud in existence and that is deployed and operational in the entire world today (at DIA). The Space marketplace is a very unique cross-domain challenge, as a need exists for Unclassified SSA Data Sharing at a deeper and more fundamental level than anywhere else in the IC or DoD. For instance, certain Agencies and/or Programs have a requirement to share information with Partner Nations that are not considered to be "friendly" (e.g. China). Our Solution is the ONLY solution in the world today that's achieved C&A, and that is uniquely positioned to enable the Multi-level Space Operations Center (MLSpOC) of the Future.

Maritime domain awareness community of interest net centric information sharing

NASA Astrophysics Data System (ADS)

Andress, Mark; Freeman, Brian; Rhiddlehover, Trey; Shea, John

2007-04-01

This paper highlights the approach taken by the Maritime Domain Awareness (MDA) Community of Interest (COI) in establishing an approach to data sharing that seeks to overcome many of the obstacles to sharing both within the federal government and with international and private sector partners. The approach uses the DOD Net Centric Data Strategy employed through Net Centric Enterprise Services (NCES) Service Oriented Architecture (SOA) foundation provided by Defense Information Systems Agency (DISA), but is unique in that the community is made up of more than just Defense agencies. For the first pilot project, the MDA COI demonstrated how four agencies from DOD, the Intelligence Community, Department of Homeland Security (DHS), and Department of Transportation (DOT) could share Automatic Identification System (AIS) data in a common format using shared enterprise service components.

MiMiR – an integrated platform for microarray data sharing, mining and analysis

PubMed Central

Tomlinson, Chris; Thimma, Manjula; Alexandrakis, Stelios; Castillo, Tito; Dennis, Jayne L; Brooks, Anthony; Bradley, Thomas; Turnbull, Carly; Blaveri, Ekaterini; Barton, Geraint; Chiba, Norie; Maratou, Klio; Soutter, Pat; Aitman, Tim; Game, Laurence

2008-01-01

Background Despite considerable efforts within the microarray community for standardising data format, content and description, microarray technologies present major challenges in managing, sharing, analysing and re-using the large amount of data generated locally or internationally. Additionally, it is recognised that inconsistent and low quality experimental annotation in public data repositories significantly compromises the re-use of microarray data for meta-analysis. MiMiR, the Microarray data Mining Resource was designed to tackle some of these limitations and challenges. Here we present new software components and enhancements to the original infrastructure that increase accessibility, utility and opportunities for large scale mining of experimental and clinical data. Results A user friendly Online Annotation Tool allows researchers to submit detailed experimental information via the web at the time of data generation rather than at the time of publication. This ensures the easy access and high accuracy of meta-data collected. Experiments are programmatically built in the MiMiR database from the submitted information and details are systematically curated and further annotated by a team of trained annotators using a new Curation and Annotation Tool. Clinical information can be annotated and coded with a clinical Data Mapping Tool within an appropriate ethical framework. Users can visualise experimental annotation, assess data quality, download and share data via a web-based experiment browser called MiMiR Online. All requests to access data in MiMiR are routed through a sophisticated middleware security layer thereby allowing secure data access and sharing amongst MiMiR registered users prior to publication. Data in MiMiR can be mined and analysed using the integrated EMAAS open source analysis web portal or via export of data and meta-data into Rosetta Resolver data analysis package. Conclusion The new MiMiR suite of software enables systematic and effective capture of extensive experimental and clinical information with the highest MIAME score, and secure data sharing prior to publication. MiMiR currently contains more than 150 experiments corresponding to over 3000 hybridisations and supports the Microarray Centre's large microarray user community and two international consortia. The MiMiR flexible and scalable hardware and software architecture enables secure warehousing of thousands of datasets, including clinical studies, from microarray and potentially other -omics technologies. PMID:18801157

MiMiR--an integrated platform for microarray data sharing, mining and analysis.

PubMed

Tomlinson, Chris; Thimma, Manjula; Alexandrakis, Stelios; Castillo, Tito; Dennis, Jayne L; Brooks, Anthony; Bradley, Thomas; Turnbull, Carly; Blaveri, Ekaterini; Barton, Geraint; Chiba, Norie; Maratou, Klio; Soutter, Pat; Aitman, Tim; Game, Laurence

2008-09-18

Despite considerable efforts within the microarray community for standardising data format, content and description, microarray technologies present major challenges in managing, sharing, analysing and re-using the large amount of data generated locally or internationally. Additionally, it is recognised that inconsistent and low quality experimental annotation in public data repositories significantly compromises the re-use of microarray data for meta-analysis. MiMiR, the Microarray data Mining Resource was designed to tackle some of these limitations and challenges. Here we present new software components and enhancements to the original infrastructure that increase accessibility, utility and opportunities for large scale mining of experimental and clinical data. A user friendly Online Annotation Tool allows researchers to submit detailed experimental information via the web at the time of data generation rather than at the time of publication. This ensures the easy access and high accuracy of meta-data collected. Experiments are programmatically built in the MiMiR database from the submitted information and details are systematically curated and further annotated by a team of trained annotators using a new Curation and Annotation Tool. Clinical information can be annotated and coded with a clinical Data Mapping Tool within an appropriate ethical framework. Users can visualise experimental annotation, assess data quality, download and share data via a web-based experiment browser called MiMiR Online. All requests to access data in MiMiR are routed through a sophisticated middleware security layer thereby allowing secure data access and sharing amongst MiMiR registered users prior to publication. Data in MiMiR can be mined and analysed using the integrated EMAAS open source analysis web portal or via export of data and meta-data into Rosetta Resolver data analysis package. The new MiMiR suite of software enables systematic and effective capture of extensive experimental and clinical information with the highest MIAME score, and secure data sharing prior to publication. MiMiR currently contains more than 150 experiments corresponding to over 3000 hybridisations and supports the Microarray Centre's large microarray user community and two international consortia. The MiMiR flexible and scalable hardware and software architecture enables secure warehousing of thousands of datasets, including clinical studies, from microarray and potentially other -omics technologies.

In the Face of Cybersecurity: How the Common Information Model Can Be Used

DOE Office of Scientific and Technical Information (OSTI.GOV)

Skare, Paul; Falk, Herbert; Rice, Mark

2016-01-01

Efforts are underway to combine smart grid information, devices, networking, and emergency response information to create messages that are not dependent on specific standards development organizations (SDOs). This supports a future-proof approach of allowing changes in the canonical data models (CDMs) going forward without having to perform forklift replacements of solutions that use the messages. This also allows end users (electric utilities) to upgrade individual components of a larger system while keeping the message payload definitions intact. The goal is to enable public and private information sharing securely in a standards-based approach that can be integrated into existing operations. Wemore » provide an example architecture that could benefit from this multi-SDO, secure message approach. This article also describes how to improve message security« less

Balancing entrepreneurship and business practices for e-collaboration: responsible information sharing in academic research.

PubMed

Porter, Mark W; Porter, Mark William; Milley, David; Oliveti, Kristyn; Ladd, Allen; O'Hara, Ryan J; Desai, Bimal R; White, Peter S

2008-11-06

Flexible, highly accessible collaboration tools can inherently conflict with controls placed on information sharing by offices charged with privacy protection, compliance, and maintenance of the general business environment. Our implementation of a commercial enterprise wiki within the academic research environment addresses concerns of all involved through the development of a robust user training program, a suite of software customizations that enhance security elements, a robust auditing program, allowance for inter-institutional wiki collaboration, and wiki-specific governance.

Addressing security, collaboration, and usability with tactical edge mobile devices and strategic cloud-based systems

NASA Astrophysics Data System (ADS)

Graham, Christopher J.

2012-05-01

Success in the future battle space is increasingly dependent on rapid access to the right information. Faced with a shrinking budget, the Government has a mandate to improve intelligence productivity, quality, and reliability. To achieve increased ISR effectiveness, leverage of tactical edge mobile devices via integration with strategic cloud-based infrastructure is the single, most likely candidate area for dramatic near-term impact. This paper discusses security, collaboration, and usability components of this evolving space. These three paramount tenets outlined below, embody how mission information is exchanged securely, efficiently, with social media cooperativeness. Tenet 1: Complete security, privacy, and data integrity, must be ensured within the net-centric battle space. This paper discusses data security on a mobile device, data at rest on a cloud-based system, authorization and access control, and securing data transport between entities. Tenet 2: Lack of collaborative information sharing and content reliability jeopardizes mission objectives and limits the end user capability. This paper discusses cooperative pairing of mobile devices and cloud systems, enabling social media style interaction via tagging, meta-data refinement, and sharing of pertinent data. Tenet 3: Fielded mobile solutions must address usability and complexity. Simplicity is a powerful paradigm on mobile platforms, where complex applications are not utilized, and simple, yet powerful, applications flourish. This paper discusses strategies for ensuring mobile applications are streamlined and usable at the tactical edge through focused features sets, leveraging the power of the back-end cloud, minimization of differing HMI concepts, and directed end-user feedback.teInput=

32 CFR 236.5 - Cyber security information sharing.

Code of Federal Regulations, 2014 CFR

2014-07-01

... forensics laboratory at DC3, which implements specialized handling procedures to maintain its accreditation as a digital and multimedia forensics laboratory. DC3 will maintain, control, and dispose of all...

Discussion on the Technology and Method of Computer Network Security Management

NASA Astrophysics Data System (ADS)

Zhou, Jianlei

2017-09-01

With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.

Sharing Vital Signs between mobile phone applications.

PubMed

Karlen, Walter; Dumont, Guy A; Scheffer, Cornie

2014-01-01

We propose a communication library, ShareVitalSigns, for the standardized exchange of vital sign information between health applications running on mobile platforms. The library allows an application to request one or multiple vital signs from independent measurement applications on the Android OS. Compatible measurement applications are automatically detected and can be launched from within the requesting application, simplifying the work flow for the user and reducing typing errors. Data is shared between applications using intents, a passive data structure available on Android OS. The library is accompanied by a test application which serves as a demonstrator. The secure exchange of vital sign information using a standardized library like ShareVitalSigns will facilitate the integration of measurement applications into diagnostic and other high level health monitoring applications and reduce errors due to manual entry of information.

Threshold Things That Think: Authorisation for Resharing

NASA Astrophysics Data System (ADS)

Peeters, Roel; Kohlweiss, Markulf; Preneel, Bart

As we are evolving towards ubiquitous computing, users carry an increasing number of mobile devices with sensitive information. The security of this information can be protected using threshold cryptography, in which secret computations are shared between multiple devices. Threshold cryptography can be made more robust by resharing protocols, which allow recovery from partial compromises. This paper introduces user-friendly and secure protocols for the authorisation of resharing protocols. We present both automatic and manual protocols, utilising a group manual authentication protocol to add a new device. We analyse the security of these protocols: our analysis considers permanent and temporary compromises, denial of service attacks and manual authentications errors of the user.

Lawrence Livermore National Laboratory`s Computer Security Short Subjects Videos: Hidden Password, The Incident, Dangerous Games and The Mess; Computer Security Awareness Guide

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

A video on computer security is described. Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education and Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1--3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices.

Baseline Suitability Analysis

DTIC Science & Technology

2013-07-18

VA) • DFAS • Human Resources - HR Shared Services (Indianapolis, IN) • Personnel Security - HR Shared Services (Indianapolis, IN) DHRA...Security (Camp Lejeune) No Yes Yes AAFES Human Resources No No No Force Protection Yes Yes Yes DFAS Human Resources - HR Shared Services No...No No Personnel Security - HR Shared Services Yes Yes Yes DLA Human Resources No No Yes Personnel Security Yes Yes Yes DoDEA Human

SURVIVABILITY THROUGH OPTIMIZING RESILIENT MECHANISMS (STORM)

DTIC Science & Technology

2017-04-01

STATEMENT Approved for Public Release; Distribution Unlimited. PA# 88ABW-2017-0894 Date Cleared: 07 Mar 2017 13. SUPPLEMENTARY NOTES 14. ABSTRACT Game ...quantitatively about cyber-attacks. Game theory is the branch of applied mathematics that formalizes strategic interaction among intelligent rational agents...mechanism based on game theory. This work has applied game theory to numerous cyber security problems: cloud security, cyber threat information sharing

Social Media Principles Applied to Critical Infrastructure Information Sharing

DTIC Science & Technology

2013-12-01

shooters. The DHS works throughout the year to build partnerships with industries across a wide spectrum, to include commercial facilities. They...security professionals , industry association and security organizations, emergency managers, and planners and architects. Each of these stakeholder sets... Project Report.126 The DARPA SCP fellows identified 14 factors that affected the performance of any one team. Notable among the collection were

32 CFR 236.5 - Cyber security information sharing.

Code of Federal Regulations, 2013 CFR

2013-07-01

... multimedia forensics laboratory at DC3, which implements specialized handling procedures to maintain its accreditation as a digital and multimedia forensics laboratory. DC3 will maintain, control, and dispose of all...

32 CFR 236.5 - Cyber security information sharing.

Code of Federal Regulations, 2012 CFR

2012-07-01

... multimedia forensics laboratory at DC3, which implements specialized handling procedures to maintain its accreditation as a digital and multimedia forensics laboratory. DC3 will maintain, control, and dispose of all...

Anonymous indexing of health conditions for a similarity measure.

PubMed

Song, Insu; Marsh, Nigel V

2012-07-01

A health social network is an online information service which facilitates information sharing between closely related members of a community with the same or a similar health condition. Over the years, many automated recommender systems have been developed for social networking in order to help users find their communities of interest. For health social networking, the ideal source of information for measuring similarities of patients is the medical information of the patients. However, it is not desirable that such sensitive and private information be shared over the Internet. This is also true for many other security sensitive domains. A new information-sharing scheme is developed where each patient is represented as a small number of (possibly disjoint) d-words (discriminant words) and the d-words are used to measure similarities between patients without revealing sensitive personal information. The d-words are simple words like "food,'' and thus do not contain identifiable personal information. This makes our method an effective one-way hashing of patient assessments for a similarity measure. The d-words can be easily shared on the Internet to find peers who might have similar health conditions.

12 CFR 7.2019 - Loans secured by a bank's own shares.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 1 2010-01-01 2010-01-01 false Loans secured by a bank's own shares. 7.2019... AND OPERATIONS Corporate Practices § 7.2019 Loans secured by a bank's own shares. (a) Permitted agreements, relating to bank shares. A national bank may require a borrower holding shares of the bank to...

Secure quantum communication using classical correlated channel

NASA Astrophysics Data System (ADS)

Costa, D.; de Almeida, N. G.; Villas-Boas, C. J.

2016-10-01

We propose a secure protocol to send quantum information from one part to another without a quantum channel. In our protocol, which resembles quantum teleportation, a sender (Alice) and a receiver (Bob) share classical correlated states instead of EPR ones, with Alice performing measurements in two different bases and then communicating her results to Bob through a classical channel. Our secure quantum communication protocol requires the same amount of classical bits as the standard quantum teleportation protocol. In our scheme, as in the usual quantum teleportation protocol, once the classical channel is established in a secure way, a spy (Eve) will never be able to recover the information of the unknown quantum state, even if she is aware of Alice's measurement results. Security, advantages, and limitations of our protocol are discussed and compared with the standard quantum teleportation protocol.

Cybersecurity Information Sharing Act of 2012

THOMAS, 112th Congress

Sen. Feinstein, Dianne [D-CA

2012-02-13

Senate - 02/13/2012 Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

Implementing an electronic medication overview in Belgium.

PubMed

Storms, Hannelore; Marquet, Kristel; Nelissen, Katherine; Hulshagen, Leen; Lenie, Jan; Remmen, Roy; Claes, Neree

2014-12-16

An accurate medication overview is essential to reduce medication errors. Therefore, it is essential to keep the medication overview up-to-date and to exchange healthcare information between healthcare professionals and patients. Digitally shared information yields possibilities to improve communication. However, implementing a digitally shared medication overview is challenging. This articles describes the development process of a secured, electronic platform designed for exchanging medication information as executed in a pilot study in Belgium, called "Vitalink". The goal of "Vitalink" is to improve the exchange of medication information between professionals working in healthcare and patients in order to achieve a more efficient cooperation and better quality of care. Healthcare professionals of primary and secondary health care and patients of four Belgian regions participated in the project. In each region project groups coordinated implementation and reported back to the steering committee supervising the pilot study. The electronic medication overview was developed based on consensus in the project groups. The steering committee agreed to establish secured and authorized access through the use of electronic identity documents (eID) and a secured, eHealth-platform conform prior governmental regulations regarding privacy and security of healthcare information. A successful implementation of an electronic medication overview strongly depends on the accessibility and usability of the tool for healthcare professionals. Coordinating teams of the project groups concluded, based on their own observations and on problems reported to them, that secured and quick access to medical data needed to be pursued. According to their observations, the identification process using the eHealth platform, crucial to ensure secured data, was very time consuming. Secondly, software packages should meet the needs of their users, thus be adapted to daily activities of healthcare professionals. Moreover, software should be easy to install and run properly. The project would have benefited from a cost analysis executed by the national bodies prior to implementation.

End-to-end security for personal telehealth.

PubMed

Koster, Paul; Asim, Muhammad; Petkovic, Milan

2011-01-01

Personal telehealth is in rapid development with innovative emerging applications like disease management. With personal telehealth people participate in their own care supported by an open distributed system with health services. This poses new end-to-end security and privacy challenges. In this paper we introduce new end-to-end security requirements and present a design for consent management in the context of the Continua Health Alliance architecture. Thus, we empower patients to control how their health information is shared and used in a personal telehealth eco-system.

Risk-Based Models for Managing Data Privacy in Healthcare

ERIC Educational Resources Information Center

AL Faresi, Ahmed

2011-01-01

Current research in health care lacks a systematic investigation to identify and classify various sources of threats to information privacy when sharing health data. Identifying and classifying such threats would enable the development of effective information security risk monitoring and management policies. In this research I put the first step…

The Homeland Security Ecosystem: An Analysis of Hierarchical and Ecosystem Models and Their Influence on Decision Makers

DTIC Science & Technology

2012-12-01

flows, diversity, emergence, networks, fusion, strategic planning, information sharing, ecosystem, hierarchy, NJ Regional Operations Intelligence ...Related Information...........................................................................79 viii 3. Production of Disaster Intelligence for... Intelligence for Field Personnel .................80 5. Focused Collection Efforts to Support FEMA and NJ OEM Operations

Third-year medical students' knowledge of privacy and security issues concerning mobile devices.

PubMed

Whipple, Elizabeth C; Allgood, Kacy L; Larue, Elizabeth M

2012-01-01

The use of mobile devices are ubiquitous in medical-care professional settings, but information on privacy and security concerns of mobile devices for medical students is scarce. To gain baseline information about third-year medical students' mobile device use and knowledge of privacy and security issues concerning mobile devices. We surveyed 67 third-year medical students at a Midwestern university on their use of mobile devices and knowledge of how to protect information available through mobile devices. Students were also presented with clinical scenarios to rate their level of concern in regards to privacy and security of information. The most used features of mobile devices were: voice-to-voice (100%), text messaging (SMS) (94%), Internet (76.9%), and email (69.3%). For locking of one's personal mobile phone, 54.1% never physically lock their phone, and 58% never electronically lock their personal PDA. Scenarios considering definitely privacy concerns include emailing patient information intact (66.7%), and posting de-identified information on YouTube (45.2%) or Facebook (42.2%). As the ease of sharing data increases with the use of mobile devices, students need more education and training on possible privacy and security risks posed with mobile devices.

Privacy-preserving photo sharing based on a public key infrastructure

NASA Astrophysics Data System (ADS)

Yuan, Lin; McNally, David; Küpçü, Alptekin; Ebrahimi, Touradj

2015-09-01

A significant number of pictures are posted to social media sites or exchanged through instant messaging and cloud-based sharing services. Most social media services offer a range of access control mechanisms to protect users privacy. As it is not in the best interest of many such services if their users restrict access to their shared pictures, most services keep users' photos unprotected which makes them available to all insiders. This paper presents an architecture for a privacy-preserving photo sharing based on an image scrambling scheme and a public key infrastructure. A secure JPEG scrambling is applied to protect regional visual information in photos. Protected images are still compatible with JPEG coding and therefore can be viewed by any one on any device. However, only those who are granted secret keys will be able to descramble the photos and view their original versions. The proposed architecture applies an attribute-based encryption along with conventional public key cryptography, to achieve secure transmission of secret keys and a fine-grained control over who may view shared photos. In addition, we demonstrate the practical feasibility of the proposed photo sharing architecture with a prototype mobile application, ProShare, which is built based on iOS platform.

Development of an Internet Security Policy for health care establishments.

PubMed

Ilioudis, C; Pangalos, G

2000-01-01

The Internet provides unprecedented opportunities for interaction and data sharing among health care providers, patients and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality and integrity of information. This paper defines the basic security requirements that must be addressed in order to use the Internet to safely transmit patient and/or other sensitive Health Care information. It describes a suitable Internet Security Policy for Health Care Establishments and provides the set of technical measures that are needed for its implementation. The proposed security policy and technical approaches have been based on an extensive study of the related recommendations from the security and standard groups both in EU amid USA and our related work and experience. The results have been utilized in the framework of the Intranet Health Clinic project, where the use of the Internet for the transmission of sensitive Health Care information is of vital importance.

The Impact of Organizational Culture on the Sharing of Homeland Security Information

DTIC Science & Technology

2008-04-04

transform an organization through 8 U.S. Government Accountability Office, “Homeland Security: Efforts...www.whitehouse.gov/omb/ egov /documents/FEA_Practice_Guidance.pdf (accessed September 23, 2007), 4-1. 10 U.S. Government Accountability Office, GAO-04-777, 12...between the federal government and the state and local governments , and the transformation of disparate cultures into a new executive department – the

75 FR 62613 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-12

... securities during any three-month period that exceeds 5,000 shares or other units or has an aggregate sales... Commission is authorize to solicit the information required to be supplied by Form 144. Form 144 takes...

Securing services in the cloud: an investigation of the threats and the mitigations

NASA Astrophysics Data System (ADS)

Farroha, Bassam S.; Farroha, Deborah L.

2012-05-01

The stakeholder's security concerns over data in the clouds (Voice, Video and Text) are a real concern to DoD, the IC and private sector. This is primarily due to the lack of physical isolation of data when migrating to shared infrastructure platforms. The security concerns are related to privacy and regulatory compliance required in many industries (healthcare, financial, law enforcement, DoD, etc) and the corporate knowledge databases. The new paradigm depends on the service provider to ensure that the customer's information is continuously monitored and is kept available, secure, access controlled and isolated from potential adversaries.

Using Cryptography to Improve Conjunction Analysis

NASA Astrophysics Data System (ADS)

Hemenway, B.; Welser, B.; Baiocchi, D.

2012-09-01

Coordination of operations between satellite operators is becoming increasingly important to prevent collisions. Unfortunately, this coordination is often handicapped by a lack of trust. Coordination and cooperation between satellite operators can take many forms, however, one specific area where cooperation between operators would yield significant benefits is in the computation of conjunction analyses. Passively collected orbital are of generally of too low fidelity to be of use in conjunction analyses. Each operator, however, maintains high fidelity data about their own satellites. These high fidelity data are significantly more valuable in calculating conjunction analyses than the lower-fidelity data. If operators were to share their high fidelity data overall space situational awareness could be improved. At present, many operators do not share data and as a consequence space situational awareness suffers. Restrictive data sharing policies are primarily motivated by privacy concerns on the part of the satellite operators, as each operator is reluctant or unwilling to share data that might compromise its political or commercial interests. In order to perform the necessary conjunction analyses while still maintaining the privacy of their own data, a few operators have entered data sharing agreements. These operators provide their private data to a trusted outside party, who then performs the conjunction analyses and reports the results to the operators. These types of agreements are not an ideal solution as they require a degree of trust between the parties, and the cost of employing the trusted party can be large. In this work, we present and analyze cryptographic tools that would allow satellite operators to securely calculate conjunction analyses without the help of a trusted outside party, while provably maintaining the privacy of their own orbital information. For example, recent advances in cryptographic protocols, specifically in the area of secure Multiparty Computation (MPC) have the potential to allow satellite operators to perform the necessary conjunction analyses without the need to reveal their orbital information to anyone. This talk will describe how MPC works, and how we propose to use it to facilitate secure information sharing between satellite operators.

[Study of sharing platform of web-based enhanced extracorporeal counterpulsation hemodynamic waveform data].

PubMed

Huang, Mingbo; Hu, Ding; Yu, Donglan; Zheng, Zhensheng; Wang, Kuijian

2011-12-01

Enhanced extracorporeal counterpulsation (EECP) information consists of both text and hemodynamic waveform data. At present EECP text information has been successfully managed through Web browser, while the management and sharing of hemodynamic waveform data through Internet has not been solved yet. In order to manage EECP information completely, based on the in-depth analysis of EECP hemodynamic waveform file of digital imaging and communications in medicine (DICOM) format and its disadvantages in Internet sharing, we proposed the use of the extensible markup language (XML), which is currently the Internet popular data exchange standard, as the storage specification for the sharing of EECP waveform data. Then we designed a web-based sharing system of EECP hemodynamic waveform data via ASP. NET 2.0 platform. Meanwhile, we specifically introduced the four main system function modules and their implement methods, including DICOM to XML conversion module, EECP waveform data management module, retrieval and display of EECP waveform module and the security mechanism of the system.

QuickCash: Secure Transfer Payment Systems

PubMed Central

Alhothaily, Abdulrahman; Alrawais, Arwa; Song, Tianyi; Lin, Bin; Cheng, Xiuzhen

2017-01-01

Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users’ needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN). In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties. PMID:28608846

QuickCash: Secure Transfer Payment Systems.

PubMed

Alhothaily, Abdulrahman; Alrawais, Arwa; Song, Tianyi; Lin, Bin; Cheng, Xiuzhen

2017-06-13

Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users' needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN). In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties.

Quantum Secure Group Communication.

PubMed

Li, Zheng-Hong; Zubairy, M Suhail; Al-Amri, M

2018-03-01

We propose a quantum secure group communication protocol for the purpose of sharing the same message among multiple authorized users. Our protocol can remove the need for key management that is needed for the quantum network built on quantum key distribution. Comparing with the secure quantum network based on BB84, we show our protocol is more efficient and securer. Particularly, in the security analysis, we introduce a new way of attack, i.e., the counterfactual quantum attack, which can steal information by "invisible" photons. This invisible photon can reveal a single-photon detector in the photon path without triggering the detector. Moreover, the photon can identify phase operations applied to itself, thereby stealing information. To defeat this counterfactual quantum attack, we propose a quantum multi-user authorization system. It allows us to precisely control the communication time so that the attack can not be completed in time.

SPECIAL PURPOSE IT DERAILED: UNINTENDED CONSEQUENCES OF UNIVERSAL IT LAWS AND POLICIES

DTIC Science & Technology

2017-10-26

Information Services Division ........................ 3 Figure 2: iNET Instrumentation Telemetry Ground Station...consolidate local Information Technology (IT) networks into an enterprise architecture to reduce costs and to increase security. Leadership coined this...IT network was established to link Air Force and contractor sites to seamlessly share program information . So when Air Force IT leadership tried to

Federated Tensor Factorization for Computational Phenotyping

PubMed Central

Kim, Yejin; Sun, Jimeng; Yu, Hwanjo; Jiang, Xiaoqian

2017-01-01

Tensor factorization models offer an effective approach to convert massive electronic health records into meaningful clinical concepts (phenotypes) for data analysis. These models need a large amount of diverse samples to avoid population bias. An open challenge is how to derive phenotypes jointly across multiple hospitals, in which direct patient-level data sharing is not possible (e.g., due to institutional policies). In this paper, we developed a novel solution to enable federated tensor factorization for computational phenotyping without sharing patient-level data. We developed secure data harmonization and federated computation procedures based on alternating direction method of multipliers (ADMM). Using this method, the multiple hospitals iteratively update tensors and transfer secure summarized information to a central server, and the server aggregates the information to generate phenotypes. We demonstrated with real medical datasets that our method resembles the centralized training model (based on combined datasets) in terms of accuracy and phenotypes discovery while respecting privacy. PMID:29071165

78 FR 11258 - Self-Regulatory Organizations; Chicago Stock Exchange, Inc.; Notice of Filing and Immediate...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-15

....0022/share in all Derivative Securities Products priced $1.00/share or more executed in the Regular....0022/share in all Derivative Securities Products priced $1.00/share or more executed in the Regular... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-68894; File No. SR-CHX-2013-06] Self-Regulatory...

Satellite Anomalies: Benefits of a Centralized Anomaly Database and Methods for Securely Sharing Information Among Satellite Operators

DTIC Science & Technology

2014-01-01

unprecedented efficiencies in global busi- ness collaboration through communication, information distribution, and fast electronic monetary transactions...tudes (which peaks in free electron density at 300–400 km but extends to just above 1,000 km). At GEO, surface charging occurs intermit - tently

Politic of Security, Privacy and Transparency in Human Learning Systems

ERIC Educational Resources Information Center

Jeghal, Adil; Oughdir, Lahcen; Tairi, Hamid

2016-01-01

The preservation of confidentiality has become a major issue for the majority of applications that process personal information, the sensitivity of this information requires creators to set rules for the sharing and use of access control policies. A great deal of research has already been conducted in educational environments. However, one aspect…

The informatics capability maturity of integrated primary care centres in Australia.

PubMed

Liaw, Siaw-Teng; Kearns, Rachael; Taggart, Jane; Frank, Oliver; Lane, Riki; Tam, Michael; Dennis, Sarah; Walker, Christine; Russell, Grant; Harris, Mark

2017-09-01

Integrated primary care requires systems and service integration along with financial incentives to promote downward substitution to a single entry point to care. Integrated Primary Care Centres (IPCCs) aim to improve integration by co-location of health services. The Informatics Capability Maturity (ICM) describes how well health organisations collect, manage and share information; manage eHealth technology, implementation, change, data quality and governance; and use "intelligence" to improve care. Describe associations of ICM with systems and service integration in IPCCs. Mixed methods evaluation of IPCCs in metropolitan and rural Australia: an enhanced general practice, four GP Super Clinics, a "HealthOne" (private-public partnership) and a Community Health Centre. Data collection methods included self-assessed ICM, document review, interviews, observations in practice and assessment of electronic health record data. Data was analysed and compared across IPCCs. The IPCCs demonstrated a range of funding models, ownership, leadership, organisation and ICM. Digital tools were used with varying effectiveness to collect, use and share data. Connectivity was problematic, requiring "work-arounds" to communicate and share information. The lack of technical, data and software interoperability standards, clinical coding and secure messaging were barriers to data collection, integration and sharing. Strong leadership and governance was important for successful implementation of robust and secure eHealth systems. Patient engagement with eHealth tools was suboptimal. ICM is positively associated with integration of data, systems and care. Improved ICM requires a health workforce with eHealth competencies; technical, semantic and software standards; adequate privacy and security; and good governance and leadership. Copyright © 2017 Elsevier B.V. All rights reserved.

A qualitative analysis of information sharing for children with medical complexity within and across health care organizations.

PubMed

Quigley, Laura; Lacombe-Duncan, Ashley; Adams, Sherri; Hepburn, Charlotte Moore; Cohen, Eyal

2014-06-30

Children with medical complexity (CMC) are characterized by substantial family-identified service needs, chronic and severe conditions, functional limitations, and high health care use. Information exchange is critically important in high quality care of complex patients at high risk for poor care coordination. Written care plans for CMC are an excellent test case for how well information sharing is currently occurring. The purpose of this study was to identify the barriers to and facilitators of information sharing for CMC across providers, care settings, and families. A qualitative study design with data analysis informed by a grounded theory approach was utilized. Two independent coders conducted secondary analysis of interviews with parents of CMC and health care professionals involved in the care of CMC, collected from two studies of healthcare service delivery for this population. Additional interviews were conducted with privacy officers of associated organizations to supplement these data. Emerging themes related to barriers and facilitators to information sharing were identified by the two coders and the research team, and a theory of facilitators and barriers to information exchange evolved. Barriers to information sharing were related to one of three major themes; 1) the lack of an integrated, accessible, secure platform on which summative health care information is stored, 2) fragmentation of the current health system, and 3) the lack of consistent policies, standards, and organizational priorities across organizations for information sharing. Facilitators of information sharing were related to improving accessibility to a common document, expanding the use of technology, and improving upon a structured communication plan. Findings informed a model of how various barriers to information sharing interact to prevent optimal information sharing both within and across organizations and how the use of technology to improve communication and access to information can act as a solution.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lee, Juhui; School of Computatioal Sciences, Korea Institute for Advanced Study, Seoul 130-722; Lee, Soojoon

Extending the eavesdropping strategy devised by Zhang, Li, and Guo [Zhang, Li, and Guo, Phys. Rev. A 63, 036301 (2001)], we show that the multiparty quantum communication protocol based on entanglement swapping, which was proposed by Cabello (e-print quant-ph/0009025), is not secure. We modify the protocol so that entanglement swapping can secure multiparty quantum communication, such as multiparty quantum key distribution and quantum secret sharing of classical information, and show that the modified protocol is secure against the Zhang-Li-Guo strategy for eavesdropping as well as the basic intercept-resend attack.0.

Practical secure quantum communications

NASA Astrophysics Data System (ADS)

Diamanti, Eleni

2015-05-01

We review recent advances in the field of quantum cryptography, focusing in particular on practical implementations of two central protocols for quantum network applications, namely key distribution and coin flipping. The former allows two parties to share secret messages with information-theoretic security, even in the presence of a malicious eavesdropper in the communication channel, which is impossible with classical resources alone. The latter enables two distrustful parties to agree on a random bit, again with information-theoretic security, and with a cheating probability lower than the one that can be reached in a classical scenario. Our implementations rely on continuous-variable technology for quantum key distribution and on a plug and play discrete-variable system for coin flipping, and necessitate a rigorous security analysis adapted to the experimental schemes and their imperfections. In both cases, we demonstrate the protocols with provable security over record long distances in optical fibers and assess the performance of our systems as well as their limitations. The reported advances offer a powerful toolbox for practical applications of secure communications within future quantum networks.

Collaborating to optimize nursing students' agency information technology use.

PubMed

Fetter, Marilyn S

2009-01-01

As the learning laboratory for gaining actual patient care experience, clinical agencies play an essential role in nursing education. With an information technology revolution transforming healthcare, nursing programs are eager for their students to learn the latest informatics systems and technologies. However, many healthcare institutions are struggling to meet their own information technology needs and report limited resources and other as barriers to nursing student training. In addition, nursing students' information technology access and use raise security and privacy concerns. With the goal of a fully electronic health record by 2014, it is imperative that agencies and educational programs collaborate. They need to establish educationally sound, cost-effective, and secure policies and procedures for managing students' use of information technology systems. Strategies for evaluating options, selecting training methods, and ensuring data security are shared, along with strategies that may reap clinical, economic, and educational benefits. Students' information technology use raises numerous issues that the nursing profession must address to participate in healthcare's transformation into the digital age.

Extended outlook: description, utilization, and daily applications of cloud technology in radiology.

PubMed

Gerard, Perry; Kapadia, Neil; Chang, Patricia T; Acharya, Jay; Seiler, Michael; Lefkovitz, Zvi

2013-12-01

The purpose of this article is to discuss the concept of cloud technology, its role in medical applications and radiology, the role of the radiologist in using and accessing these vast resources of information, and privacy concerns and HIPAA compliance strategies. Cloud computing is the delivery of shared resources, software, and information to computers and other devices as a metered service. This technology has a promising role in the sharing of patient medical information and appears to be particularly suited for application in radiology, given the field's inherent need for storage and access to large amounts of data. The radiology cloud has significant strengths, such as providing centralized storage and access, reducing unnecessary repeat radiologic studies, and potentially allowing radiologic second opinions more easily. There are significant cost advantages to cloud computing because of a decreased need for infrastructure and equipment by the institution. Private clouds may be used to ensure secure storage of data and compliance with HIPAA. In choosing a cloud service, there are important aspects, such as disaster recovery plans, uptime, and security audits, that must be considered. Given that the field of radiology has become almost exclusively digital in recent years, the future of secure storage and easy access to imaging studies lies within cloud computing technology.

Self-Protecting Security for Assured Information Sharing

DTIC Science & Technology

2015-08-29

by Author Sophia Novitzky (Senior), Virginia Tech Mahalia Sapp (Senior), Virginia Tech Performance Sensitivity in Vertical Geothermal Energy...Harvesting Systems 9:15 AM, Annapolis Room, Student Center Residential geothermal energy systems have the potential to provide a cost-effective, low

Installation of secure, always available wireless LAN systems as a component of the hospital communication infrastructure.

PubMed

Hanada, Eisuke; Kudou, Takato; Tsumoto, Shusaku

2013-06-01

Wireless technologies as part of the data communication infrastructure of modern hospitals are being rapidly introduced. Even though there are concerns about problems associated with wireless communication security, the demand is remarkably large. In addition, insuring that the network is always available is important. Herein, we discuss security countermeasures and points to insure availability that must be taken to insure safe hospital/business use of wireless LAN systems, referring to the procedures introduced at Shimane University Hospital. Security countermeasures differ according to their purpose, such as for preventing illegal use or insuring availability, both of which are discussed. It is our hope that this information will assist others in their efforts to insure safe implementation of wireless LAN systems, especially in hospitals where they have the potential to greatly improve information sharing and patient safety.

Harnessing the Risk-Related Data Supply Chain: An Information Architecture Approach to Enriching Human System Research and Operations Knowledge

NASA Technical Reports Server (NTRS)

Buquo, Lynn; Johnson-Throop, Kathy

2010-01-01

NASA's Human Research Program (HRP) and Space Life Sciences Directorate (SLSD), not unlike many NASA organizations today, struggle with the inherent inefficiencies caused by dependencies on heterogeneous data systems and silos of data and information spread across decentralized discipline domains. The capture of operational and research-based data/information (both in-flight and ground-based) in disparate IT systems impedes the extent to which that data/information can be efficiently and securely shared, analyzed, and enriched into knowledge that directly and more rapidly supports HRP's research-focused human system risk mitigation efforts and SLSD s operationally oriented risk management efforts. As a result, an integrated effort is underway to more fully understand and document how specific sets of risk-related data/information are generated and used and in what IT systems that data/information currently resides. By mapping the risk-related data flow from raw data to useable information and knowledge (think of it as the data supply chain), HRP and SLSD are building an information architecture plan to leverage their existing, shared IT infrastructure. In addition, it is important to create a centralized structured tool to represent risks including attributes such as likelihood, consequence, contributing factors, and the evidence supporting the information in all these fields. Representing the risks in this way enables reasoning about the risks, e.g. revisiting a risk assessment when a mitigation strategy is unavailable, updating a risk assessment when new information becomes available, etc. Such a system also provides a concise way to communicate the risks both within the organization as well as with collaborators. Understanding and, hence, harnessing the human system risk-related data supply chain enhances both organizations' abilities to securely collect, integrate, and share data assets that improve human system research and operations.

South Asia Water Resources Workshop: An effort to promote water quality data sharing in South Asia

DOE Office of Scientific and Technical Information (OSTI.GOV)

RAJEN,GAURAV; BIRINGER,KENT L.; BETSILL,J. DAVID

2000-04-01

To promote cooperation in South Asia on environmental research, an international working group comprised of participants from Bangladesh, India, Nepal, Pakistan, Sri Lanka, and the US convened at the Soaltee Hotel in Kathmandu, Nepal, September 12 to 14, 1999. The workshop was sponsored in part by the Cooperative Monitoring Center (CMC) at Sandia National Laboratories in Albuquerque, New Mexico, through funding provided by the Department of Energy (DOE) Office of Nonproliferation and National Security. The CMC promotes collaborations among scientists and researchers in regions throughout the world as a means of achieving common regional security objectives. In the long term,more » the workshop organizers and participants are interested in the significance of regional information sharing as a means to build confidence and reduce conflict. The intermediate interests of the group focus on activities that might eventually foster regional management of some aspects of water resources utilization. The immediate purpose of the workshop was to begin the implementation phase of a project to collect and share water quality information at a number of river and coastal estuary locations throughout the region. The workshop participants achieved four objectives: (1) gaining a better understanding of the partner organizations involved; (2) garnering the support of existing regional organizations promoting environmental cooperation in South Asia; (3) identifying sites within the region at which data is to be collected; and (4) instituting a data and information collection and sharing process.« less

A Method of Signal Scrambling to Secure Data Storage for Healthcare Applications.

PubMed

Bao, Shu-Di; Chen, Meng; Yang, Guang-Zhong

2017-11-01

A body sensor network that consists of wearable and/or implantable biosensors has been an important front-end for collecting personal health records. It is expected that the full integration of outside-hospital personal health information and hospital electronic health records will further promote preventative health services as well as global health. However, the integration and sharing of health information is bound to bring with it security and privacy issues. With extensive development of healthcare applications, security and privacy issues are becoming increasingly important. This paper addresses the potential security risks of healthcare data in Internet-based applications and proposes a method of signal scrambling as an add-on security mechanism in the application layer for a variety of healthcare information, where a piece of tiny data is used to scramble healthcare records. The former is kept locally and the latter, along with security protection, is sent for cloud storage. The tiny data can be derived from a random number generator or even a piece of healthcare data, which makes the method more flexible. The computational complexity and security performance in terms of theoretical and experimental analysis has been investigated to demonstrate the efficiency and effectiveness of the proposed method. The proposed method is applicable to all kinds of data that require extra security protection within complex networks.

Defining a risk-informed framework for whole-of-government lessons learned: A Canadian perspective.

PubMed

Friesen, Shaye K; Kelsey, Shelley; Legere, J A Jim

Lessons learned play an important role in emergency management (EM) and organizational agility. Virtually all aspects of EM can derive benefit from a lessons learned program. From major security events to exercises, exploiting and applying lessons learned and "best practices" is critical to organizational resilience and adaptiveness. A robust lessons learned process and methodology provides an evidence base with which to inform decisions, guide plans, strengthen mitigation strategies, and assist in developing tools for operations. The Canadian Safety and Security Program recently supported a project to define a comprehensive framework that would allow public safety and security partners to regularly share event response best practices, and prioritize recommendations originating from after action reviews. This framework consists of several inter-locking elements: a comprehensive literature review/environmental scan of international programs; a survey to collect data from end users and management; the development of a taxonomy for organizing and structuring information; a risk-informed methodology for selecting, prioritizing, and following through on recommendations; and standardized templates and tools for tracking recommendations and ensuring implementation. This article discusses the efforts of the project team, which provided "best practice" advice and analytical support to ensure that a systematic approach to lessons learned was taken by the federal community to improve prevention, preparedness, and response activities. It posits an approach by which one might design a systematic process for information sharing and event response coordination-an approach that will assist federal departments to institutionalize a cross-government lessons learned program.

Dynamic Enforcement of Knowledge-based Security Policies

DTIC Science & Technology

2011-04-05

foster and maintain relationships by sharing information with friends and fans. These services store users’ personal information and use it to customize...Facebook selects ads based on age, gender, and even sexual preference [2]. Unfortunately, once personal information is collected, users have limited...could use a storage server (e.g., running on their home network) that handles personal † University of Maryland, Department of Computer Science

Enhancing the Safety, Security and Resilience of ICT and Scada Systems Using Action Research

NASA Astrophysics Data System (ADS)

Johnsen, Stig; Skramstad, Torbjorn; Hagen, Janne

This paper discusses the results of a questionnaire-based survey used to assess the safety, security and resilience of information and communications technology (ICT) and supervisory control and data acquisition (SCADA) systems used in the Norwegian oil and gas industry. The survey identifies several challenges, including the involvement of professionals with different backgrounds and expertise, lack of common risk perceptions, inadequate testing and integration of ICT and SCADA systems, poor information sharing related to undesirable incidents and lack of resilience in the design of technical systems. Action research is proposed as a process for addressing these challenges in a systematic manner and helping enhance the safety, security and resilience of ICT and SCADA systems used in oil and gas operations.

Authenticated multi-user quantum key distribution with single particles

NASA Astrophysics Data System (ADS)

Lin, Song; Wang, Hui; Guo, Gong-De; Ye, Guo-Hua; Du, Hong-Zhen; Liu, Xiao-Fen

2016-03-01

Quantum key distribution (QKD) has been growing rapidly in recent years and becomes one of the hottest issues in quantum information science. During the implementation of QKD on a network, identity authentication has been one main problem. In this paper, an efficient authenticated multi-user quantum key distribution (MQKD) protocol with single particles is proposed. In this protocol, any two users on a quantum network can perform mutual authentication and share a secure session key with the assistance of a semi-honest center. Meanwhile, the particles, which are used as quantum information carriers, are not required to be stored, therefore the proposed protocol is feasible with current technology. Finally, security analysis shows that this protocol is secure in theory.

Information Sharing from 9-1-1 Centers

DTIC Science & Technology

2014-09-01

Police Chief, 2014, http://www.policechiefmagazine.org/ magazine /index.cfm?fuseaction=display_arch&article_id=1199&issue _id=62007. 2 “9-1-1 History...Homeland Security Magazine ,51 discusses the pros and cons of using social media to 49 Jennifer E...Information Dilemmas in Biotechnology : Organizational Boundaries As Trust Production, NBER WorkingPaper No. 5199, National Bureau of Economic

75 FR 5491 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Customs...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-03

... nature and the sharing of DHS/ CBP--007 Border Crossing Information system of records information in... system of records also provides notice and transparency to the public as to nature and extent of the... integrity.'' United States v. Flores-Montano, 541 U.S. 149, 153 (2004). Indeed, ``the Government's interest...

78 FR 40204 - ProShare Advisors LLC, et al.; Notice of Application

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-03

... receive securities from, the series in connection with the purchase and redemption of Creation Units; and... Inside Information Policy. In accordance with the Code of Ethics \\13\\ and Inside Information Policy of.... \\13\\ The Adviser has also adopted or will adopt a code of ethics pursuant to Rule 17j-1 under the Act...

Secure alignment of coordinate systems using quantum correlation

NASA Astrophysics Data System (ADS)

Rezazadeh, F.; Mani, A.; Karimipour, V.

2017-08-01

We show that two parties far apart can use shared entangled states and classical communication to align their coordinate systems with a very high fidelity. Moreover, compared with previous methods proposed for such a task, i.e., sending parallel or antiparallel pairs or groups of spin states, our method has the extra advantages of using single-qubit measurements and also being secure, so that third parties do not extract any information about the aligned coordinate system established between the two parties. The latter property is important in many other quantum information protocols in which measurements inevitably play a significant role.

Homeland Security 2002: Evolving the Homeland Defense Infrastructure. Executive Summary Report (Conference Proceedings June 25 - 26, 2002) Volume 1, No. 2)

DTIC Science & Technology

2002-09-01

ADDRESS(ES) 8. PERFORMING ORGANIZATION REPORT NUMBER Egov 9. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSORING / MONITORING...initiatives. The federal government has 55 databases that deal with security threats, but inter- agency access depends on establishing agreements through...which that information can be shared. True cooperation also will require government -wide commitment to enterprise architecture, integrated

WMD Intelligence and Information Sharing Act of 2012

THOMAS, 112th Congress

Rep. Meehan, Patrick [R-PA-7

2011-08-01

Senate - 06/04/2012 Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (All Actions) Tracker: This bill has the status Passed HouseHere are the steps for Status of Legislation:

WMD Intelligence and Information Sharing Act of 2013

THOMAS, 113th Congress

Rep. Meehan, Patrick [R-PA-7

2013-04-12

Senate - 07/23/2013 Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (All Actions) Tracker: This bill has the status Passed HouseHere are the steps for Status of Legislation:

75 FR 69689 - Privacy Act of 1974; Department of Homeland Security Office of Operations Coordination and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-15

...'s as an identifier and may be shared with the Department); Citizenship; Contact information... facilities in a locked drawer behind a locked door. The records are stored on magnetic disc, tape, digital...

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2013 CFR

2013-04-01

....30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF... that agency employees and contractors receive appropriate training and education programs regarding the... information privacy issues, including those relating to the collection, use, sharing, and disclosure of...

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2012 CFR

2012-04-01

....30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF... that agency employees and contractors receive appropriate training and education programs regarding the... information privacy issues, including those relating to the collection, use, sharing, and disclosure of...

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2014 CFR

2014-04-01

....30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF... that agency employees and contractors receive appropriate training and education programs regarding the... information privacy issues, including those relating to the collection, use, sharing, and disclosure of...

20 CFR 401.30 - Privacy Act and other responsibilities.

Code of Federal Regulations, 2011 CFR

2011-04-01

....30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF... that agency employees and contractors receive appropriate training and education programs regarding the... information privacy issues, including those relating to the collection, use, sharing, and disclosure of...

77 FR 72673 - Critical Infrastructure Protection and Resilience Month, 2012

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-05

.... Cyber incidents can have devastating consequences on both physical and virtual infrastructure, which is... work within existing authorities to fortify our country against cyber risks, comprehensive legislation remains essential to improving infrastructure security, enhancing cyber information sharing between...

78 FR 16699 - National Maritime Security Advisory Committee; Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-18

... Executive Order \\1\\ to strengthen the cybersecurity of critical infrastructure by increasing information sharing and by jointly developing and implementing a framework of cybersecurity practices with our...-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity . (2...

Risk Information Management Resource (RIMR): modeling an approach to defending against military medical information assurance brain drain

NASA Astrophysics Data System (ADS)

Wright, Willie E.

2003-05-01

As Military Medical Information Assurance organizations face off with modern pressures to downsize and outsource, they battle with losing knowledgeable people who leave and take with them what they know. This knowledge is increasingly being recognized as an important resource and organizations are now taking steps to manage it. In addition, as the pressures for globalization (Castells, 1998) increase, collaboration and cooperation are becoming more distributed and international. Knowledge sharing in a distributed international environment is becoming an essential part of Knowledge Management. This is a major shortfall in the current approach to capturing and sharing knowledge in Military Medical Information Assurance. This paper addresses this challenge by exploring Risk Information Management Resource (RIMR) as a tool for sharing knowledge using the concept of Communities of Practice. RIMR is based no the framework of sharing and using knowledge. This concept is done through three major components - people, process and technology. The people aspect enables remote collaboration, support communities of practice, reward and recognize knowledge sharing while encouraging storytelling. The process aspect enhances knowledge capture and manages information. While the technology aspect enhance system integration and data mining, it also utilizes intelligent agents and exploits expert systems. These coupled with supporting activities of education and training, technology infrastructure and information security enables effective information assurance collaboration.

Network information security in a phase III Integrated Academic Information Management System (IAIMS).

PubMed

Shea, S; Sengupta, S; Crosswell, A; Clayton, P D

1992-01-01

The developing Integrated Academic Information System (IAIMS) at Columbia-Presbyterian Medical Center provides data sharing links between two separate corporate entities, namely Columbia University Medical School and The Presbyterian Hospital, using a network-based architecture. Multiple database servers with heterogeneous user authentication protocols are linked to this network. "One-stop information shopping" implies one log-on procedure per session, not separate log-on and log-off procedures for each server or application used during a session. These circumstances provide challenges at the policy and technical levels to data security at the network level and insuring smooth information access for end users of these network-based services. Five activities being conducted as part of our security project are described: (1) policy development; (2) an authentication server for the network; (3) Kerberos as a tool for providing mutual authentication, encryption, and time stamping of authentication messages; (4) a prototype interface using Kerberos services to authenticate users accessing a network database server; and (5) a Kerberized electronic signature.

A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

PubMed

Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

2015-08-01

Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency.

Safety and Security Interface Technology Initiative

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dr. Michael A. Lehto; Kevin J. Carroll; Dr. Robert Lowrie

Safety and Security Interface Technology Initiative Mr. Kevin J. Carroll Dr. Robert Lowrie, Dr. Micheal Lehto BWXT Y12 NSC Oak Ridge, TN 37831 865-576-2289/865-241-2772 carrollkj@y12.doe.gov Work Objective. Earlier this year, the Energy Facility Contractors Group (EFCOG) was asked to assist in developing options related to acceleration deployment of new security-related technologies to assist meeting design base threat (DBT) needs while also addressing the requirements of 10 CFR 830. NNSA NA-70, one of the working group participants, designated this effort the Safety and Security Interface Technology Initiative (SSIT). Relationship to Workshop Theme. “Supporting Excellence in Operations Through Safety Analysis,” (workshop theme)more » includes security and safety personnel working together to ensure effective and efficient operations. One of the specific workshop elements listed in the call for papers is “Safeguards/Security Integration with Safety.” This paper speaks directly to this theme. Description of Work. The EFCOG Safety Analysis Working Group (SAWG) and the EFCOG Security Working Group formed a core team to develop an integrated process involving both safety basis and security needs allowing achievement of the DBT objectives while ensuring safety is appropriately considered. This effort garnered significant interest, starting with a two day breakout session of 30 experts at the 2006 Safety Basis Workshop. A core team was formed, and a series of meetings were held to develop that process, including safety and security professionals, both contractor and federal personnel. A pilot exercise held at Idaho National Laboratory (INL) in mid-July 2006 was conducted as a feasibility of concept review. Work Results. The SSIT efforts resulted in a topical report transmitted from EFCOG to DOE/NNSA in August 2006. Elements of the report included: Drivers and Endstate, Control Selections Alternative Analysis Process, Terminology Crosswalk, Safety Basis/Security Documentation Integration, Configuration Control, and development of a shared ‘tool box’ of information/successes. Specific Benefits. The expectation or end state resulting from the topical report and associated implementation plan includes: (1) A recommended process for handling the documentation of the security and safety disciplines, including an appropriate change control process and participation by all stakeholders. (2) A means to package security systems with sufficient information to help expedite the flow of that system through the process. In addition, a means to share successes among sites, to include information and safety basis to the extent such information is transportable. (3) Identification of key security systems and associated essential security elements being installed and an arrangement for the sites installing these systems to host an appropriate team to review a specific system and determine what information is exportable. (4) Identification of the security systems’ essential elements and appropriate controls required for testing of these essential elements in the facility. (5) The ability to help refine and improve an agreed to control set at the manufacture stage.« less

78 FR 53509 - Self-Regulatory Organizations; BATS Exchange, Inc.; Order Approving a Proposed Rule Change, as...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-29

... for the following securities: Index-Linked Exchangeable Notes; Equity Gold Shares; Trust Certificates; Commodity-Based Trust Shares; Currency Trust Shares; Commodity Index Trust Shares; Commodity Futures Trust Shares; Partnership Units; Trust Units; Managed Trust Securities; and Currency Warrants (together with...

Distributed generation of shared RSA keys in mobile ad hoc networks

NASA Astrophysics Data System (ADS)

Liu, Yi-Liang; Huang, Qin; Shen, Ying

2005-12-01

Mobile Ad Hoc Networks is a totally new concept in which mobile nodes are able to communicate together over wireless links in an independent manner, independent of fixed physical infrastructure and centralized administrative infrastructure. However, the nature of Ad Hoc Networks makes them very vulnerable to security threats. Generation and distribution of shared keys for CA (Certification Authority) is challenging for security solution based on distributed PKI(Public-Key Infrastructure)/CA. The solutions that have been proposed in the literature and some related issues are discussed in this paper. The solution of a distributed generation of shared threshold RSA keys for CA is proposed in the present paper. During the process of creating an RSA private key share, every CA node only has its own private security. Distributed arithmetic is used to create the CA's private share locally, and that the requirement of centralized management institution is eliminated. Based on fully considering the Mobile Ad Hoc network's characteristic of self-organization, it avoids the security hidden trouble that comes by holding an all private security share of CA, with which the security and robustness of system is enhanced.

A resilient and secure software platform and architecture for distributed spacecraft

NASA Astrophysics Data System (ADS)

Otte, William R.; Dubey, Abhishek; Karsai, Gabor

2014-06-01

A distributed spacecraft is a cluster of independent satellite modules flying in formation that communicate via ad-hoc wireless networks. This system in space is a cloud platform that facilitates sharing sensors and other computing and communication resources across multiple applications, potentially developed and maintained by different organizations. Effectively, such architecture can realize the functions of monolithic satellites at a reduced cost and with improved adaptivity and robustness. Openness of these architectures pose special challenges because the distributed software platform has to support applications from different security domains and organizations, and where information flows have to be carefully managed and compartmentalized. If the platform is used as a robust shared resource its management, configuration, and resilience becomes a challenge in itself. We have designed and prototyped a distributed software platform for such architectures. The core element of the platform is a new operating system whose services were designed to restrict access to the network and the file system, and to enforce resource management constraints for all non-privileged processes Mixed-criticality applications operating at different security labels are deployed and controlled by a privileged management process that is also pre-configuring all information flows. This paper describes the design and objective of this layer.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lee, Hsien-Hsin S

The overall objective of this research project is to develop novel architectural techniques as well as system software to achieve a highly secure and intrusion-tolerant computing system. Such system will be autonomous, self-adapting, introspective, with self-healing capability under the circumstances of improper operations, abnormal workloads, and malicious attacks. The scope of this research includes: (1) System-wide, unified introspection techniques for autonomic systems, (2) Secure information-flow microarchitecture, (3) Memory-centric security architecture, (4) Authentication control and its implication to security, (5) Digital right management, (5) Microarchitectural denial-of-service attacks on shared resources. During the period of the project, we developed several architectural techniquesmore » and system software for achieving a robust, secure, and reliable computing system toward our goal.« less

An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds

DOE Office of Scientific and Technical Information (OSTI.GOV)

Simmhan, Yogesh; Kumbhare, Alok; Cao, Baohua

2011-07-09

Power utilities globally are increasingly upgrading to Smart Grids that use bi-directional communication with the consumer to enable an information-driven approach to distributed energy management. Clouds offer features well suited for Smart Grid software platforms and applications, such as elastic resources and shared services. However, the security and privacy concerns inherent in an information rich Smart Grid environment are further exacerbated by their deployment on Clouds. Here, we present an analysis of security and privacy issues in a Smart Grids software architecture operating on different Cloud environments, in the form of a taxonomy. We use the Los Angeles Smart Gridmore » Project that is underway in the largest U.S. municipal utility to drive this analysis that will benefit both Cloud practitioners targeting Smart Grid applications, and Cloud researchers investigating security and privacy.« less

Ensuring the security and availability of a hospital wireless LAN system.

PubMed

Hanada, Eisuke; Kudou, Takato; Tsumoto, Shusaku

2013-01-01

Wireless technologies as part of the data communication infrastructure of modern hospitals are being rapidly introduced. Even though there are concerns about problems associated with wireless communication security, the demand is remarkably large. Herein we discuss security countermeasures that must be taken and issues concerning availability that must be considered to ensure safe hospital/business use of wireless LAN systems, referring to the procedures introduced at a university hospital. Security countermeasures differ according to their purpose, such as preventing illegal use or ensuring availability, both of which are discussed. The main focus of the availability discussion is on signal reach, electromagnetic noise elimination, and maintaining power supply to the network apparatus. It is our hope that this information will assist others in their efforts to ensure safe implementation of wireless LAN systems, especially in hospitals where they have the potential to greatly improve information sharing and patient safety.

3 CFR 13546 - Executive Order 13546 of July 2, 2010. Optimizing the Security of Biological Select Agents and...

Code of Federal Regulations, 2011 CFR

2011-01-01

... discourage research or other legitimate activities. (c) Understanding that research and laboratory work on... consultation, as needed, on topics of relevance to the SAP. Sec. 8. Sharing of Select Agent Program Information...

78 FR 61807 - National Cybersecurity Awareness Month, 2013

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-04

... National Cybersecurity Awareness Month, 2013 By the President of the United States of America A... public awareness about cybersecurity, and we recommit to enhancing the security and resilience of our... best practices for cybersecurity, increase information sharing between the Federal Government and...

78 FR 19277 - National Maritime Security Advisory Committee; Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-29

... Obama signed an Executive Order to strengthen the cybersecurity of critical infrastructure by increasing information sharing and by jointly developing and implementing a framework of cybersecurity practices with our...-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity . (2...

The secure authorization model for healthcare information system.

PubMed

Hsu, Wen-Shin; Pan, Jiann-I

2013-10-01

Exploring healthcare system for assisting medical services or transmitting patients' personal health information in web application has been widely investigated. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. In the healthcare system, not all users are allowed to access all the information. Several authorization models for restricting users to access specific information at specific permissions have been proposed. However, as the number of users and the amount of information grows, the difficulties for administrating user authorization will increase. The critical problem limits the widespread usage of the healthcare system. This paper proposes an approach for role-based and extends it to deal with the information for authorizations in the healthcare system. We propose the role-based authorization model which supports authorizations for different kinds of objects, and a new authorization domain. Based on this model, we discuss the issues and requirements of security in the healthcare systems. The security issues for services shared between different healthcare industries will also be discussed.

Security policy speculation of user uploaded images on content sharing sites

NASA Astrophysics Data System (ADS)

Iyapparaja, M.; Tiwari, Maneesh

2017-11-01

Innovation is developing step by step tremendously. As there are numerous social locales where information likes pictures, sound, video and so forth are shared by the client to each other. In concentrate to all exercises on social locales, there is need of protection to pictures. Because of this reason, I utilized Adaptive protection strategy forecast instrument to give security to the pictures. Issue identified with pictures is the huge issue in social locales like Facebook, twitter and so on. So here the part of a social thought, security to pictures, metadata and so on is produced. To conquer this issue we produced an answer which is 2 systems which understanding to a background marked by the pictures gives appropriated answer for them. Here we give an arrangement to the specific sort of pictures by characterizing them and in addition giving protection to pictures which are transferred agreement to a calculation that we utilized. Consequently as indicated by this arrangement expectation pictures take after a similar approach on up and coming pictures and give successful security to them.

Improving security of the ping-pong protocol

NASA Astrophysics Data System (ADS)

Zawadzki, Piotr

2013-01-01

A security layer for the asymptotically secure ping-pong protocol is proposed and analyzed in the paper. The operation of the improvement exploits inevitable errors introduced by the eavesdropping in the control and message modes. Its role is similar to the privacy amplification algorithms known from the quantum key distribution schemes. Messages are processed in blocks which guarantees that an eavesdropper is faced with a computationally infeasible problem as long as the system parameters are within reasonable limits. The introduced additional information preprocessing does not require quantum memory registers and confidential communication is possible without prior key agreement or some shared secret.

Novel Multi-Party Quantum Key Agreement Protocol with G-Like States and Bell States

NASA Astrophysics Data System (ADS)

Min, Shi-Qi; Chen, Hua-Ying; Gong, Li-Hua

2018-03-01

A significant aspect of quantum cryptography is quantum key agreement (QKA), which ensures the security of key agreement protocols by quantum information theory. The fairness of an absolute security multi-party quantum key agreement (MQKA) protocol demands that all participants can affect the protocol result equally so as to establish a shared key and that nobody can determine the shared key by himself/herself. We found that it is difficult for the existing multi-party quantum key agreement protocol to withstand the collusion attacks. Put differently, it is possible for several cooperated and untruthful participants to determine the final key without being detected. To address this issue, based on the entanglement swapping between G-like state and Bell states, a new multi-party quantum key agreement protocol is put forward. The proposed protocol makes full use of EPR pairs as quantum resources, and adopts Bell measurement and unitary operation to share a secret key. Besides, the proposed protocol is fair, secure and efficient without involving a third party quantum center. It demonstrates that the protocol is capable of protecting users' privacy and meeting the requirement of fairness. Moreover, it is feasible to carry out the protocol with existing technologies.

Novel Multi-Party Quantum Key Agreement Protocol with G-Like States and Bell States

NASA Astrophysics Data System (ADS)

Min, Shi-Qi; Chen, Hua-Ying; Gong, Li-Hua

2018-06-01

A significant aspect of quantum cryptography is quantum key agreement (QKA), which ensures the security of key agreement protocols by quantum information theory. The fairness of an absolute security multi-party quantum key agreement (MQKA) protocol demands that all participants can affect the protocol result equally so as to establish a shared key and that nobody can determine the shared key by himself/herself. We found that it is difficult for the existing multi-party quantum key agreement protocol to withstand the collusion attacks. Put differently, it is possible for several cooperated and untruthful participants to determine the final key without being detected. To address this issue, based on the entanglement swapping between G-like state and Bell states, a new multi-party quantum key agreement protocol is put forward. The proposed protocol makes full use of EPR pairs as quantum resources, and adopts Bell measurement and unitary operation to share a secret key. Besides, the proposed protocol is fair, secure and efficient without involving a third party quantum center. It demonstrates that the protocol is capable of protecting users' privacy and meeting the requirement of fairness. Moreover, it is feasible to carry out the protocol with existing technologies.

Secure Information Sharing: Part I. Shaping Industry Interaction

DTIC Science & Technology

2008-02-01

reduce costs and maximize return, continues to be a simple, core concept to competitive advantage . Defense AT&L: January-February 2008 38 New Supply...only government body to benefit . The British Ministry of Defence will also be using secure e-mail to send U.K.-restricted e-mail over the Internet...illustrates two major advantages of DSIF: First, there are no accounts for the BAE Systems users at LMCO, and there are no credentials that need to

Facilitating a culture of responsible and effective sharing of cancer genome data.

PubMed

Siu, Lillian L; Lawler, Mark; Haussler, David; Knoppers, Bartha Maria; Lewin, Jeremy; Vis, Daniel J; Liao, Rachel G; Andre, Fabrice; Banks, Ian; Barrett, J Carl; Caldas, Carlos; Camargo, Anamaria Aranha; Fitzgerald, Rebecca C; Mao, Mao; Mattison, John E; Pao, William; Sellers, William R; Sullivan, Patrick; Teh, Bin Tean; Ward, Robyn L; ZenKlusen, Jean Claude; Sawyers, Charles L; Voest, Emile E

2016-05-05

Rapid and affordable tumor molecular profiling has led to an explosion of clinical and genomic data poised to enhance the diagnosis, prognostication and treatment of cancer. A critical point has now been reached at which the analysis and storage of annotated clinical and genomic information in unconnected silos will stall the advancement of precision cancer care. Information systems must be harmonized to overcome the multiple technical and logistical barriers to data sharing. Against this backdrop, the Global Alliance for Genomic Health (GA4GH) was established in 2013 to create a common framework that enables responsible, voluntary and secure sharing of clinical and genomic data. This Perspective from the GA4GH Clinical Working Group Cancer Task Team highlights the data-aggregation challenges faced by the field, suggests potential collaborative solutions and describes how GA4GH can catalyze a harmonized data-sharing culture.

26 CFR 1.358-2 - Allocation of basis among nonrecognition property.

Code of Federal Regulations, 2010 CFR

2010-04-01

... respect of shares of stock or securities that were acquired on the same date and at the same price. To the... different prices, the share of stock or security received shall be divided into segments based on the... different prices exchanges such shares of stock or securities under the terms of section 354, 355, or 356...

GrabBlur--a framework to facilitate the secure exchange of whole-exome and -genome SNV data using VCF files.

PubMed

Stade, Björn; Seelow, Dominik; Thomsen, Ingo; Krawczak, Michael; Franke, Andre

2014-01-01

Next Generation Sequencing (NGS) of whole exomes or genomes is increasingly being used in human genetic research and diagnostics. Sharing NGS data with third parties can help physicians and researchers to identify causative or predisposing mutations for a specific sample of interest more efficiently. In many cases, however, the exchange of such data may collide with data privacy regulations. GrabBlur is a newly developed tool to aggregate and share NGS-derived single nucleotide variant (SNV) data in a public database, keeping individual samples unidentifiable. In contrast to other currently existing SNV databases, GrabBlur includes phenotypic information and contact details of the submitter of a given database entry. By means of GrabBlur human geneticists can securely and easily share SNV data from resequencing projects. GrabBlur can ease the interpretation of SNV data by offering basic annotations, genotype frequencies and in particular phenotypic information - given that this information was shared - for the SNV of interest. GrabBlur facilitates the combination of phenotypic and NGS data (VCF files) via a local interface or command line operations. Data submissions may include HPO (Human Phenotype Ontology) terms, other trait descriptions, NGS technology information and the identity of the submitter. Most of this information is optional and its provision at the discretion of the submitter. Upon initial intake, GrabBlur merges and aggregates all sample-specific data. If a certain SNV is rare, the sample-specific information is replaced with the submitter identity. Generally, all data in GrabBlur are highly aggregated so that they can be shared with others while ensuring maximum privacy. Thus, it is impossible to reconstruct complete exomes or genomes from the database or to re-identify single individuals. After the individual information has been sufficiently "blurred", the data can be uploaded into a publicly accessible domain where aggregated genotypes are provided alongside phenotypic information. A web interface allows querying the database and the extraction of gene-wise SNV information. If an interesting SNV is found, the interrogator can get in contact with the submitter to exchange further information on the carrier and clarify, for example, whether the latter's phenotype matches with phenotype of their own patient.

Do privacy and security regulations need a status update? Perspectives from an intergenerational survey

PubMed Central

Pereira, Stacey; Robinson, Jill Oliver; Gutierrez, Amanda M.; Majumder, Mary A.; McGuire, Amy L.; Rothstein, Mark A.

2017-01-01

Background The importance of health privacy protections in the era of the “Facebook Generation” has been called into question. The ease with which younger people share personal information about themselves has led to the assumption that they are less concerned than older generations about the privacy of their information, including health information. We explored whether survey respondents’ views toward health privacy suggest that efforts to strengthen privacy protections as health information is moved online are unnecessary. Methods Using Amazon’s Mechanical Turk (MTurk), which is well-known for recruitment for survey research, we distributed a 45-item survey to individuals in the U.S. to assess their perspectives toward privacy and security of online and health information, social media behaviors, use of health and fitness devices, and demographic information. Results 1310 participants (mean age: 36 years, 50% female, 78% non-Hispanic white, 54% college graduates or higher) were categorized by generations: Millennials, Generation X, and Baby Boomers. In multivariate regression models, we found that generational cohort was an independent predictor of level of concern about privacy and security of both online and health information. Younger generations were significantly less likely to be concerned than older generations (all P < 0.05). Time spent online and social media use were not predictors of level of concern about privacy or security of online or health information (all P > 0.05). Limitations This study is limited by the non-representativeness of our sample. Conclusions Though Millennials reported lower levels of concern about privacy and security, this was not related to internet or social media behaviors, and majorities within all generations reported concern about both the privacy and security of their health information. Thus, there is no intergenerational imperative to relax privacy and security standards, and it would be advisable to take privacy and security of health information more seriously. PMID:28926626

Do privacy and security regulations need a status update? Perspectives from an intergenerational survey.

PubMed

Pereira, Stacey; Robinson, Jill Oliver; Peoples, Hayley A; Gutierrez, Amanda M; Majumder, Mary A; McGuire, Amy L; Rothstein, Mark A

2017-01-01

The importance of health privacy protections in the era of the "Facebook Generation" has been called into question. The ease with which younger people share personal information about themselves has led to the assumption that they are less concerned than older generations about the privacy of their information, including health information. We explored whether survey respondents' views toward health privacy suggest that efforts to strengthen privacy protections as health information is moved online are unnecessary. Using Amazon's Mechanical Turk (MTurk), which is well-known for recruitment for survey research, we distributed a 45-item survey to individuals in the U.S. to assess their perspectives toward privacy and security of online and health information, social media behaviors, use of health and fitness devices, and demographic information. 1310 participants (mean age: 36 years, 50% female, 78% non-Hispanic white, 54% college graduates or higher) were categorized by generations: Millennials, Generation X, and Baby Boomers. In multivariate regression models, we found that generational cohort was an independent predictor of level of concern about privacy and security of both online and health information. Younger generations were significantly less likely to be concerned than older generations (all P < 0.05). Time spent online and social media use were not predictors of level of concern about privacy or security of online or health information (all P > 0.05). This study is limited by the non-representativeness of our sample. Though Millennials reported lower levels of concern about privacy and security, this was not related to internet or social media behaviors, and majorities within all generations reported concern about both the privacy and security of their health information. Thus, there is no intergenerational imperative to relax privacy and security standards, and it would be advisable to take privacy and security of health information more seriously.

Surrogate data--a secure way to share corporate data.

PubMed

Tetko, Igor V; Abagyan, Ruben; Oprea, Tudor I

2005-01-01

The privacy of chemical structure is of paramount importance for the industrial sector, in particular for the pharmaceutical industry. At the same time, companies handle large amounts of physico-chemical and biological data that could be shared in order to improve our molecular understanding of pharmacokinetic and toxicological properties, which could lead to improved predictivity and shorten the development time for drugs, in particular in the early phases of drug discovery. The current study provides some theoretical limits on the information required to produce reverse engineering of molecules from generated descriptors and demonstrates that the information content of molecules can be as low as less than one bit per atom. Thus theoretically just one descriptor can be used to completely disclose the molecular structure. Instead of sharing descriptors, we propose to share surrogate data. The sharing of surrogate data is nothing else but sharing of reliably predicted molecules. The use of surrogate data can provide the same information as the original set. We consider the practical application of this idea to predict lipophilicity of chemical compounds and we demonstrate that surrogate and real (original) data provides similar prediction ability. Thus, our proposed strategy makes it possible not only to share descriptors, but also complete collections of surrogate molecules without the danger of disclosing the underlying molecular structures.

77 FR 60607 - National Cybersecurity Awareness Month, 2012

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-04

... released the Blueprint for a Secure Cyber Future--a strategic plan to protect government, the private sector, and the public against cyber threats today and tomorrow. As we continue to improve our... infrastructure, facilitating greater cyber information sharing between government and the private sector, and...

A low noise stenography method for medical images with QR encoding of patient information

NASA Astrophysics Data System (ADS)

Patiño-Vanegas, Alberto; Contreras-Ortiz, Sonia H.; Martinez-Santos, Juan C.

2017-03-01

This paper proposes an approach to facilitate the process of individualization of patients from their medical images, without compromising the inherent confidentiality of medical data. The identification of a patient from a medical image is not often the goal of security methods applied to image records. Usually, any identification data is removed from shared records, and security features are applied to determine ownership. We propose a method for embedding a QR-code containing information that can be used to individualize a patient. This is done so that the image to be shared does not differ significantly from the original image. The QR-code is distributed in the image by changing several pixels according to a threshold value based on the average value of adjacent pixels surrounding the point of interest. The results show that the code can be embedded and later fully recovered with minimal changes in the UIQI index - less than 0.1% of different.

Adaptation of interoperability standards for cross domain usage

NASA Astrophysics Data System (ADS)

Essendorfer, B.; Kerth, Christian; Zaschke, Christian

2017-05-01

As globalization affects most aspects of modern life, challenges of quick and flexible data sharing apply to many different domains. To protect a nation's security for example, one has to look well beyond borders and understand economical, ecological, cultural as well as historical influences. Most of the time information is produced and stored digitally and one of the biggest challenges is to receive relevant readable information applicable to a specific problem out of a large data stock at the right time. These challenges to enable data sharing across national, organizational and systems borders are known to other domains (e.g., ecology or medicine) as well. Solutions like specific standards have been worked on for the specific problems. The question is: what can the different domains learn from each other and do we have solutions when we need to interlink the information produced in these domains? A known problem is to make civil security data available to the military domain and vice versa in collaborative operations. But what happens if an environmental crisis leads to the need to quickly cooperate with civil or military security in order to save lives? How can we achieve interoperability in such complex scenarios? The paper introduces an approach to adapt standards from one domain to another and lines out problems that have to be overcome and limitations that may apply.

Attribute based encryption for secure sharing of E-health data

NASA Astrophysics Data System (ADS)

Charanya, R.; Nithya, S.; Manikandan, N.

2017-11-01

Distributed computing is one of the developing innovations in IT part and information security assumes a real part. It includes sending gathering of remote server and programming that permit the unified information and online access to PC administrations. Distributed computing depends on offering of asset among different clients are additionally progressively reallocated on interest. Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. The reasons for security and protection issues, which rise on the grounds that the health information possessed by distinctive clients are put away in some cloud servers rather than under their own particular control”z. To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed. In this paper, in order to make ehealth data’s more secure we use multi party in cloud computing system. Where the health data is encrypted using attributes and key policy. And the user with a particular attribute and key policy alone will be able to decrypt the health data after it is verified by “key distribution centre” and the “secure data distributor”. This technique can be used in medical field for secure storage of patient details and limiting to particular doctor access. To make data’s scalable secure we need to encrypt the health data before outsourcing.

Teleradiology mobile internet system with a new information security solution

NASA Astrophysics Data System (ADS)

Satoh, Hitoshi; Niki, Noboru; Eguchi, Kenji; Ohmatsu, Hironobu; Kusumoto, Masahiko; Kaneko, Masahiro; Moriyama, Noriyuki

2014-03-01

We have developed an external storage system by using secret sharing scheme and tokenization for regional medical cooperation, PHR service and information preservation. The use of mobile devices such as smart phones and tablets will be accelerated for a PHR service, and the confidential medical information is exposed to the risk of damage and intercept. We verified the transfer rate of the sending and receiving of data to and from the external storage system that connected it with PACS by the Internet this time. External storage systems are the data centers that exist in Okinawa, in Osaka, in Sapporo and in Tokyo by using secret sharing scheme. PACS continuously transmitted 382 CT images to the external data centers. Total capacity of the CT images is about 200MB. The total time that had been required to transmit was about 250 seconds. Because the preservation method to use secret sharing scheme is applied, security is strong. But, it also takes the information transfer time of this system too much. Therefore, DICOM data is masked to the header information part because it is made to anonymity in our method. The DICOM data made anonymous is preserved in the data base in the hospital. Header information including individual information is divided into two or more tallies by secret sharing scheme, and preserved at two or more external data centers. The token to relate the DICOM data anonymity made to header information preserved outside is strictly preserved in the token server. The capacity of header information that contains patient's individual information is only about 2% of the entire DICOM data. This total time that had been required to transmit was about 5 seconds. Other, common solutions that can protect computer communication networks from attacks are classified as cryptographic techniques or authentication techniques. Individual number IC card is connected with electronic certification authority of web medical image conference system. Individual number IC card is given only to the person to whom the authority to operate web medical image conference system was given.

Reviews on Security Issues and Challenges in Cloud Computing

NASA Astrophysics Data System (ADS)

An, Y. Z.; Zaaba, Z. F.; Samsudin, N. F.

2016-11-01

Cloud computing is an Internet-based computing service provided by the third party allowing share of resources and data among devices. It is widely used in many organizations nowadays and becoming more popular because it changes the way of how the Information Technology (IT) of an organization is organized and managed. It provides lots of benefits such as simplicity and lower costs, almost unlimited storage, least maintenance, easy utilization, backup and recovery, continuous availability, quality of service, automated software integration, scalability, flexibility and reliability, easy access to information, elasticity, quick deployment and lower barrier to entry. While there is increasing use of cloud computing service in this new era, the security issues of the cloud computing become a challenges. Cloud computing must be safe and secure enough to ensure the privacy of the users. This paper firstly lists out the architecture of the cloud computing, then discuss the most common security issues of using cloud and some solutions to the security issues since security is one of the most critical aspect in cloud computing due to the sensitivity of user's data.

Integrating public health and medical intelligence gathering into homeland security fusion centres.

PubMed

Lenart, Brienne; Albanese, Joseph; Halstead, William; Schlegelmilch, Jeffrey; Paturas, James

Homeland security fusion centres serve to gather, analyse and share threat-related information among all levels of governments and law enforcement agencies. In order to function effectively, fusion centres must employ people with the necessary competencies to understand the nature of the threat facing a community, discriminate between important information and irrelevant or merely interesting facts and apply domain knowledge to interpret the results to obviate or reduce the existing danger. Public health and medical sector personnel routinely gather, analyse and relay health-related inform-ation, including health security risks, associated with the detection of suspicious biological or chemical agents within a community to law enforcement agencies. This paper provides a rationale for the integration of public health and medical personnel in fusion centres and describes their role in assisting law enforcement agencies, public health organisations and the medical sector to respond to natural or intentional threats against local communities, states or the nation as a whole.

Smashing the Stovepipe: Leveraging the GMSEC Open Architecture and Advanced IT Automation to Rapidly Prototype, Develop and Deploy Next-Generation Multi-Mission Ground Systems

NASA Technical Reports Server (NTRS)

Swenson, Paul

2017-01-01

Satellite/Payload Ground Systems - Typically highly-customized to a specific mission's use cases - Utilize hundreds (or thousands!) of specialized point-to-point interfaces for data flows / file transfers Documentation and tracking of these complex interfaces requires extensive time to develop and extremely high staffing costs Implementation and testing of these interfaces are even more cost-prohibitive, and documentation often lags behind implementation resulting in inconsistencies down the road With expanding threat vectors, IT Security, Information Assurance and Operational Security have become key Ground System architecture drivers New Federal security-related directives are generated on a daily basis, imposing new requirements on current / existing ground systems - These mandated activities and data calls typically carry little or no additional funding for implementation As a result, Ground System Sustaining Engineering groups and Information Technology staff continually struggle to keep up with the rolling tide of security Advancing security concerns and shrinking budgets are pushing these large stove-piped ground systems to begin sharing resources - I.e. Operational / SysAdmin staff, IT security baselines, architecture decisions or even networks / hosting infrastructure Refactoring these existing ground systems into multi-mission assets proves extremely challenging due to what is typically very tight coupling between legacy components As a result, many "Multi-Mission" ops. environments end up simply sharing compute resources and networks due to the difficulty of refactoring into true multi-mission systems Utilizing continuous integration / rapid system deployment technologies in conjunction with an open architecture messaging approach allows System Engineers and Architects to worry less about the low-level details of interfaces between components and configuration of systems GMSEC messaging is inherently designed to support multi-mission requirements, and allows components to aggregate data across multiple homogeneous or heterogeneous satellites or payloads - The highly-successful Goddard Science and Planetary Operations Control Center (SPOCC) utilizes GMSEC as the hub for it's automation and situational awareness capability Shifts focus towards getting GS to a final configuration-managed baseline, as well as multi-mission / big-picture capabilities that help increase situational awareness, promote cross-mission sharing and establish enhanced fleet management capabilities across all levels of the enterprise.

Managing information and knowledge within maternity services: Privacy and consent issues.

PubMed

Baskaran, Vikraman; Davis, Kim; Bali, Rajeev K; Naguib, Raouf N G; Wickramasinghe, Nilmini

2013-09-01

Electronic Patient Records have improved vastly the quality and efficiency of care delivered. However, the formation of single demographic database and the ease of electronic information sharing give rise to many concerns including issues of consent, by whom and how data are accessed and used. This paper examines the organizational and socio-technical issues related to privacy, confidentiality and security when employing electronic records within a maternity service hospital in England. A preliminary questionnaire was administered (n  =  52), in total, 24 responses were received. Sixteen responses were from personnel in the information technology department, 5 from health information department and 3 from midwifery managers. This was followed by a semi-structured interview with representatives from the clinical and technological side. A number of issues related to information governance (IG) have been identified, especially breaches on sharing personal information without consent from the patients have been identified as one immediate challenge that needs to be fixed. There is an immediate need for more robust, realistic, built-in accountability both locally and nationally on data sharing. A culture of ownership and strict adherence to IG principles is paramount. Focused training in the area of data, information and knowledge sharing will bring in a balance of legitimate usage against the individual's rights to confidentiality and privacy.

78 FR 79298 - Securities Exempted; Distribution of Shares by Registered Open-End Management Investment Company...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-30

... SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 230 and 270 [Release No. 33-9503; IC-30845...; Applications Regarding Joint Enterprises or Arrangements and Certain Profit-Sharing Plans AGENCY: Securities and Exchange Commission. ACTION: Final rule; technical amendments. SUMMARY: The Securities and...

ARJIS satellite demonstration project

NASA Astrophysics Data System (ADS)

Severance, Steve; Williams, Carl

2005-06-01

In 2003, the California Space Authority (CSA) was provided funding by the U. S. Congress through the Defense Appropriations Act to develop a project that would demonstrate the U.S. space enterprise capability that would contribute to the effectiveness of those engaged in Homeland Security. The project was given broad latitude in selecting the area of Homeland Security to be addressed and the nature of the space technology to be applied. CSA became aware of a nascent law enforcement data-sharing project in the San Diego region known as the Automated Regional Justice Information System (ARJIS). First developed by the police departments in San Diego, ARJIS is an innovative system that shares criminal justice information among 50 federal, state, and local agencies. ARJIS was completing a pilot project that enabled officers to receive information on handheld computers, which was transmitted wirelessly through cellular networks. The accessed information came from several databases that collectively contained the entire region's crime and arrest reports, traffic citations, and incidents, as well as state and county wants and warrants. The fundamental limitations that plague all cellular-based devices caught CSA's attention and resulted in a cooperative effort to harden the communications link between the patrol officer and critical data. The principal goal of the SATCOM development task was to create a proof-of-concept application that would use SATCOM links to augment the current ARJIS handheld wireless (cellular) capability. The successful technical demonstration and the positive support for satellite communications from the law enforcement community showed that this project filled a need-both for improved information sharing and for highly reliable communications systems.

Towards Device-Independent Information Processing on General Quantum Networks

NASA Astrophysics Data System (ADS)

Lee, Ciarán M.; Hoban, Matty J.

2018-01-01

The violation of certain Bell inequalities allows for device-independent information processing secure against nonsignaling eavesdroppers. However, this only holds for the Bell network, in which two or more agents perform local measurements on a single shared source of entanglement. To overcome the practical constraints that entangled systems can only be transmitted over relatively short distances, large-scale multisource networks have been employed. Do there exist analogs of Bell inequalities for such networks, whose violation is a resource for device independence? In this Letter, the violation of recently derived polynomial Bell inequalities will be shown to allow for device independence on multisource networks, secure against nonsignaling eavesdroppers.

Towards Device-Independent Information Processing on General Quantum Networks.

PubMed

Lee, Ciarán M; Hoban, Matty J

2018-01-12

The violation of certain Bell inequalities allows for device-independent information processing secure against nonsignaling eavesdroppers. However, this only holds for the Bell network, in which two or more agents perform local measurements on a single shared source of entanglement. To overcome the practical constraints that entangled systems can only be transmitted over relatively short distances, large-scale multisource networks have been employed. Do there exist analogs of Bell inequalities for such networks, whose violation is a resource for device independence? In this Letter, the violation of recently derived polynomial Bell inequalities will be shown to allow for device independence on multisource networks, secure against nonsignaling eavesdroppers.

Shared Solar. Current Landscape, Market Potential, and the Impact of Federal Securities Regulation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Feldman, David; Brockway, Anna M.; Ulrich, Elaine

2015-04-07

This report provides a high-level overview of the current U.S. shared solar landscape, the impact that a given shared solar program’s structure has on requiring federal securities oversight, as well as an estimate of market potential for U.S. shared solar deployment.

Shared Solar. Current Landscape, Market Potential, and the Impact of Federal Securities Regulation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Feldman, David; Brockway, Anna M.; Ulrich, Elaine

2015-04-01

This report provides a high-level overview of the current U.S. shared solar landscape and the impact that a given shared solar program’s structure has on requiring federal securities oversight, as well as an estimate of market potential for U.S. shared solar deployment.

Does standard deviation matter? Using "standard deviation" to quantify security of multistage testing.

PubMed

Wang, Chun; Zheng, Yi; Chang, Hua-Hua

2014-01-01

With the advent of web-based technology, online testing is becoming a mainstream mode in large-scale educational assessments. Most online tests are administered continuously in a testing window, which may post test security problems because examinees who take the test earlier may share information with those who take the test later. Researchers have proposed various statistical indices to assess the test security, and one most often used index is the average test-overlap rate, which was further generalized to the item pooling index (Chang & Zhang, 2002, 2003). These indices, however, are all defined as the means (that is, the expected proportion of common items among examinees) and they were originally proposed for computerized adaptive testing (CAT). Recently, multistage testing (MST) has become a popular alternative to CAT. The unique features of MST make it important to report not only the mean, but also the standard deviation (SD) of test overlap rate, as we advocate in this paper. The standard deviation of test overlap rate adds important information to the test security profile, because for the same mean, a large SD reflects that certain groups of examinees share more common items than other groups. In this study, we analytically derived the lower bounds of the SD under MST, with the results under CAT as a benchmark. It is shown that when the mean overlap rate is the same between MST and CAT, the SD of test overlap tends to be larger in MST. A simulation study was conducted to provide empirical evidence. We also compared the security of MST under the single-pool versus the multiple-pool designs; both analytical and simulation studies show that the non-overlapping multiple-pool design will slightly increase the security risk.

Eavesdropping on the improved three-party quantum secret sharing protocol

NASA Astrophysics Data System (ADS)

Gao, Gan

2011-02-01

Lin et al. [Song Lin, Fei Gao, Qiao-yan Wen, Fu-chen Zhu, Opt. Commun. 281 (2008) 4553] pointed out that the multiparty quantum secret sharing protocol [Zhan-jun Zhang, Gan Gao, Xin Wang, Lian-fang Han, Shou-hua Shi, Opt. Commun. 269 (2007) 418] is not secure and proposed an improved three-party quantum secret sharing protocol. In this paper, we study the security of the improved three-party quantum secret sharing protocol and find that it is still not secure. Finally, a further improved three-party quantum secret sharing protocol is proposed.

Privacy Practices of Health Social Networking Sites: Implications for Privacy and Data Security in Online Cancer Communities.

PubMed

Charbonneau, Deborah H

2016-08-01

While online communities for social support continue to grow, little is known about the state of privacy practices of health social networking sites. This article reports on a structured content analysis of privacy policies and disclosure practices for 25 online ovarian cancer communities. All of the health social networking sites in the study sample provided privacy statements to users, yet privacy practices varied considerably across the sites. The majority of sites informed users that personal information was collected about participants and shared with third parties (96%, n = 24). Furthermore, more than half of the sites (56%, n = 14) stated that cookies technology was used to track user behaviors. Despite these disclosures, only 36% (n = 9) offered opt-out choices for sharing data with third parties. In addition, very few of the sites (28%, n = 7) allowed individuals to delete their personal information. Discussions about specific security measures used to protect personal information were largely missing. Implications for privacy, confidentiality, consumer choice, and data safety in online environments are discussed. Overall, nurses and other health professionals can utilize these findings to encourage individuals seeking online support and participating in social networking sites to build awareness of privacy risks to better protect their personal health information in the digital age.

Survey of Cyber Crime in Big Data

NASA Astrophysics Data System (ADS)

Rajeswari, C.; Soni, Krishna; Tandon, Rajat

2017-11-01

Big data is like performing computation operations and database operations for large amounts of data, automatically from the data possessor’s business. Since a critical strategic offer of big data access to information from numerous and various areas, security and protection will assume an imperative part in big data research and innovation. The limits of standard IT security practices are notable, with the goal that they can utilize programming sending to utilize programming designers to incorporate pernicious programming in a genuine and developing risk in applications and working frameworks, which are troublesome. The impact gets speedier than big data. In this way, one central issue is that security and protection innovation are sufficient to share controlled affirmation for countless direct get to. For powerful utilization of extensive information, it should be approved to get to the information of that space or whatever other area from a space. For a long time, dependable framework improvement has arranged a rich arrangement of demonstrated ideas of demonstrated security to bargain to a great extent with the decided adversaries, however this procedure has been to a great extent underestimated as “needless excess” and sellers In this discourse, essential talks will be examined for substantial information to exploit this develop security and protection innovation, while the rest of the exploration difficulties will be investigated.

Applying the take-grant protection model

NASA Technical Reports Server (NTRS)

Bishop, Matt

1990-01-01

The Take-Grant Protection Model has in the past been used to model multilevel security hierarchies and simple protection systems. The models are extended to include theft of rights and sharing information, and additional security policies are examined. The analysis suggests that in some cases the basic rules of the Take-Grant Protection Model should be augmented to represent the policy properly; when appropriate, such modifications are made and their efforts with respect to the policy and its Take-Grant representation are discussed.

Security of counterfactual quantum cryptography

NASA Astrophysics Data System (ADS)

Yin, Zhen-Qiang; Li, Hong-Wei; Chen, Wei; Han, Zheng-Fu; Guo, Guang-Can

2010-10-01

Recently, a “counterfactual” quantum-key-distribution scheme was proposed by T.-G. Noh [Phys. Rev. Lett.PRLTAO0031-900710.1103/PhysRevLett.103.230501 103, 230501 (2009)]. In this scheme, two legitimate distant peers may share secret keys even when the information carriers are not traveled in the quantum channel. We find that this protocol is equivalent to an entanglement distillation protocol. According to this equivalence, a strict security proof and the asymptotic key bit rate are both obtained when a perfect single-photon source is applied and a Trojan horse attack can be detected. We also find that the security of this scheme is strongly related to not only the bit error rate but also the yields of photons. And our security proof may shed light on the security of other two-way protocols.

Security of counterfactual quantum cryptography

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yin Zhenqiang; Li Hongwei; Chen Wei

2010-10-15

Recently, a 'counterfactual' quantum-key-distribution scheme was proposed by T.-G. Noh [Phys. Rev. Lett. 103, 230501 (2009)]. In this scheme, two legitimate distant peers may share secret keys even when the information carriers are not traveled in the quantum channel. We find that this protocol is equivalent to an entanglement distillation protocol. According to this equivalence, a strict security proof and the asymptotic key bit rate are both obtained when a perfect single-photon source is applied and a Trojan horse attack can be detected. We also find that the security of this scheme is strongly related to not only the bitmore » error rate but also the yields of photons. And our security proof may shed light on the security of other two-way protocols.« less

NATIONAL PREPAREDNESS: Integrating New and Existing Technology and Information Sharing into an Effective Homeland Security Strategy

DTIC Science & Technology

2002-06-07

Continue to Develop and Refine Emerging Technology • Some of the emerging biometric devices, such as iris scans and facial recognition systems...such as iris scans and facial recognition systems, facial recognition systems, and speaker verification systems. (976301)

77 FR 47083 - Agency Information Collection Activities: Proposed Collection; Comment Request, The Declaration...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-07

... Disaster Assistance, Appeals, and Requests for Cost Share Adjustments AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency, as part of its continuing... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID FEMA-2012-0020; OMB...

3 CFR 8910 - Proclamation 8910 of November 30, 2012. Critical Infrastructure Protection and Resilience Month...

Code of Federal Regulations, 2013 CFR

2013-01-01

... also its vulnerabilities to emerging threats. Cyber incidents can have devastating consequences on both... against cyber risks, comprehensive legislation remains essential to improving infrastructure security, enhancing cyber information sharing between government and the private sector, and protecting the privacy...

The fear factor in healthcare: employee information sharing.

PubMed

Malvey, Donna; Fottler, Myron D; Sumner, Jennifer

2013-01-01

This study looks at employee information sharing among hospitals, a topic that is underresearched, underreported, and under the radar for most healthcare leaders. We initiated the research under the assumption that executives in healthcare are reluctant to share employment reference information about staff beyond the employee's name, dates of employment, and position held. We believed executives take this precaution because they fear being sued by the employee for defamation. However, not obtaining the necessary and critical information to hire a competent employee can open the potential employer up to a negligence lawsuit if it hires someone who jeopardizes the safety of patients or staff. Hence, the hiring organization faces a double-edged sword: On one side, it cannot get the critical information on a potential applicant from the previous employer due to a culture of "fear in sharing" information; on the other side, if it unwittingly hires a poor or dangerous applicant who threatens safety, it runs the risk of a negligence lawsuit for failure to ascertain information before the hire. Prior studies demonstrate that the likelihood of a successful defamation lawsuit is low and information sharing of factual incidents is unlikely to result in successful lawsuits. Why, then, are healthcare executives unwilling to provide comprehensive references when they should be aware that sustaining a culture of silence increases the potential for hiring a bad employee and seriously jeopardizes the security and safety of patients, other staff, and the public? This article's primary contribution to the literature is to offer the first nationwide study to empirically test the current levels of employee information sharing among hospitals. It is also the first study to focus exclusively on healthcare. Furthermore, this research considers factors that might influence executives in their willingness to share employee reference information. The study reveals that a culture of silence is pervasive among hospitals. Although many hospital executives are reluctant to share information, they tend to overestimate the likelihood of being sued (successfully or otherwise) by previous employees for defamation. In addition, this study shows that some hospital executives share negative information about former employees but may do so off the record.

A framework for secure and decentralized sharing of medical imaging data via blockchain consensus.

PubMed

Patel, Vishal

2018-04-01

The electronic sharing of medical imaging data is an important element of modern healthcare systems, but current infrastructure for cross-site image transfer depends on trust in third-party intermediaries. In this work, we examine the blockchain concept, which enables parties to establish consensus without relying on a central authority. We develop a framework for cross-domain image sharing that uses a blockchain as a distributed data store to establish a ledger of radiological studies and patient-defined access permissions. The blockchain framework is shown to eliminate third-party access to protected health information, satisfy many criteria of an interoperable health system, and readily generalize to domains beyond medical imaging. Relative drawbacks of the framework include the complexity of the privacy and security models and an unclear regulatory environment. Ultimately, the large-scale feasibility of such an approach remains to be demonstrated and will depend on a number of factors which we discuss in detail.

Firewall systems: the next generation

NASA Astrophysics Data System (ADS)

McGhie, Lynda L.

1996-01-01

To be competitive in today's globally connected marketplace, a company must ensure that their internal network security methodologies and supporting policies are current and reflect an overall understanding of today's technology and its resultant threats. Further, an integrated approach to information security should ensure that new ways of sharing information and doing business are accommodated; such as electronic commerce, high speed public broadband network services, and the federally sponsored National Information Infrastructure. There are many challenges, and success is determined by the establishment of a solid and firm baseline security architecture that accommodate today's external connectivity requirements, provides transitional solutions that integrate with evolving and dynamic technologies, and ultimately acknowledges both the strategic and tactical goals of an evolving network security architecture and firewall system. This paper explores the evolution of external network connectivity requirements, the associated challenges and the subsequent development and evolution of firewall security systems. It makes the assumption that a firewall is a set of integrated and interoperable components, coming together to form a `SYSTEM' and must be designed, implement and managed as such. A progressive firewall model will be utilized to illustrates the evolution of firewall systems from earlier models utilizing separate physical networks, to today's multi-component firewall systems enabling secure heterogeneous and multi-protocol interfaces.

75 FR 26815 - AdvisorShares Investments, LLC and AdvisorShares Trust; Notice of Application

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-12

... SECURITIES AND EXCHANGE COMMISSION [Investment Company Act Release No. 29264; 812-13677] AdvisorShares Investments, LLC and AdvisorShares Trust; Notice of Application May 6, 2010. AGENCY: Securities... 6(c) of the Investment Company Act of 1940 (``Act'') for an exemption from sections 2(a)(32), 5(a)(1...

Quality control, analysis and secure sharing of Luminex® immunoassay data using the open source LabKey Server platform

PubMed Central

2013-01-01

Background Immunoassays that employ multiplexed bead arrays produce high information content per sample. Such assays are now frequently used to evaluate humoral responses in clinical trials. Integrated software is needed for the analysis, quality control, and secure sharing of the high volume of data produced by such multiplexed assays. Software that facilitates data exchange and provides flexibility to perform customized analyses (including multiple curve fits and visualizations of assay performance over time) could increase scientists’ capacity to use these immunoassays to evaluate human clinical trials. Results The HIV Vaccine Trials Network and the Statistical Center for HIV/AIDS Research and Prevention collaborated with LabKey Software to enhance the open source LabKey Server platform to facilitate workflows for multiplexed bead assays. This system now supports the management, analysis, quality control, and secure sharing of data from multiplexed immunoassays that leverage Luminex xMAP® technology. These assays may be custom or kit-based. Newly added features enable labs to: (i) import run data from spreadsheets output by Bio-Plex Manager™ software; (ii) customize data processing, curve fits, and algorithms through scripts written in common languages, such as R; (iii) select script-defined calculation options through a graphical user interface; (iv) collect custom metadata for each titration, analyte, run and batch of runs; (v) calculate dose–response curves for titrations; (vi) interpolate unknown concentrations from curves for titrated standards; (vii) flag run data for exclusion from analysis; (viii) track quality control metrics across runs using Levey-Jennings plots; and (ix) automatically flag outliers based on expected values. Existing system features allow researchers to analyze, integrate, visualize, export and securely share their data, as well as to construct custom user interfaces and workflows. Conclusions Unlike other tools tailored for Luminex immunoassays, LabKey Server allows labs to customize their Luminex analyses using scripting while still presenting users with a single, graphical interface for processing and analyzing data. The LabKey Server system also stands out among Luminex tools for enabling smooth, secure transfer of data, quality control information, and analyses between collaborators. LabKey Server and its Luminex features are freely available as open source software at http://www.labkey.com under the Apache 2.0 license. PMID:23631706

Quality control, analysis and secure sharing of Luminex® immunoassay data using the open source LabKey Server platform.

PubMed

Eckels, Josh; Nathe, Cory; Nelson, Elizabeth K; Shoemaker, Sara G; Nostrand, Elizabeth Van; Yates, Nicole L; Ashley, Vicki C; Harris, Linda J; Bollenbeck, Mark; Fong, Youyi; Tomaras, Georgia D; Piehler, Britt

2013-04-30

Immunoassays that employ multiplexed bead arrays produce high information content per sample. Such assays are now frequently used to evaluate humoral responses in clinical trials. Integrated software is needed for the analysis, quality control, and secure sharing of the high volume of data produced by such multiplexed assays. Software that facilitates data exchange and provides flexibility to perform customized analyses (including multiple curve fits and visualizations of assay performance over time) could increase scientists' capacity to use these immunoassays to evaluate human clinical trials. The HIV Vaccine Trials Network and the Statistical Center for HIV/AIDS Research and Prevention collaborated with LabKey Software to enhance the open source LabKey Server platform to facilitate workflows for multiplexed bead assays. This system now supports the management, analysis, quality control, and secure sharing of data from multiplexed immunoassays that leverage Luminex xMAP® technology. These assays may be custom or kit-based. Newly added features enable labs to: (i) import run data from spreadsheets output by Bio-Plex Manager™ software; (ii) customize data processing, curve fits, and algorithms through scripts written in common languages, such as R; (iii) select script-defined calculation options through a graphical user interface; (iv) collect custom metadata for each titration, analyte, run and batch of runs; (v) calculate dose-response curves for titrations; (vi) interpolate unknown concentrations from curves for titrated standards; (vii) flag run data for exclusion from analysis; (viii) track quality control metrics across runs using Levey-Jennings plots; and (ix) automatically flag outliers based on expected values. Existing system features allow researchers to analyze, integrate, visualize, export and securely share their data, as well as to construct custom user interfaces and workflows. Unlike other tools tailored for Luminex immunoassays, LabKey Server allows labs to customize their Luminex analyses using scripting while still presenting users with a single, graphical interface for processing and analyzing data. The LabKey Server system also stands out among Luminex tools for enabling smooth, secure transfer of data, quality control information, and analyses between collaborators. LabKey Server and its Luminex features are freely available as open source software at http://www.labkey.com under the Apache 2.0 license.

An examination of electronic health information privacy in older adults.

PubMed

Le, Thai; Thompson, Hilaire; Demiris, George

2013-01-01

Older adults are the quickest growing demographic group and are key consumers of health services. As the United States health system transitions to electronic health records, it is important to understand older adult perceptions of privacy and security. We performed a secondary analysis of the Health Information National Trends Survey (2012, Cycle 1), to examine differences in perceptions of electronic health information privacy between older adults and the general population. We found differences in the level of importance placed on access to electronic health information (older adults placed greater emphasis on provider as opposed to personal access) and tendency to withhold information out of concerns for privacy and security (older adults were less likely to withhold information). We provide recommendations to alleviate some of these privacy concerns. This may facilitate greater use of electronic health communication between patient and provider, while promoting shared decision making.

Video Encryption and Decryption on Quantum Computers

NASA Astrophysics Data System (ADS)

Yan, Fei; Iliyasu, Abdullah M.; Venegas-Andraca, Salvador E.; Yang, Huamin

2015-08-01

A method for video encryption and decryption on quantum computers is proposed based on color information transformations on each frame encoding the content of the encoding the content of the video. The proposed method provides a flexible operation to encrypt quantum video by means of the quantum measurement in order to enhance the security of the video. To validate the proposed approach, a tetris tile-matching puzzle game video is utilized in the experimental simulations. The results obtained suggest that the proposed method enhances the security and speed of quantum video encryption and decryption, both properties required for secure transmission and sharing of video content in quantum communication.

Counterfactual attack on counterfactual quantum key distribution

NASA Astrophysics Data System (ADS)

Zhang, Sheng; Wnang, Jian; Tang, Chao Jing

2012-05-01

It is interesting that counterfactual quantum cryptography protocols allow two remotely separated parties to share a secret key without transmitting any signal particles. Generally, these protocols, expected to provide security advantages, base their security on a translated no-cloning theorem. Therefore, they potentially exhibit unconditional security in theory. In this letter, we propose a new Trojan horse attack, by which an eavesdropper Eve can gain full information about the key without being noticed, to real implementations of a counterfactual quantum cryptography system. Most importantly, the presented attack is available even if the system has negligible imperfections. Therefore, it shows that the present realization of counterfactual quantum key distribution is vulnerable.

Single-shot secure quantum network coding on butterfly network with free public communication

NASA Astrophysics Data System (ADS)

Owari, Masaki; Kato, Go; Hayashi, Masahito

2018-01-01

Quantum network coding on the butterfly network has been studied as a typical example of quantum multiple cast network. We propose a secure quantum network code for the butterfly network with free public classical communication in the multiple unicast setting under restricted eavesdropper’s power. This protocol certainly transmits quantum states when there is no attack. We also show the secrecy with shared randomness as additional resource when the eavesdropper wiretaps one of the channels in the butterfly network and also derives the information sending through public classical communication. Our protocol does not require verification process, which ensures single-shot security.

Intelligence-Driven Border Security: A Promethean View of U.S. Border Patrol Intelligence Operations

DTIC Science & Technology

2015-12-01

USBP agent, intelligence ( BPA -I), information sharing, capability gap analysis process (CGAP), Tucson Sector Red Team 15. NUMBER OF PAGES 109 16...27 2. BPA -I .............................................................................................28 3. BPA -I Requirements...71 APPENDIX A. PROFESSIONAL INTELLIGENCE ASSOCIATIONS— ADDITIONAL OPPORTUNITIES FOR BPA -IS

77 FR 28615 - Agency Information Collection Activities: Submission for OMB review; Comment Request; The...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-15

..., Cost Share Adjustment AGENCY: Federal Emergency Management Agency, DHS. ACTION: Notice. SUMMARY: The Federal Emergency Management Agency (FEMA) is submitting a request for review and approval of a collection... DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency [Docket ID: FEMA-2012-0020...

The Search for Shelter.

ERIC Educational Resources Information Center

Greer, Nora Richter

This report describes the response of the American Institute of Architects' Housing Committee to the homeless crisis in the United States. Based on information shared at two conferences held by the Committee in 1985, this publication examines the question of how to provide secure, dignified shelter for those with little financial resources. It…

Pregnant Women Sharing Pregnancy-Related Information on Facebook: Web-Based Survey Study.

PubMed

Harpel, Tammy

2018-03-22

Research indicates expectant and new mothers use the Internet, specifically social media, to gain information and support during the transition to parenthood. Although parents regularly share information about and photos of their child or children on Facebook, researchers have neither explored the use of Facebook to share pregnancy-related information nor investigated factors that influence such sharing. The aim of this study was to address a gap in the literature by exploring the use of Facebook by pregnant women. Specifically, the study examined the use of Facebook to share pregnancy-related information, as well as any association between prenatal attachment and the aforementioned aspects of sharing pregnancy-related information on Facebook. Pregnant women who were at least 18 years of age were recruited for participation in the study through posts and paid advertisements on Facebook and posts to professional organization listservs. Individuals interested in participating were directed to a secure Web-based survey system where they completed the consent form and the survey that focused on their current pregnancy. Participants completed the Maternal Antenatal Attachment Scale and answered questions that assessed how often they shared pregnancy-related information on Facebook, who they shared it with, why they shared it, and what they shared. A total of 117 pregnant women completed the survey. Descriptive statistics indicated that the pregnancy announcement was most commonly shared (75/108, 69.4%), with most women sharing pregnancy-related information on Facebook less than monthly (52/117, 44.4%) with only family and friends (90/116, 77.6% and 91/116, 78.4%, respectively) and for the purpose of involving others or sharing the experience (62/107, 57.9%). Correlation and regression analyses showed that prenatal attachment, in general, was positively and significantly related to all aspects of sharing pregnancy-related information at the P<.05 level, with the exception of sharing because of expectations. Quality of attachment, which involves the positive feelings the woman has about her unborn child, was significantly associated with sharing to involve others or share the pregnancy (t 8,93 =2.654 , P=.009). In contrast, after controlling for other variables, the strength or preoccupation component of prenatal attachment was significantly associated with frequency of sharing (t 8,100 =2.554 , P=.01), number to types of information shared (t 8,97 =2.605 , P=.01), number of groups with whom shared (t 8,99 =3.467, P=.001), and sharing to get advice (χ 2 8 =5.339 , P=.02). Pregnant women in this study used Facebook for a variety of reasons, demonstrating the use of the social media platform during pregnancy for supportive and informational purposes. Overall, the results of this study are likely to be useful to professionals who are seeking alternative methods for providing intervention, information, and support to pregnant women via social media in our technology-driven society. ©Tammy Harpel. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 22.03.2018.

Pregnant Women Sharing Pregnancy-Related Information on Facebook: Web-Based Survey Study

PubMed Central

2018-01-01

Background Research indicates expectant and new mothers use the Internet, specifically social media, to gain information and support during the transition to parenthood. Although parents regularly share information about and photos of their child or children on Facebook, researchers have neither explored the use of Facebook to share pregnancy-related information nor investigated factors that influence such sharing. Objective The aim of this study was to address a gap in the literature by exploring the use of Facebook by pregnant women. Specifically, the study examined the use of Facebook to share pregnancy-related information, as well as any association between prenatal attachment and the aforementioned aspects of sharing pregnancy-related information on Facebook. Methods Pregnant women who were at least 18 years of age were recruited for participation in the study through posts and paid advertisements on Facebook and posts to professional organization listservs. Individuals interested in participating were directed to a secure Web-based survey system where they completed the consent form and the survey that focused on their current pregnancy. Participants completed the Maternal Antenatal Attachment Scale and answered questions that assessed how often they shared pregnancy-related information on Facebook, who they shared it with, why they shared it, and what they shared. Results A total of 117 pregnant women completed the survey. Descriptive statistics indicated that the pregnancy announcement was most commonly shared (75/108, 69.4%), with most women sharing pregnancy-related information on Facebook less than monthly (52/117, 44.4%) with only family and friends (90/116, 77.6% and 91/116, 78.4%, respectively) and for the purpose of involving others or sharing the experience (62/107, 57.9%). Correlation and regression analyses showed that prenatal attachment, in general, was positively and significantly related to all aspects of sharing pregnancy-related information at the P<.05 level, with the exception of sharing because of expectations. Quality of attachment, which involves the positive feelings the woman has about her unborn child, was significantly associated with sharing to involve others or share the pregnancy (t8,93=2.654 , P=.009). In contrast, after controlling for other variables, the strength or preoccupation component of prenatal attachment was significantly associated with frequency of sharing (t8,100=2.554 , P=.01), number to types of information shared (t8,97=2.605 , P=.01), number of groups with whom shared (t8,99=3.467, P=.001), and sharing to get advice (χ28=5.339 , P=.02). Conclusions Pregnant women in this study used Facebook for a variety of reasons, demonstrating the use of the social media platform during pregnancy for supportive and informational purposes. Overall, the results of this study are likely to be useful to professionals who are seeking alternative methods for providing intervention, information, and support to pregnant women via social media in our technology-driven society. PMID:29567636

75 FR 1093 - Self-Regulatory Organizations; The Options Clearing Corporation; Notice of Filing of Proposed...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-08

... any option or any futures contracts on ETFS Physical Swiss Gold Shares and ETFS Physical Silver Shares... jurisdictional status of options or security futures on ETFS Physical Swiss Gold Shares or ETFS Physical Silver... approving a proposed rule change clarifying that options and securities futures on SPDR Gold Shares are...

Towards Social Radiology as an Information Infrastructure: Reconciling the Local With the Global

PubMed Central

2014-01-01

The current widespread use of medical images and imaging procedures in clinical practice and patient diagnosis has brought about an increase in the demand for sharing medical imaging studies among health professionals in an easy and effective manner. This article reveals the existence of a polarization between the local and global demands for radiology practice. While there are no major barriers for sharing such studies, when access is made from a (local) picture archive and communication system (PACS) within the domain of a healthcare organization, there are a number of impediments for sharing studies among health professionals on a global scale. Social radiology as an information infrastructure involves the notion of a shared infrastructure as a public good, affording a social space where people, organizations and technical components may spontaneously form associations in order to share clinical information linked to patient care and radiology practice. This article shows however, that such polarization establishes a tension between local and global demands, which hinders the emergence of social radiology as an information infrastructure. Based on an analysis of the social space for radiology practice, the present article has observed that this tension persists due to the inertia of a locally installed base in radiology departments, for which common teleradiology models are not truly capable of reorganizing as a global social space for radiology practice. Reconciling the local with the global signifies integrating PACS and teleradiology into an evolving, secure, heterogeneous, shared, open information infrastructure where the conceptual boundaries between (local) PACS and (global) teleradiology are transparent, signaling the emergence of social radiology as an information infrastructure. PMID:25600710

Security of a kind of quantum secret sharing with entangled states.

PubMed

Wang, Tian-Yin; Liu, Ying-Zhao; Wei, Chun-Yan; Cai, Xiao-Qiu; Ma, Jian-Feng

2017-05-30

We present a new collusion attack to a kind of quantum secret sharing schemes with entangled states. Using this attack, an unauthorized set of agents can gain access to the shared secret without the others' cooperation. Furthermore, we establish a general model for this kind of quantum secret sharing schemes and then give some necessary conditions to design a secure quantum secret sharing scheme under this model.

Autonomous Information Unit for Fine-Grain Data Access Control and Information Protection in a Net-Centric System

NASA Technical Reports Server (NTRS)

Chow, Edward T.; Woo, Simon S.; James, Mark; Paloulian, George K.

2012-01-01

As communication and networking technologies advance, networks will become highly complex and heterogeneous, interconnecting different network domains. There is a need to provide user authentication and data protection in order to further facilitate critical mission operations, especially in the tactical and mission-critical net-centric networking environment. The Autonomous Information Unit (AIU) technology was designed to provide the fine-grain data access and user control in a net-centric system-testing environment to meet these objectives. The AIU is a fundamental capability designed to enable fine-grain data access and user control in the cross-domain networking environments, where an AIU is composed of the mission data, metadata, and policy. An AIU provides a mechanism to establish trust among deployed AIUs based on recombining shared secrets, authentication and verify users with a username, X.509 certificate, enclave information, and classification level. AIU achieves data protection through (1) splitting data into multiple information pieces using the Shamir's secret sharing algorithm, (2) encrypting each individual information piece using military-grade AES-256 encryption, and (3) randomizing the position of the encrypted data based on the unbiased and memory efficient in-place Fisher-Yates shuffle method. Therefore, it becomes virtually impossible for attackers to compromise data since attackers need to obtain all distributed information as well as the encryption key and the random seeds to properly arrange the data. In addition, since policy can be associated with data in the AIU, different user access and data control strategies can be included. The AIU technology can greatly enhance information assurance and security management in the bandwidth-limited and ad hoc net-centric environments. In addition, AIU technology can be applicable to general complex network domains and applications where distributed user authentication and data protection are necessary. AIU achieves fine-grain data access and user control, reducing the security risk significantly, simplifying the complexity of various security operations, and providing the high information assurance across different network domains.

The benefits, risks and costs of privacy: patient preferences and willingness to pay.

PubMed

Trachtenbarg, David E; Asche, Carl; Ramsahai, Shweta; Duling, Joy; Ren, Jinma

2017-05-01

Multiple surveys show that patients want medical privacy; however, there are costs to maintaining privacy. There are also risks if information is not shared. A review of previous surveys found that most surveys asked questions about patient's privacy concerns and willingness to share their medical information. We found only one study that asked about sharing medical information for better care and no survey that asked patients about the risk, cost or comparison between medical privacy and privacy in other areas. To fill this gap, we designed a survey to: (1) compare medical privacy preferences to privacy preferences in other areas; (2) measure willingness to pay the cost of additional privacy measures; and (3) measure willingness to accept the risks of not sharing information. A total of 834 patients attending physician offices at 14 sites completed all or part of an anonymous questionnaire. Over 95% of patients were willing to share all their medical information with their treating physicians. There was no difference in willingness to share between primary care and specialty sites including psychiatry and an HIV clinic. In our survey, there was no difference in sharing preference between standard medical information and information with additional legal protections including genetic testing, drug/alcohol treatment and HIV results. Medical privacy was ranked lower than sharing social security and credit card numbers, but was deemed more private than other information including tax returns and handgun purchases. There was no statistical difference for any questions by site except for HIV/AIDS clinic patients ranking privacy of the medical record more important than reducing high medical costs and risk of medical errors (p < .05). Most patients were willing to spend a modest amount of additional time for privacy, but few were willing to pay more for additional medical privacy. Most patients were unwilling to take on additional risks to keep medical information hidden. Patients were very willing to share medical information with their providers. They were able to see the importance of sharing medical information to provide the best possible care. They were unwilling to hide information from providers if there was increased medical risk. Patients were willing to spend additional time for privacy, but most were unwilling to spend extra money. Sixty-eight percent of patients favored reducing medical costs over privacy.

Surveillance data management system

NASA Astrophysics Data System (ADS)

Teague, Ralph

2002-10-01

On October 8, 2001, an Executive Order was signed creating the White House Office of Homeland Security. With its formaiton comes focused attention in setting goals and priorities for homeland security. Analysis, preparation, and implementation of strategies will hinge not only on how information is collected and analyzed, but more important, on how it is coordinated and shared. Military installations/facilities, Public safety agencies, airports, federal and local offices, public utilities, harbors, transportation and others critical areas must work either independently or as a team to ensure the safety of our citizens and visitor. In this new era of increased security, the key to interoperation is continuous information exchanged-events must be rapidly identified, reported and responded to by the appropriate agencies. For instance when a threat has been detected the security officers must be immediately alerted and must have access to the type of threat, location, movement, heading, threat size, etc to respond accordingly and the type of support required. This requires instant communications and teamwork with reliable and flexible technology.

IT Data Mining Tool Uses in Aerospace

NASA Technical Reports Server (NTRS)

Monroe, Gilena A.; Freeman, Kenneth; Jones, Kevin L.

2012-01-01

Data mining has a broad spectrum of uses throughout the realms of aerospace and information technology. Each of these areas has useful methods for processing, distributing, and storing its corresponding data. This paper focuses on ways to leverage the data mining tools and resources used in NASA's information technology area to meet the similar data mining needs of aviation and aerospace domains. This paper details the searching, alerting, reporting, and application functionalities of the Splunk system, used by NASA's Security Operations Center (SOC), and their potential shared solutions to address aircraft and spacecraft flight and ground systems data mining requirements. This paper also touches on capacity and security requirements when addressing sizeable amounts of data across a large data infrastructure.

Overview of Privacy in Social Networking Sites (SNS)

NASA Astrophysics Data System (ADS)

Powale, Pallavi I.; Bhutkar, Ganesh D.

2013-07-01

Social Networking Sites (SNS) have become an integral part of communication and life style of people in today's world. Because of the wide range of services offered by SNSs mostly for free of cost, these sites are attracting the attention of all possible Internet users. Most importantly, users from all age groups have become members of SNSs. Since many of the users are not aware of the data thefts associated with information sharing, they freely share their personal information with SNSs. Therefore, SNSs may be used for investigating users' character and social habits by familiar or even unknown persons and agencies. Such commercial and social scenario, has led to number of privacy and security threats. Though, all major issues in SNSs need to be addressed, by SNS providers, privacy of SNS users is the most crucial. And therefore, in this paper, we have focused our discussion on "privacy in SNSs". We have discussed different ways of Personally Identifiable Information (PII) leakages from SNSs, information revelation to third-party domains without user consent and privacy related threats associated with such information sharing. We expect that this comprehensive overview on privacy in SNSs will definitely help in raising user awareness about sharing data and managing their privacy with SNSs. It will also help SNS providers to rethink about their privacy policies.

A Novel Image Steganography Technique for Secured Online Transaction Using DWT and Visual Cryptography

NASA Astrophysics Data System (ADS)

Anitha Devi, M. D.; ShivaKumar, K. B.

2017-08-01

Online payment eco system is the main target especially for cyber frauds. Therefore end to end encryption is very much needed in order to maintain the integrity of secret information related to transactions carried online. With access to payment related sensitive information, which enables lot of money transactions every day, the payment infrastructure is a major target for hackers. The proposed system highlights, an ideal approach for secure online transaction for fund transfer with a unique combination of visual cryptography and Haar based discrete wavelet transform steganography technique. This combination of data hiding technique reduces the amount of information shared between consumer and online merchant needed for successful online transaction along with providing enhanced security to customer’s account details and thereby increasing customer’s confidence preventing “Identity theft” and “Phishing”. To evaluate the effectiveness of proposed algorithm Root mean square error, Peak signal to noise ratio have been used as evaluation parameters

SSeCloud: Using secret sharing scheme to secure keys

NASA Astrophysics Data System (ADS)

Hu, Liang; Huang, Yang; Yang, Disheng; Zhang, Yuzhen; Liu, Hengchang

2017-08-01

With the use of cloud storage services, one of the concerns is how to protect sensitive data securely and privately. While users enjoy the convenience of data storage provided by semi-trusted cloud storage providers, they are confronted with all kinds of risks at the same time. In this paper, we present SSeCloud, a secure cloud storage system that improves security and usability by applying secret sharing scheme to secure keys. The system encrypts uploading files on the client side and splits encrypted keys into three shares. Each of them is respectively stored by users, cloud storage providers and the alternative third trusted party. Any two of the parties can reconstruct keys. Evaluation results of prototype system show that SSeCloud provides high security without too much performance penalty.

Cognitive approaches for patterns analysis and security applications

NASA Astrophysics Data System (ADS)

Ogiela, Marek R.; Ogiela, Lidia

2017-08-01

In this paper will be presented new opportunities for developing innovative solutions for semantic pattern classification and visual cryptography, which will base on cognitive and bio-inspired approaches. Such techniques can be used for evaluation of the meaning of analyzed patterns or encrypted information, and allow to involve such meaning into the classification task or encryption process. It also allows using some crypto-biometric solutions to extend personalized cryptography methodologies based on visual pattern analysis. In particular application of cognitive information systems for semantic analysis of different patterns will be presented, and also a novel application of such systems for visual secret sharing will be described. Visual shares for divided information can be created based on threshold procedure, which may be dependent on personal abilities to recognize some image details visible on divided images.

Secure key storage and distribution

DOEpatents

Agrawal, Punit

2015-06-02

This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

Women's experiences of social support during the first year following primary breast cancer surgery.

PubMed

Drageset, Sigrunn; Lindstrøm, Torill Christine; Giske, Tove; Underlid, Kjell

2016-06-01

The aim of this qualitative follow-up study was to describe women's individual experiences of social support during their first year after primary breast cancer surgery. Individual semi-structured interviews with 10 women 1 year after surgery analysed by Kvales' meaning condensation method. Sharing experiences, being understood as an individual, continuity, and information and explanations were themes identified. Sharing mutual experiences increased the women's knowledge regarding cancer, increased experience of support and minimised rumination. After 1 year, the women felt that the network around them had 'normalised' and was less supportive. Being seen as a person, not as 'a diagnosis being treated', and continuity of professional support were important, giving feelings of security and trust. The women felt uncertainty after loss of professional support post-treatment. Information and explanations regarding treatment and treatment-related problems were essential. Mutual sharing of experiences is an important part of social support. Continuity, availability, information and respect were essential aspects of experienced professional support. © 2015 Nordic College of Caring Science.

Information Technology and Community Restoration Studies/Task 1: Information Technology

DOE Office of Scientific and Technical Information (OSTI.GOV)

Upton, Jaki F.; Lesperance, Ann M.; Stein, Steven L.

2009-11-19

Executive Summary The Interagency Biological Restoration Demonstration—a program jointly funded by the Department of Defense's Defense Threat Reduction Agency and the Department of Homeland Security's (DHS's) Science and Technology Directorate—is developing policies, methods, plans, and applied technologies to restore large urban areas, critical infrastructures, and Department of Defense installations following the intentional release of a biological agent (anthrax) by terrorists. There is a perception that there should be a common system that can share information both vertically and horizontally amongst participating organizations as well as support analyses. A key question is: "How far away from this are we?" As partmore » of this program, Pacific Northwest National Laboratory conducted research to identify the current information technology tools that would be used by organizations in the greater Seattle urban area in such a scenario, to define criteria for use in evaluating information technology tools, and to identify current gaps. Researchers interviewed 28 individuals representing 25 agencies in civilian and military organizations to identify the tools they currently use to capture data needed to support operations and decision making. The organizations can be grouped into five broad categories: defense (Department of Defense), environmental/ecological (Environmental Protection Agency/Ecology), public health and medical services, emergency management, and critical infrastructure. The types of information that would be communicated in a biological terrorism incident include critical infrastructure and resource status, safety and protection information, laboratory test results, and general emergency information. The most commonly used tools are WebEOC (web-enabled crisis information management systems with real-time information sharing), mass notification software, resource tracking software, and NW WARN (web-based information to protect critical infrastructure systems). It appears that the current information management tools are used primarily for information gathering and sharing—not decision making. Respondents identified the following criteria for a future software system. It is easy to learn, updates information in real time, works with all agencies, is secure, uses a visualization or geographic information system feature, enables varying permission levels, flows information from one stage to another, works with other databases, feeds decision support tools, is compliant with appropriate standards, and is reasonably priced. Current tools have security issues, lack visual/mapping functions and critical infrastructure status, and do not integrate with other tools. It is clear that there is a need for an integrated, common operating system. The system would need to be accessible by all the organizations that would have a role in managing an anthrax incident to enable regional decision making. The most useful tool would feature a GIS visualization that would allow for a common operating picture that is updated in real time. To capitalize on information gained from the interviews, the following activities are recommended: • Rate emergency management decision tools against the criteria specified by the interviewees. • Identify and analyze other current activities focused on information sharing in the greater Seattle urban area. • Identify and analyze information sharing systems/tools used in other regions.« less

New Advanced Technologies to Provide Decentralised and Secure Access to Medical Records: Case Studies in Oncology

PubMed Central

Quantin, Catherine; Coatrieux, Gouenou; Allaert, François André; Fassa, Maniane; Bourquard, Karima; Boire, Jean-Yves; de Vlieger, Paul; Maigne, Lydia; Breton, Vincent

2009-01-01

The main problem for health professionals and patients in accessing information is that this information is very often distributed over many medical records and locations. This problem is particularly acute in cancerology because patients may be treated for many years and undergo a variety of examinations. Recent advances in technology make it feasible to gain access to medical records anywhere and anytime, allowing the physician or the patient to gather information from an “ephemeral electronic patient record”. However, this easy access to data is accompanied by the requirement for improved security (confidentiality, traceability, integrity, ...) and this issue needs to be addressed. In this paper we propose and discuss a decentralised approach based on recent advances in information sharing and protection: Grid technologies and watermarking methodologies. The potential impact of these technologies for oncology is illustrated by the examples of two experimental cases: a cancer surveillance network and a radiotherapy treatment plan. It is expected that the proposed approach will constitute the basis of a future secure “google-like” access to medical records. PMID:19718446

What CFOs should know before venturing into the cloud.

PubMed

Rajendran, Janakan

2013-05-01

There are three major trends in the use of cloud-based services for healthcare IT: Cloud computing involves the hosting of health IT applications in a service provider cloud. Cloud storage is a data storage service that can involve, for example, long-term storage and archival of information such as clinical data, medical images, and scanned documents. Data center colocation involves rental of secure space in the cloud from a vendor, an approach that allows a hospital to share power capacity and proven security protocols, reducing costs.

Data governance and stewardship: designing data stewardship entities and advancing data access.

PubMed

Rosenbaum, Sara

2010-10-01

U.S. health policy is engaged in a struggle over access to health information, in particular, the conditions under which information should be accessible for research when appropriate privacy protections and security safeguards are in place. The expanded use of health information-an inevitable step in an information age-is widely considered be essential to health system reform. Models exist for the creation of data-sharing arrangements that promote proper use of information in a safe and secure environment and with attention to ethical standards. Data stewardship is a concept with deep roots in the science and practice of data collection, sharing, and analysis. Reflecting the values of fair information practice, data stewardship denotes an approach to the management of data, particularly data that can identify individuals. The concept of a data steward is intended to convey a fiduciary (or trust) level of responsibility toward the data. Data governance is the process by which responsibilities of stewardship are conceptualized and carried out. As the concept of health information data stewardship advances in a technology-enabled environment, the question is whether legal barriers to data access and use will begin to give way. One possible answer may lie in defining the public interest in certain data uses, tying provider participation in federal health programs to the release of all-payer data to recognized data stewardship entities for aggregation and management, and enabling such entities to foster and enable the creation of knowledge through research. © Health Research and Educational Trust.

17 CFR Appendix A to Subpart A of... - Forms

Code of Federal Regulations, 2011 CFR

2011-04-01

... information that the institution collects and shares. All institutions must use the term “Social Security... the applicable opt-out methods described: telephone, such as by a toll-free number; a Web site; or use... appropriate. An institution that allows consumers to opt out online must provide either a specific Web address...

12 CFR Appendix A to Part 332 - Model Privacy Form

Code of Federal Regulations, 2011 CFR

2011-01-01

... information that the institution collects and shares. All institutions must use the term “Social Security... the applicable opt-out methods described: Telephone, such as by a toll-free number; a Web site; or use... appropriate. An institution that allows consumers to opt out online must provide either a specific Web address...

12 CFR Appendix A to Part 216 - Model Privacy Form

Code of Federal Regulations, 2011 CFR

2011-01-01

... information that the institution collects and shares. All institutions must use the term “Social Security... appropriate. An institution that allows consumers to opt out online must provide either a specific Web address that takes consumers directly to the opt-out page or a general Web address that provides a clear and...

Multi-Level Secure Information Sharing Between Smart Cloud Systems of Systems

DTIC Science & Technology

2014-03-01

implementation of virtual hardware (VMWare), along with a commercial implementation of virtual networking (VPN), such as OpenVPN . 1. VMWare Virtualization...en.wikipedia.org/wiki/MongoDB. Wikipedia. 2014b. Accessed February 26. s.v. “Open VPN,” http://en.wikipedia.org/wiki/ OpenVPN . Wikipedia. 2014c. Accessed

3 CFR 8875 - Proclamation 8875 of October 1, 2012. National Cybersecurity Awareness Month, 2012

Code of Federal Regulations, 2013 CFR

2013-01-01

... November 2011, we released the Blueprint for a Secure Cyber Future—a strategic plan to protect government, the private sector, and the public against cyber threats today and tomorrow. As we continue to improve... our critical infrastructure, facilitating greater cyber information sharing between government and the...

California Earthquake Clearinghouse Crisis Information-Sharing Strategy in Support of Situational Awareness, Understanding Interdependencies of Critical Infrastructure, Regional Resilience, Preparedness, Risk Assessment/mitigation, Decision-Making and Everyday Operational Needs

NASA Astrophysics Data System (ADS)

Rosinski, A.; Morentz, J.; Beilin, P.

2017-12-01

The principal function of the California Earthquake Clearinghouse is to provide State and Federal disaster response managers, and the scientific and engineering communities, with prompt information on ground failure, structural damage, and other consequences from significant seismic events such as earthquakes and tsunamis. The overarching problem highlighted in discussions with Clearinghouse partners is the confusion and frustration of many of the Operational Area representatives, and some regional utilities throughout the state on what software applications they should be using and maintaining to meet State, Federal, and Local, requirements, and for what purposes, and how to deal with the limitations of these applications. This problem is getting in the way of making meaningful progress on developing multi-application interoperability and the necessary supporting cross-sector information-sharing procedures and dialogue on essential common operational information that entities need to share for different all hazards missions and related operational activities associated with continuity, security, and resilience. The XchangeCore based system the Clearinghouse is evolving helps deal with this problem, and does not compound it by introducing yet another end-user application; there is no end-user interface with which one views XchangeCore, all viewing of data provided through XchangeCore occurs in and on existing, third-party operational applications. The Clearinghouse efforts with XchangeCore are compatible with FEMA, which is currently using XchangeCore-provided data for regional and National Business Emergency Operations Center (source of business information sharing during emergencies) response. Also important, and should be emphasized, is that information-sharing is not just for response, but for preparedness, risk assessment/mitigation decision-making, and everyday operational needs for situational awareness. In other words, the benefits of the Clearinghouse information sharing efforts transcend emergency response. The Clearinghouse is in the process of developing an Information-Sharing System Guide and CONOPS/ templates, that should be aimed a multi-stakeholder, non-technical audience.

Digital watermarking for secure and adaptive teleconferencing

NASA Astrophysics Data System (ADS)

Vorbrueggen, Jan C.; Thorwirth, Niels

2002-04-01

The EC-sponsored project ANDROID aims to develop a management system for secure active networks. Active network means allowing the network's customers to execute code (Java-based so-called proxylets) on parts of the network infrastructure. Secure means that the network operator nonetheless retains full control over the network and its resources, and that proxylets use ANDROID-developed facilities to provide secure applications. Management is based on policies and allows autonomous, distributed decisions and actions to be taken. Proxylets interface with the system via policies; among actions they can take is controlling execution of other proxylets or redirection of network traffic. Secure teleconferencing is used as the application to demonstrate the approach's advantages. A way to control a teleconference's data streams is to use digital watermarking of the video, audio and/or shared-whiteboard streams, providing an imperceptible and inseparable side channel that delivers information from originating or intermediate stations to downstream stations. Depending on the information carried by the watermark, these stations can take many different actions. Examples are forwarding decisions based on security classifications (possibly time-varying) at security boundaries, set-up and tear-down of virtual private networks, intelligent and adaptive transcoding, recorder or playback control (e.g., speaking off the record), copyright protection, and sender authentication.

Server-Controlled Identity-Based Authenticated Key Exchange

NASA Astrophysics Data System (ADS)

Guo, Hua; Mu, Yi; Zhang, Xiyong; Li, Zhoujun

We present a threshold identity-based authenticated key exchange protocol that can be applied to an authenticated server-controlled gateway-user key exchange. The objective is to allow a user and a gateway to establish a shared session key with the permission of the back-end servers, while the back-end servers cannot obtain any information about the established session key. Our protocol has potential applications in strong access control of confidential resources. In particular, our protocol possesses the semantic security and demonstrates several highly-desirable security properties such as key privacy and transparency. We prove the security of the protocol based on the Bilinear Diffie-Hellman assumption in the random oracle model.

ASSOCIATION BETWEEN INFANT NIGHTTIME-SLEEP LOCATION AND ATTACHMENT SECURITY: NO EASY VERDICT.

PubMed

Mileva-Seitz, Viara R; Luijk, Maartje P C M; van Ijzendoorn, Marinus H; Bakermans-Kranenburg, Marian J; Jaddoe, Vincent W V; Hofman, Albert; Verhulst, Frank C; Tiemeier, Henning

2016-01-01

We tested whether mother-infant bed-sharing is associated with increased secure infant-mother attachment, a previously unexplored association. Frequency of bed-sharing and mothers' nighttime comforting measures at 2 months were assessed with questionnaires in 550 Caucasian mothers from a population-based cohort. Attachment security was assessed with the Strange Situation Procedure (M.D.S. Ainsworth, M.C. Blehar, E. Waters, & S. Wall, 1978) at 14 months. When using a dichotomous variable, "never bed-sharing" (solitary sleepers) versus "any bed-sharing," the relative risk of being classified as insecurely attached for solitary-sleeping infants (vs. bed-sharers) was 1.21 (95% confidence interval: 1.05-1.40). In multivariate models, solitary sleeping was associated with greater odds of insecure attachment, adjusted odds ratio (OR): 1.50, 95% CI = 1.02-2.20) and, in particular, with greater odds of resistant attachment, adjusted OR = 1.74, 95% CI = 1.10-2.76); and with a lower attachment security score, β = -0.12, t(495) = -2.61, p = .009. However, we found no evidence of a dose-response association between bed-sharing and secure attachment when using a trichotomous bed-sharing variable based on frequency of bed-sharing. Our findings demonstrate some evidence that solitary sleeping is associated with insecure attachment. However, the lack of a dose-response association suggests that further experimental study is necessary before accepting common notions that sharing a bed leads to children who are better or not better adjusted. © 2015 Michigan Association for Infant Mental Health.

Patient Protection and Affordable Care Act; HHS notice of benefit and payment parameters for 2015. Final rule.

PubMed

2014-03-11

This final rule sets forth payment parameters and oversight provisions related to the risk adjustment, reinsurance, and risk corridors programs; cost sharing parameters and cost-sharing reductions; and user fees for Federally-facilitated Exchanges. It also provides additional standards with respect to composite premiums, privacy and security of personally identifiable information, the annual open enrollment period for 2015, the actuarial value calculator, the annual limitation in cost sharing for stand-alone dental plans, the meaningful difference standard for qualified health plans offered through a Federally-facilitated Exchange, patient safety standards for issuers of qualified health plans, and the Small Business Health Options Program.

Phase-Reference-Free Experiment of Measurement-Device-Independent Quantum Key Distribution

NASA Astrophysics Data System (ADS)

Wang, Chao; Song, Xiao-Tian; Yin, Zhen-Qiang; Wang, Shuang; Chen, Wei; Zhang, Chun-Mei; Guo, Guang-Can; Han, Zheng-Fu

2015-10-01

Measurement-device-independent quantum key distribution (MDI QKD) is a substantial step toward practical information-theoretic security for key sharing between remote legitimate users (Alice and Bob). As with other standard device-dependent quantum key distribution protocols, such as BB84, MDI QKD assumes that the reference frames have been shared between Alice and Bob. In practice, a nontrivial alignment procedure is often necessary, which requires system resources and may significantly reduce the secure key generation rate. Here, we propose a phase-coding reference-frame-independent MDI QKD scheme that requires no phase alignment between the interferometers of two distant legitimate parties. As a demonstration, a proof-of-principle experiment using Faraday-Michelson interferometers is presented. The experimental system worked at 1 MHz, and an average secure key rate of 8.309 bps was obtained at a fiber length of 20 km between Alice and Bob. The system can maintain a positive key generation rate without phase compensation under normal conditions. The results exhibit the feasibility of our system for use in mature MDI QKD devices and its value for network scenarios.

Shared Electronic Health Record Systems: Key Legal and Security Challenges.

PubMed

Christiansen, Ellen K; Skipenes, Eva; Hausken, Marie F; Skeie, Svein; Østbye, Truls; Iversen, Marjolein M

2017-11-01

Use of shared electronic health records opens a whole range of new possibilities for flexible and fruitful cooperation among health personnel in different health institutions, to the benefit of the patients. There are, however, unsolved legal and security challenges. The overall aim of this article is to highlight legal and security challenges that should be considered before using shared electronic cooperation platforms and health record systems to avoid legal and security "surprises" subsequent to the implementation. Practical lessons learned from the use of a web-based ulcer record system involving patients, community nurses, GPs, and hospital nurses and doctors in specialist health care are used to illustrate challenges we faced. Discussion of possible legal and security challenges is critical for successful implementation of shared electronic collaboration systems. Key challenges include (1) allocation of responsibility, (2) documentation routines, (3) and integrated or federated access control. We discuss and suggest how challenges of legal and security aspects can be handled. This discussion may be useful for both current and future users, as well as policy makers.

Cryptonite: A Secure and Performant Data Repository on Public Clouds

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kumbhare, Alok; Simmhan, Yogesh; Prasanna, Viktor

2012-06-29

Cloud storage has become immensely popular for maintaining synchronized copies of files and for sharing documents with collaborators. However, there is heightened concern about the security and privacy of Cloud-hosted data due to the shared infrastructure model and an implicit trust in the service providers. Emerging needs of secure data storage and sharing for domains like Smart Power Grids, which deal with sensitive consumer data, require the persistence and availability of Cloud storage but with client-controlled security and encryption, low key management overhead, and minimal performance costs. Cryptonite is a secure Cloud storage repository that addresses these requirements using amore » StrongBox model for shared key management.We describe the Cryptonite service and desktop client, discuss performance optimizations, and provide an empirical analysis of the improvements. Our experiments shows that Cryptonite clients achieve a 40% improvement in file upload bandwidth over plaintext storage using the Azure Storage Client API despite the added security benefits, while our file download performance is 5 times faster than the baseline for files greater than 100MB.« less

Will you accept the government's friend request? Social networks and privacy concerns.

PubMed

Siegel, David A

2013-01-01

Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim.

Will You Accept the Government's Friend Request? Social Networks and Privacy Concerns

PubMed Central

Siegel, David A.

2013-01-01

Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim. PMID:24312236

Data Governance and Stewardship: Designing Data Stewardship Entities and Advancing Data Access

PubMed Central

Rosenbaum, Sara

2010-01-01

U.S. health policy is engaged in a struggle over access to health information, in particular, the conditions under which information should be accessible for research when appropriate privacy protections and security safeguards are in place. The expanded use of health information—an inevitable step in an information age—is widely considered be essential to health system reform. Models exist for the creation of data-sharing arrangements that promote proper use of information in a safe and secure environment and with attention to ethical standards. Data stewardship is a concept with deep roots in the science and practice of data collection, sharing, and analysis. Reflecting the values of fair information practice, data stewardship denotes an approach to the management of data, particularly data that can identify individuals. The concept of a data steward is intended to convey a fiduciary (or trust) level of responsibility toward the data. Data governance is the process by which responsibilities of stewardship are conceptualized and carried out. As the concept of health information data stewardship advances in a technology-enabled environment, the question is whether legal barriers to data access and use will begin to give way. One possible answer may lie in defining the public interest in certain data uses, tying provider participation in federal health programs to the release of all-payer data to recognized data stewardship entities for aggregation and management, and enabling such entities to foster and enable the creation of knowledge through research. PMID:21054365

Patient informed governance of distributed research networks: results and discussion from six patient focus groups.

PubMed

Mamo, Laura A; Browe, Dennis K; Logan, Holly C; Kim, Katherine K

2013-01-01

Understanding how to govern emerging distributed research networks is essential to their success. Distributed research networks aggregate patient medical data from many institutions leaving data within the local provider security system. While much is known about patients' views on secondary medical research, little is known about their views on governance of research networks. We conducted six focus groups with patients from three medical centers across the U.S. to understand their perspectives on privacy, consent, and ethical concerns of sharing their data as part of research networks. Participants positively endorsed sharing their health data with these networks believing that doing so could advance healthcare knowledge. However, patients expressed several concerns regarding security and broader ethical issues such as commercialism, public benefit, and social responsibility. We suggest that network governance guidelines move beyond strict technical requirements and address wider socio-ethical concerns by fully including patients in governance processes.

Patient Informed Governance of Distributed Research Networks: Results and Discussion from Six Patient Focus Groups

PubMed Central

Mamo, Laura A.; Browe, Dennis K.; Logan, Holly C.; Kim, Katherine K.

2013-01-01

Understanding how to govern emerging distributed research networks is essential to their success. Distributed research networks aggregate patient medical data from many institutions leaving data within the local provider security system. While much is known about patients’ views on secondary medical research, little is known about their views on governance of research networks. We conducted six focus groups with patients from three medical centers across the U.S. to understand their perspectives on privacy, consent, and ethical concerns of sharing their data as part of research networks. Participants positively endorsed sharing their health data with these networks believing that doing so could advance healthcare knowledge. However, patients expressed several concerns regarding security and broader ethical issues such as commercialism, public benefit, and social responsibility. We suggest that network governance guidelines move beyond strict technical requirements and address wider socio-ethical concerns by fully including patients in governance processes. PMID:24551383

A Secure and Efficient Audit Mechanism for Dynamic Shared Data in Cloud Storage

PubMed Central

2014-01-01

With popularization of cloud services, multiple users easily share and update their data through cloud storage. For data integrity and consistency in the cloud storage, the audit mechanisms were proposed. However, existing approaches have some security vulnerabilities and require a lot of computational overheads. This paper proposes a secure and efficient audit mechanism for dynamic shared data in cloud storage. The proposed scheme prevents a malicious cloud service provider from deceiving an auditor. Moreover, it devises a new index table management method and reduces the auditing cost by employing less complex operations. We prove the resistance against some attacks and show less computation cost and shorter time for auditing when compared with conventional approaches. The results present that the proposed scheme is secure and efficient for cloud storage services managing dynamic shared data. PMID:24959630

A secure and efficient audit mechanism for dynamic shared data in cloud storage.

PubMed

Kwon, Ohmin; Koo, Dongyoung; Shin, Yongjoo; Yoon, Hyunsoo

2014-01-01

With popularization of cloud services, multiple users easily share and update their data through cloud storage. For data integrity and consistency in the cloud storage, the audit mechanisms were proposed. However, existing approaches have some security vulnerabilities and require a lot of computational overheads. This paper proposes a secure and efficient audit mechanism for dynamic shared data in cloud storage. The proposed scheme prevents a malicious cloud service provider from deceiving an auditor. Moreover, it devises a new index table management method and reduces the auditing cost by employing less complex operations. We prove the resistance against some attacks and show less computation cost and shorter time for auditing when compared with conventional approaches. The results present that the proposed scheme is secure and efficient for cloud storage services managing dynamic shared data.

Unconditional security of entanglement-based continuous-variable quantum secret sharing

NASA Astrophysics Data System (ADS)

Kogias, Ioannis; Xiang, Yu; He, Qiongyi; Adesso, Gerardo

2017-01-01

The need for secrecy and security is essential in communication. Secret sharing is a conventional protocol to distribute a secret message to a group of parties, who cannot access it individually but need to cooperate in order to decode it. While several variants of this protocol have been investigated, including realizations using quantum systems, the security of quantum secret sharing schemes still remains unproven almost two decades after their original conception. Here we establish an unconditional security proof for entanglement-based continuous-variable quantum secret sharing schemes, in the limit of asymptotic keys and for an arbitrary number of players. We tackle the problem by resorting to the recently developed one-sided device-independent approach to quantum key distribution. We demonstrate theoretically the feasibility of our scheme, which can be implemented by Gaussian states and homodyne measurements, with no need for ideal single-photon sources or quantum memories. Our results contribute to validating quantum secret sharing as a viable primitive for quantum technologies.

Multiparty quantum key agreement protocol based on locally indistinguishable orthogonal product states

NASA Astrophysics Data System (ADS)

Jiang, Dong-Huan; Xu, Guang-Bao

2018-07-01

Based on locally indistinguishable orthogonal product states, we propose a novel multiparty quantum key agreement (QKA) protocol. In this protocol, the private key information of each party is encoded as some orthogonal product states that cannot be perfectly distinguished by local operations and classical communications. To ensure the security of the protocol with small amount of decoy particles, the different particles of each product state are transmitted separately. This protocol not only can make each participant fairly negotiate a shared key, but also can avoid information leakage in the maximum extent. We give a detailed security proof of this protocol. From comparison result with the existing QKA protocols, we can know that the new protocol is more efficient.

Catch shares slow the race to fish

NASA Astrophysics Data System (ADS)

Birkenbach, Anna M.; Kaczan, David J.; Smith, Martin D.

2017-04-01

In fisheries, the tragedy of the commons manifests as a competitive race to fish that compresses fishing seasons, resulting in ecological damage, economic waste, and occupational hazards. Catch shares are hypothesized to halt the race by securing each individual’s right to a portion of the total catch, but there is evidence for this from selected examples only. Here we systematically analyse natural experiments to test whether catch shares reduce racing in 39 US fisheries. We compare each fishery treated with catch shares to an individually matched control before and after the policy change. We estimate an average policy treatment effect in a pooled model and in a meta-analysis that combines separate estimates for each treatment-control pair. Consistent with the theory that market-based management ends the race to fish, we find strong evidence that catch shares extend fishing seasons. This evidence informs the current debate over expanding the use of market-based regulation to other fisheries.

Catch shares slow the race to fish.

PubMed

Birkenbach, Anna M; Kaczan, David J; Smith, Martin D

2017-04-13

In fisheries, the tragedy of the commons manifests as a competitive race to fish that compresses fishing seasons, resulting in ecological damage, economic waste, and occupational hazards. Catch shares are hypothesized to halt the race by securing each individual's right to a portion of the total catch, but there is evidence for this from selected examples only. Here we systematically analyse natural experiments to test whether catch shares reduce racing in 39 US fisheries. We compare each fishery treated with catch shares to an individually matched control before and after the policy change. We estimate an average policy treatment effect in a pooled model and in a meta-analysis that combines separate estimates for each treatment-control pair. Consistent with the theory that market-based management ends the race to fish, we find strong evidence that catch shares extend fishing seasons. This evidence informs the current debate over expanding the use of market-based regulation to other fisheries.

An HIT Solution for Clinical Care and Disaster Planning: How One health Center in Joplin, MO Survived a Tornado and Avoided a Health Information Disaster.

PubMed

Shin, Peter; Jacobs, Feygele

2012-01-01

Since taking office, President Obama has made substantial investments in promoting the diffusion of health information technology (IT). The objective of the national health IT program is, generally, to enable health care providers to better manage patient care through secure use and sharing of health information. Through the use of technologies including electronic health records, providers can better maintain patient care information and facilitate communication, often improving care outcomes. The recent tornado in Joplin, MO highlights the importance of health information technology in the health center context, and illustrates the importance of secure electronic health information systems as a crucial element of disaster and business continuity planning. This article examines the experience of a community health center in the aftermath of the major tornado that swept through the American Midwest in the spring of 2011, and provides insight into the planning for disaster survival and recovery as it relates to patient records and health center data.

An HIT Solution for Clinical Care and Disaster Planning: How One health Center in Joplin, MO Survived a Tornado and Avoided a Health Information Disaster

PubMed Central

Shin, Peter; Jacobs, Feygele

2012-01-01

Since taking office, President Obama has made substantial investments in promoting the diffusion of health information technology (IT). The objective of the national health IT program is, generally, to enable health care providers to better manage patient care through secure use and sharing of health information. Through the use of technologies including electronic health records, providers can better maintain patient care information and facilitate communication, often improving care outcomes. The recent tornado in Joplin, MO highlights the importance of health information technology in the health center context, and illustrates the importance of secure electronic health information systems as a crucial element of disaster and business continuity planning. This article examines the experience of a community health center in the aftermath of the major tornado that swept through the American Midwest in the spring of 2011, and provides insight into the planning for disaster survival and recovery as it relates to patient records and health center data. PMID:23569622

Design of a RESTful web information system for drug prescription and administration.

PubMed

Bianchi, Lorenzo; Paganelli, Federica; Pettenati, Maria Chiara; Turchi, Stefano; Ciofi, Lucia; Iadanza, Ernesto; Giuli, Dino

2014-05-01

Drug prescription and administration processes strongly impact on the occurrence of risks in medical settings for they can be sources of adverse drug events (ADEs). A properly engineered use of information and communication technologies has proven to be a promising approach to reduce these risks. In this study, we propose PHARMA, a web information system which supports healthcare staff in the secure cooperative execution of drug prescription, transcription and registration tasks. PHARMA allows the easy sharing and management of documents containing drug-related information (i.e., drug prescriptions, medical reports, screening), which is often inconsistent and scattered across different information systems and heterogeneous organization domains (e.g., departments, other hospital facilities). PHARMA enables users to access such information in a consistent and secure way, through the adoption of REST and web-oriented design paradigms and protocols. We describe the implementation of the PHARMA prototype, and we discuss the results of the usability evaluation that we carried out with the staff of a hospital in Florence, Italy.

The Idea to Promote the Development of E-Government in the Civil Aviation System

NASA Astrophysics Data System (ADS)

Renliang, Jiang

E-government has a significant impact on the organizational structure, working mechanism, operating methods and behavior patterns of the civil aviation administration department.The purpose of this research is to find some countermeasures propelling the electronization, network and office automation of the civil aviation system.The method used in the study was field and literature research.The studies showed that government departments in the civil aviation system could promote the development of e-government further by promoting open administration and implementing democratic and scientific decision-making, strengthening the popularization of information technology and information technology training on civil servants, paying attention to the integration and sharing of information resources, formulating a standard e-government system for the civil aviation system, developing the legal security system for the e-government and strengthening the network security.

High-Surety Telemedicine in a Distributed, 'Plug-andPlan' Environment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Craft, Richard L.; Funkhouser, Donald R.; Gallagher, Linda K.

1999-05-17

Commercial telemedicine systems are increasingly functional, incorporating video-conferencing capabilities, diagnostic peripherals, medication reminders, and patient education services. However, these systems (1) rarely utilize information architectures which allow them to be easily integrated with existing health information networks and (2) do not always protect patient confidentiality with adequate security mechanisms. Using object-oriented methods and software wrappers, we illustrate the transformation of an existing stand-alone telemedicine system into `plug-and-play' components that function in a distributed medical information environment. We show, through the use of open standards and published component interfaces, that commercial telemedicine offerings which were once incompatible with electronic patient recordmore » systems can now share relevant data with clinical information repositories while at the same time hiding the proprietary implementations of the respective systems. Additionally, we illustrate how leading-edge technology can secure this distributed telemedicine environment, maintaining patient confidentiality and the integrity of the associated electronic medical data. Information surety technology also encourages the development of telemedicine systems that have both read and write access to electronic medical records containing patient-identifiable information. The win-win approach to telemedicine information system development preserves investments in legacy software and hardware while promoting security and interoperability in a distributed environment.« less

A community effort to protect genomic data sharing, collaboration and outsourcing.

PubMed

Wang, Shuang; Jiang, Xiaoqian; Tang, Haixu; Wang, Xiaofeng; Bu, Diyue; Carey, Knox; Dyke, Stephanie Om; Fox, Dov; Jiang, Chao; Lauter, Kristin; Malin, Bradley; Sofia, Heidi; Telenti, Amalio; Wang, Lei; Wang, Wenhao; Ohno-Machado, Lucila

2017-01-01

The human genome can reveal sensitive information and is potentially re-identifiable, which raises privacy and security concerns about sharing such data on wide scales. In 2016, we organized the third Critical Assessment of Data Privacy and Protection competition as a community effort to bring together biomedical informaticists, computer privacy and security researchers, and scholars in ethical, legal, and social implications (ELSI) to assess the latest advances on privacy-preserving techniques for protecting human genomic data. Teams were asked to develop novel protection methods for emerging genome privacy challenges in three scenarios: Track (1) data sharing through the Beacon service of the Global Alliance for Genomics and Health. Track (2) collaborative discovery of similar genomes between two institutions; and Track (3) data outsourcing to public cloud services. The latter two tracks represent continuing themes from our 2015 competition, while the former was new and a response to a recently established vulnerability. The winning strategy for Track 1 mitigated the privacy risk by hiding approximately 11% of the variation in the database while permitting around 160,000 queries, a significant improvement over the baseline. The winning strategies in Tracks 2 and 3 showed significant progress over the previous competition by achieving multiple orders of magnitude performance improvement in terms of computational runtime and memory requirements. The outcomes suggest that applying highly optimized privacy-preserving and secure computation techniques to safeguard genomic data sharing and analysis is useful. However, the results also indicate that further efforts are needed to refine these techniques into practical solutions.

Secure public cloud platform for medical images sharing.

PubMed

Pan, Wei; Coatrieux, Gouenou; Bouslimi, Dalel; Prigent, Nicolas

2015-01-01

Cloud computing promises medical imaging services offering large storage and computing capabilities for limited costs. In this data outsourcing framework, one of the greatest issues to deal with is data security. To do so, we propose to secure a public cloud platform devoted to medical image sharing by defining and deploying a security policy so as to control various security mechanisms. This policy stands on a risk assessment we conducted so as to identify security objectives with a special interest for digital content protection. These objectives are addressed by means of different security mechanisms like access and usage control policy, partial-encryption and watermarking.

Distributed clinical data sharing via dynamic access-control policy transformation.

PubMed

Rezaeibagha, Fatemeh; Mu, Yi

2016-05-01

Data sharing in electronic health record (EHR) systems is important for improving the quality of healthcare delivery. Data sharing, however, has raised some security and privacy concerns because healthcare data could be potentially accessible by a variety of users, which could lead to privacy exposure of patients. Without addressing this issue, large-scale adoption and sharing of EHR data are impractical. The traditional solution to the problem is via encryption. Although encryption can be applied to access control, it is not applicable for complex EHR systems that require multiple domains (e.g. public and private clouds) with various access requirements. This study was carried out to address the security and privacy issues of EHR data sharing with our novel access-control mechanism, which captures the scenario of the hybrid clouds and need of access-control policy transformation, to provide secure and privacy-preserving data sharing among different healthcare enterprises. We introduce an access-control mechanism with some cryptographic building blocks and present a novel approach for secure EHR data sharing and access-control policy transformation in EHR systems for hybrid clouds. We propose a useful data sharing system for healthcare providers to handle various EHR users who have various access privileges in different cloud environments. A systematic study has been conducted on data sharing in EHR systems to provide a solution to the security and privacy issues. In conclusion, we introduce an access-control method for privacy protection of EHRs and EHR policy transformation that allows an EHR access-control policy to be transformed from a private cloud to a public cloud. This method has never been studied previously in the literature. Furthermore, we provide a protocol to demonstrate policy transformation as an application scenario. Copyright © 2016 Elsevier Ireland Ltd. All rights reserved.

An Expanded Study of Net Generation Perceptions on Privacy and Security on Social Networking Sites (SNS)

ERIC Educational Resources Information Center

Lawler, James P.; Molluzzo, John C.; Doshi, Vijal

2012-01-01

Social networking on the Internet continues to be a frequent avenue of communication, especially among Net Generation consumers, giving benefits both personal and professional. The benefits may be eventually hindered by issues in information gathering and sharing on social networking sites. This study evaluates the perceptions of students taking a…

77 FR 7219 - Self-Regulatory Organizations; NYSE Arca, Inc.; Order Granting Approval of a Proposed Rule Change...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-10

... market and a national market system, and, in general, to protect investors and the public interest. The... in, securities. Quotation and last- sale information for the Shares will be available via the... subscription basis.\\21\\ In addition, for each Fund, the Indicative Optimized Portfolio Value (``IOPV'') will be...

Teamwork and the National Security Personnel System

DTIC Science & Technology

2007-03-18

and thereby improve organizational performance. However, concern exists that only rewarding individual performance may adversely impact teamwork...collaboration, and information sharing which could ultimately impact organizational performance. This paper explores the importance of teamwork for...indicates that pay-for-performance systems can harm teamwork suggesting that NSPS could negatively impact teamwork within the DoD. Recommendations are

75 FR 13169 - Self-Regulatory Organizations; The Options Clearing Corporation; Notice of Filing of Proposed...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-18

... interpretation with respect to the treatment and clearing of options and security futures on SPDR Gold Shares.\\2... amended the interpretation to extend similar treatment to options and security futures on iShares[supreg... rule filing SR-OCC-2009-20, which extended similar treatment to options and security futures on ETFS...

Secured Communication for Business Process Outsourcing Using Optimized Arithmetic Cryptography Protocol Based on Virtual Parties

NASA Astrophysics Data System (ADS)

Pathak, Rohit; Joshi, Satyadhar

Within a span of over a decade, India has become one of the most favored destinations across the world for Business Process Outsourcing (BPO) operations. India has rapidly achieved the status of being the most preferred destination for BPO for companies located in the US and Europe. Security and privacy are the two major issues needed to be addressed by the Indian software industry to have an increased and long-term outsourcing contract from the US. Another important issue is about sharing employee’s information to ensure that data and vital information of an outsourcing company is secured and protected. To ensure that the confidentiality of a client’s information is maintained, BPOs need to implement some data security measures. In this paper, we propose a new protocol for specifically for BPO Secure Multi-Party Computation (SMC). As there are many computations and surveys which involve confidential data from many parties or organizations and the concerned data is property of the organization, preservation and security of this data is of prime importance for such type of computations. Although the computation requires data from all the parties, but none of the associated parties would want to reveal their data to the other parties. We have proposed a new efficient and scalable protocol to perform computation on encrypted information. The information is encrypted in a manner that it does not affect the result of the computation. It uses modifier tokens which are distributed among virtual parties, and finally used in the computation. The computation function uses the acquired data and modifier tokens to compute right result from the encrypted data. Thus without revealing the data, right result can be computed and privacy of the parties is maintained. We have given a probabilistic security analysis of hacking the protocol and shown how zero hacking security can be achieved. Also we have analyzed the specific case of Indian BPO.

Computer-aided diagnosis workstation and teleradiology network system for chest diagnosis using the web medical image conference system with a new information security solution

NASA Astrophysics Data System (ADS)

Satoh, Hitoshi; Niki, Noboru; Eguchi, Kenji; Ohmatsu, Hironobu; Kaneko, Masahiro; Kakinuma, Ryutaro; Moriyama, Noriyuki

2010-03-01

Diagnostic MDCT imaging requires a considerable number of images to be read. Moreover, the doctor who diagnoses a medical image is insufficient in Japan. Because of such a background, we have provided diagnostic assistance methods to medical screening specialists by developing a lung cancer screening algorithm that automatically detects suspected lung cancers in helical CT images, a coronary artery calcification screening algorithm that automatically detects suspected coronary artery calcification and a vertebra body analysis algorithm for quantitative evaluation of osteoporosis. We also have developed the teleradiology network system by using web medical image conference system. In the teleradiology network system, the security of information network is very important subjects. Our teleradiology network system can perform Web medical image conference in the medical institutions of a remote place using the web medical image conference system. We completed the basic proof experiment of the web medical image conference system with information security solution. We can share the screen of web medical image conference system from two or more web conference terminals at the same time. An opinion can be exchanged mutually by using a camera and a microphone that are connected with the workstation that builds in some diagnostic assistance methods. Biometric face authentication used on site of teleradiology makes "Encryption of file" and "Success in login" effective. Our Privacy and information security technology of information security solution ensures compliance with Japanese regulations. As a result, patients' private information is protected. Based on these diagnostic assistance methods, we have developed a new computer-aided workstation and a new teleradiology network that can display suspected lesions three-dimensionally in a short time. The results of this study indicate that our radiological information system without film by using computer-aided diagnosis workstation and our teleradiology network system can increase diagnostic speed, diagnostic accuracy and security improvement of medical information.

Secure Dynamic access control scheme of PHR in cloud computing.

PubMed

Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

2012-12-01

With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access scheme in Cloud computing environments is proven flexible and secure and could effectively correspond to real-time appending and deleting user access authorization and appending and revising PHR records.

Disjointed Ways, Disunified Means: Learning From America’s Struggle to Build an Afghan Nation

DTIC Science & Technology

2012-05-01

unify- ing the intelligence community with a new National Intelligence Director, and creating a network-based information -sharing system. The...no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control... a monthly e-mail newsletter to update the national security community on the re- search of our analysts, recent and forthcoming publications, and

Time Pattern Locking Scheme for Secure Multimedia Contents in Human-Centric Device

PubMed Central

Kim, Hyun-Woo; Kim, Jun-Ho; Park, Jong Hyuk; Jeong, Young-Sik

2014-01-01

Among the various smart multimedia devices, multimedia smartphones have become the most widespread due to their convenient portability and real-time information sharing, as well as various other built-in features. Accordingly, since personal and business activities can be carried out using multimedia smartphones without restrictions based on time and location, people have more leisure time and convenience than ever. However, problems such as loss, theft, and information leakage because of convenient portability have also increased proportionally. As a result, most multimedia smartphones are equipped with various built-in locking features. Pattern lock, personal identification numbers, and passwords are the most used locking features on current smartphones, but these are vulnerable to shoulder surfing and smudge attacks, allowing malicious users to bypass the security feature easily. In particular, the smudge attack technique is a convenient way to unlock multimedia smartphones after they have been stolen. In this paper, we propose the secure locking screen using time pattern (SLSTP) focusing on improved security and convenience for users to support human-centric multimedia device completely. The SLSTP can provide a simple interface to users and reduce the risk factors pertaining to security leakage to malicious third parties. PMID:25202737

Time pattern locking scheme for secure multimedia contents in human-centric device.

PubMed

Kim, Hyun-Woo; Kim, Jun-Ho; Park, Jong Hyuk; Jeong, Young-Sik

2014-01-01

Among the various smart multimedia devices, multimedia smartphones have become the most widespread due to their convenient portability and real-time information sharing, as well as various other built-in features. Accordingly, since personal and business activities can be carried out using multimedia smartphones without restrictions based on time and location, people have more leisure time and convenience than ever. However, problems such as loss, theft, and information leakage because of convenient portability have also increased proportionally. As a result, most multimedia smartphones are equipped with various built-in locking features. Pattern lock, personal identification numbers, and passwords are the most used locking features on current smartphones, but these are vulnerable to shoulder surfing and smudge attacks, allowing malicious users to bypass the security feature easily. In particular, the smudge attack technique is a convenient way to unlock multimedia smartphones after they have been stolen. In this paper, we propose the secure locking screen using time pattern (SLSTP) focusing on improved security and convenience for users to support human-centric multimedia device completely. The SLSTP can provide a simple interface to users and reduce the risk factors pertaining to security leakage to malicious third parties.

From the Mountains of the Moon to the Grand Renaissance: misinformation, disinformation and, finally, information for cooperation in the Nile River basin

NASA Astrophysics Data System (ADS)

Zaitchik, B. F.; Habib, S.; Anderson, M. C.; Ozdogan, M.

2012-12-01

The Nile River basin is shared by 11 nations and approximately 200 million people. Eight of the riparian States are defined as Least Developed Countries by the United Nations, and about 50% of the total basin population lives below the international poverty line. In addition, eight of the eleven countries have experienced internal or external wars in the past 20 years, six are predicted to be water scarce by 2025, and, at present, major water resource development projects are moving forward in the absence of a fully recognized basin-wide water sharing agreement. Nevertheless, the Nile basin presents remarkable opportunities for transboundary water cooperation, and today—notwithstanding significant substantive and perceived disagreements between stakeholders in the basin—this cooperation is beginning to be realized in topics ranging from flood early warning to hydropower optimization to regional food security. This presentation will provide an overview of historic and present challenges and opportunities for transboundary water management in the Nile basin and will present several case studies in which improved hydroclimatic information and communication systems are currently laying the groundwork for advanced cooperation. In this context climate change acts as both stress and motivator. On one hand, non-stationary hydrology is expected to tax water resources in the basin, and it undermines confidence in conventionally formulated water sharing agreements. On the other, non-stationarity is increasingly understood to be an exogenous threat to regional food and water security that will require informed, flexible cooperation between riparian states.

Individual differences in cyber security behaviors: an examination of who is sharing passwords.

PubMed

Whitty, Monica; Doodson, James; Creese, Sadie; Hodges, Duncan

2015-01-01

In spite of the number of public advice campaigns, researchers have found that individuals still engage in risky password practices. There is a dearth of research available on individual differences in cyber security behaviors. This study focused on the risky practice of sharing passwords. As predicted, we found that individuals who scored high on a lack of perseverance were more likely to share passwords. Contrary to our hypotheses, we found younger [corrected] people and individuals who score high on self-monitoring were more likely to share passwords. We speculate on the reasons behind these findings, and examine how they might be considered in future cyber security educational campaigns.

Individual Differences in Cyber Security Behaviors: An Examination of Who Is Sharing Passwords

PubMed Central

Doodson, James; Creese, Sadie; Hodges, Duncan

2015-01-01

Abstract In spite of the number of public advice campaigns, researchers have found that individuals still engage in risky password practices. There is a dearth of research available on individual differences in cyber security behaviors. This study focused on the risky practice of sharing passwords. As predicted, we found that individuals who scored high on a lack of perseverance were more likely to share passwords. Contrary to our hypotheses, we found older people and individuals who score high on self-monitoring were more likely to share passwords. We speculate on the reasons behind these findings, and examine how they might be considered in future cyber security educational campaigns. PMID:25517697

Healthcare teams over the Internet: programming a certificate-based approach.

PubMed

Georgiadis, Christos K; Mavridis, Ioannis K; Pangalos, George I

2003-07-01

Healthcare environments are a representative case of collaborative environments since individuals (e.g. doctors) in many cases collaborate in order to provide care to patients in a more proficient way. At the same time modern healthcare institutions are increasingly interested in sharing access of their information resources in the networked environment. Healthcare applications over the Internet offer an attractive communication infrastructure at worldwide level but with a noticeably great factor of risk. Security has, therefore, become a major concern. However, although an adequate level of security can be relied upon digital certificates, if an appropriate security model is used, additional security considerations are needed in order to deal efficiently with the above team-work concerns. The already known Hybrid Access Control (HAC) security model supports and handles efficiently healthcare teams with active security capabilities and is capable to exploit the benefits of certificate technology. In this paper we present the way for encoding the appropriate authoritative information in various types of certificates, as well as the overall operational architecture of the implemented access control system for healthcare collaborative environments over the Internet. A pilot implementation of the proposed methodology in a major Greek hospital has shown the applicability of the proposals and the flexibility of the access control provided.

Healthcare teams over the Internet: towards a certificate-based approach.

PubMed

Georgiadis, Christos K; Mavridis, Ioannis K; Pangalos, George I

2002-01-01

Healthcare environments are a representative case of collaborative environments since individuals (e.g. doctors) in many cases collaborate in order to provide care to patients in a more proficient way. At the same time modem healthcare institutions are increasingly interested in sharing access of their information resources in the networked environment. Healthcare applications over the Internet offer an attractive communication infrastructure at worldwide level but with a noticeably great factor of risk. Security has therefore become a major concern for healthcare applications over the Internet. However, although an adequate level of security can be relied upon digital certificates, if an appropriate security policy is used, additional security considerations are needed in order to deal efficiently with the above team-work concerns. The already known Hybrid Access Control security model supports and handles efficiently healthcare teams with active security capabilities and is capable to exploit the benefits of certificate technology. In this paper we present the way for encoding the appropriate authoritative information in various types of certificates, as well as the overall operational architecture of the implemented access control system for healthcare collaborative environments over the Internet. A pilot implementation of the proposed methodology in a major Greek hospital has shown the applicability of the proposals and the flexibility of the access control provided.

Improving the redistribution of the security lessons in healthcare: An evaluation of the Generic Security Template.

PubMed

He, Ying; Johnson, Chris

2015-11-01

The recurrence of past security breaches in healthcare showed that lessons had not been effectively learned across different healthcare organisations. Recent studies have identified the need to improve learning from incidents and to share security knowledge to prevent future attacks. Generic Security Templates (GSTs) have been proposed to facilitate this knowledge transfer. The objective of this paper is to evaluate whether potential users in healthcare organisations can exploit the GST technique to share lessons learned from security incidents. We conducted a series of case studies to evaluate GSTs. In particular, we used a GST for a security incident in the US Veterans' Affairs Administration to explore whether security lessons could be applied in a very different Chinese healthcare organisation. The results showed that Chinese security professional accepted the use of GSTs and that cyber security lessons could be transferred to a Chinese healthcare organisation using this approach. The users also identified the weaknesses and strengths of GSTs, providing suggestions for future improvements. Generic Security Templates can be used to redistribute lessons learned from security incidents. Sharing cyber security lessons helps organisations consider their own practices and assess whether applicable security standards address concerns raised in previous breaches in other countries. The experience gained from this study provides the basis for future work in conducting similar studies in other healthcare organisations. Copyright © 2015 Elsevier Ireland Ltd. All rights reserved.

The research and implementation of a unified identity authentication in e-government network

NASA Astrophysics Data System (ADS)

Feng, Zhou

Current problem existing in e-government network is that the applications of information system are developed independently by various departments, and each has its own specific set of authentication and access control mechanism. To build a comprehensive information system in favor of sharing and exchanging information, a sound and secure unified e-government authentication system is firstly needed. The paper, combining with practical development of e-government network, carries out a thorough discussion on how to achieve data synchronization between unified authentication system and related application systems.

Partnerships - Working Together to Build The National Map

USGS Publications Warehouse

,

2004-01-01

Through The National Map, the U.S. Geological Survey (USGS) is working with partners to ensure that current, accurate, and complete base geographic information is available for the Nation. Designed as a network of online digital databases, it provides a consistent geographic data framework for the country and serves as a foundation for integrating, sharing, and using data easily and reliably. It provides public access to high quality geospatial data and information from multiple partners to help inform decisionmaking by resource managers and the public, and to support intergovernmental homeland security and emergency management requirements.

A Snapshot of the Electronic Transmission and Processing of Prescriptions project in the Iranian Social Security Organization

PubMed Central

Moghaddam, Ramin; Badredine, Hala

2006-01-01

Iranian Social Security Organization(ISSO) is going to enable the sharing of health related information in a secure environment by means of reliable data in the right time to improve health of insured people throughout the country. There are around 7000 pharmacy throughout the country that ISSO contracted with them in order to deliver seamless services to 30 million insured people. The management of the huge amount of prescriptions based on a scientific basis with considering the financial issues of rising the cost of medicaments certainley needs a sophisticated business process reeingineering using ICT ; the work that is going to be completed in the ISSO in next few months. PMID:17238655

Applying secret sharing for HIS backup exchange.

PubMed

Kuroda, Tomohiro; Kimura, Eizen; Matsumura, Yasushi; Yamashita, Yoshinori; Hiramatsu, Haruhiko; Kume, Naoto; Sato, Atsushi

2013-01-01

To secure business continuity is indispensable for hospitals to fulfill its social responsibility under disasters. Although to back up the data of the hospital information system (HIS) at multiple remote sites is a key strategy of business continuity plan (BCP), the requirements to treat privacy sensitive data jack up the cost for the backup. The secret sharing is a method to split an original secret message up so that each individual piece is meaningless, but putting sufficient number of pieces together to reveal the original message. The secret sharing method eases us to exchange HIS backups between multiple hospitals. This paper evaluated the feasibility of the commercial secret sharing solution for HIS backup through several simulations. The result shows that the commercial solution is feasible to realize reasonable HIS backup exchange platform when template of contract between participating hospitals is ready.

26 CFR 1.1091-1 - Losses from wash sales of stock or securities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... particular shares of stock or securities the loss from the sale or other disposition of which is not...-day period, A purchased 75 shares of substantially identical stock, the loss on the sale of 75 of the... 26 Internal Revenue 11 2010-04-01 2010-04-01 true Losses from wash sales of stock or securities. 1...

An Inquiry into the Relationship between Projected Changes in Earnings per Share and Subsequent Security Performance.

ERIC Educational Resources Information Center

Barbee, William C., Jr.

The purpose of this study was to examine the variable of estimated earnings in order to determine how forecasts might be utilized to develop a securities portfolio strategy. The hypothesis stated that there is an inverse relationship between projected change in earnings per share and security performance. Ninety-one New York Stock Exchange…

Multilayer quantum secret sharing based on GHZ state and generalized Bell basis measurement in multiparty agents

NASA Astrophysics Data System (ADS)

Wang, Xiao-Jun; An, Long-Xi; Yu, Xu-Tao; Zhang, Zai-Chen

2017-10-01

A multilayer quantum secret sharing protocol based on GHZ state is proposed. Alice has the secret carried by quantum state and wants to distribute this secret to multiple agent nodes in the network. In this protocol, the secret is transmitted and shared layer by layer from root Alice to layered agents. The number of agents in each layer is a geometric sequence with a specific common ratio. By sharing GHZ maximally entangled states and making generalized Bell basis measurement, one qubit state can be distributed to multiparty agents and the secret is shared. Only when all agents at the last layer cooperate together, the secret can be recovered. Compared with other protocols based on the entangled state, this protocol adopts layered construction so that secret can be distributed to more agents with fewer particles GHZ state. This quantum secret sharing protocol can be used in wireless network to ensure the security of information delivery.

Nonlinear secret image sharing scheme.

PubMed

Shin, Sang-Ho; Lee, Gil-Je; Yoo, Kee-Young

2014-01-01

Over the past decade, most of secret image sharing schemes have been proposed by using Shamir's technique. It is based on a linear combination polynomial arithmetic. Although Shamir's technique based secret image sharing schemes are efficient and scalable for various environments, there exists a security threat such as Tompa-Woll attack. Renvall and Ding proposed a new secret sharing technique based on nonlinear combination polynomial arithmetic in order to solve this threat. It is hard to apply to the secret image sharing. In this paper, we propose a (t, n)-threshold nonlinear secret image sharing scheme with steganography concept. In order to achieve a suitable and secure secret image sharing scheme, we adapt a modified LSB embedding technique with XOR Boolean algebra operation, define a new variable m, and change a range of prime p in sharing procedure. In order to evaluate efficiency and security of proposed scheme, we use the embedding capacity and PSNR. As a result of it, average value of PSNR and embedding capacity are 44.78 (dB) and 1.74t⌈log2 m⌉ bit-per-pixel (bpp), respectively.

Nonlinear Secret Image Sharing Scheme

PubMed Central

Shin, Sang-Ho; Yoo, Kee-Young

2014-01-01

Over the past decade, most of secret image sharing schemes have been proposed by using Shamir's technique. It is based on a linear combination polynomial arithmetic. Although Shamir's technique based secret image sharing schemes are efficient and scalable for various environments, there exists a security threat such as Tompa-Woll attack. Renvall and Ding proposed a new secret sharing technique based on nonlinear combination polynomial arithmetic in order to solve this threat. It is hard to apply to the secret image sharing. In this paper, we propose a (t, n)-threshold nonlinear secret image sharing scheme with steganography concept. In order to achieve a suitable and secure secret image sharing scheme, we adapt a modified LSB embedding technique with XOR Boolean algebra operation, define a new variable m, and change a range of prime p in sharing procedure. In order to evaluate efficiency and security of proposed scheme, we use the embedding capacity and PSNR. As a result of it, average value of PSNR and embedding capacity are 44.78 (dB) and 1.74t⌈log2⁡m⌉ bit-per-pixel (bpp), respectively. PMID:25140334

Resolving the Problem of Aligning Communities of Interest, Data Format Differences, Orthogonal Sensor Views, Intermittency, and Security - DoD Homeland Security Command and Control Advanced Concept Technology Demonstration

DTIC Science & Technology

2005-06-01

provisioning, maintaining and guaranteeing service levels for the shared services ? Although these shared, distributed services lie well within the... shared services that interact with a common object definition for transporting alerts. The system is built on top of a rapid SOA application

DOE Office of Scientific and Technical Information (OSTI.GOV)

Aldridge, Chris D.

Mobile biometric devices (MBDs) capable of both enrolling individuals in databases and performing identification checks of subjects in the field are seen as an important capability for military, law enforcement, and homeland security operations. The technology is advancing rapidly. The Department of Homeland Security Science and Technology Directorate through an Interagency Agreement with Sandia sponsored a series of pilot projects to obtain information for the first responder law enforcement community on further identification of requirements for mobile biometric device technology. Working with 62 different jurisdictions, including components of the Department of Homeland Security, Sandia delivered a series of reports onmore » user operation of state-of-the-art mobile biometric devices. These reports included feedback information on MBD usage in both operational and exercise scenarios. The findings and conclusions of the project address both the limitations and possibilities of MBD technology to improve operations. Evidence of these possibilities can be found in the adoption of this technology by many agencies today and the cooperation of several law enforcement agencies in both participating in the pilot efforts and sharing of information about their own experiences in efforts undertaken separately.« less

The Promise of Information and Communication Technology in Healthcare: Extracting Value From the Chaos.

PubMed

Mamlin, Burke W; Tierney, William M

2016-01-01

Healthcare is an information business with expanding use of information and communication technologies (ICTs). Current ICT tools are immature, but a brighter future looms. We examine 7 areas of ICT in healthcare: electronic health records (EHRs), health information exchange (HIE), patient portals, telemedicine, social media, mobile devices and wearable sensors and monitors, and privacy and security. In each of these areas, we examine the current status and future promise, highlighting how each might reach its promise. Steps to better EHRs include a universal programming interface, universal patient identifiers, improved documentation and improved data analysis. HIEs require federal subsidies for sustainability and support from EHR vendors, targeting seamless sharing of EHR data. Patient portals must bring patients into the EHR with better design and training, greater provider engagement and leveraging HIEs. Telemedicine needs sustainable payment models, clear rules of engagement, quality measures and monitoring. Social media needs consensus on rules of engagement for providers, better data mining tools and approaches to counter disinformation. Mobile and wearable devices benefit from a universal programming interface, improved infrastructure, more rigorous research and integration with EHRs and HIEs. Laws for privacy and security need updating to match current technologies, and data stewards should share information on breaches and standardize best practices. ICT tools are evolving quickly in healthcare and require a rational and well-funded national agenda for development, use and assessment. Copyright © 2016 Southern Society for Clinical Investigation. Published by Elsevier Inc. All rights reserved.

Access control based on attribute certificates for medical intranet applications.

PubMed

Mavridis, I; Georgiadis, C; Pangalos, G; Khair, M

2001-01-01

Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy.

A Liberation Health Approach to Examining Challenges and Facilitators of Peer-to-Peer Human Milk Sharing.

PubMed

McCloskey, Rebecca J; Karandikar, Sharvari

2018-04-01

Human milk sharing between peers is a common and growing practice. Although human milk has been unequivocally established as the ideal food source for infants, much stigma surrounds the practice of human milk sharing. Furthermore, there is little research examining peer-to-peer human milk sharing. Research Aim: We used the liberation health social work model to examine the experiences of mothers who have received donated human milk from a peer. Research questions were as follows: (a) What challenges do recipient mothers experience in peer-to-peer human milk sharing? (b) What supports do recipient mothers identify in peer-to-peer human milk sharing? Researchers conducted in-depth interviews with mothers ( N = 20) in the United States and Canada who were recipients of peer-to-peer human milk sharing. Researchers independently reviewed transcripts and completed open, axial, and selective coding. The authors discussed conflicts in theme identification until agreement was reached. Challenges to peer-to-peer human milk sharing were (a) substantial effort required to secure human milk; (b) institutional barriers; (c) milk bank specific barriers; and (d) lack of societal awareness and acceptance of human milk sharing. Facilitators included (a) informed decision making and transparency and (b) support from healthcare professionals. Despite risks and barriers, participants continued to pursue peer-to-peer human milk sharing. Informed by a liberation health framework, healthcare professionals-rather than universally discouraging human milk sharing between peers-should facilitate open dialogue with parents about the pros and cons of this practice and about screening recommendations to promote safety and mitigate risk.

Secret sharing based on quantum Fourier transform

NASA Astrophysics Data System (ADS)

Yang, Wei; Huang, Liusheng; Shi, Runhua; He, Libao

2013-07-01

Secret sharing plays a fundamental role in both secure multi-party computation and modern cryptography. We present a new quantum secret sharing scheme based on quantum Fourier transform. This scheme enjoys the property that each share of a secret is disguised with true randomness, rather than classical pseudorandomness. Moreover, under the only assumption that a top priority for all participants (secret sharers and recovers) is to obtain the right result, our scheme is able to achieve provable security against a computationally unbounded attacker.

Exploration of Best-Fit Solution for Harbormaster Security Information Sharing Systems

DTIC Science & Technology

2012-06-01

amongst harbor cargo operators engaged in intermodal shipping. Through interviews conducted of MIST’s federal and local partners, careful examination...harbor cargo operators engaged in intermodal shipping. Through interviews conducted of MIST’s federal and local partners, careful examination of...system amongst harbor operators engaged in intermodal shipping. Through interviews conducted of MIST’s federal and local partners, careful

The Current Status Of The United States Foreign Military Sales (FMS) Program

DTIC Science & Technology

2004-06-01

changing domestic and global security environment. Strengths, Weaknesses, Opportunities and Threats ( SWOT ) analysis was used to analyze: the information...gathered from the literature review; the importance of various players (domestic and international competitors, interests groups , decision makers...Foreign military assistance, Gulf Wars, the September 11 incidents, Market share, Decision Makers, Interest Groups , Major West European suppliers group

Is the stock market efficient?

PubMed

Malkiel, B G

1989-03-10

A stock market is said to be efficient if it accurately reflects all relevant information in determining security prices. Critics have asserted that share prices are far too volatile to be explained by changes in objective economic events-the October 1987 crash being a case in point. Although the evidence is not unambiguous, reports of the death of the efficient market hypothesis appear premature.

Cybersecurity Lanes in the Road for the Department of Homeland Security

DTIC Science & Technology

2016-06-01

20of%20Responsibility%20in%20the%20US%20Government- Joeli%20Field.pdf. 54 Ibid., 120. 55 “Preventing 9/11 in the Cyber World,” Information Management ...their emergency communications capabilities.”113 NCCIC is a “24x7 cyber situational awareness, incident response, and management center.”114 They share... Cyber World.” Information Management 47, no. 3 (May, 2013): 18. http://libproxy.nps.edu/login?url=http://search.proquest.com/docview/ 1430501590

Design of the Hospital Integrated Information Management System Based on Cloud Platform.

PubMed

Aijing, L; Jin, Y

2015-12-01

At present, the outdated information management style cannot meet the needs of hospital management, and has become the bottleneck of hospital's management and development. In order to improve the integrated management of information, hospitals have increased their investment in integrated information management systems. On account of the lack of reasonable and scientific design, some hospital integrated information management systems have common problems, such as unfriendly interface, poor portability and maintainability, low security and efficiency, lack of interactivity and information sharing. To solve the problem, this paper carries out the research and design of a hospital information management system based on cloud platform, which can realize the optimized integration of hospital information resources and save money.

Earnings Sharing in the U.S. Social Security System: A Microsimulation Analysis of Future Female Retirees

ERIC Educational Resources Information Center

Iams, Howard M.; Reznik, Gayle L.; Tamborini, Christopher R.

2010-01-01

Purpose: As part of an ongoing effort to analyze the distributional implications of potential policy reforms to the U.S. Social Security system, we consider the widely discussed reform of earnings sharing. Such an approach has been viewed as a way to "update" Social Security's family benefits based on marital status and as a means to…

Tracing the Potential Flow of Consumer Data: A Network Analysis of Prominent Health and Fitness Apps

PubMed Central

Held, Fabian P; Bero, Lisa A

2017-01-01

Background A great deal of consumer data, collected actively through consumer reporting or passively through sensors, is shared among apps. Developers increasingly allow their programs to communicate with other apps, sensors, and Web-based services, which are promoted as features to potential users. However, health apps also routinely pose risks related to information leaks, information manipulation, and loss of information. There has been less investigation into the kinds of user data that developers are likely to collect, and who might have access to it. Objective We sought to describe how consumer data generated from mobile health apps might be distributed and reused. We also aimed to outline risks to individual privacy and security presented by this potential for aggregating and combining user data across apps. Methods We purposively sampled prominent health and fitness apps available in the United States, Canada, and Australia Google Play and iTunes app stores in November 2015. Two independent coders extracted data from app promotional materials on app and developer characteristics, and the developer-reported collection and sharing of user data. We conducted a descriptive analysis of app, developer, and user data collection characteristics. Using structural equivalence analysis, we conducted a network analysis of sampled apps’ self-reported sharing of user-generated data. Results We included 297 unique apps published by 231 individual developers, which requested 58 different permissions (mean 7.95, SD 6.57). We grouped apps into 222 app families on the basis of shared ownership. Analysis of self-reported data sharing revealed a network of 359 app family nodes, with one connected central component of 210 app families (58.5%). Most (143/222, 64.4%) of the sampled app families did not report sharing any data and were therefore isolated from each other and from the core network. Fifteen app families assumed more central network positions as gatekeepers on the shortest paths that data would have to travel between other app families. Conclusions This cross-sectional analysis highlights the possibilities for user data collection and potential paths that data is able to travel among a sample of prominent health and fitness apps. While individual apps may not collect personally identifiable information, app families and the partners with which they share data may be able to aggregate consumer data, thus achieving a much more comprehensive picture of the individual consumer. The organizations behind the centrally connected app families represent diverse industries, including apparel manufacturers and social media platforms that are not traditionally involved in health or fitness. This analysis highlights the potential for anticipated and voluntary but also possibly unanticipated and involuntary sharing of user data, validating privacy and security concerns in mobile health. PMID:28659254

Bio-mining for biomarkers with a multi-resolution block chain

NASA Astrophysics Data System (ADS)

Jenkins, Jeffrey; Kopf, Jarad; Tran, Binh Q.; Frenchi, Christopher; Szu, Harold

2015-05-01

In this paper, we discuss a framework for bridging the gap between security and medical Large Data Analysis (LDA) with functional- biomarkers. Unsupervised Learning for individual e-IQ & IQ relying on memory eliciting (i.e. scent, grandmother images) and IQ baseline profiles could further enhance the ability to uniquely identify and properly diagnose individuals. Sub-threshold changes in a common/probable biomedical biomarker (disorders) means that an individual remains healthy, while a martingale would require further investigation and more measurements taken to determine credibility. Empirical measurements of human actions can discover anomalies hidden in data, which point to biomarkers revealed through stimulus response. We review the approach for forming a single-user baseline having 1-d devices and a scale-invariant representation for N users each (i) having N*d(i) total devices. Such a fractal representation of human-centric data provides self-similar levels information and relationships which are useful for diagnosis and identification causality anywhere from a mental disorder to a DNA match. Biomarkers from biomedical devices offer a robust way to collect data. Biometrics could be envisioned as enhanced and personalized biomedical devices (e.g. typing fist), but used for security. As long as the devices have a shared context origin, useful information can be found by coupling the sensors. In the case of the electroencephalogram (EEG), known patterns have emerged in low frequency Delta Theta Alpha Beta-Gamma (DTAB-G) waves when an individual views a familiar picture in the visual cortex which is shown on EEGs as a sharp peak. Using brainwaves as a functional biomarker for security can lead the industry to create more secure sessions by allowing not only passwords but also visual stimuli and/or keystrokes coupled with EEG to capture and stay informed about real time user e-IQ/IQ data changes. This holistic Computer Science (CS) Knowledge Discovery in Databases, Data Mining (KDD, DM) approach seeks to merge the fields having a shared data origin - biomarkers revealed through stimulus response.

Online trust, trustworthiness, or assurance?

PubMed

Cheshire, Coye

2011-01-01

Every day, individuals around the world retrieve, share, and exchange information on the Internet. We interact online to share personal information, find answers to questions, make financial transactions, play social games, and maintain professional and personal relationships. Sometimes our online interactions take place between two or more humans. In other cases, we rely on computers to manage information on our behalf. In each scenario, risk and uncertainty are essential for determining possible actions and outcomes. This essay highlights common deficiencies in our understanding of key concepts such as trust, trustworthiness, cooperation, and assurance in online environments. Empirical evidence from experimental work in computer-mediated environments underscores the promises and perils of overreliance on security and assurance structures as replacements for interpersonal trust. These conceptual distinctions are critical because the future shape of the Internet will depend on whether we build assurance structures to limit and control ambiguity or allow trust to emerge in the presence of risk and uncertainty.

Analyzing the requirements for a robust security criteria and management of multi-level security in the clouds

NASA Astrophysics Data System (ADS)

Farroha, Bassam S.; Farroha, Deborah L.

2011-06-01

The new corporate approach to efficient processing and storage is migrating from in-house service-center services to the newly coined approach of Cloud Computing. This approach advocates thin clients and providing services by the service provider over time-shared resources. The concept is not new, however the implementation approach presents a strategic shift in the way organizations provision and manage their IT resources. The requirements on some of the data sets targeted to be run on the cloud vary depending on the data type, originator, user, and confidentiality level. Additionally, the systems that fuse such data would have to deal with the classifying the product and clearing the computing resources prior to allowing new application to be executed. This indicates that we could end up with a multi-level security system that needs to follow specific rules and can send the output to a protected network and systems in order not to have data spill or contaminated resources. The paper discusses these requirements and potential impact on the cloud architecture. Additionally, the paper discusses the unexpected advantages of the cloud framework providing a sophisticated environment for information sharing and data mining.

Comprehensive effective and efficient global public health surveillance

PubMed Central

2010-01-01

At a crossroads, global public health surveillance exists in a fragmented state. Slow to detect, register, confirm, and analyze cases of public health significance, provide feedback, and communicate timely and useful information to stakeholders, global surveillance is neither maximally effective nor optimally efficient. Stakeholders lack a globa surveillance consensus policy and strategy; officials face inadequate training and scarce resources. Three movements now set the stage for transformation of surveillance: 1) adoption by Member States of the World Health Organization (WHO) of the revised International Health Regulations (IHR[2005]); 2) maturation of information sciences and the penetration of information technologies to distal parts of the globe; and 3) consensus that the security and public health communities have overlapping interests and a mutual benefit in supporting public health functions. For these to enhance surveillance competencies, eight prerequisites should be in place: politics, policies, priorities, perspectives, procedures, practices, preparation, and payers. To achieve comprehensive, global surveillance, disparities in technical, logistic, governance, and financial capacities must be addressed. Challenges to closing these gaps include the lack of trust and transparency; perceived benefit at various levels; global governance to address data power and control; and specified financial support from globa partners. We propose an end-state perspective for comprehensive, effective and efficient global, multiple-hazard public health surveillance and describe a way forward to achieve it. This end-state is universal, global access to interoperable public health information when it’s needed, where it’s needed. This vision mitigates the tension between two fundamental human rights: first, the right to privacy, confidentiality, and security of personal health information combined with the right of sovereign, national entities to the ownership and stewardship of public health information; and second, the right of individuals to access real-time public health information that might impact their lives. The vision can be accomplished through an interoperable, global public health grid. Adopting guiding principles, the global community should circumscribe the overlapping interest, shared vision, and mutual benefit between the security and public health communities and define the boundaries. A global forum needs to be established to guide the consensus governance required for public health information sharing in the 21st century. PMID:21143825

Comprehensive effective and efficient global public health surveillance.

PubMed

McNabb, Scott J N

2010-12-03

At a crossroads, global public health surveillance exists in a fragmented state. Slow to detect, register, confirm, and analyze cases of public health significance, provide feedback, and communicate timely and useful information to stakeholders, global surveillance is neither maximally effective nor optimally efficient. Stakeholders lack a globa surveillance consensus policy and strategy; officials face inadequate training and scarce resources.Three movements now set the stage for transformation of surveillance: 1) adoption by Member States of the World Health Organization (WHO) of the revised International Health Regulations (IHR[2005]); 2) maturation of information sciences and the penetration of information technologies to distal parts of the globe; and 3) consensus that the security and public health communities have overlapping interests and a mutual benefit in supporting public health functions. For these to enhance surveillance competencies, eight prerequisites should be in place: politics, policies, priorities, perspectives, procedures, practices, preparation, and payers.To achieve comprehensive, global surveillance, disparities in technical, logistic, governance, and financial capacities must be addressed. Challenges to closing these gaps include the lack of trust and transparency; perceived benefit at various levels; global governance to address data power and control; and specified financial support from globa partners.We propose an end-state perspective for comprehensive, effective and efficient global, multiple-hazard public health surveillance and describe a way forward to achieve it. This end-state is universal, global access to interoperable public health information when it's needed, where it's needed. This vision mitigates the tension between two fundamental human rights: first, the right to privacy, confidentiality, and security of personal health information combined with the right of sovereign, national entities to the ownership and stewardship of public health information; and second, the right of individuals to access real-time public health information that might impact their lives.The vision can be accomplished through an interoperable, global public health grid. Adopting guiding principles, the global community should circumscribe the overlapping interest, shared vision, and mutual benefit between the security and public health communities and define the boundaries. A global forum needs to be established to guide the consensus governance required for public health information sharing in the 21st century.

Comment on ‘Authenticated quantum secret sharing with quantum dialogue based on Bell states’

NASA Astrophysics Data System (ADS)

Gao, Gan; Wang, Yue; Wang, Dong; Ye, Liu

2018-02-01

In the paper (2016 Phys. Scr. 91 085101), Abulkasim et al proposed a authenticated quantum secret sharing scheme. We study the security of the multiparty case in the proposed scheme and find that it is not secure.

A Secure and Efficient Scalable Secret Image Sharing Scheme with Flexible Shadow Sizes.

PubMed

Xie, Dong; Li, Lixiang; Peng, Haipeng; Yang, Yixian

2017-01-01

In a general (k, n) scalable secret image sharing (SSIS) scheme, the secret image is shared by n participants and any k or more than k participants have the ability to reconstruct it. The scalability means that the amount of information in the reconstructed image scales in proportion to the number of the participants. In most existing SSIS schemes, the size of each image shadow is relatively large and the dealer does not has a flexible control strategy to adjust it to meet the demand of differen applications. Besides, almost all existing SSIS schemes are not applicable under noise circumstances. To address these deficiencies, in this paper we present a novel SSIS scheme based on a brand-new technique, called compressed sensing, which has been widely used in many fields such as image processing, wireless communication and medical imaging. Our scheme has the property of flexibility, which means that the dealer can achieve a compromise between the size of each shadow and the quality of the reconstructed image. In addition, our scheme has many other advantages, including smooth scalability, noise-resilient capability, and high security. The experimental results and the comparison with similar works demonstrate the feasibility and superiority of our scheme.

Study on the key technology of optical encryption based on compressive ghost imaging with double random-phase encoding

NASA Astrophysics Data System (ADS)

Zhang, Leihong; Pan, Zilan; Liang, Dong; Ma, Xiuhua; Zhang, Dawei

2015-12-01

An optical encryption method based on compressive ghost imaging (CGI) with double random-phase encoding (DRPE), named DRPE-CGI, is proposed. The information is first encrypted by the sender with DRPE, the DRPE-coded image is encrypted by the system of computational ghost imaging with a secret key. The key of N random-phase vectors is generated by the sender and will be shared with the receiver who is the authorized user. The receiver decrypts the DRPE-coded image with the key, with the aid of CGI and a compressive sensing technique, and then reconstructs the original information by the technique of DRPE-decoding. The experiments suggest that cryptanalysts cannot get any useful information about the original image even if they eavesdrop 60% of the key at a given time, so the security of DRPE-CGI is higher than that of the security of conventional ghost imaging. Furthermore, this method can reduce 40% of the information quantity compared with ghost imaging while the qualities of reconstructing the information are the same. It can also improve the quality of the reconstructed plaintext information compared with DRPE-GI with the same sampling times. This technique can be immediately applied to encryption and data storage with the advantages of high security, fast transmission, and high quality of reconstructed information.

p-BioSPRE—an information and communication technology framework for transnational biomaterial sharing and access

PubMed Central

Weiler, Gabriele; Schröder, Christina; Schera, Fatima; Dobkowicz, Matthias; Kiefer, Stephan; Heidtke, Karsten R; Hänold, Stefanie; Nwankwo, Iheanyi; Forgó, Nikolaus; Stanulla, Martin; Eckert, Cornelia; Graf, Norbert

2014-01-01

Biobanks represent key resources for clinico-genomic research and are needed to pave the way to personalised medicine. To achieve this goal, it is crucial that scientists can securely access and share high-quality biomaterial and related data. Therefore, there is a growing interest in integrating biobanks into larger biomedical information and communication technology (ICT) infrastructures. The European project p-medicine is currently building an innovative ICT infrastructure to meet this need. This platform provides tools and services for conducting research and clinical trials in personalised medicine. In this paper, we describe one of its main components, the biobank access framework p-BioSPRE (p-medicine Biospecimen Search and Project Request Engine). This generic framework enables and simplifies access to existing biobanks, but also to offer own biomaterial collections to research communities, and to manage biobank specimens and related clinical data over the ObTiMA Trial Biomaterial Manager. p-BioSPRE takes into consideration all relevant ethical and legal standards, e.g., safeguarding donors’ personal rights and enabling biobanks to keep control over the donated material and related data. The framework thus enables secure sharing of biomaterial within open and closed research communities, while flexibly integrating related clinical and omics data. Although the development of the framework is mainly driven by user scenarios from the cancer domain, in this case, acute lymphoblastic leukaemia and Wilms tumour, it can be extended to further disease entities. PMID:24567758

Trust Me, I’m a Doctor: Examining Changes in How Privacy Concerns Affect Patient Withholding Behavior

PubMed Central

Johnson, Tyler; Ford, Eric W; Huerta, Timothy R

2017-01-01

Background As electronic health records (EHRs) become ubiquitous in the health care industry, privacy breaches are increasing and being made public. These breaches may make consumers wary of the technology, undermining its potential to improve care coordination and research. Objective Given the developing concerns around privacy of personal health information stored in digital format, it is important for providers to understand how views on privacy and security may be associated with patient disclosure of health information. This study aimed to understand how privacy concerns may be shifting patient behavior. Methods Using a pooled cross-section of data from the 2011 and 2014 cycles of the Health Information and National Trends Survey (HINTS), we tested whether privacy and security concerns, as well as quality perceptions, are associated with the likelihood of withholding personal health information from a provider. A fully interacted multivariate model was used to compare associations between the 2 years, and interaction terms were used to evaluate trends in the factors that are associated with withholding behavior. Results No difference was found regarding the effect of privacy and security concerns on withholding behavior between 2011 and 2014. Similarly, whereas perceived high quality of care was found to reduce the likelihood of withholding information from a provider in both 2011 (odds ratio [OR] 0.73, 95% confidence interval [CI] 0.56-0.94) and 2014 (OR 0.61, 95% CI 0.48-0.76), no difference was observed between years. Conclusions These findings suggest that consumers’ beliefs about EHR privacy and security, the relationship between technology use and quality, and intentions to share information with their health care provider have not changed. These findings are counter to the ongoing discussions about the implications of security failures in other domains. Our results suggest that providers could ameliorate privacy and security by focusing on the care quality benefits EHRs provide. PMID:28052843

Memory attacks on device-independent quantum cryptography.

PubMed

Barrett, Jonathan; Colbeck, Roger; Kent, Adrian

2013-01-04

Device-independent quantum cryptographic schemes aim to guarantee security to users based only on the output statistics of any components used, and without the need to verify their internal functionality. Since this would protect users against untrustworthy or incompetent manufacturers, sabotage, or device degradation, this idea has excited much interest, and many device-independent schemes have been proposed. Here we identify a critical weakness of device-independent protocols that rely on public communication between secure laboratories. Untrusted devices may record their inputs and outputs and reveal information about them via publicly discussed outputs during later runs. Reusing devices thus compromises the security of a protocol and risks leaking secret data. Possible defenses include securely destroying or isolating used devices. However, these are costly and often impractical. We propose other more practical partial defenses as well as a new protocol structure for device-independent quantum key distribution that aims to achieve composable security in the case of two parties using a small number of devices to repeatedly share keys with each other (and no other party).

Secure count query on encrypted genomic data.

PubMed

Hasan, Mohammad Zahidul; Mahdi, Md Safiur Rahman; Sadat, Md Nazmus; Mohammed, Noman

2018-05-01

Human genomic information can yield more effective healthcare by guiding medical decisions. Therefore, genomics research is gaining popularity as it can identify potential correlations between a disease and a certain gene, which improves the safety and efficacy of drug treatment and can also develop more effective prevention strategies [1]. To reduce the sampling error and to increase the statistical accuracy of this type of research projects, data from different sources need to be brought together since a single organization does not necessarily possess required amount of data. In this case, data sharing among multiple organizations must satisfy strict policies (for instance, HIPAA and PIPEDA) that have been enforced to regulate privacy-sensitive data sharing. Storage and computation on the shared data can be outsourced to a third party cloud service provider, equipped with enormous storage and computation resources. However, outsourcing data to a third party is associated with a potential risk of privacy violation of the participants, whose genomic sequence or clinical profile is used in these studies. In this article, we propose a method for secure sharing and computation on genomic data in a semi-honest cloud server. In particular, there are two main contributions. Firstly, the proposed method can handle biomedical data containing both genotype and phenotype. Secondly, our proposed index tree scheme reduces the computational overhead significantly for executing secure count query operation. In our proposed method, the confidentiality of shared data is ensured through encryption, while making the entire computation process efficient and scalable for cutting-edge biomedical applications. We evaluated our proposed method in terms of efficiency on a database of Single-Nucleotide Polymorphism (SNP) sequences, and experimental results demonstrate that the execution time for a query of 50 SNPs in a database of 50,000 records is approximately 5 s, where each record contains 500 SNPs. And, it requires 69.7 s to execute the query on the same database that also includes phenotypes. Copyright © 2018 Elsevier Inc. All rights reserved.

The Department of Veterans Affairs, Department of Defense, and Kaiser Permanente Nationwide Health Information Network Exchange in San Diego: Patient Selection, Consent, and Identity Matching

PubMed Central

Bouhaddou, Omar; Bennett, Jamie; Cromwell, Tim; Nixon, Graham; Teal, Jennifer; Davis, Mike; Smith, Robert; Fischetti, Linda; Parker, David; Gillen, Zachary; Mattison, John

2011-01-01

The Nationwide Health Information Network allow for the secure exchange of Electronic Health Records over the Internet. The Department of Veterans Affairs, Department of Defense, and Kaiser Permanente, participated in an implementation of the NwHIN specifications in San Diego, California. This paper focuses primarily on patient involvement. Specifically, it describes how the shared patients were identified, were invited to participate and to provide consent for disclosing parts of their medical record, and were matched across organizations. A total 1,144 were identified as shared patients. Invitation letters containing consent forms were mailed and resulted in 42% participation. Invalid consent forms were a significant issue (25%). Initially, the identity matching algorithms yielded low success rate (5%). However, elimination of certain traits and abbreviations and probabilistic algorithms have significantly increased matching rate. Access to information from external sources better informs providers, improves decisions and efficiency, and helps meet the meaningful use criteria. PMID:22195064

The Department of Veterans Affairs, Department of Defense, and Kaiser Permanente Nationwide Health Information Network exchange in San Diego: patient selection, consent, and identity matching.

PubMed

Bouhaddou, Omar; Bennett, Jamie; Cromwell, Tim; Nixon, Graham; Teal, Jennifer; Davis, Mike; Smith, Robert; Fischetti, Linda; Parker, David; Gillen, Zachary; Mattison, John

2011-01-01

The Nationwide Health Information Network allow for the secure exchange of Electronic Health Records over the Internet. The Department of Veterans Affairs, Department of Defense, and Kaiser Permanente, participated in an implementation of the NwHIN specifications in San Diego, California. This paper focuses primarily on patient involvement. Specifically, it describes how the shared patients were identified, were invited to participate and to provide consent for disclosing parts of their medical record, and were matched across organizations. A total 1,144 were identified as shared patients. Invitation letters containing consent forms were mailed and resulted in 42% participation. Invalid consent forms were a significant issue (25%). Initially, the identity matching algorithms yielded low success rate (5%). However, elimination of certain traits and abbreviations and probabilistic algorithms have significantly increased matching rate. Access to information from external sources better informs providers, improves decisions and efficiency, and helps meet the meaningful use criteria.

A systematic literature review on security and privacy of electronic health record systems: technical perspectives.

PubMed

Rezaeibagha, Fatemeh; Win, Khin Than; Susilo, Willy

Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.

A Secure Information Framework with APRQ Properties

NASA Astrophysics Data System (ADS)

Rupa, Ch.

2017-08-01

Internet of the things is the most trending topics in the digital world. Security issues are rampant. In the corporate or institutional setting, security risks are apparent from the outset. Market leaders are unable to use the cryptographic techniques due to their complexities. Hence many bits of private information, including ID, are readily available for third parties to see and to utilize. There is a need to decrease the complexity and increase the robustness of the cryptographic approaches. In view of this, a new cryptographic technique as good encryption pact with adjacency, random prime number and quantum code properties has been proposed. Here, encryption can be done by using quantum photons with gray code. This approach uses the concepts of physics and mathematics with no external key exchange to improve the security of the data. It also reduces the key attacks by generation of a key at the party side instead of sharing. This method makes the security more robust than with the existing approach. Important properties of gray code and quantum are adjacency property and different photons to a single bit (0 or 1). These can reduce the avalanche effect. Cryptanalysis of the proposed method shows that it is resistant to various attacks and stronger than the existing approaches.

Quantum teleportation and information splitting via four-qubit cluster state and a Bell state

NASA Astrophysics Data System (ADS)

Ramírez, Marlon David González; Falaye, Babatunde James; Sun, Guo-Hua; Cruz-Irisson, M.; Dong, Shi-Hai

2017-10-01

Quantum teleportation provides a "bodiless" way of transmitting the quantum state from one object to another, at a distant location, using a classical communication channel and a previously shared entangled state. In this paper, we present a tripartite scheme for probabilistic teleportation of an arbitrary single qubit state, without losing the information of the state being teleported, via a fourqubit cluster state of the form | ϕ>1234 = α|0000>+ β|1010>+ γ|0101>- η|1111>, as the quantum channel, where the nonzero real numbers α, β, γ, and η satisfy the relation j αj2 + | β|2 + | γ|2 + | η|2 = 1. With the introduction of an auxiliary qubit with state |0>, using a suitable unitary transformation and a positive-operator valued measure (POVM), the receiver can recreate the state of the original qubit. An important advantage of the teleportation scheme demonstrated here is that, if the teleportation fails, it can be repeated without teleporting copies of the unknown quantum state, if the concerned parties share another pair of entangled qubit. We also present a protocol for quantum information splitting of an arbitrary two-particle system via the aforementioned cluster state and a Bell-state as the quantum channel. Problems related to security attacks were examined for both the cases and it was found that this protocol is secure. This protocol is highly efficient and easy to implement.

Project management; considerations for success.

PubMed

Maas, Jos

2013-01-01

During the past two years the author was a project leader for three Information Communication Technology (ICT) security related systems projects for a newly built healthcare facility. These projects were: a CCTV system, an Access Control system and an Identity & Access Management system. During those two years he gained experiences on how to coop with ICT projects related to security and healthcare as well as some pitfalls to be contended with along the way. With this article, he shares his experiences so that colleagues can benefit from them when they are a project leaders for their health facility and need to better decide how or how not to address their project and project issues.

Cybersecurity Information Sharing Between Public Private Sector Agencies

DTIC Science & Technology

2015-03-01

Recognizing the lack of scholarly literature on PPPs and protecting CI from all hazards , including cyber-related threats, Nathan Busch and Austen...referred to as SLTT), and the owners and operators in charge of critical infrastructure, to manage risks and increase resiliency against all hazards .74 PPD...and hazards to critical infrastructure security and resilience, and called for an updated National Infrastructure Protection Plan (NIPP).76 Despite

The Role of Metaphors in Fostering Macrocognitive Processes in Distributed Teams

DTIC Science & Technology

2012-07-30

temporal dynamics, and storytelling towards the goal of improving team coordination and performance in distributed decision making teams. Specifically...better reflect the context of organizational and military teams and 3) to investigate how storytelling (complex form of metaphor) can be used as a...Information Sharing, Situation Awareness, Storytelling , Metaphors, Reflexivity.Team Simulation, NeoCITIES 16. SECURITY CLASSIFICATION OF: a. REPORT b

Identifying Enemies Among Us: Evolving Terrorist Threats and the Continuing Challenges of Domestic Intelligence Collection and Information Sharing

DTIC Science & Technology

2014-01-01

the Los Angeles Police Department ( LAPD ) and the FBI recently negotiated an agreement increasing...Coordination Group JTTF Joint Terrorism Task Force LAPD Los Angeles Police Department NCTC National Counterterrorism Center NSA National Security Agency WMD...Agency (CIA), the Department of Defense (DoD), state and local law enforcement agencies, first-responder organizations, and state- level

Monitoring Contract Enforcement within Virtual Organizations

NASA Astrophysics Data System (ADS)

Squicciarini, Anna; Paci, Federica

Virtual Organizations (VOs) represent a new collaboration paradigm in which the participating entities pool resources, services, and information to achieve a common goal. VOs are often created on demand and dynamically evolve over time. An organization identifies a business opportunity and creates a VO to meet it. In this paper we develop a system for monitoring the sharing of resources in VO. Sharing rules are defined by a particular, common type of contract in which virtual organization members agree to make available some amount of specified resource over a given time period. The main component of the system is a monitoring tool for policy enforcement, called Security Controller (SC). VO members’ interactions are monitored in a decentralized manner in that each member has one associated SC which intercepts all the exchanged messages. We show that having SCs in VOs prevents from serious security breaches and guarantees VOs correct functioning without degrading the execution time of members’ interactions. We base our discussion on application scenarios and illustrate the SC prototype, along with some performance evaluation.

Developing measurement indices to enhance protection and resilience of critical infrastructure and key resources.

PubMed

Fisher, Ronald E; Norman, Michael

2010-07-01

The US Department of Homeland Security (DHS) is developing indices to better assist in the risk management of critical infrastructures. The first of these indices is the Protective Measures Index - a quantitative index that measures overall protection across component categories: physical security, security management, security force, information sharing, protective measures and dependencies. The Protective Measures Index, which can also be recalculated as the Vulnerability Index, is a way to compare differing protective measures (eg fence versus security training). The second of these indices is the Resilience Index, which assesses a site's resilience and consists of three primary components: robustness, resourcefulness and recovery. The third index is the Criticality Index, which assesses the importance of a facility. The Criticality Index includes economic, human, governance and mass evacuation impacts. The Protective Measures Index, Resilience Index and Criticality Index are being developed as part of the Enhanced Critical Infrastructure Protection initiative that DHS protective security advisers implement across the nation at critical facilities. This paper describes two core themes: determination of the vulnerability, resilience and criticality of a facility and comparison of the indices at different facilities.

For telehealth to succeed, privacy and security risks must be identified and addressed.

PubMed

Hall, Joseph L; McGraw, Deven

2014-02-01

The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

SecureMA: protecting participant privacy in genetic association meta-analysis.

PubMed

Xie, Wei; Kantarcioglu, Murat; Bush, William S; Crawford, Dana; Denny, Joshua C; Heatherly, Raymond; Malin, Bradley A

2014-12-01

Sharing genomic data is crucial to support scientific investigation such as genome-wide association studies. However, recent investigations suggest the privacy of the individual participants in these studies can be compromised, leading to serious concerns and consequences, such as overly restricted access to data. We introduce a novel cryptographic strategy to securely perform meta-analysis for genetic association studies in large consortia. Our methodology is useful for supporting joint studies among disparate data sites, where privacy or confidentiality is of concern. We validate our method using three multisite association studies. Our research shows that genetic associations can be analyzed efficiently and accurately across substudy sites, without leaking information on individual participants and site-level association summaries. Our software for secure meta-analysis of genetic association studies, SecureMA, is publicly available at http://github.com/XieConnect/SecureMA. Our customized secure computation framework is also publicly available at http://github.com/XieConnect/CircuitService. © The Author 2014. Published by Oxford University Press. All rights reserved. For Permissions, please e-mail: journals.permissions@oup.com.

Public attitudes toward health information exchange: perceived benefits and concerns.

PubMed

Dimitropoulos, Linda; Patel, Vaishali; Scheffler, Scott A; Posnack, Steve

2011-12-01

To characterize consumers' attitudes regarding the perceived benefits of electronic health information exchange (HIE), potential HIE privacy and security concerns, and to analyze the intersection of these concerns with perceived benefits. A cross-sectional study. A random-digit-dial telephone survey of English-speaking adults was conducted in 2010. Multivariate logistic regression models examined the association between consumer characteristics and concerns related to the security of electronic health records (EHRs) and HIE. A majority of the 1847 respondents reported they were either "very" or "somewhat" concerned about privacy of HIE (70%), security of HIE (75%), or security of EHRs (82%). Concerns were significantly higher (P <.05) among employed individuals 40 to 64 years old and minorities. Many believed that HIE would confer benefits such as improved coordination of care (89%). Overall, 75% agreed that the benefits of EHRs outweighed risks to privacy and security, and 60% would permit HIE for treatment purposes even if the physician might not be able to protect their privacy all of the time. Over half (52%) wanted to choose which providers access and share their data. Greater participation by consumers in determining how HIE takes place could engender a higher degree of trust among all demographic groups, regardless of their varying levels of privacy and security concerns. Addressing the specific privacy and security concerns of minorities, individuals 40 to 64 years old, and employed individuals will be critical to ensuring widespread consumer participation in HIE.

Three-step semiquantum secure direct communication protocol

NASA Astrophysics Data System (ADS)

Zou, XiangFu; Qiu, DaoWen

2014-09-01

Quantum secure direct communication is the direct communication of secret messages without need for establishing a shared secret key first. In the existing schemes, quantum secure direct communication is possible only when both parties are quantum. In this paper, we construct a three-step semiquantum secure direct communication (SQSDC) protocol based on single photon sources in which the sender Alice is classical. In a semiquantum protocol, a person is termed classical if he (she) can measure, prepare and send quantum states only with the fixed orthogonal quantum basis {|0>, |1>}. The security of the proposed SQSDC protocol is guaranteed by the complete robustness of semiquantum key distribution protocols and the unconditional security of classical one-time pad encryption. Therefore, the proposed SQSDC protocol is also completely robust. Complete robustness indicates that nonzero information acquired by an eavesdropper Eve on the secret message implies the nonzero probability that the legitimate participants can find errors on the bits tested by this protocol. In the proposed protocol, we suggest a method to check Eves disturbing in the doves returning phase such that Alice does not need to announce publicly any position or their coded bits value after the photons transmission is completed. Moreover, the proposed SQSDC protocol can be implemented with the existing techniques. Compared with many quantum secure direct communication protocols, the proposed SQSDC protocol has two merits: firstly the sender only needs classical capabilities; secondly to check Eves disturbing after the transmission of quantum states, no additional classical information is needed.

Access Control based on Attribute Certificates for Medical Intranet Applications

PubMed Central

Georgiadis, Christos; Pangalos, George; Khair, Marie

2001-01-01

Background Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. Objectives To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. Methods We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Results Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Conclusions Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy. PMID:11720951

New Results on Unconditionally Secure Multi-receiver Manual Authentication

NASA Astrophysics Data System (ADS)

Wang, Shuhong; Safavi-Naini, Reihaneh

Manual authentication is a recently proposed model of communication motivated by the settings where the only trusted infrastructure is a low bandwidth authenticated channel, possibly realized by the aid of a human, that connects the sender and the receiver who are otherwise connected through an insecure channel and do not have any shared key or public key infrastructure. A good example of such scenarios is pairing of devices in Bluetooth. Manual authentication systems are studied in computational and information theoretic security model and protocols with provable security have been proposed. In this paper we extend the results in information theoretic model in two directions. Firstly, we extend a single receiver scenario to multireceiver case where the sender wants to authenticate the same message to a group of receivers. We show new attacks (compared to single receiver case) that can launched in this model and demonstrate that the single receiver lower bound 2log(1/ɛ) + O(1) on the bandwidth of manual channel stays valid in the multireceiver scenario. We further propose a protocol that achieves this bound and provides security, in the sense that we define, if up to c receivers are corrupted. The second direction is the study of non-interactive protocols in unconditionally secure model. We prove that unlike computational security framework, without interaction a secure authentication protocol requires the bandwidth of the manual channel to be at least the same as the message size, hence non-trivial protocols do not exist.

Grid Enabled Geospatial Catalogue Web Service

NASA Technical Reports Server (NTRS)

Chen, Ai-Jun; Di, Li-Ping; Wei, Ya-Xing; Liu, Yang; Bui, Yu-Qi; Hu, Chau-Min; Mehrotra, Piyush

2004-01-01

Geospatial Catalogue Web Service is a vital service for sharing and interoperating volumes of distributed heterogeneous geospatial resources, such as data, services, applications, and their replicas over the web. Based on the Grid technology and the Open Geospatial Consortium (0GC) s Catalogue Service - Web Information Model, this paper proposes a new information model for Geospatial Catalogue Web Service, named as GCWS which can securely provides Grid-based publishing, managing and querying geospatial data and services, and the transparent access to the replica data and related services under the Grid environment. This information model integrates the information model of the Grid Replica Location Service (RLS)/Monitoring & Discovery Service (MDS) with the information model of OGC Catalogue Service (CSW), and refers to the geospatial data metadata standards from IS0 19115, FGDC and NASA EOS Core System and service metadata standards from IS0 191 19 to extend itself for expressing geospatial resources. Using GCWS, any valid geospatial user, who belongs to an authorized Virtual Organization (VO), can securely publish and manage geospatial resources, especially query on-demand data in the virtual community and get back it through the data-related services which provide functions such as subsetting, reformatting, reprojection etc. This work facilitates the geospatial resources sharing and interoperating under the Grid environment, and implements geospatial resources Grid enabled and Grid technologies geospatial enabled. It 2!so makes researcher to focus on science, 2nd not cn issues with computing ability, data locztic, processir,g and management. GCWS also is a key component for workflow-based virtual geospatial data producing.

Secure NFV Orchestration Over an SDN-Controlled Optical Network With Time-Shared Quantum Key Distribution Resources

NASA Astrophysics Data System (ADS)

Aguado, Alejandro; Hugues-Salas, Emilio; Haigh, Paul Anthony; Marhuenda, Jaume; Price, Alasdair B.; Sibson, Philip; Kennard, Jake E.; Erven, Chris; Rarity, John G.; Thompson, Mark Gerard; Lord, Andrew; Nejabati, Reza; Simeonidou, Dimitra

2017-04-01

We demonstrate, for the first time, a secure optical network architecture that combines NFV orchestration and SDN control with quantum key distribution (QKD) technology. A novel time-shared QKD network design is presented as a cost-effective solution for practical networks.

Programming secure mobile agents in healthcare environments using role-based permissions.

PubMed

Georgiadis, C K; Baltatzis, J; Pangalos, G I

2003-01-01

The healthcare environment consists of vast amounts of dynamic and unstructured information, distributed over a large number of information systems. Mobile agent technology is having an ever-growing impact on the delivery of medical information. It supports acquiring and manipulating information distributed in a large number of information systems. Moreover is suitable for the computer untrained medical stuff. But the introduction of mobile agents generates advanced threads to the sensitive healthcare information, unless the proper countermeasures are taken. By applying the role-based approach to the authorization problem, we ease the sharing of information between hospital information systems and we reduce the administering part. The different initiative of the agent's migration method, results in different methods of assigning roles to the agent.

Design of the Hospital Integrated Information Management System Based on Cloud Platform

PubMed Central

Aijing, L; Jin, Y

2015-01-01

ABSTRACT At present, the outdated information management style cannot meet the needs of hospital management, and has become the bottleneck of hospital's management and development. In order to improve the integrated management of information, hospitals have increased their investment in integrated information management systems. On account of the lack of reasonable and scientific design, some hospital integrated information management systems have common problems, such as unfriendly interface, poor portability and maintainability, low security and efficiency, lack of interactivity and information sharing. To solve the problem, this paper carries out the research and design of a hospital information management system based on cloud platform, which can realize the optimized integration of hospital information resources and save money. PMID:27399033

South Asia transboundary water quality monitoring workshop summary report.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Betsill, Jeffrey David; Littlefield, Adriane C.; Luetters, Frederick O.

2003-04-01

The Cooperative Monitoring Center (CMC) promotes collaborations among scientists and researchers in several regions as a means of achieving common regional security objectives. To promote cooperation in South Asia on environmental research, an international working group made up of participants from Bangladesh, India, Nepal, Pakistan, and the United States convened in Kathmandu, Nepal, from February 17-23,2002. The workshop was held to further develop the South Asia Transboundary Water Quality Monitoring (SATWQM) project. The project is sponsored in part by the CMC located at Sandia National Laboratories in Albuquerque, New Mexico through funding provided by the US. Department of State, Regionalmore » Environmental Affairs Office, American Embassy, Kathmandu, Nepal, and the National Nuclear Security Administration's (NNSA) Office of Nonproliferation and National Security. This report summarizes the SATWQM project, the workshop objectives, process and results. The long-term interests of the participants are to develop systems for sharing regional environmental information as a means of building confidence and improving relations among South Asian countries. The more immediate interests of the group are focused on activities that foster regional sharing of water quality data in the Ganges and Indus River basins. Issues of concern to the SATWQM network participants include studying the impacts from untreated sewage and industrial effluents, agricultural run-off, salinity increases in fresh waters, the siltation and shifting of river channels, and the environmental degradation of critical habitats such as wetlands, protected forests, and endangered aquatic species conservation areas. The workshop focused on five objectives: (1) a deepened understanding of the partner organizations involved; (2) garnering the support of additional regional and national government and non-government organizations in South Asia involved in river water quality monitoring; (3) identification of sites within the region at which water quality data are to be collected; (4) instituting a data and information collection and sharing process; and, (5) training of partners in the use of water quality monitoring equipment.« less

Quantum Dialogue with Authentication Based on Bell States

NASA Astrophysics Data System (ADS)

Shen, Dongsu; Ma, Wenping; Yin, Xunru; Li, Xiaoping

2013-06-01

We propose an authenticated quantum dialogue protocol, which is based on a shared private quantum entangled channel. In this protocol, the EPR pairs are randomly prepared in one of the four Bell states for communication. By performing four Pauli operations on the shared EPR pairs to encode their shared authentication key and secret message, two legitimate users can implement mutual identity authentication and quantum dialogue without the help from the third party authenticator. Furthermore, due to the EPR pairs which are used for secure communication are utilized to implement authentication and the whole authentication process is included in the direct secure communication process, it does not require additional particles to realize authentication in this protocol. The updated authentication key provides the counterparts with a new authentication key for the next authentication and direct communication. Compared with other secure communication with authentication protocols, this one is more secure and efficient owing to the combination of authentication and direct communication. Security analysis shows that it is secure against the eavesdropping attack, the impersonation attack and the man-in-the-middle (MITM) attack.

Entanglement-secured single-qubit quantum secret sharing

DOE Office of Scientific and Technical Information (OSTI.GOV)

Scherpelz, P.; Resch, R.; Berryrieser, D.

In single-qubit quantum secret sharing, a secret is shared between N parties via manipulation and measurement of one qubit at a time. Each qubit is sent to all N parties in sequence; the secret is encoded in the first participant's preparation of the qubit state and the subsequent participants' choices of state rotation or measurement basis. We present a protocol for single-qubit quantum secret sharing using polarization entanglement of photon pairs produced in type-I spontaneous parametric downconversion. We investigate the protocol's security against eavesdropping attack under common experimental conditions: a lossy channel for photon transmission, and imperfect preparation of themore » initial qubit state. A protocol which exploits entanglement between photons, rather than simply polarization correlation, is more robustly secure. We implement the entanglement-based secret-sharing protocol with 87% secret-sharing fidelity, limited by the purity of the entangled state produced by our present apparatus. We demonstrate a photon-number splitting eavesdropping attack, which achieves no success against the entanglement-based protocol while showing the predicted rate of success against a correlation-based protocol.« less

Access Control Model for Sharing Composite Electronic Health Records

NASA Astrophysics Data System (ADS)

Jin, Jing; Ahn, Gail-Joon; Covington, Michael J.; Zhang, Xinwen

The adoption of electronically formatted medical records, so called Electronic Health Records (EHRs), has become extremely important in healthcare systems to enable the exchange of medical information among stakeholders. An EHR generally consists of data with different types and sensitivity degrees which must be selectively shared based on the need-to-know principle. Security mechanisms are required to guarantee that only authorized users have access to specific portions of such critical record for legitimate purposes. In this paper, we propose a novel approach for modelling access control scheme for composite EHRs. Our model formulates the semantics and structural composition of an EHR document, from which we introduce a notion of authorized zones of the composite EHR at different granularity levels, taking into consideration of several important criteria such as data types, intended purposes and information sensitivities.

Creating a data resource: what will it take to build a medical information commons?

PubMed

Deverka, Patricia A; Majumder, Mary A; Villanueva, Angela G; Anderson, Margaret; Bakker, Annette C; Bardill, Jessica; Boerwinkle, Eric; Bubela, Tania; Evans, Barbara J; Garrison, Nanibaa' A; Gibbs, Richard A; Gentleman, Robert; Glazer, David; Goldstein, Melissa M; Greely, Hank; Harris, Crane; Knoppers, Bartha M; Koenig, Barbara A; Kohane, Isaac S; La Rosa, Salvatore; Mattison, John; O'Donnell, Christopher J; Rai, Arti K; Rehm, Heidi L; Rodriguez, Laura L; Shelton, Robert; Simoncelli, Tania; Terry, Sharon F; Watson, Michael S; Wilbanks, John; Cook-Deegan, Robert; McGuire, Amy L

2017-09-22

National and international public-private partnerships, consortia, and government initiatives are underway to collect and share genomic, personal, and healthcare data on a massive scale. Ideally, these efforts will contribute to the creation of a medical information commons (MIC), a comprehensive data resource that is widely available for both research and clinical uses. Stakeholder participation is essential in clarifying goals, deepening understanding of areas of complexity, and addressing long-standing policy concerns such as privacy and security and data ownership. This article describes eight core principles proposed by a diverse group of expert stakeholders to guide the formation of a successful, sustainable MIC. These principles promote formation of an ethically sound, inclusive, participant-centric MIC and provide a framework for advancing the policy response to data-sharing opportunities and challenges.

Hierarchical data security in a Query-By-Example interface for a shared database.

PubMed

Taylor, Merwyn

2002-06-01

Whenever a shared database resource, containing critical patient data, is created, protecting the contents of the database is a high priority goal. This goal can be achieved by developing a Query-By-Example (QBE) interface, designed to access a shared database, and embedding within the QBE a hierarchical security module that limits access to the data. The security module ensures that researchers working in one clinic do not get access to data from another clinic. The security can be based on a flexible taxonomy structure that allows ordinary users to access data from individual clinics and super users to access data from all clinics. All researchers submit queries through the same interface and the security module processes the taxonomy and user identifiers to limit access. Using this system, two different users with different access rights can submit the same query and get different results thus reducing the need to create different interfaces for different clinics and access rights.

Confidentiality Protection of Digital Health Records in Cloud Computing.

PubMed

Chen, Shyh-Wei; Chiang, Dai Lun; Liu, Chia-Hui; Chen, Tzer-Shyong; Lai, Feipei; Wang, Huihui; Wei, Wei

2016-05-01

Electronic medical records containing confidential information were uploaded to the cloud. The cloud allows medical crews to access and manage the data and integration of medical records easily. This data system provides relevant information to medical personnel and facilitates and improve electronic medical record management and data transmission. A structure of cloud-based and patient-centered personal health record (PHR) is proposed in this study. This technique helps patients to manage their health information, such as appointment date with doctor, health reports, and a completed understanding of their own health conditions. It will create patients a positive attitudes to maintain the health. The patients make decision on their own for those whom has access to their records over a specific span of time specified by the patients. Storing data in the cloud environment can reduce costs and enhance the share of information, but the potential threat of information security should be taken into consideration. This study is proposing the cloud-based secure transmission mechanism is suitable for multiple users (like nurse aides, patients, and family members).

Sharing Data and Analytical Resources Securely in a Biomedical Research Grid Environment

PubMed Central

Langella, Stephen; Hastings, Shannon; Oster, Scott; Pan, Tony; Sharma, Ashish; Permar, Justin; Ervin, David; Cambazoglu, B. Barla; Kurc, Tahsin; Saltz, Joel

2008-01-01

Objectives To develop a security infrastructure to support controlled and secure access to data and analytical resources in a biomedical research Grid environment, while facilitating resource sharing among collaborators. Design A Grid security infrastructure, called Grid Authentication and Authorization with Reliably Distributed Services (GAARDS), is developed as a key architecture component of the NCI-funded cancer Biomedical Informatics Grid (caBIG™). The GAARDS is designed to support in a distributed environment 1) efficient provisioning and federation of user identities and credentials; 2) group-based access control support with which resource providers can enforce policies based on community accepted groups and local groups; and 3) management of a trust fabric so that policies can be enforced based on required levels of assurance. Measurements GAARDS is implemented as a suite of Grid services and administrative tools. It provides three core services: Dorian for management and federation of user identities, Grid Trust Service for maintaining and provisioning a federated trust fabric within the Grid environment, and Grid Grouper for enforcing authorization policies based on both local and Grid-level groups. Results The GAARDS infrastructure is available as a stand-alone system and as a component of the caGrid infrastructure. More information about GAARDS can be accessed at http://www.cagrid.org. Conclusions GAARDS provides a comprehensive system to address the security challenges associated with environments in which resources may be located at different sites, requests to access the resources may cross institutional boundaries, and user credentials are created, managed, revoked dynamically in a de-centralized manner. PMID:18308979

Protecting patient privacy when sharing patient-level data from clinical trials.

PubMed

Tucker, Katherine; Branson, Janice; Dilleen, Maria; Hollis, Sally; Loughlin, Paul; Nixon, Mark J; Williams, Zoë

2016-07-08

Greater transparency and, in particular, sharing of patient-level data for further scientific research is an increasingly important topic for the pharmaceutical industry and other organisations who sponsor and conduct clinical trials as well as generally in the interests of patients participating in studies. A concern remains, however, over how to appropriately prepare and share clinical trial data with third party researchers, whilst maintaining patient confidentiality. Clinical trial datasets contain very detailed information on each participant. Risk to patient privacy can be mitigated by data reduction techniques. However, retention of data utility is important in order to allow meaningful scientific research. In addition, for clinical trial data, an excessive application of such techniques may pose a public health risk if misleading results are produced. After considering existing guidance, this article makes recommendations with the aim of promoting an approach that balances data utility and privacy risk and is applicable across clinical trial data holders. Our key recommendations are as follows: 1. Data anonymisation/de-identification: Data holders are responsible for generating de-identified datasets which are intended to offer increased protection for patient privacy through masking or generalisation of direct and some indirect identifiers. 2. Controlled access to data, including use of a data sharing agreement: A legally binding data sharing agreement should be in place, including agreements not to download or further share data and not to attempt to seek to identify patients. Appropriate levels of security should be used for transferring data or providing access; one solution is use of a secure 'locked box' system which provides additional safeguards. This article provides recommendations on best practices to de-identify/anonymise clinical trial data for sharing with third-party researchers, as well as controlled access to data and data sharing agreements. The recommendations are applicable to all clinical trial data holders. Further work will be needed to identify and evaluate competing possibilities as regulations, attitudes to risk and technologies evolve.

Pathway to Support the Sustainable National Health Information System

NASA Astrophysics Data System (ADS)

Sahavechaphan, Naiyana; Phengsuwan, Jedsada; U-Ruekolan, Suriya; Aroonrua, Kamron; Ponhan, Jukrapong; Harnsamut, Nattapon; Vannarat, Sornthep

Heath information across geographically distributed healthcare centers has been recognized as an essential resource that drives an efficient national health-care plan. There is thus a need for the National Health Information System (NHIS) that provides the transparent and secure access to health information from different healthcare centers both on demand and in a time efficient manner. As healthiness is the ultimate goal of people and nation, we believe that the NHIS should be sustainable by taking the healthcare center and information consumer perspectives into account. Several issues in particular must be resolved altogether: (i) the diversity of health information structures among healthcare centers; (ii) the availability of health information sharing from healthcare centers; (iii) the efficient information access to various healthcare centers; and (iv) the privacy and privilege of heath information. To achieve the sustainable NHIS, this paper details our work which is divided into 3 main phases. Essentially, the first phase focuses on the application of metadata standard to enable the interoperability and usability of health information across healthcare centers. The second phase moves forward to make information sharing possible and to provide an efficient information access to a large number of healthcare centers. Finally, in the third phase, the privacy and privilege of health information is promoted with respect to access rights of information consumers.

77 FR 21120 - Self-Regulatory Organizations; NYSE Arca, Inc.; Notice of Filing of Proposed Rule Change to List...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-09

... Contracts Overlying 10 Shares of a Security (``Mini-Options Contracts'') and Implementing Rule Text... contracts'') and implement rule text necessary to distinguish mini-options contracts from option contracts overlying 100 shares of a security (``standard contracts''). The text of the proposed rule change is...

77 FR 34117 - Self-Regulatory Organizations; NYSE Arca, Inc.; Notice of Filing and Immediate Effectiveness of...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-08

... other high credit quality, short-term fixed-income or similar securities (including shares of money market funds, bank deposits, bank money market accounts, certain variable rate-demand notes, and...- income or similar securities (including shares of money market funds, bank deposits, bank money market...

75 FR 31820 - Notice of Applications for Deregistration Under Section 8(f) of the Investment Company Act of 1940

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-04

.... Each applicant also distributed preferred shares of Dutch Auction Rate Transferable Securities (``DARTS'') of the acquiring fund to holders of applicants' Auction Rate Preferred Shares, DARTS, or Auction... distributed Dutch Auction Rate Transferable Securities (``DARTS'') of the acquiring fund to the holders of...

26 CFR 1.731-2 - Partnership distributions of marketable securities.

Code of Federal Regulations, 2011 CFR

2011-04-01

... allocated to Security X under section 732(a) plus $25 gain recognized under section 737). (k) Effective date... the excess, if any, of— (i) The distributee partner's distributive share of the net gain, if any...; over (ii) The distributee partner's distributive share of the net gain, if any, which is attributable...

26 CFR 1.731-2 - Partnership distributions of marketable securities.

Code of Federal Regulations, 2012 CFR

2012-04-01

... allocated to Security X under section 732(a) plus $25 gain recognized under section 737). (k) Effective date... the excess, if any, of— (i) The distributee partner's distributive share of the net gain, if any...; over (ii) The distributee partner's distributive share of the net gain, if any, which is attributable...

26 CFR 1.731-2 - Partnership distributions of marketable securities.

Code of Federal Regulations, 2013 CFR

2013-04-01

... allocated to Security X under section 732(a) plus $25 gain recognized under section 737). (k) Effective date... the excess, if any, of— (i) The distributee partner's distributive share of the net gain, if any...; over (ii) The distributee partner's distributive share of the net gain, if any, which is attributable...

26 CFR 1.731-2 - Partnership distributions of marketable securities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... allocated to Security X under section 732(a) plus $25 gain recognized under section 737). (k) Effective date... the excess, if any, of— (i) The distributee partner's distributive share of the net gain, if any...; over (ii) The distributee partner's distributive share of the net gain, if any, which is attributable...

26 CFR 1.731-2 - Partnership distributions of marketable securities.

Code of Federal Regulations, 2014 CFR

2014-04-01

... allocated to Security X under section 732(a) plus $25 gain recognized under section 737). (k) Effective date... the excess, if any, of— (i) The distributee partner's distributive share of the net gain, if any...; over (ii) The distributee partner's distributive share of the net gain, if any, which is attributable...

A national-scale authentication infrastructure.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Butler, R.; Engert, D.; Foster, I.

2000-12-01

Today, individuals and institutions in science and industry are increasingly forming virtual organizations to pool resources and tackle a common goal. Participants in virtual organizations commonly need to share resources such as data archives, computer cycles, and networks - resources usually available only with restrictions based on the requested resource's nature and the user's identity. Thus, any sharing mechanism must have the ability to authenticate the user's identity and determine if the user is authorized to request the resource. Virtual organizations tend to be fluid, however, so authentication mechanisms must be flexible and lightweight, allowing administrators to quickly establish andmore » change resource-sharing arrangements. However, because virtual organizations complement rather than replace existing institutions, sharing mechanisms cannot change local policies and must allow individual institutions to maintain control over their own resources. Our group has created and deployed an authentication and authorization infrastructure that meets these requirements: the Grid Security Infrastructure. GSI offers secure single sign-ons and preserves site control over access policies and local security. It provides its own versions of common applications, such as FTP and remote login, and a programming interface for creating secure applications.« less

Data governance and data sharing agreements for community-wide health information exchange: lessons from the beacon communities.

PubMed

Allen, Claudia; Des Jardins, Terrisca R; Heider, Arvela; Lyman, Kristin A; McWilliams, Lee; Rein, Alison L; Schachter, Abigail A; Singh, Ranjit; Sorondo, Barbara; Topper, Joan; Turske, Scott A

2014-01-01

Unprecedented efforts are underway across the United States to electronically capture and exchange health information to improve health care and population health, and reduce costs. This increased collection and sharing of electronic patient data raises several governance issues, including privacy, security, liability, and market competition. Those engaged in such efforts have had to develop data sharing agreements (DSAs) among entities involved in information exchange, many of whom are "nontraditional" health care entities and/or new partners. This paper shares lessons learned based on the experiences of six federally funded communities participating in the Beacon Community Cooperative Agreement Program, and offers guidance for navigating data governance issues and developing DSAs to facilitate community-wide health information exchange. While all entities involved in electronic data sharing must address governance issues and create DSAs accordingly, until recently little formal guidance existed for doing so - particularly for community-based initiatives. Despite this lack of guidance, together the Beacon Communities' experiences highlight promising strategies for navigating complex governance issues, which may be useful to other entities or communities initiating information exchange efforts to support delivery system transformation. For the past three years, AcademyHealth has provided technical assistance to most of the 17 Beacon Communities, 6 of whom contributed to this collaborative writing effort. Though these communities varied widely in terms of their demographics, resources, and Beacon-driven priorities, common themes emerged as they described their approaches to data governance and DSA development. The 6 Beacon Communities confirmed that DSAs are necessary to satisfy legal and market-based concerns, and they identified several specific issues, many of which have been noted by others involved in network data sharing initiatives. More importantly, these communities identified several promising approaches to timely and effective DSA development, including: stakeholder engagement; identification and effective communication of value; adoption of a parsimonious approach; attention to market-based concerns; flexibility in adapting and expanding existing agreements and partnerships; and anticipation of required time and investment.

Multinational Experiment 7. Outcome 3 - Cyber Domain Objective 3.4: Cyber Situational Awareness Standard Operating Procedure

DTIC Science & Technology

2012-12-01

and activity coordination (for example, SOC management ). 10. In Reference D the information sharing framework represents a hub & node model in... management , vulnerabilities, critical assets, threats, impacts on operations etc. UNCLASSIFIED UNCLASSIFIED 6 PART 3 - CYBER SITUATIONAL AWARENESS...limit the effect of cyber incidents. 23. Tasks of the SOC include: • System maintenance and management including applying the directed security

Cyberspace: Devolution and Recovery

DTIC Science & Technology

2011-03-23

time of the source of the burst and we do not know if it was accidental, an act of God , or a malicious attack. 28 The remainder of a speech like...Security 15 Mailing List, Federal Vulnerability Knowledgebase (VKB), US-CERT Portal, US-CERT Einstein Program, Internet Health and Status Service...The US-CERT portal is a website dedicated to sharing relevant information with participants. The Einstein Program is a program that allows for the

Determinants of Achieving Effective Shared Situational Awareness within the Context of Global Maritime Partnerships

DTIC Science & Technology

2013-06-01

and security, vessel traffic management, accident and disaster response, search and rescue as well as law enforcement are collecting information...piracy threat. Individually Nigeria , Ghana, Benin, Togo, Cameroon and Senegal have taken practical steps to police their waters but they lack...use their vast natural resources for socio-economic development of their countries. Lloyd’s, the leading maritime insurer, has listed Nigeria , Benin

Secure Multiparty Computation for Cooperative Cyber Risk Assessment

DTIC Science & Technology

2016-11-01

the scope of data available; the more attacks that are represented in the dataset the easier it will be to determine which vulnerabilities are most...assessments by pooling their data, as a dataset that covers the infrastructure of multiple institutions would allow each of them to account for...attacks that others had experienced [4]. Sharing information to produce a broad dataset would greatly improve the ability of each organization involved to

A Primer on E-Government: Sectors, Stages, Opportunities, and Challenges of Online Governance

DTIC Science & Technology

2003-01-28

government. Some observers define e-government in terms of specific actions such as using a kiosk to receive job information, or applying for Social ...participation, and governance by transforming internal and external relationships through technology, the Internet, and new media .” E-government...applying for Social Security benefits through a web site, or creating shared databases for multiple agencies, as examples. Other observers define e

Secure Information Sharing and Processing (SISAP) Technology

DTIC Science & Technology

2015-08-03

Cryptography   SISAP   relies   heavily   on   commutative   or   cascadeable   cryptography .   This   is  when...commutative   cryptography   can   be   applied.   In   SISAP,   the   content   key  will   be  wrapped  with   the...Commutative   Cryptography ,  and   Private  Disjointness  Testing.  Thesis.  Massachusetts  Institute  of

Tracing the Potential Flow of Consumer Data: A Network Analysis of Prominent Health and Fitness Apps.

PubMed

Grundy, Quinn; Held, Fabian P; Bero, Lisa A

2017-06-28

A great deal of consumer data, collected actively through consumer reporting or passively through sensors, is shared among apps. Developers increasingly allow their programs to communicate with other apps, sensors, and Web-based services, which are promoted as features to potential users. However, health apps also routinely pose risks related to information leaks, information manipulation, and loss of information. There has been less investigation into the kinds of user data that developers are likely to collect, and who might have access to it. We sought to describe how consumer data generated from mobile health apps might be distributed and reused. We also aimed to outline risks to individual privacy and security presented by this potential for aggregating and combining user data across apps. We purposively sampled prominent health and fitness apps available in the United States, Canada, and Australia Google Play and iTunes app stores in November 2015. Two independent coders extracted data from app promotional materials on app and developer characteristics, and the developer-reported collection and sharing of user data. We conducted a descriptive analysis of app, developer, and user data collection characteristics. Using structural equivalence analysis, we conducted a network analysis of sampled apps' self-reported sharing of user-generated data. We included 297 unique apps published by 231 individual developers, which requested 58 different permissions (mean 7.95, SD 6.57). We grouped apps into 222 app families on the basis of shared ownership. Analysis of self-reported data sharing revealed a network of 359 app family nodes, with one connected central component of 210 app families (58.5%). Most (143/222, 64.4%) of the sampled app families did not report sharing any data and were therefore isolated from each other and from the core network. Fifteen app families assumed more central network positions as gatekeepers on the shortest paths that data would have to travel between other app families. This cross-sectional analysis highlights the possibilities for user data collection and potential paths that data is able to travel among a sample of prominent health and fitness apps. While individual apps may not collect personally identifiable information, app families and the partners with which they share data may be able to aggregate consumer data, thus achieving a much more comprehensive picture of the individual consumer. The organizations behind the centrally connected app families represent diverse industries, including apparel manufacturers and social media platforms that are not traditionally involved in health or fitness. This analysis highlights the potential for anticipated and voluntary but also possibly unanticipated and involuntary sharing of user data, validating privacy and security concerns in mobile health. ©Quinn Grundy, Fabian P Held, Lisa A Bero. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 28.06.2017.

Biometrics for electronic health records.

PubMed

Flores Zuniga, Alejandro Enrique; Win, Khin Than; Susilo, Willy

2010-10-01

Securing electronic health records, in scenarios in which the provision of care services is share among multiple actors, could become a complex and costly activity. Correct identification of patients and physician, protection of privacy and confidentiality, assignment of access permissions for healthcare providers and resolutions of conflicts rise as main points of concern in the development of interconnected health information networks. Biometric technologies have been proposed as a possible technological solution for these issues due to its ability to provide a mechanism for unique verification of an individual identity. This paper presents an analysis of the benefit as well as disadvantages offered by biometric technology. A comparison between this technology and more traditional identification methods is used to determine the key benefits and flaws of the use biometric in health information systems. The comparison as been made considering the viability of the technologies for medical environments, global security needs, the contemplation of a share care environment and the costs involved in the implementation and maintenance of such technologies. This paper also discusses alternative uses for biometrics technologies in health care environments. The outcome of this analysis lays in the fact that even when biometric technologies offer several advantages over traditional method of identification, they are still in the early stages of providing a suitable solution for a health care environment.

Trust, confidentiality, and the acceptability of sharing HIV-related patient data: lessons learned from a mixed methods study about Health Information Exchanges.

PubMed

Maiorana, Andre; Steward, Wayne T; Koester, Kimberly A; Pearson, Charles; Shade, Starley B; Chakravarty, Deepalika; Myers, Janet J

2012-04-19

Concerns about the confidentiality of personal health information have been identified as a potential obstacle to implementation of Health Information Exchanges (HIEs). Considering the stigma and confidentiality issues historically associated with human immunodeficiency virus (HIV) disease, we examine how trust-in technology, processes, and people-influenced the acceptability of data sharing among stakeholders prior to implementation of six HIEs intended to improve HIV care in parts of the United States. Our analyses identify the kinds of concerns expressed by stakeholders about electronic data sharing and focus on the factors that ultimately facilitated acceptability of the new exchanges. We conducted 549 surveys with patients and 66 semi-structured interviews with providers and other stakeholders prior to implementation of the HIEs to assess concerns about confidentiality in the electronic sharing of patient data. The patient quantitative data were analyzed using SAS 9.2 to yield sample descriptive statistics. The analysis of the qualitative interviews with providers and other stakeholders followed an open-coding process, and convergent and divergent perspectives emerging from those data were examined within and across the HIEs. We found widespread acceptability for electronic sharing of HIV-related patient data through HIEs. This acceptability appeared to be driven by growing comfort with information technologies, confidence in the security protocols utilized to protect data, trust in the providers and institutions who use the technologies, belief in the benefits to the patients, and awareness that electronic exchange represents an enhancement of data sharing already taking place by other means. HIE acceptability depended both on preexisting trust among patients, providers, and institutions and on building consensus and trust in the HIEs as part of preparation for implementation. The process of HIE development also resulted in forging shared vision among institutions. Patients and providers are willing to accept the electronic sharing of HIV patient data to improve care for a disease historically seen as highly stigmatized. Acceptability depends on the effort expended to understand and address potential concerns related to data sharing and confidentiality, and on the trust established among stakeholders in terms of the nature of the systems and how they will be used.

Improving situation awareness with the Android Team Awareness Kit (ATAK)

NASA Astrophysics Data System (ADS)

Usbeck, Kyle; Gillen, Matthew; Loyall, Joseph; Gronosky, Andrew; Sterling, Joshua; Kohler, Ralph; Hanlon, Kelly; Scally, Andrew; Newkirk, Richard; Canestrare, David

2015-05-01

To make appropriate, timely decisions in the field, Situational Awareness (SA) needs to be conveyed in a decentralized manner to the users at the edge of the network as well as at operations centers. Sharing real-time SA efficiently between command centers and operational troops poses many challenges, including handling heterogeneous and dynamic networks, resource constraints, and varying needs for the collection, dissemination, and display of information, as well as recording that information. A mapping application that allows teams to share relevant geospatial information efficiently and to communicate effectively with one another and command centers has wide applicability to many vertical markets across the Department of Defense, as well as a wide variety of federal, state local, and non-profit agencies that need to share locations, text, photos, and video. This paper describes the Android Team Awareness Kit (ATAK), an advanced, distributed tool for commercial- off-the-shelf (COTS) mobile devices such as smartphones and tablets. ATAK provides a variety of useful SA functions for soldiers, law enforcement, homeland defense, and civilian collaborative use; including mapping and navigation, range and bearing, text chat, force tracking, geospatial markup tools, image and file sharing, video playback, site surveys, and many others. This paper describes ATAK, the SA tools that ATAK has built-in, and the ways it is being used by a variety of military, homeland security, and law enforcement users.

Securing the data economy: translating privacy and enacting security in the development of DataSHIELD.

PubMed

Murtagh, M J; Demir, I; Jenkings, K N; Wallace, S E; Murtagh, B; Boniol, M; Bota, M; Laflamme, P; Boffetta, P; Ferretti, V; Burton, P R

2012-01-01

Contemporary bioscience is seeing the emergence of a new data economy: with data as its fundamental unit of exchange. While sharing data within this new 'economy' provides many potential advantages, the sharing of individual data raises important social and ethical concerns. We examine ongoing development of one technology, DataSHIELD, which appears to elide privacy concerns about sharing data by enabling shared analysis while not actually sharing any individual-level data. We combine presentation of the development of DataSHIELD with presentation of an ethnographic study of a workshop to test the technology. DataSHIELD produced an application of the norm of privacy that was practical, flexible and operationalizable in researchers' everyday activities, and one which fulfilled the requirements of ethics committees. We demonstrated that an analysis run via DataSHIELD could precisely replicate results produced by a standard analysis where all data are physically pooled and analyzed together. In developing DataSHIELD, the ethical concept of privacy was transformed into an issue of security. Development of DataSHIELD was based on social practices as well as scientific and ethical motivations. Therefore, the 'success' of DataSHIELD would, likewise, be dependent on more than just the mathematics and the security of the technology. Copyright © 2012 S. Karger AG, Basel.

Stakeholders' views on data sharing in multicenter studies.

PubMed

Mazor, Kathleen M; Richards, Allison; Gallagher, Mia; Arterburn, David E; Raebel, Marsha A; Nowell, W Benjamin; Curtis, Jeffrey R; Paolino, Andrea R; Toh, Sengwee

2017-09-01

To understand stakeholders' views on data sharing in multicenter comparative effectiveness research studies and the value of privacy-protecting methods. Semistructured interviews with five US stakeholder groups. We completed 11 interviews, involving patients (n = 15), researchers (n = 10), Institutional Review Board and regulatory staff (n = 3), multicenter research governance experts (n = 2) and healthcare system leaders (n = 4). Perceptions of the benefits and value of research were the strongest influences toward data sharing; cost and security risks were primary influences against sharing. Privacy-protecting methods that share summary-level data were acknowledged as being appealing, but there were concerns about increased cost and potential loss of research validity. Stakeholders were open to data sharing in multicenter studies that offer value and minimize security risks.

Information accountability and usability: are there any connections?

PubMed

Sahama, Tony; Kushniruk, Andre; Kuwata, Shigeki

2013-01-01

Availability of health information is rapidly increasing and the expansion and proliferation of health information is inevitable. The Electronic Healthcare Record, Electronic Medical Record and Personal Health Record are at the core of this trend and are required for appropriate and practicable exchange and sharing of health information. However, it is becoming increasingly recognized that it is essential to preserve patient privacy and information security when utilising sensitive information for clinical, management and administrative processes. Furthermore, the usability of emerging healthcare applications is also becoming a growing concern. This paper proposes a novel approach for integrating consideration of information accountability with a perspective from usability engineering that can be applied when developing healthcare information technology applications. A social networking user case in the healthcare information exchange will be presented in the context of our approach.

A Secure and Efficient Scalable Secret Image Sharing Scheme with Flexible Shadow Sizes

PubMed Central

Xie, Dong; Li, Lixiang; Peng, Haipeng; Yang, Yixian

2017-01-01

In a general (k, n) scalable secret image sharing (SSIS) scheme, the secret image is shared by n participants and any k or more than k participants have the ability to reconstruct it. The scalability means that the amount of information in the reconstructed image scales in proportion to the number of the participants. In most existing SSIS schemes, the size of each image shadow is relatively large and the dealer does not has a flexible control strategy to adjust it to meet the demand of differen applications. Besides, almost all existing SSIS schemes are not applicable under noise circumstances. To address these deficiencies, in this paper we present a novel SSIS scheme based on a brand-new technique, called compressed sensing, which has been widely used in many fields such as image processing, wireless communication and medical imaging. Our scheme has the property of flexibility, which means that the dealer can achieve a compromise between the size of each shadow and the quality of the reconstructed image. In addition, our scheme has many other advantages, including smooth scalability, noise-resilient capability, and high security. The experimental results and the comparison with similar works demonstrate the feasibility and superiority of our scheme. PMID:28072851

17 CFR 230.480 - Title of securities.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 2 2013-04-01 2013-04-01 false Title of securities. 230.480 Section 230.480 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION GENERAL RULES AND... shares, the par or stated value, if any; the rate of dividends, if fixed, and whether cumulative or non...

17 CFR 230.480 - Title of securities.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 2 2011-04-01 2011-04-01 false Title of securities. 230.480 Section 230.480 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION GENERAL RULES AND... shares, the par or stated value, if any; the rate of dividends, if fixed, and whether cumulative or non...

17 CFR 230.480 - Title of securities.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 2 2012-04-01 2012-04-01 false Title of securities. 230.480 Section 230.480 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION GENERAL RULES AND... shares, the par or stated value, if any; the rate of dividends, if fixed, and whether cumulative or non...

7 CFR 1738.22 - Loan security.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 7 Agriculture 11 2011-01-01 2011-01-01 false Loan security. 1738.22 Section 1738.22 Agriculture... security. (a) RUS makes loans only if, in the judgment of the Administrator, the security therefore is...'s property and such additional security as RUS may require. If necessary, RUS will share in the...

The Privacy and Security Implications of Open Data in Healthcare.

PubMed

Kobayashi, Shinji; Kane, Thomas B; Paton, Chris

2018-04-22

 The International Medical Informatics Association (IMIA) Open Source Working Group (OSWG) initiated a group discussion to discuss current privacy and security issues in the open data movement in the healthcare domain from the perspective of the OSWG membership.  Working group members independently reviewed the recent academic and grey literature and sampled a number of current large-scale open data projects to inform the working group discussion.  This paper presents an overview of open data repositories and a series of short case reports to highlight relevant issues present in the recent literature concerning the adoption of open approaches to sharing healthcare datasets. Important themes that emerged included data standardisation, the inter-connected nature of the open source and open data movements, and how publishing open data can impact on the ethics, security, and privacy of informatics projects.  The open data and open source movements in healthcare share many common philosophies and approaches including developing international collaborations across multiple organisations and domains of expertise. Both movements aim to reduce the costs of advancing scientific research and improving healthcare provision for people around the world by adopting open intellectual property licence agreements and codes of practice. Implications of the increased adoption of open data in healthcare include the need to balance the security and privacy challenges of opening data sources with the potential benefits of open data for improving research and healthcare delivery. Georg Thieme Verlag KG Stuttgart.

Caring in the Information Age: Personal Online Networks to Improve Caregiver Support.

PubMed

Piraino, Emily; Byrne, Kerry; Heckman, George A; Stolee, Paul

2017-06-01

It is becoming increasingly important to find ways for caregivers and service providers to collaborate. This study explored the potential for improving care and social support through shared online network use by family caregivers and service providers in home care. This qualitative study was guided by Rogers' Theory of Diffusion of Innovations [NY: Free Press; 1995], and involved focus group and individual interviews of service providers (n = 31) and family caregivers (n = 4). Interview transcriptions were analyzed using descriptive, topic, and analytic coding, followed by thematic analysis. The network was identified as presenting an opportunity to fill communication gaps presented by other modes of communication and further enhance engagement with families. Barriers included time limitations and policy-related restrictions, privacy, security, and information ownership. Online networks may help address longstanding home-care issues around communication and information-sharing. The success of online networks in home care requires support from care partners. Future research should pilot the use of online networks in home care using barrier and facilitator considerations from this study.

Cybersecurity and privacy issues for socially integrated mobile healthcare applications operating in a multi-cloud environment.

PubMed

Al-Muhtadi, Jalal; Shahzad, Basit; Saleem, Kashif; Jameel, Wasif; Orgun, Mehmet A

2017-05-01

Social media has enabled information-sharing across massively large networks of people without spending much financial resources and time that are otherwise required in the print and electronic media. Mobile-based social media applications have overwhelmingly changed the information-sharing perspective. However, with the advent of such applications at an unprecedented scale, the privacy of the information is compromised to a larger extent if breach mitigation is not adequate. Since healthcare applications are also being developed for mobile devices so that they also benefit from the power of social media, cybersecurity privacy concerns for such sensitive applications have become critical. This article discusses the architecture of a typical mobile healthcare application, in which customized privacy levels are defined for the individuals participating in the system. It then elaborates on how the communication across a social network in a multi-cloud environment can be made more secure and private, especially for healthcare applications.

GEOSS Water Cycle Integrator

NASA Astrophysics Data System (ADS)

Koike, T.; Lawford, R. G.; Cripe, D.

2012-12-01

It is critically important to recognize and co-manage the fundamental linkages across the water-dependent domains; land use, including deforestation; ecosystem services; and food-, energy- and health-securities. Sharing coordinated, comprehensive and sustained observations and information for sound decision-making is a first step; however, to take full advantage of these opportunities, we need to develop an effective collaboration mechanism for working together across different disciplines, sectors and agencies, and thereby gain a holistic view of the continuity between environmentally sustainable development, climate change adaptation and enhanced resilience. To promote effective multi-sectoral, interdisciplinary collaboration based on coordinated and integrated efforts, the Global Earth Observation System of Systems (GEOSS) is now developing a "GEOSS Water Cycle Integrator (WCI)", which integrates "Earth observations", "modeling", "data and information", "management systems" and "education systems". GEOSS/WCI sets up "work benches" by which partners can share data, information and applications in an interoperable way, exchange knowledge and experiences, deepen mutual understanding and work together effectively to ultimately respond to issues of both mitigation and adaptation. (A work bench is a virtual geographical or phenomenological space where experts and managers collaborate to use information to address a problem within that space). GEOSS/WCI enhances the coordination of efforts to strengthen individual, institutional and infrastructure capacities, especially for effective interdisciplinary coordination and integration. GEO has established the GEOSS Asian Water Cycle Initiative (AWCI) and GEOSS African Water Cycle Coordination Initiative (AfWCCI). Through regional, inter-disciplinary, multi-sectoral integration and inter-agency coordination in Asia and Africa, GEOSS/WCI is now leading to effective actions and public awareness in support of water security and sustainable development.

Comment on "Proactive quantum secret sharing"

NASA Astrophysics Data System (ADS)

Gao, Gan; Wang, Yue

2017-03-01

In the paper, Qin and Dai (Quantum Inf Process 14:4237-4244, 2015) proposed a proactive quantum secret sharing scheme. We study the security of the proposed scheme and find that it is not secure. In the distribution phase of the proposed scheme, two dishonest participants may collaborate to eavesdrop the secret of the dealer without introducing any error.

KENNEDY SPACE CENTER, FLA. - Children enjoy displays of security equipment during Take Our Children to Work Day. Employees were invited to share their work experience with their children on this annual event.

NASA Image and Video Library

2003-07-24

KENNEDY SPACE CENTER, FLA. - Children enjoy displays of security equipment during Take Our Children to Work Day. Employees were invited to share their work experience with their children on this annual event.

Unconditionally secure commitment in position-based quantum cryptography.

PubMed

Nadeem, Muhammad

2014-10-27

A new commitment scheme based on position-verification and non-local quantum correlations is presented here for the first time in literature. The only credential for unconditional security is the position of committer and non-local correlations generated; neither receiver has any pre-shared data with the committer nor does receiver require trusted and authenticated quantum/classical channels between him and the committer. In the proposed scheme, receiver trusts the commitment only if the scheme itself verifies position of the committer and validates her commitment through non-local quantum correlations in a single round. The position-based commitment scheme bounds committer to reveal valid commitment within allocated time and guarantees that the receiver will not be able to get information about commitment unless committer reveals. The scheme works for the commitment of both bits and qubits and is equally secure against committer/receiver as well as against any third party who may have interests in destroying the commitment. Our proposed scheme is unconditionally secure in general and evades Mayers and Lo-Chau attacks in particular.

Quantum Secure Conditional Direct Communication via EPR Pairs

NASA Astrophysics Data System (ADS)

Gao, Ting; Yan, Fengli; Wang, Zhixi

Two schemes for quantum secure conditional direct communication are proposed, where a set of EPR pairs of maximally entangled particles in Bell states, initially made by the supervisor Charlie, but shared by the sender Alice and the receiver Bob, functions as quantum information channels for faithful transmission. After insuring the security of the quantum channel and obtaining the permission of Charlie (i.e., Charlie is trustworthy and cooperative, which means the "conditional" in the two schemes), Alice and Bob begin their private communication under the control of Charlie. In the first scheme, Alice transmits secret message to Bob in a deterministic manner with the help of Charlie by means of Alice's local unitary transformations, both Alice and Bob's local measurements, and both of Alice and Charlie's public classical communication. In the second scheme, the secure communication between Alice and Bob can be achieved via public classical communication of Charlie and Alice, and the local measurements of both Alice and Bob. The common feature of these protocols is that the communications between two communication parties Alice and Bob depend on the agreement of the third side Charlie. Moreover, transmitting one bit secret message, the sender Alice only needs to apply a local operation on her one qubit and send one bit classical information. We also show that the two schemes are completely secure if quantum channels are perfect.

Willingness of older adults to share data and privacy concerns after exposure to unobtrusive in-home monitoring.

PubMed

Boise, Linda; Wild, Katherine; Mattek, Nora; Ruhl, Mary; Dodge, Hiroko H; Kaye, Jeffrey

2013-01-01

Older adult participants in the Intelligent Systems for Assessment of Aging Changes study (ISAAC) carried out by the Oregon Center for Aging and Technology (ORCATECH) were surveyed regarding their attitudes about unobtrusive home monitoring and computer use at baseline and after one year (n=119). The survey was part of a longitudinal study using in-home sensor technology to detect cognitive changes and other health problems. Our primary objective was to measure willingness to share health or activity data with one's doctor or family members and concerns about privacy or security of monitoring over one year of study participation. Differences in attitudes of participants with Mild Cognitive Impairment (MCI) compared to those with normal cognition were also examined. A high proportion (over 72%) of participants reported acceptance of in-home and computer monitoring and willingness to have data shared with their doctor or family members. However, a majority (60%) reported concerns related to privacy or security; these concerns increased after one year of participation. Few differences between participants with MCI and those with normal cognition were identified. Findings suggest that involvement in this unobtrusive in-home monitoring study may have raised awareness about the potential privacy risks of technology. Still, results show high acceptance, stable over time, of sharing information from monitoring systems with family members and doctors. Our findings have important implications for the deployment of technologies among older adults in research studies as well as in the general community.

Experience of wireless local area network in a radiation oncology department.

PubMed

Mandal, Abhijit; Asthana, Anupam Kumar; Aggarwal, Lalit Mohan

2010-01-01

The aim of this work is to develop a wireless local area network (LAN) between different types of users (Radiation Oncologists, Radiological Physicists, Radiation Technologists, etc) for efficient patient data management and to made easy the availability of information (chair side) to improve the quality of patient care in Radiation Oncology department. We have used mobile workstations (Laptops) and stationary workstations, all equipped with wireless-fidelity (Wi-Fi) access. Wireless standard 802.11g (as recommended by Institute of Electrical and Electronic Engineers (IEEE, Piscataway, NJ) has been used. The wireless networking was configured with the Service Set Identifier (SSID), Media Access Control (MAC) address filtering, and Wired Equivalent Privacy (WEP) network securities. We are successfully using this wireless network in sharing the indigenously developed patient information management software. The proper selection of the hardware and the software combined with a secure wireless LAN setup will lead to a more efficient and productive radiation oncology department.

Collaborative eHealth Meets Security: Privacy-Enhancing Patient Profile Management.

PubMed

Sanchez-Guerrero, Rosa; Mendoza, Florina Almenarez; Diaz-Sanchez, Daniel; Cabarcos, Patricia Arias; Lopez, Andres Marin

2017-11-01

Collaborative healthcare environments offer potential benefits, including enhancing the healthcare quality delivered to patients and reducing costs. As a direct consequence, sharing of electronic health records (EHRs) among healthcare providers has experienced a noteworthy growth in the last years, since it enables physicians to remotely monitor patients' health and enables individuals to manage their own health data more easily. However, these scenarios face significant challenges regarding security and privacy of the extremely sensitive information contained in EHRs. Thus, a flexible, efficient, and standards-based solution is indispensable to guarantee selective identity information disclosure and preserve patient's privacy. We propose a privacy-aware profile management approach that empowers the patient role, enabling him to bring together various healthcare providers as well as user-generated claims into an unique credential. User profiles are represented through an adaptive Merkle Tree, for which we formalize the underlying mathematical model. Furthermore, performance of the proposed solution is empirically validated through simulation experiments.

Demonstration of Monogamy Relations for Einstein-Podolsky-Rosen Steering in Gaussian Cluster States.

PubMed

Deng, Xiaowei; Xiang, Yu; Tian, Caixing; Adesso, Gerardo; He, Qiongyi; Gong, Qihuang; Su, Xiaolong; Xie, Changde; Peng, Kunchi

2017-06-09

Understanding how quantum resources can be quantified and distributed over many parties has profound applications in quantum communication. As one of the most intriguing features of quantum mechanics, Einstein-Podolsky-Rosen (EPR) steering is a useful resource for secure quantum networks. By reconstructing the covariance matrix of a continuous variable four-mode square Gaussian cluster state subject to asymmetric loss, we quantify the amount of bipartite steering with a variable number of modes per party, and verify recently introduced monogamy relations for Gaussian steerability, which establish quantitative constraints on the security of information shared among different parties. We observe a very rich structure for the steering distribution, and demonstrate one-way EPR steering of the cluster state under Gaussian measurements, as well as one-to-multimode steering. Our experiment paves the way for exploiting EPR steering in Gaussian cluster states as a valuable resource for multiparty quantum information tasks.

Demonstration of Monogamy Relations for Einstein-Podolsky-Rosen Steering in Gaussian Cluster States

NASA Astrophysics Data System (ADS)

Deng, Xiaowei; Xiang, Yu; Tian, Caixing; Adesso, Gerardo; He, Qiongyi; Gong, Qihuang; Su, Xiaolong; Xie, Changde; Peng, Kunchi

2017-06-01

Understanding how quantum resources can be quantified and distributed over many parties has profound applications in quantum communication. As one of the most intriguing features of quantum mechanics, Einstein-Podolsky-Rosen (EPR) steering is a useful resource for secure quantum networks. By reconstructing the covariance matrix of a continuous variable four-mode square Gaussian cluster state subject to asymmetric loss, we quantify the amount of bipartite steering with a variable number of modes per party, and verify recently introduced monogamy relations for Gaussian steerability, which establish quantitative constraints on the security of information shared among different parties. We observe a very rich structure for the steering distribution, and demonstrate one-way EPR steering of the cluster state under Gaussian measurements, as well as one-to-multimode steering. Our experiment paves the way for exploiting EPR steering in Gaussian cluster states as a valuable resource for multiparty quantum information tasks.

Secure and interoperable communication infrastructures for PPDR organisations

NASA Astrophysics Data System (ADS)

Müller, Wilmuth; Marques, Hugo; Pereira, Luis; Rodriguez, Jonathan; Brouwer, Frank; Bouwers, Bert; Politis, Ilias; Lykourgiotis, Asimakis; Ladas, Alexandros; Adigun, Olayinka; Jelenc, David

2016-05-01

The growing number of events affecting public safety and security (PS&S) on a regional scale with potential to grow up to large scale cross border disasters puts an increased pressure on agencies and organisation responsible for PS&S. In order to respond timely and in an adequate manner to such events, Public Protection and Disaster Relief (PPDR) organisations need to cooperate, align their procedures and activities, share the needed information and be interoperable. Existing PPDR/PMR technologies such as TETRA, TETRAPOL or P25, do not currently provide broadband capability nor is expected such technologies to be upgraded in the future. This presents a major limitation in supporting new services and information flows. Furthermore, there is no known standard that addresses interoperability of these technologies. In this contribution the design of a next generation communication infrastructure for PPDR organisations which fulfills the requirements of secure and seamless end-to-end communication and interoperable information exchange within the deployed communication networks is presented. Based on Enterprise Architecture of PPDR organisations, a next generation PPDR network that is backward compatible with legacy communication technologies is designed and implemented, capable of providing security, privacy, seamless mobility, QoS and reliability support for mission-critical Private Mobile Radio (PMR) voice and broadband data services. The designed solution provides a robust, reliable, and secure mobile broadband communications system for a wide variety of PMR applications and services on PPDR broadband networks, including the ability of inter-system, interagency and cross-border operations with emphasis on interoperability between users in PMR and LTE.

Successful public-private partnerships: The NYPD shield model.

PubMed

Amadeo, Vincent; Iannone, Stephen

2017-12-01

This article will identify the challenges that post 9/11 law enforcement faces regarding privatepublic partnerships and describe in detail the NYPD Shield programme, created to combat those challenges. Recommendations made by the 911 Commission included the incorporation of the private sector into future homeland security strategies. One such strategy is NYPD Shield. This programme is a nationally recognized award-winning public-private partnership dedicated to providing counterterrorism training and information sharing with government agencies, non-government organizations, private businesses, and the community. Information is shared through several platforms that include a dedicated website, instruction of counterterrorism training curricula, e-mail alerts, intelligence assessments and the hosting of quarterly conferences. This article also details how the NYPD Shield is providing its successful template to other law enforcement agencies enabling them to initiate similar programmes in their respective jurisdictions, and in doing so joining a National Shield Network.

Physicians and Insider Trading.

PubMed

Kesselheim, Aaron S; Sinha, Michael S; Joffe, Steven

2015-12-01

Although insider trading is illegal, recent high-profile cases have involved physicians and scientists who are part of corporate governance or who have access to information about clinical trials of investigational products. Insider trading occurs when a person in possession of information that might affect the share price of a company's stock uses that information to buy or sell securities--or supplies that information to others who buy or sell--when the person is expected to keep such information confidential. The input that physicians and scientists provide to business leaders can serve legitimate social functions, but insider trading threatens to undermine any positive outcomes of these relationships. We review insider-trading rules and consider approaches to securities fraud in the health care field. Given the magnitude of the potential financial rewards, the ease of concealing illegal conduct, and the absence of identifiable victims, the temptation for physicians and scientists to engage in insider trading will always be present. Minimizing the occurrence of insider trading will require robust education, strictly enforced contractual provisions, and selective prohibitions against high-risk conduct, such as participation in expert consulting networks and online physician forums, by those individuals with access to valuable inside information.

Factors affecting willingness to share electronic health data among California consumers.

PubMed

Kim, Katherine K; Sankar, Pamela; Wilson, Machelle D; Haynes, Sarah C

2017-04-04

Robust technology infrastructure is needed to enable learning health care systems to improve quality, access, and cost. Such infrastructure relies on the trust and confidence of individuals to share their health data for healthcare and research. Few studies have addressed consumers' views on electronic data sharing and fewer still have explored the dual purposes of healthcare and research together. The objective of the study is to explore factors that affect consumers' willingness to share electronic health information for healthcare and research. This study involved a random-digit dial telephone survey of 800 adult Californians conducted in English and Spanish. Logistic regression was performed using backward selection to test for significant (p-value ≤ 0.05) associations of each explanatory variable with the outcome variable. The odds of consent for electronic data sharing for healthcare decreased as Likert scale ratings for EHR impact on privacy worsened, odds ratio (OR) = 0.74, 95% CI [0.60, 0.90]; security, OR = 0.80, 95% CI [0.66, 0.98]; and quality, OR = 0.59, 95% CI [0.46-0.75]. The odds of consent for sharing for research was greater for those who think EHR will improve research quality, OR = 11.26, 95% CI [4.13, 30.73]; those who value research benefit over privacy OR = 2.72, 95% CI [1.55, 4.78]; and those who value control over research benefit OR = 0.49, 95% CI [0.26, 0.94]. Consumers' choices about electronically sharing health information are affected by their attitudes toward EHRs as well as beliefs about research benefit and individual control. Design of person-centered interventions utilizing electronically collected health information, and policies regarding data sharing should address these values of importance to people. Understanding of these perspectives is critical for leveraging health data to support learning health care systems.

Trust Me, I'm a Doctor: Examining Changes in How Privacy Concerns Affect Patient Withholding Behavior.

PubMed

Walker, Daniel M; Johnson, Tyler; Ford, Eric W; Huerta, Timothy R

2017-01-04

As electronic health records (EHRs) become ubiquitous in the health care industry, privacy breaches are increasing and being made public. These breaches may make consumers wary of the technology, undermining its potential to improve care coordination and research. Given the developing concerns around privacy of personal health information stored in digital format, it is important for providers to understand how views on privacy and security may be associated with patient disclosure of health information. This study aimed to understand how privacy concerns may be shifting patient behavior. Using a pooled cross-section of data from the 2011 and 2014 cycles of the Health Information and National Trends Survey (HINTS), we tested whether privacy and security concerns, as well as quality perceptions, are associated with the likelihood of withholding personal health information from a provider. A fully interacted multivariate model was used to compare associations between the 2 years, and interaction terms were used to evaluate trends in the factors that are associated with withholding behavior. No difference was found regarding the effect of privacy and security concerns on withholding behavior between 2011 and 2014. Similarly, whereas perceived high quality of care was found to reduce the likelihood of withholding information from a provider in both 2011 (odds ratio [OR] 0.73, 95% confidence interval [CI] 0.56-0.94) and 2014 (OR 0.61, 95% CI 0.48-0.76), no difference was observed between years. These findings suggest that consumers' beliefs about EHR privacy and security, the relationship between technology use and quality, and intentions to share information with their health care provider have not changed. These findings are counter to the ongoing discussions about the implications of security failures in other domains. Our results suggest that providers could ameliorate privacy and security by focusing on the care quality benefits EHRs provide. ©Daniel M Walker, Tyler Johnson, Eric W Ford, Timothy R Huerta. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 04.01.2017.

Creating National Attraction: Military Intelligence Sharing Building Foreign Military Interdependence

DTIC Science & Technology

2015-05-21

were focused on security of the information, access to desired intelligence, and access to locations favorable to collecting desired intelligence.8 The...obtain a more favorable position in the relationship. For example, a state might threaten defection due to a lack of domestic support for the...administration, the United States worked with Colombia and Mexico to reduce the flow of cocaine and marijuana into the United States.62 This action

Telemedicine and security. Confidentiality, integrity, and availability: a Canadian perspective.

PubMed

Jennett, P; Watanabe, M; Igras, E; Premkumar, K; Hall, W

1996-01-01

The health care system is undergoing major reform, characterized by organized delivery systems (regionalization, decentralization, devolution, etc); shifts in care delivery sites; changing health provider roles; increasing consumer responsibilities; and accountability. Rapid advances in information technology and telecommunications have led to a new type of information infrastructure which can play a major role in this reform. Compatible health information systems are now being integrated and connected across institutional, regional, and sectorial boundaries. In the near future, these information systems will readily be accessed and shared by health providers, researchers, policy makers, health consumers, and the public. SECURITY is a critical characteristic of any health information system. This paper will address three fields associated with SECURITY: confidentiality, integrity, and availability. These will be defined and examined as they relate to specific aspects of Telemedicine, such as electronic integrated records and clinical databases; electronic transfer of documents; as well as data storage and disposal. The guiding principles, standards, and safeguards being considered and put in place to ensure that telemedicine information intrastructures can protect and benefit all stakeholders' rights and needs in both primary and secondary uses of information will be reviewed. Implemented, proposed, and tested institutional, System, and Network solutions will be discussed; for example, encryption-decryption methods; data transfer standards; individual and terminal access and entry I.D. and password levels; smart card access and PIN number control; data loss prevention strategies; interference alerts; information access keys; algorithm safeguards; and active marketing to users of standards and principles. Issues such as policy, implementation, and ownership will be addressed.

Cryptography for Big Data Security

DTIC Science & Technology

2015-07-13

Cryptography for Big Data Security Book Chapter for Big Data: Storage, Sharing, and Security (3S) Distribution A: Public Release Ariel Hamlin1 Nabil...Email: arkady@ll.mit.edu ii Contents 1 Cryptography for Big Data Security 1 1.1 Introduction...48 Chapter 1 Cryptography for Big Data Security 1.1 Introduction With the amount

Impacts of industrial transition on water use intensity and energy-related carbon intensity in China: A spatio-temporal analysis during 2003-2012

NASA Astrophysics Data System (ADS)

Cai, J.; Yin, H.; Varis, O.

2016-12-01

China faces a complicated puzzle in balancing the country's trade-offs among water and energy security, economic competitiveness, and environmental sustainability. It is therefore of prime importance to comprehend China's water and energy security under the effect of its economic structural changes. Analyses on this entity still remain few and far between though, and a comprehensive picture has not been available that would help understand China's recent development in economic structure as well as its spatial features and links to water and energy security, and policy-making. Consequently, we addressed this information gap by performing an integrated and quantitative spatio-temporal analysis of the impacts of China's industrial transition on water use intensity (WUI) and energy-related carbon intensity (ERCI). Those two factors serve as the national targets of its water and energy security. Our results for the first time quantitatively demonstrated the following significant and novel information: 1) the primary industry (PI) appeared to dominate the WUI although its relative share decreased, and PI's WUI continued to be far higher than that of secondary and tertiary industries (SI and TI); 2) SI dominated in affecting the total ERCI at both national and provincial scales; 3) the total WUI and ERCI had a significant positive correlation.

It Security and EO Systems

NASA Astrophysics Data System (ADS)

Burnett, M.

2010-12-01

One topic that is beginning to influence the systems that support these goals is that of Information Technology (IT) Security. Unsecure systems are vulnerable to increasing attacks and other negative consequences; sponsoring agencies are correspondingly responding with more refined policies and more stringent security requirements. These affect how EO systems can meet the goals of data and service interoperability and harmonization through open access, transformation and visualization services. Contemporary systems, including the vision of a system-of-systems (such as GEOSS, the Global Earth Observation System of Systems), utilize technologies that support a distributed, global, net-centric environment. These types of systems have a high reliance on the open systems, web services, shared infrastructure and data standards. The broader IT industry has developed and used these technologies in their business and mission critical systems for many years. Unfortunately, the IT industry, and their customers have learned the importance of protecting their assets and resources (computing and information) as they have been forced to respond to an ever increasing number and more complex illegitimate “attackers”. This presentation will offer an overview of work done by the CEOS WGISS organization in summarizing security threats, the challenges to responding to them and capturing the current state of the practice within the EO community.

NorthAm Fest : fostering a North American continent approach to countering terrorism.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gerdes, Dick; Moore, Judy Hennessey; Whitley, John B.

2004-12-01

On September 14-16, 2004, the Advanced Concepts Group of Sandia National Laboratories in conjunction with the University of Texas at El Paso and the North American Institute hosted a workshop (fest) designed to explore the concept of a North American continental approach to countering terrorism. The fest began with the basic premise that the successful defense of North America against the threat of terrorism will require close collaboration among the North American allies--Canada, Mexico and the U.S.--as well as a powerful set of information collection and analysis tools and deterrence strategies. The NorthAm Fest recast the notion of ''homeland defense''more » as a tri-national effort to protect the North American continent against an evolving threat that respects no borders. This is a report of the event summarizing the ideas explored. The fest examined the uniqueness of dealing with terrorism from a tri-national North American viewpoint, the role and possible features of joint security systems, concepts for ideal continental security systems for North America, and the challenges and opportunities for such systems to become reality. The following issues were identified as most important for the advancement of this concept. (1) The three countries share a set of core values--democracy, prosperity and security--which form the basis for joint interactions and allow for the development of a culture of cooperation without affecting the sovereignty of the members. (2) The creation of a continental defensive strategy will require a set of strategic guidelines and that smart secure borders play a pivotal role. (3) Joint security systems will need to operate from a set of complementary but not identical policies and procedures. (4) There is a value in joint task forces for response and shared information systems for the prevention of attacks. (5) The private sector must play a critical role in cross-border interactions. Finally, participants envisioned a ''Tri-National Security Laboratory'' to develop and test new counter-terrorism technologies and processes. The fest was an important first step in developing a tri-national approach to continental security and very different approaches to countering terrorism were explored. Participants came to the conclusion that continental security would be easier to achieve if the focus were on broader security issues, such as transnational crime, with terrorism being only a part of the focus. A series of fledgling relationships were begun between individuals and organizations through which actions can occur. A first commitment is the publication by a set of participants representing the three countries of a joint paper outlining the elements of a Continental Security approach.« less

76 FR 50529 - Self-Regulatory Organizations; New York Stock Exchange LLC; Notice of Filing and Immediate...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-15

... or more, to include criteria based on an SLP's Average Daily Volume (``ADV'') in added liquidity in... liquidity in the applicable month for all assigned SLP securities, as follows: \\5\\ \\5\\ See Securities... is more than 10 million shares but not more than 20 million shares.\\6\\ \\6\\ For all other SLP...

75 FR 69058 - Request for Comment on a Proposal to Exempt, Pursuant to the Authority in Section 4(c) of the...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-10

... categorical Section 4(c) exemption to permit options and futures on shares of all or some precious metal commodity-based ETFs to be traded and cleared as options on securities and security futures, respectively... options and futures on shares of precious metal commodity- based ETFs. The Commission believes that...

KENNEDY SPACE CENTER, FLA. - Children enjoy a hands-on display of security equipment during Take Our Children to Work Day. Employees were invited to share their work experience with their children on this annual event.

NASA Image and Video Library

2003-07-24

KENNEDY SPACE CENTER, FLA. - Children enjoy a hands-on display of security equipment during Take Our Children to Work Day. Employees were invited to share their work experience with their children on this annual event.

Technosocial Predictive Analytics for Security Informatics

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sanfilippo, Antonio P.; Gilbert, Nigel; Greaves, Mark

2012-08-22

Challenges to the security, health, and sustainable growth of our society keep escalating asymmetrically due to the growing pace of globalization and global change. The increasing velocity of information sharing, social networking, economic forces, and environmental change has resulted in a rapid increase in the number and frequency of “game-changing moments” that a community can face. Social movements that once took a decade to build now take a year; shifts in public opinion that once took a year to take root now take a couple of months. More and more frequently, these critical moments occur too suddenly for the affectedmore » communities to succeed in countering the consequent adversities or seizing the emerging opportunities. Now more than ever, we need anticipatory reasoning technologies to forecast and manage change in order to secure and improve our way of life and the environment we inhabit.« less

Climate change, resource use and food security in midcentury under a range of plausible scenarios

NASA Astrophysics Data System (ADS)

Wiebe, K.

2016-12-01

Achieving and maintaining food security at local, national and global scales is challenged by changes in population, income and climate, among other socioeconomic and biophysical drivers. Assessing these challenges and possible solutions over the coming decades requires a systematic and multidisciplinary approach. The Global Futures and Strategic Foresight program, a CGIAR initiative led by the International Food Policy Research Institute in collaboration with the 14 other CGIAR research centers, is working to improve tools and conduct ex ante assessments of promising technologies, investments and policies under alternative global futures to inform decision making in the CGIAR and its partners. Alternative socioeconomic and climate scenarios are explored using an integrated system of climate, water, crop and economic models. This presentation will share findings from recent projections of food production and prices to 2050 at global and regional scales, together with their potential implications for land and water use, food security, nutrition and health.

Practices in security and confidentiality of HIV/AIDS patients' information: A national survey among staff at HIV outpatient clinics in Vietnam.

PubMed

Khac Hai, Nguyen; Lawpoolsri, Saranath; Jittamala, Podjanee; Thi Thu Huong, Phan; Kaewkungwal, Jaranit

2017-01-01

Breach of confidentiality or invasion of privacy from the collection and use of medical records, particularly those of patients with HIV/AIDS or other diseases sensitive to stigmatization, should be prevented by all related stakeholders in healthcare settings. The main focus of this study was to assess practices regarding security and confidentiality of HIV-related information among staff at HIV outpatient clinics (HIV-OPCs) in Vietnam. A descriptive cross-sectional study was conducted at all 312 HIV-OPCs across the country using an online survey technique. In general, the staff practices for securing and protecting patient information were at acceptable levels. Most staff had proper measures and practices for maintaining data security; however, the protection of patient confidentiality, particularly for data access, sharing, and transfer still required improvement. Most HIV-OPC staff had good or moderate knowledge and positive perceptions towards security and confidentiality issues. Staff who were not trained in the practice of security measures differed significantly from those who were trained (OR: 3.74; 95%CI: 1.44-9.67); staff needing improved knowledge levels differed significantly from those with good (OR: 5.20; 95%CI: 2.39-11.32) and moderate knowledge levels (OR: 5.10; 95%CI: 2.36-11.00); and staff needing improved perception levels differed significantly from those with good (i.e., with 100% proper practices) and moderate perception levels (OR: 5.67; 95%CI: 2.93-10.95). Staff who were not trained in the protection of data confidentiality differed significantly from those who were trained (OR: 2.18; 95%CI: 1.29-3.65). Training is an important factor to help raise the levels of proper practices regarding confidentiality and security, to improve knowledge and raise awareness about change among staff. The operation and management of HIV treatment and care in Vietnam are currently transitioning from separate healthcare clinics (HIV-OPC) into units integrated into general hospitals/healthcare facilities. The findings of this study highlight topics that could be used for improving management and operation of information system and revising guidelines and regulations on protection measures/strategies for data security and confidentiality of HIV/AIDS patients by Vietnam health authorities or other countries facing similar situations. Secure infrastructure and secure measures for data access and use are very important, worthwhile investments. The provision of continuous training and active enforcement and monitoring of the practices of healthcare personnel might lead to an improved understanding and acknowledegement of the importance of national policies/guidelines regarding HIV-related patient information.

COPERNICUS - The European Union Earth Observation Programme - State of play and way ahead

NASA Astrophysics Data System (ADS)

Koch, Astrid-Christina

2015-04-01

Copernicus is the new name of the European Earth Observation Programme, GMES (Global Monitoring for Environment and Security). Copernicus or rather its predecessor was established as an EU programme. It covers all the activities for ensuring an uninterrupted provision of accurate and reliable data and information on environmental issues and security matters to users in charge of policy making, implementation and monitoring, in the EU and its Member States. Copernicus aims at providing Europe with a continuous, independent and reliable access to observation data and information. The EU investment aims at filling the observation gaps, providing access to existing assets and developing operational services. The data policy of the Copernicus programme supports an open, full and free of charge data access that is in line with the data sharing principles of the Group for Earth Observation (GEO). Copernicus is structured in six Services: Marine, Atmosphere, Land and Climate change monitoring as well as support to Emergency and Security. Copernicus uses data from satellites and in-situ sensors such as buoys, balloons or air sensors to provide timely and reliable added-value information and forecasting to support for example, agriculture and fisheries, land use and urban planning, the fight against forest fires, disaster response, maritime transport or air pollution monitoring. The need for continuing such observations is becoming critical, considering the increasing political pressure on public authorities to take informed decisions in the field of environment, security and climate change and the need to respect international agreements. Copernicus also contributes to economic stability and growth by boosting commercial applications (the so-called downstream services) in many different sectors through a full and open access to Copernicus observation data and information products. KEY WORDS: Sentinels, big data, data access, Emergency, Marine, Atmosphere.

Driving Innovation in Health Systems through an Apps-Based Information Economy

PubMed Central

Mandel, Joshua C.; Kohane, Isaac S.

2015-01-01

Healthcare data will soon be accessible using standard, open software interfaces. Here, we describe how these interfaces could lead to improved healthcare by facilitating the development of software applications (apps) that can be shared across physicians, health care organizations, translational researchers, and patients. We provide recommendations for next steps and resources for the myriad stakeholders. If challenges related to efficacy, accuracy, utility, safety, privacy, and security can be met, this emerging apps model for health information technology will open up the point of care for innovation and connect patients at home to their healthcare data. PMID:26339683

Distributed Noise Generation for Density Estimation Based Clustering without Trusted Third Party

NASA Astrophysics Data System (ADS)

Su, Chunhua; Bao, Feng; Zhou, Jianying; Takagi, Tsuyoshi; Sakurai, Kouichi

The rapid growth of the Internet provides people with tremendous opportunities for data collection, knowledge discovery and cooperative computation. However, it also brings the problem of sensitive information leakage. Both individuals and enterprises may suffer from the massive data collection and the information retrieval by distrusted parties. In this paper, we propose a privacy-preserving protocol for the distributed kernel density estimation-based clustering. Our scheme applies random data perturbation (RDP) technique and the verifiable secret sharing to solve the security problem of distributed kernel density estimation in [4] which assumed a mediate party to help in the computation.