Improvement of economic security management system of municipalities with account of transportation system development: methods of assessment

NASA Astrophysics Data System (ADS)

Khe Sun, Pak; Vorona-Slivinskaya, Lubov; Voskresenskay, Elena

2017-10-01

The article highlights the necessity of a complex approach to assess economic security of municipalities, which would consider municipal management specifics. The approach allows comparing the economic security level of municipalities, but it does not describe parameter differences between compared municipalities. Therefore, there is a second method suggested: parameter rank order method. Applying these methods allowed to figure out the leaders and outsiders of the economic security among municipalities and rank all economic security parameters according to the significance level. Complex assessment of the economic security of municipalities, based on the combination of the two approaches, allowed to assess the security level more accurate. In order to assure economic security and equalize its threshold values, one should pay special attention to transportation system development in municipalities. Strategic aims of projects in the area of transportation infrastructure development in municipalities include the following issues: contribution into creating and elaborating transportation logistics and manufacture transport complexes, development of transportation infrastructure with account of internal and external functions of the region, public transport development, improvement of transport security and reducing its negative influence on the environment.

Fast Computation and Assessment Methods in Power System Analysis

NASA Astrophysics Data System (ADS)

Nagata, Masaki

Power system analysis is essential for efficient and reliable power system operation and control. Recently, online security assessment system has become of importance, as more efficient use of power networks is eagerly required. In this article, fast power system analysis techniques such as contingency screening, parallel processing and intelligent systems application are briefly surveyed from the view point of their application to online dynamic security assessment.

Safe teleradiology: information assurance as project planning methodology

NASA Astrophysics Data System (ADS)

Collmann, Jeff R.; Alaoui, Adil; Nguyen, Dan; Lindisch, David

2003-05-01

This project demonstrates use of OCTAVE, an information security risk assessment method, as an approach to the safe design and planning of a teleradiology system. By adopting this approach to project planning, we intended to provide evidence that including information security as an intrinsic component of project planning improves information assurance and that using information assurance as a planning tool produces and improves the general system management plan. Several considerations justify this approach to planning a safe teleradiology system. First, because OCTAVE was designed as a method for retrospectively assessing and proposing enhancements for the security of existing information management systems, it should function well as a guide to prospectively designing and deploying a secure information system such as teleradiology. Second, because OCTAVE provides assessment and planning tools for use primarily by interdisciplinary teams from user organizations, not consultants, it should enhance the ability of such teams at the local level to plan safe information systems. Third, from the perspective of sociological theory, OCTAVE explicitly attempts to enhance organizational conditions identified as necessary to safely manage complex technologies. Approaching information system design from the perspective of information security risk management proactively integrates health information assurance into a project"s core. This contrasts with typical approaches that perceive "security" as a secondary attribute to be "added" after designing the system and with approaches that identify information assurance only with security devices and user training. The perspective of health information assurance embraces so many dimensions of a computerized health information system"s design that one may successfully deploy a method for retrospectively assessing information security risk as a prospective planning tool. From a sociological perspective, this approach enhances the general conditions as well as establishes specific policies and procedures for reliable performance of health information assurance.

A Cyber Security Self-Assessment Method for Nuclear Power Plants

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Coles, Garill A.; Bass, Robert B.

2004-11-01

A cyber security self-assessment method (the Method) has been developed by Pacific Northwest National Laboratory. The development of the Method was sponsored and directed by the U.S. Nuclear Regulatory Commission. Members of the Nuclear Energy Institute Cyber Security Task Force also played a substantial role in developing the Method. The Method's structured approach guides nuclear power plants in scrutinizing their digital systems, assessing the potential consequences to the plant of a cyber exploitation, identifying vulnerabilities, estimating cyber security risks, and adopting cost-effective protective measures. The focus of the Method is on critical digital assets. A critical digital asset is amore » digital device or system that plays a role in the operation, maintenance, or proper functioning of a critical system (i.e., a plant system that can impact safety, security, or emergency preparedness). A critical digital asset may have a direct or indirect connection to a critical system. Direct connections include both wired and wireless communication pathways. Indirect connections include sneaker-net pathways by which software or data are manually transferred from one digital device to another. An indirect connection also may involve the use of instructions or data stored on a critical digital asset to make adjustments to a critical system. The cyber security self-assessment begins with the formation of an assessment team, and is followed by a six-stage process.« less

Sustainable Food Security Measurement: A Systemic Methodology

NASA Astrophysics Data System (ADS)

Findiastuti, W.; Singgih, M. L.; Anityasari, M.

2017-04-01

Sustainable food security measures how a region provides food for its people without endangered the environment. In Indonesia, it was legally measured in Food Security and Vulnerability (FSVA). However, regard to sustainable food security policy, the measurement has not encompassed the environmental aspect. This will lead to lack of environmental aspect information for adjusting the next strategy. This study aimed to assess Sustainable Food security by encompassing both food security and environment aspect using systemic eco-efficiency. Given existing indicator of cereal production level, total emission as environment indicator was generated by constructing Causal Loop Diagram (CLD). Then, a stock-flow diagram was used to develop systemic simulation model. This model was demonstrated for Indonesian five provinces. The result showed there was difference between food security order with and without environmental aspect assessment.

Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs

NASA Astrophysics Data System (ADS)

Kurnianto, Ari; Isnanto, Rizal; Widodo, Aris Puji

2018-02-01

Information security is a problem effected business process of an organization, so it needs special concern. Information security assessment which is good and has international standard is done using Information Security Management System (ISMS) ISO/IEC 27001:2013. In this research, the high level assessment has been done using ISO/IEC 27001:2013 to observe the strength of information secuity in Ministry of Internal Affairs. The research explains about the assessment of information security management which is built using PHP. The input data use primary and secondary data which passed observation. The process gets maturity using the assessment of ISO/IEC 27001:2013. GAP Analysis observes the condition now a days and then to get recommendation and road map. The result of this research gets all of the information security process which has not been already good enough in Ministry of Internal Affairs, gives recommendation and road map to improve part of all information system being running. It indicates that ISO/IEC 27001:2013 is good used to rate maturity of information security management. As the next analyzation, this research use Clause and Annex in ISO/IEC 27001:2013 which is suitable with condition of Data Center and Data Recovery Center, so it gets optimum result and solving problem of the weakness information security.

L-Band Digital Aeronautical Communications System Engineering - Initial Safety and Security Risk Assessment and Mitigation

NASA Technical Reports Server (NTRS)

Zelkin, Natalie; Henriksen, Stephen

2011-01-01

This document is being provided as part of ITT's NASA Glenn Research Center Aerospace Communication Systems Technical Support (ACSTS) contract NNC05CA85C, Task 7: "New ATM Requirements--Future Communications, C-Band and L-Band Communications Standard Development." ITT has completed a safety hazard analysis providing a preliminary safety assessment for the proposed L-band (960 to 1164 MHz) terrestrial en route communications system. The assessment was performed following the guidelines outlined in the Federal Aviation Administration Safety Risk Management Guidance for System Acquisitions document. The safety analysis did not identify any hazards with an unacceptable risk, though a number of hazards with a medium risk were documented. This effort represents a preliminary safety hazard analysis and notes the triggers for risk reassessment. A detailed safety hazards analysis is recommended as a follow-on activity to assess particular components of the L-band communication system after the technology is chosen and system rollout timing is determined. The security risk analysis resulted in identifying main security threats to the proposed system as well as noting additional threats recommended for a future security analysis conducted at a later stage in the system development process. The document discusses various security controls, including those suggested in the COCR Version 2.0.

Cyber Threat Assessment of Uplink and Commanding System for Mission Operation

NASA Technical Reports Server (NTRS)

Ko, Adans Y.; Tan, Kymie M. C.; Cilloniz-Bicchi, Ferner; Faris, Grant

2014-01-01

Most of today's Mission Operations Systems (MOS) rely on Ground Data System (GDS) segment to mitigate cyber security risks. Unfortunately, IT security design is done separately from the design of GDS' mission operational capabilities. This incoherent practice leaves many security vulnerabilities in the system without any notice. This paper describes a new way to system engineering MOS, to include cyber threat risk assessments throughout the MOS development cycle, without this, it is impossible to design a dependable and reliable MOS to meet today's rapid changing cyber threat environment.

Three tenets for secure cyber-physical system design and assessment

NASA Astrophysics Data System (ADS)

Hughes, Jeff; Cybenko, George

2014-06-01

This paper presents a threat-driven quantitative mathematical framework for secure cyber-physical system design and assessment. Called The Three Tenets, this originally empirical approach has been used by the US Air Force Research Laboratory (AFRL) for secure system research and development. The Tenets were first documented in 2005 as a teachable methodology. The Tenets are motivated by a system threat model that itself consists of three elements which must exist for successful attacks to occur: - system susceptibility; - threat accessibility and; - threat capability. The Three Tenets arise naturally by countering each threat element individually. Specifically, the tenets are: Tenet 1: Focus on What's Critical - systems should include only essential functions (to reduce susceptibility); Tenet 2: Move Key Assets Out-of-Band - make mission essential elements and security controls difficult for attackers to reach logically and physically (to reduce accessibility); Tenet 3: Detect, React, Adapt - confound the attacker by implementing sensing system elements with dynamic response technologies (to counteract the attackers' capabilities). As a design methodology, the Tenets mitigate reverse engineering and subsequent attacks on complex systems. Quantified by a Bayesian analysis and further justified by analytic properties of attack graph models, the Tenets suggest concrete cyber security metrics for system assessment.

Security systems engineering overview

NASA Astrophysics Data System (ADS)

Steele, Basil J.

1997-01-01

Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at 70 billion dollars in direct costs and up to 300 billion dollars in indirect costs. Health insurance fraud alone is estimated to cost American businesses 100 billion dollars. Theft, warranty fraud, and counterfeiting of computer hardware totaled 3 billion dollars in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies; industrial espionage detection and prevention; security barrier technology.

Remote video assessment for missile launch facilities

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wagner, G.G.; Stewart, W.A.

1995-07-01

The widely dispersed, unmanned launch facilities (LFs) for land-based ICBMs (intercontinental ballistic missiles) currently do not have visual assessment capability for existing intrusion alarms. The security response force currently must assess each alarm on-site. Remote assessment will enhance manpower, safety, and security efforts. Sandia National Laboratories was tasked by the USAF Electronic Systems Center to research, recommend, and demonstrate a cost-effective remote video assessment capability at missile LFs. The project`s charter was to provide: system concepts; market survey analysis; technology search recommendations; and operational hardware demonstrations for remote video assessment from a missile LF to a remote security center viamore » a cost-effective transmission medium and without using visible, on-site lighting. The technical challenges of this project were to: analyze various video transmission media and emphasize using the existing missile system copper line which can be as long as 30 miles; accentuate and extremely low-cost system because of the many sites requiring system installation; integrate the video assessment system with the current LF alarm system; and provide video assessment at the remote sites with non-visible lighting.« less

Risk assessment of integrated electronic health records.

PubMed

Bjornsson, Bjarni Thor; Sigurdardottir, Gudlaug; Stefansson, Stefan Orri

2010-01-01

The paper describes the security concerns related to Electronic Health Records (EHR) both in registration of data and integration of systems. A description of the current state of EHR systems in Iceland is provided, along with the Ministry of Health's future vision and plans. New legislation provides the opportunity for increased integration of EHRs and further collaboration between institutions. Integration of systems, along with greater availability and access to EHR data, requires increased security awareness since additional risks are introduced. The paper describes the core principles of information security as it applies to EHR systems and data. The concepts of confidentiality, integrity, availability, accountability and traceability are introduced and described. The paper discusses the legal requirements and importance of performing risk assessment for EHR data. Risk assessment methodology according to the ISO/IEC 27001 information security standard is described with examples on how it is applied to EHR systems.

Strengthening the Security of ESA Ground Data Systems

NASA Astrophysics Data System (ADS)

Flentge, Felix; Eggleston, James; Garcia Mateos, Marc

2013-08-01

A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.

A review of video security training and assessment-systems and their applications

DOE Office of Scientific and Technical Information (OSTI.GOV)

Cellucci, J.; Hall, R.J.

1991-01-01

This paper reports that during the last 10 years computer-aided video data collection and playback systems have been used as nuclear facility security training and assessment tools with varying degrees of success. These mobile systems have been used by trained security personnel for response force training, vulnerability assessment, force-on-force exercises and crisis management. Typically, synchronous recordings from multiple video cameras, communications audio, and digital sensor inputs; are played back to the exercise participants and then edited for training and briefing. Factors that have influence user acceptance include: frequency of use, the demands placed on security personnel, fear of punishment, usermore » training requirements and equipment cost. The introduction of S-VHS video and new software for scenario planning, video editing and data reduction; should bring about a wider range of security applications and supply the opportunity for significant cost sharing with other user groups.« less

Addressing software security and mitigations in the life cycle

NASA Technical Reports Server (NTRS)

Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

2003-01-01

Traditionally, security is viewed as an organizational and Information Technology (IIJ systems function comprising of Firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach in the software life cycle. The Jet Propulsion Laboratory has approached the problem through the development of an integrated formal Software Security Assessment Instrument (SSAI) with six foci for the software life cycle.

Addressing software security and mitigations in the life cycle

NASA Technical Reports Server (NTRS)

Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

2004-01-01

Traditionally, security is viewed as an organizational and Information Technology (IT) systems function comprising of firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach in the software life cycle. The Jet Propulsion Laboratory has approached the problem through the development of an integrated formal Software Security Assessment Instrument (SSAI) with six foci for the software life cycle.

Cyber Security Assessment Report: Adventium Labs

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

2007-12-31

Major control system components often have life spans of 15-20 years. Many systems in our Nation's critical infrastructure were installed before the Internet became a reality and security was a concern. Consequently, control systems are generally insecure. Security is now being included in the development of new control system devices; however, legacy control systems remain vulnerable. Most efforts to secure control systems are aimed at protecting network borers, but if an intruder gets inside the network these systems are vulnerable to a cyber attack.

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew A.

2014-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to the communication among the military branches legionnaires. With advanced persistent threats (APT's) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning, and configuration of network devices i.e. routers and IDS's/IPS's. In addition, I will be completing security assessments on software and hardware, vulnerability assessments and reporting, and conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew

2013-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere was heightened from Airports to the communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning and configuration of network devices i.e. routers and IDSsIPSs. In addition I will be completing security assessments on software and hardware, vulnerability assessments and reporting, conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, policies and procedures.

Development and application of a new grey dynamic hierarchy analysis system (GDHAS) for evaluating urban ecological security.

PubMed

Shao, Chaofeng; Tian, Xiaogang; Guan, Yang; Ju, Meiting; Xie, Qiang

2013-05-21

Selecting indicators based on the characteristics and development trends of a given study area is essential for building a framework for assessing urban ecological security. However, few studies have focused on how to select the representative indicators systematically, and quantitative research is lacking. We developed an innovative quantitative modeling approach called the grey dynamic hierarchy analytic system (GDHAS) for both the procedures of indicator selection and quantitative assessment of urban ecological security. Next, a systematic methodology based on the GDHAS is developed to assess urban ecological security comprehensively and dynamically. This assessment includes indicator selection, driving force-pressure-state-impact-response (DPSIR) framework building, and quantitative evaluation. We applied this systematic methodology to assess the urban ecological security of Tianjin, which is a typical coastal super megalopolis and the industry base in China. This case study highlights the key features of our approach. First, 39 representative indicators are selected for the evaluation index system from 62 alternative ones available through the GDHAS. Second, the DPSIR framework is established based on the indicators selected, and the quantitative assessment of the eco-security of Tianjin is conducted. The results illustrate the following: urban ecological security of Tianjin in 2008 was in alert level but not very stable; the driving force and pressure subsystems were in good condition, but the eco-security levels of the remainder of the subsystems were relatively low; the pressure subsystem was the key to urban ecological security; and 10 indicators are defined as the key indicators for five subsystems. These results can be used as the basis for urban eco-environmental management.

Development and Application of a New Grey Dynamic Hierarchy Analysis System (GDHAS) for Evaluating Urban Ecological Security

PubMed Central

Shao, Chaofeng; Tian, Xiaogang; Guan, Yang; Ju, Meiting; Xie, Qiang

2013-01-01

Selecting indicators based on the characteristics and development trends of a given study area is essential for building a framework for assessing urban ecological security. However, few studies have focused on how to select the representative indicators systematically, and quantitative research is lacking. We developed an innovative quantitative modeling approach called the grey dynamic hierarchy analytic system (GDHAS) for both the procedures of indicator selection and quantitative assessment of urban ecological security. Next, a systematic methodology based on the GDHAS is developed to assess urban ecological security comprehensively and dynamically. This assessment includes indicator selection, driving force-pressure-state-impact-response (DPSIR) framework building, and quantitative evaluation. We applied this systematic methodology to assess the urban ecological security of Tianjin, which is a typical coastal super megalopolis and the industry base in China. This case study highlights the key features of our approach. First, 39 representative indicators are selected for the evaluation index system from 62 alternative ones available through the GDHAS. Second, the DPSIR framework is established based on the indicators selected, and the quantitative assessment of the eco-security of Tianjin is conducted. The results illustrate the following: urban ecological security of Tianjin in 2008 was in alert level but not very stable; the driving force and pressure subsystems were in good condition, but the eco-security levels of the remainder of the subsystems were relatively low; the pressure subsystem was the key to urban ecological security; and 10 indicators are defined as the key indicators for five subsystems. These results can be used as the basis for urban eco-environmental management. PMID:23698700

An evaluation index system of water security in China based on macroeconomic data from 2000 to 2012

NASA Astrophysics Data System (ADS)

Li, X. S.; Peng, Z. Y.; Li, T. T.

2016-08-01

This paper establishes an evaluation index system of water security. The index system employs 5 subsystems (water circulation security, water environment security, water ecology security, water society security and water economy security) and has 39 indicators. Using the AHP method, each indicator is given a relative weight to integrate within the whole system. With macroeconomic data from 2000 to 2012, a model of water security evaluation is applied to assess the state of water security in China. The results show an improving trend in the overall state of China's water security. In particular, the cycle of water security is at a high and low fluctuation. Water environment security presents an upward trend on the whole; however, this trend is unsteady and has shown a descending tendency in some years. Yet, water ecology security, water society security, and water economy security are basically on the rise. However, the degree of coordination of China's water security system remains in need of consolidation.

Cyber Security and Resilient Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert S. Anderson

2009-07-01

The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments tomore » date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the next generation fighter jets or nuclear material safeguards systems in complex nuclear fuel cycle facilities. It is the intent of this paper to describe the cyber security programs that are currently in place, the experiences and successes achieved in industry including outreach and training, and suggestions about how other sectors and organizations can leverage this national expertise to help their monitoring and control systems become more secure.« less

System security in the space flight operations center

NASA Technical Reports Server (NTRS)

Wagner, David A.

1988-01-01

The Space Flight Operations Center is a networked system of workstation-class computers that will provide ground support for NASA's next generation of deep-space missions. The author recounts the development of the SFOC system security policy and discusses the various management and technology issues involved. Particular attention is given to risk assessment, security plan development, security implications of design requirements, automatic safeguards, and procedural safeguards.

Assessment on security system of radioactive sources used in hospitals of Thailand

NASA Astrophysics Data System (ADS)

Jitbanjong, Petchara; Wongsawaeng, Doonyapong

2016-01-01

Unsecured radioactive sources have caused deaths and serious injuries in many parts of the world. In Thailand, there are 17 hospitals that use teletherapy with cobalt-60 radioactive sources. They need to be secured in order to prevent unauthorized removal, sabotage and terrorists from using such materials in a radiological weapon. The security system of radioactive sources in Thailand is regulated by the Office of Atoms for Peace in compliance with Global Threat Reduction Initiative (GTRI), U.S. DOE, which has started to be implemented since 2010. This study aims to perform an assessment on the security system of radioactive sources used in hospitals in Thailand and the results can be used as a recommended baseline data for development or improvement of hospitals on the security system of a radioactive source at a national regulatory level and policy level. Results from questionnaires reveal that in 11 out of 17 hospitals (64.70%), there were a few differences in conditions of hospitals using radioactive sources with installation of the security system and those without installation of the security system. Also, personals working with radioactive sources did not clearly understand the nuclear security law. Thus, government organizations should be encouraged to arrange trainings on nuclear security to increase the level of understanding. In the future, it is recommended that the responsible government organization issues a minimum requirement of nuclear security for every medical facility using radioactive sources.

Risk Assessment of Power System considering the CPS of Transformers

NASA Astrophysics Data System (ADS)

Zhou, Long; Peng, Zewu; Liu, Xindong; Li, Canbing; Chen, Can

2018-02-01

This paper constructs a risk assessment framework of power system for device-level information security, analyzes the typical protection configuration of power transformers, and takes transformer gas protection and differential protection as examples to put forward a method that analyzes the cyber security in electric power system, which targets transformer protection parameters. We estimate the risk of power system accounting for the cyber security of transformer through utilizing Monte Carlo method and two indexes, which are the loss of load probability and the expected demand not supplied. The proposed approach is tested with IEEE 9 bus system and IEEE 118 bus system.

Risk assessment for sustainable food security in China according to integrated food security--taking Dongting Lake area for example.

PubMed

Qi, Xiaoxing; Liu, Liming; Liu, Yabin; Yao, Lan

2013-06-01

Integrated food security covers three aspects: food quantity security, food quality security, and sustainable food security. Because sustainable food security requires that food security must be compatible with sustainable development, the risk assessment of sustainable food security is becoming one of the most important issues. This paper mainly focuses on the characteristics of sustainable food security problems in the major grain-producing areas in China. We establish an index system based on land resources and eco-environmental conditions and apply a dynamic assessment method based on status assessments and trend analysis models to overcome the shortcomings of the static evaluation method. Using fuzzy mathematics, the risks are categorized into four grades: negligible risk, low risk, medium risk, and high risk. A case study was conducted in one of China's major grain-producing areas: Dongting Lake area. The results predict that the status of the sustainable food security in the Dongting Lake area is unsatisfactory for the foreseeable future. The number of districts at the medium-risk range will increase from six to ten by 2015 due to increasing population pressure, a decrease in the cultivated area, and a decrease in the effective irrigation area. Therefore, appropriate policies and measures should be put forward to improve it. The results could also provide direct support for an early warning system-which could be used to monitor food security trends or nutritional status so to inform policy makers of impending food shortages-to prevent sustainable food security risk based on some classical systematic methods. This is the first research of sustainable food security in terms of risk assessment, from the perspective of resources and the environment, at the regional scale.

Information Systems Security Job Advertisement Analysis: Skills Review and Implications for Information Systems Curriculum

ERIC Educational Resources Information Center

Brooks, Nita G.; Greer, Timothy H.; Morris, Steven A.

2018-01-01

The authors' focus was the assessment of skill requirements for information systems security positions to understand expectations for security jobs and to highlight issues relevant to curriculum management. The analysis of 798 job advertisements involved the exploration of domain-related and soft skills as well as degree and certification…

Security Risk Assessment Process for UAS in the NAS CNPC Architecture

NASA Technical Reports Server (NTRS)

Iannicca, Dennis C.; Young, Dennis P.; Thadani, Suresh K.; Winter, Gilbert A.

2013-01-01

This informational paper discusses the risk assessment process conducted to analyze Control and Non-Payload Communications (CNPC) architectures for integrating civil Unmanned Aircraft Systems (UAS) into the National Airspace System (NAS). The assessment employs the National Institute of Standards and Technology (NIST) Risk Management framework to identify threats, vulnerabilities, and risks to these architectures and recommends corresponding mitigating security controls. This process builds upon earlier work performed by RTCA Special Committee (SC) 203 and the Federal Aviation Administration (FAA) to roadmap the risk assessment methodology and to identify categories of information security risks that pose a significant impact to aeronautical communications systems. A description of the deviations from the typical process is described in regards to this aeronautical communications system. Due to the sensitive nature of the information, data resulting from the risk assessment pertaining to threats, vulnerabilities, and risks is beyond the scope of this paper.

Security Risk Assessment Process for UAS in the NAS CNPC Architecture

NASA Technical Reports Server (NTRS)

Iannicca, Dennis Christopher; Young, Daniel Paul; Suresh, Thadhani; Winter, Gilbert A.

2013-01-01

This informational paper discusses the risk assessment process conducted to analyze Control and Non-Payload Communications (CNPC) architectures for integrating civil Unmanned Aircraft Systems (UAS) into the National Airspace System (NAS). The assessment employs the National Institute of Standards and Technology (NIST) Risk Management framework to identify threats, vulnerabilities, and risks to these architectures and recommends corresponding mitigating security controls. This process builds upon earlier work performed by RTCA Special Committee (SC) 203 and the Federal Aviation Administration (FAA) to roadmap the risk assessment methodology and to identify categories of information security risks that pose a significant impact to aeronautical communications systems. A description of the deviations from the typical process is described in regards to this aeronautical communications system. Due to the sensitive nature of the information, data resulting from the risk assessment pertaining to threats, vulnerabilities, and risks is beyond the scope of this paper

Model based verification of the Secure Socket Layer (SSL) Protocol for NASA systems

NASA Technical Reports Server (NTRS)

Powell, John D.; Gilliam, David

2004-01-01

The National Aeronautics and Space Administration (NASA) has tens of thousands of networked computer systems and applications. Software Security vulnerabilities present risks such as lost or corrupted data, information theft, and unavailability of critical systems. These risks represent potentially enormous costs to NASA. The NASA Code Q research initiative 'Reducing Software Security Risk (RSSR) Trough an Integrated Approach' offers formal verification of information technology (IT), through the creation of a Software Security Assessment Instrument (SSAI), to address software security risks.

ENVIRONMENTAL RISK ASSESSMENTS OF OIL AND GAS ACTIVITIES USING NATIONAL SECURITY AND CIVILIAN DATA SOURCES

EPA Science Inventory

The national security systems (NSS) of Russia and the United States have been used for more than three decades to monitor each other's military and economic infrastructure. These high-resolution imaging systems can provide unique data for assessing a wide range of environmental i...

Network Security Risk Assessment System Based on Attack Graph and Markov Chain

NASA Astrophysics Data System (ADS)

Sun, Fuxiong; Pi, Juntao; Lv, Jin; Cao, Tian

2017-10-01

Network security risk assessment technology can be found in advance of the network problems and related vulnerabilities, it has become an important means to solve the problem of network security. Based on attack graph and Markov chain, this paper provides a Network Security Risk Assessment Model (NSRAM). Based on the network infiltration tests, NSRAM generates the attack graph by the breadth traversal algorithm. Combines with the international standard CVSS, the attack probability of atomic nodes are counted, and then the attack transition probabilities of ones are calculated by Markov chain. NSRAM selects the optimal attack path after comprehensive measurement to assessment network security risk. The simulation results show that NSRAM can reflect the actual situation of network security objectively.

Assessment on security system of radioactive sources used in hospitals of Thailand

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jitbanjong, Petchara, E-mail: petcharajit@gmail.com; Wongsawaeng, Doonyapong

Unsecured radioactive sources have caused deaths and serious injuries in many parts of the world. In Thailand, there are 17 hospitals that use teletherapy with cobalt-60 radioactive sources. They need to be secured in order to prevent unauthorized removal, sabotage and terrorists from using such materials in a radiological weapon. The security system of radioactive sources in Thailand is regulated by the Office of Atoms for Peace in compliance with Global Threat Reduction Initiative (GTRI), U.S. DOE, which has started to be implemented since 2010. This study aims to perform an assessment on the security system of radioactive sources usedmore » in hospitals in Thailand and the results can be used as a recommended baseline data for development or improvement of hospitals on the security system of a radioactive source at a national regulatory level and policy level. Results from questionnaires reveal that in 11 out of 17 hospitals (64.70%), there were a few differences in conditions of hospitals using radioactive sources with installation of the security system and those without installation of the security system. Also, personals working with radioactive sources did not clearly understand the nuclear security law. Thus, government organizations should be encouraged to arrange trainings on nuclear security to increase the level of understanding. In the future, it is recommended that the responsible government organization issues a minimum requirement of nuclear security for every medical facility using radioactive sources.« less

SMART Security Cooperation Objectives: Improving DoD Planning and Guidance

DTIC Science & Technology

2016-01-01

integrate them into a system for assessing, monitoring, and evaluating security cooperation programs and activities. This report evaluates DoD’s...effectiveness in developing SMART security coopera- tion objectives that facilitate assessment, monitoring, and evaluation . It also proposes a systematic...Cooperation Ends, Ways, and Means . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 RAND Evaluation and Revision of Selected

Complex method to calculate objective assessments of information systems protection to improve expert assessments reliability

NASA Astrophysics Data System (ADS)

Abdenov, A. Zh; Trushin, V. A.; Abdenova, G. A.

2018-01-01

The paper considers the questions of filling the relevant SIEM nodes based on calculations of objective assessments in order to improve the reliability of subjective expert assessments. The proposed methodology is necessary for the most accurate security risk assessment of information systems. This technique is also intended for the purpose of establishing real-time operational information protection in the enterprise information systems. Risk calculations are based on objective estimates of the adverse events implementation probabilities, predictions of the damage magnitude from information security violations. Calculations of objective assessments are necessary to increase the reliability of the proposed expert assessments.

School Security and Crisis Preparedness: Make It Your Business.

ERIC Educational Resources Information Center

Trump, Kenneth S.

1999-01-01

The top five security risks in today's schools include aggressive behavior, weapons possession or use, drug trafficking, gangs, and "stranger danger." Home-made bomb threats are common. This article also discusses security system costs, risk-reduction frameworks, security assessments, crisis-preparedness guidelines, and security-related…

An evaluation of security measures implemented to address physical threats to water infrastructure in the state of Mississippi.

PubMed

Barrett, Jason R; French, P Edward

2013-01-01

The events of September 11, 2001, increased and intensified domestic preparedness efforts in the United States against terrorism and other threats. The heightened focus on protecting this nation's critical infrastructure included legislation requiring implementation of extensive new security measures to better defend water supply systems against physical, chemical/biological, and cyber attacks. In response, municipal officials have implemented numerous safeguards to reduce the vulnerability of these systems to purposeful intrusions including ongoing vulnerability assessments, extensive personnel training, and highly detailed emergency response and communication plans. This study evaluates fiscal year 2010 annual compliance assessments of public water systems with security measures that were implemented by Mississippi's Department of Health as a response to federal requirements to address these potential terrorist threats to water distribution systems. The results show that 20 percent of the water systems in this state had at least one security violation on their 2010 Capacity Development Assessment, and continued perseverance from local governments is needed to enhance the resiliency and robustness of these systems against physical threats.

Security systems engineering overview

DOE Office of Scientific and Technical Information (OSTI.GOV)

Steele, B.J.

Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, andmore » counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.).« less

US-CERT Control System Center Input/Output (I/O) Conceputal Design

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

2005-02-01

This document was prepared for the US-CERT Control Systems Center of the National Cyber Security Division (NCSD) of the Department of Homeland Security (DHS). DHS has been tasked under the Homeland Security Act of 2002 to coordinate the overall national effort to enhance the protection of the national critical infrastructure. Homeland Security Presidential Directive HSPD-7 directs the federal departments to identify and prioritize critical infrastructure and protect it from terrorist attack. The US-CERT National Strategy for Control Systems Security was prepared by the NCSD to address the control system security component addressed in the National Strategy to Secure Cyberspace andmore » the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. The US-CERT National Strategy for Control Systems Security identified five high-level strategic goals for improving cyber security of control systems; the I/O upgrade described in this document supports these goals. The vulnerability assessment Test Bed, located in the Information Operations Research Center (IORC) facility at Idaho National Laboratory (INL), consists of a cyber test facility integrated with multiple test beds that simulate the nation's critical infrastructure. The fundamental mission of the Test Bed is to provide industry owner/operators, system vendors, and multi-agency partners of the INL National Security Division a platform for vulnerability assessments of control systems. The Input/Output (I/O) upgrade to the Test Bed (see Work Package 3.1 of the FY-05 Annual Work Plan) will provide for the expansion of assessment capabilities within the IORC facility. It will also provide capabilities to connect test beds within the Test Range and other Laboratory resources. This will allow real time I/O data input and communication channels for full replications of control systems (Process Control Systems [PCS], Supervisory Control and Data Acquisition Systems [SCADA], and components). This will be accomplished through the design and implementation of a modular infrastructure of control system, communications, networking, computing and associated equipment, and measurement/control devices. The architecture upgrade will provide a flexible patching system providing a quick ''plug and play''configuration through various communication paths to gain access to live I/O running over specific protocols. This will allow for in-depth assessments of control systems in a true-to-life environment. The full I/O upgrade will be completed through a two-phased approach. Phase I, funded by DHS, expands the capabilities of the Test Bed by developing an operational control system in two functional areas, the Science & Technology Applications Research (STAR) Facility and the expansion of various portions of the Test Bed. Phase II (see Appendix A), funded by other programs, will complete the full I/O upgrade to the facility.« less

Assessing Children's Appraisals of Security in the Family System: The Development of the Security in the Family System (SIFS) Scales

ERIC Educational Resources Information Center

Forman, Evan M.; Davies, Patrick T.

2005-01-01

Background: Although delineating the processes by which children appraise the family as a source of security from their collective experiences in the family subsystem has assumed center stage in many conceptualizations of child development, the dearth of measures of child adaptation in the family system has hindered empirical advances. Therefore,…

An integrated water-energy-food-livelihoods approach for assessing environmental livelihood security

NASA Astrophysics Data System (ADS)

Biggs, E. M.; Duncan, J.; Boruff, B.; Bruce, E.; Neef, A.; McNeill, K.; van Ogtrop, F. F.; Haworth, B.; Duce, S.; Horsley, J.; Pauli, N.; Curnow, J.; Imanari, Y.

2015-12-01

Environmental livelihood security refers to the challenges of maintaining global food security and universal access to freshwater and energy to sustain livelihoods and promote inclusive economic growth, whilst sustaining key environmental systems' functionality, particularly under variable climatic regimes. Environmental security is a concept complementary to sustainable development, and considers the increased vulnerability people have to certain environmental stresses, such as climatic change. Bridging links between the core component concepts of environmental security is integral to future human security, and in an attempt to create this bridge, the nexus approach to human protection has been created, where water resource availability underpins food, water and energy security. The water-energy-food nexus has an influential role in attaining human security, yet little research has made the link between the nexus and livelihoods. In this research we provide a critical appraisal of the synergies between water-energy-food nexus framings and sustainable livelihoods approaches, both of which aim to promote sustainable development. In regions where livelihoods are dependent on environmental conditions, the concept of sustainable development is critical for ensuring future environmental and human security. Given our appraisal we go on to develop an integrated framework for assessing environmental livelihood security of multiscale and multi-level systems. This framework provides a tangible approach for assessing changes in the water-energy-food-livelihood indicators of a system. Examples of where system applications may occur are discussed for the Southeast Asia and Oceania region. Our approach will be particularly useful for policy-makers to inform evidence-based decision-making, especially in localities where climate change increases the vulnerability of impoverished communities and extenuates environmental livelihood insecurity.

Sandia National Laboratories: National Security Missions: International

Science.gov Websites

Programs Environmental Responsibility Environmental Management System Pollution Prevention History 60 ; Security Weapons Science & Technology Defense Systems & Assessments About Defense Systems & ; Development Technology Deployment Centers Working With Sandia Working With Sandia Prospective Suppliers What

77 FR 71430 - New Agency Information Collection Activity Under OMB Review: Public Transportation Baseline...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-30

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration New Agency Information Collection Activity Under OMB Review: Public Transportation Baseline Assessment for Security Enhancement... voluntary site visits with security and operating officials of public transportation systems. This program...

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

NASA Technical Reports Server (NTRS)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

Secure, safe, and sensitive solutions.

PubMed

Hughan, Tina

2012-04-01

Tabloid sensationalism aside, the increase in attacks on health service workers has led to many hospitals and healthcare facilities re-assessing their security systems. Here, Tina Hughan, head of marketing for specialist in door opening systems, Assa Abloy, gives her view on how security providers can help healthcare estates and facilities teams to cope with this disturbing trend.

Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hadley, Mark D.; Clements, Samuel L.

2009-01-01

Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets aremore » considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.« less

Cyber security best practices for the nuclear industry

DOE Office of Scientific and Technical Information (OSTI.GOV)

Badr, I.

2012-07-01

When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

Common Operating Picture: UAV Security Study

NASA Technical Reports Server (NTRS)

2004-01-01

This initial communication security study is a top-level assessment of basic security issues related to the operation of Unmanned Aerial Vehicles (UAVs) in the National Airspace System (NAS). Security considerations will include information relating to the use of International Civil Aviation Organization (ICAO) Aeronautical Telecommunications Network (ATN) protocols and applications identifying their maturity, as well as the use of IPV4 and a version of mobile IPV6. The purpose of this assessment is to provide an initial analysis of the security implications of introducing UAVs into the NAS.

Assessment of the potential enhancement of rural food security in Mexico using decision tree land use classification on medium resolution satellite imagery

NASA Astrophysics Data System (ADS)

Bermeo, A.; Couturier, S.

2017-01-01

Because of its renewed importance in international agendas, food security in sub-tropical countries has been the object of studies at different scales, although the spatial components of food security are still largely undocumented. Among other aspects, food security can be assessed using a food selfsufficiency index. We propose a spatial representation of this assessment in the densely populated rural area of the Huasteca Poblana, Mexico, where there is a known tendency towards the loss of selfsufficiency of basic grains. The main agricultural systems in this area are the traditional milpa (a multicrop practice with maize as the main basic crop) system, coffee plantations and grazing land for bovine livestock. We estimate a potential additional milpa - based maize production by smallholders identifying the presence of extensive coffee and pasture systems in the production data of the agricultural census. The surface of extensive coffee plantations and pasture land were estimated using the detailed coffee agricultural census data, and a decision tree combining unsupervised and supervised spectral classification techniques of medium scale (Landsat) satellite imagery. We find that 30% of the territory would benefit more than 50% increment in food security and 13% could theoretically become maize self-sufficient from the conversion of extensive systems to the traditional multicrop milpa system.

Vulnerability mitigation : technology assessment and deployment

DOT National Transportation Integrated Search

2003-01-01

Because of the new terrorist threats since the September 11, 2001 attacks, rapid development, prototyping, and deployment of systems has been necessary. A well integrated physical security system that combines state of the art security and informatio...

Threats to information security of real-time disease surveillance systems.

PubMed

Henriksen, Eva; Johansen, Monika A; Baardsgaard, Anders; Bellika, Johan G

2009-01-01

This paper presents the main results from a qualitative risk assessment of information security aspects for a new real-time disease surveillance approach in general, and for the Snow surveillance system in particular. All possible security threats and acceptable solutions, and the implications these solutions had to the design of the system, were discussed. Approximately 30 threats were identified. None of these got an unacceptable high risk level originally, but two got medium risk level, of which one was concluded to be unacceptable after further investigation. Of the remaining low risk threats, some have severe consequence, thus requiring particular assessment. Since it is very important to identify and solve all security threats before real-time solutions can be used in a wide scale, additional investigations are needed.

7 CFR 1730.20 - General.

Code of Federal Regulations, 2010 CFR

2010-01-01

..., individually or regionally performing a system security Vulnerability and Risk Assessment (VRA), establishing... electrical condition and security of its electric system and for the quality of services provided to its... sufficient resources to operate and maintain its system and annually exercise its ERP in accordance with the...

78 FR 9951 - Excepted Service

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-12

...) Not to exceed 3000 positions that require unique cyber security skills and knowledge to perform cyber..., distributed control systems security, cyber incident response, cyber exercise facilitation and management, cyber vulnerability detection and assessment, network and systems engineering, enterprise architecture...

Fuzzy assessment of health information system users' security awareness.

PubMed

Aydın, Özlem Müge; Chouseinoglou, Oumout

2013-12-01

Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.

A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks.

PubMed

Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

2015-12-17

Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism.

A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks

PubMed Central

Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

2015-01-01

Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism. PMID:26694409

Application Mail Tracking Using RSA Algorithm As Security Data and HOT-Fit a Model for Evaluation System

NASA Astrophysics Data System (ADS)

Permadi, Ginanjar Setyo; Adi, Kusworo; Gernowo, Rahmad

2018-02-01

RSA algorithm give security in the process of the sending of messages or data by using 2 key, namely private key and public key .In this research to ensure and assess directly systems are made have meet goals or desire using a comprehensive evaluation methods HOT-Fit system .The purpose of this research is to build a information system sending mail by applying methods of security RSA algorithm and to evaluate in uses the method HOT-Fit to produce a system corresponding in the faculty physics. Security RSA algorithm located at the difficulty of factoring number of large coiled factors prima, the results of the prime factors has to be done to obtain private key. HOT-Fit has three aspects assessment, in the aspect of technology judging from the system status, the quality of system and quality of service. In the aspect of human judging from the use of systems and satisfaction users while in the aspect of organization judging from the structure and environment. The results of give a tracking system sending message based on the evaluation acquired.

Matching food security analysis to context: the experience of the Somalia food security assessment unit.

PubMed

Hemrich, Günter

2005-06-01

This case study reviews the experience of the Somalia Food Security Assessment Unit (FSAU) of operating a food security information system in the context of a complex emergency. In particular, it explores the linkages between selected features of the protracted crisis environment in Somalia and conceptual and operational aspects of food security information work. The paper specifically examines the implications of context characteristics for the establishment and operations of the FSAU field monitoring component and for the interface with information users and their diverse information needs. It also analyses the scope for linking food security and nutrition analysis and looks at the role of conflict and gender analysis in food security assessment work. Background data on the food security situation in Somalia and an overview of some key features of the FSAU set the scene for the case study. The paper is targeted at those involved in designing, operating and funding food security information activities.

Sandia National Laboratories: National Security Missions: International

Science.gov Websites

; Security Weapons Science & Technology Defense Systems & Assessments About Defense Systems & ; Development Technology Deployment Centers Working With Sandia Working With Sandia Prospective Suppliers What Information Construction & Facilities Contract Audit Sandia's Economic Impact Licensing & Technology

Cross-Layer Damage Assessment for Cyber Situational Awareness

NASA Astrophysics Data System (ADS)

Liu, Peng; Jia, Xiaoqi; Zhang, Shengzhi; Xiong, Xi; Jhi, Yoon-Chan; Bai, Kun; Li, Jason

Damage assessment plays a very important role in securing enterprise networks and systems. Gaining good awareness about the effects and impact of cyber attack actions would enable security officers to make the right cyber defense decisions and take the right cyber defense actions. A good number of damage assessment techniques have been proposed in the literature, but they typically focus on a single abstraction level (of the software system in concern). As a result, existing damage assessment techniques and tools are still very limited in satisfying the needs of comprehensive damage assessment which should not result in any “blind spots”.

Situated Usability Testing for Security Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Greitzer, Frank L.

2011-03-02

While usability testing is well established, assessing the usability of security software, tools, or methods deserves more careful consideration. It has been argued that dealing with security has become too difficult for individuals or organizations to manage effectively or to use conveniently. As difficult as it is for system administrators and developers to deal with, security is even more challenging for casual users. Indeed, it is much too easy for casual/home users to configure the security of their systems in non-optimal ways that leave their systems inadvertently insecure. This is exacerbated by the fact that casual users are focused onmore » matters other than security, and likely would prefer not even to think about security. This brief report argues that when security and/or privacy are part of the equation, traditional methods for usability testing should be re-considered. The purpose of this brief report is to argue for and outline a method associated with a new approach to usability testing for examining usable security issues.« less

[Assessment on ecological security spatial differences of west areas of Liaohe River based on GIS].

PubMed

Wang, Geng; Wu, Wei

2005-09-01

Ecological security assessment and early warning research have spatiality; non-linearity; randomicity, it is needed to deal with much spatial information. Spatial analysis and data management are advantages of GIS, it can define distribution trend and spatial relations of environmental factors, and show ecological security pattern graphically. The paper discusses the method of ecological security spatial differences of west areas of Liaohe River based on GIS and ecosystem non-health. First, studying on pressure-state-response (P-S-R) assessment indicators system, investigating in person and gathering information; Second, digitizing the river, applying fuzzy AHP to put weight, quantizing and calculating by fuzzy comparing; Last, establishing grid data-base; expounding spatial differences of ecological security by GIS Interpolate and Assembly.

Steady state security assessment in deregulated power systems

NASA Astrophysics Data System (ADS)

Manjure, Durgesh Padmakar

Power system operations are undergoing changes, brought about primarily due to deregulation and subsequent restructuring of the power industry. The primary intention of the introduction of deregulation in power systems was to bring about competition and improved customer focus. The underlying motive was increased economic benefit. Present day power system analysis is much different than what it was earlier, essentially due to the transformation of the power industry from being cost-based to one that is price-based and due to open access of transmission networks to the various market participants. Power is now treated as a commodity and is traded in an open market. The resultant interdependence of the technical criteria and the economic considerations has only accentuated the need for accurate analysis in power systems. The main impetus in security analysis studies is on efficient assessment of the post-contingency status of the system, accuracy being of secondary consideration. In most cases, given the time frame involved, it is not feasible to run a complete AC load flow for determining the post-contingency state of the system. Quite often, it is not warranted as well, as an indication of the state of the system is desired rather than the exact quantification of the various state variables. With the inception of deregulation, transmission networks are subjected to a host of multilateral transactions, which would influence physical system quantities like real power flows, security margins and voltage levels. For efficient asset utilization and maximization of the revenue, more often than not, transmission networks are operated under stressed conditions, close to security limits. Therefore, a quantitative assessment of the extent to which each transaction adversely affects the transmission network is required. This needs to be done accurately as the feasibility of the power transactions and subsequent decisions (execution, curtailment, pricing) would depend upon the outcome of the analysis. Also considering the large number of transactions occurring in the power market, and the massive sizes of transmission networks, the need for efficient analysis techniques is further highlighted. Thus on the whole, for present-day power systems, security assessment has acquired predominant importance. The primary emphasis of the work done in this dissertation is on development of techniques for fast assessment of the state of the transmission network following credible contingencies in traditional and deregulated power systems. In addition, methodologies for optimal correction strategies in the event of violation of security limits are also proposed. The work done can be enumerated as: (1) development of fast methods to assess the state of the transmission network from the point of view of loading margin and power flows, following increased loading conditions and line outages; (2) development of a comprehensive scheme to assess the impact of bilateral transactions on the operating state of the network; (3) optimal rescheduling of generation and curtailable loads for relieving the system of congestion and simultaneously maximizing the security margins.

Securing PCs and Data in Libraries and Schools: A Handbook with Menuing, Anti-Virus, and Other Protective Software.

ERIC Educational Resources Information Center

Benson, Allen C.

This handbook is designed to help readers identify and eliminate security risks, with sound recommendations and library-tested security software. Chapter 1 "Managing Your Facilities and Assessing Your Risks" addresses fundamental management responsibilities including planning for a secure system, organizing computer-related information, assessing…

Evaluation on Electronic Securities Settlements Systems by AHP Methods

NASA Astrophysics Data System (ADS)

Fukaya, Kiyoyuki; Komoda, Norihisa

Accompanying the spread of Internet and the change of business models, electronic commerce expands buisness areas. Electronic finance commerce becomes popular and especially online security tradings becoome very popular in this area. This online securitiy tradings have some good points such as less mistakes than telephone calls. In order to expand this online security tradings, the transfer of the security paper is one the largest problems to be solved. Because it takes a few days to transfer the security paper from a seller to a buyer. So the dematerialization of security papers is one of the solutions. The demterilization needs the information systems for setteling security. Some countries such as France, German, United Kingdom and U.S.A. have been strating the dematerialization projects. The legacy assesments on these projects focus from the viewpoint of the legal schemes only and there is no assessment from system architectures. This paper focuses on the information system scheme and valuates these dematerlization projects by AHP methods from the viewpoints of “dematerializaion of security papers", “speed of transfer", “usefulness on the system" and “accumulation of risks". This is the first case of valuations on security settlements systems by AHP methods, especially four counties’ systems.

C-Band Airport Surface Communications System Engineering-Initial High-Level Safety Risk Assessment and Mitigation

NASA Technical Reports Server (NTRS)

Zelkin, Natalie; Henriksen, Stephen

2011-01-01

This document is being provided as part of ITT's NASA Glenn Research Center Aerospace Communication Systems Technical Support (ACSTS) contract: "New ATM Requirements--Future Communications, C-Band and L-Band Communications Standard Development." ITT has completed a safety hazard analysis providing a preliminary safety assessment for the proposed C-band (5091- to 5150-MHz) airport surface communication system. The assessment was performed following the guidelines outlined in the Federal Aviation Administration Safety Risk Management Guidance for System Acquisitions document. The safety analysis did not identify any hazards with an unacceptable risk, though a number of hazards with a medium risk were documented. This effort represents an initial high-level safety hazard analysis and notes the triggers for risk reassessment. A detailed safety hazards analysis is recommended as a follow-on activity to assess particular components of the C-band communication system after the profile is finalized and system rollout timing is determined. A security risk assessment has been performed by NASA as a parallel activity. While safety analysis is concerned with a prevention of accidental errors and failures, the security threat analysis focuses on deliberate attacks. Both processes identify the events that affect operation of the system; and from a safety perspective the security threats may present safety risks.

Privacy Act System of Records: Libby Asbestos Exposure Assessment Records, EPA-48

EPA Pesticide Factsheets

Learn about the Libby Asbestos Exposure Assessment Records System, including who is covered in the system, the purpose of data collection, routine uses for the system's records, and other security procedure.

Safe teleradiology: information assurance as project planning methodology.

PubMed

Collmann, Jeff; Alaoui, Adil; Nguyen, Dan; Lindisch, David

2005-01-01

The Georgetown University Medical Center Department of Radiology used a tailored version of OCTAVE, a self-directed information security risk assessment method, to design a teleradiology system that complied with the regulation implementing the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The system addressed threats to and vulnerabilities in the privacy and security of protected health information. By using OCTAVE, Georgetown identified the teleradiology program's critical assets, described threats to the assurance of those assets, developed and ran vulnerability scans of a system pilot, evaluated the consequences of security breaches, and developed a risk management plan to mitigate threats to program assets, thereby implementing good information assurance practices. This case study illustrates the basic point that prospective, comprehensive planning to protect the privacy and security of an information system strategically benefits program management as well as system security.

48 CFR 832.202-4 - Security for Government financing.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 5 2012-10-01 2012-10-01 false Security for Government... for Government financing. An offeror's financial condition may be considered adequate security to protect the Government's interest when the Government provides contract financing. In assessing the...

48 CFR 832.202-4 - Security for Government financing.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Security for Government... for Government financing. An offeror's financial condition may be considered adequate security to protect the Government's interest when the Government provides contract financing. In assessing the...

Acquisition Systems Protection Planning the Manhatten Project: A Case Study

DTIC Science & Technology

1994-06-03

This study examines the counterintelligence and security programs of the Manhattan Project , the United States acquisition of the atomic bomb, using...assessment methodology and counterintelligence techniques and procedures. Acquisition systems, Program protection, Manhattan Project , Atomic bomb, Technology protection, Counterintelligence, Security.

Risk assessment of climate systems for national security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Backus, George A.; Boslough, Mark Bruce Elrick; Brown, Theresa Jean

2012-10-01

Climate change, through drought, flooding, storms, heat waves, and melting Arctic ice, affects the production and flow of resource within and among geographical regions. The interactions among governments, populations, and sectors of the economy require integrated assessment based on risk, through uncertainty quantification (UQ). This project evaluated the capabilities with Sandia National Laboratories to perform such integrated analyses, as they relate to (inter)national security. The combining of the UQ results from climate models with hydrological and economic/infrastructure impact modeling appears to offer the best capability for national security risk assessments.

Food Security Framings within the UK and the Integration of Local Food Systems

ERIC Educational Resources Information Center

Kirwan, James; Maye, Damian

2013-01-01

This paper provides a critical interpretation of food security politics in the UK. It applies the notion of food security collective action frames to assess how specific action frames are maintained and contested. The interdependency between scale and framing in food security discourse is also scrutinised. It does this through an examination of…

Assessment of risks of EMI for personal medical electronic devices (PMEDs) from emissions of millimeter-wave security screening systems

NASA Astrophysics Data System (ADS)

Witters, Donald; Bassen, Howard; Guag, Joshua; Addissie, Bisrat; LaSorte, Nickolas; Rafai, Hazem

2013-06-01

This paper describes research and testing of a representative group of high priority body worn and implantable personal medical electronic devices (PMEDs) for exposure to millimeter wave (MMW) advanced imaging technology (AIT) security systems used at airports. The sample PMEDs included in this study were implantable cardiac pacemakers, ICDs, neurostimulators and insulin pumps. These PMEDs are designed and tested for susceptibility to electromagnetic interference (EMI) under the present standards for medical device electromagnetic compatibility (EMC). However, the present standards for medical equipment do not address exposure to the much higher frequency fields that are emitted by MMW security systems. Initial AIT emissions measurements were performed to assess the PMED and passenger exposures. Testing protocols were developed and testing methods were tailored to the type of PMED. In addition, a novel exposure simulation system was developed to allow controlled EMC testing without the need of the MMW AIT system. Methodology, test results, and analysis are presented, along with an assessment of the human exposure and risks for PMED users. The results on this study reveal no effects on the medical devices from the exposure to the MMW security system. Furthermore, the human exposure measurements and analysis showed levels well below applicable standard, and the risks for PMED users and others we assessed to be very low. These findings apply to the types of PMEDs used in the study though these findings might suggest that the risks for other, similar PMEDs would likely be similar.

Managing security risks for inter-organisational information systems: a multiagent collaborative model

NASA Astrophysics Data System (ADS)

Feng, Nan; Wu, Harris; Li, Minqiang; Wu, Desheng; Chen, Fuzan; Tian, Jin

2016-09-01

Information sharing across organisations is critical to effectively managing the security risks of inter-organisational information systems. Nevertheless, few previous studies on information systems security have focused on inter-organisational information sharing, and none have studied the sharing of inferred beliefs versus factual observations. In this article, a multiagent collaborative model (MACM) is proposed as a practical solution to assess the risk level of each allied organisation's information system and support proactive security treatment by sharing beliefs on event probabilities as well as factual observations. In MACM, for each allied organisation's information system, we design four types of agents: inspection agent, analysis agent, control agent, and communication agent. By sharing soft findings (beliefs) in addition to hard findings (factual observations) among the organisations, each organisation's analysis agent is capable of dynamically predicting its security risk level using a Bayesian network. A real-world implementation illustrates how our model can be used to manage security risks in distributed information systems and that sharing soft findings leads to lower expected loss from security risks.

Security Policy and Infrastructure in the Context of a Multi-Centeric Information System Dedicated to Autism Spectrum Disorder.

PubMed

Ben Said, Mohamed; Robel, Laurence; Golse, Bernard; Jais, Jean Philippe

2017-01-01

Autism spectrum disorders (ASD) are complex neuro-developmental disorders affecting children in their early age. The diagnosis of ASD relies on multidisciplinary investigations, in psychiatry, neurology, genetics, electrophysiology, neuro-imagery, audiology and ophthalmology. In order to support clinicians, researchers and public health decision makers, we designed an information system dedicated to ASD, called TEDIS. TEDIS was designed to manage systematic, exhaustive and continuous multi-centric patient data collection via secured Internet connections. In this paper, we present the security policy and security infrastructure we developed to protect ASD' patients' clinical data and patients' privacy. We tested our system on 359 ASD patient records in a local secured intranet environment and showed that the security system is functional, with a consistent, transparent and safe encrypting-decrypting behavior. It is ready for deployment in the nine ASD expert assessment centers in the Ile de France district.

Applying New Network Security Technologies to SCADA Systems.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hurd, Steven A; Stamp, Jason Edwin; Duggan, David P

2006-11-01

Supervisory Control and Data Acquisition (SCADA) systems for automation are very important for critical infrastructure and manufacturing operations. They have been implemented to work in a number of physical environments using a variety of hardware, software, networking protocols, and communications technologies, often before security issues became of paramount concern. To offer solutions to security shortcomings in the short/medium term, this project was to identify technologies used to secure "traditional" IT networks and systems, and then assess their efficacy with respect to SCADA systems. These proposed solutions must be relatively simple to implement, reliable, and acceptable to SCADA owners and operators.more » 4This page intentionally left blank.« less

How to Perform a Security Audit: Is Your School's or District's Network Vulnerable?

ERIC Educational Resources Information Center

Dark, Melissa; Poftak, Amy

2004-01-01

In this article, the authors address the importance of taking a proactive approach to securing a school's network. To do this, it is first required to know the system's specific vulnerabilities and what steps to take to reduce them. The formal process for doing this is known as an information security risk assessment, or a security audit. What…

Flexible and Secure Computer-Based Assessment Using a Single Zip Disk

ERIC Educational Resources Information Center

Ko, C. C.; Cheng, C. D.

2008-01-01

Electronic examination systems, which include Internet-based system, require extremely complicated installation, configuration and maintenance of software as well as hardware. In this paper, we present the design and development of a flexible, easy-to-use and secure examination system (e-Test), in which any commonly used computer can be used as a…

Cyber Security: Assessing Our Vulnerabilities and Developing an Effective Defense

NASA Astrophysics Data System (ADS)

Spafford, Eugene H.

The number and sophistication of cyberattacks continues to increase, but no national policy is in place to confront them. Critical systems need to be built on secure foundations, rather than the cheapest general-purpose platform. A program that combines education in cyber security, increasing resources for law enforcement, development of reliable systems for critical applications, and expanding research support in multiple areas of security and reliability is essential to combat risks that are far beyond the nuisances of spam email and viruses, and involve widespread espionage, theft, and attacks on essential services.

An Information Security Control Assessment Methodology for Organizations

ERIC Educational Resources Information Center

Otero, Angel R.

2014-01-01

In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

Here Today, Here Tomorrow: The Imperative of Collections Security.

ERIC Educational Resources Information Center

Billington, James H.

1996-01-01

The Librarian of Congress addresses the increasing security threats to the collection at the Library of Congress that caused him to close library stacks, increase police patrol, install surveillance cameras and alarm systems, create material inventories, and limit patron privileges. Many of the security functions are being assessed and monitored…

National Aeronautics and Space Administration's (NASA) Automated Information Security Handbook

NASA Technical Reports Server (NTRS)

Roback, E.

1991-01-01

The NASA Automated Information Security Handbook provides NASA's overall approach to automated information systems security including discussions of such aspects as: program goals and objectives, assignment of responsibilities, risk assessment, foreign national access, contingency planning and disaster recovery, awareness training, procurement, certification, planning, and special considerations for microcomputers.

Sensing systems efficiency evaluation and comparison for homeland security and homeland defense

NASA Astrophysics Data System (ADS)

Pakhomov, Alexander A.

2010-04-01

Designers and consumers of various security, intelligence, surveillance and reconnaissance (ISR) systems as well as various unattended ground sensors pay most attention to their commonly used performance characteristics such as probability of a target detection and probability of a false alarm. These characteristics are used for systems comparison and evaluation. However, it is not enough for end-users of these systems as well as for their total/final effectiveness assessment. This article presents and discusses a system approach to an efficiency estimation of the security and ISR systems. Presented approach aims at final result of the system's function and use. It allows setting up reasonable technical and structural requirements for the security and ISR systems, to make trustworthy comparison and practical application planning of such systems. It also allows finding forward-looking, perspective ways of systems development. Presented results can be guidance to both designers and consumers.

Video performance for high security applications.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Connell, Jack C.; Norman, Bradley C.

2010-06-01

The complexity of physical protection systems has increased to address modern threats to national security and emerging commercial technologies. A key element of modern physical protection systems is the data presented to the human operator used for rapid determination of the cause of an alarm, whether false (e.g., caused by an animal, debris, etc.) or real (e.g., a human adversary). Alarm assessment, the human validation of a sensor alarm, primarily relies on imaging technologies and video systems. Developing measures of effectiveness (MOE) that drive the design or evaluation of a video system or technology becomes a challenge, given the subjectivitymore » of the application (e.g., alarm assessment). Sandia National Laboratories has conducted empirical analysis using field test data and mathematical models such as binomial distribution and Johnson target transfer functions to develop MOEs for video system technologies. Depending on the technology, the task of the security operator and the distance to the target, the Probability of Assessment (PAs) can be determined as a function of a variety of conditions or assumptions. PAs used as an MOE allows the systems engineer to conduct trade studies, make informed design decisions, or evaluate new higher-risk technologies. This paper outlines general video system design trade-offs, discusses ways video can be used to increase system performance and lists MOEs for video systems used in subjective applications such as alarm assessment.« less

A GIS-based decision support system for regional eco-security assessment and its application on the Tibetan Plateau.

PubMed

Xiaodan, Wang; Xianghao, Zhong; Pan, Gao

2010-10-01

Regional eco-security assessment is an intricate, challenging task. In previous studies, the integration of eco-environmental models and geographical information systems (GIS) usually takes two approaches: loose coupling and tight coupling. However, the present study used a full coupling approach to develop a GIS-based regional eco-security assessment decision support system (ESDSS). This was achieved by merging the pressure-state-response (PSR) model and the analytic hierarchy process (AHP) into ArcGIS 9 as a dynamic link library (DLL) using ArcObjects in ArcGIS and Visual Basic for Applications. Such an approach makes it easy to capitalize on the GIS visualization and spatial analysis functions, thereby significantly supporting the dynamic estimation of regional eco-security. A case study is presented for the Tibetan Plateau, known as the world's "third pole" after the Arctic and Antarctic. Results verified the usefulness and feasibility of the developed method. As a useful tool, the ESDSS can also help local managers to make scientifically-based and effective decisions about Tibetan eco-environmental protection and land use. Copyright (c) 2010 Elsevier Ltd. All rights reserved.

Concepts for a standard based cross-organisational information security management system in the context of a nationwide EHR.

PubMed

Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald

2013-01-01

Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).

Sandia National Laboratories: National Security Missions: Defense Systems

Science.gov Websites

; Technology Defense Systems & Assessments About Defense Systems & Assessments Program Areas Robotics R&D 100 Awards Laboratory Directed Research & Development Technology Deployment Centers Audit Sandia's Economic Impact Licensing & Technology Transfer Browse Technology Portfolios

Shape-based human detection for threat assessment

NASA Astrophysics Data System (ADS)

Lee, Dah-Jye; Zhan, Pengcheng; Thomas, Aaron; Schoenberger, Robert B.

2004-07-01

Detection of intrusions for early threat assessment requires the capability of distinguishing whether the intrusion is a human, an animal, or other objects. Most low-cost security systems use simple electronic motion detection sensors to monitor motion or the location of objects within the perimeter. Although cost effective, these systems suffer from high rates of false alarm, especially when monitoring open environments. Any moving objects including animals can falsely trigger the security system. Other security systems that utilize video equipment require human interpretation of the scene in order to make real-time threat assessment. Shape-based human detection technique has been developed for accurate early threat assessments for open and remote environment. Potential threats are isolated from the static background scene using differential motion analysis and contours of the intruding objects are extracted for shape analysis. Contour points are simplified by removing redundant points connecting short and straight line segments and preserving only those with shape significance. Contours are represented in tangent space for comparison with shapes stored in database. Power cepstrum technique has been developed to search for the best matched contour in database and to distinguish a human from other objects from different viewing angles and distances.

Wide Area Security Region Final Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Makarov, Yuri V.; Lu, Shuai; Guo, Xinxin

2010-03-31

This report develops innovative and efficient methodologies and practical procedures to determine the wide-area security region of a power system, which take into consideration all types of system constraints including thermal, voltage, voltage stability, transient and potentially oscillatory stability limits in the system. The approach expands the idea of transmission system nomograms to a multidimensional case, involving multiple system limits and parameters such as transmission path constraints, zonal generation or load, etc., considered concurrently. The security region boundary is represented using its piecewise approximation with the help of linear inequalities (so called hyperplanes) in a multi-dimensional space, consisting of systemmore » parameters that are critical for security analyses. The goal of this approximation is to find a minimum set of hyperplanes that describe the boundary with a given accuracy. Methodologies are also developed to use the security hyperplanes, pre-calculated offline, to determine system security margins in real-time system operations, to identify weak elements in the system, and to calculate key contributing factors and sensitivities to determine the best system controls in real time and to assist in developing remedial actions and transmission system enhancements offline . A prototype program that automates the simulation procedures used to build the set of security hyperplanes has also been developed. The program makes it convenient to update the set of security hyperplanes necessitated by changes in system configurations. A prototype operational tool that uses the security hyperplanes to assess security margins and to calculate optimal control directions in real time has been built to demonstrate the project success. Numerical simulations have been conducted using the full-size Western Electricity Coordinating Council (WECC) system model, and they clearly demonstrated the feasibility and the effectiveness of the developed technology. Recommendations for the future work have also been formulated.« less

Risk Assessment Methodology Based on the NISTIR 7628 Guidelines

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Hauser, Katie R

2013-01-01

Earlier work describes computational models of critical infrastructure that allow an analyst to estimate the security of a system in terms of the impact of loss per stakeholder resulting from security breakdowns. Here, we consider how to identify, monitor and estimate risk impact and probability for different smart grid stakeholders. Our constructive method leverages currently available standards and defined failure scenarios. We utilize the National Institute of Standards and Technology (NIST) Interagency or Internal Reports (NISTIR) 7628 as a basis to apply Cyberspace Security Econometrics system (CSES) for comparing design principles and courses of action in making security-related decisions.

A threat intelligence framework for access control security in the oil industry

NASA Astrophysics Data System (ADS)

Alaskandrani, Faisal T.

The research investigates the problem raised by the rapid development in the technology industry giving security concerns in facilities built by the energy industry containing diverse platforms. The difficulty of continuous updates to network security architecture and assessment gave rise to the need to use threat intelligence frameworks to better assess and address networks security issues. Focusing on access control security to the ICS and SCADA systems that is being utilized to carry out mission critical and life threatening operations. The research evaluates different threat intelligence frameworks that can be implemented in the industry seeking the most suitable and applicable one that address the issue and provide more security measures. The validity of the result is limited to the same environment that was researched as well as the technologies being utilized. The research concludes that it is possible to utilize a Threat Intelligence framework to prioritize security in Access Control Measures in the Oil Industry.

A Security Audit Framework to Manage Information System Security

NASA Astrophysics Data System (ADS)

Pereira, Teresa; Santos, Henrique

The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

Risk to Water Security on Small Islands

NASA Astrophysics Data System (ADS)

Holding, S. T.; Allen, D. M.

2013-12-01

The majority of fresh water available on small islands is shallow groundwater that forms a freshwater lens. Freshwater lenses are generally limited in extent and as such are vulnerable to many stressors that impact water security. These include stressors related to climate change, such as sea level rise, as well as those related to human impacts, such as contamination. Traditionally, water security assessments have focussed on indicators that provide a snapshot of the current condition. However, recent work suggests that in order to effectively manage the water system, it is also important to consider uncertain future impacts to the system by evaluating how different stressors might impact water security. In this study, a framework for assessing risk to water security was developed and tested on Andros Island in The Bahamas. The assessment comprises two main components that characterise the water system: numerical modelling studies and a hazard survey. A baseline numerical model of the freshwater lens throughout Andros Island was developed to simulate the morphology of the freshwater lens and estimate the freshwater resources currently available. The model was prepared using SEAWAT, a density-dependent flow and solute transport code. Various stressors were simulated in the model to evaluate the response of the freshwater lens to predicted future shifts in climate patterns, sea level rise, and changes in water use. A hazard survey was also conducted on the island to collect information related to the storage of contaminants, sanitation infrastructure, waste disposal practices and groundwater abstraction rates. The results of the survey form a geo-spatial database of the location and associated hazards to the freshwater lens. The resulting risk framework provides a ranking of overall risk to water security based on information from the numerical modelling and hazard survey. The risk framework is implemented in a Geographic Information System (GIS) and provides a map of the risk to water security throughout Andros Island. It evaluates risk to water security for current and future scenarios and will enable water resource managers to effectively adapt to future impacts on water security.

Architecture and Assessment: Privacy Preserving Biometrically Secured Electronic Documents

DTIC Science & Technology

2015-01-01

very large public and private fingerprint databases comprehensive risk analysis and system security contribution to developing international ...Safety and Security Program which is led by Defence Research and Development Canada’s Centre for Security Science, in partnership with Public Safety...201 © Sa Majesté la Reine (en droit du Canada), telle que représentée par le ministre de la Défense nationale, 201 Science and Engineering

Authentication systems for securing clinical documentation workflows. A systematic literature review.

PubMed

Schwartze, J; Haarbrandt, B; Fortmeier, D; Haux, R; Seidel, C

2014-01-01

Integration of electronic signatures embedded in health care processes in Germany challenges health care service and supply facilities. The suitability of the signature level of an eligible authentication procedure is confirmed for a large part of documents in clinical practice. However, the concrete design of such a procedure remains unclear. To create a summary of usable user authentication systems suitable for clinical workflows. A Systematic literature review based on nine online bibliographic databases. Search keywords included authentication, access control, information systems, information security and biometrics with terms user authentication, user identification and login in title or abstract. Searches were run between 7 and 12 September 2011. Relevant conference proceedings were searched manually in February 2013. Backward reference search of selected results was done. Only publications fully describing authentication systems used or usable were included. Algorithms or purely theoretical concepts were excluded. Three authors did selection independently. DATA EXTRACTION AND ASSESSMENT: Semi-structured extraction of system characteristics was done by the main author. Identified procedures were assessed for security and fulfillment of relevant laws and guidelines as well as for applicability. Suitability for clinical workflows was derived from the assessments using a weighted sum proposed by Bonneau. Of 7575 citations retrieved, 55 publications meet our inclusion criteria. They describe 48 different authentication systems; 39 were biometric and nine graphical password systems. Assessment of authentication systems showed high error rates above European CENELEC standards and a lack of applicability of biometric systems. Graphical passwords did not add overall value compared to conventional passwords. Continuous authentication can add an additional layer of safety. Only few systems are suitable partially or entirely for use in clinical processes. Suitability strongly depends on national or institutional requirements. Four authentication systems seem to fulfill requirements of authentication procedures for clinical workflows. Research is needed in the area of continuous authentication with biometric methods. A proper authentication system should combine all factors of authentication implementing and connecting secure individual measures.

Sandia National Laboratories: National Security Missions: International

Science.gov Websites

Weapons Safety & Security Weapons Science & Technology Defense Systems & Assessments About Directed Research & Development Technology Deployment Centers Working With Sandia Working With Sandia Payable Contract Information Construction & Facilities Contract Audit Sandia's Economic Impact

Dynamic security contingency screening and ranking using neural networks.

PubMed

Mansour, Y; Vaahedi, E; El-Sharkawi, M A

1997-01-01

This paper summarizes BC Hydro's experience in applying neural networks to dynamic security contingency screening and ranking. The idea is to use the information on the prevailing operating condition and directly provide contingency screening and ranking using a trained neural network. To train the two neural networks for the large scale systems of BC Hydro and Hydro Quebec, in total 1691 detailed transient stability simulation were conducted, 1158 for BC Hydro system and 533 for the Hydro Quebec system. The simulation program was equipped with the energy margin calculation module (second kick) to measure the energy margin in each run. The first set of results showed poor performance for the neural networks in assessing the dynamic security. However a number of corrective measures improved the results significantly. These corrective measures included: 1) the effectiveness of output; 2) the number of outputs; 3) the type of features (static versus dynamic); 4) the number of features; 5) system partitioning; and 6) the ratio of training samples to features. The final results obtained using the large scale systems of BC Hydro and Hydro Quebec demonstrates a good potential for neural network in dynamic security assessment contingency screening and ranking.

Examining Cybersecurity of Cyberphysical Systems for Critical Infrastructures Through Work Domain Analysis.

PubMed

Wang, Hao; Lau, Nathan; Gerdes, Ryan M

2018-04-01

The aim of this study was to apply work domain analysis for cybersecurity assessment and design of supervisory control and data acquisition (SCADA) systems. Adoption of information and communication technology in cyberphysical systems (CPSs) for critical infrastructures enables automated and distributed control but introduces cybersecurity risk. Many CPSs employ SCADA industrial control systems that have become the target of cyberattacks, which inflict physical damage without use of force. Given that absolute security is not feasible for complex systems, cyberintrusions that introduce unanticipated events will occur; a proper response will in turn require human adaptive ability. Therefore, analysis techniques that can support security assessment and human factors engineering are invaluable for defending CPSs. We conducted work domain analysis using the abstraction hierarchy (AH) to model a generic SCADA implementation to identify the functional structures and means-ends relations. We then adopted a case study approach examining the Stuxnet cyberattack by developing and integrating AHs for the uranium enrichment process, SCADA implementation, and malware to investigate the interactions between the three aspects of cybersecurity in CPSs. The AHs for modeling a generic SCADA implementation and studying the Stuxnet cyberattack are useful for mapping attack vectors, identifying deficiencies in security processes and features, and evaluating proposed security solutions with respect to system objectives. Work domain analysis is an effective analytical method for studying cybersecurity of CPSs for critical infrastructures in a psychologically relevant manner. Work domain analysis should be applied to assess cybersecurity risk and inform engineering and user interface design.

Evaluating User Experiences of the Secure Messaging Tool on the Veterans Affairs’ Patient Portal System

PubMed Central

Lind, Jason D; Shimada, Stephanie L; Martin, Tracey L; Gosline, Robert M; Antinori, Nicole; Stewart, Max; Simon, Steven R

2014-01-01

Background The United States Department of Veterans Affairs has implemented an electronic asynchronous “Secure Messaging” tool within a Web-based patient portal (ie, My HealtheVet) to support patient-provider communication. This electronic resource promotes continuous and coordinated patient-centered care, but to date little research has evaluated patients’ experiences and preferences for using Secure Messaging. Objective The objectives of this mixed-methods study were to (1) characterize veterans’ experiences using Secure Messaging in the My HealtheVet portal over a 3-month period, including system usability, (2) identify barriers to and facilitators of use, and (3) describe strategies to support veterans’ use of Secure Messaging. Methods We recruited 33 veterans who had access to and had previously used the portal’s Secure Messaging tool. We used a combination of in-depth interviews, face-to-face user-testing, review of transmitted secure messages between veterans and staff, and telephone interviews three months following initial contact. We assessed participants’ computer and health literacy during initial and follow-up interviews. We used a content-analysis approach to identify dominant themes in the qualitative data. We compared inferences from each of the data sources (interviews, user-testing, and message review) to identify convergent and divergent data trends. Results The majority of veterans (27/33, 82%) reported being satisfied with Secure Messaging at initial interview; satisfaction ratings increased to 97% (31/32, 1 missing) during follow-up interviews. Veterans noted Secure Messaging to be useful for communicating with their primary care team to manage health care needs (eg, health-related questions, test requests and results, medication refills and questions, managing appointments). Four domains emerged from interviews: (1) perceived benefits of using Secure Messaging, (2) barriers to using Secure Messaging, (3) facilitators for using Secure Messaging, and (4) suggestions for improving Secure Messaging. Veterans identified and demonstrated impediments to successful system usage that can be addressed with education, skill building, and system modifications. Analysis of secure message content data provided insights to reasons for use that were not disclosed by participants during interviews, specifically sensitive health topics such as erectile dysfunction and sexually transmitted disease inquiries. Conclusions Veterans perceive Secure Messaging in the My HealtheVet patient portal as a useful tool for communicating with health care teams. However, to maximize sustained utilization of Secure Messaging, marketing, education, skill building, and system modifications are needed. Data from this study can inform a large-scale quantitative assessment of Secure Messaging users’ experiences in a representative sample to validate qualitative findings. PMID:24610454

Evaluating user experiences of the secure messaging tool on the Veterans Affairs' patient portal system.

PubMed

Haun, Jolie N; Lind, Jason D; Shimada, Stephanie L; Martin, Tracey L; Gosline, Robert M; Antinori, Nicole; Stewart, Max; Simon, Steven R

2014-03-06

The United States Department of Veterans Affairs has implemented an electronic asynchronous "Secure Messaging" tool within a Web-based patient portal (ie, My HealtheVet) to support patient-provider communication. This electronic resource promotes continuous and coordinated patient-centered care, but to date little research has evaluated patients' experiences and preferences for using Secure Messaging. The objectives of this mixed-methods study were to (1) characterize veterans' experiences using Secure Messaging in the My HealtheVet portal over a 3-month period, including system usability, (2) identify barriers to and facilitators of use, and (3) describe strategies to support veterans' use of Secure Messaging. We recruited 33 veterans who had access to and had previously used the portal's Secure Messaging tool. We used a combination of in-depth interviews, face-to-face user-testing, review of transmitted secure messages between veterans and staff, and telephone interviews three months following initial contact. We assessed participants' computer and health literacy during initial and follow-up interviews. We used a content-analysis approach to identify dominant themes in the qualitative data. We compared inferences from each of the data sources (interviews, user-testing, and message review) to identify convergent and divergent data trends. The majority of veterans (27/33, 82%) reported being satisfied with Secure Messaging at initial interview; satisfaction ratings increased to 97% (31/32, 1 missing) during follow-up interviews. Veterans noted Secure Messaging to be useful for communicating with their primary care team to manage health care needs (eg, health-related questions, test requests and results, medication refills and questions, managing appointments). Four domains emerged from interviews: (1) perceived benefits of using Secure Messaging, (2) barriers to using Secure Messaging, (3) facilitators for using Secure Messaging, and (4) suggestions for improving Secure Messaging. Veterans identified and demonstrated impediments to successful system usage that can be addressed with education, skill building, and system modifications. Analysis of secure message content data provided insights to reasons for use that were not disclosed by participants during interviews, specifically sensitive health topics such as erectile dysfunction and sexually transmitted disease inquiries. Veterans perceive Secure Messaging in the My HealtheVet patient portal as a useful tool for communicating with health care teams. However, to maximize sustained utilization of Secure Messaging, marketing, education, skill building, and system modifications are needed. Data from this study can inform a large-scale quantitative assessment of Secure Messaging users' experiences in a representative sample to validate qualitative findings.

'Known Secure Sensor Measurements' for Critical Infrastructure Systems: Detecting Falsification of System State

DOE Office of Scientific and Technical Information (OSTI.GOV)

Miles McQueen; Annarita Giani

2011-09-01

This paper describes a first investigation on a low cost and low false alarm, reliable mechanism for detecting manipulation of critical physical processes and falsification of system state. We call this novel mechanism Known Secure Sensor Measurements (KSSM). The method moves beyond analysis of network traffic and host based state information, in fact it uses physical measurements of the process being controlled to detect falsification of state. KSSM is intended to be incorporated into the design of new, resilient, cost effective critical infrastructure control systems. It can also be included in incremental upgrades of already in- stalled systems for enhancedmore » resilience. KSSM is based on known secure physical measurements for assessing the likelihood of an attack and will demonstrate a practical approach to creating, transmitting, and using the known secure measurements for detection.« less

A biometric method to secure telemedicine systems.

PubMed

Zhang, G H; Poon, Carmen C Y; Li, Ye; Zhang, Y T

2009-01-01

Security and privacy are among the most crucial issues for data transmission in telemedicine systems. This paper proposes a solution for securing wireless data transmission in telemedicine systems, i.e. within a body sensor network (BSN), between the BSN and server as well as between the server and professionals who have assess to the server. A unique feature of this solution is the generation of random keys by physiological data (i.e. a biometric approach) for securing communication at all 3 levels. In the performance analysis, inter-pulse interval of photoplethysmogram is used as an example to generate these biometric keys to protect wireless data transmission. The results of statistical analysis and computational complexity suggest that this type of key is random enough to make telemedicine systems resistant to attacks.

75 FR 63192 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Air Cargo...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-14

... programs, security threat assessments (STA), known shipper data via the Known Shipper Management System... baggage, and other articles, that will be carried aboard a passenger aircraft; and (2) to establish a system to screen, inspect, report, or otherwise ensure the security of all cargo that is to be...

Assessment of the U. S. Marine Transportation System : a report to congress

DOT National Transportation Integrated Search

1999-09-01

Discusses the collaborative effort to assess the adequacy of the Nation's marine : transportation system (including ports, waterways, harbor approach channels, and : their intermodal connections) to operate in a safe, efficient, secure, and : environ...

Tailoring NIST Security Controls for the Ground System: Selection and Implementation -- Recommendations for Information System Owners

NASA Technical Reports Server (NTRS)

Takamura, Eduardo; Mangum, Kevin

2016-01-01

The National Aeronautics and Space Administration (NASA) invests millions of dollars in spacecraft and ground system development, and in mission operations in the pursuit of scientific knowledge of the universe. In recent years, NASA sent a probe to Mars to study the Red Planet's upper atmosphere, obtained high resolution images of Pluto, and it is currently preparing to find new exoplanets, rendezvous with an asteroid, and bring a sample of the asteroid back to Earth for analysis. The success of these missions is enabled by mission assurance. In turn, mission assurance is backed by information assurance. The information systems supporting NASA missions must be reliable as well as secure. NASA - like every other U.S. Federal Government agency - is required to manage the security of its information systems according to federal mandates, the most prominent being the Federal Information Security Management Act (FISMA) of 2002 and the legislative updates that followed it. Like the management of enterprise information technology (IT), federal information security management takes a "one-size fits all" approach for protecting IT systems. While this approach works for most organizations, it does not effectively translate into security of highly specialized systems such as those supporting NASA missions. These systems include command and control (C&C) systems, spacecraft and instrument simulators, and other elements comprising the ground segment. They must be carefully configured, monitored and maintained, sometimes for several years past the missions' initially planned life expectancy, to ensure the ground system is protected and remains operational without any compromise of its confidentiality, integrity and availability. Enterprise policies, processes, procedures and products, if not effectively tailored to meet mission requirements, may not offer the needed security for protecting the information system, and they may even become disruptive to mission operations. Certain protective measures for the general enterprise may not be as efficient within the ground segment. This is what the authors have concluded through observations and analysis of patterns identified from the various security assessments performed on NASA missions such as MAVEN, OSIRIS-REx, New Horizons and TESS, to name a few. The security audits confirmed that the framework for managing information system security developed by the National Institute of Standards and Technology (NIST) for the federal government, and adopted by NASA, is indeed effective. However, the selection of the technical, operational and management security controls offered by the NIST model - and how they are implemented - does not always fit the nature and the environment where the ground system operates in even though there is no apparent impact on mission success. The authors observed that unfit controls, that is, controls that are not necessarily applicable or sufficiently effective in protecting the mission systems, are often selected to facilitate compliance with security requirements and organizational expectations even if the selected controls offer minimum or non-existent protection. This paper identifies some of the standard security controls that can in fact protect the ground system, and which of them offer little or no benefit at all. It offers multiple scenarios from real security audits in which the controls are not effective without, of course, disclosing any sensitive information about the missions assessed. In addition to selection and implementation of controls, the paper also discusses potential impact of recent legislation such as the Federal Information Security Modernization Act (FISMA) of 2014 - aimed at the enterprise - on the ground system, and offers other recommendations to Information System Owners (ISOs).

Validating the Octave Allegro Information Systems Risk Assessment Methodology: A Case Study

ERIC Educational Resources Information Center

Keating, Corland G.

2014-01-01

An information system (IS) risk assessment is an important part of any successful security management strategy. Risk assessments help organizations to identify mission-critical IS assets and prioritize risk mitigation efforts. Many risk assessment methodologies, however, are complex and can only be completed successfully by highly qualified and…

On determining specifications and selections of alternative technologies for airport checked-baggage security screening.

PubMed

Feng, Qianmei

2007-10-01

Federal law mandates that every checked bag at all commercial airports be screened by explosive detection systems (EDS), explosive trace detection systems (ETD), or alternative technologies. These technologies serve as critical components of airport security systems that strive to reduce security risks at both national and global levels. To improve the operational efficiency and airport security, emerging image-based technologies have been developed, such as dual-energy X-ray (DX), backscatter X-ray (BX), and multiview tomography (MVT). These technologies differ widely in purchasing cost, maintenance cost, operating cost, processing rate, and accuracy. Based on a mathematical framework that takes into account all these factors, this article investigates two critical issues for operating screening devices: setting specifications for continuous security responses by different technologies; and selecting technology or combination of technologies for efficient 100% baggage screening. For continuous security responses, specifications or thresholds are used for classifying threat items from nonthreat items. By investigating the setting of specifications on system security responses, this article assesses the risk and cost effectiveness of various technologies for both single-device and two-device systems. The findings provide the best selection of image-based technologies for both single-device and two-device systems. Our study suggests that two-device systems outperform single-device systems in terms of both cost effectiveness and accuracy. The model can be readily extended to evaluate risk and cost effectiveness of multiple-device systems for airport checked-baggage security screening.

SPI/U3.2. Security Profile Inspector for UNIX Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, A.

1994-08-01

SPI/U3.2 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Authentication Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

Risk assessment for physical and cyber attacks on critical infrastructures.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smith, Bryan J.; Sholander, Peter E.; Phelan, James M.

2005-08-01

Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies. Existing risk assessment methodologies consider physical security and cyber security separately. As such, they do not accurately model attacks that involve defeating both physical protection and cyber protection elements (e.g., hackers turning off alarm systems prior to forced entry). This paper presents a risk assessment methodology that accounts for both physical and cyber security. It also preserves the traditional security paradigm of detect, delay and respond, while accounting for the possibility that a facility may be able to recover from or mitigate the results ofmore » a successful attack before serious consequences occur. The methodology provides a means for ranking those assets most at risk from malevolent attacks. Because the methodology is automated the analyst can also play 'what if with mitigation measures to gain a better understanding of how to best expend resources towards securing the facilities. It is simple enough to be applied to large infrastructure facilities without developing highly complicated models. Finally, it is applicable to facilities with extensive security as well as those that are less well-protected.« less

Assessment of the stability of a multimachine power system by the transient energy margin

DOE Office of Scientific and Technical Information (OSTI.GOV)

Stanton, S.E.

1982-01-01

This reasearch develops a tool for the direct assessment of the transient stability of a multimachine electric power system that is subject to a large disturbance. The tool is the Transient Energy Margin. The transient of interest is the first swing (or inertial) transient. The Transient Energy Margin is computed by evaluating an energy function using the relevant unstable equilibrium point and the system states at the instant the disturbance is removed. In evaluating the function, a significant portion of the fault kinetic energy is identified as not contributing to system instability. The resulting energy value is a measure ofmore » the margin-of-safety for the disturbed system. A distinction is proposed between assessing system stability and assessing system security. The Transient Energy Margin is used first to assess the stability of the system. This profile ranks various distrubances to display the strengths and weaknesses of the system. A modified Transient Energy Margin is then proposed as an assessment of security; the transient energy margin profile is repeated to evaluate the system response in terms of the local minimum energy conditions approached by the critical trajectories. Both techniques are applied to a practical, 17 generator test system.« less

Incorporating Risk and Indicators into a Water Security Framework

NASA Astrophysics Data System (ADS)

Allen, D. M.; Bakker, K.; Simpson, M. W.; Norman, E.; Dunn, G.

2010-12-01

The concept of water security has received growing attention over the past five years in academic debates and policy circles, particularly with respect to cumulative impacts assessment and watershed management. We propose an integrative definition for water security; one that considers both stressors and impacts (or effects) on hydrological systems. We present a water security assessment framework that considers status and risk indicators for both water quality and quantity as measures of impacts. This assessment framework also integrates the social sciences with natural science, engineering, and public health, providing opportunities to address environmental challenges, including the relationship between water and land use dynamics, the integration of aquatic ecosystem and human health concerns, and the alignment of governance with water management imperatives. We argue that this framework has the potential to advance water science, the contributing disciplines, and water policy and management.

Security, protection, and control of power systems with large-scale wind power penetration

NASA Astrophysics Data System (ADS)

Acharya, Naresh

As the number of wind generation facilities in the utility system is fast increasing, many issues associated with their integration into the power system are beginning to emerge. Of the various issues, this dissertation deals with the development of new concepts and computational methods to handle the transmission issues and voltage issues caused by large-scale integration of wind turbines. This dissertation also formulates a probabilistic framework for the steady-state security assessment of wind power incorporating the forecast uncertainty and correlation. Transmission issues are mainly related to the overloading of transmission lines, when all the wind power generated cannot be delivered in full due to prior outage conditions. To deal with this problem, a method to curtail the wind turbine outputs through Energy Management System facilities in the on-line operational environment is proposed. The proposed method, which is based on linear optimization, sends the calculated control signals via the Supervisory Control and Data Acquisition system to wind farm controllers. The necessary ramping of the wind farm outputs is implemented either by the appropriate blade pitch angle control at the turbine level or by switching a certain number of turbines. The curtailment strategy is tested with an equivalent system model of MidAmerican Energy Company. The results show that the line overload in high wind areas can be alleviated by controlling the outputs of the wind farms step-by-step over an allowable period of time. A low voltage event during a system fault can cause a large number of wind turbines to trip, depending on voltages at the wind turbine terminals during the fault and the under-voltage protection setting of wind turbines. As a result, an N-1 contingency may evolve into an N-(K+1) contingency, where K is the number of wind farms tripped due to low voltage conditions. Losing a large amount of wind power following a line contingency might lead to system instabilities. It is important for the system operator to be aware of such limiting events during system operation and be prepared to take proper control actions. This can be achieved by incorporating the wind farm tripping status for each contingency as part of the static security assessment. A methodology to calculate voltages at the wind farm buses during a worst case line fault is proposed, which, along with the protection settings of wind turbines, can be used to determine the tripping of wind farms. The proposed algorithm is implemented in MATLAB and tested with MidAmerican Energy reduced network. The result shows that a large amount of wind capacity can be tripped due to a fault in the lines. Therefore, the technique will find its application in the static security assessment where each line fault can be associated with the tripping of wind farms as determined from the proposed method. A probabilistic framework to handle the uncertainty in day-ahead forecast error in order to correctly assess the steady-state security of the power system is presented. Stochastic simulations are conducted by means of Latin hypercube sampling along with the consideration of correlations. The correlation is calculated from the historical distribution of wind power forecast errors. The results from the deterministic simulation based on point forecast and the stochastic simulation show that security assessment based solely on deterministic simulations can lead to incorrect assessment of system security. With stochastic simulations, each outcome can be assigned a probability and the decision regarding control actions can be made based on the associated probability.

Health Information Security in Hospitals: the Application of Security Safeguards.

PubMed

Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

2016-02-01

A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

Sandia National Laboratories: National Security Missions: International

Science.gov Websites

Weapons Safety & Security Weapons Science & Technology Defense Systems & Assessments About Directed Research & Development Technology Deployment Centers Working With Sandia Working With Sandia Licensing & Technology Transfer Browse Technology Portfolios Technology Partnerships Business, Industry

Sandia National Laboratories: National Security Missions: International

Science.gov Websites

Prevention History 60 impacts Diversity Locations Facts & Figures Programs Nuclear Weapons About Nuclear Weapons Safety & Security Weapons Science & Technology Defense Systems & Assessments About Directed Research & Development Technology Deployment Centers Working With Sandia Working With Sandia

Risk assessment for Industrial Control Systems quantifying availability using mean failure cost (MFC)

DOE PAGES

Chen, Qian; Abercrombie, Robert K; Sheldon, Frederick T.

2015-09-23

Industrial Control Systems (ICS) are commonly used in industries such as oil and natural gas, transportation, electric, water and wastewater, chemical, pharmaceutical, pulp and paper, food and beverage, as well as discrete manufacturing (e.g., automotive, aerospace, and durable goods.) SCADA systems are generally used to control dispersed assets using centralized data acquisition and supervisory control.Originally, ICS implementations were susceptible primarily to local threats because most of their components were located in physically secure areas (i.e., ICS components were not connected to IT networks or systems). The trend toward integrating ICS systems with IT networks (e.g., efficiency and the Internet ofmore » Things) provides significantly less isolation for ICS from the outside world thus creating greater risk due to external threats. Albeit, the availability of ICS/SCADA systems is critical to assuring safety, security and profitability. Such systems form the backbone of our national cyber-physical infrastructure.Herein, we extend the concept of mean failure cost (MFC) to address quantifying availability to harmonize well with ICS security risk assessment. This new measure is based on the classic formulation of Availability combined with Mean Failure Cost (MFC). Finally, the metric offers a computational basis to estimate the availability of a system in terms of the loss that each stakeholder stands to sustain as a result of security violations or breakdowns (e.g., deliberate malicious failures).« less

Male Labor Force Participation and Social Security in Mexico.

PubMed

Aguila, Emma

2014-04-01

Labor-force participation among Mexican males in their early retirement years (60 to 64 years of age) has decreased in recent decades, from 94.6 percent in 1960 to 65.2 percent in 2010. Similar trends are evident elsewhere in Latin America, and have occurred in the developed world. Such trends pose challenges to financial sustainability of social security systems as working-age populations decrease and those in retirement increase both because of demographic trends and decisions to take early retirement. In this study, we find that the Mexican social security system provides incentives to retire early. The retirement incentives of the Mexican social security system affect retirement behavior, and may be one of the main contributors to early retirement decisions, particularly for lower-income populations. We simulated the effect of the reform from a Pay-As-You-Go (PAYG) to the new Personal Retirement Accounts (PRA) system and we find that the PRA system also provides incentives to early retirement. Further analysis is needed to assess the financial sustainability of the social security system and financial security in old age for the largest cohorts in Mexico that will begin to retire by 2040.

Male Labor Force Participation and Social Security in Mexico

PubMed Central

Aguila, Emma

2014-01-01

Labor-force participation among Mexican males in their early retirement years (60 to 64 years of age) has decreased in recent decades, from 94.6 percent in 1960 to 65.2 percent in 2010. Similar trends are evident elsewhere in Latin America, and have occurred in the developed world. Such trends pose challenges to financial sustainability of social security systems as working-age populations decrease and those in retirement increase both because of demographic trends and decisions to take early retirement. In this study, we find that the Mexican social security system provides incentives to retire early. The retirement incentives of the Mexican social security system affect retirement behavior, and may be one of the main contributors to early retirement decisions, particularly for lower-income populations. We simulated the effect of the reform from a Pay-As-You-Go (PAYG) to the new Personal Retirement Accounts (PRA) system and we find that the PRA system also provides incentives to early retirement. Further analysis is needed to assess the financial sustainability of the social security system and financial security in old age for the largest cohorts in Mexico that will begin to retire by 2040. PMID:25328441

Emotional security in the family system and psychological distress in female survivors of child sexual abuse.

PubMed

Cantón-Cortés, David; Cantón, José; Cortés, María Rosario

2016-01-01

The Emotional Security Theory (EST) was originally developed to investigate the association between high levels of interparental conflict and child maladaptative outcome. The objective of the present study was to analyze the effects of emotional security in the family system on psychological distress among a sample of young female adult survivors of child sexual abuse (CSA). The role of emotional security was investigated through the interactive effects of a number of factors including the type of abuse, the continuity of abuse, the relationship with the perpetrator and the existence of disclosure for the abuse. Participants were 167 female survivors of CSA. Information about the abuse was obtained from a self-reported questionnaire. Emotional security was assessed with the Security in the Family System (SIFS) Scale, and the Symptom Checklist-90-Revised (SCL-90-R) was used to assess psychological distress. In the total sample, insecurity (preoccupation and disengagement) was correlated with high psychological distress scores, whereas no relationship was found between security and psychological distress. The relationship between emotional insecurity and psychological distress was stronger in cases of continued abuse and non-disclosure, while the relationship between emotional security and distress was stronger in cases of extrafamilial abuse and especially isolated or several incidents and when a disclosure had been made. No interactive effect was found between any of the three emotional variables and the type of abuse committed. The results of the current study suggest that characteristics of CSA such as relationship with the perpetrator and, especially, continuity of abuse and whether or not disclosure had been made, can affect the impact of emotional security on psychological distress of CSA survivors. Copyright © 2015 Elsevier Ltd. All rights reserved.

Enduring starvation in silent population: a study on prevalence and factors contributing to household food security in the tribal population in Bankura, West Bengal.

PubMed

Mukhopadhyay, Dipta Kanti; Mukhopadhyay, Sujishnu; Biswas, Akhil Bandhu

2010-01-01

Strengthening food security enhancement intervention should be based on the assessment of household food security and its correlates. The objective was to find out the prevalence and factors contributing to household food security in a tribal population in Bankura. A cross-sectional study was conducted among 267 tribal households in Bankura-I CD Block selected through cluster random sampling. Household food security was assessed using a validated Bengali version of Household Food Security Scale-Short Form along with the collection of information regarding the monthly per capita expenditure (MPCE), total to earning member ratio, BPL card holding, utilization of the public distribution system (PDS) and receipt of any social assistance through a house-to-house survey. Overall, 47.2% of study households were food secure whereas 29.6% and 23.2% were low and very low food secure, respectively. MPCE ≥ Rs. 356, total to earning member ratio ≤ 4:1, regular utilization of PDS, and nonholding of the BPL card were significantly related with household food security.

Cyber / Physical Security Vulnerability Assessment Integration

DOE Office of Scientific and Technical Information (OSTI.GOV)

MacDonald, Douglas G.; Simpkins, Bret E.

Abstract Both physical protection and cyber security domains offer solutions for the discovery of vulnerabilities through the use of various assessment processes and software tools. Each vulnerability assessment (VA) methodology provides the ability to identify and categorize vulnerabilities, and quantifies the risks within their own areas of expertise. Neither approach fully represents the true potential security risk to a site and/or a facility, nor comprehensively assesses the overall security posture. The technical approach to solving this problem was to identify methodologies and processes that blend the physical and cyber security assessments, and develop tools to accurately quantify the unaccounted formore » risk. SMEs from both the physical and the cyber security domains developed the blending methodologies, and cross trained each other on the various aspects of the physical and cyber security assessment processes. A local critical infrastructure entity volunteered to host a proof of concept physical/cyber security assessment, and the lessons learned have been leveraged by this effort. The four potential modes of attack an adversary can use in approaching a target are; Physical Only Attack, Cyber Only Attack, Physical Enabled Cyber Attack, and the Cyber Enabled Physical Attack. The Physical Only and the Cyber Only pathway analysis are two of the most widely analyzed attack modes. The pathway from an off-site location to the desired target location is dissected to ensure adversarial activity can be detected and neutralized by the protection strategy, prior to completion of a predefined task. This methodology typically explores a one way attack from the public space (or common area) inward towards the target. The Physical Enabled Cyber Attack and the Cyber Enabled Physical Attack are much more intricate. Both scenarios involve beginning in one domain to affect change in the other, then backing outward to take advantage of the reduced system effectiveness, before penetrating further into the defenses. The proper identification and assessment of the overlapping areas (and interaction between these areas) in the VA process is necessary to accurately assess the true risk.« less

PMU-Aided Voltage Security Assessment for a Wind Power Plant

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jiang, Huaiguang; Zhang, Yingchen; Zhang, Jun Jason

2015-10-05

Because wind power penetration levels in electric power systems are continuously increasing, voltage stability is a critical issue for maintaining power system security and operation. The traditional methods to analyze voltage stability can be classified into two categories: dynamic and steady-state. Dynamic analysis relies on time-domain simulations of faults at different locations; however, this method needs to exhaust faults at all locations to find the security region for voltage at a single bus. With the widely located phasor measurement units (PMUs), the Thevenin equivalent matrix can be calculated by the voltage and current information collected by the PMUs. This papermore » proposes a method based on a Thevenin equivalent matrix to identify system locations that will have the greatest impact on the voltage at the wind power plant's point of interconnection. The number of dynamic voltage stability analysis runs is greatly reduced by using the proposed method. The numerical results demonstrate the feasibility, effectiveness, and robustness of the proposed approach for voltage security assessment for a wind power plant.« less

Austrian Security Strategy: Need For Reformulation Due To Security Developments

DTIC Science & Technology

2016-02-14

migration from Africa and the Middle East, and reality has overtaken the security strategy. The terrorist attacks in Paris and the sexual assaults on women...legitimate use of physical force” i.e., a state is a system based on the legitimate “relation of domination of man over man.”6, 7 Strategy is...called peace dividend to stimulate the economy and invest in infrastructure projects. Modern security policy must be assessed in all areas, since

Security and SCADA protocols

DOE Office of Scientific and Technical Information (OSTI.GOV)

Igure, V. M.; Williams, R. D.

2006-07-01

Supervisory control and data acquisition (SCADA) networks have replaced discrete wiring for many industrial processes, and the efficiency of the network alternative suggests a trend toward more SCADA networks in the future. This paper broadly considers SCADA to include distributed control systems (DCS) and digital control systems. These networks offer many advantages, but they also introduce potential vulnerabilities that can be exploited by adversaries. Inter-connectivity exposes SCADA networks to many of the same threats that face the public internet and many of the established defenses therefore show promise if adapted to the SCADA differences. This paper provides an overview ofmore » security issues in SCADA networks and ongoing efforts to improve the security of these networks. Initially, a few samples from the range of threats to SCADA network security are offered. Next, attention is focused on security assessment of SCADA communication protocols. Three challenges must be addressed to strengthen SCADA networks. Access control mechanisms need to be introduced or strengthened, improvements are needed inside of the network to enhance security and network monitoring, and SCADA security management improvements and policies are needed. This paper discusses each of these challenges. This paper uses the Profibus protocol as an example to illustrate some of the vulnerabilities that arise within SCADA networks. The example Profibus security assessment establishes a network model and an attacker model before proceeding to a list of example attacks. (authors)« less

Comparative Assessment of Physical and Social Determinants of Water Quantity and Water Quality Concerns

NASA Astrophysics Data System (ADS)

Gunda, T.; Hornberger, G. M.

2017-12-01

Concerns over water resources have evolved over time, from physical availability to economic access and recently, to a more comprehensive study of "water security," which is inherently interdisciplinary because a secure water system is influenced by and affects both physical and social components. The concept of water security carries connotations of both an adequate supply of water as well as water that meets certain quality standards. Although the term "water security" has many interpretations in the literature, the research field has not yet developed a synthetic analysis of water security as both a quantity (availability) and quality (contamination) issue. Using qualitative comparative and multi-regression analyses, we evaluate the primary physical and social factors influencing U.S. states' water security from a quantity perspective and from a quality perspective. Water system characteristics are collated from academic and government sources and include access/use, governance, and sociodemographic, and ecosystem metrics. Our analysis indicates differences in variables driving availability and contamination concerns; for example, climate is a more significant determinant in water quantity-based security analyses than in water quality-based security analyses. We will also discuss coevolution of system traits and the merits of constructing a robust water security index based on the relative importance of metrics from our analyses. These insights will improve understanding of the complex interactions between quantity and quality aspects and thus, overall security of water systems.

Cyber security risk assessment for SCADA and DCS networks.

PubMed

Ralston, P A S; Graham, J H; Hieb, J L

2007-10-01

The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

Climate Change and Global Food Security: Food Access, Utilization, and the US Food System

NASA Astrophysics Data System (ADS)

Brown, M. E.; Antle, J. M.; Backlund, P. W.; Carr, E. R.; Easterling, W. E.; Walsh, M.; Ammann, C. M.; Attavanich, W.; Barrett, C. B.; Bellemare, M. F.; Dancheck, V.; Funk, C.; Grace, K.; Ingram, J. S. I.; Jiang, H.; Maletta, H.; Mata, T.; Murray, A.; Ngugi, M.; Ojima, D. S.; O'Neill, B. C.; Tebaldi, C.

2015-12-01

This paper will summarize results from the USDA report entitled 'Climate change, Global Food Security and the U.S. Food system'. The report focuses on the impact of climate change on global food security, defined as "when all people at all times have physical, social, and economic access to sufficient, safe, and nutritious food to meet their dietary needs and food preferences for an active and healthy life". The assessment brought together authors and contributors from twenty federal, academic, nongovernmental, intergovernmental, and private organizations in four countries to identify climate change effects on food security through 2100, and analyze the U.S.'s likely connections with that world. This talk will describe how climate change will likely affect food access and food utilization, and summarize how the U.S. food system contributes to global food security, and will be affected by climate change.

Addressing the Need for Independence in the CSE Model

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Ferragut, Erik M; Sheldon, Frederick T

2011-01-01

Abstract Information system security risk, defined as the product of the monetary losses associated with security incidents and the probability that they occur, is a suitable decision criterion when considering different information system architectures. Risk assessment is the widely accepted process used to understand, quantify, and document the effects of undesirable events on organizational objectives so that risk management, continuity of operations planning, and contingency planning can be performed. One technique, the Cyberspace Security Econometrics System (CSES), is a methodology for estimating security costs to stakeholders as a function of possible risk postures. In earlier works, we presented a computationalmore » infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain, as a result of security breakdowns. Additional work has applied CSES to specific business cases. The current state-of-the-art of CSES addresses independent events. In typical usage, analysts create matrices that capture their expert opinion, and then use those matrices to quantify costs to stakeholders. This expansion generalizes CSES to the common real-world case where events may be dependent.« less

Towards a more holistic sustainability assessment framework for agro-bioenergy systems — A review

DOE Office of Scientific and Technical Information (OSTI.GOV)

Arodudu, Oludunsin, E-mail: Oludunsin.Arodudu@zalf.de; Potsdam University, Institute of Earth and Environmental Sciences, Karl-Liebknecht-Straße 24-25, 14476 Potsdam, Golm; Helming, Katharina

The use of life cycle assessment (LCA) as a sustainability assessment tool for agro-bioenergy system usually has an industrial agriculture bias. Furthermore, LCA generally has often been criticized for being a decision maker tool which may not consider decision takers perceptions. They are lacking in spatial and temporal depth, and unable to assess sufficiently some environmental impact categories such as biodiversity, land use etc. and most economic and social impact categories, e.g. food security, water security, energy security. This study explored tools, methodologies and frameworks that can be deployed individually, as well as in combination with each other for bridgingmore » these methodological gaps in application to agro-bioenergy systems. Integrating agronomic options, e.g. alternative farm power, tillage, seed sowing options, fertilizer, pesticide, irrigation into the boundaries of LCAs for agro-bioenergy systems will not only provide an alternative agro-ecological perspective to previous LCAs, but will also lead to the derivation of indicators for assessment of some social and economic impact categories. Deploying life cycle thinking approaches such as energy return on energy invested-EROEI, human appropriation of net primary production-HANPP, net greenhouse gas or carbon balance-NCB, water footprint individually and in combination with each other will also lead to further derivation of indicators suitable for assessing relevant environmental, social and economic impact categories. Also, applying spatio-temporal simulation models has a potential for improving the spatial and temporal depths of LCA analysis.« less

Metrinome: Continuous Monitoring and Security Validation of Distributed Systems

DTIC Science & Technology

2014-03-01

Integration into the SDLC ( Software Development Life Cycle), Retrieved Nov 06 2013, https://www.owasp.org/ images/f/f6/Integration_into_the_SDLC.ppt [2...assessment as part of the software development life cycle, current approaches suffer from a number of shortcomings that limit their application in...with assessing security and correct functionality. Second, integrated and end-to-end testing and experimentation is often postponed until software

Enhancing the Safety, Security and Resilience of ICT and Scada Systems Using Action Research

NASA Astrophysics Data System (ADS)

Johnsen, Stig; Skramstad, Torbjorn; Hagen, Janne

This paper discusses the results of a questionnaire-based survey used to assess the safety, security and resilience of information and communications technology (ICT) and supervisory control and data acquisition (SCADA) systems used in the Norwegian oil and gas industry. The survey identifies several challenges, including the involvement of professionals with different backgrounds and expertise, lack of common risk perceptions, inadequate testing and integration of ICT and SCADA systems, poor information sharing related to undesirable incidents and lack of resilience in the design of technical systems. Action research is proposed as a process for addressing these challenges in a systematic manner and helping enhance the safety, security and resilience of ICT and SCADA systems used in oil and gas operations.

Problems of collaborative work of the automated process control system (APCS) and the its information security and solutions.

NASA Astrophysics Data System (ADS)

Arakelyan, E. K.; Andryushin, A. V.; Mezin, S. V.; Kosoy, A. A.; Kalinina, Ya V.; Khokhlov, I. S.

2017-11-01

The principle of interaction of the specified systems of technological protections by the Automated process control system (APCS) and information safety in case of incorrect execution of the algorithm of technological protection is offered. - checking the correctness of the operation of technological protection in each specific situation using the functional relationship between the monitored parameters. The methodology for assessing the economic feasibility of developing and implementing an information security system.

Health information security: a case study of three selected medical centers in iran.

PubMed

Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas

2013-03-01

Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients' electronic records and health information systems have become a source for hackers. This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts' points of view. Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of "verification and system design, user access management, access control system", Al Zahra Hospital in two indicators of "access management and network access control" and Amin Hospital in "equipment safety and system design". In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place.

Privacy, confidentiality, and security in information systems of state health agencies.

PubMed

O'Brien, D G; Yasnoff, W A

1999-05-01

To assess the employment and status of privacy, confidentiality, security and fair information practices in electronic information systems of U.S. state health agencies. A survey instrument was developed and administered to key contacts within the state health agencies of each of the 50 U.S. states, Puerto Rico and the District of Columbia. About a third of U.S. state health agencies have no written policies in place regarding privacy and confidentiality in electronic information systems. The doctrines of fair information practice often seemed to be ignored. One quarter of the agencies reported at least one security breach during the past two years, and 16% experienced a privacy and confidentiality related transgression. Most of the breaches were committed by personnel from within the agencies. These results raise questions about the integrity of existing privacy, confidentiality and security measures in the information systems of U.S. state health agencies. Recommendations include the development and vigorous enforcement of written privacy and confidentiality policies, increased personnel training, and expanded implementation of security measures such as encryption and system firewalls. A discussion of the current status of U.S. privacy, confidentiality and security issues is offered.

Land system change and food security: towards multi-scale land system solutions☆

PubMed Central

Verburg, Peter H; Mertz, Ole; Erb, Karl-Heinz; Haberl, Helmut; Wu, Wenbin

2013-01-01

Land system changes are central to the food security challenge. Land system science can contribute to sustainable solutions by an integrated analysis of land availability and the assessment of the tradeoffs associated with agricultural expansion and land use intensification. A land system perspective requires local studies of production systems to be contextualised in a regional and global context, while global assessments should be confronted with local realities. Understanding of land governance structures will help to support the development of land use policies and tenure systems that assist in designing more sustainable ways of intensification. Novel land systems should be designed that are adapted to the local context and framed within the global socio-ecological system. Such land systems should explicitly account for the role of land governance as a primary driver of land system change and food production. PMID:24143158

[Assessment and early warning of land ecological security in rapidly urbanizing coastal area: A case study of Caofeidian new district, Hebei, China].

PubMed

Zhang, Li; Chen, Ying; Wang, Shu-tao; Men, Ming-xin; Xu, Hao

2015-08-01

Assessment and early warning of land ecological security (LES) in rapidly urbanizing coastal area is an important issue to ensure sustainable land use and effective maintenance of land ecological security. In this study, an index system for the land ecological security of Caofeidian new district was established based on the Pressure-State-Response (P-S-R) model. Initial assessment units of 1 km x 1 km created with the remote sensing data and GIS methods were spatially interpolated to a fine pixel size of 30 m x 30 m, which were combined with the early warning method (using classification tree method) to evaluate the land ecological security of Caofeidian in 2005 and 2013. The early warning level was classed into four categories: security with degradation potential, sub-security with slow degradation, sub-security with rapid degradation, and insecurity. Result indicated that, from 2005 to 2013, the average LES of Caofeidian dropped from 0.55 to 0.52, indicating a degradation of land ecological security from medium security level to medium-low security level. The areas at the levels of insecurity with rapid degradation were mainly located in the rapid urbanization areas, illustrating that rapid expansion of urban construction land was the key factor to the deterioration of the regional land ecological security. Industrial District, Shilihai town and Nanpu saltern, in which the lands at the levels of insecurity and sub-security with rapid degradation or slow degradation accounted for 58.3%, 98.9% and 81.2% of their respective districts, were at the stage of high early warning. Thus, land ecological security regulation for these districts should be strengthened in near future. The study could provide a reference for land use planning and ecological protection of Caofeidian new district.

Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Flight Test Report

NASA Technical Reports Server (NTRS)

Iannicca, Dennis C.; Ishac, Joseph A.; Shalkhauser, Kurt A.

2015-01-01

NASA Glenn Research Center (GRC), in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the Federal Aviation Administration (FAA) and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the GRC prototype CNPC architecture as a demonstration platform. The proposed security controls were integrated into the GRC flight test system aboard our S-3B Viking surrogate aircraft and several network tests were conducted during a flight on November 15th, 2014 to determine whether the controls were working properly within the flight environment. The flight test was also the first to integrate Robust Header Compression (ROHC) as a means of reducing the additional overhead introduced by the security controls and Mobile IPv6. The effort demonstrated the complete end-to-end secure CNPC link in a relevant flight environment.

GEOGLAM Crop Assessment Tool: Adapting from global agricultural monitoring to food security monitoring

NASA Astrophysics Data System (ADS)

Humber, M. L.; Becker-Reshef, I.; Nordling, J.; Barker, B.; McGaughey, K.

2014-12-01

The GEOGLAM Crop Monitor's Crop Assessment Tool was released in August 2013 in support of the GEOGLAM Crop Monitor's objective to develop transparent, timely crop condition assessments in primary agricultural production areas, highlighting potential hotspots of stress/bumper crops. The Crop Assessment Tool allows users to view satellite derived products, best available crop masks, and crop calendars (created in collaboration with GEOGLAM Crop Monitor partners), then in turn submit crop assessment entries detailing the crop's condition, drivers, impacts, trends, and other information. Although the Crop Assessment Tool was originally intended to collect data on major crop production at the global scale, the types of data collected are also relevant to the food security and rangelands monitoring communities. In line with the GEOGLAM Countries at Risk philosophy of "foster[ing] the coordination of product delivery and capacity building efforts for national and regional organizations, and the development of harmonized methods and tools", a modified version of the Crop Assessment Tool is being developed for the USAID Famine Early Warning Systems Network (FEWS NET). As a member of the Countries at Risk component of GEOGLAM, FEWS NET provides agricultural monitoring, timely food security assessments, and early warnings of potential significant food shortages focusing specifically on countries at risk of food security emergencies. While the FEWS NET adaptation of the Crop Assessment Tool focuses on crop production in the context of food security rather than large scale production, the data collected is nearly identical to the data collected by the Crop Monitor. If combined, the countries monitored by FEWS NET and GEOGLAM Crop Monitor would encompass over 90 countries representing the most important regions for crop production and food security.

33 CFR 103.410 - Persons involved in the Area Maritime Security (AMS) Assessment.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Maritime Security (AMS) Assessment. 103.410 Section 103.410 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime Security (AMS) Assessment § 103.410 Persons involved in the Area Maritime Security (AMS) Assessment. The...

33 CFR 103.410 - Persons involved in the Area Maritime Security (AMS) Assessment.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Maritime Security (AMS) Assessment. 103.410 Section 103.410 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime Security (AMS) Assessment § 103.410 Persons involved in the Area Maritime Security (AMS) Assessment. The...

33 CFR 103.410 - Persons involved in the Area Maritime Security (AMS) Assessment.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Maritime Security (AMS) Assessment. 103.410 Section 103.410 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime Security (AMS) Assessment § 103.410 Persons involved in the Area Maritime Security (AMS) Assessment. The...

33 CFR 103.410 - Persons involved in the Area Maritime Security (AMS) Assessment.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Maritime Security (AMS) Assessment. 103.410 Section 103.410 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime Security (AMS) Assessment § 103.410 Persons involved in the Area Maritime Security (AMS) Assessment. The...

33 CFR 103.410 - Persons involved in the Area Maritime Security (AMS) Assessment.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Maritime Security (AMS) Assessment. 103.410 Section 103.410 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime Security (AMS) Assessment § 103.410 Persons involved in the Area Maritime Security (AMS) Assessment. The...

Managing the aftermaths of contracting in public transit organizations : employee perception of job security, organizational commitment and trust

DOT National Transportation Integrated Search

2001-08-01

This study assesses how to manage the effects or outcomes of organizational change on job security and employee commitment in transit systems using trust-building, empowerment, employee reassurance, and job redesign strategies. The major findings are...

Systems Security Engineering Capability Maturity Model SSE-CMM Model Description Document

DTIC Science & Technology

1999-04-01

management is the process of accessing and quantifying risk , and establishing an acceptable level of risk for the organization. Managing risk is an...Process of assessing and quantifying risk and establishing acceptable level of risk for the organization. [IEEE 13335-1:1996] Security Engineering

Cyber-Physical System Security of Smart Grids

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dagle, Jeffery E.

2012-01-31

Abstract—This panel presentation will provide perspectives of cyber-physical system security of smart grids. As smart grid technologies are deployed, the interconnected nature of these systems is becoming more prevalent and more complex, and the cyber component of this cyber-physical system is increasing in importance. Studying system behavior in the face of failures (e.g., cyber attacks) allows a characterization of the systems’ response to failure scenarios, loss of communications, and other changes in system environment (such as the need for emergent updates and rapid reconfiguration). The impact of such failures on the availability of the system can be assessed and mitigationmore » strategies considered. Scenarios associated with confidentiality, integrity, and availability are considered. The cyber security implications associated with the American Recovery and Reinvestment Act of 2009 in the United States are discussed.« less

49 CFR 1548.15 - Access to cargo: Security threat assessments for individuals having unescorted access to cargo.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Access to cargo: Security threat assessments for... SECURITY CIVIL AVIATION SECURITY INDIRECT AIR CARRIER SECURITY § 1548.15 Access to cargo: Security threat... must successfully complete a security threat assessment or comparable security threat assessment...

33 CFR 105.305 - Facility Security Assessment (FSA) requirements.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 33 Navigation and Navigable Waters 1 2014-07-01 2014-07-01 false Facility Security Assessment (FSA... SECURITY MARITIME SECURITY MARITIME SECURITY: FACILITIES Facility Security Assessment (FSA) § 105.305 Facility Security Assessment (FSA) requirements. (a) Background. The facility owner or operator must ensure...

33 CFR 105.305 - Facility Security Assessment (FSA) requirements.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 33 Navigation and Navigable Waters 1 2011-07-01 2011-07-01 false Facility Security Assessment (FSA... SECURITY MARITIME SECURITY MARITIME SECURITY: FACILITIES Facility Security Assessment (FSA) § 105.305 Facility Security Assessment (FSA) requirements. (a) Background. The facility owner or operator must ensure...

33 CFR 105.305 - Facility Security Assessment (FSA) requirements.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 33 Navigation and Navigable Waters 1 2012-07-01 2012-07-01 false Facility Security Assessment (FSA... SECURITY MARITIME SECURITY MARITIME SECURITY: FACILITIES Facility Security Assessment (FSA) § 105.305 Facility Security Assessment (FSA) requirements. (a) Background. The facility owner or operator must ensure...

33 CFR 105.305 - Facility Security Assessment (FSA) requirements.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 33 Navigation and Navigable Waters 1 2013-07-01 2013-07-01 false Facility Security Assessment (FSA... SECURITY MARITIME SECURITY MARITIME SECURITY: FACILITIES Facility Security Assessment (FSA) § 105.305 Facility Security Assessment (FSA) requirements. (a) Background. The facility owner or operator must ensure...

33 CFR 105.305 - Facility Security Assessment (FSA) requirements.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Facility Security Assessment (FSA... SECURITY MARITIME SECURITY MARITIME SECURITY: FACILITIES Facility Security Assessment (FSA) § 105.305 Facility Security Assessment (FSA) requirements. (a) Background. The facility owner or operator must ensure...

Updating energy security and environmental policy: Energy security theories revisited.

PubMed

Proskuryakova, L

2018-06-18

The energy security theories are based on the premises of sufficient and reliable supply of fossil fuels at affordable prices in centralized supply systems. Policy-makers and company chief executives develop energy security strategies based on the energy security theories and definitions that dominate in the research and policy discourse. It is therefore of utmost importance that scientists revisit these theories in line with the latest changes in the energy industry: the rapid advancement of renewables and smart grid, decentralization of energy systems, new environmental and climate challenges. The study examines the classic energy security concepts (neorealism, neoliberalism, constructivism and international political economy) and assesses if energy technology changes are taken into consideration. This is done through integrative literature review, comparative analysis, identification of 'international relations' and 'energy' research discourse with the use of big data, and case studies of Germany, China, and Russia. The paper offers suggestions for revision of energy security concepts through integration of future technology considerations. Copyright © 2018 Elsevier Ltd. All rights reserved.

Water Shortage: Lessons in Conservation From the Great California Drought, 1976-1977

NASA Astrophysics Data System (ADS)

Showstack, Randy

Legislation moving quickly through both houses of the U.S. Congress would establish a fund to promote and support research and development to increase the security of the nation's water infrastructure from source to faucet.The House of Representatives bill, "The Water Infrastructure Security and Research and Development Act" (HR 3178), would provide $12 million per year for fiscal years 2002-2006 for a number of research areas. These include assessing water supply systems for physical vulnerabilities, including biological, chemical, and radiological contamination; devising real-time systems to monitor water for contamination; determining mitigation options; and upgrading security technologies.

Sandia National Laboratories: Fabrication, Testing and Validation

Science.gov Websites

; Technology Defense Systems & Assessments About Defense Systems & Assessments Program Areas safe, secure, reliable, and can fully support the Nation's deterrence policy. Employing only the most support of this mission, Sandia National Laboratories has a significant role in advancing the "state

Nuclear Power Plant Cyber Security Discrete Dynamic Event Tree Analysis (LDRD 17-0958) FY17 Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wheeler, Timothy A.; Denman, Matthew R.; Williams, R. A.

Instrumentation and control of nuclear power is transforming from analog to modern digital assets. These control systems perform key safety and security functions. This transformation is occurring in new plant designs as well as in the existing fleet of plants as the operation of those plants is extended to 60 years. This transformation introduces new and unknown issues involving both digital asset induced safety issues and security issues. Traditional nuclear power risk assessment tools and cyber security assessment methods have not been modified or developed to address the unique nature of cyber failure modes and of cyber security threat vulnerabilities.more » iii This Lab-Directed Research and Development project has developed a dynamic cyber-risk in- formed tool to facilitate the analysis of unique cyber failure modes and the time sequencing of cyber faults, both malicious and non-malicious, and impose those cyber exploits and cyber faults onto a nuclear power plant accident sequence simulator code to assess how cyber exploits and cyber faults could interact with a plants digital instrumentation and control (DI&C) system and defeat or circumvent a plants cyber security controls. This was achieved by coupling an existing Sandia National Laboratories nuclear accident dynamic simulator code with a cyber emulytics code to demonstrate real-time simulation of cyber exploits and their impact on automatic DI&C responses. Studying such potential time-sequenced cyber-attacks and their risks (i.e., the associated impact and the associated degree of difficulty to achieve the attack vector) on accident management establishes a technical risk informed framework for developing effective cyber security controls for nuclear power.« less

All Hazards Risk Assessment Transition Project: Report on Capability Assessment Management System (CAMS) Automation

DTIC Science & Technology

2014-04-01

All Hazards Risk Assessment Transition Project : Report on Capability Assessment Management System (CAMS) Automation...Prepared by: George Giroux Computer Applications Specialist Modis155 Queen Street, Suite 1206 Ottawa, ON K1P 6L1 Contract # THS 2335474-2 Project ...Under a Canadian Safety and Security Program (CSSP) targeted investigation (TI) project (CSSP-2012-TI- 1108), Defence Research and Development

Designing and Operating Through Compromise: Architectural Analysis of CKMS for the Advanced Metering Infrastructure

DOE Office of Scientific and Technical Information (OSTI.GOV)

Duren, Mike; Aldridge, Hal; Abercrombie, Robert K

2013-01-01

Compromises attributable to the Advanced Persistent Threat (APT) highlight the necessity for constant vigilance. The APT provides a new perspective on security metrics (e.g., statistics based cyber security) and quantitative risk assessments. We consider design principals and models/tools that provide high assurance for energy delivery systems (EDS) operations regardless of the state of compromise. Cryptographic keys must be securely exchanged, then held and protected on either end of a communications link. This is challenging for a utility with numerous substations that must secure the intelligent electronic devices (IEDs) that may comprise complex control system of systems. For example, distribution andmore » management of keys among the millions of intelligent meters within the Advanced Metering Infrastructure (AMI) is being implemented as part of the National Smart Grid initiative. Without a means for a secure cryptographic key management system (CKMS) no cryptographic solution can be widely deployed to protect the EDS infrastructure from cyber-attack. We consider 1) how security modeling is applied to key management and cyber security concerns on a continuous basis from design through operation, 2) how trusted models and key management architectures greatly impact failure scenarios, and 3) how hardware-enabled trust is a critical element to detecting, surviving, and recovering from attack.« less

Health Information Security: A Case Study of Three Selected Medical Centers in Iran

PubMed Central

Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas

2013-01-01

Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients’ electronic records and health information systems have become a source for hackers. Methods This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts’ points of view. Results and discussion Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of “verification and system design, user access management, access control system”, Al Zahra Hospital in two indicators of “access management and network access control” and Amin Hospital in “equipment safety and system design”. In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place. PMID:23572861

Assessment of the Combat Developer’s Role in Post-Deployment Software Support (PDSS) 30 June 1980 - 28 February 1981. Volume IV.

DTIC Science & Technology

1981-01-31

Intelligence and Security Command (INSCOM), the US Army Communications Command (USACC), and the US Army Computer Systems Command (USACSC). (3...responsibilities of the US-Army Intelligence and Security Command (INSCOM), the US Army Communications Command (USACC), and the US Army Computer Systems...necessary to sustain, modify, and improve a deployed system’s computer software, as defined by the User or his representative. It includes evaluation

Integrated assessment and scenarios simulation of urban water security system in the southwest of China with system dynamics analysis.

PubMed

Yin, Su; Dongjie, Guan; Weici, Su; Weijun, Gao

2017-11-01

The demand for global freshwater is growing, while global freshwater available for human use is limited within a certain time and space. Its security has significant impacts on both the socio-economic system and ecological system. Recently, studies have focused on the urban water security system (UWSS) in terms of either water quantity or water quality. In this study, water resources, water environment, and water disaster issues in the UWSS were combined to establish an evaluation index system with system dynamics (SD) and geographic information systems (GIS). The GIS method performs qualitative analysis from the perspective of the spatial dimension; meanwhile, the SD method performs quantitative calculation about related water security problems from the perspective of the temporal dimension. We established a UWSS model for Guizhou province, China to analyze influencing factors, main driving factors, and system variation law, by using the SD method. We simulated the water security system from 2005 to 2025 under four scenarios (Guiyang scenario, Zunyi scenario, Bijie scenario and combined scenario). The results demonstrate that: (1) the severity of water security in cities is ranked as follows: three cities are secure in Guizhou province, four cities are in basic security and two cities are in a situation of insecurity from the spatial dimension of GIS through water security synthesis; and (2) the major driving factors of UWSS in Guizhou province include agricultural irrigation water demand, soil and water losses area, a ratio increase to the standard of water quality, and investment in environmental protection. A combined scenario is the best solution for UWSS by 2025 in Guizhou province under the four scenarios from the temporal dimension of SD. The results of this study provide a useful suggestion for the management of freshwater for the cities of Guizhou province in southwest China.

Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

NASA Astrophysics Data System (ADS)

Johnson, C. W.; Atencia Yepez, A.

2012-01-01

Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

Cyberspace security system

DOEpatents

Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

2014-06-24

A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

Economic Evaluation of the Information Security Levels Achieved by Electric Energy Providers in North Arctic Region

NASA Astrophysics Data System (ADS)

Sushko, O. P.; Kaznin, A. A.; Babkin, A. V.; Bogdanov, D. A.

2017-10-01

The study we are conducting involves the analysis of information security levels achieved by energy providers operating in the North Arctic Region. We look into whether the energy providers’ current information security levels meet reliability standards and determine what further actions may be needed for upgrading information security in the context of the digital transformation that the world community is undergoing. When developing the information security systems for electric energy providers or selecting the protection means for them, we are governed by the fact that the assets to be protected are process technologies. While information security risk can be assessed using different methods, the evaluation of the economic damage from these risks appears to be a difficult task. The most probable and harmful risks we have identified when evaluating the electric energy providers’ information security will be used by us as variables. To provide the evaluation, it is necessary to calculate the costs relating to elimination of the risks identified. The final stage of the study will involve the development of an operation algorithm for the North Arctic Region’s energy provider’s business information protection security system - a set of information security services, and security software and hardware.

Managing the Process of Protection Level Assessment of the Complex Organization and Technical Industrial Enterprises

NASA Astrophysics Data System (ADS)

Gorlov, A. P.; Averchenkov, V. I.; Rytov, M. Yu; Eryomenko, V. T.

2017-01-01

The article is concerned with mathematical simulation of protection level assessment of complex organizational and technical systems of industrial enterprises by creating automated system, which main functions are: information security (IS) audit, forming of the enterprise threats model, recommendations concerning creation of the information protection system, a set of organizational-administrative documentation.

Genetic Contributions to Continuity and Change in Attachment Security: A Prospective, Longitudinal Investigation from Infancy to Young Adulthood

PubMed Central

Raby, K. Lee; Cicchetti, Dante; Carlson, Elizabeth A.; Egeland, Byron; Collins, W. Andrew

2013-01-01

Background Longitudinal research has demonstrated that individual differences in attachment security show only modest continuity from infancy to adulthood. Recent findings based on retrospective reports suggest that individuals’ genetic variation may moderate the developmental associations between early attachment-relevant relationship experiences and adult attachment security. The purpose of this study was to use a prospective, longitudinal design to investigate genetic contributions to continuity and changes in attachment security from infancy to young adulthood in a higher risk sample. Methods Infant attachment security was assessed using the Strange Situation Procedure at 12 and 18 months. Adults’ general attachment representations were assessed using the Adult Attachment Interview at age 19 and age 26. Romantic attachment representations were assessed with the Current Relationship Interview at ages 20–21 and ages 26–28. Individuals were genotyped for variants within the oxytocin receptor (OXTR), dopamine D4 receptor (DRD4), and serotonin transporter linked polymorphic region (5-HTTLPR). Results The continuity of attachment security from infancy into young adulthood was consistently moderated by OXTR genetic variation. Infant attachment security predicted the security of adults’ general and romantic attachment representations only for individuals with the OXTR G/G genotype. This interaction was significant when predicting adult attachment security as measured by the Adult Attachment Interview at age 19 and 26 and the Current Relationship Interview at ages 26–28. DRD4 and 5-HTTLPR genetic variation did not consistently moderate the longitudinal associations between attachment security during infancy and adulthood. Conclusions This study provides initial longitudinal evidence for genetic contributions to continuity and change in attachment security from infancy to young adulthood. Genetic variation related to the oxytocin system may moderate the stability of attachment security across development. PMID:23731038

Famine Early Warning Systems and Their Use of Satellite Remote Sensing Data

NASA Technical Reports Server (NTRS)

Brown, Molly E.; Essam, Timothy; Leonard, Kenneth

2011-01-01

Famine early warning organizations have experience that has much to contribute to efforts to incorporate climate and weather information into economic and political systems. Food security crises are now caused almost exclusively by problems of food access, not absolute food availability, but the role of monitoring agricultural production both locally and globally remains central. The price of food important to the understanding of food security in any region, but it needs to be understood in the context of local production. Thus remote sensing is still at the center of much food security analysis, along with an examination of markets, trade and economic policies during food security analyses. Technology including satellite remote sensing, earth science models, databases of food production and yield, and modem telecommunication systems contributed to improved food production information. Here we present an econometric approach focused on bringing together satellite remote sensing and market analysis into food security assessment in the context of early warning.

Managing Complex IT Security Processes with Value Based Measures

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Mili, Ali

2009-01-01

Current trends indicate that IT security measures will need to greatly expand to counter the ever increasingly sophisticated, well-funded and/or economically motivated threat space. Traditional risk management approaches provide an effective method for guiding courses of action for assessment, and mitigation investments. However, such approaches no matter how popular demand very detailed knowledge about the IT security domain and the enterprise/cyber architectural context. Typically, the critical nature and/or high stakes require careful consideration and adaptation of a balanced approach that provides reliable and consistent methods for rating vulnerabilities. As reported in earlier works, the Cyberspace Security Econometrics System provides amore » comprehensive measure of reliability, security and safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders interests in that requirement. This paper advocates a dependability measure that acknowledges the aggregate structure of complex system specifications, and accounts for variations by stakeholder, by specification components, and by verification and validation impact.« less

Developing the security culture at the SEISMED Reference Centres.

PubMed

Fowler, J

1996-01-01

The paper gives a brief summary of the SEISMED project and the particular role played by the Reference Centres. Details are given of the hardware and application systems in use in the Royal Hospitals (NHS) Trust (RHT), one of the SEISMED Reference Centres. It proposes, without verification, a definition of a Security Culture based on three criteria. These are suggested to be the "Awareness" the "Acceptance" and the "Actions" of the management and staff to improve Information Systems Security throughout the RHT. The way that "Awareness" was increased is shown by the specific initiatives commenced as a result of a CRAMM Risk Analysis and the management and staff training programmes. The specific initiatives mentioned include, an Information Systems Security Policy, a contingency and disaster recovery plan, improvements in the physical protection of equipment and changes to the method of access control. The "Acceptance" by the staff of these measures is considered and the success or failure of "Developing A Security Culture" examined. The role of SEISMED in this process is assessed.

Compliance with HIPAA security standards in U.S. Hospitals.

PubMed

Davis, Diane; Having, Karen

2006-01-01

With the widespread use of computer networks, the amount of information stored electronically has grown exponentially, resulting in increased concern for privacy and security of information. The healthcare industry has been put to the test with the federally mandated Health Insurance Portability and Accountability Act (HIPAA) of 1996. To assess the compliance status of HIPAA security standards, a random sample of 1,000 U.S. hospitals was surveyed in January 2004, yielding a return rate of 29 percent. One year later, a follow-up survey was sent to all previous respondents, with 50 percent replying. HIPAA officers'perceptions of security compliance in 2004 and 2005 are compared in this article. The security standards achieving the highest level of compliance in both 2004 and 2005 were obtaining required business associate agreements and physical safeguards to limit access to electronic information systems. Respondents indicated least compliance both years in performing periodic evaluation of security practices governed by the Security Rule. Roadblocks, threats, problems and solutions regarding HIPAA compliance are discussed. This information may be applied to current and future strategies toward maintaining security of information systems throughout the healthcare industry.

6 CFR 27.215 - Security vulnerability assessments.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Security vulnerability assessments. 27.215... FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.215 Security vulnerability...-risk, the facility must complete a Security Vulnerability Assessment. A Security Vulnerability...

23 CFR 771.117 - Categorical exclusions.

Code of Federal Regulations, 2010 CFR

2010-04-01

..., computer-aided dispatching systems, radio communications systems, dynamic message signs, and security... effects can be assessed; and Federal-aid system revisions which establish classes of highways on the Federal-aid highway system. (2) Approval of utility installations along or across a transportation...

Information security governance: a risk assessment approach to health information systems protection.

PubMed

Williams, Patricia A H

2013-01-01

It is no small task to manage the protection of healthcare data and healthcare information systems. In an environment that is demanding adaptation to change for all information collection, storage and retrieval systems, including those for of e-health and information systems, it is imperative that good information security governance is in place. This includes understanding and meeting legislative and regulatory requirements. This chapter provides three models to educate and guide organisations in this complex area, and to simplify the process of information security governance and ensure appropriate and effective measures are put in place. The approach is risk based, adapted and contextualized for healthcare. In addition, specific considerations of the impact of cloud services, secondary use of data, big data and mobile health are discussed.

76 FR 9356 - Intent To Request Approval From OMB of One New Public Collection of Information: Baseline...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-17

... during site visits with security and operating officials of transit systems. The STSIs capture and... assessments during site visits with security and operating officials of transit agencies. DATES: Send your... distance passenger railroad providers operate in the United States.\\1\\ Mass transit and passenger rail...

LANL Safeguards and Security Assurance Program. Revision 6

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

1995-04-03

The Safeguards and Security (S and S) Assurance Program provides a continuous quality improvement approach to ensure effective, compliant S and S program implementation throughout the Los Alamos National Laboratory. Any issues identified through the various internal and external assessments are documented, tracked and closed using the Safeguards and Security Issue Management Program. The Laboratory utilizes an integrated S and S systems approach to protect US Department of Energy (DOE) interests from theft or diversion of special nuclear material (SNM), sabotage, espionage, loss or theft of classified/controlled matter or government property, and other hostile acts that may cause unacceptable impactsmore » on national security, health and safety of employees and the public, and the environment. This document explains the basis, scope, and conduct of the S and S process to include: self-assessments, issue management, risk assessment, and root cause analysis. It also provides a discussion of S and S topical areas, roles and responsibilities, process flow charts, minimum requirements, methodology, terms, and forms.« less

Design and implementation of website information disclosure assessment system.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2015-01-01

Internet application technologies, such as cloud computing and cloud storage, have increasingly changed people's lives. Websites contain vast amounts of personal privacy information. In order to protect this information, network security technologies, such as database protection and data encryption, attract many researchers. The most serious problems concerning web vulnerability are e-mail address and network database leakages. These leakages have many causes. For example, malicious users can steal database contents, taking advantage of mistakes made by programmers and administrators. In order to mitigate this type of abuse, a website information disclosure assessment system is proposed in this study. This system utilizes a series of technologies, such as web crawler algorithms, SQL injection attack detection, and web vulnerability mining, to assess a website's information disclosure. Thirty websites, randomly sampled from the top 50 world colleges, were used to collect leakage information. This testing showed the importance of increasing the security and privacy of website information for academic websites.

49 CFR 1540.203 - Security threat assessment.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 9 2011-10-01 2011-10-01 false Security threat assessment. 1540.203 Section 1540... Security Threat Assessments § 1540.203 Security threat assessment. (a) Each operator subject to this subpart must ensure that each of the following undergoes a security threat assessment or a comparable...

Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Architecture Lab Test Report

NASA Technical Reports Server (NTRS)

Iannicca, Dennis C.; McKim, James H.; Stewart, David H.; Thadhani, Suresh K.; Young, Daniel P.

2015-01-01

NASA Glenn Research Center, in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the FAA and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the current GRC prototype CNPC architecture as a demonstration platform. The security controls were integrated into a lab test bed mock-up of the Mobile IPv6 architecture currently being used for NASA flight testing, and a series of network tests were conducted to evaluate the security overhead of the controls compared to the baseline CNPC link without any security. The aim of testing was to evaluate the performance impact of the additional security control overhead when added to the Mobile IPv6 architecture in various modes of operation. The statistics collected included packet captures at points along the path to gauge packet size as the sample data traversed the CNPC network, round trip latency, jitter, and throughput. The effort involved a series of tests of the baseline link, a link with Robust Header Compression (ROHC) and without security controls, a link with security controls and without ROHC, and finally a link with both ROHC and security controls enabled. The effort demonstrated that ROHC is both desirable and necessary to offset the additional expected overhead of applying security controls to the CNPC link.

Proposal for a Security Management in Cloud Computing for Health Care

PubMed Central

Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources. PMID:24701137

Proposal for a security management in cloud computing for health care.

PubMed

Haufe, Knut; Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

49 CFR 1540.209 - Fees for security threat assessment.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Fees for security threat assessment. 1540.209...: GENERAL RULES Security Threat Assessments § 1540.209 Fees for security threat assessment. This section describes the payment process for completion of the security threat assessments required under subpart. (a...

Practical secure quantum communications

NASA Astrophysics Data System (ADS)

Diamanti, Eleni

2015-05-01

We review recent advances in the field of quantum cryptography, focusing in particular on practical implementations of two central protocols for quantum network applications, namely key distribution and coin flipping. The former allows two parties to share secret messages with information-theoretic security, even in the presence of a malicious eavesdropper in the communication channel, which is impossible with classical resources alone. The latter enables two distrustful parties to agree on a random bit, again with information-theoretic security, and with a cheating probability lower than the one that can be reached in a classical scenario. Our implementations rely on continuous-variable technology for quantum key distribution and on a plug and play discrete-variable system for coin flipping, and necessitate a rigorous security analysis adapted to the experimental schemes and their imperfections. In both cases, we demonstrate the protocols with provable security over record long distances in optical fibers and assess the performance of our systems as well as their limitations. The reported advances offer a powerful toolbox for practical applications of secure communications within future quantum networks.

77 FR 11145 - Intent to Request Renewal From OMB of One Current Public Collection of Information: Air Cargo...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-24

...The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), OMB control number 1652-0040, abstracted below that we will submit to the Office of Management and Budget (OMB) for renewal in compliance with the Paperwork Reduction Act. The ICR describes the nature of the information collection and its expected burden. This ICR involves five broad categories of affected populations: airports, passenger aircraft operators, foreign air carriers, indirect air carriers operating under a security program, and all-cargo carriers. The collections of information that make up this ICR are security programs, security threat assessments (STA), known shipper data via the Known Shipper Management System (KSMS), Air Cargo Data Management System (ACDMS), Cargo Reporting Tool for cargo screening reporting, and evidence of compliance recordkeeping. TSA seeks continued OMB approval in order to secure passenger aircraft carrying cargo as authorized in the Aviation and Transportation Security Act.

Reinforcements, ammunition limits, and termination of neutralization engagements in ASSESS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Paulus, W.K.; Mondragon, J.

1991-01-01

This paper reports on the ASSESS Neutralization Analysis module (Neutralization) which is part of Analytic system and Software for Evaluation of Safeguards and Security, ASSESS, a vulnerability assessment tool. Neutralization models a fire fight engagement between security inspectors (SIs) and adversaries. The model has been improved to represent more realistically the addition of reinforcements to an engagement, the criteria for declaring an engagement terminated, and the amount of ammunition which security forces can use. SI reinforcements must prevent adversaries from achieving their purpose even if an initial security force has been overcome. The reinforcements must be timely. A variety ofmore » reinforcement timeliness cases can be modeled. Reinforcements that are not timely are shown to be ineffective in the calculated results. Engagements may terminate before all combatants on one side are neutralized if they recognize that they are losing. A winner is declared when the number of survivors on one side is reduced to a user specified level. Realistically, the amount of ammunition that can be carried into an engagement is limited. Neutralization now permits the analyst to specify the number of rounds available to the security forces initially and the quantity of resupply that is introduced with reinforcements. These new capabilities all contribute toward more realistic modeling of neutralization engagements.« less

Semaphore network encryption report

NASA Astrophysics Data System (ADS)

Johnson, Karen L.

1994-03-01

This paper documents the results of a preliminary assessment performed on the commercial off-the-shelf (COTS) Semaphore Communications Corporation (SCC) Network Security System (NSS). The Semaphore NSS is a family of products designed to address important network security concerns, such as network source address authentication and data privacy. The assessment was performed in the INFOSEC Core Integration Laboratory, and its scope was product usability focusing on interoperability and system performance in an existing operational network. Included in this paper are preliminary findings. Fundamental features and functionality of the Semaphore NSS are identified, followed by details of the assessment, including test descriptions and results. A summary of test results and future plans are also included. These findings will be useful to those investigating the use of commercially available solutions to network authentication and data privacy.

Soil Security Assessment of Tasmania

NASA Astrophysics Data System (ADS)

Field, Damien; Kidd, Darren; McBratney, Alex

2017-04-01

The concept of soil security aligns well with the aspirational and marketing policies of the Tasmanian Government, where increased agricultural expansion through new irrigation schemes and multiple-use State managed production forests co-exists beside pristine World Heritage conservation land, a major drawcard of the economically important tourism industry . Regarding the Sustainable Development Gaols (SDG's) this could be seen as a exemplar of the emerging tool for quantification of spatial soil security to effectively protect our soil resource in terms of food (SDG 2.4, 3.9) and water security (SDG 6.4, 6.6), biodiversity maintenance and safeguarding fragile ecosystems (SDG 15.3, 15.9). The recent development and application of Digital Soil Mapping and Assessment capacities in Tasmania to stimulate agricultural production and better target appropriate soil resources has formed the foundational systems that can enable the first efforts in quantifying and mapping Tasmanian Soil Security, in particular the five Soil Security dimensions (Capability, Condition, Capital, Codification and Connectivity). However, to provide a measure of overall soil security, it was necessary to separately assess the State's three major soil uses; Agriculture, Conservation and Forestry. These products will provide an indication of where different activities are sustainable or at risk, where more soil data is needed, and provide a tool to better plan for a State requiring optimal food and fibre production, without depleting its natural soil resources and impacting on the fragile ecosystems supporting environmental benefits and the tourism industry.

Scenario-neutral Food Security Risk Assessment: A livestock Heat Stress Case Study

NASA Astrophysics Data System (ADS)

Broman, D.; Rajagopalan, B.; Hopson, T. M.

2015-12-01

Food security risk assessments can provide decision-makers with actionable information to identify critical system limitations, and alternatives to mitigate the impacts of future conditions. The majority of current risk assessments have been scenario-led and results are limited by the scenarios - selected future states of the world's climate system and socioeconomic factors. A generic scenario-neutral framework for food security risk assessments is presented here that uses plausible states of the world without initially assigning likelihoods. Measures of system vulnerabilities are identified and system risk is assessed for these states. This framework has benefited greatly by research in the water and natural resource fields to adapt their planning to provide better risk assessments. To illustrate the utility of this framework we develop a case study using livestock heat stress risk within the pastoral system of West Africa. Heat stress can have a major impact not only on livestock owners, but on the greater food production system, decreasing livestock growth, milk production, and reproduction, and in severe cases, death. A heat stress index calculated from daily weather is used as a vulnerability measure and is computed from historic daily weather data at several locations in the study region. To generate plausible states, a stochastic weather generator is developed to generate synthetic weather sequences at each location, consistent with the seasonal climate. A spatial model of monthly and seasonal heat stress provide projections of current and future livestock heat stress measures across the study region, and can incorporate in seasonal climate and other external covariates. These models, when linked with empirical thresholds of heat stress risk for specific breeds offer decision-makers with actionable information for use in near-term warning systems as well as for future planning. Future assessment can indicate under which states livestock are at greatest risk of heat stress; when coupled with assessments of additional measures (e.g. water and fodder availability) can inform on alternatives that provide satisfactory performance under a wide range of states (e.g. optimal cattle breed, supplemental feed, increased water access).

New parsimonious simulation methods and tools to assess future food and environmental security of farm populations

PubMed Central

Antle, John M.; Stoorvogel, Jetse J.; Valdivia, Roberto O.

2014-01-01

This article presents conceptual and empirical foundations for new parsimonious simulation models that are being used to assess future food and environmental security of farm populations. The conceptual framework integrates key features of the biophysical and economic processes on which the farming systems are based. The approach represents a methodological advance by coupling important behavioural processes, for example, self-selection in adaptive responses to technological and environmental change, with aggregate processes, such as changes in market supply and demand conditions or environmental conditions as climate. Suitable biophysical and economic data are a critical limiting factor in modelling these complex systems, particularly for the characterization of out-of-sample counterfactuals in ex ante analyses. Parsimonious, population-based simulation methods are described that exploit available observational, experimental, modelled and expert data. The analysis makes use of a new scenario design concept called representative agricultural pathways. A case study illustrates how these methods can be used to assess food and environmental security. The concluding section addresses generalizations of parametric forms and linkages of regional models to global models. PMID:24535388

New parsimonious simulation methods and tools to assess future food and environmental security of farm populations.

PubMed

Antle, John M; Stoorvogel, Jetse J; Valdivia, Roberto O

2014-04-05

This article presents conceptual and empirical foundations for new parsimonious simulation models that are being used to assess future food and environmental security of farm populations. The conceptual framework integrates key features of the biophysical and economic processes on which the farming systems are based. The approach represents a methodological advance by coupling important behavioural processes, for example, self-selection in adaptive responses to technological and environmental change, with aggregate processes, such as changes in market supply and demand conditions or environmental conditions as climate. Suitable biophysical and economic data are a critical limiting factor in modelling these complex systems, particularly for the characterization of out-of-sample counterfactuals in ex ante analyses. Parsimonious, population-based simulation methods are described that exploit available observational, experimental, modelled and expert data. The analysis makes use of a new scenario design concept called representative agricultural pathways. A case study illustrates how these methods can be used to assess food and environmental security. The concluding section addresses generalizations of parametric forms and linkages of regional models to global models.

A review of physical security robotics at Sandia National Laboratories

DOE Office of Scientific and Technical Information (OSTI.GOV)

Roerig, S.C.

1990-01-01

As an outgrowth of research into physical security technologies, Sandia is investigating the role of robotics in security systems. Robotics may allow more effective utilization of guard forces, especially in scenarios where personnel would be exposed to harmful environments. Robots can provide intrusion detection and assessment functions for failed sensors or transient assets, can test existing fixed site sensors, and can gather additional intelligence and dispense delaying elements. The Robotic Security Vehicle (RSV) program for DOE/OSS is developing a fieldable prototype for an exterior physical security robot based upon a commercial four wheel drive vehicle. The RSV will be capablemore » of driving itself, being driven remotely, or being driven by an onboard operator around a site and will utilize its sensors to alert an operator to unusual conditions. The Remote Security Station (RSS) program for the Defense Nuclear Agency is developing a proof-of-principle robotic system which will be used to evaluate the role, and associated cost, of robotic technologies in exterior security systems. The RSS consists of an independent sensor pod, a mobile sensor platform and a control and display console. Sensor data fusion is used to optimize the system's intrusion detection performance. These programs are complementary, the RSV concentrates on developing autonomous mobility, while the RSS thrust is on mobile sensor employment. 3 figs.« less

A recycling index for food and health security: urban Taipei.

PubMed

Huang, Susana Tzy-Ying

2010-01-01

The modern food system has evolved into one with highly inefficient activities, producing waste at each step of the food pathway from growing to consumption and disposal. The present challenge is to improve recyclability in the food system as a fundamental need for food and health security. This paper develops a methodological approach for a Food Recycling Index (FRI) as a tool to assess recyclability in the food system, to identify opportunities to reduce waste production and environmental contamination, and to provide a self-assessment tool for participants in the food system. The urban Taipei framework was used to evaluate resource and nutrient flow within the food consumption and waste management processes of the food system. A stepwise approach for a FRI is described: (1) identification of the major inputs and outputs in the food chain; (2) classification of inputs and outputs into modules (energy, water, nutrients, and contaminants); (3) assignment of semi-quantitative scores for each module and food system process using a matrix; (4) assessment for recycling status and recyclability potential; (5) conversion of scores into sub-indices; (6) derivation of an aggregate FRI. A FRI of 1.24 was obtained on the basis of data for kitchen waste management in Taipei, a score which encompasses absolute and relative values for a comprehensive interpretation. It is apparent that a FRI could evolve into a broader ecosystem concept with health relevance. Community end-users and policy planners can adopt this approach to improve food and health security.

Avulsed Nasoenteric Bridle System Magnet as an Intranasal Foreign Body.

PubMed

Puricelli, Michael D; Newberry, Christopher Ian; Gov-Ari, Eliav

2016-02-01

Nasoenteric tubes provide short-term nutrition support to patients unable to take an adequate oral diet. Bridling systems may be used to secure tubes to guard against displacement. We present the first case of an avulsed magnet from a bridling system to raise awareness of this potential complication. The primary methods of securing a nasogastric tube are reviewed, and comparative assessment of the 3 main systems is presented. Diagnosis and management of nasal foreign bodies relevant to this case are reviewed and prevention/safety considerations discussed. © 2015 American Society for Parenteral and Enteral Nutrition.

75 FR 76647 - Special Conditions: Boeing Model 747-8 Airplanes, Systems and Data Networks Security-Isolation or...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-09

...: Digital systems architecture composed of several connected networks. The proposed network architecture..., communication, and navigation systems (Aircraft Control Domain), 2. Airline business and administrative support... system architectures. Furthermore, 14 CFR regulations and current system safety assessment policy and...

Processing multilevel secure test and evaluation information

NASA Astrophysics Data System (ADS)

Hurlburt, George; Hildreth, Bradley; Acevedo, Teresa

1994-07-01

The Test and Evaluation Community Network (TECNET) is building a Multilevel Secure (MLS) system. This system features simultaneous access to classified and unclassified information and easy access through widely available communications channels. It provides the necessary separation of classification levels, assured through the use of trusted system design techniques, security assessments and evaluations. This system enables cleared T&E users to view and manipulate classified and unclassified information resources either using a single terminal interface or multiple windows in a graphical user interface. TECNET is in direct partnership with the National Security Agency (NSA) to develop and field the MLS TECNET capability in the near term. The centerpiece of this partnership is a state-of-the-art Concurrent Systems Security Engineering (CSSE) process. In developing the MLS TECNET capability, TECNET and NSA are providing members, with various expertise and diverse backgrounds, to participate in the CSSE process. The CSSE process is founded on the concepts of both Systems Engineering and Concurrent Engineering. Systems Engineering is an interdisciplinary approach to evolve and verify an integrated and life cycle balanced set of system product and process solutions that satisfy customer needs (ASD/ENS-MIL STD 499B 1992). Concurrent Engineering is design and development using the simultaneous, applied talents of a diverse group of people with the appropriate skills. Harnessing diverse talents to support CSSE requires active participation by team members in an environment that both respects and encourages diversity.

49 CFR 1540.205 - Procedures for security threat assessment.

Code of Federal Regulations, 2010 CFR

2010-10-01

... threat; (ii) The basis for the determination; (iii) Information about how the applicant may appeal the... 49 Transportation 9 2010-10-01 2010-10-01 false Procedures for security threat assessment. 1540... SECURITY: GENERAL RULES Security Threat Assessments § 1540.205 Procedures for security threat assessment...

Cyber-Physical System Security of a Power Grid: State-of-the-Art

DOE PAGES

Sun, Chih -Che; Liu, Chen -Ching; Xie, Jing

2016-07-14

Here, as part of the smart grid development, more and more technologies are developed and deployed on the power grid to enhance the system reliability. A primary purpose of the smart grid is to significantly increase the capability of computer-based remote control and automation. As a result, the level of connectivity has become much higher, and cyber security also becomes a potential threat to the cyber-physical systems (CPSs). In this paper, a survey of the state-of-the-art is conducted on the cyber security of the power grid concerning issues of: the structure of CPSs in a smart grid; cyber vulnerability assessment;more » cyber protection systems; and testbeds of a CPS. At Washington State University (WSU), the Smart City Testbed (SCT) has been developed to provide a platform to test, analyze and validate defense mechanisms against potential cyber intrusions. A test case is provided in this paper to demonstrate how a testbed helps the study of cyber security and the anomaly detection system (ADS) for substations.« less

Strengthening global health security by embedding the International Health Regulations requirements into national health systems

PubMed Central

Kluge, Hans; Martín-Moreno, Jose Maria; Emiroglu, Nedret; Rodier, Guenael; Kelley, Edward; Vujnovic, Melitta; Permanand, Govin

2018-01-01

The International Health Regulations (IHR) 2005, as the overarching instrument for global health security, are designed to prevent and cope with major international public health threats. But poor implementation in countries hampers their effectiveness. In the wake of a number of major international health crises, such as the 2014 Ebola and 2016 Zika outbreaks, and the findings of a number of high-level assessments of the global response to these crises, it has become clear that there is a need for more joined-up thinking between health system strengthening activities and health security efforts for prevention, alert and response. WHO is working directly with its Member States to promote this approach, more specifically around how to better embed the IHR (2005) core capacities into the main health system functions. This paper looks at how and where the intersections between the IHR and the health system can be best leveraged towards developing greater health system resilience. This merging of approaches is a key component in pursuit of Universal Health Coverage and strengthened global health security as two mutually reinforcing agendas. PMID:29379650

Strengthening global health security by embedding the International Health Regulations requirements into national health systems.

PubMed

Kluge, Hans; Martín-Moreno, Jose Maria; Emiroglu, Nedret; Rodier, Guenael; Kelley, Edward; Vujnovic, Melitta; Permanand, Govin

2018-01-01

The International Health Regulations (IHR) 2005, as the overarching instrument for global health security, are designed to prevent and cope with major international public health threats. But poor implementation in countries hampers their effectiveness. In the wake of a number of major international health crises, such as the 2014 Ebola and 2016 Zika outbreaks, and the findings of a number of high-level assessments of the global response to these crises, it has become clear that there is a need for more joined-up thinking between health system strengthening activities and health security efforts for prevention, alert and response. WHO is working directly with its Member States to promote this approach, more specifically around how to better embed the IHR (2005) core capacities into the main health system functions. This paper looks at how and where the intersections between the IHR and the health system can be best leveraged towards developing greater health system resilience. This merging of approaches is a key component in pursuit of Universal Health Coverage and strengthened global health security as two mutually reinforcing agendas.

Cyber-Physical System Security of a Power Grid: State-of-the-Art

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sun, Chih -Che; Liu, Chen -Ching; Xie, Jing

Here, as part of the smart grid development, more and more technologies are developed and deployed on the power grid to enhance the system reliability. A primary purpose of the smart grid is to significantly increase the capability of computer-based remote control and automation. As a result, the level of connectivity has become much higher, and cyber security also becomes a potential threat to the cyber-physical systems (CPSs). In this paper, a survey of the state-of-the-art is conducted on the cyber security of the power grid concerning issues of: the structure of CPSs in a smart grid; cyber vulnerability assessment;more » cyber protection systems; and testbeds of a CPS. At Washington State University (WSU), the Smart City Testbed (SCT) has been developed to provide a platform to test, analyze and validate defense mechanisms against potential cyber intrusions. A test case is provided in this paper to demonstrate how a testbed helps the study of cyber security and the anomaly detection system (ADS) for substations.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, T.

SPI/U3.1 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Inspector Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, Tony

SPI/U3.2 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Authentication Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

Safety assessment of a home-based telecare system for adults with developmental disabilities in Indiana: a multi-stakeholder perspective.

PubMed

Brewer, Jeffrey L; Taber-Doughty, Teresa; Kubik, Sara

2010-01-01

We investigated the perceptions of people about the safety, security and privacy of a telecare monitoring system for adults with developmental disabilities living in residential settings. The telecare system was used by remote caregivers overnight, when staff were not present in the homes. We surveyed 127 people from different stakeholder groups in the state of Indiana. The people surveyed included those with knowledge or experience of telecare, and those without. The stakeholders were clients, their advocates, service provider administrators and independent case coordinators. The responses in each category for every group were positive except one: only 4 of the 11 telecare case coordinators agreed that the telecare system provided a secure environment. Overall, the telecare system was perceived to be as safe, secure and private as the conventional alternative of having staff in the home.

49 CFR 1572.500 - Scope.

Code of Federal Regulations, 2010 CFR

2010-10-01

..., DEPARTMENT OF HOMELAND SECURITY MARITIME AND LAND TRANSPORTATION SECURITY CREDENTIALING AND SECURITY THREAT ASSESSMENTS Fees for Security Threat Assessments for Transportation Worker Identification Credential (TWIC... Transportation Worker Identification Credential and must undergo a security threat assessment under 49 CFR part...

Assessing the Alignment of Information Security with Strategic Business, and Strategic Information System Planning: A Department of Defense Perspective

DTIC Science & Technology

2010-06-01

Wolfgang. "Appraisal of the effectivness and efficiency of an Information Security Management System based on ISO 27001 ." International Conference on...of corporate information resources (Doherty and 29 Fulford, 2006) ( ISO /IEC 17799, 2005). Both public and private sectors of business have...Science Ltd, 2002. Iacovou, Charalambos L. "The IPACS project: when IT hits the fan." Journal of Information Technology, 1999: 267-275. ISO /IEC 17799

Enhancing Public Helicopter Safety as a Component of Homeland Security

DTIC Science & Technology

2016-12-01

Risk Assessment Tool GPS Global Positioning System IFR instrument flight rules ILS instrument landing system IMC instrument meteorological...flight rules ( IFR ) flying and the lack of a pre-flight risk assessment. Pilot fatigue is a factor that appeared in two of the accident reports (New...three common factors that emerged from the qualitative analysis of coding: inadequate proficiency of IFR flying, lack of a pre- flight risk assessment

Design and evaluation of the ReKon : an integrated detection and assessment perimeter system.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dabling, Jeffrey Glenn; Andersen, Jason Jann; McLaughlin, James O.

2013-02-01

Kontek Industries (Kannapolis, NC) and their subsidiary, Stonewater Control Systems (Kannapolis, NC), have entered into a cooperative research and development agreement with Sandia to jointly develop and evaluate an integrated perimeter security system solution, one that couples access delay with detection and assessment. This novel perimeter solution was designed to be configurable for use at facilities ranging from high-security military sites to commercial power plants, to petro/chemical facilities of various kinds. A prototype section of the perimeter has been produced and installed at the Sandia Test and Evaluation Center in Albuquerque, NM. This prototype system integrated fiber optic break sensors,more » active infrared sensors, fence disturbance sensors, video motion detection, and ground sensors. This report documents the design, testing, and performance evaluation of the developed ReKon system. The ability of the system to properly detect pedestrian or vehicle attempts to bypass, breach, or otherwise defeat the system is characterized, as well as the Nuisance Alarm Rate.« less

Towards a New Food System Assessment: AgMIP Coordinated Global and Regional Assessments of Climate Change

NASA Technical Reports Server (NTRS)

Rosenzweig, Cynthia E.; Thorburn, Peter

2017-01-01

Agricultural stakeholders need more credible information on which to base adaptation and mitigation policy decisions. In order to provide this, we must improve the rigor of agricultural modelling. Ensemble approaches can be used to address scale issues and integrated teams can overcome disciplinary silos. The AgMIP Coordinated Global and Regional Assessments of Climate Change and Food Security (CGRA) has the goal to link agricultural systems models using common protocols and scenarios to significantly improve understanding of climate effects on crops, livestock and livelihoods across multiple scales. The AgMIP CGRA assessment brings together experts in climate, crop, livestock, economics, and food security to develop Protocols to guide the process throughout the assessment. Scenarios are designed to consistently combine elements of intertwined storylines of future society including, socioeconomic development, greenhouse gas concentrations, and specific pathways of agricultural sector development. Through these approaches, AgMIP partners around the world are providing an evidence base for their stakeholders as they make decisions and investments.

Optimisation of Critical Infrastructure Protection: The SiVe Project on Airport Security

NASA Astrophysics Data System (ADS)

Breiing, Marcus; Cole, Mara; D'Avanzo, John; Geiger, Gebhard; Goldner, Sascha; Kuhlmann, Andreas; Lorenz, Claudia; Papproth, Alf; Petzel, Erhard; Schwetje, Oliver

This paper outlines the scientific goals, ongoing work and first results of the SiVe research project on critical infrastructure security. The methodology is generic while pilot studies are chosen from airport security. The outline proceeds in three major steps, (1) building a threat scenario, (2) development of simulation models as scenario refinements, and (3) assessment of alternatives. Advanced techniques of systems analysis and simulation are employed to model relevant airport structures and processes as well as offences. Computer experiments are carried out to compare and optimise alternative solutions. The optimality analyses draw on approaches to quantitative risk assessment recently developed in the operational sciences. To exploit the advantages of the various techniques, an integrated simulation workbench is build up in the project.

49 CFR 1548.16 - Security threat assessments for each proprietor, general partner, officer, director, and certain...

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security threat assessments for each proprietor..., or owner of the entity must successfully complete a security threat assessment or comparable security... owner of the entity has successfully completed a Security Threat Assessment under part 1540, subpart C...

Usability Assessment of Secure Messaging for Clinical Document Sharing between Health Care Providers and Patients.

PubMed

Jahn, Michelle A; Porter, Brian W; Patel, Himalaya; Zillich, Alan J; Simon, Steven R; Russ, Alissa L

2018-04-01

 Web-based patient portals feature secure messaging systems that enable health care providers and patients to communicate information. However, little is known about the usability of these systems for clinical document sharing.  This article evaluates the usability of a secure messaging system for providers and patients in terms of its ability to support sharing of electronic clinical documents.  We conducted usability testing with providers and patients in a human-computer interaction laboratory at a Midwestern U.S. hospital. Providers sent a medication list document to a fictitious patient via secure messaging. Separately, patients retrieved the clinical document from a secure message and returned it to a fictitious provider. We collected use errors, task completion, task time, and satisfaction.  Twenty-nine individuals participated: 19 providers (6 physicians, 6 registered nurses, and 7 pharmacists) and 10 patients. Among providers, 11 (58%) attached and sent the clinical document via secure messaging without requiring assistance, in a median (range) of 4.5 (1.8-12.7) minutes. No patients completed tasks without moderator assistance. Patients accessed the secure messaging system within 3.6 (1.2-15.0) minutes; retrieved the clinical document within 0.8 (0.5-5.7) minutes; and sent the attached clinical document in 6.3 (1.5-18.1) minutes. Although median satisfaction ratings were high, with 5.8 for providers and 6.0 for patients (scale, 0-7), we identified 36 different use errors. Physicians and pharmacists requested additional features to support care coordination via health information technology, while nurses requested features to support efficiency for their tasks.  This study examined the usability of clinical document sharing, a key feature of many secure messaging systems. Our results highlight similarities and differences between provider and patient end-user groups, which can inform secure messaging design to improve learnability and efficiency. The observations suggest recommendations for improving the technical aspects of secure messaging for clinical document sharing. Schattauer GmbH Stuttgart.

The Westgate Service and Related Referral, Assessment, and Treatment Processes.

PubMed

Bennett, Alice L

2015-12-01

The formerly named "Dangerous and Severe Personality Disorder" (DSPD) units are no longer standalone services within the criminal justice system in England and Wales. These sites now provide personality disorder treatment services in the high-security prison estate as part of the new national Offender Personality Disorder (OPD) Pathway Strategy. The OPD Pathway intends to take responsibility for the assessment, treatment, and management of offenders who are likely to have a personality disorder and who present a high risk of re-offending (men and women) and serious harm to others (men). Further PD treatment and progression services are being commissioned in lower security prisons and in the community as part of the new PD Strategy. While the suitability criteria for the two male high-security PD treatment sites are the same, the individual units have their own assessment and treatment methods. This article aims to communicate the referral, assessment, and treatment methods employed within the prison-based Westgate Personality Disorder Treatment Service, HMP Frankland. © The Author(s) 2014.

Validation of the "Security Needs Assessment Profile" for measuring the profiles of security needs of Chinese forensic psychiatric inpatients.

PubMed

Siu, B W M; Au-Yeung, C C Y; Chan, A W L; Chan, L S Y; Yuen, K K; Leung, H W; Yan, C K; Ng, K K; Lai, A C H; Davies, S; Collins, M

Mapping forensic psychiatric services with the security needs of patients is a salient step in service planning, audit and review. A valid and reliable instrument for measuring the security needs of Chinese forensic psychiatric inpatients was not yet available. This study aimed to develop and validate the Chinese version of the Security Needs Assessment Profile for measuring the profiles of security needs of Chinese forensic psychiatric inpatients. The Security Needs Assessment Profile by Davis was translated into Chinese. Its face validity, content validity, construct validity and internal consistency reliability were assessed by measuring the security needs of 98 Chinese forensic psychiatric inpatients. Principal factor analysis for construct validity provided a six-factor security needs model explaining 68.7% of the variance. Based on the Cronbach's alpha coefficient, the internal consistency reliability was rated as acceptable for procedural security (0.73), and fair for both physical security (0.62) and relational security (0.58). A significant sex difference (p=0.002) in total security score was found. The Chinese version of the Security Needs Assessment Profile is a valid and reliable instrument for assessing the security needs of Chinese forensic psychiatric inpatients. Copyright © 2017 Elsevier Ltd. All rights reserved.

New Resources for Computer-Aided Legal Research: An Assessment of the Usefulness of the DIALOG System in Securities Regulation Studies.

ERIC Educational Resources Information Center

Gruner, Richard; Heron, Carol E.

1984-01-01

Examines usefulness of DIALOG as legal research tool through use of DIALOG's DIALINDEX database to identify those databases among almost 200 available that contain large numbers of records related to federal securities regulation. Eight databases selected for further study are detailed. Twenty-six footnotes, database statistics, and samples are…

49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Access to cargo: Security threat assessments for...: Security threat assessments for cargo personnel in the United States. This section applies in the United...— (1) Each individual must successfully complete a security threat assessment or comparable security...

Decision Support System for Disability Assessment and Intervention.

ERIC Educational Resources Information Center

Dowler, Denetta L.; And Others

1991-01-01

Constructed decision support system to aid referral of good candidates for rehabilitation from Social Security Administration to rehabilitation counselors. Three layers of system were gross screening based on policy guidelines, training materials, and interviews with experts; physical and mental functional capacity items derived from policy…

Secure Internet video conferencing for assessing acute medical problems in a nursing facility.

PubMed Central

Weiner, M.; Schadow, G.; Lindbergh, D.; Warvel, J.; Abernathy, G.; Dexter, P.; McDonald, C. J.

2001-01-01

Although video-based teleconferencing is becoming more widespread in the medical profession, especially for scheduled consultations, applications for rapid assessment of acute medical problems are rare. Use of such a video system in a nursing facility may be especially beneficial, because physicians are often not immediately available to evaluate patients. We have assembled and tested a portable, wireless conferencing system to prepare for a randomized trial of the system s influence on resource utilization and satisfaction. The system includes a rolling cart with video conferencing hardware and software, a remotely controllable digital camera, light, wireless network, and battery. A semi-automated paging system informs physicians of patient s study status and indications for conferencing. Data transmission occurs wirelessly in the nursing home and then through Internet cables to the physician s home. This provides sufficient bandwidth to support quality motion images. IPsec secures communications. Despite human and technical challenges, this system is affordable and functional. Images Figure 1 PMID:11825286

Test and Evaluation for Enhanced Security: A Quantitative Method to Incorporate Expert Knowledge into Test Planning Decisions.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rizzo, Davinia; Blackburn, Mark

Complex systems are comprised of technical, social, political and environmental factors as well as the programmatic factors of cost, schedule and risk. Testing these systems for enhanced security requires expert knowledge in many different fields. It is important to test these systems to ensure effectiveness, but testing is limited to due cost, schedule, safety, feasibility and a myriad of other reasons. Without an effective decision framework for Test and Evaluation (T&E) planning that can take into consideration technical as well as programmatic factors and leverage expert knowledge, security in complex systems may not be assessed effectively. Therefore, this paper coversmore » the identification of the current T&E planning problem and an approach to include the full variety of factors and leverage expert knowledge in T&E planning through the use of Bayesian Networks (BN).« less

Communications and control for electric power systems: Power flow classification for static security assessment

NASA Technical Reports Server (NTRS)

Niebur, D.; Germond, A.

1993-01-01

This report investigates the classification of power system states using an artificial neural network model, Kohonen's self-organizing feature map. The ultimate goal of this classification is to assess power system static security in real-time. Kohonen's self-organizing feature map is an unsupervised neural network which maps N-dimensional input vectors to an array of M neurons. After learning, the synaptic weight vectors exhibit a topological organization which represents the relationship between the vectors of the training set. This learning is unsupervised, which means that the number and size of the classes are not specified beforehand. In the application developed in this report, the input vectors used as the training set are generated by off-line load-flow simulations. The learning algorithm and the results of the organization are discussed.

Strengthening Data Confidentiality and Integrity Protection in the Context of a Multi-Centric Information System Dedicated to Autism Spectrum Disorder.

PubMed

Ben Said, Mohamed; Robel, Laurence; Golse, Bernard; Jais, Jean Philippe

2017-01-01

Autism spectrum disorders (ASD) are complex neuro-developmental disorders affecting children in early age. Diagnosis relies on multidisciplinary investigations, in psychiatry, neurology, genetics, electrophysiology, neuro-imagery, audiology, and ophthalmology. To support clinicians, researchers, and public health decision makers, we developed an information system dedicated to ASD, called TEDIS. It was designed to manage systematic, exhaustive and continuous multi-centric patient data collection via secured internet connections. TEDIS will be deployed in nine ASD expert assessment centers in Ile-DeFrance district. We present security policy and infrastructure developed in context of TEDIS to protect patient privacy and clinical information. TEDIS security policy was organized around governance, ethical and organisational chart-agreement, patients consents, controlled user access, patients' privacy protection, constrained patients' data access. Security infrastructure was enriched by further technical solutions to reinforce ASD patients' privacy protection. Solutions were tested on local secured intranet environment and showed fluid functionality with consistent, transparent and safe encrypting-decrypting results.

Design and validation of inert homemade explosive simulants for X-ray-based inspection systems

NASA Astrophysics Data System (ADS)

Faust, Anthony A.; Nacson, Sabatino; Koffler, Bruce; Bourbeau, Éric; Gagne, Louis; Laing, Robin; Anderson, C. J.

2014-05-01

Transport Canada (TC), the Canadian Armed Forces, and other public security agencies have an interest in the assessment of the potential utility of advanced explosives detection technologies to aid in the detection and interdiction of commercial grade, military grade, and homemade or improvised explosives (HME or IE). The availability of suitable, non-hazardous, non-toxic, explosive simulants is of concern when assessing the potential utility of such detection systems. Lack of simulants limits the training opportunities, and ultimately the detection probability, of security personnel using these systems. While simulants for commercial and military grade explosives are available for a wide variety of detection technologies, the design and production of materials to simulate improvised explosives has not kept pace with this emerging threat. Funded by TC and the Canadian Safety and Security Program, Defence Research and Development Canada (DRDC), Visiontec Systems, and Optosecurity engaged in an effort to develop inert, non-toxic Xray interrogation simulants for IE materials such as ammonium nitrate, potassium chlorate, and triacetone triperoxide. These simulants were designed to mimic key X-ray interrogation-relevant material properties of real improvised explosives, principally their bulk density and effective atomic number. Different forms of the simulants were produced and tested, simulating the different explosive threat formulations that could be encountered by front line security workers. These simulants comply with safety and stability requirements, and as best as possible match form and homogeneity. This paper outlines the research program, simulant design, and validation.

Design and Implementation of Website Information Disclosure Assessment System

PubMed Central

Cho, Ying-Chiang; Pan, Jen-Yi

2015-01-01

Internet application technologies, such as cloud computing and cloud storage, have increasingly changed people’s lives. Websites contain vast amounts of personal privacy information. In order to protect this information, network security technologies, such as database protection and data encryption, attract many researchers. The most serious problems concerning web vulnerability are e-mail address and network database leakages. These leakages have many causes. For example, malicious users can steal database contents, taking advantage of mistakes made by programmers and administrators. In order to mitigate this type of abuse, a website information disclosure assessment system is proposed in this study. This system utilizes a series of technologies, such as web crawler algorithms, SQL injection attack detection, and web vulnerability mining, to assess a website’s information disclosure. Thirty websites, randomly sampled from the top 50 world colleges, were used to collect leakage information. This testing showed the importance of increasing the security and privacy of website information for academic websites. PMID:25768434

A Vulnerability Assessment of the U.S. Small Business B2C E-Commerce Network Systems

ERIC Educational Resources Information Center

Zhao, Jensen J.; Truell, Allen D.; Alexander, Melody W.; Woosley, Sherry A.

2011-01-01

Objective: This study assessed the security vulnerability of the U.S. small companies' business-to-consumer (B2C) e-commerce network systems. Background: As the Internet technologies have been changing the way business is conducted, the U.S. small businesses are investing in such technologies and taking advantage of e-commerce to access global…

Cyber-Physical Attack-Resilient Wide-Area Monitoring, Protection, and Control for the Power Grid

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ashok, Aditya; Govindarasu, Manimaran; Wang, Jianhui

Cyber security and resiliency of Wide-Area Monitoring, Protection and Control (WAMPAC) applications is critically important to ensure secure, reliable, and economic operation of the bulk power system. WAMPAC relies heavily on the security of measurements and control commands transmitted over wide-area communication networks for real-time operational, protection, and control functions. Also, the current “N-1 security criteria” for grid operation is inadequate to address malicious cyber events and therefore it is important to fundamentally redesign WAMPAC and to enhance Energy Management System (EMS) applications to make them attack-resilient. In this paper, we propose an end-to-end defense-in-depth architecture for attack-resilient WAMPAC thatmore » addresses resilience at both the infrastructure layer and the application layers. Also, we propose an attack-resilient cyber-physical security framework that encompasses the entire security life cycle including risk assessment, attack prevention, attack detection, attack mitigation, and attack resilience. The overarching objective of this paper is to provide a broad scope that comprehensively describes most of the major research issues and potential solutions in the context of cyber-physical security of WAMPAC for the power grid.« less

Sandia National Laboratories: Sandia National Laboratories: Missions:

Science.gov Websites

; Security Weapons Science & Technology Defense Systems & Assessments About Defense Systems & ; Development Technology Deployment Centers Working With Sandia Working With Sandia Prospective Suppliers What Information Construction & Facilities Contract Audit Sandia's Economic Impact Licensing & Technology

Indigenous Knowledge - A Holistic View Through a Food Security Lens

NASA Astrophysics Data System (ADS)

Angnaboogok, V.; Behe, C.; Daniel, R. G.

2017-12-01

Rapid changes occurring within the Arctic heighten the need to understand the multiple drivers pushing change and their cumulative impacts. Most importantly to better understand Arctic change a holistic view is needed that can only be achieved through bringing together multiple knowledge systems and scientific disciplines. Inuit have called the Arctic home from time immemorial acquiring a knowledge system. The Inuit knowledge system continues to grow, and holds methodologies and assessment processes that provide a pathway for holistically understanding the Arctic. This holistic view is largely attributed to a focus on relationships between system components, close attention to food webs, and a unique understanding of interconnecting systems. The Alaskan Inuit understanding of food security represents an Indigenous way of viewing the world - where food security encompasses complex and interlinked cultural and environmental systems. These systems are comprised of connections among the health of people, animals, and plants; the different states of land, sea, and air; and the cultural fabric held together by language, cultural expression, and social integrity. Within the Inuit knowledge system, it is impossible to disentangle some of these relationships; when we discuss an Inuit food security perspective, it is this interconnectivity and these relationships that we refer to. This presentation will offer an introduction to what it means to adopt a food security lens approach - a view needed to build our knowledge of the changes that are occurring and further our understanding of cumulative impacts while illuminating the nexus between all pieces that make up Arctic ecosystems.

49 CFR 1572.9 - Applicant information required for HME security threat assessment.

Code of Federal Regulations, 2011 CFR

2011-10-01

... threat assessment. 1572.9 Section 1572.9 Transportation Other Regulations Relating to Transportation... TRANSPORTATION SECURITY CREDENTIALING AND SECURITY THREAT ASSESSMENTS Procedures and General Standards § 1572.9 Applicant information required for HME security threat assessment. An applicant must supply the information...

33 CFR 103.405 - Elements of the Area Maritime Security (AMS) Assessment.

Code of Federal Regulations, 2011 CFR

2011-07-01

... networks; (6) Relevant transportation infrastructure; (7) Utilities; (8) Security resources and... Security (AMS) Assessment. 103.405 Section 103.405 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime...

33 CFR 103.405 - Elements of the Area Maritime Security (AMS) Assessment.

Code of Federal Regulations, 2014 CFR

2014-07-01

... networks; (6) Relevant transportation infrastructure; (7) Utilities; (8) Security resources and... Security (AMS) Assessment. 103.405 Section 103.405 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime...

33 CFR 103.405 - Elements of the Area Maritime Security (AMS) Assessment.

Code of Federal Regulations, 2010 CFR

2010-07-01

... networks; (6) Relevant transportation infrastructure; (7) Utilities; (8) Security resources and... Security (AMS) Assessment. 103.405 Section 103.405 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime...

33 CFR 103.405 - Elements of the Area Maritime Security (AMS) Assessment.

Code of Federal Regulations, 2012 CFR

2012-07-01

... networks; (6) Relevant transportation infrastructure; (7) Utilities; (8) Security resources and... Security (AMS) Assessment. 103.405 Section 103.405 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime...

33 CFR 103.405 - Elements of the Area Maritime Security (AMS) Assessment.

Code of Federal Regulations, 2013 CFR

2013-07-01

... networks; (6) Relevant transportation infrastructure; (7) Utilities; (8) Security resources and... Security (AMS) Assessment. 103.405 Section 103.405 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime...

Child anger proneness moderates associations between child-mother attachment security and child behavior with mothers at 33 months.

PubMed

McElwain, Nancy L; Holland, Ashley S; Engle, Jennifer M; Wong, Maria S

2012-02-01

Child-mother attachment security, assessed via a modified Strange Situation procedure (Cassidy & Marvin, with the MacArthur Attachment Working Group, 1992), and parent-reported child proneness to anger were examined as correlates of observed child behavior toward mothers during a series of interactive tasks (N = 120, 60 girls). Controlling for maternal sensitivity and child gender and expressive language ability, greater attachment security, and lower levels of anger proneness were related to more child responsiveness to maternal requests and suggestions during play and snack sessions. As hypothesized, anger proneness also moderated several security-behavior associations. Greater attachment security was related to (a) more committed compliance during clean-up and snack-delay tasks for children high on anger proneness, (b) more self-assertiveness during play and snack for children moderate or high on anger proneness, and (c) more help-seeking during play and snack for children moderate or low on anger proneness. Findings further our understanding of the behavioral correlates of child-mother attachment security assessed during late toddlerhood via the Cassidy-Marvin system and underscore child anger proneness as a moderator of attachment-related differences in child behavior during this developmental period.

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II

PubMed Central

Watzlaf, Valerie J.M.; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

2011-01-01

In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR. PMID:25945177

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II.

PubMed

Watzlaf, Valerie J M; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

2011-01-01

In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.

Mobile detection assessment and response systems (MDARS): a force protection physical security operational success

NASA Astrophysics Data System (ADS)

Shoop, Brian; Johnston, Michael; Goehring, Richard; Moneyhun, Jon; Skibba, Brian

2006-05-01

MDARS is a Semi-autonomous unmanned ground vehicle with intrusion detection & assessment, product & barrier assessment payloads. Its functions include surveillance, security, early warning, incident first response and product and barrier status primarily focused on a depot/munitions security mission at structured/semi-structured facilities. MDARS is in Systems Development and Demonstration (SDD) under the Product Manager for Force Protection Systems (PM-FPS). MDARS capabilities include semi-autonomous navigation, obstacle avoidance, motion detection, day and night imagers, radio frequency tag inventory/barrier assessment and audio challenge and response. Four SDD MDARS Patrol Vehicles have been undergoing operational evaluation at Hawthorne Army Depot, NV (HWAD) since October 2004. Hawthorne personnel were trained to administer, operate and maintain the system in accordance with the US Army Military Police School (USAMPS) Concept of Employment and the PM-FPS MDARS Integrated Logistic Support Plan. The system was subjected to intensive periods of evaluation under the guidance and control of the Army Test and Evaluation Center (ATEC) and PM-FPS. Significantly, in terms of User acceptance, the system has been under the "operational control" of the installation performing security and force protection missions in support of daily operations. This evaluation is intended to assess MDARS operational effectiveness in an operational environment. Initial observations show that MDARS provides enhanced force protection, can potentially reduce manpower requirements by conducting routine tasks within its design capabilities and reduces Soldier exposure in the initial response to emerging incidents and situations. Success of the MDARS program has been instrumental in the design and development of two additional robotic force protection programs. The first was the USAF Force Protection Battle Lab sponsored Remote Detection Challenge & Response (REDCAR) concept demonstration executed by the Air Force Robotics Lab (AFRL). The REDCAR used an MDARS PUV as the central robotic technology and expanded the concept to incorporate a smaller high speed platform (SCOUT) equipped with lethal, non-lethal and challenge components as an engagement platform and, in a marsupial configuration on the MDARS, a small UGV that can be deployed to investigate close quarters areas. The Family of Integrated Rapid Response Equipment (FIRRE) program further expands these concepts by incorporating and adapting other mobile/tactical force protection equipment with a more robust Unmanned Ground Vehicle into an "Expeditionary" configuration to provide the current force with a rapidly deployable force protection system that can operate in austere less structured and protected environments. A USAMPS/ MANCEN sponsored "FIRRE System Demonstration" in Iraq is scheduled to begin in FY '07.

6 CFR 27.240 - Review and approval of security vulnerability assessments.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Review and approval of security vulnerability... of security vulnerability assessments. (a) Review and Approval. The Department will review and approve in writing all Security Vulnerability Assessments that satisfy the requirements of § 27.215...

49 CFR 1549.7 - Approval, amendment, renewal of the security program and certification of a certified cargo...

Code of Federal Regulations, 2010 CFR

2010-10-01

... information requested by TSA concerning Security Threat Assessments. (viii) A statement acknowledging and ensuring that each individual will successfully complete a Security Threat Assessment under § 1549.111... Security Coordinator for an applicant successfully completes a security threat assessment, TSA will provide...

Cutting Costs.

ERIC Educational Resources Information Center

Kennedy, Mike

2003-01-01

Offers ten suggestions for schools and universities to maximize their budgets: energy upgrades, security technology, maintenance management systems, partnerships, modernized washrooms, windows, facilities assessment, outsourcing, alternative fuels, and building commissioning. (EV)

Real-time network security situation visualization and threat assessment based on semi-Markov process

NASA Astrophysics Data System (ADS)

Chen, Junhua

2013-03-01

To cope with a large amount of data in current sensed environments, decision aid tools should provide their understanding of situations in a time-efficient manner, so there is an increasing need for real-time network security situation awareness and threat assessment. In this study, the state transition model of vulnerability in the network based on semi-Markov process is proposed at first. Once events are triggered by an attacker's action or system response, the current states of the vulnerabilities are known. Then we calculate the transition probabilities of the vulnerability from the current state to security failure state. Furthermore in order to improve accuracy of our algorithms, we adjust the probabilities that they exploit the vulnerability according to the attacker's skill level. In the light of the preconditions and post-conditions of vulnerabilities in the network, attack graph is built to visualize security situation in real time. Subsequently, we predict attack path, recognize attack intention and estimate the impact through analysis of attack graph. These help administrators to insight into intrusion steps, determine security state and assess threat. Finally testing in a network shows that this method is reasonable and feasible, and can undertake tremendous analysis task to facilitate administrators' work.

Attack Methodology Analysis: Emerging Trends in Computer-Based Attack Methodologies and Their Applicability to Control System Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bri Rolston

2005-06-01

Threat characterization is a key component in evaluating the threat faced by control systems. Without a thorough understanding of the threat faced by critical infrastructure networks, adequate resources cannot be allocated or directed effectively to the defense of these systems. Traditional methods of threat analysis focus on identifying the capabilities and motivations of a specific attacker, assessing the value the adversary would place on targeted systems, and deploying defenses according to the threat posed by the potential adversary. Too many effective exploits and tools exist and are easily accessible to anyone with access to an Internet connection, minimal technical skills,more » and a significantly reduced motivational threshold to be able to narrow the field of potential adversaries effectively. Understanding how hackers evaluate new IT security research and incorporate significant new ideas into their own tools provides a means of anticipating how IT systems are most likely to be attacked in the future. This research, Attack Methodology Analysis (AMA), could supply pertinent information on how to detect and stop new types of attacks. Since the exploit methodologies and attack vectors developed in the general Information Technology (IT) arena can be converted for use against control system environments, assessing areas in which cutting edge exploit development and remediation techniques are occurring can provide significance intelligence for control system network exploitation, defense, and a means of assessing threat without identifying specific capabilities of individual opponents. Attack Methodology Analysis begins with the study of what exploit technology and attack methodologies are being developed in the Information Technology (IT) security research community within the black and white hat community. Once a solid understanding of the cutting edge security research is established, emerging trends in attack methodology can be identified and the gap between those threats and the defensive capabilities of control systems can be analyzed. The results of the gap analysis drive changes in the cyber security of critical infrastructure networks to close the gap between current exploits and existing defenses. The analysis also provides defenders with an idea of how threat technology is evolving and how defenses will need to be modified to address these emerging trends.« less

Bulk electric system reliability evaluation incorporating wind power and demand side management

NASA Astrophysics Data System (ADS)

Huang, Dange

Electric power systems are experiencing dramatic changes with respect to structure, operation and regulation and are facing increasing pressure due to environmental and societal constraints. Bulk electric system reliability is an important consideration in power system planning, design and operation particularly in the new competitive environment. A wide range of methods have been developed to perform bulk electric system reliability evaluation. Theoretically, sequential Monte Carlo simulation can include all aspects and contingencies in a power system and can be used to produce an informative set of reliability indices. It has become a practical and viable tool for large system reliability assessment technique due to the development of computing power and is used in the studies described in this thesis. The well-being approach used in this research provides the opportunity to integrate an accepted deterministic criterion into a probabilistic framework. This research work includes the investigation of important factors that impact bulk electric system adequacy evaluation and security constrained adequacy assessment using the well-being analysis framework. Load forecast uncertainty is an important consideration in an electrical power system. This research includes load forecast uncertainty considerations in bulk electric system reliability assessment and the effects on system, load point and well-being indices and reliability index probability distributions are examined. There has been increasing worldwide interest in the utilization of wind power as a renewable energy source over the last two decades due to enhanced public awareness of the environment. Increasing penetration of wind power has significant impacts on power system reliability, and security analyses become more uncertain due to the unpredictable nature of wind power. The effects of wind power additions in generating and bulk electric system reliability assessment considering site wind speed correlations and the interactive effects of wind power and load forecast uncertainty on system reliability are examined. The concept of the security cost associated with operating in the marginal state in the well-being framework is incorporated in the economic analyses associated with system expansion planning including wind power and load forecast uncertainty. Overall reliability cost/worth analyses including security cost concepts are applied to select an optimal wind power injection strategy in a bulk electric system. The effects of the various demand side management measures on system reliability are illustrated using the system, load point, and well-being indices, and the reliability index probability distributions. The reliability effects of demand side management procedures in a bulk electric system including wind power and load forecast uncertainty considerations are also investigated. The system reliability effects due to specific demand side management programs are quantified and examined in terms of their reliability benefits.

49 CFR 1540.203 - Security threat assessment.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 9 2014-10-01 2014-10-01 false Security threat assessment. 1540.203 Section 1540.203 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY CIVIL AVIATION SECURITY: GENERAL RULES...

49 CFR 1515.3 - Terms used in this part.

Code of Federal Regulations, 2010 CFR

2010-10-01

.... Applicant means an individual who has applied for one of the security threat assessments identified in 49... for the security threat assessment but TSA later determined that the individual poses a security.... Security threat assessment means the threat assessment for which the applicant has applied, as described in...

7 CFR 331.7 - Registration and related security risk assessments.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 7 Agriculture 5 2010-01-01 2010-01-01 false Registration and related security risk assessments... AGENTS AND TOXINS § 331.7 Registration and related security risk assessments. (a) Unless exempted under... be approved by the Administrator or the HHS Secretary based on a security risk assessment by the...

Ergonomic evaluation of a wheelchair transportation securement system.

PubMed

Ahmed, Madiha; Campbell-Kyureghyan, Naira; Frost, Karen; Bertocci, Gina

2012-01-01

The Americans with Disabilities Act (ADA) specifies guidelines covering the securement system and environment for wheeled mobility device (WhMD) passengers on the public bus system in the United States, referred to as the wheelchair tiedown and occupant restraint system (WTORS). The misuse or disuse of the WTORS system can be a source of injury for WhMD passengers riding the buses. The purpose of this study was to quantify the risks posed to the bus driver while performing the WTORS procedure using traditional ergonomic analysis methods. Four bus drivers completed the WTORS procedure for a representative passenger seated in three different WhMDs: manual wheelchair (MWC), scooter (SCTR), and power wheelchair (PWC). Potential work-related risks were identified using the four most applicable ergonomic assessment tools: PLIBEL, RULA, REBA, and iLMM. Task evaluation results revealed high levels of risk to be present to drivers during the WTORS procedure. The securement station space design and equipment layout were identified as contributing factors forcing drivers to adopt awkward postures while performing the WTORS task. These risk factors are known contributors to injury and the drivers could opt to improperly secure the passengers to avoid that risk.

Physical-layer security analysis of a quantum-noise randomized cipher based on the wire-tap channel model.

PubMed

Jiao, Haisong; Pu, Tao; Zheng, Jilin; Xiang, Peng; Fang, Tao

2017-05-15

The physical-layer security of a quantum-noise randomized cipher (QNRC) system is, for the first time, quantitatively evaluated with secrecy capacity employed as the performance metric. Considering quantum noise as a channel advantage for legitimate parties over eavesdroppers, the specific wire-tap models for both channels of the key and data are built with channel outputs yielded by quantum heterodyne measurement; the general expressions of secrecy capacities for both channels are derived, where the matching codes are proved to be uniformly distributed. The maximal achievable secrecy rate of the system is proposed, under which secrecy of both the key and data is guaranteed. The influences of various system parameters on secrecy capacities are assessed in detail. The results indicate that QNRC combined with proper channel codes is a promising framework of secure communication for long distance with high speed, which can be orders of magnitude higher than the perfect secrecy rates of other encryption systems. Even if the eavesdropper intercepts more signal power than the legitimate receiver, secure communication (up to Gb/s) can still be achievable. Moreover, the secrecy of running key is found to be the main constraint to the systemic maximal secrecy rate.

Persistent maritime traffic monitoring for the Canadian Arctic

NASA Astrophysics Data System (ADS)

Ulmke, M.; Battistello, G.; Biermann, J.; Mohrdieck, C.; Pelot, R.; Koch, W.

2017-05-01

This paper presents results of the Canadian-German research project PASSAGES (Protection and Advanced Surveillance System for the Arctic: Green, Efficient, Secure)1 on an advanced surveillance system for safety and security of maritime operations in Arctic areas. The motivation for a surveillance system of the Northwest Passage is the projected growth of maritime traffic along Arctic sea routes and the need for securing Canada's sovereignty by controlling its arctic waters as well as for protecting the safety of international shipping and the intactness of the arctic marine environment. To ensure border security and to detect and prevent illegal activities it is necessary to develop a system for surveillance and reconnaissance that brings together all related means, assets, organizations, processes and structures to build one homogeneous and integrated system. The harsh arctic conditions require a new surveillance concept that fuses heterogeneous sensor data, contextual information, and available pre-processed surveillance data and combines all components to efficiently extract and provide the maximum available amount of information. The fusion of all these heterogeneous data and information will provide improved and comprehensive situation awareness for risk assessment and decision support of different stakeholder groups as governmental authorities, commercial users and Northern communities.

6 CFR 27.210 - Submissions schedule.

Code of Federal Regulations, 2010 CFR

2010-01-01

... in any subsequent Federal Register notice. (2) Security Vulnerability Assessment. Unless otherwise notified, a covered facility must complete and submit a Security Vulnerability Assessment within 90... Department's approval of the facility's Site Security Plan. (2) Security Vulnerability Assessment. Unless...

Privacy Impact Assessment for the Inspector General Enterprise Management System

EPA Pesticide Factsheets

This system collects personally identifiable information (PII), including social security numbers, date of birth, etc. Learn how this data is collected, how it will be used, access to the data, the purpose of data collection, and record retention policies.

Toward Assessing Attachment on an Emotional Security Continuum: Comment on Fraley and Spieker (2003).

ERIC Educational Resources Information Center

Cummings, E. Mark

2003-01-01

Advocates renewed efforts toward assessing attachment on a single continuum of emotional security. Contends that theory is essential to guide attachment assessment and that the constructs of secure base and emotional security provide the needed conceptual foundation. Addresses challenges to the scoring of attachment on a security continuum.…

6 CFR 27.235 - Alternative security program.

Code of Federal Regulations, 2010 CFR

2010-01-01

... submit an ASP in lieu of a Security Vulnerability Assessment, Site Security Plan, or both. (2) Tier 1... Tier 3 facilities may not submit an ASP in lieu of a Security Vulnerability Assessment. (b) The... Security Vulnerability Assessment or using the procedure specified in § 27.245 if the ASP is intended to...

49 CFR 1548.7 - Approval, amendment, annual renewal, and withdrawal of approval of the security program.

Code of Federal Regulations, 2010 CFR

2010-10-01

... requested by TSA concerning Security Threat Assessments. (ix) A statement acknowledging and ensuring that each employee and agent will successfully complete a Security Threat Assessment under § 1548.15 before... training and Security Threat Assessments by relevant personnel. (4) Duration of security program. The...

A Model for the Development of an Organization’s Information System (IS) Security System

DTIC Science & Technology

1986-12-01

INTRODUCTION — = 52 B. A RISK ASSESSMENT 52 1. Background 52 2. Threat Identification -— — 53 3. Impact Analysis 54 C. LOGICAL DESIGN • — 59 D. PRACTICAL DESIGN...OF ESTIMATED IMPACT AND FREQUENCY • 93 APPENDIX H: COMBINED MATRIX OF 1, F, AND ALE 9 4 APPENDIX I: SECURITY RESOURCES (CONTROLS) 9 5 APPENDIX J...that have been developed, the computer’s impact is sometimes hard to discern. Except in recent years, with the increasing use of microcomputers, the

A preliminary cyber-physical security assessment of the Robot Operating System (ROS)

NASA Astrophysics Data System (ADS)

McClean, Jarrod; Stull, Christopher; Farrar, Charles; Mascareñas, David

2013-05-01

Over the course of the last few years, the Robot Operating System (ROS) has become a highly popular software framework for robotics research. ROS has a very active developer community and is widely used for robotics research in both academia and government labs. The prevalence and modularity of ROS cause many people to ask the question: "What prevents ROS from being used in commercial or government applications?" One of the main problems that is preventing this increased use of ROS in these applications is the question of characterizing its security (or lack thereof). In the summer of 2012, a crowd sourced cyber-physical security contest was launched at the cyber security conference DEF CON 20 to begin the process of characterizing the security of ROS. A small-scale, car-like robot was configured as a cyber-physical security "honeypot" running ROS. DEFFCON-20 attendees were invited to find exploits and vulnerabilities in the robot while network traffic was collected. The results of this experiment provided some interesting insights and opened up many security questions pertaining to deployed robotic systems. The Federal Aviation Administration is tasked with opening up the civil airspace to commercial drones by September 2015 and driverless cars are already legal for research purposes in a number of states. Given the integration of these robotic devices into our daily lives, the authors pose the following question: "What security exploits can a motivated person with little-to-no experience in cyber security execute, given the wide availability of free cyber security penetration testing tools such as Metasploit?" This research focuses on applying common, low-cost, low-overhead, cyber-attacks on a robot featuring ROS. This work documents the effectiveness of those attacks.

49 CFR 1540.209 - Fees for security threat assessment.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 9 2014-10-01 2014-10-01 false Fees for security threat assessment. 1540.209 Section 1540.209 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY CIVIL AVIATION SECURITY...

Information security risk management for computerized health information systems in hospitals: a case study of Iran.

PubMed

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

The AgMIP Coordinated Global and Regional Assessments (CGRA) of Climate Change Impacts on Agriculture and Food Security

NASA Technical Reports Server (NTRS)

Ruane, Alex; Rosenzweig, Cynthia; Elliott, Joshua; Antle, John

2015-01-01

The Agricultural Model Intercomparison and Improvement Project (AgMIP) has been working since 2010 to construct a protocol-based framework enabling regional assessments (led by regional experts and modelers) that can provide consistent inputs to global economic and integrated assessment models. These global models can then relay important global-level information that drive regional decision-making and outcomes throughout an interconnected agricultural system. AgMIPs community of nearly 800 climate, crop, livestock, economics, and IT experts has improved the state-of-the-art through model intercomparisons, validation exercises, regional integrated assessments, and the launch of AgMIP programs on all six arable continents. AgMIP is now launching Coordinated Global and Regional Assessments (CGRA) of climate change impacts on agriculture and food security to link global and regional crop and economic models using a protocol-based framework. The CGRA protocols are being developed to utilize historical observations, climate projections, and RCPsSSPs from CMIP5 (and potentially CMIP6), and will examine stakeholder-driven agricultural development and adaptation scenarios to provide cutting-edge assessments of climate changes impact on agriculture and food security. These protocols will build on the foundation of established protocols from AgMIPs 30+ activities, and will emphasize the use of multiple models, scenarios, and scales to enable an accurate assessment of related uncertainties. The CGRA is also designed to provide the outputs necessary to feed into integrated assessment models (IAMs), nutrition and food security assessments, nitrogen and carbon cycle models, and additional impact-sector assessments (e.g., water resources, land-use, biomes, urban areas). This presentation will describe the current status of CGRA planning and initial prototype experiments to demonstrate key aspects of the protocols before wider implementation ahead of the IPCC Sixth Assessment Report.

The AgMIP Coordinated Global and Regional Assessments (CGRA) of Climate Change Impacts on Agriculture and Food Security

NASA Astrophysics Data System (ADS)

Ruane, A. C.; Rosenzweig, C.; Antle, J. M.; Elliott, J. W.

2015-12-01

The Agricultural Model Intercomparison and Improvement Project (AgMIP) has been working since 2010 to construct a protocol-based framework enabling regional assessments (led by regional experts and modelers) that can provide consistent inputs to global economic and integrated assessment models. These global models can then relay important global-level information that drive regional decision-making and outcomes throughout an interconnected agricultural system. AgMIP's community of nearly 800 climate, crop, livestock, economics, and IT experts has improved the state-of-the-art through model intercomparisons, validation exercises, regional integrated assessments, and the launch of AgMIP programs on all six arable continents. AgMIP is now launching Coordinated Global and Regional Assessments (CGRA) of climate change impacts on agriculture and food security to link global and regional crop and economic models using a protocol-based framework. The CGRA protocols are being developed to utilize historical observations, climate projections, and RCPs/SSPs from CMIP5 (and potentially CMIP6), and will examine stakeholder-driven agricultural development and adaptation scenarios to provide cutting-edge assessments of climate change's impact on agriculture and food security. These protocols will build on the foundation of established protocols from AgMIP's 30+ activities, and will emphasize the use of multiple models, scenarios, and scales to enable an accurate assessment of related uncertainties. The CGRA is also designed to provide the outputs necessary to feed into integrated assessment models (IAMs), nutrition and food security assessments, nitrogen and carbon cycle models, and additional impact-sector assessments (e.g., water resources, land-use, biomes, urban areas). This presentation will describe the current status of CGRA planning and initial prototype experiments to demonstrate key aspects of the protocols before wider implementation ahead of the IPCC Sixth Assessment Report.

Review of Aircraft Crash Databases and Evaluation of the Probability of Aircraft Crashes on to a MAGLEV Guide-way: Technical Report

DOT National Transportation Integrated Search

1991-12-09

The System Safety & Security Division at The Volpe National Transportation System Center (VNTSC), Cambridge, MA is participating in an overall risk assessment study on the safety of High Speed Magnetic Levitation Transportation Systems ("MagLev"). Tr...

49 CFR 15.5 - Sensitive security information.

Code of Federal Regulations, 2010 CFR

2010-10-01

... requirements of Federal law. (5) Vulnerability assessments. Any vulnerability assessment directed, created... security requirements of Federal law that could reveal a security vulnerability, including the identity of... Guard responsible for conducting vulnerability assessments, security boardings, or engaged in operations...

A Real-Time Decision Support System for Voltage Collapse Avoidance in Power Supply Networks

NASA Astrophysics Data System (ADS)

Chang, Chen-Sung

This paper presents a real-time decision support system (RDSS) based on artificial intelligence (AI) for voltage collapse avoidance (VCA) in power supply networks. The RDSS scheme employs a fuzzy hyperrectangular composite neural network (FHRCNN) to carry out voltage risk identification (VRI). In the event that a threat to the security of the power supply network is detected, an evolutionary programming (EP)-based algorithm is triggered to determine the operational settings required to restore the power supply network to a secure condition. The effectiveness of the RDSS methodology is demonstrated through its application to the American Electric Power Provider System (AEP, 30-bus system) under various heavy load conditions and contingency scenarios. In general, the numerical results confirm the ability of the RDSS scheme to minimize the risk of voltage collapse in power supply networks. In other words, RDSS provides Power Provider Enterprises (PPEs) with a viable tool for performing on-line voltage risk assessment and power system security enhancement functions.

Technical analysis of US Army Weapons Systems and related advanced technologies of military interest. Final report

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

1991-06-14

This report summarizes the activities and accomplishments of an US Army technology security project designed to identify and develop effective policy guidelines for militarily critical technologies in specific Army systems and in broad generic technology areas of military interest, Individual systems analyses are documented in separate Weapons Systems Technical Assessments (WSTAs) and the general generic technology areas are evaluated in the Advanced Technology Assessment Reports (ATARs), However, specific details of these assessments are not addressed here, only recommendations regarding aspects of the defined approach, methodology, and format are provided and discussed.

33 CFR 103.400 - General.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime Security (AMS) Assessment § 103.400 General. (a) The Area Maritime Security (AMS) Committee will ensure that a risk based AMS Assessment, is completed and meets the...

Assessing food security in water scarce regions by Life Cycle Analysis: a case study in the Gaza strip

NASA Astrophysics Data System (ADS)

Recanati, Francesca; Castelletti, Andrea; Melià, Paco; Dotelli, Giovanni

2013-04-01

Food security is a major issue in Palestine for both political and physical reasons, with direct effects on the local population living conditions: the nutritional level of people in Gaza is classified by FAO as "insecure". As most of the protein supply comes from irrigated agricultural production and aquaculture, freshwater availability is a limiting factor to food security, and the primary reason for frequent conflicts among food production processes (e.g. aquaculture, land livestock or different types of crops). In this study we use Life Cycle Analysis to assess the environmental impacts associated to all the stages of water-based protein production (from agriculture and aquaculture) in the Gaza strip under different agricultural scenarios and hydroclimatic variability. As reported in several recent studies, LCA seems to be an appropriate methodology to analyze agricultural systems and assess associated food security in different socio-economic contexts. However, we argue that the inherently linear and static nature of LCA might prove inadequate to tackle with the complex interaction between water cycle variability and the food production system in water-scarce regions of underdeveloped countries. Lack of sufficient and reliable data to characterize the water cycle is a further source of uncertainty affecting the robustness of the analysis. We investigate pros and cons of LCA and LCA-based option planning in an average size farm in Gaza strip, where farming and aquaculture are family-based and integrated by reuse of fish breeding water for irrigation. Different technological solutions (drip irrigation system, greenhouses etc.) are evaluated to improve protein supply and reduce the pressure on freshwater, particularly during droughts. But this use of technology represent also a contribution in increasing sustainability in agricultural processes, and therefore in economy, of Gaza Strip (reduction in chemical fertilizers and pesticides etc.).

GPS disruptions : efforts to assess risks to critical infrastructure and coordinate agency actions should be enhanced.

DOT National Transportation Integrated Search

2013-11-01

To assess the risks and potential effects from disruptions in the Global : Positioning System (GPS) on critical infrastructure, the Department of Homeland : Security (DHS) published the GPS National Risk Estimate (NRE) in 2012. In : doing so, DHS con...

Susceptibility of SCADA systems and the energy sector

NASA Astrophysics Data System (ADS)

Goike, Lindsay

The research in this paper focused on analyzing SCADA systems in the energy sector for susceptibility to cyber attacks, in furtherance of providing suggestions to mitigate current and future cyber attacks. The research will be addressing the questions: how are SCADA systems susceptible to cyber attacks, and what are the suggested ways to mitigate both current and future cyber attacks. The five main categories of security vulnerabilities facing current SCADA systems were found to be: connectivity to the Internet, failure to plan, interdependency of sectors, numerous different types of threats, and outdated software. Some of the recommendations mentioned to mitigate current and future risks were: virtual private networks, risk assessments, increased physical security, updating of software, and firewalls.

33 CFR 104.300 - General.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.300 General. (a) The Vessel Security Assessment... used in any aspect of the VSA if they have the appropriate skills and if the Company Security Officer...

33 CFR 104.300 - General.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.300 General. (a) The Vessel Security Assessment... used in any aspect of the VSA if they have the appropriate skills and if the Company Security Officer...

33 CFR 104.300 - General.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.300 General. (a) The Vessel Security Assessment... used in any aspect of the VSA if they have the appropriate skills and if the Company Security Officer...

33 CFR 104.300 - General.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Assessment (VSA) § 104.300 General. (a) The Vessel Security Assessment... used in any aspect of the VSA if they have the appropriate skills and if the Company Security Officer...

Study on the Progress of Ecological Fragility Assessment in China

NASA Astrophysics Data System (ADS)

Chen, Pei; Hou, Kang; Chang, Yue; Li, Xuxiang; Zhang, Yunwei

2018-02-01

The basic elements of human survival are based on the ecological environment. The development of social economic and the security of the ecological environment are closely linked and interact with each other. The fragility of the environment directly affects the stability of the regional ecosystem and the sustainable development of the ecological environment. As part of the division of the national ecological security, the assessment of ecological fragility has become a hot and difficult issue in environmental research, and researchers at home and abroad have systematically studied the causes and states of ecological fragility. The assessment of regional ecological fragility is a qualitative and quantitative analysis of the unbalanced distribution of ecological environment factors caused by human socio-economic activities or changes in ecosystems. At present, researches on ecological fragility has not formed a complete and unified index assessment system, and the unity of the assessment model has a direct impact on the accuracy of the index weights. Therefore, the discussion on selection of ecological fragility indexes and the improvement of ecological fragility assessment model is necessary, which is good for the improvement of ecological fragility assessment system in China.

49 CFR 1522.107 - Application.

Code of Federal Regulations, 2010 CFR

2010-10-01

... security threat assessments. (8) A statement acknowledging that all personnel of the applicant who must successfully complete a security threat assessment under the requirements of this part must do so before the... the Security Coordinator successfully completes a security threat assessment, TSA will provide to the...

[Hydraulic simulation and safety assessment of secondary water supply system with anti-negative pressure facility].

PubMed

Wang, Huan-Huan; Liu, Shu-Ming; Jiang, Shuaiz; Meng, Fan-Lin; Bai, Lu

2013-01-01

In the last few decades, anti-negative pressure facility (ANPF) has been emerged as a revolutionary approach for sloving the pollution in the Second Water Supply System (SWSS) in China. This study analyzed implications of the safety in SWSS with ANPF, utilizing the water distribution network hydraulic model. A method of hydraulic simulation and security assessment was presented which was able to reflect the number and location of nodes that can be installed in ANPF. Benchmark results through two instance networks showed that 67% and 89% of nodes in each network did not fit the ANPFs for installation. The simple and pratical algorithm was recommended in the water distribution network design and planing in order to increase the security of SWSS.

Using cyber vulnerability testing techniques to expose undocumented security vulnerabilities in DCS and SCADA equipment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pollet, J.

2006-07-01

This session starts by providing an overview of typical DCS (Distributed Control Systems) and SCADA (Supervisory Control and Data Acquisition) architectures, and exposes cyber security vulnerabilities that vendors never admit, but are found through a comprehensive cyber testing process. A complete assessment process involves testing all of the layers and components of a SCADA or DCS environment, from the perimeter firewall all the way down to the end devices controlling the process, including what to look for when conducting a vulnerability assessment of real-time control systems. The following systems are discussed: 1. Perimeter (isolation from corporate IT or other non-criticalmore » networks) 2. Remote Access (third Party access into SCADA or DCS networks) 3. Network Architecture (switch, router, firewalls, access controls, network design) 4. Network Traffic Analysis (what is running on the network) 5. Host Operating Systems Hardening 6. Applications (how they communicate with other applications and end devices) 7. End Device Testing (PLCs, RTUs, DCS Controllers, Smart Transmitters) a. System Discovery b. Functional Discovery c. Attack Methodology i. DoS Tests (at what point does the device fail) ii. Malformed Packet Tests (packets that can cause equipment failure) iii. Session Hijacking (do anything that the operator can do) iv. Packet Injection (code and inject your own SCADA commands) v. Protocol Exploitation (Protocol Reverse Engineering / Fuzzing) This paper will provide information compiled from over five years of conducting cyber security testing on control systems hardware, software, and systems. (authors)« less

76 FR 22409 - Nationwide Cyber Security Review (NCSR) Assessment

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-21

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0012] Nationwide Cyber Security Review (NCSR...), National Cyber Security Division (NCSD), Cyber Security Evaluation Program (CSEP), will submit the... for all levels of government to complete a cyber network security assessment so that a full measure of...

Computer Security: Governmentwide Planning Process Had Limited Impact. Report to the Chairman, Committee on Science, Space, and Technology, House of Representatives.

ERIC Educational Resources Information Center

General Accounting Office, Washington, DC. Information Management and Technology Div.

As required by the Computer Security Act of 1987, federal agencies have to identify systems that contain sensitive information and develop plans to safeguard them. The planning process was assessed in 10 civilian agencies as well as the extent to which they had implemented planning controls described in 22 selected plans. The National Institute of…

High Fidelity Simulations of Large-Scale Wireless Networks (Plus-Up)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Onunkwo, Uzoma

Sandia has built a strong reputation in scalable network simulation and emulation for cyber security studies to protect our nation’s critical information infrastructures. Georgia Tech has preeminent reputation in academia for excellence in scalable discrete event simulations, with strong emphasis on simulating cyber networks. Many of the experts in this field, such as Dr. Richard Fujimoto, Dr. George Riley, and Dr. Chris Carothers, have strong affiliations with Georgia Tech. The collaborative relationship that we intend to immediately pursue is in high fidelity simulations of practical large-scale wireless networks using ns-3 simulator via Dr. George Riley. This project will have mutualmore » benefits in bolstering both institutions’ expertise and reputation in the field of scalable simulation for cyber-security studies. This project promises to address high fidelity simulations of large-scale wireless networks. This proposed collaboration is directly in line with Georgia Tech’s goals for developing and expanding the Communications Systems Center, the Georgia Tech Broadband Institute, and Georgia Tech Information Security Center along with its yearly Emerging Cyber Threats Report. At Sandia, this work benefits the defense systems and assessment area with promise for large-scale assessment of cyber security needs and vulnerabilities of our nation’s critical cyber infrastructures exposed to wireless communications.« less

Challenges and Responses to Asian Food Security

NASA Astrophysics Data System (ADS)

Teng, Paul P. S.; Oliveros, Jurise A. P.

2015-10-01

Food security is a complex phenomenon made up of multiple dimensions — food availability, physical access to food, economic access to food, food utilization — each of which has a stability dimension which underpins it. This review provides details on these dimensions and links them to two published indices which provide assessments of the state of food security in a country. The paper further provides analyses of the main supply and demand factors in the food security equation. Food security faces natural and anthropogenic threats such as loss of productive land and water, climate change and declining crop productivity, all of which are potentially amenable to solutions provided by science and technology. Demographic and accompanying diet changes further exacerbate the demands made on the natural resource base for food production. Finally, possible responses to the challenges confronting a secured food future are discussed from technological, policy and system level perspectives.

Threat driven modeling framework using petri nets for e-learning system.

PubMed

Khamparia, Aditya; Pandey, Babita

2016-01-01

Vulnerabilities at various levels are main cause of security risks in e-learning system. This paper presents a modified threat driven modeling framework, to identify the threats after risk assessment which requires mitigation and how to mitigate those threats. To model those threat mitigations aspects oriented stochastic petri nets are used. This paper included security metrics based on vulnerabilities present in e-learning system. The Common Vulnerability Scoring System designed to provide a normalized method for rating vulnerabilities which will be used as basis in metric definitions and calculations. A case study has been also proposed which shows the need and feasibility of using aspect oriented stochastic petri net models for threat modeling which improves reliability, consistency and robustness of the e-learning system.

Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

NASA Technical Reports Server (NTRS)

Gilliam, D. P.; Powell, J. D.

2002-01-01

This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

Physicians' Self-Conceptions of Their Expertise in Statutory Health Insurance and Social Security Systems.

PubMed

Seger, Wolfgang; Nüchtern, Elisabeth

2015-07-01

Medical experts who practice social medicine have a strong ethical approach for their professional positions. Their reports must reflect an objective, independent, high-quality assessment of interactions between health status and the disability of individuals. However, they must simultaneously consider the societal involvement of these individuals when determining the framework of the Statutory Health Insurance and Social Security Systems. Their task is to recommend sociomedical benefits that are tailored to suit personal needs and that respect the individual life situations of the persons involved, thus complementing the efforts of healthcare professionals in clinical settings. The editorial describes the self-conception of this medical specialty on behalf of the German Society of Social Medicine and Prevention (DGSMP). Policy makers in social insurances and social security systems generally must respect independent sociomedical recommendations as a crucial point for further realistic development activities.

Nanotechnology and MEMS-based systems for civil infrastructure safety and security: Opportunities and challenges

NASA Astrophysics Data System (ADS)

Robinson, Nidia; Saafi, Mohamed

2006-03-01

Critical civil infrastructure systems such as bridges, high rises, dams, nuclear power plants and pipelines present a major investment and the health of the United States' economy and the lifestyle of its citizens both depend on their safety and security. The challenge for engineers is to maintain the safety and security of these large structures in the face of terrorism threats, natural disasters and long-term deterioration, as well as to meet the demands of emergency response times. With the significant negative impact that these threats can have on the structural environment, health monitoring of civil infrastructure holds promise as a way to provide information for near real-time condition assessment of the structure's safety and security. This information can be used to assess the integrity of the structure for post-earthquake and terrorist attacks rescue and recovery, and to safely and rapidly remove the debris and to temporary shore specific structural elements. This information can also be used for identification of incipient damage in structures experiencing long-term deterioration. However, one of the major obstacles preventing sensor-based monitoring is the lack of reliable, easy-to-install, cost-effective and harsh environment resistant sensors that can be densely embedded into large-scale civil infrastructure systems. Nanotechnology and MEMS-based systems which have matured in recent years represent an innovative solution to current damage detection systems, leading to wireless, inexpensive, durable, compact, and high-density information collection. In this paper, ongoing research activities at Alabama A&M University (AAMU) Center for Transportation Infrastructure Safety and Security on the application of nanotechnology and MEMS to Civil Infrastructure for health monitoring will presented. To date, research showed that nanotechnology and MEMS-based systems can be used to wirelessly detect and monitor different damage mechanisms in concrete structures as well as monitor critical structures' stability during floods and barge impact. However, some technical issues that needs to be addressed before full implementation of these new systems and will also be discussed in this paper.

How ISO/IEC 17799 can be used for base lining information assurance among entities using data mining for defense, homeland security, commercial, and other civilian/commercial domains

NASA Astrophysics Data System (ADS)

Perry, William G.

2006-04-01

One goal of database mining is to draw unique and valid perspectives from multiple data sources. Insights that are fashioned from closely-held data stores are likely to possess a high degree of reliability. The degree of information assurance comes into question, however, when external databases are accessed, combined and analyzed to form new perspectives. ISO/IEC 17799, Information technology-Security techniques-Code of practice for information security management, can be used to establish a higher level of information assurance among disparate entities using data mining in the defense, homeland security, commercial and other civilian/commercial domains. Organizations that meet ISO/IEC information security standards have identified and assessed risks, threats and vulnerabilities and have taken significant proactive steps to meet their unique security requirements. The ISO standards address twelve domains: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management and business continuity management and compliance. Analysts can be relatively confident that if organizations are ISO 17799 compliant, a high degree of information assurance is likely to be a characteristic of the data sets being used. The reverse may be true. Extracting, fusing and drawing conclusions based upon databases with a low degree of information assurance may be wrought with all of the hazards that come from knowingly using bad data to make decisions. Using ISO/IEC 17799 as a baseline for information assurance can help mitigate these risks.

Future of Assurance: Ensuring that a System is Trustworthy

NASA Astrophysics Data System (ADS)

Sadeghi, Ahmad-Reza; Verbauwhede, Ingrid; Vishik, Claire

Significant efforts are put in defining and implementing strong security measures for all components of the comput-ing environment. It is equally important to be able to evaluate the strength and robustness of these measures and establish trust among the components of the computing environment based on parameters and attributes of these elements and best practices associated with their production and deployment. Today the inventory of techniques used for security assurance and to establish trust -- audit, security-conscious development process, cryptographic components, external evaluation - is somewhat limited. These methods have their indisputable strengths and have contributed significantly to the advancement in the area of security assurance. However, shorter product and tech-nology development cycles and the sheer complexity of modern digital systems and processes have begun to decrease the efficiency of these techniques. Moreover, these approaches and technologies address only some aspects of security assurance and, for the most part, evaluate assurance in a general design rather than an instance of a product. Additionally, various components of the computing environment participating in the same processes enjoy different levels of security assurance, making it difficult to ensure adequate levels of protection end-to-end. Finally, most evaluation methodologies rely on the knowledge and skill of the evaluators, making reliable assessments of trustworthiness of a system even harder to achieve. The paper outlines some issues in security assurance that apply across the board, with the focus on the trustworthiness and authenticity of hardware components and evaluates current approaches to assurance.

GLOBAL ASSESSMENT OF WASTEWATER IRRIGATION: UNDERSTANDING HEALTH RISKS AND CONTRIBUTIONS TO FOOD SECURITY USING AN ENVIRONMENTAL SYSTEMS APPROACH

EPA Science Inventory

This research will quantify the extent of de facto reuse of untreated wastewater at the global scale. Through the integration of multiple existing spatial data sources, this project will produce rigorous analyses assessing the relationship between wastewater irrigation, hea...

IT Security Support for Spaceport Command and Control System

NASA Technical Reports Server (NTRS)

McLain, Jeffrey

2013-01-01

During the fall 2013 semester, I worked at the Kennedy Space Center as an IT Security Intern in support of the Spaceport Command and Control System under the guidance of the IT Security Lead Engineer. Some of my responsibilities included assisting with security plan documentation collection, system hardware and software inventory, and malicious code and malware scanning. Throughout the semester, I had the opportunity to work on a wide range of security related projects. However, there are three projects in particular that stand out. The first project I completed was updating a large interactive spreadsheet that details the SANS Institutes Top 20 Critical Security Controls. My task was to add in all of the new commercial of the shelf (COTS) software listed on the SANS website that can be used to meet their Top 20 controls. In total, there are 153 unique security tools listed by SANS that meet one or more of their 20 controls. My second project was the creation of a database that will allow my mentor to keep track of the work done by the contractors that report to him in a more efficient manner by recording events as they occur throughout the quarter. Lastly, I expanded upon a security assessment of the Linux machines being used on center that I began last semester. To do this, I used a vulnerability and configuration tool that scans hosts remotely through the network and presents the user with an abundance of information detailing each machines configuration. The experience I gained from working on each of these projects has been invaluable, and I look forward to returning in the spring semester to continue working with the IT Security team.

Privacy Impact Assessment for the Integrated Financial Management System

EPA Pesticide Factsheets

This system contact information and Social Security Numbers for individuals who owe, or are owed money by the EPA. Learn how this data is collected, how it will be used, access to the data, the purpose of data collection, and record retention policies.

An approach for investigation of secure access processes at a combined e-learning environment

NASA Astrophysics Data System (ADS)

Romansky, Radi; Noninska, Irina

2017-12-01

The article discuses an approach to investigate processes for regulation the security and privacy control at a heterogenous e-learning environment realized as a combination of traditional and cloud means and tools. Authors' proposal for combined architecture of e-learning system is presented and main subsystems and procedures are discussed. A formalization of the processes for using different types resources (public, private internal and private external) is proposed. The apparatus of Markovian chains (MC) is used for modeling and analytical investigation of the secure access to the resources is used and some assessments are presented.

Selection, training and retention of an armed private security department.

PubMed

Hollar, David B

2009-01-01

To arm or not to arm security officers? One hospital which has opted for arming its officers is Cook Children's Healthcare System, Fort Worth, TX, an integrated pediatric healthcare facility with over 4000 employees. Because of its location in a major metropolitan area and based on several factors including demographics, exterior risk assessments and crime statistics, the hospital's Administration and its Risk Manager supported the decision to operate as an armed security force, according to the author. In this article he shares its current program and presents some thoughts and ideas that may benefit others who are considering this important step.

A data protection scheme for a remote vital signs monitoring healthcare service.

PubMed

Gritzalis, D; Lambrinoudakis, C

2000-01-01

Personal and medical data processed by Healthcare Information Systems must be protected against unauthorized access, modification and withholding. Security measures should be selected to provide the required level of protection in a cost-efficient manner. This is only feasible if specific characteristics of the information system are examined on a basis of a risk analysis methodology. This paper presents the results of a risk analysis, based on the CRAMM methodology, for a healthcare organization offering a patient home-monitoring service through the transmission of vital signs, focusing on the identified security needs and the proposed countermeasures. The architectural and functional models of this service were utilized for identifying and valuating the system assets, the associated threats and vulnerabilities, as well as for assessing the impact on the patients and on the service provider, should the security of any of these assets is affected. A set of adequate organizational, administrative and technical countermeasures is described for the remote vital signs monitoring service, thus providing the healthcare organization with a data protection framework that can be utilized for the development of its own security plan.

Food security and sustainability: can one exist without the other?

PubMed

Berry, Elliot M; Dernini, Sandro; Burlingame, Barbara; Meybeck, Alexandre; Conforti, Piero

2015-09-01

To position the concept of sustainability within the context of food security. An overview of the interrelationships between food security and sustainability based on a non-systematic literature review and informed discussions based principally on a quasi-historical approach from meetings and reports. International and global food security and nutrition. The Rome Declaration on World Food Security in 1996 defined its three basic dimensions as: availability, accessibility and utilization, with a focus on nutritional well-being. It also stressed the importance of sustainable management of natural resources and the elimination of unsustainable patterns of food consumption and production. In 2009, at the World Summit on Food Security, the concept of stability/vulnerability was added as the short-term time indicator of the ability of food systems to withstand shocks, whether natural or man-made, as part of the Five Rome Principles for Sustainable Global Food Security. More recently, intergovernmental processes have emphasized the importance of sustainability to preserve the environment, natural resources and agro-ecosystems (and thus the overlying social system), as well as the importance of food security as part of sustainability and vice versa. Sustainability should be considered as part of the long-term time dimension in the assessment of food security. From such a perspective the concept of sustainable diets can play a key role as a goal and a way of maintaining nutritional well-being and health, while ensuring the sustainability for future food security. Without integrating sustainability as an explicit (fifth?) dimension of food security, today's policies and programmes could become the very cause of increased food insecurity in the future.

Security Assessment Simulation Toolkit (SAST) Final Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Meitzler, Wayne D.; Ouderkirk, Steven J.; Hughes, Chad O.

2009-11-15

The Department of Defense Technical Support Working Group (DoD TSWG) investment in the Pacific Northwest National Laboratory (PNNL) Security Assessment Simulation Toolkit (SAST) research planted a technology seed that germinated into a suite of follow-on Research and Development (R&D) projects culminating in software that is used by multiple DoD organizations. The DoD TSWG technology transfer goal for SAST is already in progress. The Defense Information Systems Agency (DISA), the Defense-wide Information Assurance Program (DIAP), the Marine Corps, Office Of Naval Research (ONR) National Center For Advanced Secure Systems Research (NCASSR) and Office Of Secretary Of Defense International Exercise Program (OSDmore » NII) are currently investing to take SAST to the next level. PNNL currently distributes the software to over 6 government organizations and 30 DoD users. For the past five DoD wide Bulwark Defender exercises, the adoption of this new technology created an expanding role for SAST. In 2009, SAST was also used in the OSD NII International Exercise and is currently scheduled for use in 2010.« less

On Issue of Algorithm Forming for Assessing Investment Attractiveness of Region Through Its Technospheric Security

NASA Astrophysics Data System (ADS)

Filimonova, L. A.; Skvortsova, N. K.

2017-11-01

The article examines the problematic aspects of assessing the investment attractiveness of a region associated with the consideration of methodological issues that require refinement from the point of view of its technospheric security. Such issues include the formation of a sound system of indicators for the assessment of man-made risk which has a particular impact on the level of investment attractiveness of the region. In the context of the instability of the economic situation in Russia, the problem of man-made risks assessing in the context of the regional investment attractiveness based on an integrated approach and taking into account such principles as flexibility, adaptability, innovative orientation has not only lost its relevance but was also transformed into one of the most important conditions for ensuring the effective management of all spheres of the regional activities. The article poses the classical problem of making decisions on the results of the assessment of the investment attractiveness of the region in a matrix format evaluating the utility function. The authors of the article recommended a universal risk assessment model with its subsequent synthesis into technospheric security for the comprehensive assessment of regional investment attractiveness. The principal distinguishing feature of the study results are the schemes for manipulation in the evaluation activity associated with the selection of the optimality criteria groups and models for their study. These iterations make it possible to substantiate the choice of the solution for preserving the technospheric security of the region, a field of compromises or an “ideal” solution to the problem of the regional investment attractiveness loss.

49 CFR 1540.205 - Procedures for security threat assessment.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 9 2014-10-01 2014-10-01 false Procedures for security threat assessment. 1540.205 Section 1540.205 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY CIVIL AVIATION...

33 CFR 106.300 - General.

Code of Federal Regulations, 2014 CFR

2014-07-01

... Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental Shelf (OCS) Facility Security Assessment (FSA) § 106.300 General. (a) The Facility Security Assessment (FSA) is a written document that is...

33 CFR 106.300 - General.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental Shelf (OCS) Facility Security Assessment (FSA) § 106.300 General. (a) The Facility Security Assessment (FSA) is a written document that is...

33 CFR 106.300 - General.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental Shelf (OCS) Facility Security Assessment (FSA) § 106.300 General. (a) The Facility Security Assessment (FSA) is a written document that is...

33 CFR 106.300 - General.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental Shelf (OCS) Facility Security Assessment (FSA) § 106.300 General. (a) The Facility Security Assessment (FSA) is a written document that is...

ART OF THE POSSIBLE: SECURING AIR FORCE SPACE COMMAND MISSION SYSTEMS FOR THE WARFIGHTER

DTIC Science & Technology

2016-10-23

Initiation (Adversarial)…….…17 Table 2. Assessment Scale-Likelihood of Threat Event Occurrence ( Non -Adversarial).17 Table 3. Assessment Scale...action to thwart the attacks from adversarial nation states and non -state actors alike. While there are numerous cybersecurity concerns, or non ...compliant cybersecurity controls across all weapon systems, not all non -compliant controls contribute equally to the cyber-attack surface and overall

Dispatching power system for preventive and corrective voltage collapse problem in a deregulated power system

NASA Astrophysics Data System (ADS)

Alemadi, Nasser Ahmed

Deregulation has brought opportunities for increasing efficiency of production and delivery and reduced costs to customers. Deregulation has also bought great challenges to provide the reliability and security customers have come to expect and demand from the electrical delivery system. One of the challenges in the deregulated power system is voltage instability. Voltage instability has become the principal constraint on power system operation for many utilities. Voltage instability is a unique problem because it can produce an uncontrollable, cascading instability that results in blackout for a large region or an entire country. In this work we define a system of advanced analytical methods and tools for secure and efficient operation of the power system in the deregulated environment. The work consists of two modules; (a) contingency selection module and (b) a Security Constrained Optimization module. The contingency selection module to be used for voltage instability is the Voltage Stability Security Assessment and Diagnosis (VSSAD). VSSAD shows that each voltage control area and its reactive reserve basin describe a subsystem or agent that has a unique voltage instability problem. VSSAD identifies each such agent. VS SAD is to assess proximity to voltage instability for each agent and rank voltage instability agents for each contingency simulated. Contingency selection and ranking for each agent is also performed. Diagnosis of where, why, when, and what can be done to cure voltage instability for each equipment outage and transaction change combination that has no load flow solution is also performed. A security constrained optimization module developed solves a minimum control solvability problem. A minimum control solvability problem obtains the reactive reserves through action of voltage control devices that VSSAD determines are needed in each agent to obtain solution of the load flow. VSSAD makes a physically impossible recommendation of adding reactive generation capability to specific generators to allow a load flow solution to be obtained. The minimum control solvability problem can also obtain solution of the load flow without curtailing transactions that shed load and generation as recommended by VSSAD. A minimum control solvability problem will be implemented as a corrective control, that will achieve the above objectives by using minimum control changes. The control includes; (1) voltage setpoint on generator bus voltage terminals; (2) under load tap changer tap positions and switchable shunt capacitors; and (3) active generation at generator buses. The minimum control solvability problem uses the VSSAD recommendation to obtain the feasible stable starting point but completely eliminates the impossible or onerous recommendation made by VSSAD. This thesis reviews the capabilities of Voltage Stability Security Assessment and Diagnosis and how it can be used to implement a contingency selection module for the Open Access System Dispatch (OASYDIS). The OASYDIS will also use the corrective control computed by Security Constrained Dispatch. The corrective control would be computed off line and stored for each contingency that produces voltage instability. The control is triggered and implemented to correct the voltage instability in the agent experiencing voltage instability only after the equipment outage or operating changes predicted to produce voltage instability have occurred. The advantages and the requirements to implement the corrective control are also discussed.

Aviation Security: Vulnerabilities in, and Alternatives for, Preboard Screening Security Operations

DTIC Science & Technology

2001-09-25

establishing the certification program. This regulation is particularly significant because it is to include requirements mandated by the Airport Security Improvement...Assessment of Airport Security Screener Performance and Retention, Sept. 15, 2000. Page 8 GAO-01-1171T Criteria for Assessing Shifting responsibility for...airline and airport security officials to assess each option for reassigning screening responsibility against the key criteria- Specifically, we asked

Information Analysis Methodology for Border Security Deployment Prioritization and Post Deployment Evaluation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Booker, Paul M.; Maple, Scott A.

2010-06-08

Due to international commerce, cross-border conflicts, and corruption, a holistic, information driven, approach to border security is required to best understand how resources should be applied to affect sustainable improvements in border security. The ability to transport goods and people by land, sea, and air across international borders with relative ease for legitimate commercial purposes creates a challenging environment to detect illicit smuggling activities that destabilize national level border security. Smuggling activities operated for profit or smuggling operations driven by cross border conflicts where militant or terrorist organizations facilitate the transport of materials and or extremists to advance a causemore » add complexity to smuggling interdiction efforts. Border security efforts are further hampered when corruption thwarts interdiction efforts or reduces the effectiveness of technology deployed to enhance border security. These issues necessitate the implementation of a holistic approach to border security that leverages all available data. Large amounts of information found in hundreds of thousands of documents can be compiled to assess national or regional borders to identify variables that influence border security. Location data associated with border topics of interest may be extracted and plotted to better characterize the current border security environment for a given country or region. This baseline assessment enables further analysis, but also documents the initial state of border security that can be used to evaluate progress after border security improvements are made. Then, border security threats are prioritized via a systems analysis approach. Mitigation factors to address risks can be developed and evaluated against inhibiting factor such as corruption. This holistic approach to border security helps address the dynamic smuggling interdiction environment where illicit activities divert to a new location that provides less resistance to smuggling activities after training or technology is deployed at a given location. This paper will present an approach to holistic border security information analysis.« less

An assessment of PKI and networked electronic patient record system: lessons learned from real patient data exchange at the platform of OCHIS (Osaka Community Healthcare Information System).

PubMed

Takeda, Hiroshi; Matsumura, Yasushi; Kuwata, Shigeki; Nakano, Hirohiko; Shanmai, Ji; Qiyan, Zhang; Yufen, Chen; Kusuoka, Hideo; Matsuoka, Masaki

2004-03-31

To enhance medical cooperation between the hospitals and clinics around Osaka local area, the healthcare network system, named Osaka Community Healthcare Information System (OCHIS), was established with support of a supplementary budget from the Japanese government in fiscal year 2002. Although the system has been based on healthcare public key infrastructure (PKI), there remain security issues to be solved technically and operationally. An experimental study was conducted to elucidate the central and the local function in terms of a registration authority and a time stamp authority in contract with the Japanese Medical Information Systems Organization (MEDIS) in 2003. This paper describes the experimental design and the results of the study concerning message security.

The potential impact of multidimesional geriatric assessment in the social security system.

PubMed

Corbi, Graziamaria; Ambrosino, Immacolata; Massari, Marco; De Lucia, Onofrio; Simplicio, Sirio; Dragone, Michele; Paolisso, Giuseppe; Piccioni, Massimo; Ferrara, Nicola; Campobasso, Carlo Pietro

2018-01-12

To evaluate the efficacy of multidimensional geriatric assessment (MGA/CGA) in patients over 65 years old in predicting the release of the accompaniment allowance (AA) indemnity by a Local Medico-Legal Committee (MLC-NHS) and by the National Institute of Social Security Committee (MLC-INPS). In a longitudinal observational study, 200 Italian elder citizens requesting AA were first evaluated by MLC-NHS and later by MLC-INPS. Only MLC-INPS performed a MGA/CGA (including SPMSQ, Barthel Index, GDS-SF, and CIRS). This report was written according to the STROBE guidelines. The data analysis was performed on January 2016. The evaluation by the MLC-NHS and by the MLC-INPS was in agreement in 66% of cases. In the 28%, the AA benefit was recognized by the MLC-NHS, but not by the MLC-INPS. By the multivariate analysis, the best predictors of the AA release, by the MLC-NHS, were represented by gender and the Barthel Index score. The presence of carcinoma, the Barthel Index score, and the SPMQ score were the best predictors for the AA release by MLC-INPS. MGA/CGA could be useful in saving financial resources reducing the risk of incorrect indemnity release. It can improve the accuracy of the impairment assessment in social security system.

Final Technical Report. Project Boeing SGS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bell, Thomas E.

Boeing and its partner, PJM Interconnection, teamed to bring advanced “defense-grade” technologies for cyber security to the US regional power grid through demonstration in PJM’s energy management environment. Under this cooperative project with the Department of Energy, Boeing and PJM have developed and demonstrated a host of technologies specifically tailored to the needs of PJM and the electric sector as a whole. The team has demonstrated to the energy industry a combination of processes, techniques and technologies that have been successfully implemented in the commercial, defense, and intelligence communities to identify, mitigate and continuously monitor the cyber security of criticalmore » systems. Guided by the results of a Cyber Security Risk-Based Assessment completed in Phase I, the Boeing-PJM team has completed multiple iterations through the Phase II Development and Phase III Deployment phases. Multiple cyber security solutions have been completed across a variety of controls including: Application Security, Enhanced Malware Detection, Security Incident and Event Management (SIEM) Optimization, Continuous Vulnerability Monitoring, SCADA Monitoring/Intrusion Detection, Operational Resiliency, Cyber Range simulations and hands on cyber security personnel training. All of the developed and demonstrated solutions are suitable for replication across the electric sector and/or the energy sector as a whole. Benefits identified include; Improved malware and intrusion detection capability on critical SCADA networks including behavioral-based alerts resulting in improved zero-day threat protection; Improved Security Incident and Event Management system resulting in better threat visibility, thus increasing the likelihood of detecting a serious event; Improved malware detection and zero-day threat response capability; Improved ability to systematically evaluate and secure in house and vendor sourced software applications; Improved ability to continuously monitor and maintain secure configuration of network devices resulting in reduced vulnerabilities for potential exploitation; Improved overall cyber security situational awareness through the integration of multiple discrete security technologies into a single cyber security reporting console; Improved ability to maintain the resiliency of critical systems in the face of a targeted cyber attack of other significant event; Improved ability to model complex networks for penetration testing and advanced training of cyber security personnel« less

Information security risk management for computerized health information systems in hospitals: a case study of Iran

PubMed Central

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

Traditional food and monetary access to market-food: correlates of food insecurity among Inuit preschoolers.

PubMed

Egeland, Grace M; Williamson-Bathory, Laakkuluk; Johnson-Down, Louise; Sobol, Isaac

2011-09-01

To evaluate correlates of food insecurity among Inuit preschoolers. Study design. Cross-sectional health survey. Correlates of food insecurity were assessed in 3-5 year old children (n=388) residing in 16 Nunavut communities (2007-2008) in whom a high prevalence of child food insecurity (56%) has been documented. A bilingual team conducted interviews, including 24-hour dietary recalls and past-year food security assessment involving monetary access to market foods. Children residing in child food insecure homes were more likely to have consumed traditional food (TF) (51.7% vs. 39.9%, p ≤ 0.01), and less likely to have consumed any milk (52.2% vs. 73.2%, p ≤ 0.001) compared to children in child food secure homes. Median healthy eating index scores were significantly lower (77.1 vs. 79.9, p ≤ 0.01) and sugar drink intake higher (429 vs. 377 g/day, p ≤ 0.05) in children from child food insecure than food secure households. Children that consumed TF had higher protein and lower carbohydrate intake (p ≤ 0.05) and tendencies for a lower prevalence of iron deficiency (plasma ferritin <12 μg/l; p ≤ 0.10) regardless of food security status. A borderline significant interaction of TF by food security status (p ≤ 0.10) was observed where the percent of anemia (hemoglobin <110 and <115 g/l for 3-4 and 5 yr. olds, respectively) was highest among children from child food insecure homes who consumed no TF. TF and market food contribute to food security and both need to be considered in food security assessments. Support systems and dietary interventions for families with young children are needed.

Controlling multiple security robots in a warehouse environment

NASA Technical Reports Server (NTRS)

Everett, H. R.; Gilbreath, G. A.; Heath-Pastore, T. A.; Laird, R. T.

1994-01-01

The Naval Command Control and Ocean Surveillance Center (NCCOSC) has developed an architecture to provide coordinated control of multiple autonomous vehicles from a single host console. The multiple robot host architecture (MRHA) is a distributed multiprocessing system that can be expanded to accommodate as many as 32 robots. The initial application will employ eight Cybermotion K2A Navmaster robots configured as remote security platforms in support of the Mobile Detection Assessment and Response System (MDARS) Program. This paper discusses developmental testing of the MRHA in an operational warehouse environment, with two actual and four simulated robotic platforms.

[Impact of an automated dispensing system for medical devices in cardiac surgery department].

PubMed

Clou, E; Dompnier, M; Kably, B; Leplay, C; Poupon, E; Archer, V; Paul, M

2018-01-01

To secure medical devices' management, the implementation of automated dispensing system in surgical service has been realized. The objective of this study was to evaluate security, organizational and economic impact of installing automated dispensing system for medical devices (ASDM). The implementation took place in a cardiac surgery department. Security impact was assessed by comparing traceability rate of implantable medical devices one year before and one year after installation. Questionnaire on nurses' perception and satisfaction completed this survey. Resupplying costs, stocks' evolution and investments for the implementation of ASDM were the subject of cost-benefit study. After one year, traceability rate is excellent (100%). Nursing staffs were satisfied with 87.5% by this new system. The introduction of ASDM allowed a qualitative and quantitative decrease in stocks, with a reduction of 30% for purchased medical devices and 15% for implantable medical devices in deposit-consignment. Cost-benefit analysis shows a rapid return on investment. Real stock decrease (purchased medical devices) is equivalent to 46.6% of investment. Implementation of ASDM allows to secure storage and dispensing of medical devices. This system has also an important economic impact and appreciated by users. Copyright © 2017 Académie Nationale de Pharmacie. Published by Elsevier Masson SAS. All rights reserved.

Assessment of global water security: moving beyond water scarcity assessment

NASA Astrophysics Data System (ADS)

Wada, Y.; Gain, A. K.; Giupponi, C.

2015-12-01

Water plays an important role in underpinning equitable, stable and productive societies, and the ecosystems on which we depend. Many international river basins are likely to experience 'low water security' over the coming decades. Hence, ensuring water security along with energy and food securities has been recognised as priority goals in Sustainable Development Goals (SDGs) by the United Nations. This water security is not rooted only in the limitation of physical resources, i.e. the shortage in the availability of freshwater relative to water demand, but also on social and economic factors (e.g. flawed water planning and management approaches, institutional incapability to provide water services, unsustainable economic policies). Until recently, advanced tools and methods are available for assessment of global water scarcity. However, integrating both physical and socio-economic indicators assessment of water security at global level is not available yet. In this study, we present the first global understanding of water security using a spatial multi-criteria analysis framework that goes beyond available water scarcity assessment. For assessing water security at global scale, the term 'security' is conceptualized as a function of 'availability', 'accessibility to services', 'safety and quality', and 'management'. The Water security index is calculated by aggregating the indicators using both simple additive weighting (SAW) and ordered weighted average (OWA).

49 CFR 1549.103 - Qualifications and training of individuals with security-related duties.

Code of Federal Regulations, 2010 CFR

2010-10-01

... with security-related duties. (a) Security threat assessments. Each certified cargo screening facility... certified cargo screening facility complete a security threat assessment or comparable security threat... acuity, physical coordination, and motor skills to the extent required to effectively operate cargo...

48 CFR 1352.237-72 - Security processing requirements-national security contracts.

Code of Federal Regulations, 2010 CFR

2010-10-01

.... National Security Contracts require contractor employees to gain access to national security information in.... (c) Security Procedures. Position sensitivity/risk assessments must be conducted on all functions... same manner as assessment of those functions performed by government employees. The Contracting Officer...

48 CFR 1352.237-72 - Security processing requirements-national security contracts.

Code of Federal Regulations, 2012 CFR

2012-10-01

.... National Security Contracts require contractor employees to gain access to national security information in.... (c) Security procedures. Position sensitivity/risk assessments must be conducted on all functions... same manner as assessment of those functions performed by government employees. The Contracting Officer...

48 CFR 1352.237-72 - Security processing requirements-national security contracts.

Code of Federal Regulations, 2014 CFR

2014-10-01

.... National Security Contracts require contractor employees to gain access to national security information in.... (c) Security procedures. Position sensitivity/risk assessments must be conducted on all functions... same manner as assessment of those functions performed by government employees. The Contracting Officer...

48 CFR 1352.237-72 - Security processing requirements-national security contracts.

Code of Federal Regulations, 2011 CFR

2011-10-01

.... National Security Contracts require contractor employees to gain access to national security information in.... (c) Security Procedures. Position sensitivity/risk assessments must be conducted on all functions... same manner as assessment of those functions performed by government employees. The Contracting Officer...

Perceptions of health care professionals on the safety and security at Odi District Hospital, Gauteng, South Africa

PubMed Central

Okeke, Sunday O.

2017-01-01

Background For optimum delivery of service, an establishment needs to ensure a safe and secure environment. In 2011, the South African government promulgated the National Core Standards for Health Establishments for safety and security for all employees in all establishments. Little is known about whether these standards are being complied to. Aim and setting: To assess the perceptions of health care professionals (HCPs) on safety and security at Odi District Hospital. Methodology A sample of 181 out of a total of 341 HCPs was drawn through a systematic sampling method from each HCP category. Data were collected through a self-administered questionnaire. The SPSS® statistical software version 22 was used for data analysis. The level of statistical significance was set at < 0.05. Results There were more female respondents than male respondents (136; 75.10%). The dominant age group was 28–47 years (114; 57.46%). Perceptions on security personnel, their efficiency and the security system were significantly affirmed (p = 0.0001). The hospital infrastructure, surroundings and plan in emergencies were perceived to be safe (p < 0.0001). The hospital lighting system was perceived as inadequate (p = 0.0041). Only 36 (20.2%) HCPs perceived that hospital authorities were concerned about employees’ safety (p < 0.0001). Conclusion HCPs had positive perceptions regarding the hospital’s security system. Except for the negative perceptions of the lighting system and the perceived lack of hospital authorities’ concern for staff safety, perceptions of the HCPs on the hospital working environment were positive. The hospital authorities need to establish the basis of negative perceptions and enforce remedial measures to redress them. PMID:29113444

Testbeds for Assessing Critical Scenarios in Power Control Systems

NASA Astrophysics Data System (ADS)

Dondossola, Giovanna; Deconinck, Geert; Garrone, Fabrizio; Beitollahi, Hakem

The paper presents a set of control system scenarios implemented in two testbeds developed in the context of the European Project CRUTIAL - CRitical UTility InfrastructurAL Resilience. The selected scenarios refer to power control systems encompassing information and communication security of SCADA systems for grid teleoperation, impact of attacks on inter-operator communications in power emergency conditions, impact of intentional faults on the secondary and tertiary control in power grids with distributed generators. Two testbeds have been developed for assessing the effect of the attacks and prototyping resilient architectures.

Earth Observations for Global Water Security

NASA Technical Reports Server (NTRS)

Lawford, Richard; Strauch, Adrian; Toll, David; Fekete, Balazs; Cripe, Douglas

2013-01-01

The combined effects of population growth, increasing demands for water to support agriculture, energy security, and industrial expansion, and the challenges of climate change give rise to an urgent need to carefully monitor and assess trends and variations in water resources. Doing so will ensure that sustainable access to adequate quantities of safe and useable water will serve as a foundation for water security. Both satellite and in situ observations combined with data assimilation and models are needed for effective, integrated monitoring of the water cycle's trends and variability in terms of both quantity and quality. On the basis of a review of existing observational systems, we argue that a new integrated monitoring capability for water security purposes is urgently needed. Furthermore, the components for this capability exist and could be integrated through the cooperation of national observational programmes. The Group on Earth Observations should play a central role in the design, implementation, management and analysis of this system and its products.

Social security status and mortality in Belgian and Spanish male workers.

PubMed

Duran, Xavier; Vanroelen, Christophe; Deboosere, Patrick; Benavides, Fernando G

2016-01-01

To assess differences in mortality rates between social security statuses in two independent samples of Belgian and Spanish male workers. Study of two retrospective cohorts (Belgium, n=23,607; Spain, n=44,385) of 50-60 year old male employees with 4 years of follow-up. Mortality rate ratios (MRR) were estimated using Poisson regression models. Mortality for subjects with permanent disability was higher than for the employed, for both Belgium [MRR=4.56 (95% CI: 2.88-7.21)] and Spain [MRR=7.15 (95% CI: 5.37-9.51)]. For the unemployed/early retirees, mortality was higher in Spain [MRR=1.64 (95% CI: 1.24-2.17)] than in Belgium [MRR=0.88 (95% CI: 0.46-1.71)]. MRR differences between Belgium and Spain for unemployed workers could be partly explained because of differences between the two social security systems. Future studies should further explore mortality differences between countries with different social security systems. Copyright © 2016 SESPAS. Published by Elsevier Espana. All rights reserved.

DOE Office of Scientific and Technical Information (OSTI.GOV)

MacDonald, Douglas G.; Clements, Samuel L.; Patrick, Scott W.

Securing high value and critical assets is one of the biggest challenges facing this nation and others around the world. In modern integrated systems, there are four potential modes of attack available to an adversary: • physical only attack, • cyber only attack, • physical-enabled cyber attack, • cyber-enabled physical attack. Blended attacks involve an adversary working in one domain to reduce system effectiveness in another domain. This enables the attacker to penetrate further into the overall layered defenses. Existing vulnerability assessment (VA) processes and software tools which predict facility vulnerabilities typically evaluate the physical and cyber domains separately. Vulnerabilitiesmore » which result from the integration of cyber-physical control systems are not well characterized and are often overlooked by existing assessment approaches. In this paper, we modified modification of the timely detection methodology, used for decades in physical security VAs, to include cyber components. The Physical and Cyber Risk Analysis Tool (PACRAT) prototype illustrates an integrated vulnerability assessment that includes cyber-physical interdependencies. Information about facility layout, network topology, and emplaced safeguards is used to evaluate how well suited a facility is to detect, delay, and respond to attacks, to identify the pathways most vulnerable to attack, and to evaluate how often safeguards are compromised for a given threat or adversary type. We have tested the PACRAT prototype on critical infrastructure facilities and the results are promising. Future work includes extending the model to prescribe the recommended security improvements via an automated cost-benefit analysis.« less

A System of Deception and Fraud Detection Using Reliable Linguistic Cues Including Hedging, Disfluencies, and Repeated Phrases

ERIC Educational Resources Information Center

Humpherys, Sean LaMarc

2010-01-01

Given the increasing problem of fraud, crime, and national security threats, assessing credibility is a recurring research topic in Information Systems and in other disciplines. Decision support systems can help. But the success of the system depends on reliable cues that can distinguish deceptive/truthful behavior and on a proven classification…

Life-Cycle Assessment of a Distributed-Scale Thermochemical Bioenergy Conversion System

Treesearch

Hongmei Gu; Richard Bergman

2016-01-01

Expanding bioenergy production from woody biomass has the potential to decrease net greenhouse gas (GHG) emissions and improve the energy security of the United States. Science-based and internationally accepted life-cycle assessment (LCA) is an effective tool for policy makers to make scientifically informed decisions on expanding renewable energy production from...

77 FR 28894 - Maritime Vulnerability Self-Assessment Tool

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-16

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Maritime Vulnerability Self... maritime vulnerability self- assessment tool. SUMMARY: The Transportation Security Administration (TSA... conducting vulnerability assessments became available and usage of the TMSARM has dropped off considerably...

6 CFR 27.240 - Review and approval of security vulnerability assessments.

Code of Federal Regulations, 2014 CFR

2014-01-01

... CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.240 Review and approval of security vulnerability assessments. (a) Review and Approval. The Department will review and... 6 Domestic Security 1 2014-01-01 2014-01-01 false Review and approval of security vulnerability...

6 CFR 27.240 - Review and approval of security vulnerability assessments.

Code of Federal Regulations, 2011 CFR

2011-01-01

... CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.240 Review and approval of security vulnerability assessments. (a) Review and Approval. The Department will review and... 6 Domestic Security 1 2011-01-01 2011-01-01 false Review and approval of security vulnerability...

6 CFR 27.240 - Review and approval of security vulnerability assessments.

Code of Federal Regulations, 2013 CFR

2013-01-01

... CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.240 Review and approval of security vulnerability assessments. (a) Review and Approval. The Department will review and... 6 Domestic Security 1 2013-01-01 2013-01-01 false Review and approval of security vulnerability...

6 CFR 27.240 - Review and approval of security vulnerability assessments.

Code of Federal Regulations, 2012 CFR

2012-01-01

... CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.240 Review and approval of security vulnerability assessments. (a) Review and Approval. The Department will review and... 6 Domestic Security 1 2012-01-01 2012-01-01 false Review and approval of security vulnerability...

Proceedings from the conference on high speed computing: High speed computing and national security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hirons, K.P.; Vigil, M.; Carlson, R.

1997-07-01

This meeting covered the following topics: technologies/national needs/policies: past, present and future; information warfare; crisis management/massive data systems; risk assessment/vulnerabilities; Internet law/privacy and rights of society; challenges to effective ASCI programmatic use of 100 TFLOPs systems; and new computing technologies.

Climate change, resource use and food security in midcentury under a range of plausible scenarios

NASA Astrophysics Data System (ADS)

Wiebe, K.

2016-12-01

Achieving and maintaining food security at local, national and global scales is challenged by changes in population, income and climate, among other socioeconomic and biophysical drivers. Assessing these challenges and possible solutions over the coming decades requires a systematic and multidisciplinary approach. The Global Futures and Strategic Foresight program, a CGIAR initiative led by the International Food Policy Research Institute in collaboration with the 14 other CGIAR research centers, is working to improve tools and conduct ex ante assessments of promising technologies, investments and policies under alternative global futures to inform decision making in the CGIAR and its partners. Alternative socioeconomic and climate scenarios are explored using an integrated system of climate, water, crop and economic models. This presentation will share findings from recent projections of food production and prices to 2050 at global and regional scales, together with their potential implications for land and water use, food security, nutrition and health.

Using Discrete Event Simulation to Model Attacker Interactions with Cyber and Physical Security Systems

DOE PAGES

Perkins, Casey; Muller, George

2015-10-08

The number of connections between physical and cyber security systems is rapidly increasing due to centralized control from automated and remotely connected means. As the number of interfaces between systems continues to grow, the interactions and interdependencies between them cannot be ignored. Historically, physical and cyber vulnerability assessments have been performed independently. This independent evaluation omits important aspects of the integrated system, where the impacts resulting from malicious or opportunistic attacks are not easily known or understood. Here, we describe a discrete event simulation model that uses information about integrated physical and cyber security systems, attacker characteristics and simple responsemore » rules to identify key safeguards that limit an attacker's likelihood of success. Key features of the proposed model include comprehensive data generation to support a variety of sophisticated analyses, and full parameterization of safeguard performance characteristics and attacker behaviours to evaluate a range of scenarios. Lastly, we also describe the core data requirements and the network of networks that serves as the underlying simulation structure.« less

Self port scanning tool : providing a more secure computing Environment through the use of proactive port scanning

NASA Technical Reports Server (NTRS)

Kocher, Joshua E; Gilliam, David P.

2005-01-01

Secure computing is a necessity in the hostile environment that the internet has become. Protection from nefarious individuals and organizations requires a solution that is more a methodology than a one time fix. One aspect of this methodology is having the knowledge of which network ports a computer has open to the world, These network ports are essentially the doorways from the internet into the computer. An assessment method which uses the nmap software to scan ports has been developed to aid System Administrators (SAs) with analysis of open ports on their system(s). Additionally, baselines for several operating systems have been developed so that SAs can compare their open ports to a baseline for a given operating system. Further, the tool is deployed on a website where SAs and Users can request a port scan of their computer. The results are then emailed to the requestor. This tool aids Users, SAs, and security professionals by providing an overall picture of what services are running, what ports are open, potential trojan programs or backdoors, and what ports can be closed.

Using Discrete Event Simulation to Model Attacker Interactions with Cyber and Physical Security Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Perkins, Casey; Muller, George

The number of connections between physical and cyber security systems is rapidly increasing due to centralized control from automated and remotely connected means. As the number of interfaces between systems continues to grow, the interactions and interdependencies between them cannot be ignored. Historically, physical and cyber vulnerability assessments have been performed independently. This independent evaluation omits important aspects of the integrated system, where the impacts resulting from malicious or opportunistic attacks are not easily known or understood. Here, we describe a discrete event simulation model that uses information about integrated physical and cyber security systems, attacker characteristics and simple responsemore » rules to identify key safeguards that limit an attacker's likelihood of success. Key features of the proposed model include comprehensive data generation to support a variety of sophisticated analyses, and full parameterization of safeguard performance characteristics and attacker behaviours to evaluate a range of scenarios. Lastly, we also describe the core data requirements and the network of networks that serves as the underlying simulation structure.« less

Strategy to Enhance International Supply Chain Security

DTIC Science & Technology

2007-07-01

airports as part of the effort to secure air passenger travel . The security assessment crew traveling by air, land or sea cannot be considered only a... travel security issue. The assessment of a container ship’s crew or of a driver moving a truck into the secure area of a port are also supply chain...threats through its traveler screening and worker credentialing programs. The strategy to secure the supply chain reflects the larger security

77 FR 71431 - New Agency Information Collection Activity Under OMB Review: Highway Baseline Assessment for...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-30

... Collection Activity Under OMB Review: Highway Baseline Assessment for Security Enhancement (BASE) Program... Assessment for Security Enhancement (BASE) Program. Type of Request: New collection. OMB Control Number: Not yet assigned. Form(s): Highway Baseline Assessment for Security Enhancement (BASE). Affected Public...

Laboratory security and emergency response guidance for laboratories working with select agents. Centers for Disease Control and Prevention.

PubMed

Richmond, Jonathan Y; Nesby-O'Dell, Shanna L

2002-12-06

In recent years, concern has increased regarding use of biologic materials as agents of terrorism, but these same agents are often necessary tools in clinical and research microbiology laboratories. Traditional biosafety guidelines for laboratories have emphasized use of optimal work practices, appropriate containment equipment, well-designed facilities, and administrative controls to minimize risk of worker injury and to ensure safeguards against laboratory contamination. The guidelines discussed in this report were first published in 1999 (U.S. Department of Health and Human Services/CDC and National Institutes of Health. Biosafety in microbiological and biomedical laboratories [BMBL]. Richmond JY, McKinney RW, eds. 4th ed. Washington, DC: US Department of Health and Human Services, 1999 [Appendix F]). In that report, physical security concerns were addressed, and efforts were focused on preventing unauthorized entry to laboratory areas and preventing unauthorized removal of dangerous biologic agents from the laboratory. Appendix F of BMBL is now being revised to include additional information regarding personnel risk assessments, and inventory controls. The guidelines contained in this report are intended for laboratories working with select agents under biosafety-level 2, 3, or 4 conditions as described in Sections II and III of BMBL. These recommendations include conducting facility risk assessments and developing comprehensive security plans to minimize the probability of misuse of select agents. Risk assessments should include systematic, site-specific reviews of 1) physical security; 2) security of data and electronic technology systems; 3) employee security; 4) access controls to laboratory and animal areas; 5) procedures for agent inventory and accountability; 6) shipping/transfer and receiving of select agents; 7) unintentional incident and injury policies; 8) emergency response plans; and 9) policies that address breaches in security. The security plan should be an integral part of daily operations. All employees should be well-trained and equipped, and the plan should be reviewed annually, at least.

Risk Assessment Methodology for Water utilities (RAM-W) : the foundation for emergency response planning.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Danneels, Jeffrey John

2005-03-01

Concerns about acts of terrorism against critical infrastructures have been on the rise for several years. Critical infrastructures are those physical structures and information systems (including cyber) essential to the minimum operations of the economy and government. The President's Commission on Critical Infrastructure Protection (PCCIP) probed the security of the nation's critical infrastructures. The PCCIP determined the water infrastructure is highly vulnerable to a range of potential attacks. In October 1997, the PCCIP proposed a public/private partnership between the federal government and private industry to improve the protection of the nation's critical infrastructures. In early 2000, the EPA partnered withmore » the Awwa Research Foundation (AwwaRF) and Sandia National Laboratories to create the Risk Assessment Methodology for Water Utilities (RAM-W{trademark}). Soon thereafter, they initiated an effort to create a template and minimum requirements for water utility Emergency Response Plans (ERP). All public water utilities in the US serving populations greater than 3,300 are required to undertaken both a vulnerability assessment and the development of an emergency response plan. This paper explains the initial steps of RAM-W{trademark} and then demonstrates how the security risk assessment is fundamental to the ERP. During the development of RAM-W{trademark}, Sandia performed several security risk assessments at large metropolitan water utilities. As part of the scope of that effort, ERPs at each utility were reviewed to determine how well they addressed significant vulnerabilities uncovered during the risk assessment. The ERP will contain responses to other events as well (e.g. natural disasters) but should address all major findings in the security risk assessment.« less

An Indoor Positioning-Based Mobile Payment System Using Bluetooth Low Energy Technology

PubMed Central

Winata, Doni

2018-01-01

The development of information technology has paved the way for faster and more convenient payment process flows and new methodology for the design and implementation of next generation payment systems. The growth of smartphone usage nowadays has fostered a new and popular mobile payment environment. Most of the current generation smartphones support Bluetooth Low Energy (BLE) technology to communicate with nearby BLE-enabled devices. It is plausible to construct an Over-the-Air BLE-based mobile payment system as one of the payment methods for people living in modern societies. In this paper, a secure indoor positioning-based mobile payment authentication protocol with BLE technology and the corresponding mobile payment system design are proposed. The proposed protocol consists of three phases: initialization phase, session key construction phase, and authentication phase. When a customer moves toward the POS counter area, the proposed mobile payment system will automatically detect the position of the customer to confirm whether the customer is ready for the checkout process. Once the system has identified the customer is standing within the payment-enabled area, the payment system will invoke authentication process between POS and the customer’s smartphone through BLE communication channel to generate a secure session key and establish an authenticated communication session to perform the payment transaction accordingly. A prototype is implemented to assess the performance of the proposed design for mobile payment system. In addition, security analysis is conducted to evaluate the security strength of the proposed protocol. PMID:29587399

An Indoor Positioning-Based Mobile Payment System Using Bluetooth Low Energy Technology.

PubMed

Yohan, Alexander; Lo, Nai-Wei; Winata, Doni

2018-03-25

The development of information technology has paved the way for faster and more convenient payment process flows and new methodology for the design and implementation of next generation payment systems. The growth of smartphone usage nowadays has fostered a new and popular mobile payment environment. Most of the current generation smartphones support Bluetooth Low Energy (BLE) technology to communicate with nearby BLE-enabled devices. It is plausible to construct an Over-the-Air BLE-based mobile payment system as one of the payment methods for people living in modern societies. In this paper, a secure indoor positioning-based mobile payment authentication protocol with BLE technology and the corresponding mobile payment system design are proposed. The proposed protocol consists of three phases: initialization phase, session key construction phase, and authentication phase. When a customer moves toward the POS counter area, the proposed mobile payment system will automatically detect the position of the customer to confirm whether the customer is ready for the checkout process. Once the system has identified the customer is standing within the payment-enabled area, the payment system will invoke authentication process between POS and the customer's smartphone through BLE communication channel to generate a secure session key and establish an authenticated communication session to perform the payment transaction accordingly. A prototype is implemented to assess the performance of the proposed design for mobile payment system. In addition, security analysis is conducted to evaluate the security strength of the proposed protocol.

Famine Early Warning Systems Network (FEWS NET) Agro-climatology Analysis Tools and Knowledge Base Products for Food Security Applications

NASA Astrophysics Data System (ADS)

Budde, M. E.; Rowland, J.; Anthony, M.; Palka, S.; Martinez, J.; Hussain, R.

2017-12-01

The U.S. Geological Survey (USGS) supports the use of Earth observation data for food security monitoring through its role as an implementing partner of the Famine Early Warning Systems Network (FEWS NET). The USGS Earth Resources Observation and Science (EROS) Center has developed tools designed to aid food security analysts in developing assumptions of agro-climatological outcomes. There are four primary steps to developing agro-climatology assumptions; including: 1) understanding the climatology, 2) evaluating current climate modes, 3) interpretation of forecast information, and 4) incorporation of monitoring data. Analysts routinely forecast outcomes well in advance of the growing season, which relies on knowledge of climatology. A few months prior to the growing season, analysts can assess large-scale climate modes that might influence seasonal outcomes. Within two months of the growing season, analysts can evaluate seasonal forecast information as indicators. Once the growing season begins, monitoring data, based on remote sensing and field information, can characterize the start of season and remain integral monitoring tools throughout the duration of the season. Each subsequent step in the process can lead to modifications of the original climatology assumption. To support such analyses, we have created an agro-climatology analysis tool that characterizes each step in the assumption building process. Satellite-based rainfall and normalized difference vegetation index (NDVI)-based products support both the climatology and monitoring steps, sea-surface temperature data and knowledge of the global climate system inform the climate modes, and precipitation forecasts at multiple scales support the interpretation of forecast information. Organizing these data for a user-specified area provides a valuable tool for food security analysts to better formulate agro-climatology assumptions that feed into food security assessments. We have also developed a knowledge base for over 80 countries that provide rainfall and NDVI-based products, including annual and seasonal summaries, historical anomalies, coefficient of variation, and number of years below 70% of annual or seasonal averages. These products provide a quick look for analysts to assess the agro-climatology of a country.

Homeland Security Research Improves the Nation's Ability to ...

EPA Pesticide Factsheets

Technical Brief Homeland Security (HS) Research develops data, tools, and technologies to minimize the impact of accidents, natural disasters, terrorist attacks, and other incidents that can result in toxic chemical, biological or radiological (CBR) contamination. HS Research develops ways to detect contamination, sampling strategies, sampling and analytical methods, cleanup methods, waste management approaches, exposure assessment methods, and decision support tools (including water system models). These contributions improve EPA’s response to a broad range of environmental disasters.

Novel data visualizations of X-ray data for aviation security applications using the Open Threat Assessment Platform (OTAP)

NASA Astrophysics Data System (ADS)

Gittinger, Jaxon M.; Jimenez, Edward S.; Holswade, Erica A.; Nunna, Rahul S.

2017-02-01

This work will demonstrate the implementation of a traditional and non-traditional visualization of x-ray images for aviation security applications that will be feasible with open system architecture initiatives such as the Open Threat Assessment Platform (OTAP). Anomalies of interest to aviation security are fluid, where characteristic signals of anomalies of interest can evolve rapidly. OTAP is a limited scope open architecture baggage screening prototype that intends to allow 3rd-party vendors to develop and easily implement, integrate, and deploy detection algorithms and specialized hardware on a field deployable screening technology [13]. In this study, stereoscopic images were created using an unmodified, field-deployed system and rendered on the Oculus Rift, a commercial virtual reality video gaming headset. The example described in this work is not dependent on the Oculus Rift, and is possible using any comparable hardware configuration capable of rendering stereoscopic images. The depth information provided from viewing the images will aid in the detection of characteristic signals from anomalies of interest. If successful, OTAP has the potential to allow for aviation security to become more fluid in its adaptation to the evolution of anomalies of interest. This work demonstrates one example that is easily implemented using the OTAP platform, that could lead to the future generation of ATR algorithms and data visualization approaches.

Water security for productive economies: Applying an assessment framework in southern Africa

NASA Astrophysics Data System (ADS)

Holmatov, Bunyod; Lautze, Jonathan; Manthrithilake, Herath; Makin, Ian

2017-08-01

Achieving water security has emerged as a major objective in Africa, yet an analytical or diagnostic framework for assessing water security in African countries is not known to exist. This paper applies one key dimension of the 2016 Asian Development Bank's (ADB) Asian Water Development Outlook (AWDO) to assess levels of water security for productive economies in countries of the Southern African Development Community (SADC). Economic aspects of water security cover four areas: economic activities in the broad sense, agriculture, electricity, and industry. Water security in each area is measured through application of a set of indicators; results of indicator application are then aggregated to determine economic water security at a country-level. Results show that economic water security in SADC is greatest in the Seychelles and South Africa, and lowest in Madagascar and Malawi. Opportunities for strengthening economic water security in the majority of SADC countries exist through improving agricultural water productivity, strengthening resilience, and expanding sustainable electricity generation. More profoundly, this paper suggests that there is clear potential and utility in applying approaches used elsewhere to assess economic water security in southern Africa.

75 FR 9919 - Extension of Agency Information Collection Activity Under OMB Review: Air Cargo Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-04

...This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), OMB control number 1652-0040, abstracted below to the Office of Management and Budget (OMB) for renewal in compliance with the Paperwork Reduction Act. The ICR describes the nature of the information collection and its expected burden. TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of the following collection of information on November 16, 2009, 74 FR 58969. TSA has not received any comments. The collections of information that make up this ICR involve five broad categories affecting airports, passenger aircraft operators, foreign air carriers, indirect air carriers operating under a security program, and all-cargo carriers. These five categories are: security programs, security threat assessments (STA), known shipper data via the Known Shipper Management System (KSMS), cargo screening reporting, and evidence of compliance recordkeeping.

76 FR 4362 - Extension of Agency Information Collection Activity Under OMB Review: Air Cargo Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-25

...This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), OMB control number 1652-0040, abstracted below, to the Office of Management and Budget (OMB) for renewal in compliance with the Paperwork Reduction Act. The ICR describes the nature of the information collection and its expected burden. TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of this collection of information on October 14, 2010, 75 FR 63192. TSA has not received any comments. The collections of information that make up this ICR involve five broad categories affecting airports, passenger aircraft operators, foreign air carriers, indirect air carriers operating under a security program, and all-cargo carriers. These five categories are: Security programs, security threat assessments (STA), known shipper data via the Known Shipper Management System (KSMS), cargo screening reporting, and evidence of compliance recordkeeping.

Information Security Risk Assessment in Hospitals.

PubMed

Ayatollahi, Haleh; Shagerdi, Ghazal

2017-01-01

To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

Technologies to counter aviation security threats

NASA Astrophysics Data System (ADS)

Karoly, Steve

2017-11-01

The Aviation and Transportation Security Act (ATSA) makes TSA responsible for security in all modes of transportation, and requires that TSA assess threats to transportation, enforce security-related regulations and requirements, and ensure the adequacy of security measures at airports and other transportation facilities. Today, TSA faces a significant challenge and must address a wide range of commercial, military grade, and homemade explosives and these can be presented in an infinite number of configurations and from multiple vectors. TSA screens 2 million passengers and crew, and screens almost 5 million carry-on items and 1.2 million checked bags daily. As TSA explores new technologies for improving efficiency and security, those on the forefront of research and development can help identify unique and advanced methods to combat terrorism. Research and Development (R&D) drives the development of future technology investments that can address an evolving adversary and aviation threat. The goal is to rethink the aviation security regime in its entirety, and rather than focusing security at particular points in the enterprise, distribute security from the time a reservation is made to the time a passenger boards the aircraft. The ultimate objective is to reengineer aviation security from top to bottom with a continued focus on increasing security throughout the system.

Managing adaptively for multifunctionality in agricultural systems

USGS Publications Warehouse

Hodbod, Jennifer; Barreteau, Olivier; Allen, Craig R.; Magda, Danièle

2016-01-01

The critical importance of agricultural systems for food security and as a dominant global landcover requires management that considers the full dimensions of system functions at appropriate scales, i.e. multifunctionality. We propose that adaptive management is the most suitable management approach for such goals, given its ability to reduce uncertainty over time and support multiple objectives within a system, for multiple actors. As such, adaptive management may be the most appropriate method for sustainably intensifying production whilst increasing the quantity and quality of ecosystem services. However, the current assessment of performance of agricultural systems doesn’t reward ecosystem service provision. Therefore, we present an overview of the ecosystem functions agricultural systems should and could provide, coupled with a revised definition for assessing the performance of agricultural systems from a multifunctional perspective that, when all satisfied, would create adaptive agricultural systems that can increase production whilst ensuring food security and the quantity and quality of ecosystem services. The outcome of this high level of performance is the capacity to respond to multiple shocks without collapse, equity and triple bottom line sustainability. Through the assessment of case studies, we find that alternatives to industrialized agricultural systems incorporate more functional goals, but that there are mixed findings as to whether these goals translate into positive measurable outcomes. We suggest that an adaptive management perspective would support the implementation of a systematic analysis of the social, ecological and economic trade-offs occurring within such systems, particularly between ecosystem services and functions, in order to provide suitable and comparable assessments. We also identify indicators to monitor performance at multiple scales in agricultural systems which can be used within an adaptive management framework to increase resilience at multiple scales.

Managing adaptively for multifunctionality in agricultural systems.

PubMed

Hodbod, Jennifer; Barreteau, Olivier; Allen, Craig; Magda, Danièle

2016-12-01

The critical importance of agricultural systems for food security and as a dominant global landcover requires management that considers the full dimensions of system functions at appropriate scales, i.e. multifunctionality. We propose that adaptive management is the most suitable management approach for such goals, given its ability to reduce uncertainty over time and support multiple objectives within a system, for multiple actors. As such, adaptive management may be the most appropriate method for sustainably intensifying production whilst increasing the quantity and quality of ecosystem services. However, the current assessment of performance of agricultural systems doesn't reward ecosystem service provision. Therefore, we present an overview of the ecosystem functions agricultural systems should and could provide, coupled with a revised definition for assessing the performance of agricultural systems from a multifunctional perspective that, when all satisfied, would create adaptive agricultural systems that can increase production whilst ensuring food security and the quantity and quality of ecosystem services. The outcome of this high level of performance is the capacity to respond to multiple shocks without collapse, equity and triple bottom line sustainability. Through the assessment of case studies, we find that alternatives to industrialized agricultural systems incorporate more functional goals, but that there are mixed findings as to whether these goals translate into positive measurable outcomes. We suggest that an adaptive management perspective would support the implementation of a systematic analysis of the social, ecological and economic trade-offs occurring within such systems, particularly between ecosystem services and functions, in order to provide suitable and comparable assessments. We also identify indicators to monitor performance at multiple scales in agricultural systems which can be used within an adaptive management framework to increase resilience at multiple scales. Copyright © 2016 Elsevier Ltd. All rights reserved.

VMSoar: a cognitive agent for network security

NASA Astrophysics Data System (ADS)

Benjamin, David P.; Shankar-Iyer, Ranjita; Perumal, Archana

2005-03-01

VMSoar is a cognitive network security agent designed for both network configuration and long-term security management. It performs automatic vulnerability assessments by exploring a configuration"s weaknesses and also performs network intrusion detection. VMSoar is built on the Soar cognitive architecture, and benefits from the general cognitive abilities of Soar, including learning from experience, the ability to solve a wide range of complex problems, and use of natural language to interact with humans. The approach used by VMSoar is very different from that taken by other vulnerability assessment or intrusion detection systems. VMSoar performs vulnerability assessments by using VMWare to create a virtual copy of the target machine then attacking the simulated machine with a wide assortment of exploits. VMSoar uses this same ability to perform intrusion detection. When trying to understand a sequence of network packets, VMSoar uses VMWare to make a virtual copy of the local portion of the network and then attempts to generate the observed packets on the simulated network by performing various exploits. This approach is initially slow, but VMSoar"s learning ability significantly speeds up both vulnerability assessment and intrusion detection. This paper describes the design and implementation of VMSoar, and initial experiments with Windows NT and XP.

Network Intrusion Detection and Visualization using Aggregations in a Cyber Security Data Warehouse

DOE Office of Scientific and Technical Information (OSTI.GOV)

Czejdo, Bogdan; Ferragut, Erik M; Goodall, John R

2012-01-01

The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our pro-posed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describemore » the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.« less

Social security reforms and poverty among older dual-earner couples.

PubMed

Mitchell, O S

1991-01-01

The author analyzes factors affecting the retirement decisions of couples in which both spouses work. She "develops a framework for assessing how several past and prospective Social Security reforms might be expected to affect older working couples' retirement ages and retirement incomes. Two questions are addressed in some detail: (1) What are the likely effects of various changes in Social Security rules on the retirement decisions of older working women and their husbands? and (2) How might these changes alter the incidence of poverty among retired dual-earner couples? Empirical evidence from the United States suggests that many benefit reforms currently being discussed in policy circles will enhance Social Security system revenues, but will also worsen the economic status of an important segment of dual-earner couples." excerpt

Security Risks: Management and Mitigation in the Software Life Cycle

NASA Technical Reports Server (NTRS)

Gilliam, David P.

2004-01-01

A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.

49 CFR 659.23 - System security plan: contents.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: contents. 659.23 Section 659... State Oversight Agency § 659.23 System security plan: contents. The system security plan must, at a... system security plan; and (e) Document the rail transit agency's process for making its system security...

Physical-layer security analysis of PSK quantum-noise randomized cipher in optically amplified links

NASA Astrophysics Data System (ADS)

Jiao, Haisong; Pu, Tao; Xiang, Peng; Zheng, Jilin; Fang, Tao; Zhu, Huatao

2017-08-01

The quantitative security of quantum-noise randomized cipher (QNRC) in optically amplified links is analyzed from the perspective of physical-layer advantage. Establishing the wire-tap channel models for both key and data, we derive the general expressions of secrecy capacities for the key against ciphertext-only attack and known-plaintext attack, and that for the data, which serve as the basic performance metrics. Further, the maximal achievable secrecy rate of the system is proposed, under which secrecy of both the key and data is guaranteed. Based on the same framework, the secrecy capacities of various cases can be assessed and compared. The results indicate perfect secrecy is potentially achievable for data transmission, and an elementary principle of setting proper number of photons and bases is given to ensure the maximal data secrecy capacity. But the key security is asymptotically perfect, which tends to be the main constraint of systemic maximal secrecy rate. Moreover, by adopting cascaded optical amplification, QNRC can realize long-haul transmission with secure rate up to Gb/s, which is orders of magnitude higher than the perfect secrecy rates of other encryption systems.

Social Security: New Functional Assessments for Children Raise Eligibility Questions. Report to Congressional Requesters.

ERIC Educational Resources Information Center

General Accounting Office, Washington, DC.

This report to Congress examines the Social Security Administration's approach to assessing children's impairments through the individualized functional assessment (IFA) process mandated by the Supreme Court in Sullivan v. Zebley. Specifically, the report assesses the IFA's impact on number of Supplemental Security Income recipients, IFA's…

49 CFR 1544.228 - Access to cargo and cargo screening: Security threat assessments for cargo personnel in the...

Code of Federal Regulations, 2010 CFR

2010-10-01

... threat assessments for cargo personnel in the United States. 1544.228 Section 1544.228 Transportation... COMMERCIAL OPERATORS Operations § 1544.228 Access to cargo and cargo screening: Security threat assessments... paragraph (b) of this section— (1) Each individual must successfully complete a security threat assessment...

[Goals in the discussion of old age insurance - a sketch].

PubMed

Schmähl, W

1980-01-01

In the Federal Republic of Germany often the discussion on social policy deals with instruments, yet seldom with goals to be realised. Scientific work on goals for old-age security policy is just starting. In this article the importance of distinctly defined goals is shown for rational economic and social policy, for an assessment of the existing situation, for a goal oriented selection and formation of measures and for success control. With reference to distributive goals in old-age security policy it is exemplified in which way scientific work can be helpful in defining goals in an operationalised form. For this it is important to deal with several distributive aspects, which are often mixed in discussions. As measures in one area of economic and social policy cannot be taken isolated, in order to avoid unwanted consequences, it is necessary for old-age security policies too, to take into consideration a general system of economic and social policy goals. As an example, it must be stated that e.g. aspects of business cycle and growth policy have to be considered while constructing a system of old-age security. Finally, some other criteria for old-age security policies, such as transparence, political feasibility and practicability are mentioned.

6 CFR 27.225 - Site security plans.

Code of Federal Regulations, 2010 CFR

2010-01-01

... meet the following standards: (1) Address each vulnerability identified in the facility's Security Vulnerability Assessment, and identify and describe the security measures to address each such vulnerability; (2... updates, revises or otherwise alters its Security Vulnerability Assessment pursuant to § 27.215(d), the...

Large-Scale Survey Findings Inform Patients’ Experiences in Using Secure Messaging to Engage in Patient-Provider Communication and Self-Care Management: A Quantitative Assessment

PubMed Central

Patel, Nitin R; Lind, Jason D; Antinori, Nicole

2015-01-01

Background Secure email messaging is part of a national transformation initiative in the United States to promote new models of care that support enhanced patient-provider communication. To date, only a limited number of large-scale studies have evaluated users’ experiences in using secure email messaging. Objective To quantitatively assess veteran patients’ experiences in using secure email messaging in a large patient sample. Methods A cross-sectional mail-delivered paper-and-pencil survey study was conducted with a sample of respondents identified as registered for the Veteran Health Administrations’ Web-based patient portal (My HealtheVet) and opted to use secure messaging. The survey collected demographic data, assessed computer and health literacy, and secure messaging use. Analyses conducted on survey data include frequencies and proportions, chi-square tests, and one-way analysis of variance. Results The majority of respondents (N=819) reported using secure messaging 6 months or longer (n=499, 60.9%). They reported secure messaging to be helpful for completing medication refills (n=546, 66.7%), managing appointments (n=343, 41.9%), looking up test results (n=350, 42.7%), and asking health-related questions (n=340, 41.5%). Notably, some respondents reported using secure messaging to address sensitive health topics (n=67, 8.2%). Survey responses indicated that younger age (P=.039) and higher levels of education (P=.025) and income (P=.003) were associated with more frequent use of secure messaging. Females were more likely to report using secure messaging more often, compared with their male counterparts (P=.098). Minorities were more likely to report using secure messaging more often, at least once a month, compared with nonminorities (P=.086). Individuals with higher levels of health literacy reported more frequent use of secure messaging (P=.007), greater satisfaction (P=.002), and indicated that secure messaging is a useful (P=.002) and easy-to-use (P≤.001) communication tool, compared with individuals with lower reported health literacy. Many respondents (n=328, 40.0%) reported that they would like to receive education and/or felt other veterans would benefit from education on how to access and use the electronic patient portal and secure messaging (n=652, 79.6%). Conclusions Survey findings validated qualitative findings found in previous research, such that veterans perceive secure email messaging as a useful tool for communicating with health care teams. To maximize sustained utilization of secure email messaging, marketing, education, skill building, and system modifications are needed. These findings can inform ongoing efforts to promote the sustained use of this electronic tool to support for patient-provider communication. PMID:26690761

Large-Scale Survey Findings Inform Patients' Experiences in Using Secure Messaging to Engage in Patient-Provider Communication and Self-Care Management: A Quantitative Assessment.

PubMed

Haun, Jolie N; Patel, Nitin R; Lind, Jason D; Antinori, Nicole

2015-12-21

Secure email messaging is part of a national transformation initiative in the United States to promote new models of care that support enhanced patient-provider communication. To date, only a limited number of large-scale studies have evaluated users' experiences in using secure email messaging. To quantitatively assess veteran patients' experiences in using secure email messaging in a large patient sample. A cross-sectional mail-delivered paper-and-pencil survey study was conducted with a sample of respondents identified as registered for the Veteran Health Administrations' Web-based patient portal (My HealtheVet) and opted to use secure messaging. The survey collected demographic data, assessed computer and health literacy, and secure messaging use. Analyses conducted on survey data include frequencies and proportions, chi-square tests, and one-way analysis of variance. The majority of respondents (N=819) reported using secure messaging 6 months or longer (n=499, 60.9%). They reported secure messaging to be helpful for completing medication refills (n=546, 66.7%), managing appointments (n=343, 41.9%), looking up test results (n=350, 42.7%), and asking health-related questions (n=340, 41.5%). Notably, some respondents reported using secure messaging to address sensitive health topics (n=67, 8.2%). Survey responses indicated that younger age (P=.039) and higher levels of education (P=.025) and income (P=.003) were associated with more frequent use of secure messaging. Females were more likely to report using secure messaging more often, compared with their male counterparts (P=.098). Minorities were more likely to report using secure messaging more often, at least once a month, compared with nonminorities (P=.086). Individuals with higher levels of health literacy reported more frequent use of secure messaging (P=.007), greater satisfaction (P=.002), and indicated that secure messaging is a useful (P=.002) and easy-to-use (P≤.001) communication tool, compared with individuals with lower reported health literacy. Many respondents (n=328, 40.0%) reported that they would like to receive education and/or felt other veterans would benefit from education on how to access and use the electronic patient portal and secure messaging (n=652, 79.6%). Survey findings validated qualitative findings found in previous research, such that veterans perceive secure email messaging as a useful tool for communicating with health care teams. To maximize sustained utilization of secure email messaging, marketing, education, skill building, and system modifications are needed. These findings can inform ongoing efforts to promote the sustained use of this electronic tool to support for patient-provider communication.

Remote Sensing for Food Security Monitoring in Afghanistan

NASA Technical Reports Server (NTRS)

Brown, Molly E.

2008-01-01

Two decades of war have severely weakened Afghanistan s economy and infrastructure. Along with larger impacts on civil stability, education and health care, the current conflict in Afghanistan has resulted in widespread hunger and destitution. The 2005 National Risk and Vulnerability Assessment conducted by the United Nations found that 6.6 million Afghans do not meet their minimum food requirements and approximately 400,000 people each year are seriously affected by natural disasters, such as droughts, floods and extreme weather conditions. Given the poor security situation in the country, systems that will enable remote observations of variations of climate and their impacts on food production are critical for providing an appropriate and timely response. This chapter describes the remote sensing systems and food security analyses that the US Agency for International Development s Famine Early Warning Systems Network (FEWS NET) conducts in Afghanistan to monitor and provide information to international donors to ensure that adequate assistance is provided during this time of development and recovery.

A neural-visualization IDS for honeynet data.

PubMed

Herrero, Álvaro; Zurutuza, Urko; Corchado, Emilio

2012-04-01

Neural intelligent systems can provide a visualization of the network traffic for security staff, in order to reduce the widely known high false-positive rate associated with misuse-based Intrusion Detection Systems (IDSs). Unlike previous work, this study proposes an unsupervised neural models that generate an intuitive visualization of the captured traffic, rather than network statistics. These snapshots of network events are immensely useful for security personnel that monitor network behavior. The system is based on the use of different neural projection and unsupervised methods for the visual inspection of honeypot data, and may be seen as a complementary network security tool that sheds light on internal data structures through visual inspection of the traffic itself. Furthermore, it is intended to facilitate verification and assessment of Snort performance (a well-known and widely-used misuse-based IDS), through the visualization of attack patterns. Empirical verification and comparison of the proposed projection methods are performed in a real domain, where two different case studies are defined and analyzed.

Joint force protection advanced security system (JFPASS) "the future of force protection: integrate and automate"

NASA Astrophysics Data System (ADS)

Lama, Carlos E.; Fagan, Joe E.

2009-09-01

The United States Department of Defense (DoD) defines 'force protection' as "preventive measures taken to mitigate hostile actions against DoD personnel (to include family members), resources, facilities, and critical information." Advanced technologies enable significant improvements in automating and distributing situation awareness, optimizing operator time, and improving sustainability, which enhance protection and lower costs. The JFPASS Joint Capability Technology Demonstration (JCTD) demonstrates a force protection environment that combines physical security and Chemical, Biological, Radiological, Nuclear, and Explosive (CBRNE) defense through the application of integrated command and control and data fusion. The JFPASS JCTD provides a layered approach to force protection by integrating traditional sensors used in physical security, such as video cameras, battlefield surveillance radars, unmanned and unattended ground sensors. The optimization of human participation and automation of processes is achieved by employment of unmanned ground vehicles, along with remotely operated lethal and less-than-lethal weapon systems. These capabilities are integrated via a tailorable, user-defined common operational picture display through a data fusion engine operating in the background. The combined systems automate the screening of alarms, manage the information displays, and provide assessment and response measures. The data fusion engine links disparate sensors and systems, and applies tailored logic to focus the assessment of events. It enables timely responses by providing the user with automated and semi-automated decision support tools. The JFPASS JCTD uses standard communication/data exchange protocols, which allow the system to incorporate future sensor technologies or communication networks, while maintaining the ability to communicate with legacy or existing systems.

The Affect of Drug Trafficking in West Africa on the National Security Interests of the United States of America

DTIC Science & Technology

2015-06-12

officials at all levels in this criminal activity inhibits a complete assessment and resolution of the problem. Guinea-Bissau’s political systems remain......seizures in West Africa are currently less than the peak levels several years ago, it is assessed that the cocaine trafficking between South America and

Utility Assessment Report for SPIDERS Phase 2: Ft. Carson (Rev 1.0)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Barr, Jonathan L.; Tuffner, Francis K.; Hadley, Mark D.

2014-01-01

This document contains the Utility Assessment Report (UAR) for the Phase 2 operational Demonstration (OD) of the Smart Power Infrastructure Demonstration for Energy Reliability and Security (SPIDERS) Joint Capability Technology Demonstration (JCTD). The UAR for Phase 2 shows that the SPIDERS system was able to meet the requirements of the Implementation Directive at Ft. Carson.

Lessons Learned in Over a Decade of Technical Support for U.S. Nuclear Cyber Security Programmes

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Landine, Guy P.; Craig, Philip A.

Pacific Northwest National Laboratory’s (PNNL) nuclear cyber security team has been providing technical support to the U.S. Nuclear Regulatory Commission (NRC) since 2002. This team has provided cyber security technical experties in conducting cyber security inspections, developing of regulatory rules and guidance, reviewing facility cyber security plans, developing inspection guidance, and developing and teaching NRC inspectors how to conduct cyber security assessments. The extensive experience the PNNL team has gathered has allowed them to compile a lenghty list of recommendations on how to improve cyber security programs and conduct assessments. A selected set of recommendations are presented, including the needmore » to: integrate an array of defenisve strategies into a facility’s cyber security program, coordinate physical and cyber security activities, train phycial security forces to resist a cyber-enabled physical attack, improve estimates of the consequences of a cyber attack, properly resource cyber security assessments, appropropriately account for insider threats, routinely monitor security devices for potential attacks, supplement compliance-based requirements with risk-based decision making, and introduce the concept of resilience into cyber security programs.« less

Radiological Threat Reduction (RTR) program : implementing physical security to protect large radioactive sources worldwide.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lowe, Daniel L.

2004-11-01

The U.S. Department of Energy's Radiological Threat Reduction (RTR) Program strives to reduce the threat of a Radiological Dispersion Device (RDD) incident that could affect U.S. interests worldwide. Sandia National Laboratories supports the RTR program on many different levels. Sandia works directly with DOE to develop strategies, including the selection of countries to receive support and the identification of radioactive materials to be protected. Sandia also works with DOE in the development of guidelines and in training DOE project managers in physical protection principles. Other support to DOE includes performing rapid assessments and providing guidance for establishing foreign regulatory andmore » knowledge infrastructure. Sandia works directly with foreign governments to establish cooperative agreements necessary to implement the RTR Program efforts to protect radioactive sources. Once necessary agreements are in place, Sandia works with in-country organizations to implement various security related initiatives, such as installing security systems and searching for (and securing) orphaned radioactive sources. The radioactive materials of interest to the RTR program include Cobalt 60, Cesium 137, Strontium 90, Iridium 192, Radium 226, Plutonium 238, Americium 241, Californium 252, and Others. Security systems are implemented using a standardized approach that provides consistency through out the RTR program efforts at Sandia. The approach incorporates a series of major tasks that overlap in order to provide continuity. The major task sequence is to: Establish in-country contacts - integrators, Obtain material characterizations, Perform site assessments and vulnerability assessments, Develop upgrade plans, Procure and install equipment, Conduct acceptance testing and performance testing, Develop procedures, and Conduct training. Other tasks are incorporated as appropriate and commonly include such as support of reconfiguring infrastructure, and developing security plans, etc. This standardized approach is applied to specific country and regional needs. Recent examples (FY 2003-2004) include foreign missions to Lithuania, Russian Federation Navy, Russia - PNPI, Greece (joint mission with IAEA), Tanzania, Iraq, Chile, Ecuador, and Egypt. Some of the ambitions and results of the RTR program may be characterized by the successes in Lithuania, Greece, and Russia.« less

Variability of African Farming Systems from Phenological Analysis of NDVI Time Series

NASA Technical Reports Server (NTRS)

Vrieling, Anton; deBeurs, K. M.; Brown, Molly E.

2011-01-01

Food security exists when people have access to sufficient, safe and nutritious food at all times to meet their dietary needs. The natural resource base is one of the many factors affecting food security. Its variability and decline creates problems for local food production. In this study we characterize for sub-Saharan Africa vegetation phenology and assess variability and trends of phenological indicators based on NDVI time series from 1982 to 2006. We focus on cumulated NDVI over the season (cumNDVI) which is a proxy for net primary productivity. Results are aggregated at the level of major farming systems, while determining also spatial variability within farming systems. High temporal variability of cumNDVI occurs in semiarid and subhumid regions. The results show a large area of positive cumNDVI trends between Senegal and South Sudan. These correspond to positive CRU rainfall trends found and relate to recovery after the 1980's droughts. We find significant negative cumNDVI trends near the south-coast of West Africa (Guinea coast) and in Tanzania. For each farming system, causes of change and variability are discussed based on available literature (Appendix A). Although food security comprises more than the local natural resource base, our results can perform an input for food security analysis by identifying zones of high variability or downward trends. Farming systems are found to be a useful level of analysis. Diversity and trends found within farming system boundaries underline that farming systems are dynamic.

District of Columbia Motor Carrier Management and Threat Assessment Study

DOT National Transportation Integrated Search

2004-08-01

DDOT asked the Volpe National Transportation Systems Center (Volpe) to conduct an : analysis of existing truck traffic conditions in the District, successful truck management : practices from other areas, stakeholder interests and opinions, and secur...

45 CFR 310.10 - What are the functional requirements for the Model Tribal IV-D System?

Code of Federal Regulations, 2011 CFR

2011-10-01

... plan, including: (1) Identifying information such as Social Security numbers, names, dates of birth... operations and to assess program performance through the audit of financial and statistical data maintained...

Assessing the Security of Connected Diabetes Devices.

PubMed

Out, Dirk-Jan; Tettero, Olaf

2017-03-01

This article discusses the assessment of the (cyber)security of wirelessly connected diabetes devices under the DTSEC standard. We discuss the relation between diabetes devices and hackers, provide an overview of the DTSEC standard, and describe the process of security assessment of diabetes devices.

Matching Community and Technical College Professional/Technical Education Capacity to Employer Demand. Final Report.

ERIC Educational Resources Information Center

Sommers, Paul; Heg, Deena

A project was conducted to improve the state of Washington's community and technical college system by developing and using an improved occupational forecasting system to assess and respond to education and training needs. First, long-term occupational forecast data from Washington's Employment Security Department were matched with technical and…

32 CFR Appendix E to Part 806b - Privacy Impact Assessment

Code of Federal Regulations, 2011 CFR

2011-07-01

... Systems Development System Privacy. Rapid advancements in computer technology make it possible to store...-503, The Computer Matching and Privacy Act of 1988. 13 13 http://www.defenselink.mil/privacy/1975OMB_PAGuide/jun1989.pdf. (2) Public Law 100-235, The Computer Security Act of 1987, 14 which establishes...

32 CFR Appendix E to Part 806b - Privacy Impact Assessment

Code of Federal Regulations, 2014 CFR

2014-07-01

... Systems Development System Privacy. Rapid advancements in computer technology make it possible to store...-503, The Computer Matching and Privacy Act of 1988. 13 13 http://www.defenselink.mil/privacy/1975OMB_PAGuide/jun1989.pdf. (2) Public Law 100-235, The Computer Security Act of 1987, 14 which establishes...

32 CFR Appendix E to Part 806b - Privacy Impact Assessment

Code of Federal Regulations, 2012 CFR

2012-07-01

... Systems Development System Privacy. Rapid advancements in computer technology make it possible to store...-503, The Computer Matching and Privacy Act of 1988. 13 13 http://www.defenselink.mil/privacy/1975OMB_PAGuide/jun1989.pdf. (2) Public Law 100-235, The Computer Security Act of 1987, 14 which establishes...

32 CFR Appendix E to Part 806b - Privacy Impact Assessment

Code of Federal Regulations, 2013 CFR

2013-07-01

... Systems Development System Privacy. Rapid advancements in computer technology make it possible to store...-503, The Computer Matching and Privacy Act of 1988. 13 13 http://www.defenselink.mil/privacy/1975OMB_PAGuide/jun1989.pdf. (2) Public Law 100-235, The Computer Security Act of 1987, 14 which establishes...

Centralized Cryptographic Key Management and Critical Risk Assessment - CRADA Final Report For CRADA Number NFE-11-03562

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, R. K.; Peters, Scott

The Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) Cyber Security for Energy Delivery Systems (CSEDS) industry led program (DE-FOA-0000359) entitled "Innovation for Increasing Cyber Security for Energy Delivery Systems (12CSEDS)," awarded a contract to Sypris Electronics LLC to develop a Cryptographic Key Management System for the smart grid (Scalable Key Management Solutions for Critical Infrastructure Protection). Oak Ridge National Laboratory (ORNL) and Sypris Electronics, LLC as a result of that award entered into a CRADA (NFE-11-03562) between ORNL and Sypris Electronics, LLC. ORNL provided its Cyber Security Econometrics System (CSES) as a tool to be modifiedmore » and used as a metric to address risks and vulnerabilities in the management of cryptographic keys within the Advanced Metering Infrastructure (AMI) domain of the electric sector. ORNL concentrated our analysis on the AMI domain of which the National Electric Sector Cyber security Organization Resource (NESCOR) Working Group 1 (WG1) has documented 29 failure scenarios. The computational infrastructure of this metric involves system stakeholders, security requirements, system components and security threats. To compute this metric, we estimated the stakes that each stakeholder associates with each security requirement, as well as stochastic matrices that represent the probability of a threat to cause a component failure and the probability of a component failure to cause a security requirement violation. We applied this model to estimate the security of the AMI, by leveraging the recently established National Institute of Standards and Technology Interagency Report (NISTIR) 7628 guidelines for smart grid security and the International Electrotechnical Commission (IEC) 63351, Part 9 to identify the life cycle for cryptographic key management, resulting in a vector that assigned to each stakeholder an estimate of their average loss in terms of dollars per day of system operation. To further address probabilities of threats, information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. The strategy for the game was developed by analyzing five electric sector representative failure scenarios contained in the AMI functional domain from NESCOR WG1. From these five selected scenarios, we characterized them into three specific threat categories affecting confidentiality, integrity and availability (CIA). The analysis using our ABGT simulation demonstrated how to model the AMI functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the AMI network with respect to CIA.« less

Cryptographic Key Management and Critical Risk Assessment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K

The Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) CyberSecurity for Energy Delivery Systems (CSEDS) industry led program (DE-FOA-0000359) entitled "Innovation for Increasing CyberSecurity for Energy Delivery Systems (12CSEDS)," awarded a contract to Sypris Electronics LLC to develop a Cryptographic Key Management System for the smart grid (Scalable Key Management Solutions for Critical Infrastructure Protection). Oak Ridge National Laboratory (ORNL) and Sypris Electronics, LLC as a result of that award entered into a CRADA (NFE-11-03562) between ORNL and Sypris Electronics, LLC. ORNL provided its Cyber Security Econometrics System (CSES) as a tool to be modified and usedmore » as a metric to address risks and vulnerabilities in the management of cryptographic keys within the Advanced Metering Infrastructure (AMI) domain of the electric sector. ORNL concentrated our analysis on the AMI domain of which the National Electric Sector Cyber security Organization Resource (NESCOR) Working Group 1 (WG1) has documented 29 failure scenarios. The computational infrastructure of this metric involves system stakeholders, security requirements, system components and security threats. To compute this metric, we estimated the stakes that each stakeholder associates with each security requirement, as well as stochastic matrices that represent the probability of a threat to cause a component failure and the probability of a component failure to cause a security requirement violation. We applied this model to estimate the security of the AMI, by leveraging the recently established National Institute of Standards and Technology Interagency Report (NISTIR) 7628 guidelines for smart grid security and the International Electrotechnical Commission (IEC) 63351, Part 9 to identify the life cycle for cryptographic key management, resulting in a vector that assigned to each stakeholder an estimate of their average loss in terms of dollars per day of system operation. To further address probabilities of threats, information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. The strategy for the game was developed by analyzing five electric sector representative failure scenarios contained in the AMI functional domain from NESCOR WG1. From these five selected scenarios, we characterized them into three specific threat categories affecting confidentiality, integrity and availability (CIA). The analysis using our ABGT simulation demonstrated how to model the AMI functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the AMI network with respect to CIA.« less

Security in Intelligent Transport Systems for Smart Cities: From Theory to Practice.

PubMed

Javed, Muhammad Awais; Ben Hamida, Elyes; Znaidi, Wassim

2016-06-15

Connecting vehicles securely and reliably is pivotal to the implementation of next generation ITS applications of smart cities. With continuously growing security threats, vehicles could be exposed to a number of service attacks that could put their safety at stake. To address this concern, both US and European ITS standards have selected Elliptic Curve Cryptography (ECC) algorithms to secure vehicular communications. However, there is still a lack of benchmarking studies on existing security standards in real-world settings. In this paper, we first analyze the security architecture of the ETSI ITS standard. We then implement the ECC based digital signature and encryption procedures using an experimental test-bed and conduct an extensive benchmark study to assess their performance which depends on factors such as payload size, processor speed and security levels. Using network simulation models, we further evaluate the impact of standard compliant security procedures in dense and realistic smart cities scenarios. Obtained results suggest that existing security solutions directly impact the achieved quality of service (QoS) and safety awareness of vehicular applications, in terms of increased packet inter-arrival delays, packet and cryptographic losses, and reduced safety awareness in safety applications. Finally, we summarize the insights gained from the simulation results and discuss open research challenges for efficient working of security in ITS applications of smart cities.

Application of Framework for Integrating Safety, Security and Safeguards (3Ss) into the Design Of Used Nuclear Fuel Storage Facility

DOE Office of Scientific and Technical Information (OSTI.GOV)

Badwan, Faris M.; Demuth, Scott F

Department of Energy’s Office of Nuclear Energy, Fuel Cycle Research and Development develops options to the current commercial fuel cycle management strategy to enable the safe, secure, economic, and sustainable expansion of nuclear energy while minimizing proliferation risks by conducting research and development focused on used nuclear fuel recycling and waste management to meet U.S. needs. Used nuclear fuel is currently stored onsite in either wet pools or in dry storage systems, with disposal envisioned in interim storage facility and, ultimately, in a deep-mined geologic repository. The safe management and disposition of used nuclear fuel and/or nuclear waste is amore » fundamental aspect of any nuclear fuel cycle. Integrating safety, security, and safeguards (3Ss) fully in the early stages of the design process for a new nuclear facility has the potential to effectively minimize safety, proliferation, and security risks. The 3Ss integration framework could become the new national and international norm and the standard process for designing future nuclear facilities. The purpose of this report is to develop a framework for integrating the safety, security and safeguards concept into the design of Used Nuclear Fuel Storage Facility (UNFSF). The primary focus is on integration of safeguards and security into the UNFSF based on the existing Nuclear Regulatory Commission (NRC) approach to addressing the safety/security interface (10 CFR 73.58 and Regulatory Guide 5.73) for nuclear power plants. The methodology used for adaptation of the NRC safety/security interface will be used as the basis for development of the safeguards /security interface and later will be used as the basis for development of safety and safeguards interface. Then this will complete the integration cycle of safety, security, and safeguards. The overall methodology for integration of 3Ss will be proposed, but only the integration of safeguards and security will be applied to the design of the UNFSF. The framework for integration of safeguards and security into the UNFSF will include 1) identification of applicable regulatory requirements, 2) selection of a common system that share dual safeguard and security functions, 3) development of functional design criteria and design requirements for the selected system, 4) identification and integration of the dual safeguards and security design requirements, and 5) assessment of the integration and potential benefit.« less

33 CFR 101.510 - Assessment tools.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 33 Navigation and Navigable Waters 1 2014-07-01 2014-07-01 false Assessment tools. 101.510 Section 101.510 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: GENERAL Other Provisions § 101.510 Assessment tools. Ports, vessels, and facilities...

Assessing the Security of Connected Diabetes Devices

PubMed Central

Out, Dirk-Jan; Tettero, Olaf

2017-01-01

This article discusses the assessment of the (cyber)security of wirelessly connected diabetes devices under the DTSEC standard. We discuss the relation between diabetes devices and hackers, provide an overview of the DTSEC standard, and describe the process of security assessment of diabetes devices. PMID:28264190

Assessing Security of Supply: Three Methods Used in Finland

NASA Astrophysics Data System (ADS)

Sivonen, Hannu

Public Private Partnership (PPP) has an important role in securing supply in Finland. Three methods are used in assessing the level of security of supply. First, in national expert groups, a linear mathematical model has been used. The model is based on interdependency estimates. It ranks societal functions or its more detailed components, such as items in the food supply chain, according to the effect and risk pertinent to the interdependencies. Second, the security of supply is assessed in industrial branch committees (clusters and pools) in the form of indicators. The level of security of supply is assessed against five generic factors (dimension 1) and tens of business branch specific functions (dimension 2). Third, in two thousand individual critical companies, the maturity of operational continuity management is assessed using Capability Maturity Model (CMM) in an extranet application. The pool committees and authorities obtain an anonymous summary. The assessments are used in allocating efforts for securing supply. The efforts may be new instructions, training, exercising, and in some cases, investment and regulation.

A Framework for Architecture-Based Planning and Assessment to Support Modeling and Simulation of Network-Centric Command and Control

DTIC Science & Technology

2006-02-17

included system-unique specifications derived to counter these threats. But the international security environment has changed --- and it will continue... Netowrk -Centric Command and Control 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK...contains color images. 14. ABSTRACT 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18. NUMBER OF PAGES 20 19a. NAME

Susceptibility of South Korea to hydrologic extremes affecting the global food system

NASA Astrophysics Data System (ADS)

Puma, M. J.; Chon, S. Y.

2015-12-01

Food security in South Korea is closely linked to trade in the global food system. The country's production of major grains declined from 5.8 million metric tons (mmt) in 1998 to 4.8 mmt in 2014, which coincided with a shift in grain self sufficiency from 43% down to 24% over this same period. Many factors led to these changes, including reductions in domestic agricultural land, governmental policies supporting industry over agriculture, and a push towards trade liberalization. South Korea's self sufficiency is now one of the lowest among Organisation for Economic Co-operation and Development (OECD) countries, leaving it vulnerable to disruptions in the global food system. Here we explore this vulnerability by assessing how global trade disruptions would affect Korea's food security. We impose historical extreme drought and flood events that would possibly affect today's major food producing regions concurrently. Next we compute food supply deficits in South Korea that might result from these events. Our analyses provide a framework for formulating domestic food policies to enhance South Korea's food security in the increasingly fragile global food system.

Failure Impact Analysis of Key Management in AMI Using Cybernomic Situational Assessment (CSA)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Hauser, Katie R

2013-01-01

In earlier work, we presented a computational framework for quantifying the security of a system in terms of the average loss a stakeholder stands to sustain as a result of threats to the system. We named this system, the Cyberspace Security Econometrics System (CSES). In this paper, we refine the framework and apply it to cryptographic key management within the Advanced Metering Infrastructure (AMI) as an example. The stakeholders, requirements, components, and threats are determined. We then populate the matrices with justified values by addressing the AMI at a higher level, rather than trying to consider every piece of hardwaremore » and software involved. We accomplish this task by leveraging the recently established NISTR 7628 guideline for smart grid security. This allowed us to choose the stakeholders, requirements, components, and threats realistically. We reviewed the literature and selected an industry technical working group to select three representative threats from a collection of 29 threats. From this subset, we populate the stakes, dependency, and impact matrices, and the threat vector with realistic numbers. Each Stakeholder s Mean Failure Cost is then computed.« less

Anatomy of a Security Operations Center

NASA Technical Reports Server (NTRS)

Wang, John

2010-01-01

Many agencies and corporations are either contemplating or in the process of building a cyber Security Operations Center (SOC). Those Agencies that have established SOCs are most likely working on major revisions or enhancements to existing capabilities. As principle developers of the NASA SOC; this Presenters' goals are to provide the GFIRST community with examples of some of the key building blocks of an Agency scale cyber Security Operations Center. This presentation viII include the inputs and outputs, the facilities or shell, as well as the internal components and the processes necessary to maintain the SOC's subsistence - in other words, the anatomy of a SOC. Details to be presented include the SOC architecture and its key components: Tier 1 Call Center, data entry, and incident triage; Tier 2 monitoring, incident handling and tracking; Tier 3 computer forensics, malware analysis, and reverse engineering; Incident Management System; Threat Management System; SOC Portal; Log Aggregation and Security Incident Management (SIM) systems; flow monitoring; IDS; etc. Specific processes and methodologies discussed include Incident States and associated Work Elements; the Incident Management Workflow Process; Cyber Threat Risk Assessment methodology; and Incident Taxonomy. The Evolution of the Cyber Security Operations Center viII be discussed; starting from reactive, to proactive, and finally to proactive. Finally, the resources necessary to establish an Agency scale SOC as well as the lessons learned in the process of standing up a SOC viII be presented.

Developing a Standard Method for Link-Layer Security of CCSDS Space Communications

NASA Technical Reports Server (NTRS)

Biggerstaff, Craig

2009-01-01

Communications security for space systems has been a specialized field generally far removed from considerations of mission interoperability and cross-support in fact, these considerations often have been viewed as intrinsically opposed to security objectives. The space communications protocols defined by the Consultative Committee for Space Data Systems (CCSDS) have a twenty-five year history of successful use in over 400 missions. While the CCSDS Telemetry, Telecommand, and Advancing Orbiting Systems protocols for use at OSI Layer 2 are operationally mature, there has been no direct support within these protocols for communications security techniques. Link-layer communications security has been successfully implemented in the past using mission-unique methods, but never before with an objective of facilitating cross-support and interoperability. This paper discusses the design of a standard method for cryptographic authentication, encryption, and replay protection at the data link layer that can be integrated into existing CCSDS protocols without disruption to legacy communications services. Integrating cryptographic operations into existing data structures and processing sequences requires a careful assessment of the potential impediments within spacecraft, ground stations, and operations centers. The objective of this work is to provide a sound method for cryptographic encapsulation of frame data that also facilitates Layer 2 virtual channel switching, such that a mission may procure data transport services as needed without involving third parties in the cryptographic processing, or split independent data streams for separate cryptographic processing.

Secure key storage and distribution

DOEpatents

Agrawal, Punit

2015-06-02

This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

A Reaction Time Experiment on Adult Attachment: The Development of a Measure for Neurophysiological Settings

PubMed Central

Wichmann, Theresia; Buchheim, Anna; Menning, Hans; Schenk, Ingmar; George, Carol; Pokorny, Dan

2016-01-01

In the last few decades, there has been an increase of experimental research on automatic unconscious processes concerning the evaluation of the self and others. Previous research investigated implicit aspects of romantic attachment using self-report measures as explicit instruments for assessing attachment style. There is a lack of experimental procedures feasible for neurobiological settings. We developed a reaction time (RT) experiment using a narrative attachment measure with an implicit nature and were interested to capture automatic processes, when the individuals’ attachment system is activated. We aimed to combine attachment methodology with knowledge from implicit measures by using a decision RT paradigm. This should serve as a means to capture implicit aspects of attachment. This experiment evaluated participants’ response to prototypic attachment sentences in association with their own attachment classification, measured with the Adult Attachment Projective Picture System (AAP). First the AAP was administered as the standardized interview procedure to 30 healthy participants, which were classified into a secure or insecure group. In the following experimental session, both experimenter and participants were blind with respect to classifications. One hundred twenty eight prototypically secure or insecure sentences related to the eight pictures of the AAP were presented to the participants. Their response and RTs were recorded. Based on the response (accept, reject) a continuous security scale was defined. Both the AAP classification and security scale were related to the RTs. Differentiated study hypotheses were confirmed for insecure sentences, which were accepted faster by participants from the insecure attachment group (or with lower security scale), and rejected faster by participants from secure attachment group (or with higher security scale). The elaborating unconscious processes were more activated by insecure sentences with potential attachment conflicts. The introduced paradigm is able to contribute to an experimental approach in attachment research. The RT analysis with the narrative procedure might be of interest for a broader variety of questions in experimental and neurophysiological settings to capture unconscious processes in association with internal working models of attachment. An electrophysiological model based on preliminary research is proposed for assessing the preconscious neuronal network related to secure or insecure attachment representations. PMID:27853426

Public assessment of new surveillance-oriented security technologies: Beyond the trade-off between privacy and security.

PubMed

Pavone, Vincenzo; Esposti, Sara Degli

2012-07-01

As surveillance-oriented security technologies (SOSTs) are considered security enhancing but also privacy infringing, citizens are expected to trade part of their privacy for higher security. Drawing from the PRISE project, this study casts some light on how citizens actually assess SOSTs through a combined analysis of focus groups and survey data. First, the outcomes suggest that people did not assess SOSTs in abstract terms but in relation to the specific institutional and social context of implementation. Second, from this embedded viewpoint, citizens either expressed concern about government's surveillance intentions and considered SOSTs mainly as privacy infringing, or trusted political institutions and believed that SOSTs effectively enhanced their security. None of them, however, seemed to trade privacy for security because concerned citizens saw their privacy being infringed without having their security enhanced, whilst trusting citizens saw their security being increased without their privacy being affected.

Systems Security Engineering

DTIC Science & Technology

2010-08-22

Commission (IEC). “Information technology — Security techniques — Code of practice for information security management ( ISO /IEC 27002 ...Information technology — Security techniques — Information security management systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security...was a draft ISO standard on Systems and software engineering, Systems and software assurance [18]. Created by systems engineers for systems

Global Food Security in a Changing Climate: Considerations and Projections

NASA Astrophysics Data System (ADS)

Walsh, M. K.; Brown, M. E.; Backlund, P. W.; Antle, J. M.; Carr, E. R.; Easterling, W. E.; Funk, C. C.; Murray, A.; Ngugi, M.; Barrett, C. B.; Ingram, J. S. I.; Dancheck, V.; O'Neill, B. C.; Tebaldi, C.; Mata, T.; Ojima, D. S.; Grace, K.; Jiang, H.; Bellemare, M.; Attavanich, W.; Ammann, C. M.; Maletta, H.

2015-12-01

Global food security is an elusive challenge and important policy focus from the community to the globe. Food is provisioned through food systems that may be simple or labyrinthine, yet each has vulnerabilities to climate change through its effects on food production, transportation, storage, and other integral food system activities. At the same time, the future of food systems is sensitive to socioeconomic trajectories determined by choices made outside of the food system, itself. Constrictions for any reason can lead to decreased food availability, access, utilization, or stability - that is, to diminished food security. Possible changes in trade and other U.S. relationships to the rest of the world under changing conditions to the end of the century are considered through integrated assessment modelling under a range of emissions scenarios. Climate change is likely to diminish continued progress on global food security through production disruptions leading to local availability limitations and price increases, interrupted transport conduits, and diminished food safety, among other causes. In the near term, some high-latitude production export regions may benefit from changes in climate. The types and price of food imports is likely to change, as are export demands, affecting U.S. consumers and producers. Demands placed on foreign assistance programs may increase, as may demand for advanced technologies. Adaptation across the food system has great potential to manage climate change effects on food security, and the complexity of the food system offers multiple potential points of intervention for decision makers at every level. However, effective adaptation is subject to highly localized conditions and socioeconomic factors, and the technical feasibility of an adaptive intervention is not necessarily a guarantee of its application if it is unaffordable or does not provide benefits within a relatively short time frame.

Breach Risk Magnitude: A Quantitative Measure of Database Security.

PubMed

Yasnoff, William A

2016-01-01

A quantitative methodology is described that provides objective evaluation of the potential for health record system breaches. It assumes that breach risk increases with the number of potential records that could be exposed, while it decreases when more authentication steps are required for access. The breach risk magnitude (BRM) is the maximum value for any system user of the common logarithm of the number of accessible database records divided by the number of authentication steps needed to achieve such access. For a one million record relational database, the BRM varies from 5.52 to 6 depending on authentication protocols. For an alternative data architecture designed specifically to increase security by separately storing and encrypting each patient record, the BRM ranges from 1.3 to 2.6. While the BRM only provides a limited quantitative assessment of breach risk, it may be useful to objectively evaluate the security implications of alternative database organization approaches.

6 CFR 27.255 - Recordkeeping requirements.

Code of Federal Regulations, 2010 CFR

2010-01-01

... audit required under § 27.225(e)) or Security Vulnerability Assessment, a record of the audit, including... retain records of submitted Top-Screens, Security Vulnerability Assessments, Site Security Plans, and all...

78 FR 12337 - Published Privacy Impact Assessments on the Web

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-22

... system for intrusion detection, analysis, intrusion prevention, and information sharing capabilities that... equivalent protection to participating Federal civilian agencies pending deployment of EINSTEIN intrusion...-008 Homeland Security Information Network R3 User Accounts (HSIN). Component: Operations Coordination...

Privacy Impact Assessment for the Central Data Exchange

EPA Pesticide Factsheets

The Central Data Exchange collects personally identifiable information, including personal answers to security questions. Learn how this data will be collected in the system, how it will be used, access to the data, and the purpose of data collection.

45 CFR 307.10 - Functional requirements for computerized support enforcement systems in operation by October 1...

Code of Federal Regulations, 2011 CFR

2011-10-01

... information such as social security numbers, names, dates of birth, home addresses and mailing addresses... enable the Office to monitor State operations and assess program performance through the audit conducted...

Work-related illness, work-related accidents, and lack of social security in Colombia.

PubMed

Buitrago Echeverri, María Teresa; Abadía-Barrero, César Ernesto; Granja Palacios, Consuelo

2017-08-01

The impacts of neoliberal or market-based social security reforms in health have been extensively studied. How such reforms transformed employment-related insurance and entitlements, however, has received significantly less attention. This study aims to understand how the employment insurance system operates in Colombia and to assess how the experience of workers seeking social security entitlements relates to the system's structure. We conducted an ethnographic study of the Colombian Occupational Risk System between May 2014 and March 2016, with two main components: 1) analysis of the system itself through in-depth interviews with 32 people working in leadership positions and a systematic review of the system's most important legislation, and 2) a study of people who experienced problems receiving entitlements and were challenging the assessment of their work-related illness or accident. We conducted in-depth interviews with 22 people, followed up with half of them, and reviewed their case files. We found that difficulties accessing health care services, payments for medical leave, job reassignments, severance packages, and filing for pension benefits were common to all cases and resulted from overwhelming bureaucratic and administrative demands. Regional and national evaluation bodies dictate whether a given illness or accident is work-related, and establish a percentage of Loss of Wage Earning Capacity (LWEC). People's disabled bodies rarely reached the threshold of 50% LWEC to qualify for disability pensions. The lengthy process that workers were forced to endure to obtain work-related entitlements always involved the judiciary. The three competing for-profit financial sectors (health insurance, pension funds, and Occupational Risk Administrators) actively challenged workers' demands in order to increase their profits. We conclude that these for-profit sectors work contrary to the principles that sustain social security. Indeed, they push sick and disabled workers to unemployment, informality, economic dependence, and ultimately dire poverty. Copyright © 2017 Elsevier Ltd. All rights reserved.

School Security Assessment Programme in Australia

ERIC Educational Resources Information Center

Marrapodi, John

2007-01-01

This article describes a successful security risk management programme in Australia. The state-wide programme follows a structured risk management approach focusing on the safety and security of people, information, provision, and assets in the school environment. To assist school principals, a Security Risk Assessment Programme was developed on a…

Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production.

PubMed

Coles, Graeme D; Wratten, Stephen D; Porter, John R

2016-01-01

Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude that mixed dairy/cropping systems provide the greatest quantity of high-quality protein per unit price to the consumer, have the highest food energy production and can support the dietary requirements of the highest number of people, when assessed as all-year-round production systems. Global food and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies.

Application of laser-wakefield-based x-ray source to global food security issues

NASA Astrophysics Data System (ADS)

Kieffer, J. C.; Fourmaux, S.; Hallin, E.; Arnison, P.; Brereton, N.; Pitre, F.; Dixon, M.; Tran, N.

2017-05-01

We present the development of a high throughput phase contrast screening system based on LWFA Xray sources for plant imaging. We upgraded the INRS laser-betatron beam line and we illustrate its imaging potential through the innovative development of new tools for addressing issues relevant to global food security. This initiative, led by the Global Institute of Food Security (GIFS) at the U of Saskatchewan, aims to elucidate that part of the function that maps environmental inputs onto specific plant phenotypes. The prospect of correlating phenotypic expression with adaptation to environmental stresses will provide researchers with a new tool to assess breeding programs for crops meant to thrive under the climate extremes.

Physical security and cyber security issues and human error prevention for 3D printed objects: detecting the use of an incorrect printing material

NASA Astrophysics Data System (ADS)

Straub, Jeremy

2017-06-01

A wide variety of characteristics of 3D printed objects have been linked to impaired structural integrity and use-efficacy. The printing material can also have a significant impact on the quality, utility and safety characteristics of a 3D printed object. Material issues can be created by vendor issues, physical security issues and human error. This paper presents and evaluates a system that can be used to detect incorrect material use in a 3D printer, using visible light imaging. Specifically, it assesses the ability to ascertain the difference between materials of different color and different types of material with similar coloration.

Cooperative global security programs modeling & simulation.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Briand, Daniel

2010-05-01

The national laboratories global security programs implement sustainable technical solutions for cooperative nonproliferation, arms control, and physical security systems worldwide. To help in the development and execution of these programs, a wide range of analytical tools are used to model, for example, synthetic tactical environments for assessing infrastructure protection initiatives and tactics, systematic approaches for prioritizing nuclear and biological threat reduction opportunities worldwide, and nuclear fuel cycle enrichment and spent fuel management for nuclear power countries. This presentation will describe how these models are used in analyses to support the Obama Administration's agenda and bilateral/multinational treaties, and ultimately, to reducemore » weapons of mass destruction and terrorism threats through international technical cooperation.« less

Finding a needle in a haystack: toward a psychologically informed method for aviation security screening.

PubMed

Ormerod, Thomas C; Dando, Coral J

2015-02-01

Current aviation security systems identify behavioral indicators of deception to assess risks to flights, but they lack a strong psychological basis or empirical validation. We present a new method that tests the veracity of passenger accounts. In an in vivo double-blind randomized-control trial conducted in international airports, security agents detected 66% of deceptive passengers using the veracity test method compared with less than 5% using behavioral indicator recognition. As well as revealing advantages of veracity testing over behavioral indicator identification, the study provides the highest levels to date of deception detection in a realistic setting where the known base rate of deceptive individuals is low.

31 CFR 356.4 - What are the book-entry systems in which auctioned Treasury securities may be issued?

Code of Federal Regulations, 2010 CFR

2010-07-01

... in which auctioned Treasury securities may be issued? There are three book-entry securities systems... marketable Treasury securities. We maintain and transfer securities in these three book-entry systems at... inflation. Securities may be transferred from one system to the other, unless the securities are not...

[Infants' attachment security in a vulnerable French sample].

PubMed

Tereno, S; Guedeney, N; Dugravier, R; Greacen, T; Saïas, T; Tubach, F; Ulgen, S; Matos, I; Guédeney, A

2017-04-01

Attachment is a long lasting emotional link established between infants and their caregivers. The quality of early relationships allows infants to safely explore their environment and contribute to the establishment of a broad range of social skills. Several intervention programs targeting infant attachment have been implemented in different contexts, showing diverse degrees of efficacy. The present paper describes, for the first time, children's attachment quality distributions in a French multi-risk population, with a preventive intervention, usual or reinforced. In the CAPEDP study (Parenting and Attachment in Early Childhood: reducing mental health disorder risks and promoting resilience), a sub-sample of 117 women was recruited to assess the effects of this home-visiting program on children's attachment security. With that intent, the Strange Situation Paradigm was used when infants were between 12 and 16 months of age. In the intervention group, 63% (n=41) of the infants were coded as secure, while 15% (n=10) of them were coded as insecure-avoidant and 22% (n=14) as insecure-ambivalent/resistant. 56% (n=29) of control group infants (usual care) were coded as secure, while 27% (n=14) were coded as insecure-avoidant and 17% (n=9) as insecure-ambivalent/resistant. Even if the percentage of children with a secure attachment in the reinforced intervention group was higher than that of the control group, this difference did not reach the threshold of significance [Chi 2 (2)=2.40, P=0.30]. Intervention group distributions were closer to normative samples, and these distributions show the clinical impact of our program. In general, preventive interventions focused on attachment quality have moderate effects but, in our case, several factors might have contributed to lower the statistical impact of the program. Firstly, the control group cannot be considered has having received zero intervention for two reasons: (a) the French usual perinatal health system (Maternal and Infant Protection System) is particularly generous and (b) the effect of this usual system might have been increased by the project intensive assessment protocol (6 visits during 28 months). Secondly, it is possible that the full effect of the intervention had not yet been detected because, when a child's attachment was assessed, only two thirds of the intervention visits had been performed (29 of 44 visits). A "sleeper effect" is still possible: we hope that a more clear result will be seen when children are assessed again, at 48 months, in our follow-up study (CAPEDP-A II). By clarifying the mechanisms involved in the development of a secure attachment, our study aims to contribute and refine the development of early preventive intervention strategies in high perinatal and psychosocial vulnerability contexts. Copyright © 2016 L’Encéphale, Paris. Published by Elsevier Masson SAS. All rights reserved.

6 CFR 13.43 - Collection of civil penalties and assessments.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Collection of civil penalties and assessments. 13.43 Section 13.43 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROGRAM FRAUD CIVIL REMEDIES § 13.43 Collection of civil penalties and assessments. Sections 3806 and 3808...

Regulatory Guide on Conducting a Security Vulnerability Assessment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ek, David R.

This document will provide guidelines on conducting a security vulnerability assessment at a facility regulated by the Radiation Protection Centre. The guidelines provide a performance approach assess security effectiveness. The guidelines provide guidance for a review following the objectives outlined in IAEA NSS#11 for Category 1, 2, & 3 sources.

Correlation Research of Medical Security Management System Network Platform in Medical Practice

NASA Astrophysics Data System (ADS)

Jie, Wang; Fan, Zhang; Jian, Hao; Li-nong, Yu; Jun, Fei; Ping, Hao; Ya-wei, Shen; Yue-jin, Chang

Objective-The related research of medical security management system network in medical practice. Methods-Establishing network platform of medical safety management system, medical security network host station, medical security management system(C/S), medical security management system of departments and sections, comprehensive query, medical security disposal and examination system. Results-In medical safety management, medical security management system can reflect the hospital medical security problem, and can achieve real-time detection and improve the medical security incident detection rate. Conclusion-The application of the research in the hospital management implementation, can find hospital medical security hidden danger and the problems of medical disputes, and can help in resolving medical disputes in time and achieve good work efficiency, which is worth applying in the hospital practice.

Information Security Risk Assessment in Hospitals

PubMed Central

Ayatollahi, Haleh; Shagerdi, Ghazal

2017-01-01

Background: To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. Objective: The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. Method: This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). Results: The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). Conclusion: The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies. PMID:29204226

Operational Assessment of Color Vision

DTIC Science & Technology

2016-06-20

evaluated in this study. 15. SUBJECT TERMS Color vision, aviation, cone contrast test, Colour Assessment & Diagnosis , color Dx, OBVA 16. SECURITY...symbologies are frequently used to aid or direct critical activities such as aircraft landing approaches or railroad right-of-way designations...computer-generated display systems have facilitated the development of computer-based, automated tests of color vision [14,15]. The United Kingdom’s

Development and testing for physical security robots

NASA Astrophysics Data System (ADS)

Carroll, Daniel M.; Nguyen, Chinh; Everett, H. R.; Frederick, Brian

2005-05-01

The Mobile Detection Assessment Response System (MDARS) provides physical security for Department of Defense bases and depots using autonomous unmanned ground vehicles (UGVs) to patrol the site while operating payloads for intruder detection and assessment, barrier assessment, and product assessment. MDARS is in the System Development and Demonstration acquisition phase and is currently undergoing developmental testing including an Early User Appraisal (EUA) at the Hawthorne Army Depot, Nevada-the world's largest army depot. The Multiple Resource Host Architecture (MRHA) allows the human guard force to command and control several MDARS platforms simultaneously. The MRHA graphically displays video, map, and status for each resource using wireless digital communications for integrated data, video, and audio. Events are prioritized and the user is prompted with audio alerts and text instructions for alarms and warnings. The MRHA also interfaces to remote resources to automate legacy physical devices such as fence gate controls, garage doors, and remote power on/off capability for the MDARS patrol units. This paper provides an overview and history of the MDARS program and control station software with details on the installation and operation at Hawthorne Army Depot, including discussions on scenarios for EUA excursions. Special attention is given to the MDARS technical development strategy for spiral evolutions.

76 FR 58786 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-22

... National Security Agency/Central Security System systems of records notices subject to the Privacy Act of... inquiries to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act...; Systems of Records AGENCY: National Security Agency/Central Security Service, Department of Defense (DoD...

31 CFR 306.23 - Securities eligible to be held in the Legacy Treasury Direct® Book-entry Securities System.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Legacy Treasury Direct® Book-entry Securities System. 306.23 Section 306.23 Money and Finance: Treasury... Securities eligible to be held in the Legacy Treasury Direct® Book-entry Securities System. (a) Eligible... book-entry securities system. (b) Conversion of Registered Security to book-entry form to be held in...

Providing security assurance in line with national DBT assumptions

NASA Astrophysics Data System (ADS)

Bajramovic, Edita; Gupta, Deeksha

2017-01-01

As worldwide energy requirements are increasing simultaneously with climate change and energy security considerations, States are thinking about building nuclear power to fulfill their electricity requirements and decrease their dependence on carbon fuels. New nuclear power plants (NPPs) must have comprehensive cybersecurity measures integrated into their design, structure, and processes. In the absence of effective cybersecurity measures, the impact of nuclear security incidents can be severe. Some of the current nuclear facilities were not specifically designed and constructed to deal with the new threats, including targeted cyberattacks. Thus, newcomer countries must consider the Design Basis Threat (DBT) as one of the security fundamentals during design of physical and cyber protection systems of nuclear facilities. IAEA NSS 10 describes the DBT as "comprehensive description of the motivation, intentions and capabilities of potential adversaries against which protection systems are designed and evaluated". Nowadays, many threat actors, including hacktivists, insider threat, cyber criminals, state and non-state groups (terrorists) pose security risks to nuclear facilities. Threat assumptions are made on a national level. Consequently, threat assessment closely affects the design structures of nuclear facilities. Some of the recent security incidents e.g. Stuxnet worm (Advanced Persistent Threat) and theft of sensitive information in South Korea Nuclear Power Plant (Insider Threat) have shown that these attacks should be considered as the top threat to nuclear facilities. Therefore, the cybersecurity context is essential for secure and safe use of nuclear power. In addition, States should include multiple DBT scenarios in order to protect various target materials, types of facilities, and adversary objectives. Development of a comprehensive DBT is a precondition for the establishment and further improvement of domestic state nuclear-related regulations in the field of physical and cyber protection. These national regulations have to be met later on by I&C platform suppliers, electrical systems suppliers, system integrators and turn-key providers.

31 CFR 357.0 - Book-entry systems.

Code of Federal Regulations, 2014 CFR

2014-07-01

... General Information § 357.0 Book-entry systems. (a) Treasury securities. Treasury securities are...-entry system is the book-entry system in which Treasury securities are held in a tiered system through securities intermediaries such as financial institutions or brokerage firms. A Treasury security is...

31 CFR 357.0 - Book-entry systems.

Code of Federal Regulations, 2012 CFR

2012-07-01

... General Information § 357.0 Book-entry systems. (a) Treasury securities. Treasury securities are...-entry system is the book-entry system in which Treasury securities are held in a tiered system through securities intermediaries such as financial institutions or brokerage firms. A Treasury security is...

31 CFR 357.0 - Book-entry systems.

Code of Federal Regulations, 2011 CFR

2011-07-01

... General Information § 357.0 Book-entry systems. (a) Treasury securities. Treasury securities are...-entry system is the book-entry system in which Treasury securities are held in a tiered system through securities intermediaries such as financial institutions or brokerage firms. A Treasury security is...

31 CFR 357.0 - Book-entry systems.

Code of Federal Regulations, 2013 CFR

2013-07-01

... General Information § 357.0 Book-entry systems. (a) Treasury securities. Treasury securities are...-entry system is the book-entry system in which Treasury securities are held in a tiered system through securities intermediaries such as financial institutions or brokerage firms. A Treasury security is...

Assessing Children's Emotional Security in the Interparental Relationship: The Security in the Interparental Subsystem Scales.

ERIC Educational Resources Information Center

Davies, Patrick T.; Forman, Evan M.; Rasi, Jennifer A.; Stevens, Kristopher I.

2002-01-01

Evaluated new self-report measure assessing children's strategies for preserving emotional security in context of interparental conflict. Factor analyses of the Security in the Interparental Subsystem (SIS) Scale supported a 7-factor solution. The SIS demonstrated satisfactory internal consistency and test-retest reliability. Support for test…

9 CFR 121.7 - Registration and related security risk assessments.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 9 Animals and Animal Products 1 2010-01-01 2010-01-01 false Registration and related security risk..., USE, AND TRANSFER OF SELECT AGENTS AND TOXINS § 121.7 Registration and related security risk... Administrator or the HHS Secretary based on a security risk assessment by the Attorney General: (i) The...

Sandia National Laboratories: Sandia Enabled Communications and

Science.gov Websites

Weapons Safety & Security Weapons Science & Technology Defense Systems & Assessments About Directed Research & Development Technology Deployment Centers Working With Sandia Working With Sandia Licensing & Technology Transfer Browse Technology Portfolios Technology Partnerships Business, Industry

47 CFR 80.277 - Ship Security Alert System (SSAS).

Code of Federal Regulations, 2010 CFR

2010-10-01

... 47 Telecommunication 5 2010-10-01 2010-10-01 false Ship Security Alert System (SSAS). 80.277... Security Alert System (SSAS). (a) Vessels equipped with a Ship Security Alert System pursuant to the Safety..., “RTCM Standard 11020.0—Ship Security Alert Systems (SSAS) using the Cospas-Sarsat System,” Version 1.0...

17 CFR 405.5 - Risk assessment reporting requirements for registered government securities brokers and dealers.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Risk assessment reporting requirements for registered government securities brokers and dealers. 405.5 Section 405.5 Commodity and... OF 1934 REPORTS AND AUDIT § 405.5 Risk assessment reporting requirements for registered government...

6 CFR 13.31 - Determining the amount of penalties and assessments.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Determining the amount of penalties and assessments. 13.31 Section 13.31 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROGRAM FRAUD CIVIL REMEDIES § 13.31 Determining the amount of penalties and assessments. (a) In...

6 CFR 13.3 - Basis for civil penalties and assessments.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Basis for civil penalties and assessments. 13.3 Section 13.3 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROGRAM FRAUD CIVIL REMEDIES § 13.3 Basis for civil penalties and assessments. (a) Claims. (1) Except as provided in...

A security vulnerabilities assessment tool for interim storage facilities of low-level radioactive wastes.

PubMed

Bible, J; Emery, R J; Williams, T; Wang, S

2006-11-01

Limited permanent low-level radioactive waste (LLRW) disposal capacity and correspondingly high disposal costs have resulted in the creation of numerous interim storage facilities for either decay-in-storage operations or longer term accumulation efforts. These facilities, which may be near the site of waste generation or in distal locations, often were not originally designed for the purpose of LLRW storage, particularly with regard to security. Facility security has become particularly important in light of the domestic terrorist acts of 2001, wherein LLRW, along with many other sources of radioactivity, became recognized commodities to those wishing to create disruption through the purposeful dissemination of radioactive materials. Since some LLRW materials may be in facilities that may exhibit varying degrees of security control sophistication, a security vulnerabilities assessment tool grounded in accepted criminal justice theory and security practice has been developed. The tool, which includes dedicated sections on general security, target hardening, criminalization benefits, and the presence of guardians, can be used by those not formally schooled in the security profession to assess the level of protection afforded to their respective facilities. The tool equips radiation safety practitioners with the ability to methodically and systematically assess the presence or relative status of various facility security aspects, many of which may not be considered by individuals from outside the security profession. For example, radiation safety professionals might not ordinarily consider facility lighting aspects, which is a staple for the security profession since it is widely known that crime disproportionately occurs more frequently at night or in poorly lit circumstances. Likewise, the means and associated time dimensions for detecting inventory discrepancies may not be commonly considered. The tool provides a simple means for radiation safety professionals to assess, and perhaps enhance in a reasonable fashion, the security of their interim storage operations. Aspects of the assessment tool can also be applied to other activities involving the protection of sources of radiation as well.

Urban Security Initiative: Earthquake impacts on the urban ``system of systems``

DOE Office of Scientific and Technical Information (OSTI.GOV)

Maheshwari, S.; Jones, E.; Rasmussen, S.

1999-06-01

This paper is a discussion of how to address the problems of disasters in a large city, a project titled Urban Security Initiative undertaken by the Los Alamos National Laboratory. The paper first discusses the need to address the problems of disasters in large cities and ten provides a framework that is suitable to address this problem. The paper then provides an overview of the module of the project that deals with assessment of earthquake damage on urban infrastructure in large cities and an internet-based approach for consensus building leading to better coordination in the post-disaster period. Finally, the papermore » discusses the future direction of the project.« less

Internetting tactical security sensor systems

NASA Astrophysics Data System (ADS)

Gage, Douglas W.; Bryan, W. D.; Nguyen, Hoa G.

1998-08-01

The Multipurpose Surveillance and Security Mission Platform (MSSMP) is a distributed network of remote sensing packages and control stations, designed to provide a rapidly deployable, extended-range surveillance capability for a wide variety of military security operations and other tactical missions. The baseline MSSMP sensor suite consists of a pan/tilt unit with video and FLIR cameras and laser rangefinder. With an additional radio transceiver, MSSMP can also function as a gateway between existing security/surveillance sensor systems such as TASS, TRSS, and IREMBASS, and IP-based networks, to support the timely distribution of both threat detection and threat assessment information. The MSSMP system makes maximum use of Commercial Off The Shelf (COTS) components for sensing, processing, and communications, and of both established and emerging standard communications networking protocols and system integration techniques. Its use of IP-based protocols allows it to freely interoperate with the Internet -- providing geographic transparency, facilitating development, and allowing fully distributed demonstration capability -- and prepares it for integration with the IP-based tactical radio networks that will evolve in the next decade. Unfortunately, the Internet's standard Transport layer protocol, TCP, is poorly matched to the requirements of security sensors and other quasi- autonomous systems in being oriented to conveying a continuous data stream, rather than discrete messages. Also, its canonical 'socket' interface both conceals short losses of communications connectivity and simply gives up and forces the Application layer software to deal with longer losses. For MSSMP, a software applique is being developed that will run on top of User Datagram Protocol (UDP) to provide a reliable message-based Transport service. In addition, a Session layer protocol is being developed to support the effective transfer of control of multiple platforms among multiple control stations.

Questionnaire-based Prevalence of Food Insecurity in Iran: A Review Article.

PubMed

Daneshi-Maskooni, Milad; Shab-Bidar, Sakineh; Badri-Fariman, Mahtab; Aubi, Erfan; Mohammadi, Younes; Jafarnejad, Sadegh; Djafarian, Kurosh

2017-11-01

Data on the questionnaire-based prevalence of food insecurity are needed to develop food and nutrition security studies and policies. The present study aimed to assess the questionnaire-based prevalence of food insecurity in Iran. A systematic search of cross-sectional studies were conducted on databases including PubMed, Google Scholar, Scopus, Magiran, Iranmedex, SID and Medlib up to 29 Oct 2015. Estimation of food insecurity prevalence was according to the instruments including 9-items-HFIAS, 18 and 6-items USDA (US-HFSSM) and Radimer/Cernel food security questionnaires. Pooled effect was estimated using random-effect model and heterogeneity was assessed by Cochran's Q and I 2 tests. Thirteen articles included in the study based on screening and assessment of eligibility. The questionnaire-based prevalence of food insecurity was 49.2% (CI95%: 43.8-54.6). The according to sub-groups analysis, the food insecurity without and with hunger was 29.6% (CI95%: 25.7-33.6) and 19.2% (CI95%: 16-22.3), respectively. The about half of the population were food insecure. The food insecurity without hunger was more than the food insecurity with hunger. An ongoing food insecurity assessment system is needed to support evidence-informed policy and to plan interventions to increase the food security in different areas.

77 FR 24506 - Extension of Agency Information Collection Activity Under OMB Review: Air Cargo Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-24

...This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0040, abstracted below to OMB for review and approval of an extension of the currently approved collection under the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of the following collection of information on February 24, 2012, 77 FR 11145. TSA has not received any comments. The collection of information that make up this ICR involve five broad categories affecting airports, passenger aircraft operators, foreign air carriers, indirect air carriers and all-cargo carriers operating under a TSA-approved security program. These five categories are: Security programs, security threat assessments (STAs), known shipper data via the Known Shipper Management System (KSMS), cargo screening reporting, and evidence of compliance recordkeeping.

Cyber-Threat Assessment for the Air Traffic Management System: A Network Controls Approach

NASA Technical Reports Server (NTRS)

Roy, Sandip; Sridhar, Banavar

2016-01-01

Air transportation networks are being disrupted with increasing frequency by failures in their cyber- (computing, communication, control) systems. Whether these cyber- failures arise due to deliberate attacks or incidental errors, they can have far-reaching impact on the performance of the air traffic control and management systems. For instance, a computer failure in the Washington DC Air Route Traffic Control Center (ZDC) on August 15, 2015, caused nearly complete closure of the Centers airspace for several hours. This closure had a propagative impact across the United States National Airspace System, causing changed congestion patterns and requiring placement of a suite of traffic management initiatives to address the capacity reduction and congestion. A snapshot of traffic on that day clearly shows the closure of the ZDC airspace and the resulting congestion at its boundary, which required augmented traffic management at multiple locations. Cyber- events also have important ramifications for private stakeholders, particularly the airlines. During the last few months, computer-system issues have caused several airlines fleets to be grounded for significant periods of time: these include United Airlines (twice), LOT Polish Airlines, and American Airlines. Delays and regional stoppages due to cyber- events are even more common, and may have myriad causes (e.g., failure of the Department of Homeland Security systems needed for security check of passengers, see [3]). The growing frequency of cyber- disruptions in the air transportation system reflects a much broader trend in the modern society: cyber- failures and threats are becoming increasingly pervasive, varied, and impactful. In consequence, an intense effort is underway to develop secure and resilient cyber- systems that can protect against, detect, and remove threats, see e.g. and its many citations. The outcomes of this wide effort on cyber- security are applicable to the air transportation infrastructure, and indeed security solutions are being implemented in the current system. While these security solutions are important, they only provide a piecemeal solution. Particular computers or communication channels are protected from particular attacks, without a holistic view of the air transportation infrastructure. On the other hand, the above-listed incidents highlight that a holistic approach is needed, for several reasons. First, the air transportation infrastructure is a large scale cyber-physical system with multiple stakeholders and diverse legacy assets. It is impractical to protect every cyber- asset from known and unknown disruptions, and instead a strategic view of security is needed. Second, disruptions to the cyber- system can incur complex propagative impacts across the air transportation network, including its physical and human assets. Also, these implications of cyber- events are exacerbated or modulated by other disruptions and operational specifics, e.g. severe weather, operator fatigue or error, etc. These characteristics motivate a holistic and strategic perspective on protecting the air transportation infrastructure from cyber- events. The analysis of cyber- threats to the air traffic system is also inextricably tied to the integration of new autonomy into the airspace. The replacement of human operators with cyber functions leaves the network open to new cyber threats, which must be modeled and managed. Paradoxically, the mitigation of cyber events in the airspace will also likely require additional autonomy, given the fast time scale and myriad pathways of cyber-attacks which must be managed. The assessment of new vulnerabilities upon integration of new autonomy is also a key motivation for a holistic perspective on cyber threats.

76 FR 43993 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-22

...; System of Records AGENCY: National Security Agency/Central Security Service, Department of Defense. ACTION: Notice to Delete a System of Records. SUMMARY: The National Security Agency/Central Security.... FOR FURTHER INFORMATION CONTACT: Ms. Anne Hill, National Security Agency/Central Security Service...

31 CFR 306.23 - Securities eligible to be held in the TREASURY DIRECT Book-entry Securities System.

Code of Federal Regulations, 2010 CFR

2010-07-01

... TREASURY DIRECT Book-entry Securities System. 306.23 Section 306.23 Money and Finance: Treasury Regulations... Securities eligible to be held in the TREASURY DIRECT Book-entry Securities System. (a) Eligible issues. The... conversion to the TREASURY DIRECT Book-entry Securities System. The notice shall specify the period during...

Security in Intelligent Transport Systems for Smart Cities: From Theory to Practice

PubMed Central

Javed, Muhammad Awais; Ben Hamida, Elyes; Znaidi, Wassim

2016-01-01

Connecting vehicles securely and reliably is pivotal to the implementation of next generation ITS applications of smart cities. With continuously growing security threats, vehicles could be exposed to a number of service attacks that could put their safety at stake. To address this concern, both US and European ITS standards have selected Elliptic Curve Cryptography (ECC) algorithms to secure vehicular communications. However, there is still a lack of benchmarking studies on existing security standards in real-world settings. In this paper, we first analyze the security architecture of the ETSI ITS standard. We then implement the ECC based digital signature and encryption procedures using an experimental test-bed and conduct an extensive benchmark study to assess their performance which depends on factors such as payload size, processor speed and security levels. Using network simulation models, we further evaluate the impact of standard compliant security procedures in dense and realistic smart cities scenarios. Obtained results suggest that existing security solutions directly impact the achieved quality of service (QoS) and safety awareness of vehicular applications, in terms of increased packet inter-arrival delays, packet and cryptographic losses, and reduced safety awareness in safety applications. Finally, we summarize the insights gained from the simulation results and discuss open research challenges for efficient working of security in ITS applications of smart cities. PMID:27314358

Security and Vulnerability Assessment of Social Media Sites: An Exploratory Study

ERIC Educational Resources Information Center

Zhao, Jensen; Zhao, Sherry Y.

2015-01-01

While the growing popularity of social media has brought many benefits to society, it has also resulted in privacy and security threats. The authors assessed the security and vulnerability of 50 social media sites. The findings indicate that most sites (a) posted privacy and security policies but only a minority stated clearly their execution of…

Development and implementation of a GEOGLAM Crop Monitor web interface

NASA Astrophysics Data System (ADS)

Oliva, P.; Sanchez, A.; Humber, M. L.; Becker-Reshef, I.; Justice, C. J.; McGaughey, K.; Barker, B.

2016-12-01

Beginning in September 2013, the GEOGLAM Crop Monitor activity has provided earth observation (EO) data to a network of partners and collected crop assessments on a subnational basis through a web interface known as the Crop Assessment Tool. Based on the collection of monthly crop assessments, a monthly crop condition bulletin is published in the Agricultural Market Information System (AMIS) Market Monitor report. This workflow has been successfully applied to food security applications through the Early Warning Crop Monitor activity. However, a lack of timely and accurate information on crop conditions and prospects at the national scale is a critical issue in the majority of southern and eastern African countries and some South American countries. Such information is necessary for informed and prompt decision making in the face of emergencies, food insecurity and planning requirements for agricultural markets. This project addresses these needs through the development of relevant, user-friendly remote sensing monitor systems, collaborative internet technology, and collaboration with national and regional agricultural monitoring networks. By building on current projects and relationships established through the various GEOGLAM Crop Monitor activities, this project aims to ultimately provide EO-informed crop condition maps and charts designed for economics and policy oriented audiences, thereby providing quick and easy to understand products on crop conditions as the season progresses. Integrating these data and assessments vertically throughout the system provides a basis for regional sharing and collaboration in food security applications.

[Application of classified protection of information security in the information system of air pollution and health impact monitoring].

PubMed

Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

2018-01-01

To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

Security Evolution.

ERIC Educational Resources Information Center

De Patta, Joe

2003-01-01

Examines how to evaluate school security, begin making schools safe, secure schools without turning them into fortresses, and secure schools easily and affordably; the evolution of security systems into information technology systems; using schools' high-speed network lines; how one specific security system was developed; pros and cons of the…

Tri-wheeled scooters transported on buses and vans : assessment of securement restraint issues

DOT National Transportation Integrated Search

2005-10-01

Under the Americans with Disabilities Act (ADA) of 1990, all "common wheelchairs and mobility aids", including tri-wheeled scooters, must be accommodated on buses and vans used in public transit service. Several transit systems have recently expresse...

10 CFR 850.39 - Recordkeeping and use of information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... must maintain all records required by this part in current and accessible electronic systems, which... Prevention Programs, Office of Health, Safety and Security an electronic registry of beryllium-associated... maintain accurate records of all beryllium inventory information, hazard assessments, exposure measurements...

Space and U.S. Security. A Net Assessment

DTIC Science & Technology

2009-01-01

spacecraft mission. This included not only a spacewalk by a Chinese astronaut, but also a companion satellite. China demonstrated the ability to release...telecommunications, the Italian Armed Forces use the SICRAL ( Sistema Italiana de Communicazione Riservente Allarmi) system. Thus far, one satellite

33 CFR 106.255 - Security systems and equipment maintenance.

Code of Federal Regulations, 2010 CFR

2010-07-01

... maintained according to manufacturers' recommendations. (b) Security systems must be regularly tested in... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security systems and equipment... Shelf (OCS) Facility Security Requirements § 106.255 Security systems and equipment maintenance. (a...

Systems Security Engineering

DTIC Science & Technology

2010-08-22

practice for information security management ( ISO /IEC 27002 ),” “Information technology — Security techniques — Information security management...systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security techniques — Information security risk management ( ISO /IEC 27005).” from...associated practice aids. Perhaps the most germane discovery from this effort was a draft ISO standard on Systems and software engineering, Systems and

75 FR 56079 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-15

... to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act...; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to amend a system of records. SUMMARY: The National Security Agency/Central Security Service is proposing to...

Computer Security Systems Enable Access.

ERIC Educational Resources Information Center

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

Energy System Integration Facility Secure Data Center | Energy Systems

Science.gov Websites

Integration Facility | NREL Energy System Integration Facility Secure Data Center Energy System Integration Facility Secure Data Center The Energy Systems Integration Facility's Secure Data Center provides

Ecosystem Functions Connecting Contributions from Ecosystem Services to Human Wellbeing in a Mangrove System in Northern Taiwan.

PubMed

Hsieh, Hwey-Lian; Lin, Hsing-Juh; Shih, Shang-Shu; Chen, Chang-Po

2015-06-09

The present study examined a mangrove ecosystem in northern Taiwan to determine how the various components of ecosystem function, ecosystem services and human wellbeing are connected. The overall contributions of mangrove services to specific components of human wellbeing were also assessed. A network was developed and evaluated by an expert panel consisting of hydrologists, ecologists, and experts in the field of culture, landscape or architecture. The results showed that supporting habitats was the most important function to human wellbeing, while water quality, habitable climate, air quality, recreational opportunities, and knowledge systems were services that were strongly linked to human welfare. Security of continuous supply of services appeared to be the key to a comfortable life. From a bottom-up and top-down perspective, knowledge systems (a service) were most supported by ecosystem functions, while the security of continuous supply of services (wellbeing) had affected the most services. In addition, the overall benefits of mangrove services to human prosperity concentrated on mental health, security of continuous supply of services, and physical health.

HIPAA: update on rule revisions and compliance requirements.

PubMed

Maddox, P J

2002-01-01

Due to the highly technical requirements for HIPAA compliance and the numerous administrative and clinical functions and processes involved, guidance from experts who are knowledgeable about systems design and use to secure private data is necessary. In health care organizations, this will require individuals who are knowledgeable about clinical processes and those who understand health information technology, security, and privacy to work together to establish an entity's compliance plans and revise operations and practices accordingly. As a precondition of designing such systems, it is essential that covered entities understand the HIPAA's statutory requirements and timeline for compliance. An organization's success in preparing for HIPAA will depend upon an active program of assessment, planning, and implementation. Compliance with security and privacy standards can be expected to increase costs initially. However, greater use of EDI is expected to reduce costs and enhance revenues in the long run if processes and systems are improved. NOTE: Special protection for psychotherapy notes holds them to a higher standard of protection. Notes used only by a psychotherapist are not intended to be shared with anyone and are not considered part of the medical record.

Ecosystem Functions Connecting Contributions from Ecosystem Services to Human Wellbeing in a Mangrove System in Northern Taiwan

PubMed Central

Hsieh, Hwey-Lian; Lin, Hsing-Juh; Shih, Shang-Shu; Chen, Chang-Po

2015-01-01

The present study examined a mangrove ecosystem in northern Taiwan to determine how the various components of ecosystem function, ecosystem services and human wellbeing are connected. The overall contributions of mangrove services to specific components of human wellbeing were also assessed. A network was developed and evaluated by an expert panel consisting of hydrologists, ecologists, and experts in the field of culture, landscape or architecture. The results showed that supporting habitats was the most important function to human wellbeing, while water quality, habitable climate, air quality, recreational opportunities, and knowledge systems were services that were strongly linked to human welfare. Security of continuous supply of services appeared to be the key to a comfortable life. From a bottom-up and top-down perspective, knowledge systems (a service) were most supported by ecosystem functions, while the security of continuous supply of services (wellbeing) had affected the most services. In addition, the overall benefits of mangrove services to human prosperity concentrated on mental health, security of continuous supply of services, and physical health. PMID:26067989

Atypical dimensions of caregiver–adolescent interaction in an economically disadvantaged sample

PubMed Central

Kobak, Roger; Zajac, Kristyn; Abbott, Caroline; Zisk, Abby; Bounoua, Nadia

2018-01-01

The Goal-corrected Partnership Adolescent Coding System (GPACS) has shown promise in assessing a secure as well as three atypical patterns of parent-adolescent interaction during a conflict discussion. The current study of 186 economically disadvantaged families examines the degree to which four GPACS patterns: Secure/Collaborative, Punitive, Role Confused and Disoriented—account for residual change in adolescents’ social competence and maladaptive behavior (internalizing, externalizing, and risk behaviors) between ages 13 to 15. Adolescents from Secure/Collaborative dyads at age 13 were more likely to have a secure state of mind in the AAI at age 15 and showed increases in teachers’ ratings of empathy and decreases in teachers’ ratings of externalizing behaviors between ages 13 and 15. Adolescents in Disoriented dyads showed a dramatic increase in teacher-rated internalizing problems, while male adolescents in Role Confused dyads reported increased involvement in risk behaviors including unprotected sexual activity and substance use problems. PMID:28401833

Social Security and Disability Due to Mental Impairment in Adults.

PubMed

Goldman, Howard H; Frey, William D; Riley, Jarnee K

2018-05-07

The Social Security Administration (SSA) oversees two disability programs, Social Security Disability Insurance (SSDI) and Supplemental Security Income (SSI). Adults with mental impairments represent a very large component of the programs. Policy makers and SSA are concerned about the accuracy of disability determination and also about low levels of labor force participation among individuals with disabilities. Adults with mental impairments are challenging to assess for work-related functional limitations. They are also a challenge to return to labor force participation. SSA has sponsored several demonstration research programs focusing on improving the accuracy of disability determination and on interventions in supported employment to return individuals with mental impairments to competitive employment. This article reviews the demonstration research focused on both entry into the disability system (at the "front door") and potential exit from it (through the "back door"). All of the research holds promise to "right-size" the SSA disability program.

Food security and cardioprotection: the polar lipid link.

PubMed

Zabetakis, Ioannis

2013-08-01

The projected increase in world population and therefore demand for food in the foreseeable future pose some risks on how secure is the food production system today. Millions of people are threatened by malnutrition, cardiovascular diseases (CVDs), diabetes, and obesity. This is a multidimensional challenge: the production of food needs to be increased but also the quality of food needs to be improved so less people suffer from undernourishment and CVDs. This hypothesis paper addresses this problem by critically evaluating recent developments on the role of food components against CVDs, presenting recent insights for assessing the nutritional value of food and suggesting novel approaches toward the sustainable production of food that would, in turn, lead to increased food security. The issue of the sustainability of lipid sources and genetically modified crops is also discussed from a food security point of view. © 2013 Institute of Food Technologists®

Design of Hack-Resistant Diabetes Devices and Disclosure of Their Cyber Safety.

PubMed

Sackner-Bernstein, Jonathan

2017-03-01

The focus of the medical device industry and regulatory bodies on cyber security parallels that in other industries, primarily on risk assessment and user education as well as the recognition and response to infiltration. However, transparency of the safety of marketed devices is lacking and developers are not embracing optimal design practices with new devices. Achieving cyber safe diabetes devices: To improve understanding of cyber safety by clinicians and patients, and inform decision making on use practices of medical devices requires disclosure by device manufacturers of the results of their cyber security testing. Furthermore, developers should immediately shift their design processes to deliver better cyber safety, exemplified by use of state of the art encryption, secure operating systems, and memory protections from malware.

State of the World 1986. A Worldwatch Institute Report on Progress toward a Sustainable Society.

ERIC Educational Resources Information Center

Brown, Lester R.; And Others

The third of three annual assessments concentrating on the relationship between the world economy and its environmental support systems, this edition expands earlier themes on how economic demands of a world population approaching 5 billion affects the earth's natural systems and resources to embrace threats to security as well. The first of 11…

Information Assurance as a System of Systems in the Submarine Force

DTIC Science & Technology

2013-09-01

cause and effect on overall ship mission and vulnerabilities . Organizational governance must raise the level of awareness as to network security...understand the cause and effect on overall ship mission and vulnerabilities . Organizational governance must raise the level of awareness as to network...Table 2. Assessment Scale– Vulnerability Severity (After NIST 800–30 Rev1 2012, F-2

77 FR 56628 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-13

... to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act...; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to add a system of records. SUMMARY: The National Security Agency/Central Security Service proposes to add a new...

78 FR 45913 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-30

... National Security Agency/Central Security Service systems of records subject to the Privacy Act of 1974 (5... National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act Office, 9800...; Systems of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to alter...

Biosecurity through Public Health System Design.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Beyeler, Walter E.; Finley, Patrick D.; Arndt, William

We applied modeling and simulation to examine the real-world tradeoffs between developingcountry public-health improvement and the need to improve the identification, tracking, and security of agents with bio-weapons potential. Traditionally, the international community has applied facility-focused strategies for improving biosecurity and biosafety. This work examines how system-level assessments and improvements can foster biosecurity and biosafety. We modeled medical laboratory resources and capabilities to identify scenarios where biosurveillance goals are transparently aligned with public health needs, and resource are distributed in a way that maximizes their ability to serve patients while minimizing security a nd safety risks. Our modeling platform simulatesmore » key processes involved in healthcare system operation, such as sample collection, transport, and analysis at medical laboratories. The research reported here extends the prior art by provided two key compone nts for comparative performance assessment: a model of patient interaction dynamics, and the capability to perform uncertainty quantification. In addition, we have outlined a process for incorporating quantitative biosecurity and biosafety risk measures. Two test problems were used to exercise these research products examine (a) Systemic effects of technological innovation and (b) Right -sizing of laboratory networks.« less

Secondary Use of Claims Data from the Austrian Health Insurance System with i2b2: A Pilot Study.

PubMed

Endel, Florian; Duftschmid, Georg

2016-01-01

In conformity with increasing international efforts to reuse routine health data for scientific purposes, the Main Association of Austrian Social Security Organisations provides pseudonymized claims data of the Austrian health care system for clinical research. We aimed to examine, whether an integration of the corresponding database into i2b2 would be possible and provide benefits. We applied docker-based software containers and data transformations to set up the system. To assess the benefits of i2b2 we plan to reenact the task of cohort formation of an earlier research project. The claims database was successfully integrated into i2b2. The docker-based installation approach will be published as git repository. The assessment of i2b2's benefits is currently work in progress and will be presented at the conference. Docker enables a flexible, reproducible, and resource-efficient installation of i2b2 within the restricted environment implied by our highly secured target system. First preliminary tests indicated several potential benefits of i2b2 compared to the methods applied during the earlier research project.

Kaliningrad and Baltic Security

DTIC Science & Technology

2001-06-01

Kennedy-Minott, Thesis Co-Advisor ___________________________________________ James Wirtz , Chairman Department of National Security Affairs iv...39 Jochen Prantl, �Security and Stability in Northern Europe � A Threat Assessment,� Program on the Northern Dimension of the CFSP, 29...www.usis.usemb.se/ wireless/500/eur508.htm Prantl, Jochen . �Security and Stability in Northern Europe � A Threat Assessment.� Program on the Northern Dimension

The Quality of Maternal Secure-Base Scripts Predicts Children's Secure-Base Behavior at Home in Three Sociocultural Groups

ERIC Educational Resources Information Center

Vaughn, Brian E.; Coppola, Gabrielle; Verissimo, Manuela; Monteiro, Ligia; Santos, Antonio Jose; Posada, German; Carbonell, Olga A.; Plata, Sandra J.; Waters, Harriet S.; Bost, Kelly K.; McBride, Brent; Shin, Nana; Korth, Bryan

2007-01-01

The secure-base phenomenon is central to the Bowlby/Ainsworth theory of attachment and is also central to the assessment of attachment across the lifespan. The present study tested whether mothers' knowledge about the secure-base phenomenon, as assessed using a recently designed wordlist prompt measure for eliciting attachment-relevant stories,…

49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

Code of Federal Regulations, 2012 CFR

2012-10-01

... the cargo enters an airport Security Identification Display Area or is transferred to another TSA... under §§ 1546.101(a) or (b) accepts the cargo, until the cargo— (A) Enters an airport Security... 49 Transportation 9 2012-10-01 2012-10-01 false Access to cargo: Security threat assessments for...

49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

Code of Federal Regulations, 2014 CFR

2014-10-01

... the cargo enters an airport Security Identification Display Area or is transferred to another TSA... under §§ 1546.101(a) or (b) accepts the cargo, until the cargo— (A) Enters an airport Security... 49 Transportation 9 2014-10-01 2014-10-01 false Access to cargo: Security threat assessments for...

49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

Code of Federal Regulations, 2013 CFR

2013-10-01

... the cargo enters an airport Security Identification Display Area or is transferred to another TSA... under §§ 1546.101(a) or (b) accepts the cargo, until the cargo— (A) Enters an airport Security... 49 Transportation 9 2013-10-01 2013-10-01 false Access to cargo: Security threat assessments for...

49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

Code of Federal Regulations, 2011 CFR

2011-10-01

... the cargo enters an airport Security Identification Display Area or is transferred to another TSA... under §§ 1546.101(a) or (b) accepts the cargo, until the cargo— (A) Enters an airport Security... 49 Transportation 9 2011-10-01 2011-10-01 false Access to cargo: Security threat assessments for...

77 FR 26259 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-03

.... SUPPLEMENTARY INFORMATION: The National Security Agency systems of records notice subject to the Privacy Act of... of Records AGENCY: National Security Agency/Central Security Service. ACTION: Notice to Delete a System of Records. SUMMARY: The National Security Agency/Central Security Service is deleting a system of...

75 FR 67697 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-03

... National Security Agency's record system notices for records systems subject to the Privacy Act of 1974 (5... National Security Agency/Central Security Service, Freedom of Information Act (FOIA)/Privacy Act Office...; Systems of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to add a...

75 FR 43494 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... National Security Agency's record system notices for records systems subject to the Privacy Act of 1974 (5... National Security Agency/Central Security Service, Freedom of Information Act and Privacy Act Office, 9800...; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to...

8 CFR 103.34 - Security of records systems.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 8 Aliens and Nationality 1 2010-01-01 2010-01-01 false Security of records systems. 103.34 Section 103.34 Aliens and Nationality DEPARTMENT OF HOMELAND SECURITY IMMIGRATION REGULATIONS POWERS AND DUTIES; AVAILABILITY OF RECORDS § 103.34 Security of records systems. The security of records systems...

The myth of secure computing.

PubMed

Austin, Robert D; Darby, Christopher A

2003-06-01

Few senior executives pay a whole lot of attention to computer security. They either hand off responsibility to their technical people or bring in consultants. But given the stakes involved, an arm's-length approach is extremely unwise. According to industry estimates, security breaches affect 90% of all businesses every year and cost some $17 billion. Fortunately, the authors say, senior executives don't need to learn about the more arcane aspects of their company's IT systems in order to take a hands-on approach. Instead, they should focus on the familiar task of managing risk. Their role should be to assess the business value of their information assets, determine the likelihood that those assets will be compromised, and then tailor a set of risk abatement processes to their company's particular vulnerabilities. This approach, which views computer security as an operational rather than a technical challenge, is akin to a classic quality assurance program in that it attempts to avoid problems rather than fix them and involves all employees, not just IT staffers. The goal is not to make computer systems completely secure--that's impossible--but to reduce the business risk to an acceptable level. This article looks at the types of threats a company is apt to face. It also examines the processes a general manager should spearhead to lessen the likelihood of a successful attack. The authors recommend eight processes in all, ranging from deciding how much protection each digital asset deserves to insisting on secure software to rehearsing a response to a security breach. The important thing to realize, they emphasize, is that decisions about digital security are not much different from other cost-benefit decisions. The tools general managers bring to bear on other areas of the business are good models for what they need to do in this technical space.

An alternative to sneakernet

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orrell, S.; Ralstin, S.

1992-04-01

Many computer security plans specify that only a small percentage of the data processed will be classified. Thus, the bulk of the data on secure systems must be unclassified. Secure limited access sites operating approved classified computing systems sometimes also have a system ostensibly containing only unclassified files but operating within the secure environment. That system could be networked or otherwise connected to a classified system(s) in order that both be able to use common resources for file storage or computing power. Such a system must operate under the same rules as the secure classified systems. It is in themore » nature of unclassified files that they either came from, or will eventually migrate to, a non-secure system. Today, unclassified files are exported from systems within the secure environment typically by loading transport media and carrying them to an open system. Import of unclassified files is handled similarly. This media transport process, sometimes referred to as sneaker net, often is manually logged and controlled only by administrative procedures. A comprehensive system for secure bi-directional transfer of unclassified files between secure and open environments has yet to be developed. Any such secure file transport system should be required to meet several stringent criteria. It is the purpose of this document to begin a definition of these criteria.« less

An alternative to sneakernet

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orrell, S.; Ralstin, S.

1992-01-01

Many computer security plans specify that only a small percentage of the data processed will be classified. Thus, the bulk of the data on secure systems must be unclassified. Secure limited access sites operating approved classified computing systems sometimes also have a system ostensibly containing only unclassified files but operating within the secure environment. That system could be networked or otherwise connected to a classified system(s) in order that both be able to use common resources for file storage or computing power. Such a system must operate under the same rules as the secure classified systems. It is in themore » nature of unclassified files that they either came from, or will eventually migrate to, a non-secure system. Today, unclassified files are exported from systems within the secure environment typically by loading transport media and carrying them to an open system. Import of unclassified files is handled similarly. This media transport process, sometimes referred to as sneaker net, often is manually logged and controlled only by administrative procedures. A comprehensive system for secure bi-directional transfer of unclassified files between secure and open environments has yet to be developed. Any such secure file transport system should be required to meet several stringent criteria. It is the purpose of this document to begin a definition of these criteria.« less

The informatics capability maturity of integrated primary care centres in Australia.

PubMed

Liaw, Siaw-Teng; Kearns, Rachael; Taggart, Jane; Frank, Oliver; Lane, Riki; Tam, Michael; Dennis, Sarah; Walker, Christine; Russell, Grant; Harris, Mark

2017-09-01

Integrated primary care requires systems and service integration along with financial incentives to promote downward substitution to a single entry point to care. Integrated Primary Care Centres (IPCCs) aim to improve integration by co-location of health services. The Informatics Capability Maturity (ICM) describes how well health organisations collect, manage and share information; manage eHealth technology, implementation, change, data quality and governance; and use "intelligence" to improve care. Describe associations of ICM with systems and service integration in IPCCs. Mixed methods evaluation of IPCCs in metropolitan and rural Australia: an enhanced general practice, four GP Super Clinics, a "HealthOne" (private-public partnership) and a Community Health Centre. Data collection methods included self-assessed ICM, document review, interviews, observations in practice and assessment of electronic health record data. Data was analysed and compared across IPCCs. The IPCCs demonstrated a range of funding models, ownership, leadership, organisation and ICM. Digital tools were used with varying effectiveness to collect, use and share data. Connectivity was problematic, requiring "work-arounds" to communicate and share information. The lack of technical, data and software interoperability standards, clinical coding and secure messaging were barriers to data collection, integration and sharing. Strong leadership and governance was important for successful implementation of robust and secure eHealth systems. Patient engagement with eHealth tools was suboptimal. ICM is positively associated with integration of data, systems and care. Improved ICM requires a health workforce with eHealth competencies; technical, semantic and software standards; adequate privacy and security; and good governance and leadership. Copyright © 2017 Elsevier B.V. All rights reserved.

Assessing the impacts of the changes in farming systems on food security and environmental sustainability of a Chinese rural region under different policy scenarios: an agent-based model.

PubMed

Yuan, Chengcheng; Liu, Liming; Qi, Xiaoxing; Fu, Yonghu; Ye, Jinwei

2017-07-01

Since China has undergone a series of economic reforms and implemented opening up policies, its farming systems have significantly changed and have dramatically influenced the society, economy, and environment of China. To assess the comprehensive impacts of these changes on food security and environmental sustainability, and establish effective and environment-friendly subsidy policies, this research constructed an agent-based model (ABM). Daligang Town, which is located in the two-season rice region of Southern China, was selected as the case study site. Four different policy scenarios, i.e., "sharply increasing" (SI), "no-increase" (NI), "adjusted-method" (AM), and "trend" (TD) scenarios were investigated from 2015 to 2029. The validation result shows that the relative prediction errors between the simulated and actual values annually ranged from -20 to 20%, indicating the reliability of the proposed model. The scenario analysis revealed that the four scenarios generated different variations in cropping systems, rice yield, and fertilizer and pesticide inputs when the purchase price of rice and the non-agricultural income were assumed to increase annually by 0.1 RMB per kg and 10% per person, respectively. Among the four different policy scenarios in Daligang, the TD scenario was considered the best, because it had a relatively high rice yield, fairly minimal use of fertilizers and pesticides, and a lower level of subsidy. Despite its limitations, ABM could be considered a useful tool in analyzing, exploring, and discussing the comprehensive effects of the changes in farming system on food security and environmental sustainability.

Security, Violent Events, and Anticipated Surge Capabilities of Emergency Departments in Washington State.

PubMed

Weyand, Jonathan S; Junck, Emily; Kang, Christopher S; Heiner, Jason D

2017-04-01

Over the past 15 years, violent threats and acts against hospital patients, staff, and providers have increased and escalated. The leading area for violence is the emergency department (ED) given its 24/7 operations, role in patient care, admissions gateway, and center for influxes during acute surge events. This investigation had three objectives: to assess the current security of Washington State EDs; to estimate the prevalence of and response to threats and violence in Washington State EDs; and to appraise the Washington State ED security capability to respond to acute influxes of patients, bystanders, and media during acute surge events. A voluntary, blinded, 28-question Web-based survey developed by emergency physicians was electronically delivered to all 87 Washington State ED directors in January 2013. We evaluated responses by descriptive statistical analyses. Analyses occurred after 90% (78/87) of ED directors responded. Annual censuses of the EDs ranged from < 20,000 to 100,000 patients and represented the entire spectrum of practice environments, including critical access hospitals and a regional quaternary referral medical center. Thirty-four of 75 (45%) reported the current level of security was inadequate, based on the general consensus of their ED staff. Nearly two-thirds (63%) of EDs had 24-hour security personnel coverage, while 28% reported no assigned security personnel. Security personnel training was provided by 45% of hospitals or healthcare systems. Sixty-nine of 78 (88%) respondents witnessed or heard about violent threats or acts occurring in their ED. Of these, 93% were directed towards nursing staff, 90% towards physicians, 74% towards security personnel, and 51% towards administrative personnel. Nearly half (48%) noted incidents directed towards another patient, and 50% towards a patient's family or friend. These events were variably reported to the hospital administration. After an acute surge event, 35% believed the initial additional security response would not be adequate, with 26% reporting no additional security would be available within 15 minutes. Our study reveals the variability of ED security staffing and a heterogeneity of capabilities throughout Washington State. These deficiencies and vulnerabilities highlight the need for other EDs and regional emergency preparedness planners to conduct their own readiness assessments.

7 CFR 1730.24 - RUS review and evaluation.

Code of Federal Regulations, 2014 CFR

2014-01-01

... independent summary of the operations and maintenance practices of the borrower. The borrower's management... and maintenance practices of each borrower for the purpose of assessing loan security and determining..., and records related to the operations and maintenance of its complete system. Reports made by other...