Managing security risks for inter-organisational information systems: a multiagent collaborative model

NASA Astrophysics Data System (ADS)

Feng, Nan; Wu, Harris; Li, Minqiang; Wu, Desheng; Chen, Fuzan; Tian, Jin

2016-09-01

Information sharing across organisations is critical to effectively managing the security risks of inter-organisational information systems. Nevertheless, few previous studies on information systems security have focused on inter-organisational information sharing, and none have studied the sharing of inferred beliefs versus factual observations. In this article, a multiagent collaborative model (MACM) is proposed as a practical solution to assess the risk level of each allied organisation's information system and support proactive security treatment by sharing beliefs on event probabilities as well as factual observations. In MACM, for each allied organisation's information system, we design four types of agents: inspection agent, analysis agent, control agent, and communication agent. By sharing soft findings (beliefs) in addition to hard findings (factual observations) among the organisations, each organisation's analysis agent is capable of dynamically predicting its security risk level using a Bayesian network. A real-world implementation illustrates how our model can be used to manage security risks in distributed information systems and that sharing soft findings leads to lower expected loss from security risks.

An enhanced security solution for electronic medical records based on AES hybrid technique with SOAP/XML and SHA-1.

PubMed

Kiah, M L Mat; Nabi, Mohamed S; Zaidan, B B; Zaidan, A A

2013-10-01

This study aims to provide security solutions for implementing electronic medical records (EMRs). E-Health organizations could utilize the proposed method and implement recommended solutions in medical/health systems. Majority of the required security features of EMRs were noted. The methods used were tested against each of these security features. In implementing the system, the combination that satisfied all of the security features of EMRs was selected. Secure implementation and management of EMRs facilitate the safeguarding of the confidentiality, integrity, and availability of e-health organization systems. Health practitioners, patients, and visitors can use the information system facilities safely and with confidence anytime and anywhere. After critically reviewing security and data transmission methods, a new hybrid method was proposed to be implemented on EMR systems. This method will enhance the robustness, security, and integration of EMR systems. The hybrid of simple object access protocol/extensible markup language (XML) with advanced encryption standard and secure hash algorithm version 1 has achieved the security requirements of an EMR system with the capability of integrating with other systems through the design of XML messages.

Information security system quality assessment through the intelligent tools

NASA Astrophysics Data System (ADS)

Trapeznikov, E. V.

2018-04-01

The technology development has shown the automated system information security comprehensive analysis necessity. The subject area analysis indicates the study relevance. The research objective is to develop the information security system quality assessment methodology based on the intelligent tools. The basis of the methodology is the information security assessment model in the information system through the neural network. The paper presents the security assessment model, its algorithm. The methodology practical implementation results in the form of the software flow diagram are represented. The practical significance of the model being developed is noted in conclusions.

[The comparative evaluation of level of security culture in medical organizations].

PubMed

Roitberg, G E; Kondratova, N V; Galanina, E V

2016-01-01

The study was carried out on the basis of clinic “Medicine” in 2014-2015 concerning security culture. The sampling included 465 filled HSPSC questionnaires. The comparative analysis of received was implemented. The “Zubovskaia district hospital” Having no accreditation according security standards and group of clinics from USA functioning for many years in the system of patient security support were selected as objects for comparison. The evaluation was implemented concerning dynamics of security culture in organization at implementation of strategies of security of patients during 5 years and comparison of obtained results with USA clinics was made. The study results demonstrated that in conditions of absence of implemented standards of security in medical organization total evaluation of security remains extremely low. The study of security culture using HSPSC questionnaire is an effective tool for evaluating implementation of various strategies of security ofpatient. The functioning in the system of international standards of quality, primarily JCI standards, permits during several years to achieve high indices of security culture.

Complexity Studies and Security in the Complex World: An Epistemological Framework of Analysis

NASA Astrophysics Data System (ADS)

Mesjasz, Czeslaw

The impact of systems thinking can be found in numerous security-oriented research, beginning from the early works on international system: Pitrim Sorokin, Quincy Wright, first models of military conflict and war: Frederick Lanchester, Lewis F. Richardson, national and military security (origins of RAND Corporation), through development of game theory-based conflict studies, International Relations, classical security studies of Morton A. Kaplan, Karl W. Deutsch [Mesjasz 1988], and ending with contemporary ideas of broadened concepts of security proposed by the Copenhagen School [Buzan et al 1998]. At present it may be even stated that the new military and non-military threats to contemporary complex society, such as low-intensity conflicts, regional conflicts, terrorism, environmental disturbances, etc. cannot be embraced without ideas taken from modern complex systems studies.

A secure communication using cascade chaotic computing systems on clinical decision support.

PubMed

Koksal, Ahmet Sertol; Er, Orhan; Evirgen, Hayrettin; Yumusak, Nejat

2016-06-01

Clinical decision support systems (C-DSS) provide supportive tools to the expert for the determination of the disease. Today, many of the support systems, which have been developed for a better and more accurate diagnosis, have reached a dynamic structure due to artificial intelligence techniques. However, in cases when important diagnosis studies should be performed in secret, a secure communication system is required. In this study, secure communication of a DSS is examined through a developed double layer chaotic communication system. The developed communication system consists of four main parts: random number generator, cascade chaotic calculation layer, PCM, and logical mixer layers. Thanks to this system, important patient data created by DSS will be conveyed to the center through a secure communication line.

Quality of protection evaluation of security mechanisms.

PubMed

Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

2014-01-01

Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol.

Disaster at a University: A Case Study in Information Security

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Tyks, Jonathan

2012-01-01

Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

C2 Link Security for UAS: Technical Literature Study and Preliminary Functional Requirements. Version 0.9 (Working Draft)

NASA Technical Reports Server (NTRS)

2005-01-01

This document provides a study of the technical literature related to Command and Control (C2) link security for Unmanned Aircraft Systems (UAS) for operation in the National Airspace System (NAS). Included is a preliminary set of functional requirements for C2 link security.

Turning Access into a web-enabled secure information system for clinical trials.

PubMed

Dongquan Chen; Chen, Wei-Bang; Soong, Mayhue; Soong, Seng-Jaw; Orthner, Helmuth F

2009-08-01

Organizations that have limited resources need to conduct clinical studies in a cost-effective, but secure way. Clinical data residing in various individual databases need to be easily accessed and secured. Although widely available, digital certification, encryption, and secure web server, have not been implemented as widely, partly due to a lack of understanding of needs and concerns over issues such as cost and difficulty in implementation. The objective of this study was to test the possibility of centralizing various databases and to demonstrate ways of offering an alternative to a large-scale comprehensive and costly commercial product, especially for simple phase I and II trials, with reasonable convenience and security. We report a working procedure to transform and develop a standalone Access database into a secure Web-based secure information system. For data collection and reporting purposes, we centralized several individual databases; developed, and tested a web-based secure server using self-issued digital certificates. The system lacks audit trails. The cost of development and maintenance may hinder its wide application. The clinical trial databases scattered in various departments of an institution could be centralized into a web-enabled secure information system. The limitations such as the lack of a calendar and audit trail can be partially addressed with additional programming. The centralized Web system may provide an alternative to a comprehensive clinical trial management system.

Integrated assessment and scenarios simulation of urban water security system in the southwest of China with system dynamics analysis.

PubMed

Yin, Su; Dongjie, Guan; Weici, Su; Weijun, Gao

2017-11-01

The demand for global freshwater is growing, while global freshwater available for human use is limited within a certain time and space. Its security has significant impacts on both the socio-economic system and ecological system. Recently, studies have focused on the urban water security system (UWSS) in terms of either water quantity or water quality. In this study, water resources, water environment, and water disaster issues in the UWSS were combined to establish an evaluation index system with system dynamics (SD) and geographic information systems (GIS). The GIS method performs qualitative analysis from the perspective of the spatial dimension; meanwhile, the SD method performs quantitative calculation about related water security problems from the perspective of the temporal dimension. We established a UWSS model for Guizhou province, China to analyze influencing factors, main driving factors, and system variation law, by using the SD method. We simulated the water security system from 2005 to 2025 under four scenarios (Guiyang scenario, Zunyi scenario, Bijie scenario and combined scenario). The results demonstrate that: (1) the severity of water security in cities is ranked as follows: three cities are secure in Guizhou province, four cities are in basic security and two cities are in a situation of insecurity from the spatial dimension of GIS through water security synthesis; and (2) the major driving factors of UWSS in Guizhou province include agricultural irrigation water demand, soil and water losses area, a ratio increase to the standard of water quality, and investment in environmental protection. A combined scenario is the best solution for UWSS by 2025 in Guizhou province under the four scenarios from the temporal dimension of SD. The results of this study provide a useful suggestion for the management of freshwater for the cities of Guizhou province in southwest China.

A cross-case comparative analysis of international security forces' impacts on health systems in conflict-affected and fragile states.

PubMed

Bourdeaux, Margaret; Kerry, Vanessa; Haggenmiller, Christian; Nickel, Karlheinz

2015-01-01

Destruction of health systems in fragile and conflict-affected states increases civilian mortality. Despite the size, scope, scale and political influence of international security forces intervening in fragile states, little attention has been paid to array of ways they may impact health systems beyond their effects on short-term humanitarian health aid delivery. Using case studies we published on international security forces' impacts on health systems in Haiti, Kosovo, Afghanistan and Libya, we conducted a comparative analysis that examined three questions: What aspects, or building blocks, of health systems did security forces impact across the cases and what was the nature of these impacts? What forums or mechanisms did international security forces use to interact with health system actors? What policies facilitated or hindered security forces from supporting health systems? We found international security forces impacted health system governance, information systems and indigenous health delivery organizations. Positive impacts included bolstering the authority, transparency and capability of health system leadership. Negative impacts included undermining the impartial nature of indigenous health institutions by using health projects to achieve security objectives. Interactions between security and health actors were primarily ad hoc, often to the detriment of health system support efforts. When international security forces were engaged in health system support activities, the most helpful communication and consultative mechanisms to manage their involvement were ones that could address a wide array of problems, were nimble enough to accommodate rapidly changing circumstances, leveraged the power of personal relationships, and were able to address the tensions that arose between security and health system supporting strategies. Policy barriers to international security organizations participating in health system support included lack of mandate, conflicts between security strategies and health system preservation, and lack of interoperability between security and indigenous health organizations with respect to logistics and sharing information. The cases demonstrate both the opportunities and risks of international security organizations involvement in health sector protection, recovery and reconstruction. We discuss two potential approaches to engaging these organizations in health system support that may increase the chances of realizing these opportunities while mitigating risks.

Information security requirements in patient-centred healthcare support systems.

PubMed

Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

2013-01-01

Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

The research of network database security technology based on web service

NASA Astrophysics Data System (ADS)

Meng, Fanxing; Wen, Xiumei; Gao, Liting; Pang, Hui; Wang, Qinglin

2013-03-01

Database technology is one of the most widely applied computer technologies, its security is becoming more and more important. This paper introduced the database security, network database security level, studies the security technology of the network database, analyzes emphatically sub-key encryption algorithm, applies this algorithm into the campus-one-card system successfully. The realization process of the encryption algorithm is discussed, this method is widely used as reference in many fields, particularly in management information system security and e-commerce.

Company's Data Security - Case Study

NASA Astrophysics Data System (ADS)

Stera, Piotr

This paper describes a computer network and data security problems in an existing company. Two main issues were pointed out: data loss protection and uncontrolled data copying. Security system was designed and implemented. The system consists of many dedicated programs. This system protect from data loss and detected unauthorized file copying from company's server by a dishonest employee.

Quality of Protection Evaluation of Security Mechanisms

PubMed Central

Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

2014-01-01

Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol. PMID:25136683

Managing the Security of Nursing Data in the Electronic Health Record

PubMed Central

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-01-01

Background: The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. Methods: This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts’ opinions and Cronbach’s alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. Results: The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Conclusions: Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research. PMID:25870490

Managing the security of nursing data in the electronic health record.

PubMed

Samadbeik, Mahnaz; Gorzin, Zahra; Khoshkam, Masomeh; Roudbari, Masoud

2015-02-01

The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security. This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts' opinions and Cronbach's alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics. The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants. Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research.

Design and Development of Layered Security: Future Enhancements and Directions in Transmission

PubMed Central

Shahzad, Aamir; Lee, Malrey; Kim, Suntae; Kim, Kangmin; Choi, Jae-Young; Cho, Younghwa; Lee, Keun-Kwang

2016-01-01

Today, security is a prominent issue when any type of communication is being undertaken. Like traditional networks, supervisory control and data acquisition (SCADA) systems suffer from a number of vulnerabilities. Numerous end-to-end security mechanisms have been proposed for the resolution of SCADA-system security issues, but due to insecure real-time protocol use and the reliance upon open protocols during Internet-based communication, these SCADA systems can still be compromised by security challenges. This study reviews the security challenges and issues that are commonly raised during SCADA/protocol transmissions and proposes a secure distributed-network protocol version 3 (DNP3) design, and the implementation of the security solution using a cryptography mechanism. Due to the insecurities found within SCADA protocols, the new development consists of a DNP3 protocol that has been designed as a part of the SCADA system, and the cryptographically derived security is deployed within the application layer as a part of the DNP3 stack. PMID:26751443

Design and Development of Layered Security: Future Enhancements and Directions in Transmission.

PubMed

Shahzad, Aamir; Lee, Malrey; Kim, Suntae; Kim, Kangmin; Choi, Jae-Young; Cho, Younghwa; Lee, Keun-Kwang

2016-01-06

Today, security is a prominent issue when any type of communication is being undertaken. Like traditional networks, supervisory control and data acquisition (SCADA) systems suffer from a number of vulnerabilities. Numerous end-to-end security mechanisms have been proposed for the resolution of SCADA-system security issues, but due to insecure real-time protocol use and the reliance upon open protocols during Internet-based communication, these SCADA systems can still be compromised by security challenges. This study reviews the security challenges and issues that are commonly raised during SCADA/protocol transmissions and proposes a secure distributed-network protocol version 3 (DNP3) design, and the implementation of the security solution using a cryptography mechanism. Due to the insecurities found within SCADA protocols, the new development consists of a DNP3 protocol that has been designed as a part of the SCADA system, and the cryptographically derived security is deployed within the application layer as a part of the DNP3 stack.

Prototype of smart office system using based security system

NASA Astrophysics Data System (ADS)

Prasetyo, T. F.; Zaliluddin, D.; Iqbal, M.

2018-05-01

Creating a new technology in the modern era gives a positive impact on business and industry. Internet of Things (IoT) as a new communication technology is very useful in realizing smart systems such as: smart home, smart office, smart parking and smart city. This study presents a prototype of the smart office system which was designed as a security system based on IoT. Smart office system development method used waterfall model. IoT-based smart office system used platform (project builder) cayenne so that. The data can be accessed and controlled through internet network from long distance. Smart office system used arduino mega 2560 microcontroller as a controller component. In this study, Smart office system is able to detect threats of dangerous objects made from metals, earthquakes, fires, intruders or theft and perform security monitoring outside the building by using raspberry pi cameras on autonomous robots in real time to the security guard.

Social Security.

ERIC Educational Resources Information Center

Social and Labour Bulletin, 1983

1983-01-01

This group of articles discusses a variety of studies related to social security and retirement benefits. These studies are related to both developing and developed nations and are also concerned with studying work conditions and government role in administering a democratic social security system. (SSH)

A novel wireless local positioning system for airport (indoor) security

NASA Astrophysics Data System (ADS)

Zekavat, Seyed A.; Tong, Hui; Tan, Jindong

2004-09-01

A novel wireless local positioning system (WLPS) for airport (or indoor) security is introduced. This system is used by airport (indoor) security guards to locate all of, or a group of airport employees or passengers within the airport area. WLPS consists of two main parts: (1) a base station that is carried by security personnel; hence, introducing dynamic base station (DBS), and (2) a transponder (TRX) that is mounted on all people (including security personnel) present at the airport; thus, introducing them as active targets. In this paper, we (a) draw a futuristic view of the airport security systems, and the flow of information at the airports, (b) investigate the techniques of extending WLPS coverage area beyond the line-of-sight (LoS), and (c) study the performance of this system via standard transceivers, and direct sequence code division multiple access (DS-CDMA) systems with and without antenna arrays and conventional beamforming (BF).

Network systems security analysis

NASA Astrophysics Data System (ADS)

Yilmaz, Ä.°smail

2015-05-01

Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

Efficient Data Transfer Rate and Speed of Secured Ethernet Interface System.

PubMed

Ghanti, Shaila; Naik, G M

2016-01-01

Embedded systems are extensively used in home automation systems, small office systems, vehicle communication systems, and health service systems. The services provided by these systems are available on the Internet and these services need to be protected. Security features like IP filtering, UDP protection, or TCP protection need to be implemented depending on the specific application used by the device. Every device on the Internet must have network interface. This paper proposes the design of the embedded Secured Ethernet Interface System to protect the service available on the Internet against the SYN flood attack. In this experimental study, Secured Ethernet Interface System is customized to protect the web service against the SYN flood attack. Secured Ethernet Interface System is implemented on ALTERA Stratix IV FPGA as a system on chip and uses the modified SYN flood attack protection method. The experimental results using Secured Ethernet Interface System indicate increase in number of genuine clients getting service from the server, considerable improvement in the data transfer rate, and better response time during the SYN flood attack.

Efficient Data Transfer Rate and Speed of Secured Ethernet Interface System

PubMed Central

Ghanti, Shaila

2016-01-01

Embedded systems are extensively used in home automation systems, small office systems, vehicle communication systems, and health service systems. The services provided by these systems are available on the Internet and these services need to be protected. Security features like IP filtering, UDP protection, or TCP protection need to be implemented depending on the specific application used by the device. Every device on the Internet must have network interface. This paper proposes the design of the embedded Secured Ethernet Interface System to protect the service available on the Internet against the SYN flood attack. In this experimental study, Secured Ethernet Interface System is customized to protect the web service against the SYN flood attack. Secured Ethernet Interface System is implemented on ALTERA Stratix IV FPGA as a system on chip and uses the modified SYN flood attack protection method. The experimental results using Secured Ethernet Interface System indicate increase in number of genuine clients getting service from the server, considerable improvement in the data transfer rate, and better response time during the SYN flood attack. PMID:28116350

Development of building security integration system using sensors, microcontroller and GPS (Global Positioning System) based android smartphone

NASA Astrophysics Data System (ADS)

Sihombing, P.; Siregar, Y. M.; Tarigan, J. T.; Jaya, I.; Turnip, A.

2018-03-01

Security system is one of the common problems to protect an environment such as personal house or a warehouse. There are numerous methods and technologies that can be used as part of a security system. In this paper, we present a security system that offers a better efficiency. The purpose of this study is to build a system that can monitor home security at any time in particular fire and theft. Through sensors, the system will be able to provide warning information of hazard conditions via LCD monitor, sound, and alarm. This information will be sent automatically to the home owner’s smartphone as well as to the corresponding to the security agency. Thus the prevention of theft and fire hazards can be immediately anticipated by the police and firefighters. The system will also notify the position of the coordinates of the location of the building (the house) by a link to the Google map in order to make it easier to get the location quickly.

Tag ID Subdivision Scheme for Efficient Authentication and Security-Enhancement of RFID System in USN

NASA Astrophysics Data System (ADS)

Lee, Kijeong; Park, Byungjoo; Park, Gil-Cheol

Radio frequency identification (RFID) is a generic term that is used to describe a system that transmits the identity (in the form of a unique serial number) of an object or person wirelessly, using radio waves. However, there are security threats in the RFID system related to its technical components. For example, illegal RFID tag readers can read tag ID and recognize most RFID Readers, a security threat that needs in-depth attention. Previous studies show some ideas on how to minimize these security threats like studying the security protocols between tag, reader and Back-end DB. In this research, the team proposes an RFID Tag ID Subdivision Scheme to authenticate the permitted tag only in USN (Ubiquitous Sensor Network). Using the proposed scheme, the Back-end DB authenticates selected tags only to minimize security threats like eavesdropping and decreasing traffic in Back-end DB.

Sustainable Food Security Measurement: A Systemic Methodology

NASA Astrophysics Data System (ADS)

Findiastuti, W.; Singgih, M. L.; Anityasari, M.

2017-04-01

Sustainable food security measures how a region provides food for its people without endangered the environment. In Indonesia, it was legally measured in Food Security and Vulnerability (FSVA). However, regard to sustainable food security policy, the measurement has not encompassed the environmental aspect. This will lead to lack of environmental aspect information for adjusting the next strategy. This study aimed to assess Sustainable Food security by encompassing both food security and environment aspect using systemic eco-efficiency. Given existing indicator of cereal production level, total emission as environment indicator was generated by constructing Causal Loop Diagram (CLD). Then, a stock-flow diagram was used to develop systemic simulation model. This model was demonstrated for Indonesian five provinces. The result showed there was difference between food security order with and without environmental aspect assessment.

Immune Inspired Security Approach for Manets: a Case Study

NASA Astrophysics Data System (ADS)

Mohamed, Yasir Abdelgadir

2011-06-01

This paper extends the work that has earlier been established. Immune inspired approach for securing mobile ad hoc networks is specified there. Although it is clearly indicated there that the research scope is the wireless networks in general and hybrid mobile ad hoc networks in particular, we have seen that specifying the security system in one of the communications applications that need further security approach may help to understand how effectively the system can contribute to this vital and important networks sector. Security in this type of networks is important and controversial as it plays a key role in users' eagerness or reluctance for the services provided by these networks. In this paper, the immune inspired security system is specified to secure web services in converged networks.

Cyber security with radio frequency interferences mitigation study for satellite systems

NASA Astrophysics Data System (ADS)

Wang, Gang; Wei, Sixiao; Chen, Genshe; Tian, Xin; Shen, Dan; Pham, Khanh; Nguyen, Tien M.; Blasch, Erik

2016-05-01

Satellite systems including the Global Navigation Satellite System (GNSS) and the satellite communications (SATCOM) system provide great convenience and utility to human life including emergency response, wide area efficient communications, and effective transportation. Elements of satellite systems incorporate technologies such as navigation with the global positioning system (GPS), satellite digital video broadcasting, and information transmission with a very small aperture terminal (VSAT), etc. The satellite systems importance is growing in prominence with end users' requirement for globally high data rate transmissions; the cost reduction of launching satellites; development of smaller sized satellites including cubesat, nanosat, picosat, and femtosat; and integrating internet services with satellite networks. However, with the promising benefits, challenges remain to fully develop secure and robust satellite systems with pervasive computing and communications. In this paper, we investigate both cyber security and radio frequency (RF) interferences mitigation for satellite systems, and demonstrate that they are not isolated. The action space for both cyber security and RF interferences are firstly summarized for satellite systems, based on which the mitigation schemes for both cyber security and RF interferences are given. A multi-layered satellite systems structure is provided with cross-layer design considering multi-path routing and channel coding, to provide great security and diversity gains for secure and robust satellite systems.

Safe teleradiology: information assurance as project planning methodology.

PubMed

Collmann, Jeff; Alaoui, Adil; Nguyen, Dan; Lindisch, David

2005-01-01

The Georgetown University Medical Center Department of Radiology used a tailored version of OCTAVE, a self-directed information security risk assessment method, to design a teleradiology system that complied with the regulation implementing the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The system addressed threats to and vulnerabilities in the privacy and security of protected health information. By using OCTAVE, Georgetown identified the teleradiology program's critical assets, described threats to the assurance of those assets, developed and ran vulnerability scans of a system pilot, evaluated the consequences of security breaches, and developed a risk management plan to mitigate threats to program assets, thereby implementing good information assurance practices. This case study illustrates the basic point that prospective, comprehensive planning to protect the privacy and security of an information system strategically benefits program management as well as system security.

The Building Blocks of School Security.

ERIC Educational Resources Information Center

Funck, Gary

1999-01-01

Few schools command the funding to shift from zero security to updated closed-circuit TV systems. Cost-effective school security identification cards, which provide a rapid means of identifying those belonging on campus, can be integrated with administrative systems to track attendance, age, subject studied, and other vital statistics. (MLH)

Design of a Forecasting Service System for Monitoring of Vulnerabilities of Sensor Networks

NASA Astrophysics Data System (ADS)

Song, Jae-Gu; Kim, Jong Hyun; Seo, Dong Il; Kim, Seoksoo

This study aims to reduce security vulnerabilities of sensor networks which transmit data in an open environment by developing a forecasting service system. The system is to remove or monitor causes of breach incidents in advance. To that end, this research first examines general security vulnerabilities of sensor networks and analyzes characteristics of existing forecasting systems. Then, 5 steps of a forecasting service system are proposed in order to improve security responses.

A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

ERIC Educational Resources Information Center

Francois, Michael T.

2016-01-01

Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

Identifying the Key Weaknesses in Network Security at Colleges.

ERIC Educational Resources Information Center

Olsen, Florence

2000-01-01

A new study identifies and ranks the 10 security gaps responsible for most outsider attacks on college computer networks. The list is intended to help campus system administrators establish priorities as they work to increase security. One network security expert urges that institutions utilize multiple security layers. (DB)

Health information security: a case study of three selected medical centers in iran.

PubMed

Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas

2013-03-01

Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients' electronic records and health information systems have become a source for hackers. This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts' points of view. Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of "verification and system design, user access management, access control system", Al Zahra Hospital in two indicators of "access management and network access control" and Amin Hospital in "equipment safety and system design". In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place.

Assessment on security system of radioactive sources used in hospitals of Thailand

NASA Astrophysics Data System (ADS)

Jitbanjong, Petchara; Wongsawaeng, Doonyapong

2016-01-01

Unsecured radioactive sources have caused deaths and serious injuries in many parts of the world. In Thailand, there are 17 hospitals that use teletherapy with cobalt-60 radioactive sources. They need to be secured in order to prevent unauthorized removal, sabotage and terrorists from using such materials in a radiological weapon. The security system of radioactive sources in Thailand is regulated by the Office of Atoms for Peace in compliance with Global Threat Reduction Initiative (GTRI), U.S. DOE, which has started to be implemented since 2010. This study aims to perform an assessment on the security system of radioactive sources used in hospitals in Thailand and the results can be used as a recommended baseline data for development or improvement of hospitals on the security system of a radioactive source at a national regulatory level and policy level. Results from questionnaires reveal that in 11 out of 17 hospitals (64.70%), there were a few differences in conditions of hospitals using radioactive sources with installation of the security system and those without installation of the security system. Also, personals working with radioactive sources did not clearly understand the nuclear security law. Thus, government organizations should be encouraged to arrange trainings on nuclear security to increase the level of understanding. In the future, it is recommended that the responsible government organization issues a minimum requirement of nuclear security for every medical facility using radioactive sources.

Endogenous fertility, altruistic behavior across generations, and social security systems.

PubMed

Prinz, A

1990-01-01

This study examines the possible link between the existence of a pay-as-you-go social security program and individual procreative behavior. When a public old-age income support system takes the place of within-family support, the theoretical literature preducts that fertility rates will decline since children are no longer perceived as important to the old age security of the parents. The author takes up this theoretical problem and examines it through three different but related issues: optimal capital accumulation, optimal population growth and the role of social institutions affecting efficient intergenerational allocations. Econometric analysis employing a steady state growth model is used. Altruism between generations is studied for effect on the standard model. The model shows that for social optimum the per capita pension is related to the growth rate of the population, therefore, for society as a whole, children are investment goods. However, given the existence of a social security system, it is in each household's best interest to have no children at all. Only a government transfer, a child allowance to parents, changes the model and fertility rates. When modified to account for "caring" the model demonstrates that altruistic behavior between generations is not symmetrical. The study concludes that a pay-as-you-go funded social security system should be supplemented by a system of child allowances or replaced by a fully funded social security system.

Green Secure Processors: Towards Power-Efficient Secure Processor Design

NASA Astrophysics Data System (ADS)

Chhabra, Siddhartha; Solihin, Yan

With the increasing wealth of digital information stored on computer systems today, security issues have become increasingly important. In addition to attacks targeting the software stack of a system, hardware attacks have become equally likely. Researchers have proposed Secure Processor Architectures which utilize hardware mechanisms for memory encryption and integrity verification to protect the confidentiality and integrity of data and computation, even from sophisticated hardware attacks. While there have been many works addressing performance and other system level issues in secure processor design, power issues have largely been ignored. In this paper, we first analyze the sources of power (energy) increase in different secure processor architectures. We then present a power analysis of various secure processor architectures in terms of their increase in power consumption over a base system with no protection and then provide recommendations for designs that offer the best balance between performance and power without compromising security. We extend our study to the embedded domain as well. We also outline the design of a novel hybrid cryptographic engine that can be used to minimize the power consumption for a secure processor. We believe that if secure processors are to be adopted in future systems (general purpose or embedded), it is critically important that power issues are considered in addition to performance and other system level issues. To the best of our knowledge, this is the first work to examine the power implications of providing hardware mechanisms for security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Davida, G.I.; Frankel, Y.; Matt, B.J.

In developing secure applications and systems, the designers often must incorporate secure user identification in the design specification. In this paper, the authors study secure off line authenticated user identification schemes based on a biometric system that can measure a user`s biometric accurately (up to some Hamming distance). The schemes presented here enhance identification and authorization in secure applications by binding a biometric template with authorization information on a token such as a magnetic strip. Also developed here are schemes specifically designed to minimize the compromise of a user`s private biometrics data, encapsulated in the authorization information, without requiring securemore » hardware tokens. In this paper the authors furthermore study the feasibility of biometrics performing as an enabling technology for secure system and application design. The authors investigate a new technology which allows a user`s biometrics to facilitate cryptographic mechanisms.« less

Are participants concerned about privacy and security when using short message service to report product adherence in a rectal microbicide trial?

PubMed

Giguere, Rebecca; Brown, William; Balán, Ivan C; Dolezal, Curtis; Ho, Titcha; Sheinfil, Alan; Ibitoye, Mobolaji; Lama, Javier R; McGowan, Ian; Cranston, Ross D; Carballo-Diéguez, Alex

2018-04-01

During a Phase 2 rectal microbicide trial, men who have sex with men and transgender women (n = 187) in 4 countries (Peru, South Africa, Thailand, United States) reported product use daily via short message service (SMS). To prevent disclosure of study participation, the SMS system program included privacy and security features. We evaluated participants' perceptions of privacy while using the system and acceptability of privacy/security features. To protect privacy, the SMS system: (1) confirmed participant availability before sending the study questions, (2) required a password, and (3) did not reveal product name or study participation. To ensure security, the system reminded participants to lock phone/delete messages. A computer-assisted self-interview (CASI), administered at the final visit, measured burden of privacy and security features and SMS privacy concerns. A subsample of 33 participants underwent an in-depth interview (IDI). Based on CASI, 85% had no privacy concerns; only 5% were very concerned. Most were not bothered by the need for a password (73%) or instructions to delete messages (82%). Based on IDI, reasons for low privacy concerns included sending SMS in private or feeling that texting would not draw attention. A few IDI participants found the password unnecessary and more than half did not delete messages. Most participants were not concerned that the SMS system would compromise their confidentiality. SMS privacy and security features were effective and not burdensome. Short ID-related passwords, ambiguous language, and reminders to implement privacy and security-enhancing behaviors are recommended for SMS systems.

Secure voice for mobile satellite applications

NASA Technical Reports Server (NTRS)

Vaisnys, Arvydas; Berner, Jeff

1990-01-01

The initial system studies are described which were performed at JPL on secure voice for mobile satellite applications. Some options are examined for adapting existing Secure Telephone Unit III (STU-III) secure telephone equipment for use over a digital mobile satellite link, as well as for the evolution of a dedicated secure voice mobile earth terminal (MET). The work has included some lab and field testing of prototype equipment. The work is part of an ongoing study at JPL for the National Communications System (NCS) on the use of mobile satellites for emergency communications. The purpose of the overall task is to identify and enable the technologies which will allow the NCS to use mobile satellite services for its National Security Emergency Preparedness (NSEP) communications needs. Various other government agencies will also contribute to a mobile satellite user base, and for some of these, secure communications will be an essential feature.

Acquisition Systems Protection Planning the Manhatten Project: A Case Study

DTIC Science & Technology

1994-06-03

This study examines the counterintelligence and security programs of the Manhattan Project , the United States acquisition of the atomic bomb, using...assessment methodology and counterintelligence techniques and procedures. Acquisition systems, Program protection, Manhattan Project , Atomic bomb, Technology protection, Counterintelligence, Security.

Security for safety critical space borne systems

NASA Technical Reports Server (NTRS)

Legrand, Sue

1987-01-01

The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

Airport Managers' Perspectives on Security and Safety Management Systems in Aviation Operations: A Multiple Case Study

NASA Astrophysics Data System (ADS)

Brown, Willie L., Jr.

Global terrorism continues to persist despite the great efforts of various countries to protect and safely secure their citizens. As airports form the entry and exit ports of a country, they are one of the most vulnerable locations to terror attacks. Managers of international airports constantly face similar challenges in developing and implementing airport security protocols. Consequently, the technological advances of today have brought both positive and negative impacts on security and terrorism of airports, which are mostly managed by the airport managers. The roles of the managers have greatly increased over the years due to technological advances. The developments in technology have had different roles in security, both in countering terrorism and, at the same time, increasing the communication methods of the terrorists. The purpose of this qualitative multiple case study was to investigate the perspectives of airport managers with regard to societal security and social interactions in the socio-technical systems of the National Terrorism Advisory System (NTAS). Through the data gained regarding managers' perception and experiences, the researcher hoped to enable the development of security measures and policies that are appropriate for airports as socio-technical systems. The researcher conducted interviews with airport managers to gather relevant data to fulfill the rationale of the study. Ten to twelve airport managers based in three commercial aviation airports in Maryland, United States participated in the study. The researcher used a qualitative thematic analysis procedure to analyze the data responses of participants in the interview sessions.

Security issues of Internet-based biometric authentication systems: risks of Man-in-the-Middle and BioPhishing on the example of BioWebAuth

NASA Astrophysics Data System (ADS)

Zeitz, Christian; Scheidat, Tobias; Dittmann, Jana; Vielhauer, Claus; González Agulla, Elisardo; Otero Muras, Enrique; García Mateo, Carmen; Alba Castro, José L.

2008-02-01

Beside the optimization of biometric error rates the overall security system performance in respect to intentional security attacks plays an important role for biometric enabled authentication schemes. As traditionally most user authentication schemes are knowledge and/or possession based, firstly in this paper we present a methodology for a security analysis of Internet-based biometric authentication systems by enhancing known methodologies such as the CERT attack-taxonomy with a more detailed view on the OSI-Model. Secondly as proof of concept, the guidelines extracted from this methodology are strictly applied to an open source Internet-based biometric authentication system (BioWebAuth). As case studies, two exemplary attacks, based on the found security leaks, are investigated and the attack performance is presented to show that during the biometric authentication schemes beside biometric error performance tuning also security issues need to be addressed. Finally, some design recommendations are given in order to ensure a minimum security level.

Security and privacy in electronic health records: a systematic literature review.

PubMed

Fernández-Alemán, José Luis; Señor, Inmaculada Carrión; Lozoya, Pedro Ángel Oliver; Toval, Ambrosio

2013-06-01

To report the results of a systematic literature review concerning the security and privacy of electronic health record (EHR) systems. Original articles written in English found in MEDLINE, ACM Digital Library, Wiley InterScience, IEEE Digital Library, Science@Direct, MetaPress, ERIC, CINAHL and Trip Database. Only those articles dealing with the security and privacy of EHR systems. The extraction of 775 articles using a predefined search string, the outcome of which was reviewed by three authors and checked by a fourth. A total of 49 articles were selected, of which 26 used standards or regulations related to the privacy and security of EHR data. The most widely used regulations are the Health Insurance Portability and Accountability Act (HIPAA) and the European Data Protection Directive 95/46/EC. We found 23 articles that used symmetric key and/or asymmetric key schemes and 13 articles that employed the pseudo anonymity technique in EHR systems. A total of 11 articles propose the use of a digital signature scheme based on PKI (Public Key Infrastructure) and 13 articles propose a login/password (seven of them combined with a digital certificate or PIN) for authentication. The preferred access control model appears to be Role-Based Access Control (RBAC), since it is used in 27 studies. Ten of these studies discuss who should define the EHR systems' roles. Eleven studies discuss who should provide access to EHR data: patients or health entities. Sixteen of the articles reviewed indicate that it is necessary to override defined access policies in the case of an emergency. In 25 articles an audit-log of the system is produced. Only four studies mention that system users and/or health staff should be trained in security and privacy. Recent years have witnessed the design of standards and the promulgation of directives concerning security and privacy in EHR systems. However, more work should be done to adopt these regulations and to deploy secure EHR systems. Copyright © 2013 Elsevier Inc. All rights reserved.

Security Frameworks for Machine-to-Machine Devices and Networks

NASA Astrophysics Data System (ADS)

Demblewski, Michael

Attacks against mobile systems have escalated over the past decade. There have been increases of fraud, platform attacks, and malware. The Internet of Things (IoT) offers a new attack vector for Cybercriminals. M2M contributes to the growing number of devices that use wireless systems for Internet connection. As new applications and platforms are created, old vulnerabilities are transferred to next-generation systems. There is a research gap that exists between the current approaches for security framework development and the understanding of how these new technologies are different and how they are similar. This gap exists because system designers, security architects, and users are not fully aware of security risks and how next-generation devices can jeopardize safety and personal privacy. Current techniques, for developing security requirements, do not adequately consider the use of new technologies, and this weakens countermeasure implementations. These techniques rely on security frameworks for requirements development. These frameworks lack a method for identifying next generation security concerns and processes for comparing, contrasting and evaluating non-human device security protections. This research presents a solution for this problem by offering a novel security framework that is focused on the study of the "functions and capabilities" of M2M devices and improves the systems development life cycle for the overall IoT ecosystem.

State of Maryland Intelligent Transportation Systems: Security and Implementation Recommendations.

DOT National Transportation Integrated Search

1997-11-01

At the direction of the Volpe National Transportation Systems Center of the US Department of Transportation (US DOT), a two-phase study of the security vulnerability of Maryland Intelligent Transportation Systems (ITS) was conducted from July until N...

Assessment on security system of radioactive sources used in hospitals of Thailand

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jitbanjong, Petchara, E-mail: petcharajit@gmail.com; Wongsawaeng, Doonyapong

Unsecured radioactive sources have caused deaths and serious injuries in many parts of the world. In Thailand, there are 17 hospitals that use teletherapy with cobalt-60 radioactive sources. They need to be secured in order to prevent unauthorized removal, sabotage and terrorists from using such materials in a radiological weapon. The security system of radioactive sources in Thailand is regulated by the Office of Atoms for Peace in compliance with Global Threat Reduction Initiative (GTRI), U.S. DOE, which has started to be implemented since 2010. This study aims to perform an assessment on the security system of radioactive sources usedmore » in hospitals in Thailand and the results can be used as a recommended baseline data for development or improvement of hospitals on the security system of a radioactive source at a national regulatory level and policy level. Results from questionnaires reveal that in 11 out of 17 hospitals (64.70%), there were a few differences in conditions of hospitals using radioactive sources with installation of the security system and those without installation of the security system. Also, personals working with radioactive sources did not clearly understand the nuclear security law. Thus, government organizations should be encouraged to arrange trainings on nuclear security to increase the level of understanding. In the future, it is recommended that the responsible government organization issues a minimum requirement of nuclear security for every medical facility using radioactive sources.« less

Computer Security in the Introductory Business Information Systems Course: An Exploratory Study of Textbook Coverage

ERIC Educational Resources Information Center

Sousa, Kenneth J.; MacDonald, Laurie E.; Fougere, Kenneth T.

2005-01-01

The authors conducted an evaluation of Management Information Systems (MIS) textbooks and found that computer security receives very little in-depth coverage. The textbooks provide, at best, superficial treatment of security issues. The research results suggest that MIS faculty need to provide material to supplement the textbook to provide…

A feasibility study of evaluating transportation security systems and associated multi-modal efficiency impacts

DOT National Transportation Integrated Search

2006-08-01

The overall purpose of this research project is to conduct a feasibility study and development of a general methodology to determine the impacts on multi-modal and system efficiency of alternative freight security measures. The methodology to be exam...

Distributed Secure Coordinated Control for Multiagent Systems Under Strategic Attacks.

PubMed

Feng, Zhi; Wen, Guanghui; Hu, Guoqiang

2017-05-01

This paper studies a distributed secure consensus tracking control problem for multiagent systems subject to strategic cyber attacks modeled by a random Markov process. A hybrid stochastic secure control framework is established for designing a distributed secure control law such that mean-square exponential consensus tracking is achieved. A connectivity restoration mechanism is considered and the properties on attack frequency and attack length rate are investigated, respectively. Based on the solutions of an algebraic Riccati equation and an algebraic Riccati inequality, a procedure to select the control gains is provided and stability analysis is studied by using Lyapunov's method.. The effect of strategic attacks on discrete-time systems is also investigated. Finally, numerical examples are provided to illustrate the effectiveness of theoretical analysis.

On determining specifications and selections of alternative technologies for airport checked-baggage security screening.

PubMed

Feng, Qianmei

2007-10-01

Federal law mandates that every checked bag at all commercial airports be screened by explosive detection systems (EDS), explosive trace detection systems (ETD), or alternative technologies. These technologies serve as critical components of airport security systems that strive to reduce security risks at both national and global levels. To improve the operational efficiency and airport security, emerging image-based technologies have been developed, such as dual-energy X-ray (DX), backscatter X-ray (BX), and multiview tomography (MVT). These technologies differ widely in purchasing cost, maintenance cost, operating cost, processing rate, and accuracy. Based on a mathematical framework that takes into account all these factors, this article investigates two critical issues for operating screening devices: setting specifications for continuous security responses by different technologies; and selecting technology or combination of technologies for efficient 100% baggage screening. For continuous security responses, specifications or thresholds are used for classifying threat items from nonthreat items. By investigating the setting of specifications on system security responses, this article assesses the risk and cost effectiveness of various technologies for both single-device and two-device systems. The findings provide the best selection of image-based technologies for both single-device and two-device systems. Our study suggests that two-device systems outperform single-device systems in terms of both cost effectiveness and accuracy. The model can be readily extended to evaluate risk and cost effectiveness of multiple-device systems for airport checked-baggage security screening.

Health Information Security: A Case Study of Three Selected Medical Centers in Iran

PubMed Central

Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas

2013-01-01

Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients’ electronic records and health information systems have become a source for hackers. Methods This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts’ points of view. Results and discussion Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of “verification and system design, user access management, access control system”, Al Zahra Hospital in two indicators of “access management and network access control” and Amin Hospital in “equipment safety and system design”. In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place. PMID:23572861

Secure Objectives for School Security

ERIC Educational Resources Information Center

Dalton-Noblitt, April

2012-01-01

In a study conducted among more than 980 American four-year and two-year colleges and universities, including institutions such as the University of Michigan, MIT, UCLA and Columbia, security staff and other administrators identified the five leading goals for their security systems: (1) Preventing unauthorized people from entering their…

An Integrative Behavioral Model of Information Security Policy Compliance

PubMed Central

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized. PMID:24971373

An integrative behavioral model of information security policy compliance.

PubMed

Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

2014-01-01

The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members' neutralization intention to violate information security policy should be emphasized.

Information security risk management for computerized health information systems in hospitals: a case study of Iran.

PubMed

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

Proposal of Secure VoIP System Using Attribute Certificate

NASA Astrophysics Data System (ADS)

Kim, Jin-Mook; Jeong, Young-Ae; Hong, Seong-Sik

VoIP is a service that changes the analogue audio signal into a digital signal and then transfers the audio information to the users after configuring it as a packet; and it has an advantage of lower price than the existing voice call service and better extensibility. However, VoIP service has a system structure that, compared to the existing PSTN (Public Switched Telephone Network), has poor call quality and is vulnerable in the security aspect. To make up these problems, TLS service was introduced to enhance the security. In practical system, however, since QoS problem occurs, it is necessary to develop the VoIP security system that can satisfy QoS at the same time in the security aspect. In this paper, a user authentication VoIP system that can provide a service according to the security and the user through providing a differential service according to the approach of the users by adding AA server at the step of configuring the existing VoIP session is suggested. It was found that the proposed system of this study provides a quicker QoS than the TLS-added system at a similar level of security. Also, it is able to provide a variety of additional services by the different users.

Survey of methods for secure connection to the internet

NASA Astrophysics Data System (ADS)

Matsui, Shouichi

1994-04-01

This paper describes a study of a security method of protecting inside network computers against outside miscreants and unwelcome visitors and a control method when these computers are connected with the Internet. In the present Internet, a method to encipher all data cannot be used, so that it is necessary to utilize PEM (Privacy Enhanced Mail) capable of the encipherment and conversion of secret information. For preventing miscreant access by eavesdropping password, one-time password is effective. The most cost-effective method is a firewall system. This system lies between the outside and inside network. By limiting computers that directly communicate with the Internet, control is centralized and inside network security is protected. If the security of firewall systems is strictly controlled under correct setting, security within the network can be secured even in open networks such as the Internet.

Information Security Analysis: A Study to Analyze the Extent to Which Information Security Systems Can Be Utilized to Prevent Intoxicated Individuals from Driving

ERIC Educational Resources Information Center

Pierre, Joseph D.

2011-01-01

Information security systems (ISS) have been designed to protect assets from damages and from unauthorized access internally as well as externally. This research is promising similar protection from ISS methods that could prevent intoxicated individuals under the influence of alcohol from driving. However, previous research has shown significant…

49 CFR 659.23 - System security plan: contents.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: contents. 659.23 Section 659... State Oversight Agency § 659.23 System security plan: contents. The system security plan must, at a... system security plan; and (e) Document the rail transit agency's process for making its system security...

Campus network security model study

NASA Astrophysics Data System (ADS)

Zhang, Yong-ku; Song, Li-ren

2011-12-01

Campus network security is growing importance, Design a very effective defense hacker attacks, viruses, data theft, and internal defense system, is the focus of the study in this paper. This paper compared the firewall; IDS based on the integrated, then design of a campus network security model, and detail the specific implementation principle.

Economic Evaluation of the Information Security Levels Achieved by Electric Energy Providers in North Arctic Region

NASA Astrophysics Data System (ADS)

Sushko, O. P.; Kaznin, A. A.; Babkin, A. V.; Bogdanov, D. A.

2017-10-01

The study we are conducting involves the analysis of information security levels achieved by energy providers operating in the North Arctic Region. We look into whether the energy providers’ current information security levels meet reliability standards and determine what further actions may be needed for upgrading information security in the context of the digital transformation that the world community is undergoing. When developing the information security systems for electric energy providers or selecting the protection means for them, we are governed by the fact that the assets to be protected are process technologies. While information security risk can be assessed using different methods, the evaluation of the economic damage from these risks appears to be a difficult task. The most probable and harmful risks we have identified when evaluating the electric energy providers’ information security will be used by us as variables. To provide the evaluation, it is necessary to calculate the costs relating to elimination of the risks identified. The final stage of the study will involve the development of an operation algorithm for the North Arctic Region’s energy provider’s business information protection security system - a set of information security services, and security software and hardware.

[Evaluation of health system decentralization and reform of the Social Security system in Colombia].

PubMed

Jaramillo, I

2002-01-01

The aim of this study is to present the results of the reforms in the health sector that have taken place in Colombia since 1990. These reforms replaced the previous national health system and the so-called Bismarkian social security system. The new system has three basic characteristics: a) the public subsidies are decentralized in the municipalities and territorial departments; b) the public hospitals have been converted into state social enterprises, which has led them towards a management model, and c) the health and social security system monopoly has been abolished and a system of health subsidies has been created for the poorest citizens. This article systematically collects secondary information extracted from the most important studies evaluating the health sector reforms in Colombia. The present author participated in some of these studies. The reforms have increased financial resources, which, has led to an increase in public system staff and their salaries. The availability of hospitals' budgetary resources has increased and the social security system has become wider, including 20% of the poorest population who have benefited from subsidies on demand. Ease of access and equity in the health system have significantly improved. However, indicators of public health have fallen and health professionals are critical of a system based on mediation, which increases transaction costs.

Guidelines for contingency planning NASA (National Aeronautics and Space Administration) ADP security risk reduction decision studies

NASA Technical Reports Server (NTRS)

Tompkins, F. G.

1984-01-01

Guidance is presented to NASA Computer Security Officials for determining the acceptability or unacceptability of ADP security risks based on the technical, operational and economic feasibility of potential safeguards. The risk management process is reviewed as a specialized application of the systems approach to problem solving and information systems analysis and design. Reporting the results of the risk reduction analysis to management is considered. Report formats for the risk reduction study are provided.

Security evaluation and assurance of electronic health records.

PubMed

Weber-Jahnke, Jens H

2009-01-01

Electronic Health Records (EHRs) maintain information of sensitive nature. Security requirements in this context are typically multilateral, encompassing the viewpoints of multiple stakeholders. Two main research questions arise from a security assurance point of view, namely how to demonstrate the internal correctness of EHRs and how to demonstrate their conformance in relation to multilateral security regulations. The above notions of correctness and conformance directly relate to the general concept of system verification, which asks the question "are we building the system right?" This should not be confused with the concept of system validation, which asks the question "are we building the right system?" Much of the research in the medical informatics community has been concerned with the latter aspect (validation). However, trustworthy security requires assurances that standards are followed and specifications are met. The objective of this paper is to contribute to filling this gap. We give an introduction to fundamentals of security assurance, summarize current assurance standards, and report on experiences with using security assurance methodology applied to the EHR domain, specifically focusing on case studies in the Canadian context.

Predicting automated guideway transit system station security requirements

DOT National Transportation Integrated Search

1980-03-01

This study addresses the issues of personal security on Automated Guideway Transit (AGT) Systems, as they might be deployed in typical urban residential and non-residential settings. Based upon a literature review, it outlines basic characteristics o...

Updating energy security and environmental policy: Energy security theories revisited.

PubMed

Proskuryakova, L

2018-06-18

The energy security theories are based on the premises of sufficient and reliable supply of fossil fuels at affordable prices in centralized supply systems. Policy-makers and company chief executives develop energy security strategies based on the energy security theories and definitions that dominate in the research and policy discourse. It is therefore of utmost importance that scientists revisit these theories in line with the latest changes in the energy industry: the rapid advancement of renewables and smart grid, decentralization of energy systems, new environmental and climate challenges. The study examines the classic energy security concepts (neorealism, neoliberalism, constructivism and international political economy) and assesses if energy technology changes are taken into consideration. This is done through integrative literature review, comparative analysis, identification of 'international relations' and 'energy' research discourse with the use of big data, and case studies of Germany, China, and Russia. The paper offers suggestions for revision of energy security concepts through integration of future technology considerations. Copyright © 2018 Elsevier Ltd. All rights reserved.

Social Security Contributions and Return Migration Among Older Male Mexican Immigrants.

PubMed

Aguila, Emma; Vega, Alma

2017-06-01

For decades, scholars have studied the effects of immigration on the U.S. social security system. To date, this research has been primarily limited to migrants within the United States and does not consider those who return to their countries of origin. We estimate the proportion of male Mexican return migrants who contributed to the U.S. social security system and analyze their socioeconomic characteristics and migration histories. We also estimate the proportion that receive or expect to receive U.S. social security benefits. Using probit regression on the 2012 Mexican Health and Aging Study (MHAS), we describe the predictors of having contributed to the U.S. social security system among Mexican males in Mexico aged 50 years and older who at some point lived in the United States. We find that 32% of male return migrants reported having contributed to the U.S. social security system, but only 5% of those who contributed, received or expected to receive benefits. Those who reported having contributed spent more years in the United States and were more likely to be U.S. citizens or legal permanent residents than those who did not contribute. Immigrants often pay Old-Age, Survivors, and Disability Insurance taxes using legitimate or illegitimate social security numbers and return to their home countries without collecting U.S. social security benefits. © The Author 2017. Published by Oxford University Press on behalf of The Gerontological Society of America. All rights reserved. For permissions, please e-mail: journals.permissions@oup.com.

Secure key storage and distribution

DOEpatents

Agrawal, Punit

2015-06-02

This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

[Hospital information system performance for road traffic accidents analysis in a hospital recruitment based area].

PubMed

Jannot, A-S; Fauconnier, J

2013-06-01

Road traffic accidents in France are mainly analyzed through reports completed by the security forces (police and gendarmerie). But the hospital information systems can also identify road traffic accidents via specific documentary codes of the International Classification of Diseases (ICD-10). The aim of this study was therefore to determine whether hospital stays consecutive to road traffic accident were truly identified by these documentary codes in a facility that collects data routinely and to study the consistency of results from hospital information systems and from security forces during the 2002-2008 period. We retrieved all patients for whom a documentary code for road traffic accident was entered in 2002-2008. We manually checked the concordance of documentary code for road traffic accident and trauma origin in 350 patient files. The number of accidents in the Grenoble area was then inferred by combining with hospitalization regional data and compared to the number of persons injured by traffic accidents declared by the security force. These hospital information systems successfully report road traffic accidents with 96% sensitivity (95%CI: [92%, 100%]) and 97% specificity (95%CI: [95%, 99%]). The decrease in road traffic accidents observed was significantly less than that observed was significantly lower than that observed in the data from the security force (45% for security force data against 27% for hospital data). Overall, this study shows that hospital information systems are a powerful tool for studying road traffic accidents morbidity in hospital and are complementary to security force data. Copyright © 2013 Elsevier Masson SAS. All rights reserved.

Systems Security Engineering

DTIC Science & Technology

2010-08-22

Commission (IEC). “Information technology — Security techniques — Code of practice for information security management ( ISO /IEC 27002 ...Information technology — Security techniques — Information security management systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security...was a draft ISO standard on Systems and software engineering, Systems and software assurance [18]. Created by systems engineers for systems

Attitudes towards information system security among physicians in Croatia.

PubMed

Markota, M; Kern, J; Svab, I

2001-07-01

To examine attitudes about information system security among Croatian physicians a cross-sectional study was performed on a representative sample of 800 Croatian physicians. An anonymous questionnaire comprising 21 questions was distributed and statistical analysis was performed using a chi-square test. A 76.2% response rate was obtained. The majority of respondents (85.8%) believe that information system security is a new area in their work. In general, physicians are not informed about European directives, conventions, recommendations, etc. Only a small number of physicians use personal computers at work (29%). Those physicians who have a personal computer use it mainly for administrative reasons. Most healthcare institutions (89%) do not have a security manual and the area of information system security is left to individual interest and initiative. Only 25% of physicians who have a personal computer use any type of password. A high percentage of physicians (22%) has never thought about the problem of personal data being used by organizations (e.g. police, banks) without legal background; a small, but still significant percentage of physicians (5.6%) has even agreed with such use. Results indicate that for the vast majority of physicians, information system security is a new area in their daily work, one which is left to individual interest and initiative. They are not familiar with the ethical, technical and legal backgrounds which have been defined for that area within the Council of Europe and the European Union. New aspects: This is the first study performed in Central and Eastern Europe dealing with information system security, performed on a representative nationwide sample of all the physicians.

Comparative Assessment of Physical and Social Determinants of Water Quantity and Water Quality Concerns

NASA Astrophysics Data System (ADS)

Gunda, T.; Hornberger, G. M.

2017-12-01

Concerns over water resources have evolved over time, from physical availability to economic access and recently, to a more comprehensive study of "water security," which is inherently interdisciplinary because a secure water system is influenced by and affects both physical and social components. The concept of water security carries connotations of both an adequate supply of water as well as water that meets certain quality standards. Although the term "water security" has many interpretations in the literature, the research field has not yet developed a synthetic analysis of water security as both a quantity (availability) and quality (contamination) issue. Using qualitative comparative and multi-regression analyses, we evaluate the primary physical and social factors influencing U.S. states' water security from a quantity perspective and from a quality perspective. Water system characteristics are collated from academic and government sources and include access/use, governance, and sociodemographic, and ecosystem metrics. Our analysis indicates differences in variables driving availability and contamination concerns; for example, climate is a more significant determinant in water quantity-based security analyses than in water quality-based security analyses. We will also discuss coevolution of system traits and the merits of constructing a robust water security index based on the relative importance of metrics from our analyses. These insights will improve understanding of the complex interactions between quantity and quality aspects and thus, overall security of water systems.

A Secure, Intelligent, and Smart-Sensing Approach for Industrial System Automation and Transmission over Unsecured Wireless Networks

PubMed Central

Shahzad, Aamir; Lee, Malrey; Xiong, Neal Naixue; Jeong, Gisung; Lee, Young-Keun; Choi, Jae-Young; Mahesar, Abdul Wheed; Ahmad, Iftikhar

2016-01-01

In Industrial systems, Supervisory control and data acquisition (SCADA) system, the pseudo-transport layer of the distributed network protocol (DNP3) performs the functions of the transport layer and network layer of the open systems interconnection (OSI) model. This study used a simulation design of water pumping system, in-which the network nodes are directly and wirelessly connected with sensors, and are monitored by the main controller, as part of the wireless SCADA system. This study also intends to focus on the security issues inherent in the pseudo-transport layer of the DNP3 protocol. During disassembly and reassembling processes, the pseudo-transport layer keeps track of the bytes sequence. However, no mechanism is available that can verify the message or maintain the integrity of the bytes in the bytes received/transmitted from/to the data link layer or in the send/respond from the main controller/sensors. To properly and sequentially keep track of the bytes, a mechanism is required that can perform verification while bytes are received/transmitted from/to the lower layer of the DNP3 protocol or the send/respond to/from field sensors. For security and byte verification purposes, a mechanism needs to be proposed for the pseudo-transport layer, by employing cryptography algorithm. A dynamic choice security buffer (SB) is designed and employed during the security development. To achieve the desired goals of the proposed study, a pseudo-transport layer stack model is designed using the DNP3 protocol open library and the security is deployed and tested, without changing the original design. PMID:26950129

A Secure, Intelligent, and Smart-Sensing Approach for Industrial System Automation and Transmission over Unsecured Wireless Networks.

PubMed

Shahzad, Aamir; Lee, Malrey; Xiong, Neal Naixue; Jeong, Gisung; Lee, Young-Keun; Choi, Jae-Young; Mahesar, Abdul Wheed; Ahmad, Iftikhar

2016-03-03

In Industrial systems, Supervisory control and data acquisition (SCADA) system, the pseudo-transport layer of the distributed network protocol (DNP3) performs the functions of the transport layer and network layer of the open systems interconnection (OSI) model. This study used a simulation design of water pumping system, in-which the network nodes are directly and wirelessly connected with sensors, and are monitored by the main controller, as part of the wireless SCADA system. This study also intends to focus on the security issues inherent in the pseudo-transport layer of the DNP3 protocol. During disassembly and reassembling processes, the pseudo-transport layer keeps track of the bytes sequence. However, no mechanism is available that can verify the message or maintain the integrity of the bytes in the bytes received/transmitted from/to the data link layer or in the send/respond from the main controller/sensors. To properly and sequentially keep track of the bytes, a mechanism is required that can perform verification while bytes are received/transmitted from/to the lower layer of the DNP3 protocol or the send/respond to/from field sensors. For security and byte verification purposes, a mechanism needs to be proposed for the pseudo-transport layer, by employing cryptography algorithm. A dynamic choice security buffer (SB) is designed and employed during the security development. To achieve the desired goals of the proposed study, a pseudo-transport layer stack model is designed using the DNP3 protocol open library and the security is deployed and tested, without changing the original design.

Evaluating User Experiences of the Secure Messaging Tool on the Veterans Affairs’ Patient Portal System

PubMed Central

Lind, Jason D; Shimada, Stephanie L; Martin, Tracey L; Gosline, Robert M; Antinori, Nicole; Stewart, Max; Simon, Steven R

2014-01-01

Background The United States Department of Veterans Affairs has implemented an electronic asynchronous “Secure Messaging” tool within a Web-based patient portal (ie, My HealtheVet) to support patient-provider communication. This electronic resource promotes continuous and coordinated patient-centered care, but to date little research has evaluated patients’ experiences and preferences for using Secure Messaging. Objective The objectives of this mixed-methods study were to (1) characterize veterans’ experiences using Secure Messaging in the My HealtheVet portal over a 3-month period, including system usability, (2) identify barriers to and facilitators of use, and (3) describe strategies to support veterans’ use of Secure Messaging. Methods We recruited 33 veterans who had access to and had previously used the portal’s Secure Messaging tool. We used a combination of in-depth interviews, face-to-face user-testing, review of transmitted secure messages between veterans and staff, and telephone interviews three months following initial contact. We assessed participants’ computer and health literacy during initial and follow-up interviews. We used a content-analysis approach to identify dominant themes in the qualitative data. We compared inferences from each of the data sources (interviews, user-testing, and message review) to identify convergent and divergent data trends. Results The majority of veterans (27/33, 82%) reported being satisfied with Secure Messaging at initial interview; satisfaction ratings increased to 97% (31/32, 1 missing) during follow-up interviews. Veterans noted Secure Messaging to be useful for communicating with their primary care team to manage health care needs (eg, health-related questions, test requests and results, medication refills and questions, managing appointments). Four domains emerged from interviews: (1) perceived benefits of using Secure Messaging, (2) barriers to using Secure Messaging, (3) facilitators for using Secure Messaging, and (4) suggestions for improving Secure Messaging. Veterans identified and demonstrated impediments to successful system usage that can be addressed with education, skill building, and system modifications. Analysis of secure message content data provided insights to reasons for use that were not disclosed by participants during interviews, specifically sensitive health topics such as erectile dysfunction and sexually transmitted disease inquiries. Conclusions Veterans perceive Secure Messaging in the My HealtheVet patient portal as a useful tool for communicating with health care teams. However, to maximize sustained utilization of Secure Messaging, marketing, education, skill building, and system modifications are needed. Data from this study can inform a large-scale quantitative assessment of Secure Messaging users’ experiences in a representative sample to validate qualitative findings. PMID:24610454

Evaluating user experiences of the secure messaging tool on the Veterans Affairs' patient portal system.

PubMed

Haun, Jolie N; Lind, Jason D; Shimada, Stephanie L; Martin, Tracey L; Gosline, Robert M; Antinori, Nicole; Stewart, Max; Simon, Steven R

2014-03-06

The United States Department of Veterans Affairs has implemented an electronic asynchronous "Secure Messaging" tool within a Web-based patient portal (ie, My HealtheVet) to support patient-provider communication. This electronic resource promotes continuous and coordinated patient-centered care, but to date little research has evaluated patients' experiences and preferences for using Secure Messaging. The objectives of this mixed-methods study were to (1) characterize veterans' experiences using Secure Messaging in the My HealtheVet portal over a 3-month period, including system usability, (2) identify barriers to and facilitators of use, and (3) describe strategies to support veterans' use of Secure Messaging. We recruited 33 veterans who had access to and had previously used the portal's Secure Messaging tool. We used a combination of in-depth interviews, face-to-face user-testing, review of transmitted secure messages between veterans and staff, and telephone interviews three months following initial contact. We assessed participants' computer and health literacy during initial and follow-up interviews. We used a content-analysis approach to identify dominant themes in the qualitative data. We compared inferences from each of the data sources (interviews, user-testing, and message review) to identify convergent and divergent data trends. The majority of veterans (27/33, 82%) reported being satisfied with Secure Messaging at initial interview; satisfaction ratings increased to 97% (31/32, 1 missing) during follow-up interviews. Veterans noted Secure Messaging to be useful for communicating with their primary care team to manage health care needs (eg, health-related questions, test requests and results, medication refills and questions, managing appointments). Four domains emerged from interviews: (1) perceived benefits of using Secure Messaging, (2) barriers to using Secure Messaging, (3) facilitators for using Secure Messaging, and (4) suggestions for improving Secure Messaging. Veterans identified and demonstrated impediments to successful system usage that can be addressed with education, skill building, and system modifications. Analysis of secure message content data provided insights to reasons for use that were not disclosed by participants during interviews, specifically sensitive health topics such as erectile dysfunction and sexually transmitted disease inquiries. Veterans perceive Secure Messaging in the My HealtheVet patient portal as a useful tool for communicating with health care teams. However, to maximize sustained utilization of Secure Messaging, marketing, education, skill building, and system modifications are needed. Data from this study can inform a large-scale quantitative assessment of Secure Messaging users' experiences in a representative sample to validate qualitative findings.

Analyzing Cases of Resilience Success and Failure - A Research Study

DTIC Science & Technology

2012-12-01

controls [NIST 2012, NIST 2008] ISO 27002 and ISO 27004 Guidelines for initiating, implementing, maintaining, and improving information security...Commission ( ISO /IEC). Information technology—Security techniques—Code of practice for information security management ( ISO /IEC 27002 :2005). ISO /IEC, 2005...security management system and controls or groups of controls [ ISO /IEC 2005, ISO /IEC 2009] CIS Security Metrics Outcome and practice metrics measuring

Operation of remote mobile sensors for security of drinking water distribution systems.

PubMed

Perelman, By Lina; Ostfeld, Avi

2013-09-01

The deployment of fixed online water quality sensors in water distribution systems has been recognized as one of the key components of contamination warning systems for securing public health. This study proposes to explore how the inclusion of mobile sensors for inline monitoring of various water quality parameters (e.g., residual chlorine, pH) can enhance water distribution system security. Mobile sensors equipped with sampling, sensing, data acquisition, wireless transmission and power generation systems are being designed, fabricated, and tested, and prototypes are expected to be released in the very near future. This study initiates the development of a theoretical framework for modeling mobile sensor movement in water distribution systems and integrating the sensory data collected from stationary and non-stationary sensor nodes to increase system security. The methodology is applied and demonstrated on two benchmark networks. Performance of different sensor network designs are compared for fixed and combined fixed and mobile sensor networks. Results indicate that complementing online sensor networks with inline monitoring can increase detection likelihood and decrease mean time to detection. Copyright © 2013 Elsevier Ltd. All rights reserved.

Information security risk management for computerized health information systems in hospitals: a case study of Iran

PubMed Central

Zarei, Javad; Sadoughi, Farahnaz

2016-01-01

Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

Implementation of Medical Information Exchange System Based on EHR Standard

PubMed Central

Han, Soon Hwa; Kim, Sang Guk; Jeong, Jun Yong; Lee, Bi Na; Choi, Myeong Seon; Kim, Il Kon; Park, Woo Sung; Ha, Kyooseob; Cho, Eunyoung; Kim, Yoon; Bae, Jae Bong

2010-01-01

Objectives To develop effective ways of sharing patients' medical information, we developed a new medical information exchange system (MIES) based on a registry server, which enabled us to exchange different types of data generated by various systems. Methods To assure that patient's medical information can be effectively exchanged under different system environments, we adopted the standardized data transfer methods and terminologies suggested by the Center for Interoperable Electronic Healthcare Record (CIEHR) of Korea in order to guarantee interoperability. Regarding information security, MIES followed the security guidelines suggested by the CIEHR of Korea. This study aimed to develop essential security systems for the implementation of online services, such as encryption of communication, server security, database security, protection against hacking, contents, and network security. Results The registry server managed information exchange as well as the registration information of the clinical document architecture (CDA) documents, and the CDA Transfer Server was used to locate and transmit the proper CDA document from the relevant repository. The CDA viewer showed the CDA documents via connection with the information systems of related hospitals. Conclusions This research chooses transfer items and defines document standards that follow CDA standards, such that exchange of CDA documents between different systems became possible through ebXML. The proposed MIES was designed as an independent central registry server model in order to guarantee the essential security of patients' medical information. PMID:21818447

Implementation of Medical Information Exchange System Based on EHR Standard.

PubMed

Han, Soon Hwa; Lee, Min Ho; Kim, Sang Guk; Jeong, Jun Yong; Lee, Bi Na; Choi, Myeong Seon; Kim, Il Kon; Park, Woo Sung; Ha, Kyooseob; Cho, Eunyoung; Kim, Yoon; Bae, Jae Bong

2010-12-01

To develop effective ways of sharing patients' medical information, we developed a new medical information exchange system (MIES) based on a registry server, which enabled us to exchange different types of data generated by various systems. To assure that patient's medical information can be effectively exchanged under different system environments, we adopted the standardized data transfer methods and terminologies suggested by the Center for Interoperable Electronic Healthcare Record (CIEHR) of Korea in order to guarantee interoperability. Regarding information security, MIES followed the security guidelines suggested by the CIEHR of Korea. This study aimed to develop essential security systems for the implementation of online services, such as encryption of communication, server security, database security, protection against hacking, contents, and network security. The registry server managed information exchange as well as the registration information of the clinical document architecture (CDA) documents, and the CDA Transfer Server was used to locate and transmit the proper CDA document from the relevant repository. The CDA viewer showed the CDA documents via connection with the information systems of related hospitals. This research chooses transfer items and defines document standards that follow CDA standards, such that exchange of CDA documents between different systems became possible through ebXML. The proposed MIES was designed as an independent central registry server model in order to guarantee the essential security of patients' medical information.

31 CFR 356.4 - What are the book-entry systems in which auctioned Treasury securities may be issued?

Code of Federal Regulations, 2010 CFR

2010-07-01

... in which auctioned Treasury securities may be issued? There are three book-entry securities systems... marketable Treasury securities. We maintain and transfer securities in these three book-entry systems at... inflation. Securities may be transferred from one system to the other, unless the securities are not...

Via generalized function projective synchronization in nonlinear Schrödinger equation for secure communication

NASA Astrophysics Data System (ADS)

Zhao, L. W.; Du, J. G.; Yin, J. L.

2018-05-01

This paper proposes a novel secured communication scheme in a chaotic system by applying generalized function projective synchronization of the nonlinear Schrödinger equation. This phenomenal approach guarantees a secured and convenient communication. Our study applied the Melnikov theorem with an active control strategy to suppress chaos in the system. The transmitted information signal is modulated into the parameter of the nonlinear Schrödinger equation in the transmitter and it is assumed that the parameter of the receiver system is unknown. Based on the Lyapunov stability theory and the adaptive control technique, the controllers are designed to make two identical nonlinear Schrödinger equation with the unknown parameter asymptotically synchronized. The numerical simulation results of our study confirmed the validity, effectiveness and the feasibility of the proposed novel synchronization method and error estimate for a secure communication. The Chaos masking signals of the information communication scheme, further guaranteed a safer and secured information communicated via this approach.

Male Labor Force Participation and Social Security in Mexico.

PubMed

Aguila, Emma

2014-04-01

Labor-force participation among Mexican males in their early retirement years (60 to 64 years of age) has decreased in recent decades, from 94.6 percent in 1960 to 65.2 percent in 2010. Similar trends are evident elsewhere in Latin America, and have occurred in the developed world. Such trends pose challenges to financial sustainability of social security systems as working-age populations decrease and those in retirement increase both because of demographic trends and decisions to take early retirement. In this study, we find that the Mexican social security system provides incentives to retire early. The retirement incentives of the Mexican social security system affect retirement behavior, and may be one of the main contributors to early retirement decisions, particularly for lower-income populations. We simulated the effect of the reform from a Pay-As-You-Go (PAYG) to the new Personal Retirement Accounts (PRA) system and we find that the PRA system also provides incentives to early retirement. Further analysis is needed to assess the financial sustainability of the social security system and financial security in old age for the largest cohorts in Mexico that will begin to retire by 2040.

Male Labor Force Participation and Social Security in Mexico

PubMed Central

Aguila, Emma

2014-01-01

Labor-force participation among Mexican males in their early retirement years (60 to 64 years of age) has decreased in recent decades, from 94.6 percent in 1960 to 65.2 percent in 2010. Similar trends are evident elsewhere in Latin America, and have occurred in the developed world. Such trends pose challenges to financial sustainability of social security systems as working-age populations decrease and those in retirement increase both because of demographic trends and decisions to take early retirement. In this study, we find that the Mexican social security system provides incentives to retire early. The retirement incentives of the Mexican social security system affect retirement behavior, and may be one of the main contributors to early retirement decisions, particularly for lower-income populations. We simulated the effect of the reform from a Pay-As-You-Go (PAYG) to the new Personal Retirement Accounts (PRA) system and we find that the PRA system also provides incentives to early retirement. Further analysis is needed to assess the financial sustainability of the social security system and financial security in old age for the largest cohorts in Mexico that will begin to retire by 2040. PMID:25328441

Correlation Research of Medical Security Management System Network Platform in Medical Practice

NASA Astrophysics Data System (ADS)

Jie, Wang; Fan, Zhang; Jian, Hao; Li-nong, Yu; Jun, Fei; Ping, Hao; Ya-wei, Shen; Yue-jin, Chang

Objective-The related research of medical security management system network in medical practice. Methods-Establishing network platform of medical safety management system, medical security network host station, medical security management system(C/S), medical security management system of departments and sections, comprehensive query, medical security disposal and examination system. Results-In medical safety management, medical security management system can reflect the hospital medical security problem, and can achieve real-time detection and improve the medical security incident detection rate. Conclusion-The application of the research in the hospital management implementation, can find hospital medical security hidden danger and the problems of medical disputes, and can help in resolving medical disputes in time and achieve good work efficiency, which is worth applying in the hospital practice.

Common Operating Picture: UAV Security Study

NASA Technical Reports Server (NTRS)

2004-01-01

This initial communication security study is a top-level assessment of basic security issues related to the operation of Unmanned Aerial Vehicles (UAVs) in the National Airspace System (NAS). Security considerations will include information relating to the use of International Civil Aviation Organization (ICAO) Aeronautical Telecommunications Network (ATN) protocols and applications identifying their maturity, as well as the use of IPV4 and a version of mobile IPV6. The purpose of this assessment is to provide an initial analysis of the security implications of introducing UAVs into the NAS.

The Impact of the Security Competency on "Self-Efficacy in Information Security" for Effective Health Information Security in Iran.

PubMed

Shahri, Ahmad Bakhtiyari; Ismail, Zuraini; Mohanna, Shahram

2016-11-01

The security effectiveness based on users' behaviors is becoming a top priority of Health Information System (HIS). In the first step of this study, through the review of previous studies 'Self-efficacy in Information Security' (SEIS) and 'Security Competency' (SCMP) were identified as the important factors to transforming HIS users to the first line of defense in the security. Subsequently, a conceptual model was proposed taking into mentioned factors for HIS security effectiveness. Then, this quantitative study used the structural equation modeling to examine the proposed model based on survey data collected from a sample of 263 HIS users from eight hospitals in Iran. The result shows that SEIS is one of the important factors to cultivate of good end users' behaviors toward HIS security effectiveness. However SCMP appears a feasible alternative to providing SEIS. This study also confirms the mediation effects of SEIS on the relationship between SCMP and HIS security effectiveness. The results of this research paper can be used by HIS and IT managers to implement their information security process more effectively.

Developing Secure Power Systems Professional Competence: Alignment and Gaps in Workforce Development Programs—Summary Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

O'Neil, Lori Ross; Assante, Michael; Tobey, D. H.

2013-07-01

This document is a summarization of the report, Developing Secure Power Systems Professional Competence: Alignment and Gaps in Workforce Development Programs, the final report for phase 2 of the SPSP (DOE workforce study) project.

A Quantitative Socio-hydrological Characterization of Water Security in Large-Scale Irrigation Systems

NASA Astrophysics Data System (ADS)

Siddiqi, A.; Muhammad, A.; Wescoat, J. L., Jr.

2017-12-01

Large-scale, legacy canal systems, such as the irrigation infrastructure in the Indus Basin in Punjab, Pakistan, have been primarily conceived, constructed, and operated with a techno-centric approach. The emerging socio-hydrological approaches provide a new lens for studying such systems to potentially identify fresh insights for addressing contemporary challenges of water security. In this work, using the partial definition of water security as "the reliable availability of an acceptable quantity and quality of water", supply reliability is construed as a partial measure of water security in irrigation systems. A set of metrics are used to quantitatively study reliability of surface supply in the canal systems of Punjab, Pakistan using an extensive dataset of 10-daily surface water deliveries over a decade (2007-2016) and of high frequency (10-minute) flow measurements over one year. The reliability quantification is based on comparison of actual deliveries and entitlements, which are a combination of hydrological and social constructs. The socio-hydrological lens highlights critical issues of how flows are measured, monitored, perceived, and experienced from the perspective of operators (government officials) and users (famers). The analysis reveals varying levels of reliability (and by extension security) of supply when data is examined across multiple temporal and spatial scales. The results shed new light on evolution of water security (as partially measured by supply reliability) for surface irrigation in the Punjab province of Pakistan and demonstrate that "information security" (defined as reliable availability of sufficiently detailed data) is vital for enabling water security. It is found that forecasting and management (that are social processes) lead to differences between entitlements and actual deliveries, and there is significant potential to positively affect supply reliability through interventions in the social realm.

Draft secure medical database standard.

PubMed

Pangalos, George

2002-01-01

Medical database security is a particularly important issue for all Healthcare establishments. Medical information systems are intended to support a wide range of pertinent health issues today, for example: assure the quality of care, support effective management of the health services institutions, monitor and contain the cost of care, implement technology into care without violating social values, ensure the equity and availability of care, preserve humanity despite the proliferation of technology etc.. In this context, medical database security aims primarily to support: high availability, accuracy and consistency of the stored data, the medical professional secrecy and confidentiality, and the protection of the privacy of the patient. These properties, though of technical nature, basically require that the system is actually helpful for medical care and not harmful to patients. These later properties require in turn not only that fundamental ethical principles are not violated by employing database systems, but instead, are effectively enforced by technical means. This document reviews the existing and emerging work on the security of medical database systems. It presents in detail the related problems and requirements related to medical database security. It addresses the problems of medical database security policies, secure design methodologies and implementation techniques. It also describes the current legal framework and regulatory requirements for medical database security. The issue of medical database security guidelines is also examined in detailed. The current national and international efforts in the area are studied. It also gives an overview of the research work in the area. The document also presents in detail the most complete to our knowledge set of security guidelines for the development and operation of medical database systems.

76 FR 58786 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-22

... National Security Agency/Central Security System systems of records notices subject to the Privacy Act of... inquiries to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act...; Systems of Records AGENCY: National Security Agency/Central Security Service, Department of Defense (DoD...

31 CFR 306.23 - Securities eligible to be held in the Legacy Treasury Direct® Book-entry Securities System.

Code of Federal Regulations, 2011 CFR

2011-07-01

... Legacy Treasury Direct® Book-entry Securities System. 306.23 Section 306.23 Money and Finance: Treasury... Securities eligible to be held in the Legacy Treasury Direct® Book-entry Securities System. (a) Eligible... book-entry securities system. (b) Conversion of Registered Security to book-entry form to be held in...

31 CFR 357.0 - Book-entry systems.

Code of Federal Regulations, 2014 CFR

2014-07-01

... General Information § 357.0 Book-entry systems. (a) Treasury securities. Treasury securities are...-entry system is the book-entry system in which Treasury securities are held in a tiered system through securities intermediaries such as financial institutions or brokerage firms. A Treasury security is...

31 CFR 357.0 - Book-entry systems.

Code of Federal Regulations, 2012 CFR

2012-07-01

... General Information § 357.0 Book-entry systems. (a) Treasury securities. Treasury securities are...-entry system is the book-entry system in which Treasury securities are held in a tiered system through securities intermediaries such as financial institutions or brokerage firms. A Treasury security is...

31 CFR 357.0 - Book-entry systems.

Code of Federal Regulations, 2011 CFR

2011-07-01

... General Information § 357.0 Book-entry systems. (a) Treasury securities. Treasury securities are...-entry system is the book-entry system in which Treasury securities are held in a tiered system through securities intermediaries such as financial institutions or brokerage firms. A Treasury security is...

31 CFR 357.0 - Book-entry systems.

Code of Federal Regulations, 2013 CFR

2013-07-01

... General Information § 357.0 Book-entry systems. (a) Treasury securities. Treasury securities are...-entry system is the book-entry system in which Treasury securities are held in a tiered system through securities intermediaries such as financial institutions or brokerage firms. A Treasury security is...

An evaluation index system of water security in China based on macroeconomic data from 2000 to 2012

NASA Astrophysics Data System (ADS)

Li, X. S.; Peng, Z. Y.; Li, T. T.

2016-08-01

This paper establishes an evaluation index system of water security. The index system employs 5 subsystems (water circulation security, water environment security, water ecology security, water society security and water economy security) and has 39 indicators. Using the AHP method, each indicator is given a relative weight to integrate within the whole system. With macroeconomic data from 2000 to 2012, a model of water security evaluation is applied to assess the state of water security in China. The results show an improving trend in the overall state of China's water security. In particular, the cycle of water security is at a high and low fluctuation. Water environment security presents an upward trend on the whole; however, this trend is unsteady and has shown a descending tendency in some years. Yet, water ecology security, water society security, and water economy security are basically on the rise. However, the degree of coordination of China's water security system remains in need of consolidation.

17 CFR 240.17Ad-13 - Annual study and evaluation of internal accounting control.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Annual study and evaluation of internal accounting control. 240.17Ad-13 Section 240.17Ad-13 Commodity and Securities Exchanges SECURITIES... System, the Office of the Comptroller of the Currency or the Federal Deposit Insurance Corporation...

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sanquist, Thomas F.; Mahy, Heidi A.; Morris, Fred A.

Understanding the issues surrounding public acceptance of homeland security systems is important for balancing security needs and potential civil liberties infringements. A psychometric survey was used to measure attitudes regarding homeland security systems. Psychometric rating data were obtained from 182 respondents on psychological attributes associated with 12 distinct types of homeland security systems. An inverse relationship was observed for the overall rating attributes of acceptability and risk of civil liberties infringement. Principal components analysis yielded a two factor solution, with the rating scale loading pattern suggesting factors of Perceived Effectiveness and Perceived Intrusiveness. These factors also showed an inverse relationship.more » The 12 different homeland security systems showed significantly different scores on the rating scales and PCA factors, which were used to rank the systems in terms of overall acceptability. Difference scores for the rating scales and PCA factors were used to compute a single acceptability value reflecting the relative weight of risks and benefits. Of the 12 systems studied, airport screening, canine detectors and radiation monitoring at borders were found to be relatively acceptable, i.e., the perceived benefits for homeland security outweighed the perceived risks to civil liberties. Students rated several systems as more effective than professionals, but the overall pattern of results for both types of subjects was similar. The data suggest that risk perception research and the psychometric paradigm are useful approaches for quantifying attitudes regarding homeland security systems and policies, and can be used to anticipate potentially significant public acceptance issues.« less

Feasibility studies on explosive detection and homeland security applications using a neutron and x-ray combined computed tomography system

NASA Astrophysics Data System (ADS)

Sinha, V.; Srivastava, A.; Lee, H. K.; Liu, X.

2013-05-01

The successful creation and operation of a neutron and X-ray combined computed tomography (NXCT) system has been demonstrated by researchers at the Missouri University of Science and Technology. The NXCT system has numerous applications in the field of material characterization and object identification in materials with a mixture of atomic numbers represented. Presently, the feasibility studies have been performed for explosive detection and homeland security applications, particularly in concealed material detection and determination of the light atomic number materials. These materials cannot be detected using traditional X-ray imaging. The new system has the capability to provide complete structural and compositional information due to the complementary nature of X-ray and neutron interactions with materials. The design of the NXCT system facilitates simultaneous and instantaneous imaging operation, promising enhanced detection capabilities of explosive materials, low atomic number materials and illicit materials for homeland security applications. In addition, a sample positioning system allowing the user to remotely and automatically manipulate the sample makes the system viable for commercial applications. Several explosives and weapon simulants have been imaged and the results are provided. The fusion algorithms which combine the data from the neutron and X-ray imaging produce superior images. This paper is a compete overview of the NXCT system for feasibility studies of explosive detection and homeland security applications. The design of the system, operation, algorithm development, and detection schemes are provided. This is the first combined neutron and X-ray computed tomography system in operation. Furthermore, the method of fusing neutron and X-ray images together is a new approach which provides high contrast images of the desired object. The system could serve as a standardized tool in nondestructive testing of many applications, especially in explosives detection and homeland security research.

Empirical Analysis and Automated Classification of Security Bug Reports

NASA Technical Reports Server (NTRS)

Tyo, Jacob P.

2016-01-01

With the ever expanding amount of sensitive data being placed into computer systems, the need for effective cybersecurity is of utmost importance. However, there is a shortage of detailed empirical studies of security vulnerabilities from which cybersecurity metrics and best practices could be determined. This thesis has two main research goals: (1) to explore the distribution and characteristics of security vulnerabilities based on the information provided in bug tracking systems and (2) to develop data analytics approaches for automatic classification of bug reports as security or non-security related. This work is based on using three NASA datasets as case studies. The empirical analysis showed that the majority of software vulnerabilities belong only to a small number of types. Addressing these types of vulnerabilities will consequently lead to cost efficient improvement of software security. Since this analysis requires labeling of each bug report in the bug tracking system, we explored using machine learning to automate the classification of each bug report as a security or non-security related (two-class classification), as well as each security related bug report as specific security type (multiclass classification). In addition to using supervised machine learning algorithms, a novel unsupervised machine learning approach is proposed. An ac- curacy of 92%, recall of 96%, precision of 92%, probability of false alarm of 4%, F-Score of 81% and G-Score of 90% were the best results achieved during two-class classification. Furthermore, an accuracy of 80%, recall of 80%, precision of 94%, and F-score of 85% were the best results achieved during multiclass classification.

47 CFR 80.277 - Ship Security Alert System (SSAS).

Code of Federal Regulations, 2010 CFR

2010-10-01

... 47 Telecommunication 5 2010-10-01 2010-10-01 false Ship Security Alert System (SSAS). 80.277... Security Alert System (SSAS). (a) Vessels equipped with a Ship Security Alert System pursuant to the Safety..., “RTCM Standard 11020.0—Ship Security Alert Systems (SSAS) using the Cospas-Sarsat System,” Version 1.0...

Bluetooth based chaos synchronization using particle swarm optimization and its applications to image encryption.

PubMed

Yau, Her-Terng; Hung, Tzu-Hsiang; Hsieh, Chia-Chun

2012-01-01

This study used the complex dynamic characteristics of chaotic systems and Bluetooth to explore the topic of wireless chaotic communication secrecy and develop a communication security system. The PID controller for chaos synchronization control was applied, and the optimum parameters of this PID controller were obtained using a Particle Swarm Optimization (PSO) algorithm. Bluetooth was used to realize wireless transmissions, and a chaotic wireless communication security system was developed in the design concept of a chaotic communication security system. The experimental results show that this scheme can be used successfully in image encryption.

Development and application of a new grey dynamic hierarchy analysis system (GDHAS) for evaluating urban ecological security.

PubMed

Shao, Chaofeng; Tian, Xiaogang; Guan, Yang; Ju, Meiting; Xie, Qiang

2013-05-21

Selecting indicators based on the characteristics and development trends of a given study area is essential for building a framework for assessing urban ecological security. However, few studies have focused on how to select the representative indicators systematically, and quantitative research is lacking. We developed an innovative quantitative modeling approach called the grey dynamic hierarchy analytic system (GDHAS) for both the procedures of indicator selection and quantitative assessment of urban ecological security. Next, a systematic methodology based on the GDHAS is developed to assess urban ecological security comprehensively and dynamically. This assessment includes indicator selection, driving force-pressure-state-impact-response (DPSIR) framework building, and quantitative evaluation. We applied this systematic methodology to assess the urban ecological security of Tianjin, which is a typical coastal super megalopolis and the industry base in China. This case study highlights the key features of our approach. First, 39 representative indicators are selected for the evaluation index system from 62 alternative ones available through the GDHAS. Second, the DPSIR framework is established based on the indicators selected, and the quantitative assessment of the eco-security of Tianjin is conducted. The results illustrate the following: urban ecological security of Tianjin in 2008 was in alert level but not very stable; the driving force and pressure subsystems were in good condition, but the eco-security levels of the remainder of the subsystems were relatively low; the pressure subsystem was the key to urban ecological security; and 10 indicators are defined as the key indicators for five subsystems. These results can be used as the basis for urban eco-environmental management.

Development and Application of a New Grey Dynamic Hierarchy Analysis System (GDHAS) for Evaluating Urban Ecological Security

PubMed Central

Shao, Chaofeng; Tian, Xiaogang; Guan, Yang; Ju, Meiting; Xie, Qiang

2013-01-01

Selecting indicators based on the characteristics and development trends of a given study area is essential for building a framework for assessing urban ecological security. However, few studies have focused on how to select the representative indicators systematically, and quantitative research is lacking. We developed an innovative quantitative modeling approach called the grey dynamic hierarchy analytic system (GDHAS) for both the procedures of indicator selection and quantitative assessment of urban ecological security. Next, a systematic methodology based on the GDHAS is developed to assess urban ecological security comprehensively and dynamically. This assessment includes indicator selection, driving force-pressure-state-impact-response (DPSIR) framework building, and quantitative evaluation. We applied this systematic methodology to assess the urban ecological security of Tianjin, which is a typical coastal super megalopolis and the industry base in China. This case study highlights the key features of our approach. First, 39 representative indicators are selected for the evaluation index system from 62 alternative ones available through the GDHAS. Second, the DPSIR framework is established based on the indicators selected, and the quantitative assessment of the eco-security of Tianjin is conducted. The results illustrate the following: urban ecological security of Tianjin in 2008 was in alert level but not very stable; the driving force and pressure subsystems were in good condition, but the eco-security levels of the remainder of the subsystems were relatively low; the pressure subsystem was the key to urban ecological security; and 10 indicators are defined as the key indicators for five subsystems. These results can be used as the basis for urban eco-environmental management. PMID:23698700

A survey of visualization systems for network security.

PubMed

Shiravi, Hadi; Shiravi, Ali; Ghorbani, Ali A

2012-08-01

Security Visualization is a very young term. It expresses the idea that common visualization techniques have been designed for use cases that are not supportive of security-related data, demanding novel techniques fine tuned for the purpose of thorough analysis. Significant amount of work has been published in this area, but little work has been done to study this emerging visualization discipline. We offer a comprehensive review of network security visualization and provide a taxonomy in the form of five use-case classes encompassing nearly all recent works in this area. We outline the incorporated visualization techniques and data sources and provide an informative table to display our findings. From the analysis of these systems, we examine issues and concerns regarding network security visualization and provide guidelines and directions for future researchers and visual system developers.

Meeting EHR security requirements: SeAAS approach.

PubMed

Katt, Basel; Trojer, Thomas; Breu, Ruth; Schabetsberger, Thomas; Wozak, Florian

2010-01-01

In the last few years, Electronic Health Record (EHR) systems have received a great attention in the literature, as well as in the industry. They are expected to lead to health care savings, increase health care quality and reduce medical errors. This interest has been accompanied by the development of different standards and frameworks to meet EHR challenges. One of the most important initiatives that was developed to solve problems of EHR is IHE (Integrating the Healthcare Enterprise), which adapts the distributed approach to store and manage healthcare data. IHE aims at standardizing the way healthcare systems exchange information in distributed environments. For this purpose it defines several so called Integration Profiles that specify the interactions and the interfaces (Transactions) between various healthcare systems (Actors) or entities. Security was considered also in few profiles that tackled the main security requirements, mainly authentication and audit trails. The security profiles of IHE currently suffer two drawbacks. First, they apply end point security methodology, which has been proven recently to be insufficient and cumbersome in distributed and heterogeneous environment. Second, the current security profiles for more complex security requirements are oversimplified, vague and do not consider architectural design. This recently changed to some extend e.g., with the introduction of newly published white papers regarding privacy [5] and access control [9]. In order to solve the first problem we utilize results of previous studies conducted in the area of security-aware IHE-based systems and the state-of-the-art Security-as-a-Service approach as a convenient methodology to group domain-wide security needs and overcome the end point security shortcomings.

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

NASA Astrophysics Data System (ADS)

Mohammadi, Hadi

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to create and design a Security and Critical Patch Management Process (SCPMP) framework based on Systems Engineering (SE) principles. This framework will assist Information Technology Department Staff (ITDS) to reduce IT operating time and costs and mitigate the risk of security and vulnerability attacks. Further, this study evaluates implementation of the SCPMP in the networked computing systems of an academic environment in order to: 1. Meet patch management requirements by applying SE principles. 2. Reduce the cost of IT operations and PVM cycles. 3. Improve the current PVM methodologies to prevent networked computing systems from becoming the targets of security vulnerability attacks. 4. Embed a Maintenance Optimization Tool (MOT) in the proposed framework. The MOT allows IT managers to make the most practicable choice of methods for deploying and installing released patches and vulnerability remediation. In recent years, there has been a variety of frameworks for security practices in every networked computing system to protect computer workstations from becoming compromised or vulnerable to security attacks, which can expose important information and critical data. I have developed a new mechanism for implementing PVM for maximizing security-vulnerability maintenance, protecting OS and software packages, and minimizing SCPMP cost. To increase computing system security in any diverse environment, particularly in academia, one must apply SCPMP. I propose an optimal maintenance policy that will allow ITDS to measure and estimate the variation of PVM cycles based on their department's requirements. My results demonstrate that MOT optimizes the process of implementing SCPMP in academic workstations.

Hybrid network defense model based on fuzzy evaluation.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.

76 FR 43993 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-22

...; System of Records AGENCY: National Security Agency/Central Security Service, Department of Defense. ACTION: Notice to Delete a System of Records. SUMMARY: The National Security Agency/Central Security.... FOR FURTHER INFORMATION CONTACT: Ms. Anne Hill, National Security Agency/Central Security Service...

The role of privacy protection in healthcare information systems adoption.

PubMed

Hsu, Chien-Lung; Lee, Ming-Ren; Su, Chien-Hui

2013-10-01

Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users' privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection.

31 CFR 306.23 - Securities eligible to be held in the TREASURY DIRECT Book-entry Securities System.

Code of Federal Regulations, 2010 CFR

2010-07-01

... TREASURY DIRECT Book-entry Securities System. 306.23 Section 306.23 Money and Finance: Treasury Regulations... Securities eligible to be held in the TREASURY DIRECT Book-entry Securities System. (a) Eligible issues. The... conversion to the TREASURY DIRECT Book-entry Securities System. The notice shall specify the period during...

Development of Decision-Making Automated System for Optimal Placement of Physical Access Control System’s Elements

NASA Astrophysics Data System (ADS)

Danilova, Olga; Semenova, Zinaida

2018-04-01

The objective of this study is a detailed analysis of physical protection systems development for information resources. The optimization theory and decision-making mathematical apparatus is used to formulate correctly and create an algorithm of selection procedure for security systems optimal configuration considering the location of the secured object’s access point and zones. The result of this study is a software implementation scheme of decision-making system for optimal placement of the physical access control system’s elements.

Security Evolution.

ERIC Educational Resources Information Center

De Patta, Joe

2003-01-01

Examines how to evaluate school security, begin making schools safe, secure schools without turning them into fortresses, and secure schools easily and affordably; the evolution of security systems into information technology systems; using schools' high-speed network lines; how one specific security system was developed; pros and cons of the…

33 CFR 106.255 - Security systems and equipment maintenance.

Code of Federal Regulations, 2010 CFR

2010-07-01

... maintained according to manufacturers' recommendations. (b) Security systems must be regularly tested in... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security systems and equipment... Shelf (OCS) Facility Security Requirements § 106.255 Security systems and equipment maintenance. (a...

A Common Criteria-Based Team Project for High Assurance Secure Systems

DTIC Science & Technology

2005-01-01

experience in the FHM, full system documentation, and plenty of time. The students had little experience and little time. The MINIX operating... MINIX is a very appropriate target for student enhancements. Since the principle objective of Secure Systems is to teach the concepts of...to construct a system when one of the developmental threats is subversion. Because students were studying MINIX in a prerequisite operating systems

Systems Security Engineering

DTIC Science & Technology

2010-08-22

practice for information security management ( ISO /IEC 27002 ),” “Information technology — Security techniques — Information security management...systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security techniques — Information security risk management ( ISO /IEC 27005).” from...associated practice aids. Perhaps the most germane discovery from this effort was a draft ISO standard on Systems and software engineering, Systems and

75 FR 56079 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-15

... to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act...; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to amend a system of records. SUMMARY: The National Security Agency/Central Security Service is proposing to...

Information security threats and an easy-to-implement attack detection framework for wireless sensor network-based smart grid applications

NASA Astrophysics Data System (ADS)

Tuna, G.; Örenbaş, H.; Daş, R.; Kogias, D.; Baykara, M.; K, K.

2016-03-01

Wireless Sensor Networks (WSNs) when combined with various energy harvesting solutions managing to prolong the overall lifetime of the system and enhanced capabilities of the communication protocols used by modern sensor nodes are efficiently used in are efficiently used in Smart Grid (SG), an evolutionary system for the modernization of existing power grids. However, wireless communication technology brings various types of security threats. In this study, firstly the use of WSNs for SG applications is presented. Second, the security related issues and challenges as well as the security threats are presented. In addition, proposed security mechanisms for WSN-based SG applications are discussed. Finally, an easy- to-implement and simple attack detection framework to prevent attacks directed to sink and gateway nodes with web interfaces is proposed and its efficiency is proved using a case study.

Computer Security Systems Enable Access.

ERIC Educational Resources Information Center

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

Energy System Integration Facility Secure Data Center | Energy Systems

Science.gov Websites

Integration Facility | NREL Energy System Integration Facility Secure Data Center Energy System Integration Facility Secure Data Center The Energy Systems Integration Facility's Secure Data Center provides

An Annotated and Cross-Referenced Bibliography on Computer Security and Access Control in Computer Systems.

ERIC Educational Resources Information Center

Bergart, Jeffrey G.; And Others

This paper represents a careful study of published works on computer security and access control in computer systems. The study includes a selective annotated bibliography of some eighty-five important published results in the field and, based on these papers, analyzes the state of the art. In annotating these works, the authors try to be…

Cohort profile: the Spanish WORKing life Social Security (WORKss) cohort study

PubMed Central

López Gómez, María Andrée; Durán, Xavier; Zaballa, Elena; Sanchez-Niubo, Albert; Delclos, George L; Benavides, Fernando G

2016-01-01

Purpose The global economy is changing the labour market and social protection systems in Europe. The effect of both changes on health needs to be monitored in view of an ageing population and the resulting increase in prevalence of chronic health conditions. The Spanish WORKing life Social Security (WORKss) cohort study provides unique longitudinal data to study the impact of labour trajectories and employment conditions on health, in terms of sickness absence, permanent disability and death. Participants The WORKss cohort originated from the Continuous Working Life Sample (CWLS) generated by the General Directorate for the Organization of the Social Security in Spain. The CWLS contains a 4% representative sample of all individuals in contact with the Social Security system. The WORKss cohort exclusively includes individuals with a labour trajectory from 1981 or later. In 2004, the cohort was initiated with 1 022 779 Social Security members: 840 770 (82.2%) contributors and 182 009 (17.8%) beneficiaries aged 16 and older. Findings to date The WORKss cohort includes demographic characteristics, chronological data about employment history, retirement, permanent disability and death. These data make possible the measurement of incidence of permanent disability, the number of potential years of working life lost, and the number of contracts and inactive periods with the Social Security system. The WORKss cohort was linked to temporary sickness absence registries to study medical diagnoses that lead to permanent disability and consequently to an earlier exit from the labour market in unhealthy conditions. Future plans Thanks to its administrative source, the WORKss cohort study will continue follow-up in the coming years, keeping the representativeness of the Spanish population affiliated to the Social Security system. The linkage between the WORKss cohort and temporary sickness absence registries is envisioned to continue. Future plans include the linkage of the cohort with mortality registries. PMID:26951209

Cohort profile: the Spanish WORKing life Social Security (WORKss) cohort study.

PubMed

López Gómez, María Andrée; Durán, Xavier; Zaballa, Elena; Sanchez-Niubo, Albert; Delclos, George L; Benavides, Fernando G

2016-03-07

The global economy is changing the labour market and social protection systems in Europe. The effect of both changes on health needs to be monitored in view of an ageing population and the resulting increase in prevalence of chronic health conditions. The Spanish WORKing life Social Security (WORKss) cohort study provides unique longitudinal data to study the impact of labour trajectories and employment conditions on health, in terms of sickness absence, permanent disability and death. The WORKss cohort originated from the Continuous Working Life Sample (CWLS) generated by the General Directorate for the Organization of the Social Security in Spain. The CWLS contains a 4% representative sample of all individuals in contact with the Social Security system. The WORKss cohort exclusively includes individuals with a labour trajectory from 1981 or later. In 2004, the cohort was initiated with 1,022 ,79 Social Security members: 840,770 (82.2%) contributors and 182,009 (17.8%) beneficiaries aged 16 and older. The WORKss cohort includes demographic characteristics, chronological data about employment history, retirement, permanent disability and death. These data make possible the measurement of incidence of permanent disability, the number of potential years of working life lost, and the number of contracts and inactive periods with the Social Security system. The WORKss cohort was linked to temporary sickness absence registries to study medical diagnoses that lead to permanent disability and consequently to an earlier exit from the labour market in unhealthy conditions. Thanks to its administrative source, the WORKss cohort study will continue follow-up in the coming years, keeping the representativeness of the Spanish population affiliated to the Social Security system. The linkage between the WORKss cohort and temporary sickness absence registries is envisioned to continue. Future plans include the linkage of the cohort with mortality registries. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://www.bmj.com/company/products-services/rights-and-licensing/

77 FR 56628 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-13

... to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act...; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to add a system of records. SUMMARY: The National Security Agency/Central Security Service proposes to add a new...

78 FR 45913 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-30

... National Security Agency/Central Security Service systems of records subject to the Privacy Act of 1974 (5... National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act Office, 9800...; Systems of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to alter...

System Control for the Transitional DCS. Appendices.

DTIC Science & Technology

1978-12-01

the deployment of the AN/TTC-39 circuit switch. This is a hybrid analog/digital switch providing the following services: o Non- secure analog telephone...service. o Non- secure 16 Kb/s digital telephone service. o Secure 16 Kb/s digital telephone service with automatic key distribution and end to end... security . o Analog circuits to support current inventory 50 Kb/sec and 9.6 Kb/sec secure digital communications. In the deployment model for this study

77 FR 26259 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-03

.... SUPPLEMENTARY INFORMATION: The National Security Agency systems of records notice subject to the Privacy Act of... of Records AGENCY: National Security Agency/Central Security Service. ACTION: Notice to Delete a System of Records. SUMMARY: The National Security Agency/Central Security Service is deleting a system of...

75 FR 67697 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-03

... National Security Agency's record system notices for records systems subject to the Privacy Act of 1974 (5... National Security Agency/Central Security Service, Freedom of Information Act (FOIA)/Privacy Act Office...; Systems of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to add a...

75 FR 43494 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-26

... National Security Agency's record system notices for records systems subject to the Privacy Act of 1974 (5... National Security Agency/Central Security Service, Freedom of Information Act and Privacy Act Office, 9800...; System of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to...

8 CFR 103.34 - Security of records systems.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 8 Aliens and Nationality 1 2010-01-01 2010-01-01 false Security of records systems. 103.34 Section 103.34 Aliens and Nationality DEPARTMENT OF HOMELAND SECURITY IMMIGRATION REGULATIONS POWERS AND DUTIES; AVAILABILITY OF RECORDS § 103.34 Security of records systems. The security of records systems...

Gross anatomy of network security

NASA Technical Reports Server (NTRS)

Siu, Thomas J.

2002-01-01

Information security involves many branches of effort, including information assurance, host level security, physical security, and network security. Computer network security methods and implementations are given a top-down description to permit a medically focused audience to anchor this information to their daily practice. The depth of detail of network functionality and security measures, like that of the study of human anatomy, can be highly involved. Presented at the level of major gross anatomical systems, this paper will focus on network backbone implementation and perimeter defenses, then diagnostic tools, and finally the user practices (the human element). Physical security measures, though significant, have been defined as beyond the scope of this presentation.

A Study on the Secure User Profiling Structure and Procedure for Home Healthcare Systems.

PubMed

Ko, Hoon; Song, MoonBae

2016-01-01

Despite of various benefits such as a convenience and efficiency, home healthcare systems have some inherent security risks that may cause a serious leak on personal health information. This work presents a Secure User Profiling Structure which has the patient information including their health information. A patient and a hospital keep it at that same time, they share the updated data. While they share the data and communicate, the data can be leaked. To solve the security problems, a secure communication channel with a hash function and an One-Time Password between a client and a hospital should be established and to generate an input value to an OTP, it uses a dual hash-function. This work presents a dual hash function-based approach to generate the One-Time Password ensuring a secure communication channel with the secured key. In result, attackers are unable to decrypt the leaked information because of the secured key; in addition, the proposed method outperforms the existing methods in terms of computation cost.

Research on mobile electronic commerce security technology based on WPKI

NASA Astrophysics Data System (ADS)

Zhang, Bo

2013-07-01

Through the in-depth study on the existing mobile e-commerce and WAP protocols, this paper presents a security solution of e-commerce system based on WPKI, and describes its implementation process and specific implementation details. This solution uniformly distributes the key used by the various participating entities , to fully ensure the confidentiality, authentication, fairness and integrity of mobile e-commerce payments, therefore has some pract ical value for improving the security of e-commerce system.

How to supplement Social Security fairly and effectively.

PubMed

Ghilarducci, Teresa

2010-04-01

Over the past 3 decades, the base upon which Americans obtain income for retirement has become increasingly tied to fluctuations in the financial markets. Because Social Security provides a small percentage of pre-retirement income in retirement, most of the nation's workers need a supplement to Social Security. This study demonstrates the failure of the 401(k) system and advances a bold, but realistic, solution to America's crumbling retirement system: guaranteed retirement accounts (GRAs), a universal government program that supplements Social Security by providing guaranteed rates of return, by locking up balances until retirement, and by mandating annuities at retirement-with survivor's benefits. The GRA plan is compared to other proposals, including President Obama's, which aims to expand the voluntary, commercial, individually directed account-based system.

Tailoring NIST Security Controls for the Ground System: Selection and Implementation -- Recommendations for Information System Owners

NASA Technical Reports Server (NTRS)

Takamura, Eduardo; Mangum, Kevin

2016-01-01

The National Aeronautics and Space Administration (NASA) invests millions of dollars in spacecraft and ground system development, and in mission operations in the pursuit of scientific knowledge of the universe. In recent years, NASA sent a probe to Mars to study the Red Planet's upper atmosphere, obtained high resolution images of Pluto, and it is currently preparing to find new exoplanets, rendezvous with an asteroid, and bring a sample of the asteroid back to Earth for analysis. The success of these missions is enabled by mission assurance. In turn, mission assurance is backed by information assurance. The information systems supporting NASA missions must be reliable as well as secure. NASA - like every other U.S. Federal Government agency - is required to manage the security of its information systems according to federal mandates, the most prominent being the Federal Information Security Management Act (FISMA) of 2002 and the legislative updates that followed it. Like the management of enterprise information technology (IT), federal information security management takes a "one-size fits all" approach for protecting IT systems. While this approach works for most organizations, it does not effectively translate into security of highly specialized systems such as those supporting NASA missions. These systems include command and control (C&C) systems, spacecraft and instrument simulators, and other elements comprising the ground segment. They must be carefully configured, monitored and maintained, sometimes for several years past the missions' initially planned life expectancy, to ensure the ground system is protected and remains operational without any compromise of its confidentiality, integrity and availability. Enterprise policies, processes, procedures and products, if not effectively tailored to meet mission requirements, may not offer the needed security for protecting the information system, and they may even become disruptive to mission operations. Certain protective measures for the general enterprise may not be as efficient within the ground segment. This is what the authors have concluded through observations and analysis of patterns identified from the various security assessments performed on NASA missions such as MAVEN, OSIRIS-REx, New Horizons and TESS, to name a few. The security audits confirmed that the framework for managing information system security developed by the National Institute of Standards and Technology (NIST) for the federal government, and adopted by NASA, is indeed effective. However, the selection of the technical, operational and management security controls offered by the NIST model - and how they are implemented - does not always fit the nature and the environment where the ground system operates in even though there is no apparent impact on mission success. The authors observed that unfit controls, that is, controls that are not necessarily applicable or sufficiently effective in protecting the mission systems, are often selected to facilitate compliance with security requirements and organizational expectations even if the selected controls offer minimum or non-existent protection. This paper identifies some of the standard security controls that can in fact protect the ground system, and which of them offer little or no benefit at all. It offers multiple scenarios from real security audits in which the controls are not effective without, of course, disclosing any sensitive information about the missions assessed. In addition to selection and implementation of controls, the paper also discusses potential impact of recent legislation such as the Federal Information Security Modernization Act (FISMA) of 2014 - aimed at the enterprise - on the ground system, and offers other recommendations to Information System Owners (ISOs).

An alternative to sneakernet

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orrell, S.; Ralstin, S.

1992-04-01

Many computer security plans specify that only a small percentage of the data processed will be classified. Thus, the bulk of the data on secure systems must be unclassified. Secure limited access sites operating approved classified computing systems sometimes also have a system ostensibly containing only unclassified files but operating within the secure environment. That system could be networked or otherwise connected to a classified system(s) in order that both be able to use common resources for file storage or computing power. Such a system must operate under the same rules as the secure classified systems. It is in themore » nature of unclassified files that they either came from, or will eventually migrate to, a non-secure system. Today, unclassified files are exported from systems within the secure environment typically by loading transport media and carrying them to an open system. Import of unclassified files is handled similarly. This media transport process, sometimes referred to as sneaker net, often is manually logged and controlled only by administrative procedures. A comprehensive system for secure bi-directional transfer of unclassified files between secure and open environments has yet to be developed. Any such secure file transport system should be required to meet several stringent criteria. It is the purpose of this document to begin a definition of these criteria.« less

An alternative to sneakernet

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orrell, S.; Ralstin, S.

1992-01-01

Many computer security plans specify that only a small percentage of the data processed will be classified. Thus, the bulk of the data on secure systems must be unclassified. Secure limited access sites operating approved classified computing systems sometimes also have a system ostensibly containing only unclassified files but operating within the secure environment. That system could be networked or otherwise connected to a classified system(s) in order that both be able to use common resources for file storage or computing power. Such a system must operate under the same rules as the secure classified systems. It is in themore » nature of unclassified files that they either came from, or will eventually migrate to, a non-secure system. Today, unclassified files are exported from systems within the secure environment typically by loading transport media and carrying them to an open system. Import of unclassified files is handled similarly. This media transport process, sometimes referred to as sneaker net, often is manually logged and controlled only by administrative procedures. A comprehensive system for secure bi-directional transfer of unclassified files between secure and open environments has yet to be developed. Any such secure file transport system should be required to meet several stringent criteria. It is the purpose of this document to begin a definition of these criteria.« less

ITIL{sup ®} and information security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jašek, Roman; Králík, Lukáš; Popelka, Miroslav

2015-03-10

This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework.

Using digital watermarking to enhance security in wireless medical image transmission.

PubMed

Giakoumaki, Aggeliki; Perakis, Konstantinos; Banitsas, Konstantinos; Giokas, Konstantinos; Tachakra, Sapal; Koutsouris, Dimitris

2010-04-01

During the last few years, wireless networks have been increasingly used both inside hospitals and in patients' homes to transmit medical information. In general, wireless networks suffer from decreased security. However, digital watermarking can be used to secure medical information. In this study, we focused on combining wireless transmission and digital watermarking technologies to better secure the transmission of medical images within and outside the hospital. We utilized an integrated system comprising the wireless network and the digital watermarking module to conduct a series of tests. The test results were evaluated by medical consultants. They concluded that the images suffered no visible quality degradation and maintained their diagnostic integrity. The proposed integrated system presented reasonable stability, and its performance was comparable to that of a fixed network. This system can enhance security during the transmission of medical images through a wireless channel.

Development of a Secure Mobile GPS Tracking and Management System

ERIC Educational Resources Information Center

Liu, Anyi

2012-01-01

With increasing demand of mobile devices and cloud computing, it becomes increasingly important to develop efficient mobile application and its secured backend, such as web applications and virtualization environment. This dissertation reports a systematic study of mobile application development and the security issues of its related backend. …

Information technology security system engineering methodology

NASA Technical Reports Server (NTRS)

Childs, D.

2003-01-01

A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

Consumers Are Ready to Accept the Transition to Online and Electronic Records If They Can Be Assured of the Security Measures

PubMed Central

Chhanabhai, Prajesh; Holt, Alec

2007-01-01

Background Healthcare has entered the electronic domain. This domain has improved data collection and storage abilities while allowing almost instantaneous access and results to data queries. Furthermore, it allows direct communication between healthcare providers and health consumers. The development of privacy, confidentiality, and security principles are necessary to protect consumers' interests against inappropriate access. Studies have shown that the health consumer is the important stakeholder in this process. With the international push toward electronic health records (EHRs), this article presents the importance of secure EHR systems from the public's perspective. Objective To examine the public's perception of the security of electronic systems and report on how their perceptions can shape the building of stronger systems. Methods A cross-sectional survey (September-November 2005) of people attending healthcare providers (n = 400) was conducted in the 4 major cities in New Zealand. Participants were surveyed on computer use, knowledge of EHR-proposed benefits and issues, security issues, and demographics. Results A total of 300 surveys were completed and returned (a 75% response rate), with 180 (60%) being women. One hundred eighty-eight (62.6%) had not heard of EHRs, with those who had heard of them indicating that they were a positive innovation in the health sector. However, 202 (73.3%) participants were highly concerned about the security and privacy of their health records. This feeling was further accentuated when participants were asked about security of electronic systems. Participants were worried about hackers (79.4%), vendor access (72.7%), and malicious software (68%). Participants were also introduced to various security systems, and in each case, over 80% of participants believed that these would make EHR systems more secure. A number of chi-square tests were carried out with each variable, and it was found that there were strong relationships between age, location, computer use, EHR knowledge, and the concern for privacy and the security of medical records (P < .05). The survey also showed that there was a very small difference (9.8%) between health consumers who believed that paper records are more secure than EHRs and those who believed otherwise. Conclusions The findings showed that for the EHR to be fully integrating in the health sector, there are 2 main issues that need to be addressed: The security of the EHR system has to be of the highest level, and needs to be constantly monitored and updated.The involvement of the health consumer in the ownership and maintenance of their health record needs to be more proactive. The EHR aims to collect information to allow for “cradle to the grave” treatment; thus, the health consumer has to be seen as a major player in ensuring that this can happen correctly. The results from this study indicated that the consumer is ready to accept the transition, as long as one can be assured of the security of the system. PMID:17435617

Consumers are ready to accept the transition to online and electronic records if they can be assured of the security measures.

PubMed

Chhanabhai, Prajesh; Holt, Alec

2007-01-11

Healthcare has entered the electronic domain. This domain has improved data collection and storage abilities while allowing almost instantaneous access and results to data queries. Furthermore, it allows direct communication between healthcare providers and health consumers. The development of privacy, confidentiality, and security principles are necessary to protect consumers' interests against inappropriate access. Studies have shown that the health consumer is the important stakeholder in this process. With the international push toward electronic health records (EHRs), this article presents the importance of secure EHR systems from the public's perspective. To examine the public's perception of the security of electronic systems and report on how their perceptions can shape the building of stronger systems. A cross-sectional survey (September-November 2005) of people attending healthcare providers (n = 400) was conducted in the 4 major cities in New Zealand. Participants were surveyed on computer use, knowledge of EHR-proposed benefits and issues, security issues, and demographics. A total of 300 surveys were completed and returned (a 75% response rate), with 180 (60%) being women. One hundred eighty-eight (62.6%) had not heard of EHRs, with those who had heard of them indicating that they were a positive innovation in the health sector. However, 202 (73.3%) participants were highly concerned about the security and privacy of their health records. This feeling was further accentuated when participants were asked about security of electronic systems. Participants were worried about hackers (79.4%), vendor access (72.7%), and malicious software (68%). Participants were also introduced to various security systems, and in each case, over 80% of participants believed that these would make EHR systems more secure. A number of chi-square tests were carried out with each variable, and it was found that there were strong relationships between age, location, computer use, EHR knowledge, and the concern for privacy and the security of medical records (P < .05). The survey also showed that there was a very small difference (9.8%) between health consumers who believed that paper records are more secure than EHRs and those who believed otherwise. The findings showed that for the EHR to be fully integrating in the health sector, there are 2 main issues that need to be addressed: The security of the EHR system has to be of the highest level, and needs to be constantly monitored and updated. The involvement of the health consumer in the ownership and maintenance of their health record needs to be more proactive. The EHR aims to collect information to allow for "cradle to the grave" treatment; thus, the health consumer has to be seen as a major player in ensuring that this can happen correctly. The results from this study indicated that the consumer is ready to accept the transition, as long as one can be assured of the security of the system.

In Internet-Based Visualization System Study about Breakthrough Applet Security Restrictions

NASA Astrophysics Data System (ADS)

Chen, Jie; Huang, Yan

In the process of realization Internet-based visualization system of the protein molecules, system needs to allow users to use the system to observe the molecular structure of the local computer, that is, customers can generate the three-dimensional graphics from PDB file on the client computer. This requires Applet access to local file, related to the Applet security restrictions question. In this paper include two realization methods: 1.Use such as signature tools, key management tools and Policy Editor tools provided by the JDK to digital signature and authentication for Java Applet, breakthrough certain security restrictions in the browser. 2. Through the use of Servlet agent implement indirect access data methods, breakthrough the traditional Java Virtual Machine sandbox model restriction of Applet ability. The two ways can break through the Applet's security restrictions, but each has its own strengths.

Security Analysis and Improvement of 'a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System'.

PubMed

Islam, S K Hafizul; Khan, Muhammad Khurram; Li, Xiong

2015-01-01

Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.'s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen's scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature.

Increased uptake of social security benefits among long-term survivors of cancer in childhood, adolescence and young adulthood: a Norwegian population-based cohort study.

PubMed

Ghaderi, S; Engeland, A; Moster, D; Ruud, E; Syse, A; Wesenberg, F; Bjørge, T

2013-04-16

As the number of cancer survivors increases, their health and welfare have come into focus. Thus, long-term medical consequences of cancer at a young age (<25 years), obtained from social security benefit records, were studied. Standardised incidence ratios (SIRs) of long-term medical consequences for 5-year cancer survivors, born during 1965-1985, were explored by linking population-based registries in Norway. Among the 5-year cancer survivors (4031 individuals), 29.7% received social security benefits. The survivors had an overall 4.4 times (95% confidence interval (95% CI): 4.1-4.6) higher risk of social security benefit uptake than the cancer-free population. Survivors of malignancies of bone and connective tissues (SIR: 10.8; 95% CI: 9.1-12.9), CNS tumours (SIR: 7.7; 95% CI: 6.9-8.6) and malignancies of the haematopoietic system (SIR: 6.1; 95% CI: 5.3-7.0) had the highest risks of social security benefits uptake. The most notified causes of social security benefit uptake were diseases of the nervous system, and injury and poisoning. The uptake of social security benefits among 5-year cancer survivors increased substantially and it may represent a solid outcome measure for the burden of the most severe late effects, especially in countries with comparable social welfare systems.

A Call for National Security System Transformation

DTIC Science & Technology

2012-06-01

Gabriel Marcella . Carlisle, PA: Strategic Studies Institute, U.S. Army War College, 2008. Fox News Corporation. “Last American Troops Leave Iraq...by Gabriel Marcella . Carlisle, PA: Strategic Studies Institute, U.S. Army War College, 2008. Stewart, Douglas. “Constructing the Iron Cage: The...1947 National Security Act.” In Affairs of State: The Interagency and National Security. Edited by Gabriel Marcella . Carlisle, PA: Strategic

6 CFR 5.31 - Security of systems of records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Security of systems of records. 5.31 Section 5.31 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Privacy Act § 5.31 Security of systems of records. (a) In general. Each component...

28 CFR 700.24 - Security of systems of records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Security of systems of records. 700.24... Records Under the Privacy Act of 1974 § 700.24 Security of systems of records. (a) The Office Administrator or Security Officer shall be responsible for issuing regulations governing the security of systems...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2013 CFR

2013-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2013-01-01 2013-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2014 CFR

2014-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2014-01-01 2014-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

Integrating Visual Mnemonics and Input Feedback With Passphrases to Improve the Usability and Security of Digital Authentication.

PubMed

Juang, Kevin; Greenstein, Joel

2018-04-01

We developed a new authentication system based on passphrases instead of passwords. Our new system incorporates a user-generated mnemonic picture displayed during login, definition tooltips, error correction to reduce typographical errors, a decoy-based input masking technique, and random passphrase generation using either a specialized wordlist or a sentence template. Passphrases exhibit a greater level of security than traditional passwords, but their wider adoption has been hindered by human factors issues. Our assertion is that the added features of our system work particularly well with passphrases and help address these shortcomings. We conducted a study to evaluate our new system with a customized 1,450-word list and our new system with a 6-word sentence structure against the control conditions of a user-created passphrase of at least 24 characters and a system-generated passphrase using a 10,326-word list. Fifty participants completed two sessions so that we could measure the usability and security of the authentication schemes. With the new system conditions, memorability was improved, and security was equivalent to or better than the control conditions. Usability and overall ratings also favored the new system conditions over the control conditions. Our research presents a new authentication system using innovative techniques that improve on the usability and security of existing password and passphrase authentication systems. In computer security, drastic changes should never happen overnight, but we recommend that our contributions be incorporated into current authentication systems to help facilitate a transition from passwords to usable passphrases.

Building a Secure Library System.

ERIC Educational Resources Information Center

Benson, Allen C.

1998-01-01

Presents tips for building a secure library system to guard against threats like hackers, viruses, and theft. Topics include: determining what is at risk; recovering from disasters; developing security policies; developing front-end security; securing menu systems; accessing control programs; protecting against damage from viruses; developing…

Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model.

PubMed

Moghaddasi, Hamid; Sajjadi, Samad; Kamkarhaghighi, Mehran

2016-01-01

Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. The "data security models" presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the "needs and improvement" cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced.

Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model

PubMed Central

Moghaddasi, Hamid; Kamkarhaghighi, Mehran

2016-01-01

Introduction: Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. Background: The “data security models” presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the “needs and improvement” cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Findings: Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Conclusion: Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced. PMID:27857823

Extending AADL for Security Design Assurance of Cyber Physical Systems

DTIC Science & Technology

2015-12-16

a detailed system architecture design of a CPS can be analyzed using AADL to prevent such types of CWEs. We divided the work into two tasks as...security modeling to CPSs, and develop a case study to show how formal modeling using AADL could be applied to a CPS to improve the security design of the... CPS . These examples of recent attacks against automobiles have been reported:  A wireless device used by Progressive Insurance to gather information

Security enhancement study for the U.S. motorcoach industry : executive summary

DOT National Transportation Integrated Search

2003-05-01

The Security Enhancement Study for the U.S. Motorcoach Industry was commissioned by the Federal Motor Carrier Safety Administration (FMCSA) and conducted by the John A. Volpe National Transportation Systems Center (Volpe Center). It was prepared to i...

33 CFR 127.705 - Security systems.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 33 Navigation and Navigable Waters 2 2014-07-01 2014-07-01 false Security systems. 127.705 Section 127.705 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED... Waterfront Facilities Handling Liquefied Natural Gas Security § 127.705 Security systems. The operator shall...

33 CFR 127.705 - Security systems.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 33 Navigation and Navigable Waters 2 2012-07-01 2012-07-01 false Security systems. 127.705 Section 127.705 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED... Waterfront Facilities Handling Liquefied Natural Gas Security § 127.705 Security systems. The operator shall...

33 CFR 127.705 - Security systems.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 33 Navigation and Navigable Waters 2 2011-07-01 2011-07-01 false Security systems. 127.705 Section 127.705 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED... Waterfront Facilities Handling Liquefied Natural Gas Security § 127.705 Security systems. The operator shall...

33 CFR 127.705 - Security systems.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 33 Navigation and Navigable Waters 2 2013-07-01 2013-07-01 false Security systems. 127.705 Section 127.705 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED... Waterfront Facilities Handling Liquefied Natural Gas Security § 127.705 Security systems. The operator shall...

33 CFR 127.705 - Security systems.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security systems. 127.705 Section 127.705 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED... Waterfront Facilities Handling Liquefied Natural Gas Security § 127.705 Security systems. The operator shall...

Data mining technique for a secure electronic payment transaction using MJk-RSA in mobile computing

NASA Astrophysics Data System (ADS)

G. V., Ramesh Babu; Narayana, G.; Sulaiman, A.; Padmavathamma, M.

2012-04-01

Due to the evolution of the Electronic Learning (E-Learning), one can easily get desired information on computer or mobile system connected through Internet. Currently E-Learning materials are easily accessible on the desktop computer system, but in future, most of the information shall also be available on small digital devices like Mobile, PDA, etc. Most of the E-Learning materials are paid and customer has to pay entire amount through credit/debit card system. Therefore, it is very important to study about the security of the credit/debit card numbers. The present paper is an attempt in this direction and a security technique is presented to secure the credit/debit card numbers supplied over the Internet to access the E-Learning materials or any kind of purchase through Internet. A well known method i.e. Data Cube Technique is used to design the security model of the credit/debit card system. The major objective of this paper is to design a practical electronic payment protocol which is the safest and most secured mode of transaction. This technique may reduce fake transactions which are above 20% at the global level.

Security Threat Assessment of an Internet Security System Using Attack Tree and Vague Sets

PubMed Central

2014-01-01

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete—the traditional approach for calculating reliability—is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods. PMID:25405226

Security threat assessment of an Internet security system using attack tree and vague sets.

PubMed

Chang, Kuei-Hu

2014-01-01

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete--the traditional approach for calculating reliability--is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods.

Addressing the Challenges of Collective Security in West Africa: In View of Recent Conflicts

DTIC Science & Technology

2017-06-09

Distribution is Unlimited 13. SUPPLEMENTARY NOTES 14. ABSTRACT Understanding that achieving peace and security is a primary condition for an economic ...condition for an economic integration, ECOWAS has developped various approachs in resolving crises and overcoming threats within West Africa. Using...System CS Collective Security CSO Civil Society Organizations CSS Center for Security Studies EAC East Africa Community ECCAS Economic Community of

Hybrid Network Defense Model Based on Fuzzy Evaluation

PubMed Central

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture. PMID:24574870

33 CFR 106.265 - Security measures for restricted areas.

Code of Federal Regulations, 2010 CFR

2010-07-01

...) Telecommunications; (iii) Power distribution system; (iv) Access points for ventilation and air-conditioning systems... security areas within the OCS facility; (6) Protect security and surveillance equipment and systems; and (7... security and surveillance equipment and systems and their controls, and lighting system controls; and (3...

77 FR 32111 - Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-31

... or fraud, or harm to the security or integrity of this system or other systems or programs (whether... to comment. FCC/MB-2 System Name: Broadcast Station Public Inspection Files. Security Classification: The FCC's Security Operations Center (SOC) has not assigned a security classification to this system...

The Market Value of Information System (IS) Security: An Event Study of E-Banking Service Providers

ERIC Educational Resources Information Center

Brock, Linda

2012-01-01

Understanding the financial value resulting from IS security investments is critically important to organizations focused on protecting service confidentiality, integrity, and availability in order to preserve firm revenues and reputations. Quantifying the financial effect from IS security investments is difficult to derive. This study…

Quantifying Security Threats and Their Potential Impacts: A Case Study

DOE Office of Scientific and Technical Information (OSTI.GOV)

Aissa, Anis Ben; Abercrombie, Robert K; Sheldon, Frederick T

In earlier works, we present a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain as a result of security breakdowns. In this paper, we illustrate this infrastructure by means of an e-commerce application.

A Novel Secure IoT-Based Smart Home Automation System Using a Wireless Sensor Network.

PubMed

Pirbhulal, Sandeep; Zhang, Heye; E Alahi, Md Eshrat; Ghayvat, Hemant; Mukhopadhyay, Subhas Chandra; Zhang, Yuan-Ting; Wu, Wanqing

2016-12-30

Wireless sensor networks (WSNs) provide noteworthy benefits over traditional approaches for several applications, including smart homes, healthcare, environmental monitoring, and homeland security. WSNs are integrated with the Internet Protocol (IP) to develop the Internet of Things (IoT) for connecting everyday life objects to the internet. Hence, major challenges of WSNs include: (i) how to efficiently utilize small size and low-power nodes to implement security during data transmission among several sensor nodes; (ii) how to resolve security issues associated with the harsh and complex environmental conditions during data transmission over a long coverage range. In this study, a secure IoT-based smart home automation system was developed. To facilitate energy-efficient data encryption, a method namely Triangle Based Security Algorithm (TBSA) based on efficient key generation mechanism was proposed. The proposed TBSA in integration of the low power Wi-Fi were included in WSNs with the Internet to develop a novel IoT-based smart home which could provide secure data transmission among several associated sensor nodes in the network over a long converge range. The developed IoT based system has outstanding performance by fulfilling all the necessary security requirements. The experimental results showed that the proposed TBSA algorithm consumed less energy in comparison with some existing methods.

A Novel Secure IoT-Based Smart Home Automation System Using a Wireless Sensor Network

PubMed Central

Pirbhulal, Sandeep; Zhang, Heye; E Alahi, Md Eshrat; Ghayvat, Hemant; Mukhopadhyay, Subhas Chandra; Zhang, Yuan-Ting; Wu, Wanqing

2016-01-01

Wireless sensor networks (WSNs) provide noteworthy benefits over traditional approaches for several applications, including smart homes, healthcare, environmental monitoring, and homeland security. WSNs are integrated with the Internet Protocol (IP) to develop the Internet of Things (IoT) for connecting everyday life objects to the internet. Hence, major challenges of WSNs include: (i) how to efficiently utilize small size and low-power nodes to implement security during data transmission among several sensor nodes; (ii) how to resolve security issues associated with the harsh and complex environmental conditions during data transmission over a long coverage range. In this study, a secure IoT-based smart home automation system was developed. To facilitate energy-efficient data encryption, a method namely Triangle Based Security Algorithm (TBSA) based on efficient key generation mechanism was proposed. The proposed TBSA in integration of the low power Wi-Fi were included in WSNs with the Internet to develop a novel IoT-based smart home which could provide secure data transmission among several associated sensor nodes in the network over a long converge range. The developed IoT based system has outstanding performance by fulfilling all the necessary security requirements. The experimental results showed that the proposed TBSA algorithm consumed less energy in comparison with some existing methods. PMID:28042831

75 FR 8096 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-023...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-23

... Prevention Program System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system of... to establish a new system of records titled, ``Department of Homeland Security/Transportation Security Administration--023 Workplace Violence Prevention Program System of Records.'' This system will...

Emotional security in the family system and psychological distress in female survivors of child sexual abuse.

PubMed

Cantón-Cortés, David; Cantón, José; Cortés, María Rosario

2016-01-01

The Emotional Security Theory (EST) was originally developed to investigate the association between high levels of interparental conflict and child maladaptative outcome. The objective of the present study was to analyze the effects of emotional security in the family system on psychological distress among a sample of young female adult survivors of child sexual abuse (CSA). The role of emotional security was investigated through the interactive effects of a number of factors including the type of abuse, the continuity of abuse, the relationship with the perpetrator and the existence of disclosure for the abuse. Participants were 167 female survivors of CSA. Information about the abuse was obtained from a self-reported questionnaire. Emotional security was assessed with the Security in the Family System (SIFS) Scale, and the Symptom Checklist-90-Revised (SCL-90-R) was used to assess psychological distress. In the total sample, insecurity (preoccupation and disengagement) was correlated with high psychological distress scores, whereas no relationship was found between security and psychological distress. The relationship between emotional insecurity and psychological distress was stronger in cases of continued abuse and non-disclosure, while the relationship between emotional security and distress was stronger in cases of extrafamilial abuse and especially isolated or several incidents and when a disclosure had been made. No interactive effect was found between any of the three emotional variables and the type of abuse committed. The results of the current study suggest that characteristics of CSA such as relationship with the perpetrator and, especially, continuity of abuse and whether or not disclosure had been made, can affect the impact of emotional security on psychological distress of CSA survivors. Copyright © 2015 Elsevier Ltd. All rights reserved.

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing

PubMed Central

Měsíček, Libor; Choi, Jongsun

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely. PMID:29796233

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing.

PubMed

Ko, Hoon; Měsíček, Libor; Choi, Jongsun; Hwang, Seogchan

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely.

Security warning method and system for worker safety during live-line working

NASA Astrophysics Data System (ADS)

Jiang, Chilong; Zou, Dehua; Long, Chenhai; Yang, Miao; Zhang, Zhanlong; Mei, Daojun

2017-09-01

Live-line working is an essential part in the operations in an electric power system. Live-line workers are required to wear shielding clothing. Shielding clothing, however, acts as a closed environment for the human body. Working in a closed environment for a long time can change the physiological responses of the body and even endanger personal safety. According to the typical conditions of live-line working, this study synthesizes environmental factors related to shielding clothing and the physiological factors of the body to establish the heart rate variability index RMSSD and the comprehensive security warning index SWI. On the basis of both indices, this paper proposes a security warning method and system for the safety live-line workers. The system can monitor the real-time status of workers during live-line working to provide security warning and facilitate the effective safety supervision by the live operation center during actual live-line working.

Understanding Information Security Culture in an Organization: An Interpretive Case Study

ERIC Educational Resources Information Center

Bess, Donald Arlo

2012-01-01

Information systems are considered to be a critical and strategic part of most organizations today. Because of this it has become increasingly important to ensure that there is an effective information security program in place protecting those information systems. It has been well established by researchers that the success of an information…

The role of an open-space CCTV system in limiting alcohol-related assault injuries in a late-night entertainment precinct in a tropical Queensland city, Australia.

PubMed

Pointing, Shane; Hayes-Jonkers, Charmaine; Bohanna, India; Clough, Alan

2012-02-01

Closed circuit television (CCTV) systems which incorporate real-time communication links between camera room operators and on-the-ground security may limit injuries resulting from alcohol-related assault. This pilot study examined CCTV footage and operator records of security responses for two periods totalling 22 days in 2010-2011 when 30 alcohol-related assaults were recorded. Semistructured discussions were conducted with camera room operators during 18 h of observation. Camera operators were proactive, efficiently directing street security to assault incidents. The system intervened in 40% (n=12) of alcohol-related assaults, limiting possible injury. This included three incidents judged as potentially preventable. A further five (17%) assault incidents were also judged as potentially preventable, while 43% (n=13) happened too quickly for intervention. Case studies describe security intervention in each category. Further research is recommended, particularly to evaluate the effects on preventing injuries through targeted awareness training to improve responsiveness and enhance the preventative capacity of similar CCTV systems.

78 FR 56263 - HydroGen Corp., QueryObject Systems Corp., Security Intelligence Technologies, Inc., Skins, Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-12

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] HydroGen Corp., QueryObject Systems Corp., Security Intelligence Technologies, Inc., Skins, Inc., SLM Holdings, Inc., Spring Creek Healthcare Systems... securities of Security Intelligence Technologies, Inc. because it has not filed any periodic reports since...

Big data, little security: Addressing security issues in your platform

NASA Astrophysics Data System (ADS)

Macklin, Thomas; Mathews, Joseph

2017-05-01

This paper describes some patterns for information security problems that consistently emerge among traditional enterprise networks and applications, both with respect to cyber threats and data sensitivity. We draw upon cases from qualitative studies and interviews of system developers, network operators, and certifiers of military applications. Specifically, the problems discussed involve sensitivity of data aggregates, training efficacy, and security decision support in the human machine interface. While proven techniques can address many enterprise security challenges, we provide additional recommendations on how to further improve overall security posture, and suggest additional research thrusts to address areas where known gaps remain.

Manufacturing Accomplices: ICT Use in Securing the Safety State at Airports

NASA Astrophysics Data System (ADS)

Østerlie, Thomas; Asak, Ole Martin; Pettersen, Ole Georg; Tronhus, Håvard

Based on a study of ICT use at an airport security checkpoint, this paper explores a possible explanation to the paradox that travelers find existing airport security measures inadequate while at the same time believing air travel to be sufficiently secure. We pursue this explanation by showing that, for the security checkpoint to function properly in relation to the overall function of the airport, travelers have to be enrolled in a particular program of action. They are then locked into this program through sanctions. Travelers are forced into participating in a system many of them find ethically and morally objectionable. Yet, active participation makes it difficult for them to object to the moral and ethical issues of their actions without damning themselves. Our explanation of the security paradox is, therefore, that while travelers remain critical of airport security, they avoid damning themselves by criticizing the system in terms of its own logic. They have been made accomplices.

Marketing and reputation aspects of neonatal safeguards and hospital-security systems.

PubMed

Smith, Alan D

2009-01-01

Technological advancements have migrated from personal-use electronics into the healthcare setting for security enhancements. Within maternity wards and nurseries, technology was seen as one of best way to protect newborns from abduction. The present study is a focus on what systems and methods are used in neonatal security, the security arrangements, staff training, and impacts outside the control of the hospital, customer satisfaction and customer relations management. Through hypothesis-testing and exploratory analysis, gender biases and extremely high levels of security were found within a web-enabled and professional sample of 200 respondents. The factor-based constructs were found to be, in order of the greatest explained variance: security concerns, personal technology usage, work technology applications, and demographic maturity concerns, resulting in four factor-based scores with significant combined variance of 61.5%. It was found that through a better understanding on the importance and vital need for hospitals to continue to improve on their technology-based security policies significantly enhanced their reputation in the highly competitive local healthcare industry.

Obsessive-compulsive disorder as a disturbance of security motivation: constraints on comorbidity.

PubMed

Szechtman, H; Woody, E Z

2006-10-01

Patients with OCD often meet criteria for additional psychiatric disorders, with the incidence of comorbidity being as high as 75% in some studies. Here we examine the theoretical plausibility that in OCD much of the domain of co-morbid presentations encompasses related perturbations of the security motivation system. According to a recent proposal, the security motivation system represents a biologically primitive special motivation that is activated by potential (as opposed to imminent) danger to self or intimate others and engages a set of specialized species-typical behaviors (such as checking and washing) to handle potential danger. Because the task of security motivation is open ended, in the sense that no consummatory stimuli can exist in the real world to indicate the absence of potential danger, the shutdown of security motivation is produced by a self-generated feeling of knowing, a satiety signal termed yedasentience. In this schema, OCD results from a failure to generate or respond to the yedasentience signal: without this negative feedback the patient persists abnormally long in a strong motivational state having to do with primal, basic threats to existence, a condition that leads to prolonged engagement in security-related behaviors, such as the checking and washing, characteristic of OCD compulsions and obsessions. Considering the proposed neuronatomy of security motivation system and OCD, we discuss the likelihood that the phenomenon of "spread of allied reflexes" can produce other security-related psychiatric conditions, as well as the possibility that disturbances along different pathways of the security motivation system can lead to apparently different disorders.

A novel water poverty index model for evaluation of Chinese regional water security

NASA Astrophysics Data System (ADS)

Gong, L.; Jin, C. L.; Li, Y. X.; Zhou, Z. L.

2017-08-01

This study proposed an improved Water Poverty Index (WPI) model employed in evaluating Chinese regional water security. Firstly, the Chinese WPI index system was constructed, in which the indicators were obtained according to China River reality. A new mathematical model was then established for WPI values calculation on the basis of Center for Ecology and Hydrology (CEH) model. Furthermore, this new model was applied in Shiyanghe River (located in western China). It turned out that the Chinese index system could clearly reflect the indicators threatening security of river water and the Chinese WPI model is feasible. This work has also developed a Water Security Degree (WSD) standard which is able to be regarded as a scientific basis for further water resources utilization and water security warning mechanism formulation.

49 CFR 659.25 - Annual review of system safety program plan and system security plan.

Code of Federal Regulations, 2010 CFR

2010-10-01

... system security plan. 659.25 Section 659.25 Transportation Other Regulations Relating to Transportation... and system security plan. (a) The oversight agency shall require the rail transit agency to conduct an annual review of its system safety program plan and system security plan. (b) In the event the rail...

45 CFR 95.621 - ADP reviews.

Code of Federal Regulations, 2011 CFR

2011-10-01

... use; (C) Software and data security; (D) Telecommunications security; (E) Personnel security; (F... Federal review. (f) ADP System Security Requirements and Review Process—(1) ADP System Security Requirement. State agencies are responsible for the security of all ADP projects under development, and...

Enduring starvation in silent population: a study on prevalence and factors contributing to household food security in the tribal population in Bankura, West Bengal.

PubMed

Mukhopadhyay, Dipta Kanti; Mukhopadhyay, Sujishnu; Biswas, Akhil Bandhu

2010-01-01

Strengthening food security enhancement intervention should be based on the assessment of household food security and its correlates. The objective was to find out the prevalence and factors contributing to household food security in a tribal population in Bankura. A cross-sectional study was conducted among 267 tribal households in Bankura-I CD Block selected through cluster random sampling. Household food security was assessed using a validated Bengali version of Household Food Security Scale-Short Form along with the collection of information regarding the monthly per capita expenditure (MPCE), total to earning member ratio, BPL card holding, utilization of the public distribution system (PDS) and receipt of any social assistance through a house-to-house survey. Overall, 47.2% of study households were food secure whereas 29.6% and 23.2% were low and very low food secure, respectively. MPCE ≥ Rs. 356, total to earning member ratio ≤ 4:1, regular utilization of PDS, and nonholding of the BPL card were significantly related with household food security.

The relevance of unrelated costs internal and external to the healthcare sector to the outcome of a cost-comparison analysis of secondary prevention: the case of general colorectal cancer screening in the German population.

PubMed

Tscheulin, Dieter K; Drevs, Florian

2010-04-01

The potential of secondary prevention measures, such as cancer screening, to produce cost savings in the healthcare sector is a controversial issue in healthcare economics. Potential savings are calculated by comparing treatment costs with the cost of a prevention program. When survivors' subsequent unrelated health care costs are included in the calculation, however, the overall cost of disease prevention rises. What have not been studied to date are the secondary effects of fatal disease prevention measures on social security systems. From the perspective of a policy maker responsible for a social security system budget, it is not only future healthcare costs that are relevant for budgeting, but also changes in the contributions to, and expenditures from, statutory pension insurance and health insurance systems. An examination of the effect of longer life expectancies on these insurance systems can be justified by the fact that European social security systems are regulated by the state, and there is no clear separation between the financing of individual insurance systems due to cross-subsidisation. This paper looks at how the results of cost-comparison analyses vary depending on the inclusion or exclusion of future healthcare and non-healthcare costs, using the example of colorectal cancer screening in the German general population. In contrast to previous studies, not only are future unrelated medical costs considered, but also the effects on the social security system. If a German colorectal cancer screening program were implemented, and unrelated future medical care were excluded from the cost-benefit analysis, savings of up to 548 million euros per year would be expected. The screening program would, at the same time, generate costs in the healthcare sector as well as in the social security system of 2,037 million euros per year. Because the amount of future contributions and expenditures in the social security system depends on the age and gender of the recipients of the screening program (i.e. survivors of a typically fatal condition), the impact of age and gender on the results of a cost-comparison analysis of colorectal cancer screening are presented and discussed. Our study shows that colorectal cancer screening generates individual cost savings in the social security system up to a life expectancy of 60 years. Beyond that age, the balance between a recipient's social security contributions and insurance system expenditure is negative. The paper clarifies the relevance of healthcare costs not related to the prevented disease to the economic evaluation of prevention programs, particularly in the case of fatal diseases such as colorectal cancer. The results of the study imply that, from an economic perspective, the participation of at-risk individuals in disease prevention programs should be promoted.

49 CFR 234.211 - Security of warning system apparatus.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 4 2011-10-01 2011-10-01 false Security of warning system apparatus. 234.211... Maintenance, Inspection, and Testing Maintenance Standards § 234.211 Security of warning system apparatus. Highway-rail grade crossing warning system apparatus shall be secured against unauthorized entry. ...

49 CFR 234.211 - Security of warning system apparatus.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 4 2010-10-01 2010-10-01 false Security of warning system apparatus. 234.211... Maintenance, Inspection, and Testing Maintenance Standards § 234.211 Security of warning system apparatus. Highway-rail grade crossing warning system apparatus shall be secured against unauthorized entry. ...

Deployment of ERP Systems at Automotive Industries, Security Inspection (Case Study: IRAN KHODRO Automotive Company)

NASA Astrophysics Data System (ADS)

Ali, Hatamirad; Hasan, Mehrjerdi

Automotive industry and car production process is one of the most complex and large-scale production processes. Today, information technology (IT) and ERP systems incorporates a large portion of production processes. Without any integrated systems such as ERP, the production and supply chain processes will be tangled. The ERP systems, that are last generation of MRP systems, make produce and sale processes of these industries easier and this is the major factor of development of these industries anyhow. Today many of large-scale companies are developing and deploying the ERP systems. The ERP systems facilitate many of organization processes and make organization to increase efficiency. The security is a very important part of the ERP strategy at the organization, Security at the ERP systems, because of integrity and extensive, is more important of local and legacy systems. Disregarding of this point can play a giant role at success or failure of this kind of systems. The IRANKHODRO is the biggest automotive factory in the Middle East with an annual production over 600.000 cars. This paper presents ERP security deployment experience at the "IRANKHODRO Company". Recently, by launching ERP systems, it moved a big step toward more developments.

Device interoperability and authentication for telemedical appliance based on the ISO/IEEE 11073 Personal Health Device (PHD) Standards.

PubMed

Caranguian, Luther Paul R; Pancho-Festin, Susan; Sison, Luis G

2012-01-01

In this study, we focused on the interoperability and authentication of medical devices in the context of telemedical systems. A recent standard called the ISO/IEEE 11073 Personal Health Device (X73-PHD) Standards addresses the device interoperability problem by defining common protocols for agent (medical device) and manager (appliance) interface. The X73-PHD standard however has not addressed security and authentication of medical devices which is important in establishing integrity of a telemedical system. We have designed and implemented a security policy within the X73-PHD standards. The policy will enable device authentication using Asymmetric-Key Cryptography and the RSA algorithm as the digital signature scheme. We used two approaches for performing the digital signatures: direct software implementation and use of embedded security modules (ESM). The two approaches were evaluated and compared in terms of execution time and memory requirement. For the standard 2048-bit RSA, ESM calculates digital signatures only 12% of the total time for the direct implementation. Moreover, analysis shows that ESM offers more security advantage such as secure storage of keys compared to using direct implementation. Interoperability with other systems was verified by testing the system with LNI Healthlink, a manager software that implements the X73-PHD standard. Lastly, security analysis was done and the system's response to common attacks on authentication systems was analyzed and several measures were implemented to protect the system against them.

Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’

PubMed Central

Islam, SK Hafizul; Khan, Muhammad Khurram; Li, Xiong

2015-01-01

Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.’s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen’s scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature. PMID:26263401

Increased uptake of social security benefits among long-term survivors of cancer in childhood, adolescence and young adulthood: a Norwegian population-based cohort study

PubMed Central

Ghaderi, S; Engeland, A; Moster, D; Ruud, E; Syse, A; Wesenberg, F; Bjørge, T

2013-01-01

Background: As the number of cancer survivors increases, their health and welfare have come into focus. Thus, long-term medical consequences of cancer at a young age (<25 years), obtained from social security benefit records, were studied. Methods: Standardised incidence ratios (SIRs) of long-term medical consequences for 5-year cancer survivors, born during 1965–1985, were explored by linking population-based registries in Norway. Results: Among the 5-year cancer survivors (4031 individuals), 29.7% received social security benefits. The survivors had an overall 4.4 times (95% confidence interval (95% CI): 4.1–4.6) higher risk of social security benefit uptake than the cancer-free population. Survivors of malignancies of bone and connective tissues (SIR: 10.8; 95% CI: 9.1–12.9), CNS tumours (SIR: 7.7; 95% CI: 6.9–8.6) and malignancies of the haematopoietic system (SIR: 6.1; 95% CI: 5.3–7.0) had the highest risks of social security benefits uptake. The most notified causes of social security benefit uptake were diseases of the nervous system, and injury and poisoning. Conclusion: The uptake of social security benefits among 5-year cancer survivors increased substantially and it may represent a solid outcome measure for the burden of the most severe late effects, especially in countries with comparable social welfare systems. PMID:23481179

Achieving Learning Objectives through E-Voting Case Studies

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bishop, Matt; Frincke, Deb

2007-01-01

The recent explosion in the use of electronic voting machines provides a wonderful opportunity to teach students about computer security. Because voting is the cornerstone of any democracy or republic, the need for secure voting systems is obvious. Further, students are familiar with how to vote. But the complexity of mapping a traditional process of voting using secret ballots to an electronic environment shows the difficulties of implementing secure processes and systems. In this article, we show a high level mapping from selected security and privacy education outcomes into a target ‘case study’ of developing electronic voting machines intended formore » traditional secret ballot elections. Our intent is to motivate both a set of lessons specifically involving e-voting, as well as illustrating the usefulness of having a mapping from outcomes to simplified case studies.« less

Security Systems Consideration: A Total Security Approach

NASA Astrophysics Data System (ADS)

Margariti, S. V.; Meletiou, G.; Stergiou, E.; Vasiliadis, D. C.; Rizos, G. E.

2007-12-01

The "safety" problem for protection systems is to determine in a given situation whether a subject can acquire a particular right to an object. Security and audit operation face the process of securing the application on computing and network environment; however, storage security has been somewhat overlooked due to other security solutions. This paper identifies issues for data security, threats and attacks, summarizes security concepts and relationships, and also describes storage security strategies. It concludes with recommended storage security plan for a total security solution.

An E-Hospital Security Architecture

NASA Astrophysics Data System (ADS)

Tian, Fang; Adams, Carlisle

In this paper, we introduce how to use cryptography in network security and access control of an e-hospital. We first define the security goal of the e-hospital system, and then we analyze the current application system. Our idea is proposed on the system analysis and the related regulations of patients' privacy protection. The security of the whole application system is strengthened through layered security protection. Three security domains in the e-hospital system are defined according to their sensitivity level, and for each domain, we propose different security protections. We use identity based cryptography to establish secure communication channel in the backbone network and policy based cryptography to establish secure communication channel between end users and the backbone network. We also use policy based cryptography in the access control of the application system. We use a symmetric key cryptography to protect the real data in the database. The identity based and policy based cryptography are all based on elliptic curve cryptography—a public key cryptography.

Matching food security analysis to context: the experience of the Somalia food security assessment unit.

PubMed

Hemrich, Günter

2005-06-01

This case study reviews the experience of the Somalia Food Security Assessment Unit (FSAU) of operating a food security information system in the context of a complex emergency. In particular, it explores the linkages between selected features of the protracted crisis environment in Somalia and conceptual and operational aspects of food security information work. The paper specifically examines the implications of context characteristics for the establishment and operations of the FSAU field monitoring component and for the interface with information users and their diverse information needs. It also analyses the scope for linking food security and nutrition analysis and looks at the role of conflict and gender analysis in food security assessment work. Background data on the food security situation in Somalia and an overview of some key features of the FSAU set the scene for the case study. The paper is targeted at those involved in designing, operating and funding food security information activities.

Evaluating Factors of Security Policy on Information Security Effectiveness in Developing Nations: A Case of Nigeria

ERIC Educational Resources Information Center

Okolo, Nkiru Benjamin

2016-01-01

Information systems of today face more potential security infringement than ever before. The regular susceptibility of data to breaches is a function of systems users' disinclination to follow appropriate security measures. A well-secured system maintains integrity, confidentiality, and availability, while providing appropriate and consistent…

Usability Assessment of Secure Messaging for Clinical Document Sharing between Health Care Providers and Patients.

PubMed

Jahn, Michelle A; Porter, Brian W; Patel, Himalaya; Zillich, Alan J; Simon, Steven R; Russ, Alissa L

2018-04-01

 Web-based patient portals feature secure messaging systems that enable health care providers and patients to communicate information. However, little is known about the usability of these systems for clinical document sharing.  This article evaluates the usability of a secure messaging system for providers and patients in terms of its ability to support sharing of electronic clinical documents.  We conducted usability testing with providers and patients in a human-computer interaction laboratory at a Midwestern U.S. hospital. Providers sent a medication list document to a fictitious patient via secure messaging. Separately, patients retrieved the clinical document from a secure message and returned it to a fictitious provider. We collected use errors, task completion, task time, and satisfaction.  Twenty-nine individuals participated: 19 providers (6 physicians, 6 registered nurses, and 7 pharmacists) and 10 patients. Among providers, 11 (58%) attached and sent the clinical document via secure messaging without requiring assistance, in a median (range) of 4.5 (1.8-12.7) minutes. No patients completed tasks without moderator assistance. Patients accessed the secure messaging system within 3.6 (1.2-15.0) minutes; retrieved the clinical document within 0.8 (0.5-5.7) minutes; and sent the attached clinical document in 6.3 (1.5-18.1) minutes. Although median satisfaction ratings were high, with 5.8 for providers and 6.0 for patients (scale, 0-7), we identified 36 different use errors. Physicians and pharmacists requested additional features to support care coordination via health information technology, while nurses requested features to support efficiency for their tasks.  This study examined the usability of clinical document sharing, a key feature of many secure messaging systems. Our results highlight similarities and differences between provider and patient end-user groups, which can inform secure messaging design to improve learnability and efficiency. The observations suggest recommendations for improving the technical aspects of secure messaging for clinical document sharing. Schattauer GmbH Stuttgart.

Examining Cybersecurity of Cyberphysical Systems for Critical Infrastructures Through Work Domain Analysis.

PubMed

Wang, Hao; Lau, Nathan; Gerdes, Ryan M

2018-04-01

The aim of this study was to apply work domain analysis for cybersecurity assessment and design of supervisory control and data acquisition (SCADA) systems. Adoption of information and communication technology in cyberphysical systems (CPSs) for critical infrastructures enables automated and distributed control but introduces cybersecurity risk. Many CPSs employ SCADA industrial control systems that have become the target of cyberattacks, which inflict physical damage without use of force. Given that absolute security is not feasible for complex systems, cyberintrusions that introduce unanticipated events will occur; a proper response will in turn require human adaptive ability. Therefore, analysis techniques that can support security assessment and human factors engineering are invaluable for defending CPSs. We conducted work domain analysis using the abstraction hierarchy (AH) to model a generic SCADA implementation to identify the functional structures and means-ends relations. We then adopted a case study approach examining the Stuxnet cyberattack by developing and integrating AHs for the uranium enrichment process, SCADA implementation, and malware to investigate the interactions between the three aspects of cybersecurity in CPSs. The AHs for modeling a generic SCADA implementation and studying the Stuxnet cyberattack are useful for mapping attack vectors, identifying deficiencies in security processes and features, and evaluating proposed security solutions with respect to system objectives. Work domain analysis is an effective analytical method for studying cybersecurity of CPSs for critical infrastructures in a psychologically relevant manner. Work domain analysis should be applied to assess cybersecurity risk and inform engineering and user interface design.

48 CFR 2301.101 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 2301.101 Federal Acquisition Regulations System SOCIAL SECURITY ADMINISTRATION GENERAL SOCIAL SECURITY ACQUISITION REGULATION SYSTEM Purpose, Authority, Issuance 2301.101 Purpose. (a) The Social Security... Social Security Administration (SSA) which conform to the Federal Acquisition Regulation (FAR) System. (b...

Cyber-Physical System Security of Smart Grids

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dagle, Jeffery E.

2012-01-31

Abstract—This panel presentation will provide perspectives of cyber-physical system security of smart grids. As smart grid technologies are deployed, the interconnected nature of these systems is becoming more prevalent and more complex, and the cyber component of this cyber-physical system is increasing in importance. Studying system behavior in the face of failures (e.g., cyber attacks) allows a characterization of the systems’ response to failure scenarios, loss of communications, and other changes in system environment (such as the need for emergent updates and rapid reconfiguration). The impact of such failures on the availability of the system can be assessed and mitigationmore » strategies considered. Scenarios associated with confidentiality, integrity, and availability are considered. The cyber security implications associated with the American Recovery and Reinvestment Act of 2009 in the United States are discussed.« less

A Geant4 model of backscatter security imaging systems

NASA Astrophysics Data System (ADS)

Leboffe, Eric Matthew

The operating characteristics of x ray security scanner systems that utilize backscatter signal in order to distinguish person borne threats have never been made fully available to the general public. By designing a model using Geant4, studies can be performed which will shed light on systems such as security scanners and allow for analysis of the performance and safety of the system without access to any system data. Despite the fact that the systems are no longer in use at airports in the United States, the ability to design and validate detector models and phenomena is an important capability that can be applied to many current real world applications. The model presented provides estimates for absorbed dose, effective dose and dose depth distribution that are comparable to previously published work and explores imaging capabilities for the system embodiment modeled.

Systematic implementation of spectral CT with a photon counting detector for liquid security inspection

NASA Astrophysics Data System (ADS)

Xu, Xiaofei; Xing, Yuxiang; Wang, Sen; Zhang, Li

2018-06-01

X-ray liquid security inspection system plays an important role in homeland security, while the conventional dual-energy CT (DECT) system may have a big deviation in extracting the atomic number and the electron density of materials in various conditions. Photon counting detectors (PCDs) have the capability of discriminating the incident photons of different energy. The technique becomes more and more mature in nowadays. In this work, we explore the performance of a multi-energy CT imaging system with a PCD for liquid security inspection in material discrimination. We used a maximum-likelihood (ML) decomposition method with scatter correction based on a cross-energy response model (CERM) for PCDs so that to improve the accuracy of atomic number and electronic density imaging. Experimental study was carried to examine the effectiveness and robustness of the proposed system. Our results show that the concentration of different solutions in physical phantoms can be reconstructed accurately, which could improve the material identification compared to current available dual-energy liquid security inspection systems. The CERM-base decomposition and reconstruction method can be easily used to different applications such as medical diagnosis.

Secure method for biometric-based recognition with integrated cryptographic functions.

PubMed

Chiou, Shin-Yan

2013-01-01

Biometric systems refer to biometric technologies which can be used to achieve authentication. Unlike cryptography-based technologies, the ratio for certification in biometric systems needs not to achieve 100% accuracy. However, biometric data can only be directly compared through proximal access to the scanning device and cannot be combined with cryptographic techniques. Moreover, repeated use, improper storage, or transmission leaks may compromise security. Prior studies have attempted to combine cryptography and biometrics, but these methods require the synchronization of internal systems and are vulnerable to power analysis attacks, fault-based cryptanalysis, and replay attacks. This paper presents a new secure cryptographic authentication method using biometric features. The proposed system combines the advantages of biometric identification and cryptographic techniques. By adding a subsystem to existing biometric recognition systems, we can simultaneously achieve the security of cryptographic technology and the error tolerance of biometric recognition. This method can be used for biometric data encryption, signatures, and other types of cryptographic computation. The method offers a high degree of security with protection against power analysis attacks, fault-based cryptanalysis, and replay attacks. Moreover, it can be used to improve the confidentiality of biological data storage and biodata identification processes. Remote biometric authentication can also be safely applied.

Information Technology Security and Human Risk: Exploring Factors of Unintended Insider Threat and Organizational Resilience

ERIC Educational Resources Information Center

Thompson, Eleanor Elizabeth

2014-01-01

That organizations face threats to the security of their computer systems from external hackers is well documented. Intentional or unintentional behaviors by organizational insiders can severely compromise computer security as well. Less is known, however, about the nature of this threat from insiders. The purpose of this study was to bridge this…

The security concern on internet banking adoption among Malaysian banking customers.

PubMed

Sudha, Raju; Thiagarajan, A S; Seetharaman, A

2007-01-01

The existing literatures highlights that the security is the primary factor which determines the adoption of Internet banking technology. The secondary information on Internet banking development in Malaysia shows a very slow growth rate. Hence, this study aims to study the banking customers perception towards security concern and Internet banking adoption through the information collected from 150 sample respondents. The data analysis reveals that the customers have much concern about security and privacy issue in adoption of Internet banking, whether the customers are adopted Internet banking or not. Hence, it infers that to popularize Internet banking system there is a need for improvement in security and privacy issue among the banking customers.

75 FR 71790 - Second Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-24

... Committee 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to... Committee 224: Airport Security Access Control Systems. DATES: The meeting will be held December 9, 2010...

75 FR 80886 - Third Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-23

... 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to... Committee 224: Airport Security Access Control Systems. DATES: The meeting will be held January 13, 2011...

76 FR 9632 - Fifth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-18

... 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to... Committee 224: Airport Security Access Control Systems. DATES: The meeting will be held March 10, 2011, from...

76 FR 3931 - Fourth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-21

... Committee 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 Meeting: Airport Security Access Control Systems (Update to... Committee 224: Airport Security Access Control Systems. DATES: The meeting will be held February 8, 2011...

47 CFR 80.277 - Ship Security Alert System (SSAS).

Code of Federal Regulations, 2011 CFR

2011-10-01

... 47 Telecommunication 5 2011-10-01 2011-10-01 false Ship Security Alert System (SSAS). 80.277... SERVICES STATIONS IN THE MARITIME SERVICES Equipment Authorization for Compulsory Ships § 80.277 Ship Security Alert System (SSAS). (a) Vessels equipped with a Ship Security Alert System pursuant to the Safety...

47 CFR 80.277 - Ship Security Alert System (SSAS).

Code of Federal Regulations, 2014 CFR

2014-10-01

... 47 Telecommunication 5 2014-10-01 2014-10-01 false Ship Security Alert System (SSAS). 80.277... SERVICES STATIONS IN THE MARITIME SERVICES Equipment Authorization for Compulsory Ships § 80.277 Ship Security Alert System (SSAS). (a) Vessels equipped with a Ship Security Alert System pursuant to the Safety...

47 CFR 80.277 - Ship Security Alert System (SSAS).

Code of Federal Regulations, 2012 CFR

2012-10-01

... 47 Telecommunication 5 2012-10-01 2012-10-01 false Ship Security Alert System (SSAS). 80.277... SERVICES STATIONS IN THE MARITIME SERVICES Equipment Authorization for Compulsory Ships § 80.277 Ship Security Alert System (SSAS). (a) Vessels equipped with a Ship Security Alert System pursuant to the Safety...

47 CFR 80.277 - Ship Security Alert System (SSAS).

Code of Federal Regulations, 2013 CFR

2013-10-01

... 47 Telecommunication 5 2013-10-01 2013-10-01 false Ship Security Alert System (SSAS). 80.277... SERVICES STATIONS IN THE MARITIME SERVICES Equipment Authorization for Compulsory Ships § 80.277 Ship Security Alert System (SSAS). (a) Vessels equipped with a Ship Security Alert System pursuant to the Safety...

78 FR 7334 - Port Authority Access to Facility Vulnerability Assessments and the Integration of Security Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-01

... to Facility Vulnerability Assessments and the Integration of Security Systems AGENCY: Coast Guard...-sharing measures. Security System Integration Alternatives Require each MTSA-regulated facility owner or... other forms of security system integration. Information Requested 1. We request comments on the...

20 CFR 404.1901 - Introduction.

Code of Federal Regulations, 2010 CFR

2010-04-01

... social security system of the United States and the social security system of a foreign country. An... be based on a combination of a person's periods of coverage under the social security system of the United States and the social security system of the foreign country. An agreement also provides for the...

45 CFR 307.13 - Security and confidentiality for computerized support enforcement systems in operation after...

Code of Federal Regulations, 2010 CFR

2010-10-01

... ENFORCEMENT SYSTEMS § 307.13 Security and confidentiality for computerized support enforcement systems in... systems in operation after October 1, 1997. (a) Information integrity and security. Have safeguards... 45 Public Welfare 2 2010-10-01 2010-10-01 false Security and confidentiality for computerized...

49 CFR 659.21 - System security plan: general requirements.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: general requirements. 659.21... State Oversight Agency § 659.21 System security plan: general requirements. (a) The oversight agency shall require the rail transit agency to implement a system security plan that, at a minimum, complies...

Multimedia Security System for Security and Medical Applications

ERIC Educational Resources Information Center

Zhou, Yicong

2010-01-01

This dissertation introduces a new multimedia security system for the performance of object recognition and multimedia encryption in security and medical applications. The system embeds an enhancement and multimedia encryption process into the traditional recognition system in order to improve the efficiency and accuracy of object detection and…

75 FR 61819 - First Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-06

... 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to... Committee 224: Airport Security Access Control Systems. DATES: The meeting will be held November 2, 2010...

76 FR 16470 - Sixth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-23

... 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to... Committee 224: Airport Security Access Control Systems DATES: The meeting will be held April 13, 2011, from...

A cooperative model for IS security risk management in distributed environment.

PubMed

Feng, Nan; Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

Research and realization of info-net security controlling system

NASA Astrophysics Data System (ADS)

Xu, Tao; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-03-01

The thesis introduces some relative concepts about Network Cybernetics, and we design and realize a new info-net security controlling system based on Network Cybernetics. The system can control the endpoints, safely save files, encrypt communication, supervise actions of users and show security conditions, in order to realize full-scale security management. At last, we simulate the functions of the system. The results show, the system can ensure the controllability of users and devices, and supervise them real-time. The system can maximize the security of the network and users.

An approach to geotracking patients with Alzheimer's disease.

PubMed

Yuce, Yilmaz Kemal; Gulkesen, Kemal Hakan; Barcin, Ebru Nur

2012-01-01

Recently, numerous systems for geo-tracking Alzheimer's patients with dementia have been developed and reported to be functional for the purposes of security and data collection. However, studies stated possible loss of freedom and autonomy for patients, along with violations of their privacy, which may lead to loss of prestige/dignity. In this study, a geotracking system that aims to balance patients' security and their need for privacy and autonomy is proposed. The system introduces a personalized, four-level temporal geofence based tracking, warning and notification protocol that incorporates a safety check mechanism operating over Global System for Mobile Communications network.

An RFID-based luggage and passenger tracking system for airport security control applications

NASA Astrophysics Data System (ADS)

Vastianos, George E.; Kyriazanos, Dimitris M.; Kountouriotis, Vassilios I.; Thomopoulos, Stelios C. A.

2014-06-01

Market analysis studies of recent years have shown a steady and significant increase in the usage of RFID technology. Key factors for this growth were the decreased costs of passive RFIDs and their improved performance compared to the other identification technologies. Besides the benefits of RFID technologies into the supply chains, warehousing, traditional inventory and asset management applications, RFID has proven itself worth exploiting on experimental, as well as on commercial level in other sectors, such as healthcare, transport and security. In security sector, airport security is one of the biggest challenges. Airports are extremely busy public places and thus prime targets for terrorism, with aircraft, passengers, crew and airport infrastructure all subject to terrorist attacks. Inside this labyrinth of security challenges, the long range detection capability of the UHF passive RFID technology can be turned into a very important tracking tool that may outperform all the limitations of the barcode tracking inside the current airport security control chain. The Integrated Systems Lab of NCSR Demokritos has developed an RFID based Luggage and Passenger tracking system within the TASS (FP7-SEC-2010-241905) EU research project. This paper describes application scenarios of the system categorized according to the structured nature of the environment, the system architecture and presents evaluation results extracted from measurements with a group of different massive production GEN2 UHF RFID tags that are widely available in the world market.

Research on offense and defense technology for iOS kernel security mechanism

NASA Astrophysics Data System (ADS)

Chu, Sijun; Wu, Hao

2018-04-01

iOS is a strong and widely used mobile device system. It's annual profits make up about 90% of the total profits of all mobile phone brands. Though it is famous for its security, there have been many attacks on the iOS operating system, such as the Trident apt attack in 2016. So it is important to research the iOS security mechanism and understand its weaknesses and put forward targeted protection and security check framework. By studying these attacks and previous jailbreak tools, we can see that an attacker could only run a ROP code and gain kernel read and write permissions based on the ROP after exploiting kernel and user layer vulnerabilities. However, the iOS operating system is still protected by the code signing mechanism, the sandbox mechanism, and the not-writable mechanism of the system's disk area. This is far from the steady, long-lasting control that attackers expect. Before iOS 9, breaking these security mechanisms was usually done by modifying the kernel's important data structures and security mechanism code logic. However, after iOS 9, the kernel integrity protection mechanism was added to the 64-bit operating system and none of the previous methods were adapted to the new versions of iOS [1]. But this does not mean that attackers can not break through. Therefore, based on the analysis of the vulnerability of KPP security mechanism, this paper implements two possible breakthrough methods for kernel security mechanism for iOS9 and iOS10. Meanwhile, we propose a defense method based on kernel integrity detection and sensitive API call detection to defense breakthrough method mentioned above. And we make experiments to prove that this method can prevent and detect attack attempts or invaders effectively and timely.

Transportation Secure Data Center Newsletter | Transportation Secure Data

Science.gov Websites

Travel Study: A pilot study conducted February-March 2015, the In the Moment Travel Study used an Transportation Study: In February and March 2014, Resource Systems Group, Inc., conducted the Heartland in Motion Transportation Study for the Madison County Council of Governments. The study included a household travel survey

FAA computer security : concerns remain due to personnel and other continuing weaknesses

DOT National Transportation Integrated Search

2000-08-01

FAA has a history of computer security weaknesses in a number of areas, including its physical security management at facilities that house air traffic control (ATC) systems, systems security for both operational and future systems, management struct...

A National Security Staff for the 21st Century

DTIC Science & Technology

2012-12-01

President to respond to the Con - gress with a detailed organizational plan for imple- menting the National Security Strategy. vi vii While many of the...the new National Security Staff and was a major con - tributor to key PNSR study efforts, including Forging a New Shield (November 2008), Turning...foundations for a strategic partnership with Con - gress for transforming our national security system to meet the rigors of the 21st century. Part 1 of

22 CFR 308.10 - Security of records systems-manual and automated.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 22 Foreign Relations 2 2010-04-01 2010-04-01 true Security of records systems-manual and automated... Security of records systems—manual and automated. The head of the agency has the responsibility of... destruction of manual and automatic record systems. These security safeguards shall apply to all systems in...

12 CFR 792.67 - Security of systems of records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Security of systems of records. 792.67 Section... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792.67 Security of systems of records. (a) Each system manager, with the approval of the head of that...

Securing the Global Airspace System Via Identity-Based Security

NASA Technical Reports Server (NTRS)

Ivancic, William D.

2015-01-01

Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

A wireless electronic monitoring system for securing milk from farm to processor

NASA Astrophysics Data System (ADS)

Womble, Phillip; Hopper, Lindsay; Thompson, Chris; Alexander, Suraj M.; Crist, William; Payne, Fred; Stombaugh, Tim; Paschal, Jon; Moore, Ryan; Luck, Brian; Tabayehnejab, Nasrin

2008-04-01

The Department of Homeland Security and the Department of Health and Human Services have targeted bulk food contamination as a focus for attention. The contamination of bulk food poses a high consequence threat to our society. Milk transport falls into three of the 17 targeted NIPP (National Infrastructure Protection Plan) sectors including agriculture-food, public health, and commercial facilities. Minimal security safeguards have been developed for bulk milk transport. The current manual methods of securing milk are paper intensive and prone to errors. The bulk milk transportation sector requires a security enhancement that will both reduce recording errors and enable normal transport activities to occur while providing security against unauthorized access. Milk transportation companies currently use voluntary seal programs that utilize plastic, numbered seals on milk transport tank openings. Our group has developed a Milk Transport Security System which is an electromechanical access control and communication system that assures the secure transport of milk, milk samples, milk data, and security data between locations and specifically between dairy farms, transfer stations, receiving stations, and milk plants. It includes a security monitoring system installed on the milk transport tank, a hand held device, optional printers, data server, and security evaluation software. The system operates automatically and requires minimal or no attention by the bulk milk hauler/sampler. The system is compatible with existing milk transport infrastructure, and has the support of the milk producers, milk transportation companies, milk marketing agencies, and dairy processors. The security protocol developed is applicable for transport of other bulk foods both nationally and internationally. This system adds significantly to the national security infrastructure for bulk food transport. We are currently demonstrating the system in central Kentucky and will report on the results of the demonstration.

An evaluation of security measures implemented to address physical threats to water infrastructure in the state of Mississippi.

PubMed

Barrett, Jason R; French, P Edward

2013-01-01

The events of September 11, 2001, increased and intensified domestic preparedness efforts in the United States against terrorism and other threats. The heightened focus on protecting this nation's critical infrastructure included legislation requiring implementation of extensive new security measures to better defend water supply systems against physical, chemical/biological, and cyber attacks. In response, municipal officials have implemented numerous safeguards to reduce the vulnerability of these systems to purposeful intrusions including ongoing vulnerability assessments, extensive personnel training, and highly detailed emergency response and communication plans. This study evaluates fiscal year 2010 annual compliance assessments of public water systems with security measures that were implemented by Mississippi's Department of Health as a response to federal requirements to address these potential terrorist threats to water distribution systems. The results show that 20 percent of the water systems in this state had at least one security violation on their 2010 Capacity Development Assessment, and continued perseverance from local governments is needed to enhance the resiliency and robustness of these systems against physical threats.

Information Systems Security Management: A Review and a Classification of the ISO Standards

NASA Astrophysics Data System (ADS)

Tsohou, Aggeliki; Kokolakis, Spyros; Lambrinoudakis, Costas; Gritzalis, Stefanos

The need for common understanding and agreement of functional and non-functional requirements is well known and understood by information system designers. This is necessary for both: designing the "correct" system and achieving interoperability with other systems. Security is maybe the best example of this need. If the understanding of the security requirements is not the same for all involved parties and the security mechanisms that will be implemented do not comply with some globally accepted rules and practices, then the system that will be designed will not necessarily achieve the desired security level and it will be very difficult to securely interoperate with other systems. It is therefore clear that the role and contribution of international standards to the design and implementation of security mechanisms is dominant. In this paper we provide a state of the art review on information security management standards published by the International Organization for Standardization and the International Electrotechnical Commission. Such an analysis is meaningful to security practitioners for an efficient management of information security. Moreover, the classification of the standards in the clauses of ISO/IEC 27001:2005 that results from our analysis is expected to provide assistance in dealing with the plethora of security standards.

75 FR 49943 - New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-16

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY: Transportation... INFORMATION CONTACT: Joanna Johnson, Office of Information Technology, TSA-11, Transportation Security...

Report of the Public Cryptography Study Group.

ERIC Educational Resources Information Center

American Council on Education, Washington, DC.

Concerns of the National Security Agency (NSA) that information contained in some articles about cryptography in learned and professional journals and in monographs might be inimical to the national security are addressed. The Public Cryptography Study Group, with one dissenting opinion, recommends that a voluntary system of prior review of…

Expanding Protection Motivation Theory: The Role of Individual Experience in Information Security Policy Compliance

ERIC Educational Resources Information Center

Mutchler, Leigh Ann

2012-01-01

The purpose of the present study is to make contributions to the area of behavioral information security in the field of Information Systems and to assist in the improved development of Information Security Policy instructional programs to increase the policy compliance of individuals. The role of an individual's experience in the context of…

System and method for secure group transactions

DOEpatents

Goldsmith, Steven Y [Rochester, MN

2006-04-25

A method and a secure system, processing on one or more computers, provides a way to control a group transaction. The invention uses group consensus access control and multiple distributed secure agents in a network environment. Each secure agent can organize with the other secure agents to form a secure distributed agent collective.

Contextualizing Secure Information System Design: A Socio-Technical Approach

ERIC Educational Resources Information Center

Charif, Abdul Rahim

2017-01-01

Secure Information Systems (SIS) design paradigms have evolved in generations to adapt to IS security needs. However, modern IS are still vulnerable and are far from secure. The development of an underlying IS cannot be reduced to "technological fixes" neither is the design of SIS. Technical security cannot ensure IS security.…

Secure electronic commerce communication system based on CA

NASA Astrophysics Data System (ADS)

Chen, Deyun; Zhang, Junfeng; Pei, Shujun

2001-07-01

In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The system can implement automatic allocation and united management of key through setting up the CA in the network.

Evaluation on Electronic Securities Settlements Systems by AHP Methods

NASA Astrophysics Data System (ADS)

Fukaya, Kiyoyuki; Komoda, Norihisa

Accompanying the spread of Internet and the change of business models, electronic commerce expands buisness areas. Electronic finance commerce becomes popular and especially online security tradings becoome very popular in this area. This online securitiy tradings have some good points such as less mistakes than telephone calls. In order to expand this online security tradings, the transfer of the security paper is one the largest problems to be solved. Because it takes a few days to transfer the security paper from a seller to a buyer. So the dematerialization of security papers is one of the solutions. The demterilization needs the information systems for setteling security. Some countries such as France, German, United Kingdom and U.S.A. have been strating the dematerialization projects. The legacy assesments on these projects focus from the viewpoint of the legal schemes only and there is no assessment from system architectures. This paper focuses on the information system scheme and valuates these dematerlization projects by AHP methods from the viewpoints of “dematerializaion of security papers", “speed of transfer", “usefulness on the system" and “accumulation of risks". This is the first case of valuations on security settlements systems by AHP methods, especially four counties’ systems.

Priming the Secure Attachment Schema Affects the Emotional Face Processing Bias in Attachment Anxiety: An fMRI Research

PubMed Central

Tang, Qingting; Chen, Xu; Hu, Jia; Liu, Ying

2017-01-01

Our study explored how priming with a secure base schema affects the processing of emotional facial stimuli in individuals with attachment anxiety. We enrolled 42 undergraduate students between 18 and 27 years of age, and divided them into two groups: attachment anxiety and attachment secure. All participants were primed under two conditions, the secure priming using references to the partner, and neutral priming using neutral references. We performed repeated attachment security priming combined with a dual-task paradigm and functional magnetic resonance imaging. Participants’ reaction times in terms of responding to the facial stimuli were also measured. Attachment security priming can facilitate an individual’s processing of positive emotional faces; for instance, the presentation of the partner’s name was associated with stronger activities in a wide range of brain regions and faster reaction times for positive facial expressions in the subjects. The current finding of higher activity in the left-hemisphere regions for secure priming rather than neutral priming is consistent with the prediction that attachment security priming triggers the spread of the activation of a positive emotional state. However, the difference in brain activity during processing of both, positive and negative emotional facial stimuli between the two priming conditions appeared in the attachment anxiety group alone. This study indicates that the effect of attachment secure priming on the processing of emotional facial stimuli could be mediated by chronic attachment anxiety. In addition, it highlights the association between higher-order processes of the attachment system (secure attachment schema priming) and early-stage information processing system (attention), given the increased attention toward the effects of secure base schema on the processing of emotion- and attachment-related information among the insecure population. Thus, the following study has applications in providing directions for clinical treatment of mood disorders in attachment anxiety. PMID:28473796

Priming the Secure Attachment Schema Affects the Emotional Face Processing Bias in Attachment Anxiety: An fMRI Research.

PubMed

Tang, Qingting; Chen, Xu; Hu, Jia; Liu, Ying

2017-01-01

Our study explored how priming with a secure base schema affects the processing of emotional facial stimuli in individuals with attachment anxiety. We enrolled 42 undergraduate students between 18 and 27 years of age, and divided them into two groups: attachment anxiety and attachment secure. All participants were primed under two conditions, the secure priming using references to the partner, and neutral priming using neutral references. We performed repeated attachment security priming combined with a dual-task paradigm and functional magnetic resonance imaging. Participants' reaction times in terms of responding to the facial stimuli were also measured. Attachment security priming can facilitate an individual's processing of positive emotional faces; for instance, the presentation of the partner's name was associated with stronger activities in a wide range of brain regions and faster reaction times for positive facial expressions in the subjects. The current finding of higher activity in the left-hemisphere regions for secure priming rather than neutral priming is consistent with the prediction that attachment security priming triggers the spread of the activation of a positive emotional state. However, the difference in brain activity during processing of both, positive and negative emotional facial stimuli between the two priming conditions appeared in the attachment anxiety group alone. This study indicates that the effect of attachment secure priming on the processing of emotional facial stimuli could be mediated by chronic attachment anxiety. In addition, it highlights the association between higher-order processes of the attachment system (secure attachment schema priming) and early-stage information processing system (attention), given the increased attention toward the effects of secure base schema on the processing of emotion- and attachment-related information among the insecure population. Thus, the following study has applications in providing directions for clinical treatment of mood disorders in attachment anxiety.

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

NASA Technical Reports Server (NTRS)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

Secure environment for real-time tele-collaboration on virtual simulation of radiation treatment planning.

PubMed

Ntasis, Efthymios; Maniatis, Theofanis A; Nikita, Konstantina S

2003-01-01

A secure framework is described for real-time tele-collaboration on Virtual Simulation procedure of Radiation Treatment Planning. An integrated approach is followed clustering the security issues faced by the system into organizational issues, security issues over the LAN and security issues over the LAN-to-LAN connection. The design and the implementation of the security services are performed according to the identified security requirements, along with the need for real time communication between the collaborating health care professionals. A detailed description of the implementation is given, presenting a solution, which can directly be tailored to other tele-collaboration services in the field of health care. The pilot study of the proposed security components proves the feasibility of the secure environment, and the consistency with the high performance demands of the application.

A Cooperative Model for IS Security Risk Management in Distributed Environment

PubMed Central

Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively. PMID:24563626

Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids

PubMed Central

Zhang, Liping; Tang, Shanyu; Luo, He

2016-01-01

In a smart grid, the power service provider enables the expected power generation amount to be measured according to current power consumption, thus stabilizing the power system. However, the data transmitted over smart grids are not protected, and then suffer from several types of security threats and attacks. Thus, a robust and efficient authentication protocol should be provided to strength the security of smart grid networks. As the Supervisory Control and Data Acquisition system provides the security protection between the control center and substations in most smart grid environments, we focus on how to secure the communications between the substations and smart appliances. Existing security approaches fail to address the performance-security balance. In this study, we suggest a mitigation authentication protocol based on Elliptic Curve Cryptography with privacy protection by using a tamper-resistant device at the smart appliance side to achieve a delicate balance between performance and security of smart grids. The proposed protocol provides some attractive features such as identity protection, mutual authentication and key agreement. Finally, we demonstrate the completeness of the proposed protocol using the Gong-Needham- Yahalom logic. PMID:27007951

Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids.

PubMed

Zhang, Liping; Tang, Shanyu; Luo, He

2016-01-01

In a smart grid, the power service provider enables the expected power generation amount to be measured according to current power consumption, thus stabilizing the power system. However, the data transmitted over smart grids are not protected, and then suffer from several types of security threats and attacks. Thus, a robust and efficient authentication protocol should be provided to strength the security of smart grid networks. As the Supervisory Control and Data Acquisition system provides the security protection between the control center and substations in most smart grid environments, we focus on how to secure the communications between the substations and smart appliances. Existing security approaches fail to address the performance-security balance. In this study, we suggest a mitigation authentication protocol based on Elliptic Curve Cryptography with privacy protection by using a tamper-resistant device at the smart appliance side to achieve a delicate balance between performance and security of smart grids. The proposed protocol provides some attractive features such as identity protection, mutual authentication and key agreement. Finally, we demonstrate the completeness of the proposed protocol using the Gong-Needham-Yahalom logic.

A joint signal processing and cryptographic approach to multimedia encryption.

PubMed

Mao, Yinian; Wu, Min

2006-07-01

In recent years, there has been an increasing trend for multimedia applications to use delegate service providers for content distribution, archiving, search, and retrieval. These delegate services have brought new challenges to the protection of multimedia content confidentiality. This paper discusses the importance and feasibility of applying a joint signal processing and cryptographic approach to multimedia encryption, in order to address the access control issues unique to multimedia applications. We propose two atomic encryption operations that can preserve standard compliance and are friendly to delegate processing. Quantitative analysis for these operations is presented to demonstrate that a good tradeoff can be made between security and bitrate overhead. In assisting the design and evaluation of media security systems, we also propose a set of multimedia-oriented security scores to quantify the security against approximation attacks and to complement the existing notion of generic data security. Using video as an example, we present a systematic study on how to strategically integrate different atomic operations to build a video encryption system. The resulting system can provide superior performance over both generic encryption and its simple adaptation to video in terms of a joint consideration of security, bitrate overhead, and friendliness to delegate processing.

On the security flaws in ID-based password authentication schemes for telecare medical information systems.

PubMed

Mishra, Dheerendra

2015-01-01

Telecare medical information systems (TMIS) enable healthcare delivery services. However, access of these services via public channel raises security and privacy issues. In recent years, several smart card based authentication schemes have been introduced to ensure secure and authorized communication between remote entities over the public channel for the (TMIS). We analyze the security of some of the recently proposed authentication schemes of Lin, Xie et al., Cao and Zhai, and Wu and Xu's for TMIS. Unfortunately, we identify that these schemes failed to satisfy desirable security attributes. In this article we briefly discuss four dynamic ID-based authentication schemes and demonstrate their failure to satisfy desirable security attributes. The study is aimed to demonstrate how inefficient password change phase can lead to denial of server scenario for an authorized user, and how an inefficient login phase causes the communication and computational overhead and decrease the performance of the system. Moreover, we show the vulnerability of Cao and Zhai's scheme to known session specific temporary information attack, vulnerability of Wu and Xu's scheme to off-line password guessing attack, and vulnerability of Xie et al.'s scheme to untraceable on-line password guessing attack.

Japanese children's family drawings and their link to attachment.

PubMed

Behrens, Kazuko Y; Kaplan, Nancy

2011-09-01

This study explored the applicability of family drawings as a tool to estimate attachment security in a sample of Japanese six-year-olds (N = 47), applying Kaplan and Main's ( 1986 ) Family Drawing system. Maternal secure/insecure attachment status judged by the Adult Attachment Interview predicted family drawings' secure/insecure distinction produced by Japanese six-year-olds. However, insecure Japanese drawings took forms not seen in the original Berkeley drawings, such as a lineup of faces alone. Further examination of the Japanese children's drawings using global rating scales (Fury, Carlson, & Sroufe, 1997 ) yielded significant gender differences, rarely reported in the attachment literature, with girls scoring higher in scales that predict attachment security and boys scoring higher in scales that predict attachment insecurity. However, attachment security, as captured in the drawings, was not related to attachment security, observed behaviorally using Main and Cassidy's ( 1988 ) sixth-year reunion system. Implications of the findings are discussed in light of measurements, gender, and culture.

ICS security in maritime transportation : a white paper examining the security and resiliency of critical transportation infrastructure

DOT National Transportation Integrated Search

2013-07-29

The John A. Volpe National Transportation Systems Center was asked by the Office of Security of the Maritime Administration to examine the issue of industrial control systems (ICS) security in the Maritime Transportation System (MTS), and to develop ...

Securing a Lock on Safety.

ERIC Educational Resources Information Center

Daneman, Kathy

1998-01-01

Describes the integration of security systems to provide enhanced security that is both effective and long lasting. Examines combining card-access systems with camera surveillance, and highly visible emergency phones and security officers. as one of many possible combinations. Some systems most capable of being integrated are listed. (GR)

The electronic security partnership of safety/security and information systems departments.

PubMed

Yow, J Art

2012-01-01

The ever-changing world of security electronics is reviewed in this article. The author focuses on its usage in a hospital setting and the need for safety/security and information systems departments to work together to protect and get full value from IP systems.

Process Improvement Should Link to Security: SEPG 2007 Security Track Recap

DTIC Science & Technology

2007-09-01

the Systems Security Engineering Capability Maturity Model (SSE- CMM / ISO 21827) and its use in system software developments ...software development life cycle ( SDLC )? 6. In what ways should process improvement support security in the SDLC ? 1.2 10BPANEL RESOURCES For each... project management, and support practices through the use of the capability maturity models including the CMMI and the Systems Security

Strengthening the Security of ESA Ground Data Systems

NASA Astrophysics Data System (ADS)

Flentge, Felix; Eggleston, James; Garcia Mateos, Marc

2013-08-01

A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.

Assessment of risks of EMI for personal medical electronic devices (PMEDs) from emissions of millimeter-wave security screening systems

NASA Astrophysics Data System (ADS)

Witters, Donald; Bassen, Howard; Guag, Joshua; Addissie, Bisrat; LaSorte, Nickolas; Rafai, Hazem

2013-06-01

This paper describes research and testing of a representative group of high priority body worn and implantable personal medical electronic devices (PMEDs) for exposure to millimeter wave (MMW) advanced imaging technology (AIT) security systems used at airports. The sample PMEDs included in this study were implantable cardiac pacemakers, ICDs, neurostimulators and insulin pumps. These PMEDs are designed and tested for susceptibility to electromagnetic interference (EMI) under the present standards for medical device electromagnetic compatibility (EMC). However, the present standards for medical equipment do not address exposure to the much higher frequency fields that are emitted by MMW security systems. Initial AIT emissions measurements were performed to assess the PMED and passenger exposures. Testing protocols were developed and testing methods were tailored to the type of PMED. In addition, a novel exposure simulation system was developed to allow controlled EMC testing without the need of the MMW AIT system. Methodology, test results, and analysis are presented, along with an assessment of the human exposure and risks for PMED users. The results on this study reveal no effects on the medical devices from the exposure to the MMW security system. Furthermore, the human exposure measurements and analysis showed levels well below applicable standard, and the risks for PMED users and others we assessed to be very low. These findings apply to the types of PMEDs used in the study though these findings might suggest that the risks for other, similar PMEDs would likely be similar.

Attachment, self-esteem, worldviews, and terror management: evidence for a tripartite security system.

PubMed

Hart, Joshua; Shaver, Phillip R; Goldenberg, Jamie L

2005-06-01

On the basis of prior work integrating attachment theory and terror management theory, the authors propose a model of a tripartite security system consisting of dynamically interrelated attachment, self-esteem, and worldview processes. Four studies are presented that, combined with existing evidence, support the prediction derived from the model that threats to one component of the security system result in compensatory defensive activation of other components. Further, the authors predicted and found that individual differences in attachment style moderate the defenses. In Studies 1 and 2, attachment threats motivated worldview defense among anxiously attached participants and motivated self-enhancement (especially among avoidant participants), effects similar to those caused by mortality salience. In Studies 3 and 4, a worldview threat and a self-esteem threat caused attachment-related proximity seeking among fearful participants and avoidance of proximity among dismissing participants. The authors' model provides an overarching framework within which to study attachment, self-esteem, and worldviews.

Capacity utilization study for aviation security cargo inspection queuing system

NASA Astrophysics Data System (ADS)

Allgood, Glenn O.; Olama, Mohammed M.; Lake, Joe E.; Brumback, Daryl

2010-04-01

In this paper, we conduct performance evaluation study for an aviation security cargo inspection queuing system for material flow and accountability. The queuing model employed in our study is based on discrete-event simulation and processes various types of cargo simultaneously. Onsite measurements are collected in an airport facility to validate the queuing model. The overall performance of the aviation security cargo inspection system is computed, analyzed, and optimized for the different system dynamics. Various performance measures are considered such as system capacity, residual capacity, throughput, capacity utilization, subscribed capacity utilization, resources capacity utilization, subscribed resources capacity utilization, and number of cargo pieces (or pallets) in the different queues. These metrics are performance indicators of the system's ability to service current needs and response capacity to additional requests. We studied and analyzed different scenarios by changing various model parameters such as number of pieces per pallet, number of TSA inspectors and ATS personnel, number of forklifts, number of explosives trace detection (ETD) and explosives detection system (EDS) inspection machines, inspection modality distribution, alarm rate, and cargo closeout time. The increased physical understanding resulting from execution of the queuing model utilizing these vetted performance measures should reduce the overall cost and shipping delays associated with new inspection requirements.

Capacity Utilization Study for Aviation Security Cargo Inspection Queuing System

DOE Office of Scientific and Technical Information (OSTI.GOV)

Allgood, Glenn O; Olama, Mohammed M; Lake, Joe E

In this paper, we conduct performance evaluation study for an aviation security cargo inspection queuing system for material flow and accountability. The queuing model employed in our study is based on discrete-event simulation and processes various types of cargo simultaneously. Onsite measurements are collected in an airport facility to validate the queuing model. The overall performance of the aviation security cargo inspection system is computed, analyzed, and optimized for the different system dynamics. Various performance measures are considered such as system capacity, residual capacity, throughput, capacity utilization, subscribed capacity utilization, resources capacity utilization, subscribed resources capacity utilization, and number ofmore » cargo pieces (or pallets) in the different queues. These metrics are performance indicators of the system s ability to service current needs and response capacity to additional requests. We studied and analyzed different scenarios by changing various model parameters such as number of pieces per pallet, number of TSA inspectors and ATS personnel, number of forklifts, number of explosives trace detection (ETD) and explosives detection system (EDS) inspection machines, inspection modality distribution, alarm rate, and cargo closeout time. The increased physical understanding resulting from execution of the queuing model utilizing these vetted performance measures should reduce the overall cost and shipping delays associated with new inspection requirements.« less

Addressing software security and mitigations in the life cycle

NASA Technical Reports Server (NTRS)

Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

2003-01-01

Traditionally, security is viewed as an organizational and Information Technology (IIJ systems function comprising of Firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach in the software life cycle. The Jet Propulsion Laboratory has approached the problem through the development of an integrated formal Software Security Assessment Instrument (SSAI) with six foci for the software life cycle.

Addressing software security and mitigations in the life cycle

NASA Technical Reports Server (NTRS)

Gilliam, David; Powell, John; Haugh, Eric; Bishop, Matt

2004-01-01

Traditionally, security is viewed as an organizational and Information Technology (IT) systems function comprising of firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach in the software life cycle. The Jet Propulsion Laboratory has approached the problem through the development of an integrated formal Software Security Assessment Instrument (SSAI) with six foci for the software life cycle.

A GIS-based decision support system for regional eco-security assessment and its application on the Tibetan Plateau.

PubMed

Xiaodan, Wang; Xianghao, Zhong; Pan, Gao

2010-10-01

Regional eco-security assessment is an intricate, challenging task. In previous studies, the integration of eco-environmental models and geographical information systems (GIS) usually takes two approaches: loose coupling and tight coupling. However, the present study used a full coupling approach to develop a GIS-based regional eco-security assessment decision support system (ESDSS). This was achieved by merging the pressure-state-response (PSR) model and the analytic hierarchy process (AHP) into ArcGIS 9 as a dynamic link library (DLL) using ArcObjects in ArcGIS and Visual Basic for Applications. Such an approach makes it easy to capitalize on the GIS visualization and spatial analysis functions, thereby significantly supporting the dynamic estimation of regional eco-security. A case study is presented for the Tibetan Plateau, known as the world's "third pole" after the Arctic and Antarctic. Results verified the usefulness and feasibility of the developed method. As a useful tool, the ESDSS can also help local managers to make scientifically-based and effective decisions about Tibetan eco-environmental protection and land use. Copyright (c) 2010 Elsevier Ltd. All rights reserved.

Information Systems, Security, and Privacy.

ERIC Educational Resources Information Center

Ware, Willis H.

1984-01-01

Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

[Impact of an automated dispensing system for medical devices in cardiac surgery department].

PubMed

Clou, E; Dompnier, M; Kably, B; Leplay, C; Poupon, E; Archer, V; Paul, M

2018-01-01

To secure medical devices' management, the implementation of automated dispensing system in surgical service has been realized. The objective of this study was to evaluate security, organizational and economic impact of installing automated dispensing system for medical devices (ASDM). The implementation took place in a cardiac surgery department. Security impact was assessed by comparing traceability rate of implantable medical devices one year before and one year after installation. Questionnaire on nurses' perception and satisfaction completed this survey. Resupplying costs, stocks' evolution and investments for the implementation of ASDM were the subject of cost-benefit study. After one year, traceability rate is excellent (100%). Nursing staffs were satisfied with 87.5% by this new system. The introduction of ASDM allowed a qualitative and quantitative decrease in stocks, with a reduction of 30% for purchased medical devices and 15% for implantable medical devices in deposit-consignment. Cost-benefit analysis shows a rapid return on investment. Real stock decrease (purchased medical devices) is equivalent to 46.6% of investment. Implementation of ASDM allows to secure storage and dispensing of medical devices. This system has also an important economic impact and appreciated by users. Copyright © 2017 Académie Nationale de Pharmacie. Published by Elsevier Masson SAS. All rights reserved.

Wide Area Security Region Final Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Makarov, Yuri V.; Lu, Shuai; Guo, Xinxin

2010-03-31

This report develops innovative and efficient methodologies and practical procedures to determine the wide-area security region of a power system, which take into consideration all types of system constraints including thermal, voltage, voltage stability, transient and potentially oscillatory stability limits in the system. The approach expands the idea of transmission system nomograms to a multidimensional case, involving multiple system limits and parameters such as transmission path constraints, zonal generation or load, etc., considered concurrently. The security region boundary is represented using its piecewise approximation with the help of linear inequalities (so called hyperplanes) in a multi-dimensional space, consisting of systemmore » parameters that are critical for security analyses. The goal of this approximation is to find a minimum set of hyperplanes that describe the boundary with a given accuracy. Methodologies are also developed to use the security hyperplanes, pre-calculated offline, to determine system security margins in real-time system operations, to identify weak elements in the system, and to calculate key contributing factors and sensitivities to determine the best system controls in real time and to assist in developing remedial actions and transmission system enhancements offline . A prototype program that automates the simulation procedures used to build the set of security hyperplanes has also been developed. The program makes it convenient to update the set of security hyperplanes necessitated by changes in system configurations. A prototype operational tool that uses the security hyperplanes to assess security margins and to calculate optimal control directions in real time has been built to demonstrate the project success. Numerical simulations have been conducted using the full-size Western Electricity Coordinating Council (WECC) system model, and they clearly demonstrated the feasibility and the effectiveness of the developed technology. Recommendations for the future work have also been formulated.« less

75 FR 8088 - Privacy Act of 1974; Department of Homeland Security/ALL-023 Personnel Security Management System...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-23

... risk of harm to economic or property interests, identity theft or fraud, or harm to the security or... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2009-0041] Privacy Act of 1974; Department of Homeland Security/ALL--023 Personnel Security Management System of Records AGENCY...

Building Security. Honeywell Planning Guide.

ERIC Educational Resources Information Center

Honeywell, Inc., Minneapolis, Minn.

A general discussion of building detection and alarm systems to provide security against burglary and vandalism is provided by a manufacturer of automated monitoring and control systems. Security systems are identified as--(1) local alarm system, (2) central station alarm system, (3) proprietary alarm system, and (4) direct connect alarm system..…

Using SysML to model complex systems for security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Cano, Lester Arturo

2010-08-01

As security systems integrate more Information Technology the design of these systems has tended to become more complex. Some of the most difficult issues in designing Complex Security Systems (CSS) are: Capturing Requirements: Defining Hardware Interfaces: Defining Software Interfaces: Integrating Technologies: Radio Systems: Voice Over IP Systems: Situational Awareness Systems.

Risk to Water Security on Small Islands

NASA Astrophysics Data System (ADS)

Holding, S. T.; Allen, D. M.

2013-12-01

The majority of fresh water available on small islands is shallow groundwater that forms a freshwater lens. Freshwater lenses are generally limited in extent and as such are vulnerable to many stressors that impact water security. These include stressors related to climate change, such as sea level rise, as well as those related to human impacts, such as contamination. Traditionally, water security assessments have focussed on indicators that provide a snapshot of the current condition. However, recent work suggests that in order to effectively manage the water system, it is also important to consider uncertain future impacts to the system by evaluating how different stressors might impact water security. In this study, a framework for assessing risk to water security was developed and tested on Andros Island in The Bahamas. The assessment comprises two main components that characterise the water system: numerical modelling studies and a hazard survey. A baseline numerical model of the freshwater lens throughout Andros Island was developed to simulate the morphology of the freshwater lens and estimate the freshwater resources currently available. The model was prepared using SEAWAT, a density-dependent flow and solute transport code. Various stressors were simulated in the model to evaluate the response of the freshwater lens to predicted future shifts in climate patterns, sea level rise, and changes in water use. A hazard survey was also conducted on the island to collect information related to the storage of contaminants, sanitation infrastructure, waste disposal practices and groundwater abstraction rates. The results of the survey form a geo-spatial database of the location and associated hazards to the freshwater lens. The resulting risk framework provides a ranking of overall risk to water security based on information from the numerical modelling and hazard survey. The risk framework is implemented in a Geographic Information System (GIS) and provides a map of the risk to water security throughout Andros Island. It evaluates risk to water security for current and future scenarios and will enable water resource managers to effectively adapt to future impacts on water security.

Perimeter security alarm system based on fiber Bragg grating

NASA Astrophysics Data System (ADS)

Zhang, Cui; Wang, Lixin

2010-11-01

With the development of the society and economy and the improvement of living standards, people need more and more pressing security. Perimeter security alarm system is widely regarded as the first line of defense. A highly sensitive Fiber Bragg grating (FBG) vibration sensor based on the theory of the string vibration, combined with neural network adaptive dynamic programming algorithm for the perimeter security alarm system make the detection intelligently. Intelligent information processing unit identify the true cause of the vibration of the invasion or the natural environment by analyzing the frequency of vibration signals, energy, amplitude and duration. Compared with traditional perimeter security alarm systems, such as infrared perimeter security system and electric fence system, FBG perimeter security alarm system takes outdoor passive structures, free of electromagnetic interference, transmission distance through optical fiber can be as long as 20 km It is able to detect the location of event within short period of time (high-speed response, less than 3 second).This system can locate the fiber cable's breaking sites and alarm automatically if the cable were be cut. And the system can prevent effectively the false alarm from small animals, birds, strong wind, scattering things, snowfalls and vibration of sensor line itself. It can also be integrated into other security systems. This system can be widely used in variety fields such as military bases, nuclear sites, airports, warehouses, prisons, residence community etc. It will be a new force of perimeter security technology.

Distributed clinical data sharing via dynamic access-control policy transformation.

PubMed

Rezaeibagha, Fatemeh; Mu, Yi

2016-05-01

Data sharing in electronic health record (EHR) systems is important for improving the quality of healthcare delivery. Data sharing, however, has raised some security and privacy concerns because healthcare data could be potentially accessible by a variety of users, which could lead to privacy exposure of patients. Without addressing this issue, large-scale adoption and sharing of EHR data are impractical. The traditional solution to the problem is via encryption. Although encryption can be applied to access control, it is not applicable for complex EHR systems that require multiple domains (e.g. public and private clouds) with various access requirements. This study was carried out to address the security and privacy issues of EHR data sharing with our novel access-control mechanism, which captures the scenario of the hybrid clouds and need of access-control policy transformation, to provide secure and privacy-preserving data sharing among different healthcare enterprises. We introduce an access-control mechanism with some cryptographic building blocks and present a novel approach for secure EHR data sharing and access-control policy transformation in EHR systems for hybrid clouds. We propose a useful data sharing system for healthcare providers to handle various EHR users who have various access privileges in different cloud environments. A systematic study has been conducted on data sharing in EHR systems to provide a solution to the security and privacy issues. In conclusion, we introduce an access-control method for privacy protection of EHRs and EHR policy transformation that allows an EHR access-control policy to be transformed from a private cloud to a public cloud. This method has never been studied previously in the literature. Furthermore, we provide a protocol to demonstrate policy transformation as an application scenario. Copyright © 2016 Elsevier Ireland Ltd. All rights reserved.

Cyber Security Assessment Report: Adventium Labs

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

2007-12-31

Major control system components often have life spans of 15-20 years. Many systems in our Nation's critical infrastructure were installed before the Internet became a reality and security was a concern. Consequently, control systems are generally insecure. Security is now being included in the development of new control system devices; however, legacy control systems remain vulnerable. Most efforts to secure control systems are aimed at protecting network borers, but if an intruder gets inside the network these systems are vulnerable to a cyber attack.

An Enhanced LoRaWAN Security Protocol for Privacy Preservation in IoT with a Case Study on a Smart Factory-Enabled Parking System.

PubMed

You, Ilsun; Kwon, Soonhyun; Choudhary, Gaurav; Sharma, Vishal; Seo, Jung Taek

2018-06-08

The Internet of Things (IoT) utilizes algorithms to facilitate intelligent applications across cities in the form of smart-urban projects. As the majority of devices in IoT are battery operated, their applications should be facilitated with a low-power communication setup. Such facility is possible through the Low-Power Wide-Area Network (LPWAN), but at a constrained bit rate. For long-range communication over LPWAN, several approaches and protocols are adopted. One such protocol is the Long-Range Wide Area Network (LoRaWAN), which is a media access layer protocol for long-range communication between the devices and the application servers via LPWAN gateways. However, LoRaWAN comes with fewer security features as a much-secured protocol consumes more battery because of the exorbitant computational overheads. The standard protocol fails to support end-to-end security and perfect forward secrecy while being vulnerable to the replay attack that makes LoRaWAN limited in supporting applications where security (especially end-to-end security) is important. Motivated by this, an enhanced LoRaWAN security protocol is proposed, which not only provides the basic functions of connectivity between the application server and the end device, but additionally averts these listed security issues. The proposed protocol is developed with two options, the Default Option (DO) and the Security-Enhanced Option (SEO). The protocol is validated through Burrows⁻Abadi⁻Needham (BAN) logic and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The proposed protocol is also analyzed for overheads through system-based and low-power device-based evaluations. Further, a case study on a smart factory-enabled parking system is considered for its practical application. The results, in terms of network latency with reliability fitting and signaling overheads, show paramount improvements and better performance for the proposed protocol compared with the two handshake options, Pre-Shared Key (PSK) and Elliptic Curve Cryptography (ECC), of Datagram Transport Layer Security (DTLS).

78 FR 16757 - Twentieth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-18

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security... meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

77 FR 64838 - Sixteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-23

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security... meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

77 FR 55894 - Fifteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-11

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security... meeting of the RTCA Special Committee 224, Airport Security Access Control Systems DATES: The meeting will...

78 FR 43963 - Twenty-Third Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-22

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security... meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

OpenID Connect as a security service in cloud-based medical imaging systems.

PubMed

Ma, Weina; Sartipi, Kamran; Sharghigoorabi, Hassan; Koff, David; Bak, Peter

2016-04-01

The evolution of cloud computing is driving the next generation of medical imaging systems. However, privacy and security concerns have been consistently regarded as the major obstacles for adoption of cloud computing by healthcare domains. OpenID Connect, combining OpenID and OAuth together, is an emerging representational state transfer-based federated identity solution. It is one of the most adopted open standards to potentially become the de facto standard for securing cloud computing and mobile applications, which is also regarded as "Kerberos of cloud." We introduce OpenID Connect as an authentication and authorization service in cloud-based diagnostic imaging (DI) systems, and propose enhancements that allow for incorporating this technology within distributed enterprise environments. The objective of this study is to offer solutions for secure sharing of medical images among diagnostic imaging repository (DI-r) and heterogeneous picture archiving and communication systems (PACS) as well as Web-based and mobile clients in the cloud ecosystem. The main objective is to use OpenID Connect open-source single sign-on and authorization service and in a user-centric manner, while deploying DI-r and PACS to private or community clouds should provide equivalent security levels to traditional computing model.

Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

PubMed

Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

2015-01-01

This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

A Complex Systems Approach to More Resilient Multi-Layered Security Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Brown, Nathanael J. K.; Jones, Katherine A.; Bandlow, Alisa

In July 2012, protestors cut through security fences and gained access to the Y-12 National Security Complex. This was believed to be a highly reliable, multi-layered security system. This report documents the results of a Laboratory Directed Research and Development (LDRD) project that created a consistent, robust mathematical framework using complex systems analysis algorithms and techniques to better understand the emergent behavior, vulnerabilities and resiliency of multi-layered security systems subject to budget constraints and competing security priorities. Because there are several dimensions to security system performance and a range of attacks that might occur, the framework is multi-objective for amore » performance frontier to be estimated. This research explicitly uses probability of intruder interruption given detection (P I) as the primary resilience metric. We demonstrate the utility of this framework with both notional as well as real-world examples of Physical Protection Systems (PPSs) and validate using a well-established force-on-force simulation tool, Umbra.« less

Assessment of the potential enhancement of rural food security in Mexico using decision tree land use classification on medium resolution satellite imagery

NASA Astrophysics Data System (ADS)

Bermeo, A.; Couturier, S.

2017-01-01

Because of its renewed importance in international agendas, food security in sub-tropical countries has been the object of studies at different scales, although the spatial components of food security are still largely undocumented. Among other aspects, food security can be assessed using a food selfsufficiency index. We propose a spatial representation of this assessment in the densely populated rural area of the Huasteca Poblana, Mexico, where there is a known tendency towards the loss of selfsufficiency of basic grains. The main agricultural systems in this area are the traditional milpa (a multicrop practice with maize as the main basic crop) system, coffee plantations and grazing land for bovine livestock. We estimate a potential additional milpa - based maize production by smallholders identifying the presence of extensive coffee and pasture systems in the production data of the agricultural census. The surface of extensive coffee plantations and pasture land were estimated using the detailed coffee agricultural census data, and a decision tree combining unsupervised and supervised spectral classification techniques of medium scale (Landsat) satellite imagery. We find that 30% of the territory would benefit more than 50% increment in food security and 13% could theoretically become maize self-sufficient from the conversion of extensive systems to the traditional multicrop milpa system.

Secure Method for Biometric-Based Recognition with Integrated Cryptographic Functions

PubMed Central

Chiou, Shin-Yan

2013-01-01

Biometric systems refer to biometric technologies which can be used to achieve authentication. Unlike cryptography-based technologies, the ratio for certification in biometric systems needs not to achieve 100% accuracy. However, biometric data can only be directly compared through proximal access to the scanning device and cannot be combined with cryptographic techniques. Moreover, repeated use, improper storage, or transmission leaks may compromise security. Prior studies have attempted to combine cryptography and biometrics, but these methods require the synchronization of internal systems and are vulnerable to power analysis attacks, fault-based cryptanalysis, and replay attacks. This paper presents a new secure cryptographic authentication method using biometric features. The proposed system combines the advantages of biometric identification and cryptographic techniques. By adding a subsystem to existing biometric recognition systems, we can simultaneously achieve the security of cryptographic technology and the error tolerance of biometric recognition. This method can be used for biometric data encryption, signatures, and other types of cryptographic computation. The method offers a high degree of security with protection against power analysis attacks, fault-based cryptanalysis, and replay attacks. Moreover, it can be used to improve the confidentiality of biological data storage and biodata identification processes. Remote biometric authentication can also be safely applied. PMID:23762851

How secure is your information system? An investigation into actual healthcare worker password practices.

PubMed

Cazier, Joseph A; Medlin, B Dawn

2006-09-27

For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed.

How Secure Is Your Information System? An Investigation into Actual Healthcare Worker Password Practices

PubMed Central

Cazier, Joseph A; Medlin, B. Dawn

2006-01-01

For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed. PMID:18066366

MODELING AND PERFORMANCE EVALUATION FOR AVIATION SECURITY CARGO INSPECTION QUEUING SYSTEM

DOE Office of Scientific and Technical Information (OSTI.GOV)

Allgood, Glenn O; Olama, Mohammed M; Rose, Terri A

Beginning in 2010, the U.S. will require that all cargo loaded in passenger aircraft be inspected. This will require more efficient processing of cargo and will have a significant impact on the inspection protocols and business practices of government agencies and the airlines. In this paper, we conduct performance evaluation study for an aviation security cargo inspection queuing system for material flow and accountability. The overall performance of the aviation security cargo inspection system is computed, analyzed, and optimized for the different system dynamics. Various performance measures are considered such as system capacity, residual capacity, and throughput. These metrics aremore » performance indicators of the system s ability to service current needs and response capacity to additional requests. The increased physical understanding resulting from execution of the queuing model utilizing these vetted performance measures will reduce the overall cost and shipping delays associated with the new inspection requirements.« less

Social Security and Saving: A Time-Series Econometrics Pedagogical Example (With "R" Code)

ERIC Educational Resources Information Center

Wassell, Charles S., Jr.

2018-01-01

In 1974, and then again in 1996, Martin Feldstein published studies of the impact of the Social Security system on private saving in the U.S. economy. He found that Social Security depressed personal saving by a substantial amount--up to 50 percent. The author uses the Feldstein data and empirical models in this article to illustrate the steps in…

Information Assurance Study

DTIC Science & Technology

1998-01-01

usually written up by Logistics or Maintenance (4790 is the Maintenance “ Bible ”). If need be, and if resources are available, one could collect all...Public domain) SATAN (System Administration Tool for Analyzing Networks) (Public Domain) STAT ( Security Test and Analysis Tool) (Harris Corporation...Service-Filtering Tools 1. TCP/IP wrapper program • Tools to Scan Hosts for Known Vulnerabilities 1. ISS (Internet Security Scanner) 2. SATAN (Security

Study of Software Tools to Support Systems Engineering Management

DTIC Science & Technology

2015-06-01

Management 15. NUMBER OF PAGES 137 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY CLASSIFICATION OF THIS...AVAILABILITY STATEMENT Approved for public release; distribution is unlimited 12b. DISTRIBUTION CODE 13. ABSTRACT (maximum 200 words) According to a...PAGE Unclassified 19. SECURITY CLASSIFICATION OF ABSTRACT Unclassified 20. LIMITATION OF ABSTRACT UU NSN 7540–01–280–5500 Standard Form 298

Cyber-Physical System Security of a Power Grid: State-of-the-Art

DOE PAGES

Sun, Chih -Che; Liu, Chen -Ching; Xie, Jing

2016-07-14

Here, as part of the smart grid development, more and more technologies are developed and deployed on the power grid to enhance the system reliability. A primary purpose of the smart grid is to significantly increase the capability of computer-based remote control and automation. As a result, the level of connectivity has become much higher, and cyber security also becomes a potential threat to the cyber-physical systems (CPSs). In this paper, a survey of the state-of-the-art is conducted on the cyber security of the power grid concerning issues of: the structure of CPSs in a smart grid; cyber vulnerability assessment;more » cyber protection systems; and testbeds of a CPS. At Washington State University (WSU), the Smart City Testbed (SCT) has been developed to provide a platform to test, analyze and validate defense mechanisms against potential cyber intrusions. A test case is provided in this paper to demonstrate how a testbed helps the study of cyber security and the anomaly detection system (ADS) for substations.« less

Cyber-Physical System Security of a Power Grid: State-of-the-Art

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sun, Chih -Che; Liu, Chen -Ching; Xie, Jing

Here, as part of the smart grid development, more and more technologies are developed and deployed on the power grid to enhance the system reliability. A primary purpose of the smart grid is to significantly increase the capability of computer-based remote control and automation. As a result, the level of connectivity has become much higher, and cyber security also becomes a potential threat to the cyber-physical systems (CPSs). In this paper, a survey of the state-of-the-art is conducted on the cyber security of the power grid concerning issues of: the structure of CPSs in a smart grid; cyber vulnerability assessment;more » cyber protection systems; and testbeds of a CPS. At Washington State University (WSU), the Smart City Testbed (SCT) has been developed to provide a platform to test, analyze and validate defense mechanisms against potential cyber intrusions. A test case is provided in this paper to demonstrate how a testbed helps the study of cyber security and the anomaly detection system (ADS) for substations.« less

Analyzing the security of an existing computer system

NASA Technical Reports Server (NTRS)

Bishop, M.

1986-01-01

Most work concerning secure computer systems has dealt with the design, verification, and implementation of provably secure computer systems, or has explored ways of making existing computer systems more secure. The problem of locating security holes in existing systems has received considerably less attention; methods generally rely on thought experiments as a critical step in the procedure. The difficulty is that such experiments require that a large amount of information be available in a format that makes correlating the details of various programs straightforward. This paper describes a method of providing such a basis for the thought experiment by writing a special manual for parts of the operating system, system programs, and library subroutines.

Location Privacy in RFID Applications

NASA Astrophysics Data System (ADS)

Sadeghi, Ahmad-Reza; Visconti, Ivan; Wachsmann, Christian

RFID-enabled systems allow fully automatic wireless identification of objects and are rapidly becoming a pervasive technology with various applications. However, despite their benefits, RFID-based systems also pose challenging risks, in particular concerning user privacy. Indeed, improvident use of RFID can disclose sensitive information about users and their locations allowing detailed user profiles. Hence, it is crucial to identify and to enforce appropriate security and privacy requirements of RFID applications (that are also compliant to legislation). This chapter first discusses security and privacy requirements for RFID-enabled systems, focusing in particular on location privacy issues. Then it explores the advances in RFID applications, stressing the security and privacy shortcomings of existing proposals. Finally, it presents new promising directions for privacy-preserving RFID systems, where as a case study we focus electronic tickets (e-tickets) for public transportation.

A Multilayer Secure Biomedical Data Management System for Remotely Managing a Very Large Number of Diverse Personal Healthcare Devices.

PubMed

Park, KeeHyun; Lim, SeungHyeon

2015-01-01

In this paper, a multilayer secure biomedical data management system for managing a very large number of diverse personal health devices is proposed. The system has the following characteristics: the system supports international standard communication protocols to achieve interoperability. The system is integrated in the sense that both a PHD communication system and a remote PHD management system work together as a single system. Finally, the system proposed in this paper provides user/message authentication processes to securely transmit biomedical data measured by PHDs based on the concept of a biomedical signature. Some experiments, including the stress test, have been conducted to show that the system proposed/constructed in this study performs very well even when a very large number of PHDs are used. For a stress test, up to 1,200 threads are made to represent the same number of PHD agents. The loss ratio of the ISO/IEEE 11073 messages in the normal system is as high as 14% when 1,200 PHD agents are connected. On the other hand, no message loss occurs in the multilayered system proposed in this study, which demonstrates the superiority of the multilayered system to the normal system with regard to heavy traffic.

A Multilayer Secure Biomedical Data Management System for Remotely Managing a Very Large Number of Diverse Personal Healthcare Devices

PubMed Central

Lim, SeungHyeon

2015-01-01

In this paper, a multilayer secure biomedical data management system for managing a very large number of diverse personal health devices is proposed. The system has the following characteristics: the system supports international standard communication protocols to achieve interoperability. The system is integrated in the sense that both a PHD communication system and a remote PHD management system work together as a single system. Finally, the system proposed in this paper provides user/message authentication processes to securely transmit biomedical data measured by PHDs based on the concept of a biomedical signature. Some experiments, including the stress test, have been conducted to show that the system proposed/constructed in this study performs very well even when a very large number of PHDs are used. For a stress test, up to 1,200 threads are made to represent the same number of PHD agents. The loss ratio of the ISO/IEEE 11073 messages in the normal system is as high as 14% when 1,200 PHD agents are connected. On the other hand, no message loss occurs in the multilayered system proposed in this study, which demonstrates the superiority of the multilayered system to the normal system with regard to heavy traffic. PMID:26247034

Federal Government Information Systems Security Management and Governance Are Pacing Factors for Innovation

ERIC Educational Resources Information Center

Edwards, Gregory

2011-01-01

Security incidents resulting from human error or subversive actions have caused major financial losses, reduced business productivity or efficiency, and threatened national security. Some research suggests that information system security frameworks lack emphasis on human involvement as a significant cause for security problems in a rapidly…

10 CFR 95.49 - Security of automatic data processing (ADP) systems.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 2 2010-01-01 2010-01-01 false Security of automatic data processing (ADP) systems. 95.49 Section 95.49 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.49 Security of...

48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 7 2014-10-01 2014-10-01 false Security requirements for... System DEPARTMENT OF HOMELAND SECURITY, HOMELAND SECURITY ACQUISITION REGULATION (HSAR) CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 3052.204-70 Security requirements...

48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 7 2013-10-01 2012-10-01 true Security requirements for... System DEPARTMENT OF HOMELAND SECURITY, HOMELAND SECURITY ACQUISITION REGULATION (HSAR) CLAUSES AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 3052.204-70 Security requirements...

Application of the Quality Functional Deployment Method in Mobility Aid Securement System Design

DOT National Transportation Integrated Search

1992-12-01

The Independent Locking Securement System Project (ILS System Project) is a : successful attempt to respond to the transportation community's need for a : "universal" securement/restraint system that will accommodate most wheeled : mobility aids, inc...

5 CFR 9701.231 - Conversion of positions and employees to the DHS classification system.

Code of Federal Regulations, 2010 CFR

2010-01-01

... HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Classification Transitional...

Technical solutions for mitigating security threats caused by health professionals in clinical settings.

PubMed

Fernandez-Aleman, Jose Luis; Belen Sanchez Garcia, Ana; Garcia-Mateos, Gines; Toval, Ambrosio

2015-08-01

The objective of this paper is to present a brief description of technical solutions for health information system security threats caused by inadequate security and privacy practices in healthcare professionals. A literature search was carried out in ScienceDirect, ACM Digital Library and IEEE Digital Library to find papers reporting technical solutions for certain security problems in information systems used in clinical settings. A total of 17 technical solutions were identified: measures for password security, the secure use of e-mail, the Internet, portable storage devices, printers and screens. Although technical safeguards are essential to the security of healthcare organization's information systems, good training, awareness programs and adopting a proper information security policy are particularly important to prevent insiders from causing security incidents.

10 CFR 1008.22 - Use and collection of social security numbers.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 4 2011-01-01 2011-01-01 false Use and collection of social security numbers. 1008.22... (PRIVACY ACT) Maintenance and Establishment of Systems of Records § 1008.22 Use and collection of social security numbers. (a) The System Manager of each system of records which utilizes social security numbers...

77 FR 70792 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-27

... from its inventory of record systems. TSA will rely upon DHS/ALL-017 General Legal Records (November 23, 2011, 76 FR 72428) to cover its legal activities. Eliminating the system of records notice DHS/TSA-009... Department of Homeland Security Transportation Security Administration System of Records AGENCY: Privacy...

78 FR 25282 - Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-008...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-30

... Assistance Files System of Records AGENCY: Privacy Office, Department of Homeland Security. ACTION: Notice of Privacy Act System of Records. SUMMARY: In accordance with the Privacy Act of 1974, the Department of Homeland Security proposes to update and reissue a current Department of Homeland Security system of...

45 CFR 1182.15 - Institute responsibility for maintaining adequate technical, physical, and security safeguards to...

Code of Federal Regulations, 2010 CFR

2010-10-01

... record systems. These security safeguards shall apply to all systems in which identifiable personal data... data and automated systems shall be adequately trained in the security and privacy of personal data. (4... technical, physical, and security safeguards to prevent unauthorized disclosure or destruction of manual and...

45 CFR 2508.10 - Who has the responsibility for maintaining adequate technical, physical, and security safeguards...

Code of Federal Regulations, 2010 CFR

2010-10-01

... record systems. These security safeguards shall apply to all systems in which identifiable personal data... the security and privacy of such records. (7) The disposal and destruction of records within a system... adequate technical, physical, and security safeguards to prevent unauthorized disclosure or destruction of...

10 CFR 1008.22 - Use and collection of social security numbers.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 4 2013-01-01 2013-01-01 false Use and collection of social security numbers. 1008.22... (PRIVACY ACT) Maintenance and Establishment of Systems of Records § 1008.22 Use and collection of social security numbers. (a) The System Manager of each system of records which utilizes social security numbers...

10 CFR 1008.22 - Use and collection of social security numbers.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 4 2012-01-01 2012-01-01 false Use and collection of social security numbers. 1008.22... (PRIVACY ACT) Maintenance and Establishment of Systems of Records § 1008.22 Use and collection of social security numbers. (a) The System Manager of each system of records which utilizes social security numbers...

10 CFR 1008.22 - Use and collection of social security numbers.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 10 Energy 4 2014-01-01 2014-01-01 false Use and collection of social security numbers. 1008.22... (PRIVACY ACT) Maintenance and Establishment of Systems of Records § 1008.22 Use and collection of social security numbers. (a) The System Manager of each system of records which utilizes social security numbers...

10 CFR 1008.22 - Use and collection of social security numbers.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 4 2010-01-01 2010-01-01 false Use and collection of social security numbers. 1008.22... (PRIVACY ACT) Maintenance and Establishment of Systems of Records § 1008.22 Use and collection of social security numbers. (a) The System Manager of each system of records which utilizes social security numbers...

Security Techniques for Sensor Systems and the Internet of Things

ERIC Educational Resources Information Center

Midi, Daniele

2016-01-01

Sensor systems are becoming pervasive in many domains, and are recently being generalized by the Internet of Things (IoT). This wide deployment, however, presents significant security issues. We develop security techniques for sensor systems and IoT, addressing all security management phases. Prior to deployment, the nodes need to be hardened. We…

Computer applications for the hospital security department--buying or developing a shift log reporting system.

PubMed

Gruber, T

1996-01-01

The author presents guidelines to help a security department select a computer system to track security activities--whether it's a commercial software product, an in-house developed program, or a do-it-yourself designed system. Computerized security activity reporting, he believes, is effective and beneficial.

Fuzzy assessment of health information system users' security awareness.

PubMed

Aydın, Özlem Müge; Chouseinoglou, Oumout

2013-12-01

Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.

Neural evidence for a multifaceted model of attachment security.

PubMed

Canterberry, Melanie; Gillath, Omri

2013-06-01

The sense of attachment security has been linked with a host of beneficial outcomes related to personal and relational well-being. Moreover, research has demonstrated that the sense of attachment security can be enhanced via cognitive priming techniques. Studies using such techniques have shown that security priming results with similar outcomes as dispositional attachment security. The way security priming leads to these effects, however, is yet to be unveiled. Using fMRI we took one step in that direction and examined the neural mechanisms underlying enhanced attachment security. Participants were exposed to explicit and implicit security- and insecurity-related words. Security priming led to co-occurring activation in brain areas reflective of cognitive, affective, and behavioral processes (e.g., medial frontal cortex, parahippocampus, BA 6). There were activation differences based on attachment style. This research serves as an important step in mapping out the security process and supports a conceptualization of security as part of a behavioral system with multiple components. Copyright © 2012 Elsevier B.V. All rights reserved.

Network security system for health and medical information using smart IC card

NASA Astrophysics Data System (ADS)

Kanai, Yoichi; Yachida, Masuyoshi; Yoshikawa, Hiroharu; Yamaguchi, Masahiro; Ohyama, Nagaaki

1998-07-01

A new network security protocol that uses smart IC cards has been designed to assure the integrity and privacy of medical information in communication over a non-secure network. Secure communication software has been implemented as a library based on this protocol, which is called the Integrated Secure Communication Layer (ISCL), and has been incorporated into information systems of the National Cancer Center Hospitals and the Health Service Center of the Tokyo Institute of Technology. Both systems have succeeded in communicating digital medical information securely.

Return to work after renal transplantation: a study of the Brazilian Public Social Security System.

PubMed

Messias, Alexandre Augusto; Reichelt, Angela J; Dos Santos, Edson F; Albuquerque, Galton C; Kramer, José S P; Hirakata, Vania N; Garcia, Valter D

2014-12-15

Return to work is an objective parameter used worldwide to evaluate the success of organ transplantation and is especially feasible after renal transplantation. This study sought to describe the frequency of return to work after renal transplantation and related characteristics. Retrospective cohort of 511 isolated kidney transplant recipients was recruited from a Brazilian referral center from January 2005 to December 2009; all were matched to the public social security database to determine inclusion and benefit awards, as well as the rate of resumption of contributions to the public social security system, a surrogate marker of work rehabilitation. Characteristics associated with work return were analyzed. No social security records were found for 28 subjects. The remaining 483 subjects had a mean age of 45±13 years; 62% were male; 401 (83%) received some public social security benefit; 298 were paying dues and could, therefore, receive temporary or permanent disability benefits. Of these, 78 subjects made social security payments after transplantation, resulting in a work return rate of 26% (95% confidence interval, 21-32). Younger age, living donor graft, and chronic glomerulonephritis were significantly associated with return to work. In Brazil, most renal transplant recipients are on social security benefits, but only a small proportion return to work after surgery. Clinical characteristics may help define work resumption trends.

33 CFR 105.250 - Security systems and equipment maintenance.

Code of Federal Regulations, 2010 CFR

2010-07-01

... systems must be regularly tested in accordance with the manufacturers' recommendations; noted deficiencies... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security systems and equipment... systems and equipment maintenance. (a) Security systems and equipment must be in good working order and...

Providing security for automated process control systems at hydropower engineering facilities

NASA Astrophysics Data System (ADS)

Vasiliev, Y. S.; Zegzhda, P. D.; Zegzhda, D. P.

2016-12-01

This article suggests the concept of a cyberphysical system to manage computer security of automated process control systems at hydropower engineering facilities. According to the authors, this system consists of a set of information processing tools and computer-controlled physical devices. Examples of cyber attacks on power engineering facilities are provided, and a strategy of improving cybersecurity of hydropower engineering systems is suggested. The architecture of the multilevel protection of the automated process control system (APCS) of power engineering facilities is given, including security systems, control systems, access control, encryption, secure virtual private network of subsystems for monitoring and analysis of security events. The distinctive aspect of the approach is consideration of interrelations and cyber threats, arising when SCADA is integrated with the unified enterprise information system.

Evaluation of power system security and development of transmission pricing method

NASA Astrophysics Data System (ADS)

Kim, Hyungchul

The electric power utility industry is presently undergoing a change towards the deregulated environment. This has resulted in unbundling of generation, transmission and distribution services. The introduction of competition into unbundled electricity services may lead system operation closer to its security boundaries resulting in smaller operating safety margins. The competitive environment is expected to lead to lower price rates for customers and higher efficiency for power suppliers in the long run. Under this deregulated environment, security assessment and pricing of transmission services have become important issues in power systems. This dissertation provides new methods for power system security assessment and transmission pricing. In power system security assessment, the following issues are discussed (1) The description of probabilistic methods for power system security assessment; (2) The computation time of simulation methods; (3) on-line security assessment for operation. A probabilistic method using Monte-Carlo simulation is proposed for power system security assessment. This method takes into account dynamic and static effects corresponding to contingencies. Two different Kohonen networks, Self-Organizing Maps and Learning Vector Quantization, are employed to speed up the probabilistic method. The combination of Kohonen networks and Monte-Carlo simulation can reduce computation time in comparison with straight Monte-Carlo simulation. A technique for security assessment employing Bayes classifier is also proposed. This method can be useful for system operators to make security decisions during on-line power system operation. This dissertation also suggests an approach for allocating transmission transaction costs based on reliability benefits in transmission services. The proposed method shows the transmission transaction cost of reliability benefits when transmission line capacities are considered. The ratio between allocation by transmission line capacity-use and allocation by reliability benefits is computed using the probability of system failure.

Computer-aided diagnosis workstation and teleradiology network system for chest diagnosis using the web medical image conference system with a new information security solution

NASA Astrophysics Data System (ADS)

Satoh, Hitoshi; Niki, Noboru; Eguchi, Kenji; Ohmatsu, Hironobu; Kaneko, Masahiro; Kakinuma, Ryutaro; Moriyama, Noriyuki

2010-03-01

Diagnostic MDCT imaging requires a considerable number of images to be read. Moreover, the doctor who diagnoses a medical image is insufficient in Japan. Because of such a background, we have provided diagnostic assistance methods to medical screening specialists by developing a lung cancer screening algorithm that automatically detects suspected lung cancers in helical CT images, a coronary artery calcification screening algorithm that automatically detects suspected coronary artery calcification and a vertebra body analysis algorithm for quantitative evaluation of osteoporosis. We also have developed the teleradiology network system by using web medical image conference system. In the teleradiology network system, the security of information network is very important subjects. Our teleradiology network system can perform Web medical image conference in the medical institutions of a remote place using the web medical image conference system. We completed the basic proof experiment of the web medical image conference system with information security solution. We can share the screen of web medical image conference system from two or more web conference terminals at the same time. An opinion can be exchanged mutually by using a camera and a microphone that are connected with the workstation that builds in some diagnostic assistance methods. Biometric face authentication used on site of teleradiology makes "Encryption of file" and "Success in login" effective. Our Privacy and information security technology of information security solution ensures compliance with Japanese regulations. As a result, patients' private information is protected. Based on these diagnostic assistance methods, we have developed a new computer-aided workstation and a new teleradiology network that can display suspected lesions three-dimensionally in a short time. The results of this study indicate that our radiological information system without film by using computer-aided diagnosis workstation and our teleradiology network system can increase diagnostic speed, diagnostic accuracy and security improvement of medical information.

Using RFID to enhance security in off-site data storage.

PubMed

Lopez-Carmona, Miguel A; Marsa-Maestre, Ivan; de la Hoz, Enrique; Velasco, Juan R

2010-01-01

Off-site data storage is one of the most widely used strategies in enterprises of all sizes to improve business continuity. In medium-to-large size enterprises, the off-site data storage processes are usually outsourced to specialized providers. However, outsourcing the storage of critical business information assets raises serious security considerations, some of which are usually either disregarded or incorrectly addressed by service providers. This article reviews these security considerations and presents a radio frequency identification (RFID)-based, off-site, data storage management system specifically designed to address security issues. The system relies on a set of security mechanisms or controls that are arranged in security layers or tiers to balance security requirements with usability and costs. The system has been successfully implemented, deployed and put into production. In addition, an experimental comparison with classical bar-code-based systems is provided, demonstrating the system's benefits in terms of efficiency and failure prevention.

Model-Driven Configuration of SELinux Policies

NASA Astrophysics Data System (ADS)

Agreiter, Berthold; Breu, Ruth

The need for access control in computer systems is inherent. However, the complexity to configure such systems is constantly increasing which affects the overall security of a system negatively. We think that it is important to define security requirements on a non-technical level while taking the application domain into respect in order to have a clear and separated view on security configuration (i.e. unblurred by technical details). On the other hand, security functionality has to be tightly integrated with the system and its development process in order to provide comprehensive means of enforcement. In this paper, we propose a systematic approach based on model-driven security configuration to leverage existing operating system security mechanisms (SELinux) for realising access control. We use UML models and develop a UML profile to satisfy these needs. Our goal is to exploit a comprehensive protection mechanism while rendering its security policy manageable by a domain specialist.

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2011 CFR

2011-01-01

... training in system/application life cycle management, risk management, and contingency planning. (4) Chief... security management, system/application life cycle management, risk management, and contingency planning..., risk management, and contingency planning. (b) Provide the Federal information systems security...

Development of an Independent Locking Securement System for Mobility Aids on Public Transportation Vehicles

DOT National Transportation Integrated Search

1992-12-01

The Independent Locking Securement System Project (ILS System Project) is a : successful attempt to respond to the transportation community's need for a : "universal" securement/restraint system that will accommodate most wheeled : mobility aids, inc...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2010 CFR

2010-01-01

... training in system/application life cycle management, risk management, and contingency planning. (4) Chief... security management, system/application life cycle management, risk management, and contingency planning..., risk management, and contingency planning. (b) Provide the Federal information systems security...

Implementation and evaluation of an efficient secure computation system using ‘R’ for healthcare statistics

PubMed Central

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-01-01

Background and objective While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Materials and methods Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software ‘R’ by effectively combining secret-sharing-based secure computation with original computation. Results Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50 000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. Discussion If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using ‘R’ that works interactively while secure computation protocols generally require a significant amount of processing time. Conclusions We propose a secure statistical analysis system using ‘R’ for medical data that effectively integrates secret-sharing-based secure computation and original computation. PMID:24763677

Implementation and evaluation of an efficient secure computation system using 'R' for healthcare statistics.

PubMed

Chida, Koji; Morohashi, Gembu; Fuji, Hitoshi; Magata, Fumihiko; Fujimura, Akiko; Hamada, Koki; Ikarashi, Dai; Yamamoto, Ryuichi

2014-10-01

While the secondary use of medical data has gained attention, its adoption has been constrained due to protection of patient privacy. Making medical data secure by de-identification can be problematic, especially when the data concerns rare diseases. We require rigorous security management measures. Using secure computation, an approach from cryptography, our system can compute various statistics over encrypted medical records without decrypting them. An issue of secure computation is that the amount of processing time required is immense. We implemented a system that securely computes healthcare statistics from the statistical computing software 'R' by effectively combining secret-sharing-based secure computation with original computation. Testing confirmed that our system could correctly complete computation of average and unbiased variance of approximately 50,000 records of dummy insurance claim data in a little over a second. Computation including conditional expressions and/or comparison of values, for example, t test and median, could also be correctly completed in several tens of seconds to a few minutes. If medical records are simply encrypted, the risk of leaks exists because decryption is usually required during statistical analysis. Our system possesses high-level security because medical records remain in encrypted state even during statistical analysis. Also, our system can securely compute some basic statistics with conditional expressions using 'R' that works interactively while secure computation protocols generally require a significant amount of processing time. We propose a secure statistical analysis system using 'R' for medical data that effectively integrates secret-sharing-based secure computation and original computation. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

5 CFR 9701.101 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES... establishment of a new human resources management system within the Department of Homeland Security (DHS), as...

Towards the cyber security paradigm of ehealth: Resilience and design aspects

NASA Astrophysics Data System (ADS)

Rajamäki, Jyri; Pirinen, Rauno

2017-06-01

Digital technologies have significantly changed the role of healthcare clients in seeking and receiving medical help, as well as brought up more cooperative policy issues in healthcare cross-border services. Citizens continue to take a more co-creative role in decisions about their own healthcare, and new technologies can enable and facilitate this emergent trend. In this study, healthcare services have been intended as a critical societal sector and therefore healthcare systems are focused on as critical infrastructures that ought to be protected from all types of fears, including cyber security threats and attacks. Despite continual progress in the systemic risk management of cyber domain, it is clear that anticipation and prevention of all possible types of attack and malfunction are not achievable for current or future cyber infrastructures. This study focuses on the investigation of a cyber security paradigm, adaptive systems and sense of resilience in a healthcare critical information infrastructure.

Methods and implementation of a central biosample and data management in a three-centre clinical study.

PubMed

Angelow, Aniela; Schmidt, Matthias; Weitmann, Kerstin; Schwedler, Susanne; Vogt, Hannes; Havemann, Christoph; Hoffmann, Wolfgang

2008-07-01

In our report we describe concept, strategies and implementation of a central biosample and data management (CSDM) system in the three-centre clinical study of the Transregional Collaborative Research Centre "Inflammatory Cardiomyopathy - Molecular Pathogenesis and Therapy" SFB/TR 19, Germany. Following the requirements of high system resource availability, data security, privacy protection and quality assurance, a web-based CSDM was developed based on Java 2 Enterprise Edition using an Oracle database. An efficient and reliable sample documentation system using bar code labelling, a partitioning storage algorithm and an online documentation software was implemented. An online electronic case report form is used to acquire patient-related data. Strict rules for access to the online applications and secure connections are used to account for privacy protection and data security. Challenges for the implementation of the CSDM resided at project, technical and organisational level as well as at staff level.

Situated Usability Testing for Security Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Greitzer, Frank L.

2011-03-02

While usability testing is well established, assessing the usability of security software, tools, or methods deserves more careful consideration. It has been argued that dealing with security has become too difficult for individuals or organizations to manage effectively or to use conveniently. As difficult as it is for system administrators and developers to deal with, security is even more challenging for casual users. Indeed, it is much too easy for casual/home users to configure the security of their systems in non-optimal ways that leave their systems inadvertently insecure. This is exacerbated by the fact that casual users are focused onmore » matters other than security, and likely would prefer not even to think about security. This brief report argues that when security and/or privacy are part of the equation, traditional methods for usability testing should be re-considered. The purpose of this brief report is to argue for and outline a method associated with a new approach to usability testing for examining usable security issues.« less

Implementing a High-Assurance Smart-Card OS

NASA Astrophysics Data System (ADS)

Karger, Paul A.; Toll, David C.; Palmer, Elaine R.; McIntosh, Suzanne K.; Weber, Samuel; Edwards, Jonathan W.

Building a high-assurance, secure operating system for memory constrained systems, such as smart cards, introduces many challenges. The increasing power of smart cards has made their use feasible in applications such as electronic passports, military and public sector identification cards, and cell-phone based financial and entertainment applications. Such applications require a secure environment, which can only be provided with sufficient hardware and a secure operating system. We argue that smart cards pose additional security challenges when compared to traditional computer platforms. We discuss our design for a secure smart card operating system, named Caernarvon, and show that it addresses these challenges, which include secure application download, protection of cryptographic functions from malicious applications, resolution of covert channels, and assurance of both security and data integrity in the face of arbitrary power losses.

Finite-Time Performance of Local Search Algorithms: Theory and Application

DTIC Science & Technology

2010-06-10

security devices deployed at airport security checkpoints are used to detect prohibited items (e.g., guns, knives, explosives). Each security device...security devices are deployed, the practical issue of determining how to optimally use them can be difficult. For an airport security system design...checked baggage), explosive detection systems (designed to detect explosives in checked baggage), and detailed hand search by an airport security official

Urban Ecological Security Simulation and Prediction Using an Improved Cellular Automata (CA) Approach-A Case Study for the City of Wuhan in China.

PubMed

Gao, Yuan; Zhang, Chuanrong; He, Qingsong; Liu, Yaolin

2017-06-15

Ecological security is an important research topic, especially urban ecological security. As highly populated eco-systems, cities always have more fragile ecological environments. However, most of the research on urban ecological security in literature has focused on evaluating current or past status of the ecological environment. Very little literature has carried out simulation or prediction of future ecological security. In addition, there is even less literature exploring the urban ecological environment at a fine scale. To fill-in the literature gap, in this study we simulated and predicted urban ecological security at a fine scale (district level) using an improved Cellular Automata (CA) approach. First we used the pressure-state-response (PSR) method based on grid-scale data to evaluate urban ecological security. Then, based on the evaluation results, we imported the geographically weighted regression (GWR) concept into the CA model to simulate and predict urban ecological security. We applied the improved CA approach in a case study-simulating and predicting urban ecological security for the city of Wuhan in Central China. By comparing the simulated ecological security values from 2010 using the improved CA model to the actual ecological security values of 2010, we got a relatively high value of the kappa coefficient, which indicates that this CA model can simulate or predict well future development of ecological security in Wuhan. Based on the prediction results for 2020, we made some policy recommendations for each district in Wuhan.

Use of a secure Internet Web site for collaborative medical research.

PubMed

Marshall, W W; Haley, R W

2000-10-11

Researchers who collaborate on clinical research studies from diffuse locations need a convenient, inexpensive, secure way to record and manage data. The Internet, with its World Wide Web, provides a vast network that enables researchers with diverse types of computers and operating systems anywhere in the world to log data through a common interface. Development of a Web site for scientific data collection can be organized into 10 steps, including planning the scientific database, choosing a database management software system, setting up database tables for each collaborator's variables, developing the Web site's screen layout, choosing a middleware software system to tie the database software to the Web site interface, embedding data editing and calculation routines, setting up the database on the central server computer, obtaining a unique Internet address and name for the Web site, applying security measures to the site, and training staff who enter data. Ensuring the security of an Internet database requires limiting the number of people who have access to the server, setting up the server on a stand-alone computer, requiring user-name and password authentication for server and Web site access, installing a firewall computer to prevent break-ins and block bogus information from reaching the server, verifying the identity of the server and client computers with certification from a certificate authority, encrypting information sent between server and client computers to avoid eavesdropping, establishing audit trails to record all accesses into the Web site, and educating Web site users about security techniques. When these measures are carefully undertaken, in our experience, information for scientific studies can be collected and maintained on Internet databases more efficiently and securely than through conventional systems of paper records protected by filing cabinets and locked doors. JAMA. 2000;284:1843-1849.

NASA Electronic Library System (NELS): The system impact of security

NASA Technical Reports Server (NTRS)

Mcgregor, Terry L.

1993-01-01

This paper discusses security issues as they relate to the NASA Electronic Library System which is currently in use as the repository system for AdaNET System Version 3 (ASV3) being operated by MountainNET, Inc. NELS was originally designed to provide for public, development, and secure collections and objects. The secure feature for collections and objects was deferred in the initial system for implementation at a later date. The NELS system is now 9 months old and many lessons have been learned about the use and maintenance of library systems. MountainNET has 9 months of experience in operating the system and gathering feedback from the ASV3 user community. The user community has expressed an interest in seeing security features implemented in the current system. The time has come to take another look at the whole issue of security for the NELS system. Two requirements involving security have been put forth by MountainNET for the ASV3 system. The first is to incorporate at the collection level a security scheme to allow restricted access to collections. This should be invisible to end users and be controlled by librarians. The second is to allow inclusion of applications which can be executed only by a controlled group of users; for example, an application which can be executed by librarians only. The requirements provide a broad framework in which to work. These requirements raise more questions than answers. To explore the impact of these requirements a top down approach will be used.

Merging leadership and innovation to secure a large health system.

PubMed

Bellino, Joseph V; Shaw, Sharon

2014-01-01

In this article the security system executive for a 13-hospital system spells out how partnering with capable and motivated vendors and gaining the cooperation of other departments enabled him to convert disparate security systems with equipment from multiple manufacturers into a cost-effective centralized system.

77 FR 60401 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-03

... computer password protection.'' * * * * * System manager(s) and address: Delete entry and replace with...; Systems of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to amend a system of records. SUMMARY: The National Security Agency (NSA) is proposing to amend a system of...

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lee, Hsien-Hsin S

The overall objective of this research project is to develop novel architectural techniques as well as system software to achieve a highly secure and intrusion-tolerant computing system. Such system will be autonomous, self-adapting, introspective, with self-healing capability under the circumstances of improper operations, abnormal workloads, and malicious attacks. The scope of this research includes: (1) System-wide, unified introspection techniques for autonomic systems, (2) Secure information-flow microarchitecture, (3) Memory-centric security architecture, (4) Authentication control and its implication to security, (5) Digital right management, (5) Microarchitectural denial-of-service attacks on shared resources. During the period of the project, we developed several architectural techniquesmore » and system software for achieving a robust, secure, and reliable computing system toward our goal.« less

Privacy Act System of Records: Medical and Research Study Records of Human Volunteers, EPA-34

EPA Pesticide Factsheets

Learn about the Medical and Research Study Records of Human Volunteers System, including who is covered in the system, the purpose of data collection, routine uses for the system's records, and other security procedures.

Risk assessment for sustainable food security in China according to integrated food security--taking Dongting Lake area for example.

PubMed

Qi, Xiaoxing; Liu, Liming; Liu, Yabin; Yao, Lan

2013-06-01

Integrated food security covers three aspects: food quantity security, food quality security, and sustainable food security. Because sustainable food security requires that food security must be compatible with sustainable development, the risk assessment of sustainable food security is becoming one of the most important issues. This paper mainly focuses on the characteristics of sustainable food security problems in the major grain-producing areas in China. We establish an index system based on land resources and eco-environmental conditions and apply a dynamic assessment method based on status assessments and trend analysis models to overcome the shortcomings of the static evaluation method. Using fuzzy mathematics, the risks are categorized into four grades: negligible risk, low risk, medium risk, and high risk. A case study was conducted in one of China's major grain-producing areas: Dongting Lake area. The results predict that the status of the sustainable food security in the Dongting Lake area is unsatisfactory for the foreseeable future. The number of districts at the medium-risk range will increase from six to ten by 2015 due to increasing population pressure, a decrease in the cultivated area, and a decrease in the effective irrigation area. Therefore, appropriate policies and measures should be put forward to improve it. The results could also provide direct support for an early warning system-which could be used to monitor food security trends or nutritional status so to inform policy makers of impending food shortages-to prevent sustainable food security risk based on some classical systematic methods. This is the first research of sustainable food security in terms of risk assessment, from the perspective of resources and the environment, at the regional scale.

Security credentials management system (SCMS) design and analysis for the connected vehicle system : draft.

DOT National Transportation Integrated Search

2013-12-27

This report presents an analysis by Booz Allen Hamilton (Booz Allen) of the technical design for the Security Credentials Management System (SCMS) intended to support communications security for the connected vehicle system. The SCMS technical design...

Security warning system monitors up to fifteen remote areas simultaneously

NASA Technical Reports Server (NTRS)

Fusco, R. C.

1966-01-01

Security warning system consisting of 15 television cameras is capable of monitoring several remote or unoccupied areas simultaneously. The system uses a commutator and decommutator, allowing time-multiplexed video transmission. This security system could be used in industrial and retail establishments.

5 CFR 9701.373 - Conversion of employees to the DHS pay system.

Code of Federal Regulations, 2010 CFR

2010-01-01

... system. 9701.373 Section 9701.373 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Transitional Provisions...

Security Information and Event Management Tools and Insider Threat Detection

DTIC Science & Technology

2013-09-01

Orebaugh, A., Scholl , M., & Stine, K. (2011, September). Information security continuous monitoring (ISCM) for federal information systems and...E., Conway, T., Keverline, S., Williams , M., Capelli, D., Willke, B., & Moore, A. (2008, January). Insider threat study: illicit cyber activity in

Cyber secure systems approach for NPP digital control systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

McCreary, T. J.; Hsu, A.

2006-07-01

Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant andmore » distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from an intruder attempting to disrupt network communications by entering the system from an attached utility network or utilizing a modem connected to a control system PC that is in turn connected to a publicly accessible phone; 2)Threat from a user connecting an unauthorized computer to the control network; 3)Threat from a security attack when an unauthorized user gains access to a PC connected to the plant network;. 4)Threat from internal disruption (by plant staff, whether, malicious or otherwise) by unauthorized usage of files or file handling media that opens the system to security threat (as typified in current situation in most control rooms). The plant I and C system cyber security design and the plant specific procedures should adequately demonstrate protection from the four pertinent classes of cyber security attacks. The combination of these features should demonstrate that the system is not vulnerable to any analyzed cyber security attacks either from internal sources or through network connections. The authors will provide configurations that will demonstrate the Cyber Security Zone. (authors)« less

Prospective relations between family conflict and adolescent maladjustment: security in the family system as a mediating process.

PubMed

Cummings, E Mark; Koss, Kalsea J; Davies, Patrick T

2015-04-01

Conflict in specific family systems (e.g., interparental, parent-child) has been implicated in the development of a host of adjustment problems in adolescence, but little is known about the impact of family conflict involving multiple family systems. Furthermore, questions remain about the effects of family conflict on symptoms of specific disorders and adjustment problems and the processes mediating these effects. The present study prospectively examines the impact of family conflict and emotional security about the family system on adolescent symptoms of specific disorders and adjustment problems, including the development of symptoms of anxiety, depression, conduct problems, and peer problems. Security in the family system was examined as a mediator of these relations. Participants included 295 mother-father-adolescent families (149 girls) participating across three annual time points (grades 7-9). Including auto-regressive controls for initial levels of emotional insecurity and multiple adjustment problems (T1), higher-order emotional insecurity about the family system (T2) mediated relations between T1 family conflict and T3 peer problems, anxiety, and depressive symptoms. Further analyses supported specific patterns of emotional security/insecurity (i.e., security, disengagement, preoccupation) as mediators between family conflict and specific domains of adolescent adjustment. Family conflict was thus found to prospectively predict the development of symptoms of multiple specific adjustment problems, including symptoms of depression, anxiety, conduct problems, and peer problems, by elevating in in adolescent's emotional insecurity about the family system. The clinical implications of these findings are considered.

Restricted access processor - An application of computer security technology

NASA Technical Reports Server (NTRS)

Mcmahon, E. M.

1985-01-01

This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

An analysis of Indonesia’s information security index: a case study in a public university

NASA Astrophysics Data System (ADS)

Yustanti, W.; Qoiriah, A.; Bisma, R.; Prihanto, A.

2018-01-01

Ministry of Communication and Informatics of the Republic of Indonesia has issued the regulation number 4-2016 about Information Security Management System (ISMS) for all kind organizations. Public university as a government institution must apply this standard to assure its level of information security has complied ISO 27001:2013. This research is a preliminary study to evaluate the readiness of university IT services (case study in a public university) meets the requirement of ISO 27001:2013 using the Indonesia’s Information Security Index (IISI). There are six parameters used to measure the level of information security, these are the ICT role, governance, risk management, framework, asset management and technology. Each parameter consists of serial questions which must be answered and convert to a numeric value. The result shows the level of readiness and maturity to apply ISO 27001 standard.

The underutilization of street markets as a source of food security indicators in famine early warning systems: a case study of Ethiopia.

PubMed

Companion, Michèle

2008-09-01

Famine Early Warning Systems (EWS) are reliant on data aggregated from multiple sources. Consequently, they are often insensitive to localized changes in food security status, leading to delayed response or interventions. While price and infrastructural data are often gathered, this case study suggests that local street markets and vendor knowledge are underutilized. Few efforts have been made to monitor systematically the street markets as an indicator of local stressors. Findings from Ethiopia show that knowledge generated by expanding food security indicators in this sector can be used in combination with EWS to facilitate earlier intervention in, or to monitor more effectively, on-going humanitarian crises. Indicators developed from this study are accurate, cost effective, and sensitive to local climatic and food stressors.

Water security evaluation in Yellow River basin

NASA Astrophysics Data System (ADS)

Jiang, Guiqin; He, Liyuan; Jing, Juan

2018-03-01

Water security is an important basis for making water security protection strategy, which concerns regional economic and social sustainable development. In this paper, watershed water security evaluation index system including 3 levels of 5 criterion layers (water resources security, water ecological security and water environment security, water disasters prevention and control security and social economic security) and 24 indicators were constructed. The entropy weight method was used to determine the weights of the indexes in the system. The water security index of 2000, 2005, 2010 and 2015 in Yellow River basin were calculated by linear weighting method based on the relative data. Results show that the water security conditions continue to improve in Yellow River basin but still in a basic security state. There is still a long way to enhance the water security in Yellow River basin, especially the water prevention and control security, the water ecological security and water environment security need to be promoted vigorously.

31 CFR 357.22 - Transfers.

Code of Federal Regulations, 2010 CFR

2010-07-01

... AND BILLS HELD IN LEGACY TREASURY DIRECT Legacy Treasury Direct Book-Entry Securities System (Legacy...-entry system, and TreasuryDirect ®. A security may also be transferred between accounts in Legacy... system. A transfer of a security from Legacy Treasury Direct to the commercial book-entry system is...

32 CFR 637.20 - Security surveillance systems.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 4 2010-07-01 2010-07-01 true Security surveillance systems. 637.20 Section 637... ENFORCEMENT AND CRIMINAL INVESTIGATIONS MILITARY POLICE INVESTIGATION Investigations § 637.20 Security surveillance systems. Closed circuit video recording systems, to include those with an audio capability, may be...

49 CFR 234.211 - Security of warning system apparatus.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 4 2014-10-01 2014-10-01 false Security of warning system apparatus. 234.211 Section 234.211 Transportation Other Regulations Relating to Transportation (Continued) FEDERAL RAILROAD....211 Security of warning system apparatus. Highway-rail grade crossing warning system apparatus shall...

49 CFR 234.211 - Security of warning system apparatus.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 49 Transportation 4 2013-10-01 2013-10-01 false Security of warning system apparatus. 234.211 Section 234.211 Transportation Other Regulations Relating to Transportation (Continued) FEDERAL RAILROAD....211 Security of warning system apparatus. Highway-rail grade crossing warning system apparatus shall...

49 CFR 234.211 - Security of warning system apparatus.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 49 Transportation 4 2012-10-01 2012-10-01 false Security of warning system apparatus. 234.211 Section 234.211 Transportation Other Regulations Relating to Transportation (Continued) FEDERAL RAILROAD....211 Security of warning system apparatus. Highway-rail grade crossing warning system apparatus shall...

System and method for key generation in security tokens

DOE Office of Scientific and Technical Information (OSTI.GOV)

Evans, Philip G.; Humble, Travis S.; Paul, Nathanael R.

Functional randomness in security tokens (FRIST) may achieve improved security in two-factor authentication hardware tokens by improving on the algorithms used to securely generate random data. A system and method in one embodiment according to the present invention may allow for security of a token based on storage cost and computational security. This approach may enable communication where security is no longer based solely on onetime pads (OTPs) generated from a single cryptographic function (e.g., SHA-256).

Design and develop a video conferencing framework for real-time telemedicine applications using secure group-based communication architecture.

PubMed

Mat Kiah, M L; Al-Bakri, S H; Zaidan, A A; Zaidan, B B; Hussain, Muzammil

2014-10-01

One of the applications of modern technology in telemedicine is video conferencing. An alternative to traveling to attend a conference or meeting, video conferencing is becoming increasingly popular among hospitals. By using this technology, doctors can help patients who are unable to physically visit hospitals. Video conferencing particularly benefits patients from rural areas, where good doctors are not always available. Telemedicine has proven to be a blessing to patients who have no access to the best treatment. A telemedicine system consists of customized hardware and software at two locations, namely, at the patient's and the doctor's end. In such cases, the video streams of the conferencing parties may contain highly sensitive information. Thus, real-time data security is one of the most important requirements when designing video conferencing systems. This study proposes a secure framework for video conferencing systems and a complete management solution for secure video conferencing groups. Java Media Framework Application Programming Interface classes are used to design and test the proposed secure framework. Real-time Transport Protocol over User Datagram Protocol is used to transmit the encrypted audio and video streams, and RSA and AES algorithms are used to provide the required security services. Results show that the encryption algorithm insignificantly increases the video conferencing computation time.

Perceived parental security profiles in African American adolescents involved in the juvenile justice system.

PubMed

Andretta, James R; Ramirez, Aaron M; Barnes, Michael E; Odom, Terri; Roberson-Adams, Shelia; Woodland, Malcolm H

2015-12-01

Many researchers have shown the importance of parent attachment in childhood and adolescence. The present study extends the attachment literature to African Americans involved in the juvenile justice system (N = 213), and provides an initial inquiry using person-oriented methods. The average age was 16.17 years (SD = 1.44), and the sample was predominantly male (71%). Results of a confirmatory factor analysis of Inventory of Parent and Peer Attachment-Short Form (IPPA-S) scores supported a 3-factor model: (a) Communication, (b) Trust, and (c) Alienation. Model-based clustering was applied to IPPA-S scores, and results pointed to 4 perceived parental security profiles: high security, moderately high security, moderately low security, and low security. In keeping with our hypotheses, IPPA-S profiles were associated with prosocial behaviors, depression, anxiety, and oppositional defiance. Contrary to hypotheses, IPPA-S profiles were not associated with perspective taking, emotional concern, or behaviors characteristic of a conduct disorder. Results also showed that gender, age, family member with whom the participant resides, charge severity, and offense history did not have an effect on IPPA-S clustering. Implications for therapeutic jurisprudence in African Americans involved with the juvenile justice system are provided. (c) 2015 APA, all rights reserved).

20 CFR 404.1903 - Negotiating totalization agreements.

Code of Federal Regulations, 2010 CFR

2010-04-01

... security system of general application in effect. The system shall be considered to be in effect if it is collecting social security taxes or paying social security benefits. ... Section 404.1903 Employees' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD-AGE, SURVIVORS AND...

A Hierarchical Security Architecture for Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Quanyan Zhu; Tamer Basar

2011-08-01

Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.

A study on agent-based secure scheme for electronic medical record system.

PubMed

Chen, Tzer-Long; Chung, Yu-Fang; Lin, Frank Y S

2012-06-01

Patient records, including doctors' diagnoses of diseases, trace of treatments and patients' conditions, nursing actions, and examination results from allied health profession departments, are the most important medical records of patients in medical systems. With patient records, medical staff can instantly understand the entire medical information of a patient so that, according to the patient's conditions, more accurate diagnoses and more appropriate in-depth treatments can be provided. Nevertheless, in such a modern society with booming information technologies, traditional paper-based patient records have faced a lot of problems, such as lack of uniform formats, low data mobility, slow data transfer, illegible handwritings, enormous and insufficient storage space, difficulty of conservation, being easily damaged, and low transferability. To improve such drawbacks, reduce medical costs, and advance medical quality, paper-based patient records are modified into electronic medical records and reformed into electronic patient records. However, since electronic patient records used in various hospitals are diverse and different, in consideration of cost, it is rather difficult to establish a compatible and complete integrated electronic patient records system to unify patient records from heterogeneous systems in hospitals. Moreover, as the booming of the Internet, it is no longer necessary to build an integrated system. Instead, doctors can instantly look up patients' complete information through the Internet access to electronic patient records as well as avoid the above difficulties. Nonetheless, the major problem of accessing to electronic patient records cross-hospital systems exists in the security of transmitting and accessing to the records in case of unauthorized medical personnels intercepting or stealing the information. This study applies the Mobile Agent scheme to cope with the problem. Since a Mobile Agent is a program, which can move among hosts and automatically disperse arithmetic processes, and moves from one host to another in heterogeneous network systems with the characteristics of autonomy and mobility, decreasing network traffic, reducing transfer lag, encapsulating protocol, availability on heterogeneous platforms, fault-tolerance, high flexibility, and personalization. However, since a Mobile Agent contacts and exchanges information with other hosts or agents on the Internet for rapid exchange and access to medical information, the security is threatened. In order to solve the problem, this study proposes a key management scheme based on Lagrange interpolation formulas and hierarchical management structure to make Mobile Agents a more secure and efficient access control scheme for electronic patient record systems when applied to the access of patients' personal electronic patient records cross hospitals. Meanwhile, with the comparison of security and efficacy analyses being the feasibility of validation scheme and the basis of better efficiency, the security of Mobile Agents in the process of operation can be guaranteed, key management efficacy can be advanced, and the security of the Mobile Agent system can be protected.

A Method for Evaluating Information Security Governance (ISG) Components in Banking Environment

NASA Astrophysics Data System (ADS)

Ula, M.; Ula, M.; Fuadi, W.

2017-02-01

As modern banking increasingly relies on the internet and computer technologies to operate their businesses and market interactions, the threats and security breaches have highly increased in recent years. Insider and outsider attacks have caused global businesses lost trillions of Dollars a year. Therefore, that is a need for a proper framework to govern the information security in the banking system. The aim of this research is to propose and design an enhanced method to evaluate information security governance (ISG) implementation in banking environment. This research examines and compares the elements from the commonly used information security governance frameworks, standards and best practices. Their strength and weakness are considered in its approaches. The initial framework for governing the information security in banking system was constructed from document review. The framework was categorized into three levels which are Governance level, Managerial level, and technical level. The study further conducts an online survey for banking security professionals to get their professional judgment about the ISG most critical components and the importance for each ISG component that should be implemented in banking environment. Data from the survey was used to construct a mathematical model for ISG evaluation, component importance data used as weighting coefficient for the related component in the mathematical model. The research further develops a method for evaluating ISG implementation in banking based on the mathematical model. The proposed method was tested through real bank case study in an Indonesian local bank. The study evidently proves that the proposed method has sufficient coverage of ISG in banking environment and effectively evaluates the ISG implementation in banking environment.

Information Security and Integrity Systems

NASA Technical Reports Server (NTRS)

1990-01-01

Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

Security and Privacy in Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fink, Glenn A.; Edgar, Thomas W.; Rice, Theora R.

As you have seen from the previous chapters, cyber-physical systems (CPS) are broadly used across technology and industrial domains. While these systems enable process optimization and efficiency and allow previously impossible functionality, security and privacy are key concerns for their design, development, and operation. CPS have been key components utilized in some of the highest publicized security breaches over the last decade. In this chapter, we will look over the CPS described in the previous chapters from a security perspective. In this chapter, we explain classical information and physical security fundamentals in the context of CPS and contextualize them acrossmore » application domains. We give examples where the interplay of functionality and diverse communication can introduce unexpected vulnerabilities and produce larger impacts. We will discuss how CPS security and privacy is inherently different from that of pure cyber or physical systems and what may be done to secure these systems, considering their emergent cyber-physical properties. Finally, we will discuss security and privacy implications of merging infrastructural and personal CPS. Our hope is to impart the knowledge of what CPS security and privacy are, why they are important, and explain existing processes and challenges.« less

Aviation security : vulnerabilities still exist in the aviation security system

DOT National Transportation Integrated Search

2000-04-06

The testimony today discusses the Federal Aviation Administration's (FAA) efforts to implement and improve security in two key areas: air traffic control computer systems and airport passenger screening checkpoints. Computer systems-and the informati...

76 FR 18445 - Financial Market Utilities

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-04

... IOSCO jointly issued a set of minimum standards for securities settlement systems (the ``Recommendations for Securities Settlement Systems''). In 2004, the CPSS and IOSCO jointly published recommendations...,'' and collectively with the Recommendations for Securities Settlement Systems, the ``CPSS-IOSCO...

Optical smart card using semipassive communication.

PubMed

Glaser, I; Green, Shlomo; Dimkov, Ilan

2006-03-15

An optical secure short-range communication system is presented. The mobile unit (optical smart card) of this system utilizes a retroreflector with an optical modulator, using light from the stationary unit; this mobile unit has very low power consumption and can be as small as a credit card. Such optical smart cards offer better security than RF-based solutions, yet do not require physical contact. Results from a feasibility study model are included.

Optical smart card using semipassive communication

NASA Astrophysics Data System (ADS)

Glaser, I.; Green, Shlomo; Dimkov, Ilan

2006-03-01

An optical secure short-range communication system is presented. The mobile unit (optical smart card) of this system utilizes a retroreflector with an optical modulator, using light from the stationary unit; this mobile unit has very low power consumption and can be as small as a credit card. Such optical smart cards offer better security than RF-based solutions, yet do not require physical contact. Results from a feasibility study model are included.

The Economic Impact of the Homeland Security Advisory System: The Cost of Heightened Border Security

DTIC Science & Technology

2008-12-01

the United States. Secondary economic impacts of the HSAS such as the airline industry , lost tourism , and retail business from cross-border...Ontario and its businesses. The study is aimed at the trucking, automotive, and tourism industries ; and how they are impacted by border delays. The...19 A. DETROIT-WINDSOR AND THE AUTOMOTIVE INDUSTRY ............19 B. THE AMBASSADOR BRIDGE SYSTEM .................................................21

76 FR 28795 - Privacy Act of 1974; Department of Homeland Security United States Coast Guard-024 Auxiliary...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-18

... 1974; Department of Homeland Security United States Coast Guard-024 Auxiliary Database System of... Security/United States Coast Guard-024 Auxiliary Database (AUXDATA) System of Records.'' This system of... titled, ``DHS/USCG-024 Auxiliary Database (AUXDATA) System of Records.'' The AUXDATA system is the USCG's...

12 CFR 615.5560 - Book-entry Procedure for Farm Credit System Financial Assistance Corporation Securities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... OPERATIONS Farm Credit System Financial Assistance Corporation Securities § 615.5560 Book-entry Procedure for Farm Credit System Financial Assistance Corporation Securities. (a) The Farm Credit System Financial... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Book-entry Procedure for Farm Credit System...

75 FR 28253 - Privacy Act of 1974; Notice of new System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-20

... certified by the National Computer Security Association. RETENTION AND DISPOSAL: System records are retained... Agency suspects or has confirmed that the security or confidentiality of information in the system of... security or integrity of this system or other systems or programs (whether maintained by GSA or another...

Model based verification of the Secure Socket Layer (SSL) Protocol for NASA systems

NASA Technical Reports Server (NTRS)

Powell, John D.; Gilliam, David

2004-01-01

The National Aeronautics and Space Administration (NASA) has tens of thousands of networked computer systems and applications. Software Security vulnerabilities present risks such as lost or corrupted data, information theft, and unavailability of critical systems. These risks represent potentially enormous costs to NASA. The NASA Code Q research initiative 'Reducing Software Security Risk (RSSR) Trough an Integrated Approach' offers formal verification of information technology (IT), through the creation of a Software Security Assessment Instrument (SSAI), to address software security risks.

2017 Joint Annual NDIA/AIA Industrial Security Committee Fall Conference

DTIC Science & Technology

2017-11-15

beyond credit data to offer the insights that government professionals need to make informed decisions and ensure citizen safety, manage compliance...business that provides information technology and professional services. We specialize in managing business processes and systems integration for both... Information Security System ISFD Industrial Security Facilities Database OBMS ODAA Business Management System STEPP Security, Training, Education and

24 CFR 350.11 - Notice of Attachment for Ginnie Mae Securities in Book-entry System.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Securities in Book-entry System. 350.11 Section 350.11 Housing and Urban Development Regulations Relating to... AND URBAN DEVELOPMENT BOOK-ENTRY PROCEDURES § 350.11 Notice of Attachment for Ginnie Mae Securities in Book-entry System. The interest of a debtor in a Security Entitlement may be reached by a creditor only...

24 CFR 350.11 - Notice of Attachment for Ginnie Mae Securities in Book-entry System.

Code of Federal Regulations, 2013 CFR

2013-04-01

... Securities in Book-entry System. 350.11 Section 350.11 Housing and Urban Development Regulations Relating to... AND URBAN DEVELOPMENT BOOK-ENTRY PROCEDURES § 350.11 Notice of Attachment for Ginnie Mae Securities in Book-entry System. The interest of a debtor in a Security Entitlement may be reached by a creditor only...

24 CFR 350.11 - Notice of Attachment for Ginnie Mae Securities in Book-entry System.

Code of Federal Regulations, 2012 CFR

2012-04-01

... Securities in Book-entry System. 350.11 Section 350.11 Housing and Urban Development Regulations Relating to... AND URBAN DEVELOPMENT BOOK-ENTRY PROCEDURES § 350.11 Notice of Attachment for Ginnie Mae Securities in Book-entry System. The interest of a debtor in a Security Entitlement may be reached by a creditor only...

Social security status and mortality in Belgian and Spanish male workers.

PubMed

Duran, Xavier; Vanroelen, Christophe; Deboosere, Patrick; Benavides, Fernando G

2016-01-01

To assess differences in mortality rates between social security statuses in two independent samples of Belgian and Spanish male workers. Study of two retrospective cohorts (Belgium, n=23,607; Spain, n=44,385) of 50-60 year old male employees with 4 years of follow-up. Mortality rate ratios (MRR) were estimated using Poisson regression models. Mortality for subjects with permanent disability was higher than for the employed, for both Belgium [MRR=4.56 (95% CI: 2.88-7.21)] and Spain [MRR=7.15 (95% CI: 5.37-9.51)]. For the unemployed/early retirees, mortality was higher in Spain [MRR=1.64 (95% CI: 1.24-2.17)] than in Belgium [MRR=0.88 (95% CI: 0.46-1.71)]. MRR differences between Belgium and Spain for unemployed workers could be partly explained because of differences between the two social security systems. Future studies should further explore mortality differences between countries with different social security systems. Copyright © 2016 SESPAS. Published by Elsevier Espana. All rights reserved.

The strategic measures for the industrial security of small and medium business.

PubMed

Lee, Chang-Moo

2014-01-01

The competitiveness of companies increasingly depends upon whether they possess the cutting-edge or core technology. The technology should be protected from industrial espionage or leakage. A special attention needs to be given to SMB (small and medium business), furthermore, because SMB occupies most of the companies but has serious problems in terms of industrial security. The technology leakages of SMB would account for more than 2/3 of total leakages during last five years. The purpose of this study is, therefore, to analyze the problems of SMB in terms of industrial security and suggest the strategic solutions for SMB in South Korea. The low security awareness and financial difficulties, however, make it difficult for SMB to build the effective security management system which would protect the company from industrial espionage and leakage of its technology. The growing dependence of SMB on network such as internet, in addition, puts the SMB at risk of leaking its technology through hacking or similar ways. It requires new measures to confront and control such a risk. Online security control services and technology deposit system are suggested for such measures.

76 FR 59481 - Ninth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-26

... Control Systems (Update to DO-230B): Agenda October 20, 2011 Welcome/Introductions/Administrative Remarks... 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems. SUMMARY...

76 FR 50811 - Eighth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-16

... Control Systems (Update to DO-230B): Agenda September 15, 2011 Welcome/Introductions/Administrative... Committee 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems. SUMMARY...

24 CFR 350.2 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Security) maintained in the Book-entry System, as set forth in Federal Reserve Bank Operating Circulars. (b...: Book-entry Ginnie Mae Security. A Ginnie Mae Security issued or maintained in the Book-entry System... Reserve Banks. Book-entry System. The automated book-entry system operated by the Federal Reserve Banks...

33 CFR 104.260 - Security systems and equipment maintenance.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security systems and equipment... systems and equipment maintenance. (a) Security systems and equipment must be in good working order and inspected, tested, calibrated and maintained according to the manufacturer's recommendation. (b) The results...

DOE Office of Scientific and Technical Information (OSTI.GOV)

Halbgewachs, Ronald D.; Chavez, Adrian R.

Process Control System (PCS) and Industrial Control System (ICS) security is critical to our national security. But there are a number of technological, economic, and educational impediments to PCS owners implementing effective security on their systems. Sandia National Laboratories has performed the research and development of the OPSAID (Open PCS Security Architecture for Interoperable Design), a project sponsored by the US Department of Energy Office of Electricity Delivery and Energy Reliability (DOE/OE), to address this issue. OPSAID is an open-source architecture for PCS/ICS security that provides a design basis for vendors to build add-on security devices for legacy systems, whilemore » providing a path forward for the development of inherently-secure PCS elements in the future. Using standardized hardware, a proof-of-concept prototype system was also developed. This report describes the improvements and capabilities that have been added to OPSAID since an initial report was released. Testing and validation of this architecture has been conducted in another project, Lemnos Interoperable Security Project, sponsored by DOE/OE and managed by the National Energy Technology Laboratory (NETL).« less

Method for secure electronic voting system: face recognition based approach

NASA Astrophysics Data System (ADS)

Alim, M. Affan; Baig, Misbah M.; Mehboob, Shahzain; Naseem, Imran

2017-06-01

In this paper, we propose a framework for low cost secure electronic voting system based on face recognition. Essentially Local Binary Pattern (LBP) is used for face feature characterization in texture format followed by chi-square distribution is used for image classification. Two parallel systems are developed based on smart phone and web applications for face learning and verification modules. The proposed system has two tire security levels by using person ID followed by face verification. Essentially class specific threshold is associated for controlling the security level of face verification. Our system is evaluated three standard databases and one real home based database and achieve the satisfactory recognition accuracies. Consequently our propose system provides secure, hassle free voting system and less intrusive compare with other biometrics.

Water dependency and water exploitation at global scale as indicators of water security

NASA Astrophysics Data System (ADS)

De Roo, A. P. J.; Beck, H.; Burek, P.; Bernard, B.

2015-12-01

A water dependency index has been developed indicating the dependency of water consumption from upstream sources of water, sometimes across (multiple) national border. This index is calculated at global scale using the 0.1 global LISFLOOD hydrological modelling system forced by WFDEI meteorological data for the timeframe 1979-2012. The global LISFLOOD model simulates the most important hydrological processes, as well as water abstraction and consumption from various sectors, and flood routing, at daily scale, with sub-timesteps for routing and subgrid parameterization related to elevation and landuse. The model contains also options for water allocation, to allow preferences of water use for particular sectors in water scarce periods. LISFLOOD is also used for the Global Flood Awareness System (GloFAS), the European Flood Awareness System (EFAS), continental scale climate change impact studies on floods and droughts. The water dependency indicator is calculated on a monthly basis, and various annual and multiannual indicators are derived from it. In this study, the indicator will be compared against water security areas known from other studies. Other indicators calculated are the Water Exploitation Index (WEI+), which is a commonly use water security indicator in Europe, and freshwater resources per capita indicators at regional, national and river basin scale. Several climate scnearios are run to indicate future trends in water security.

OpenID Connect as a security service in cloud-based medical imaging systems

PubMed Central

Ma, Weina; Sartipi, Kamran; Sharghigoorabi, Hassan; Koff, David; Bak, Peter

2016-01-01

Abstract. The evolution of cloud computing is driving the next generation of medical imaging systems. However, privacy and security concerns have been consistently regarded as the major obstacles for adoption of cloud computing by healthcare domains. OpenID Connect, combining OpenID and OAuth together, is an emerging representational state transfer-based federated identity solution. It is one of the most adopted open standards to potentially become the de facto standard for securing cloud computing and mobile applications, which is also regarded as “Kerberos of cloud.” We introduce OpenID Connect as an authentication and authorization service in cloud-based diagnostic imaging (DI) systems, and propose enhancements that allow for incorporating this technology within distributed enterprise environments. The objective of this study is to offer solutions for secure sharing of medical images among diagnostic imaging repository (DI-r) and heterogeneous picture archiving and communication systems (PACS) as well as Web-based and mobile clients in the cloud ecosystem. The main objective is to use OpenID Connect open-source single sign-on and authorization service and in a user-centric manner, while deploying DI-r and PACS to private or community clouds should provide equivalent security levels to traditional computing model. PMID:27340682

DOE DISS/ET pilot system

DOE Office of Scientific and Technical Information (OSTI.GOV)

Strait, R.S.; Wagner, E.E.

1994-07-01

The US Department of Energy (DOE) Office of Safeguards and Security initiated the DOE Integrated Security System / Electronic Transfer (DISS/ET) for the purpose of reducing the time required to process security clearance requests. DISS/ET will be an integrated system using electronic commerce technologies for the collection and processing of personnel security clearance data, and its transfer between DOE local security clearance offices, DOE Operations Offices, and the Office of Personnel Management. The system will use electronic forms to collect clearance applicant data. The forms data will be combined with electronic fingerprint images and packaged in a secure encrypted electronicmore » mail envelope for transmission across the Internet. Information provided by the applicant will be authenticated using digital signatures. All processing will be done electronically.« less

Secure ADS-B authentication system and method

NASA Technical Reports Server (NTRS)

Viggiano, Marc J (Inventor); Valovage, Edward M (Inventor); Samuelson, Kenneth B (Inventor); Hall, Dana L (Inventor)

2010-01-01

A secure system for authenticating the identity of ADS-B systems, including: an authenticator, including a unique id generator and a transmitter transmitting the unique id to one or more ADS-B transmitters; one or more ADS-B transmitters, including a receiver receiving the unique id, one or more secure processing stages merging the unique id with the ADS-B transmitter's identification, data and secret key and generating a secure code identification and a transmitter transmitting a response containing the secure code and ADSB transmitter's data to the authenticator; the authenticator including means for independently determining each ADS-B transmitter's secret key, a receiver receiving each ADS-B transmitter's response, one or more secure processing stages merging the unique id, ADS-B transmitter's identification and data and generating a secure code, and comparison processing comparing the authenticator-generated secure code and the ADS-B transmitter-generated secure code and providing an authentication signal based on the comparison result.

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and... information contained in those systems. Each system's level of security shall protect the integrity...

5 CFR 9701.314 - DHS responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 9701.314 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Overview of Pay System § 9701.314 DHS...

5 CFR 9701.405 - Performance management system requirements.

Code of Federal Regulations, 2010 CFR

2010-01-01

... requirements. 9701.405 Section 9701.405 Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Performance Management § 9701.405 Performance...

[Assessment and early warning of land ecological security in rapidly urbanizing coastal area: A case study of Caofeidian new district, Hebei, China].

PubMed

Zhang, Li; Chen, Ying; Wang, Shu-tao; Men, Ming-xin; Xu, Hao

2015-08-01

Assessment and early warning of land ecological security (LES) in rapidly urbanizing coastal area is an important issue to ensure sustainable land use and effective maintenance of land ecological security. In this study, an index system for the land ecological security of Caofeidian new district was established based on the Pressure-State-Response (P-S-R) model. Initial assessment units of 1 km x 1 km created with the remote sensing data and GIS methods were spatially interpolated to a fine pixel size of 30 m x 30 m, which were combined with the early warning method (using classification tree method) to evaluate the land ecological security of Caofeidian in 2005 and 2013. The early warning level was classed into four categories: security with degradation potential, sub-security with slow degradation, sub-security with rapid degradation, and insecurity. Result indicated that, from 2005 to 2013, the average LES of Caofeidian dropped from 0.55 to 0.52, indicating a degradation of land ecological security from medium security level to medium-low security level. The areas at the levels of insecurity with rapid degradation were mainly located in the rapid urbanization areas, illustrating that rapid expansion of urban construction land was the key factor to the deterioration of the regional land ecological security. Industrial District, Shilihai town and Nanpu saltern, in which the lands at the levels of insecurity and sub-security with rapid degradation or slow degradation accounted for 58.3%, 98.9% and 81.2% of their respective districts, were at the stage of high early warning. Thus, land ecological security regulation for these districts should be strengthened in near future. The study could provide a reference for land use planning and ecological protection of Caofeidian new district.

17 CFR 242.302 - Recordkeeping requirements for alternative trading systems.

Code of Federal Regulations, 2011 CFR

2011-04-01

... alternative trading systems. 242.302 Section 242.302 Commodity and Securities Exchanges SECURITIES AND... SECURITY FUTURES Regulation Ats-Alternative Trading Systems § 242.302 Recordkeeping requirements for alternative trading systems. To comply with the condition set forth in paragraph (b)(8) of § 242.301, an...

49 CFR 659.23 - System security plan: contents.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 7 2014-10-01 2014-10-01 false System security plan: contents. 659.23 Section 659.23 Transportation Other Regulations Relating to Transportation (Continued) FEDERAL TRANSIT ADMINISTRATION, DEPARTMENT OF TRANSPORTATION RAIL FIXED GUIDEWAY SYSTEMS; STATE SAFETY OVERSIGHT Role of the State Oversight Agency § 659.23 System security...

76 FR 38742 - Seventh Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-01

... Control Systems (Update to DO-230B): Agenda July 15, 2011 Welcome/Introductions/Administrative Remarks... Committee 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to...

78 FR 58376 - Home System Group, Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-23

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Home System Group, Order of Suspension of Trading September 19, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Home System Group because Home System Group...

13 CFR 102.33 - Security of systems of records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Security of systems of records....33 Security of systems of records. (a) Each Program/Support Office Head or designee shall establish administrative and physical controls to prevent unauthorized access to its systems of records, to prevent...

76 FR 21768 - Privacy Act of 1974; Consolidation of System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-18

... inventory of record systems titled, Department of Homeland Security/Directorate of Science and Technology... the existing Department of Homeland Security system of records notice titled, Department of Homeland Security/ALL--002 Mailing and Other Lists System, November 25, 2008. DATES: Effective Date: May 18, 2011...

17 CFR 242.302 - Recordkeeping requirements for alternative trading systems.

Code of Federal Regulations, 2013 CFR

2013-04-01

... alternative trading systems. 242.302 Section 242.302 Commodity and Securities Exchanges SECURITIES AND... SECURITY FUTURES Regulation Ats-Alternative Trading Systems § 242.302 Recordkeeping requirements for alternative trading systems. To comply with the condition set forth in paragraph (b)(8) of § 242.301, an...

17 CFR 242.302 - Recordkeeping requirements for alternative trading systems.

Code of Federal Regulations, 2012 CFR

2012-04-01

... alternative trading systems. 242.302 Section 242.302 Commodity and Securities Exchanges SECURITIES AND... SECURITY FUTURES Regulation Ats-Alternative Trading Systems § 242.302 Recordkeeping requirements for alternative trading systems. To comply with the condition set forth in paragraph (b)(8) of § 242.301, an...

17 CFR 242.302 - Recordkeeping requirements for alternative trading systems.

Code of Federal Regulations, 2014 CFR

2014-04-01

... alternative trading systems. 242.302 Section 242.302 Commodity and Securities Exchanges SECURITIES AND... SECURITY FUTURES Regulation Ats-Alternative Trading Systems § 242.302 Recordkeeping requirements for alternative trading systems. To comply with the condition set forth in paragraph (b)(8) of § 242.301, an...

17 CFR 242.302 - Recordkeeping requirements for alternative trading systems.

Code of Federal Regulations, 2010 CFR

2010-04-01

... alternative trading systems. 242.302 Section 242.302 Commodity and Securities Exchanges SECURITIES AND... SECURITY FUTURES Regulation Ats-Alternative Trading Systems § 242.302 Recordkeeping requirements for alternative trading systems. To comply with the condition set forth in paragraph (b)(8) of § 242.301, an...

78 FR 77484 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline System Operator...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-23

... Federal agency for pipeline security, it is important for TSA to have contact information for company... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY...

33 CFR 127.305 - Operations Manual.

Code of Federal Regulations, 2010 CFR

2010-07-01

... security personnel; (e) A description of the security systems for the marine transfer area for LNG; (f) The...) Transfer operations start-up and shutdown; (3) Security violations; and (4) The communications systems; and... Section 127.305 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED...

Aviation security : terrorist acts demonstrate urgent need to improve security at the nation's airports

DOT National Transportation Integrated Search

2001-09-20

A safe and secure civil aviation system is a critical component of the nation's overall security, physical infrastructure, and economic foundation. Billions of dollars and a myriad of programs and policies have been devoted to achieving such a system...

48 CFR 1804.470-3 - IT security requirements.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true IT security requirements... security requirements. These IT security requirements cover all NASA contracts in which IT plays a role in...-63, Electronic Authentication Guideline) access to NASA's computer systems, networks, or IT...

From Fault-Diagnosis and Performance Recovery of a Controlled System to Chaotic Secure Communication

NASA Astrophysics Data System (ADS)

Hsu, Wen-Teng; Tsai, Jason Sheng-Hong; Guo, Fang-Cheng; Guo, Shu-Mei; Shieh, Leang-San

Chaotic systems are often applied to encryption on secure communication, but they may not provide high-degree security. In order to improve the security of communication, chaotic systems may need to add other secure signals, but this may cause the system to diverge. In this paper, we redesign a communication scheme that could create secure communication with additional secure signals, and the proposed scheme could keep system convergence. First, we introduce the universal state-space adaptive observer-based fault diagnosis/estimator and the high-performance tracker for the sampled-data linear time-varying system with unanticipated decay factors in actuators/system states. Besides, robustness, convergence in the mean, and tracking ability are given in this paper. A residual generation scheme and a mechanism for auto-tuning switched gain is also presented, so that the introduced methodology is applicable for the fault detection and diagnosis (FDD) for actuator and state faults to yield a high tracking performance recovery. The evolutionary programming-based adaptive observer is then applied to the problem of secure communication. Whenever the tracker induces a large control input which might not conform to the input constraint of some physical systems, the proposed modified linear quadratic optimal tracker (LQT) can effectively restrict the control input within the specified constraint interval, under the acceptable tracking performance. The effectiveness of the proposed design methodology is illustrated through tracking control simulation examples.

Information Security Management - Part Of The Integrated Management System

NASA Astrophysics Data System (ADS)

Manea, Constantin Adrian

2015-07-01

The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security

An assessment of PKI and networked electronic patient record system: lessons learned from real patient data exchange at the platform of OCHIS (Osaka Community Healthcare Information System).

PubMed

Takeda, Hiroshi; Matsumura, Yasushi; Kuwata, Shigeki; Nakano, Hirohiko; Shanmai, Ji; Qiyan, Zhang; Yufen, Chen; Kusuoka, Hideo; Matsuoka, Masaki

2004-03-31

To enhance medical cooperation between the hospitals and clinics around Osaka local area, the healthcare network system, named Osaka Community Healthcare Information System (OCHIS), was established with support of a supplementary budget from the Japanese government in fiscal year 2002. Although the system has been based on healthcare public key infrastructure (PKI), there remain security issues to be solved technically and operationally. An experimental study was conducted to elucidate the central and the local function in terms of a registration authority and a time stamp authority in contract with the Japanese Medical Information Systems Organization (MEDIS) in 2003. This paper describes the experimental design and the results of the study concerning message security.

Secure and robust cloud computing for high-throughput forensic microsatellite sequence analysis and databasing.

PubMed

Bailey, Sarah F; Scheible, Melissa K; Williams, Christopher; Silva, Deborah S B S; Hoggan, Marina; Eichman, Christopher; Faith, Seth A

2017-11-01

Next-generation Sequencing (NGS) is a rapidly evolving technology with demonstrated benefits for forensic genetic applications, and the strategies to analyze and manage the massive NGS datasets are currently in development. Here, the computing, data storage, connectivity, and security resources of the Cloud were evaluated as a model for forensic laboratory systems that produce NGS data. A complete front-to-end Cloud system was developed to upload, process, and interpret raw NGS data using a web browser dashboard. The system was extensible, demonstrating analysis capabilities of autosomal and Y-STRs from a variety of NGS instrumentation (Illumina MiniSeq and MiSeq, and Oxford Nanopore MinION). NGS data for STRs were concordant with standard reference materials previously characterized with capillary electrophoresis and Sanger sequencing. The computing power of the Cloud was implemented with on-demand auto-scaling to allow multiple file analysis in tandem. The system was designed to store resulting data in a relational database, amenable to downstream sample interpretations and databasing applications following the most recent guidelines in nomenclature for sequenced alleles. Lastly, a multi-layered Cloud security architecture was tested and showed that industry standards for securing data and computing resources were readily applied to the NGS system without disadvantageous effects for bioinformatic analysis, connectivity or data storage/retrieval. The results of this study demonstrate the feasibility of using Cloud-based systems for secured NGS data analysis, storage, databasing, and multi-user distributed connectivity. Copyright © 2017 Elsevier B.V. All rights reserved.

OpenID connect as a security service in Cloud-based diagnostic imaging systems

NASA Astrophysics Data System (ADS)

Ma, Weina; Sartipi, Kamran; Sharghi, Hassan; Koff, David; Bak, Peter

2015-03-01

The evolution of cloud computing is driving the next generation of diagnostic imaging (DI) systems. Cloud-based DI systems are able to deliver better services to patients without constraining to their own physical facilities. However, privacy and security concerns have been consistently regarded as the major obstacle for adoption of cloud computing by healthcare domains. Furthermore, traditional computing models and interfaces employed by DI systems are not ready for accessing diagnostic images through mobile devices. RESTful is an ideal technology for provisioning both mobile services and cloud computing. OpenID Connect, combining OpenID and OAuth together, is an emerging REST-based federated identity solution. It is one of the most perspective open standards to potentially become the de-facto standard for securing cloud computing and mobile applications, which has ever been regarded as "Kerberos of Cloud". We introduce OpenID Connect as an identity and authentication service in cloud-based DI systems and propose enhancements that allow for incorporating this technology within distributed enterprise environment. The objective of this study is to offer solutions for secure radiology image sharing among DI-r (Diagnostic Imaging Repository) and heterogeneous PACS (Picture Archiving and Communication Systems) as well as mobile clients in the cloud ecosystem. Through using OpenID Connect as an open-source identity and authentication service, deploying DI-r and PACS to private or community clouds should obtain equivalent security level to traditional computing model.

Security aspects in teleradiology workflow

NASA Astrophysics Data System (ADS)

Soegner, Peter I.; Helweg, Gernot; Holzer, Heimo; zur Nedden, Dieter

2000-05-01

The medicolegal necessity of privacy, security and confidentiality was the aim of the attempt to develop a secure teleradiology workflow between the telepartners -- radiologist and the referring physician. To avoid the lack of dataprotection and datasecurity we introduced biometric fingerprint scanners in combination with smart cards to identify the teleradiology partners and communicated over an encrypted TCP/IP satellite link between Innsbruck and Reutte. We used an asymmetric kryptography method to guarantee authentification, integrity of the data-packages and confidentiality of the medical data. It was necessary to use a biometric feature to avoid a case of mistaken identity of persons, who wanted access to the system. Only an invariable electronical identification allowed a legal liability to the final report and only a secure dataconnection allowed the exchange of sensible medical data between different partners of Health Care Networks. In our study we selected the user friendly combination of a smart card and a biometric fingerprint technique, called SkymedTM Double Guard Secure Keyboard (Agfa-Gevaert) to confirm identities and log into the imaging workstations and the electronic patient record. We examined the interoperability of the used software with the existing platforms. Only the WIN-XX operating systems could be protected at the time of our study.

Security in Intelligent Transport Systems for Smart Cities: From Theory to Practice.

PubMed

Javed, Muhammad Awais; Ben Hamida, Elyes; Znaidi, Wassim

2016-06-15

Connecting vehicles securely and reliably is pivotal to the implementation of next generation ITS applications of smart cities. With continuously growing security threats, vehicles could be exposed to a number of service attacks that could put their safety at stake. To address this concern, both US and European ITS standards have selected Elliptic Curve Cryptography (ECC) algorithms to secure vehicular communications. However, there is still a lack of benchmarking studies on existing security standards in real-world settings. In this paper, we first analyze the security architecture of the ETSI ITS standard. We then implement the ECC based digital signature and encryption procedures using an experimental test-bed and conduct an extensive benchmark study to assess their performance which depends on factors such as payload size, processor speed and security levels. Using network simulation models, we further evaluate the impact of standard compliant security procedures in dense and realistic smart cities scenarios. Obtained results suggest that existing security solutions directly impact the achieved quality of service (QoS) and safety awareness of vehicular applications, in terms of increased packet inter-arrival delays, packet and cryptographic losses, and reduced safety awareness in safety applications. Finally, we summarize the insights gained from the simulation results and discuss open research challenges for efficient working of security in ITS applications of smart cities.

Ad-Hoc Networks and the Mobile Application Security System (MASS)

DTIC Science & Technology

2006-01-01

solution to this problem that addresses critical aspects of security in ad-hoc mobile application networks. This approach involves preventing unauthorized...modification of a mobile application , both by other applications and by hosts, and ensuring that mobile code is authentic and authorized. These...capabilities constitute the Mobile Application Security System (MASS). The MASS applies effective, robust security to mobile application -based systems

Federal Security Laboratory Governance Panels: Observations and Recommendations

DTIC Science & Technology

2013-01-01

operates under a sole-source, cost-plus-fixed-fee contract administered by the U.S. Navy’s Naval Sea Systems Command. There are currently 14 UARCs, 13... system of research organizations that support science and technology for U.S. national security. Within this system , the Departments of Defense, Energy...and Homeland Security support about 80 laboratories that focus predominantly on national security matters. These laboratories have different

26 CFR 1.1081-7 - Sale of stock or securities received upon exchange by members of system group.

Code of Federal Regulations, 2010 CFR

2010-04-01

.... Orders § 1.1081-7 Sale of stock or securities received upon exchange by members of system group. (a... which are members of the same system group consists of stock or securities issued by the corporation... 26 Internal Revenue 11 2010-04-01 2010-04-01 true Sale of stock or securities received upon...

System security in the space flight operations center

NASA Technical Reports Server (NTRS)

Wagner, David A.

1988-01-01

The Space Flight Operations Center is a networked system of workstation-class computers that will provide ground support for NASA's next generation of deep-space missions. The author recounts the development of the SFOC system security policy and discusses the various management and technology issues involved. Particular attention is given to risk assessment, security plan development, security implications of design requirements, automatic safeguards, and procedural safeguards.

Economy and political ecology perspective of Indonesian food security at South Sulawesi

NASA Astrophysics Data System (ADS)

Fahmid, I. M.; Harun, H.; Fahmid, M. M.; Saadah; Busthanul, N.

2018-05-01

The purposes of this study are: firstly, to demonstrate the relations of agro-ecological function, agricultural innovation system, social-ecological system and political ecology to encourage production for Indonesian Food Security Program (PKP) in South Sulawesi. Secondly, to identify the most influential and interested stakeholders in the success of PKP program. The study conducted by applying an interdisciplinary analysis of triangulation method. The result showed, the success of PKP in South Sulawesi with the achievement of 2 million rice overstock mainly impacted by the application of agro-ecological concept, agricultural innovation system, and political ecology while disregarding the concept of social agroecology.

20 CFR 404.1902 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-04-01

... administration of a social security system including responsibility for implementing an agreement; the Social... coordination between the social security systems of the countries party to the agreement. The term agreement... system including applicable laws and international social security agreements; the Commissioner of Social...

Managing the aftermaths of contracting in public transit organizations : employee perception of job security, organizational commitment and trust

DOT National Transportation Integrated Search

2001-08-01

This study assesses how to manage the effects or outcomes of organizational change on job security and employee commitment in transit systems using trust-building, empowerment, employee reassurance, and job redesign strategies. The major findings are...

Ergonomic evaluation of a wheelchair transportation securement system.

PubMed

Ahmed, Madiha; Campbell-Kyureghyan, Naira; Frost, Karen; Bertocci, Gina

2012-01-01

The Americans with Disabilities Act (ADA) specifies guidelines covering the securement system and environment for wheeled mobility device (WhMD) passengers on the public bus system in the United States, referred to as the wheelchair tiedown and occupant restraint system (WTORS). The misuse or disuse of the WTORS system can be a source of injury for WhMD passengers riding the buses. The purpose of this study was to quantify the risks posed to the bus driver while performing the WTORS procedure using traditional ergonomic analysis methods. Four bus drivers completed the WTORS procedure for a representative passenger seated in three different WhMDs: manual wheelchair (MWC), scooter (SCTR), and power wheelchair (PWC). Potential work-related risks were identified using the four most applicable ergonomic assessment tools: PLIBEL, RULA, REBA, and iLMM. Task evaluation results revealed high levels of risk to be present to drivers during the WTORS procedure. The securement station space design and equipment layout were identified as contributing factors forcing drivers to adopt awkward postures while performing the WTORS task. These risk factors are known contributors to injury and the drivers could opt to improperly secure the passengers to avoid that risk.

Using RFID to Enhance Security in Off-Site Data Storage

PubMed Central

Lopez-Carmona, Miguel A.; Marsa-Maestre, Ivan; de la Hoz, Enrique; Velasco, Juan R.

2010-01-01

Off-site data storage is one of the most widely used strategies in enterprises of all sizes to improve business continuity. In medium-to-large size enterprises, the off-site data storage processes are usually outsourced to specialized providers. However, outsourcing the storage of critical business information assets raises serious security considerations, some of which are usually either disregarded or incorrectly addressed by service providers. This article reviews these security considerations and presents a radio frequency identification (RFID)-based, off-site, data storage management system specifically designed to address security issues. The system relies on a set of security mechanisms or controls that are arranged in security layers or tiers to balance security requirements with usability and costs. The system has been successfully implemented, deployed and put into production. In addition, an experimental comparison with classical bar-code-based systems is provided, demonstrating the system’s benefits in terms of efficiency and failure prevention. PMID:22163638

TH-A-12A-01: Medical Physicist's Role in Digital Information Security: Threats, Vulnerabilities and Best Practices

DOE Office of Scientific and Technical Information (OSTI.GOV)

McDonald, K; Curran, B

I. Information Security Background (Speaker = Kevin McDonald) Evolution of Medical Devices Living and Working in a Hostile Environment Attack Motivations Attack Vectors Simple Safety Strategies Medical Device Security in the News Medical Devices and Vendors Summary II. Keeping Radiation Oncology IT Systems Secure (Speaker = Bruce Curran) Hardware Security Double-lock Requirements “Foreign” computer systems Portable Device Encryption Patient Data Storage System Requirements Network Configuration Isolating Critical Devices Isolating Clinical Networks Remote Access Considerations Software Applications / Configuration Passwords / Screen Savers Restricted Services / access Software Configuration Restriction Use of DNS to restrict accesse. Patches / Upgrades Awareness Intrusionmore » Prevention Intrusion Detection Threat Risk Analysis Conclusion Learning Objectives: Understanding how Hospital IT Requirements affect Radiation Oncology IT Systems. Illustrating sample practices for hardware, network, and software security. Discussing implementation of good IT security practices in radiation oncology. Understand overall risk and threats scenario in a networked environment.« less

Approach to estimation of level of information security at enterprise based on genetic algorithm

NASA Astrophysics Data System (ADS)

V, Stepanov L.; V, Parinov A.; P, Korotkikh L.; S, Koltsov A.

2018-05-01

In the article, the way of formalization of different types of threats of information security and vulnerabilities of an information system of the enterprise and establishment is considered. In a type of complexity of ensuring information security of application of any new organized system, the concept and decisions in the sphere of information security are expedient. One of such approaches is the method of a genetic algorithm. For the enterprises of any fields of activity, the question of complex estimation of the level of security of information systems taking into account the quantitative and qualitative factors characterizing components of information security is relevant.

SPAN security policies and guidelines

NASA Technical Reports Server (NTRS)

Sisson, Patricia L.; Green, James L.

1989-01-01

A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment.

Security Belt for Wireless Implantable Medical Devices.

PubMed

Kulaç, Selman

2017-09-19

In this study, a new protective design compatible with existing non-secure systems was proposed, since it is focused on the secure communication of wireless IMD systems in all transmissions. This new protector is an external wearable device and appears to be a belt fitted around for the patients IMD implanted. However, in order to provide effective full duplex transmissions and physical layer security, some sophisticated transceiver antennas have been placed on the belt. In this approach, beam-focused multi-antennas in optimal positions on the belt are randomly switched when transmissions to the IMD are performed and multi-jammer switching with MRC combining or majority-rule based receiving techniques are applied when transmissions from the IMD are carried out. This approach can also reduce the power consumption of the IMDs and contribute to the prolongation of the IMD's battery life.

Evaluation of a Cyber Security System for Hospital Network.

PubMed

Faysel, Mohammad A

2015-01-01

Most of the cyber security systems use simulated data in evaluating their detection capabilities. The proposed cyber security system utilizes real hospital network connections. It uses a probabilistic data mining algorithm to detect anomalous events and takes appropriate response in real-time. On an evaluation using real-world hospital network data consisting of incoming network connections collected for a 24-hour period, the proposed system detected 15 unusual connections which were undetected by a commercial intrusion prevention system for the same network connections. Evaluation of the proposed system shows a potential to secure protected patient health information on a hospital network.

Prototype system of secure VOD

NASA Astrophysics Data System (ADS)

Minemura, Harumi; Yamaguchi, Tomohisa

1997-12-01

Secure digital contents delivery systems are to realize copyright protection and charging mechanism, and aim at secure delivery service of digital contents. Encrypted contents delivery and history (log) management are means to accomplish this purpose. Our final target is to realize a video-on-demand (VOD) system that can prevent illegal usage of video data and manage user history data to achieve a secure video delivery system on the Internet or Intranet. By now, mainly targeting client-server systems connected with enterprise LAN, we have implemented and evaluated a prototype system based on the investigation into the delivery method of encrypted video contents.

12 CFR 615.5450 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... AND OPERATIONS, AND FUNDING OPERATIONS Book-Entry Procedures for Farm Credit Securities § 615.5450... the claimant for another person to hold, transfer, or deal with the security. (b) Book-entry security means a Farm Credit security issued or maintained in the Book-entry System. (c) Book-entry System means...

17 CFR 242.301 - Requirements for alternative trading systems.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Requirements for alternative trading systems. 242.301 Section 242.301 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS M, SHO, ATS, AC, AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY...

17 CFR 242.301 - Requirements for alternative trading systems.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Requirements for alternative trading systems. 242.301 Section 242.301 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS M, SHO, ATS, AC, AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY...

17 CFR 242.301 - Requirements for alternative trading systems.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Requirements for alternative trading systems. 242.301 Section 242.301 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS M, SHO, ATS, AC, AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY...

17 CFR 242.301 - Requirements for alternative trading systems.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Requirements for alternative trading systems. 242.301 Section 242.301 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS M, SHO, ATS, AC, AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY...

Teaching RFID Information Systems Security

ERIC Educational Resources Information Center

Thompson, Dale R.; Di, Jia; Daugherty, Michael K.

2014-01-01

The future cyber security workforce needs radio frequency identification (RFID) information systems security (INFOSEC) and threat modeling educational materials. A complete RFID security course with new learning materials and teaching strategies is presented here. A new RFID Reference Model is used in the course to organize discussion of RFID,…

Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems.

PubMed

Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Li, Xiong

2015-11-01

The E-health care systems employ IT infrastructure for maximizing health care resources utilization as well as providing flexible opportunities to the remote patient. Therefore, transmission of medical data over any public networks is necessary in health care system. Note that patient authentication including secure data transmission in e-health care system is critical issue. Although several user authentication schemes for accessing remote services are available, their security analysis show that none of them are free from relevant security attacks. We reviewed Das et al.'s scheme and demonstrated their scheme lacks proper protection against several security attacks such as user anonymity, off-line password guessing attack, smart card theft attack, user impersonation attack, server impersonation attack, session key discloser attack. In order to overcome the mentioned security pitfalls, this paper proposes an anonymity preserving remote patient authentication scheme usable in E-health care systems. We then validated the security of the proposed scheme using BAN logic that ensures secure mutual authentication and session key agreement. We also presented the experimental results of the proposed scheme using AVISPA software and the results ensure that our scheme is secure under OFMC and CL-AtSe models. Moreover, resilience of relevant security attacks has been proved through both formal and informal security analysis. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed scheme overcomes the security drawbacks of the Das et al.'s scheme and additionally achieves extra security requirements.

New Resources for Computer-Aided Legal Research: An Assessment of the Usefulness of the DIALOG System in Securities Regulation Studies.

ERIC Educational Resources Information Center

Gruner, Richard; Heron, Carol E.

1984-01-01

Examines usefulness of DIALOG as legal research tool through use of DIALOG's DIALINDEX database to identify those databases among almost 200 available that contain large numbers of records related to federal securities regulation. Eight databases selected for further study are detailed. Twenty-six footnotes, database statistics, and samples are…

Performance of an optical identification and interrogation system

NASA Astrophysics Data System (ADS)

Venugopalan, A.; Ghosh, A. K.; Verma, P.; Cheng, S.

2008-04-01

A free space optics based identification and interrogation system has been designed. The applications of the proposed system lie primarily in areas which require a secure means of mutual identification and information exchange between optical readers and tags. Conventional RFIDs raise issues regarding security threats, electromagnetic interference and health safety. The security of RF-ID chips is low due to the wide spatial spread of radio waves. Malicious nodes can read data being transmitted on the network, if they are in the receiving range. The proposed system provides an alternative which utilizes the narrow paraxial beams of lasers and an RSA-based authentication scheme. These provide enhanced security to communication between a tag and the base station or reader. The optical reader can also perform remote identification and the tag can be read from a far off distance, given line of sight. The free space optical identification and interrogation system can be used for inventory management, security systems at airports, port security, communication with high security systems, etc. to name a few. The proposed system was implemented with low-cost, off-the-shelf components and its performance in terms of throughput and bit error rate has been measured and analyzed. The range of operation with a bit-error-rate lower than 10-9 was measured to be about 4.5 m. The security of the system is based on the strengths of the RSA encryption scheme implemented using more than 1024 bits.

Use of a "secure room" and a security guard in the management of the violent, aggressive or suicidal patient in a rural hospital: a 3-year audit.

PubMed

Brock, Gordon; Gurekas, Vydas; Gelinas, Anne-Fredrique; Rollin, Karina

2009-01-01

Little has been published on the management of psychiatric crises in rural areas, and little is known of the security needs or use of "secure rooms" in rural hospitals. We conducted a 3-year retrospective chart audit on the use of our secure room/security guard system at a rural hospital in a town of 3500, located 220 km from our psychiatric referral centre. Use of our secure room/security guard system occurred at the rate of 1.1 uses/1000 emergency department visits, with the most common indication being physician perception of risk of patient suicide or self-harm. Concern for staff safety was a factor in 10% of uses. Eighty percent of patients were treated locally, with most being released from the secure room after 2 days or less. Fourteen percent of patients required ultimate transfer to our psychiatric referral centre and 6% to a detoxification centre. The average annual cost of security was $16 259.61. A secure room can provide the opportunity for close observation of a potentially self-harming patient, additional security for staff and early warning if a patient flees the hospital. Most admissions were handled locally, obviating the need for transfer to distant psychiatric referral centres. Most patients who were admitted were already known as having a psychiatric illness and 80% of the patients required the use of the secure room/security guard system for less than a 2-night stay, suggesting that most rural mental health crises pass quickly. Most patients admitted to a rural hospital with a mental health crisis can be managed locally if an adequate secure room/security guard system is available.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

PubMed

Jung, Jaewook; Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System

PubMed Central

Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency. PMID:28046075

Food security for community-living elderly people in Beijing, China.

PubMed

Cheng, Yang; Rosenberg, Mark; Yu, Jie; Zhang, Hua

2016-11-01

Food security has been identified as an important issue for elderly people's quality of life and ageing in place. A food security index composed of three indicators (food intake, food quality and food affordability) was developed to measure the food security status of community-living elderly people. Food security was then examined among community-living elderly in the central urban districts of Beijing, China. Data were collected by a questionnaire survey in the summer of 2013 and the response rate was 78.5%. Descriptive statistics and binary logistic regression were applied to analyse food security and the associations between food security and demographic and socioeconomic factors. The results showed that 54.2% of the surveyed elderly experienced food security. Participants with better education (OR = 1.68) and better health (OR = 1.47) were more likely to experience food security. The young-old were less likely to experience food security than the older old (OR = 0.94). Elderly people who lived with their children were less likely to experience food security than those who lived alone (OR = 0.43). The results of impact factors on food security highlight both similarities with studies from more developed countries and the unique challenges faced in a rapidly changing China with its unique social, cultural and political systems. The food security index we developed in this study is a simple and effective measure of food security status, which can be used in surveys for evaluating the food security status of elderly people in the future. © 2015 John Wiley & Sons Ltd.

Brain Immune Interactions as the Basis of Gulf War Illness: Gulf War Illness Consortium (GWIC)

DTIC Science & Technology

2016-10-01

between the immune system and the brain. The GWIC includes both clinical ( human ) and preclinical (animal and cell) studies and researchers in the 10...47 pesticides , DFP, sarin 16. Price Code (Leave Bl k) 17. Security Classification of Report Unclassified 18. Security Classification of this...stronger and longer proinflammatory signaling effects between the immune system and the brain. The GWIC includes both clinical ( human ) and

Security Encryption Scheme for Communication of Web Based Control Systems

NASA Astrophysics Data System (ADS)

Robles, Rosslin John; Kim, Tai-Hoon

A control system is a device or set of devices to manage, command, direct or regulate the behavior of other devices or systems. The trend in most systems is that they are connected through the Internet. Traditional Supervisory Control and Data Acquisition Systems (SCADA) is connected only in a limited private network Since the internet Supervisory Control and Data Acquisition Systems (SCADA) facility has brought a lot of advantages in terms of control, data viewing and generation. Along with these advantages, are security issues regarding web SCADA, operators are pushed to connect Control Systems through the internet. Because of this, many issues regarding security surfaced. In this paper, we discuss web SCADA and the issues regarding security. As a countermeasure, a web SCADA security solution using crossed-crypto-scheme is proposed to be used in the communication of SCADA components.

39 CFR 501.7 - Postage Evidencing System requirements.

Code of Federal Regulations, 2013 CFR

2013-07-01

... Performance Criteria for Information-Based Indicia and Security Architecture for Open IBI Postage Evidencing Systems or Performance Criteria for Information-Based Indicia and Security Architecture for Closed IBI... Information-Based Indicia and Security Architecture for Open IBI Postage Evidencing Systems or Performance...

39 CFR 501.7 - Postage Evidencing System requirements.

Code of Federal Regulations, 2012 CFR

2012-07-01

... Performance Criteria for Information-Based Indicia and Security Architecture for Open IBI Postage Evidencing Systems or Performance Criteria for Information-Based Indicia and Security Architecture for Closed IBI... Information-Based Indicia and Security Architecture for Open IBI Postage Evidencing Systems or Performance...

5 CFR 9701.313 - Homeland Security Compensation Committee.

Code of Federal Regulations, 2010 CFR

2010-01-01

... MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM Pay and Pay Administration Overview of Pay System § 9701.313... Undersecretary for Management. The Compensation Committee has 14 members, including 4 officials of labor...

76 FR 81359 - National Security Personnel System

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-28

... contains regulatory documents #0;having general applicability and legal effect, most of which are keyed #0... Security Personnel System AGENCY: Department of Defense; Office of Personnel Management. ACTION: Final rule... concerning the National Security Personnel System (NSPS). Section 1113 of the National Defense Authorization...

Secure Server Login by Using Third Party and Chaotic System

NASA Astrophysics Data System (ADS)

Abdulatif, Firas A.; zuhiar, Maan

2018-05-01

Server is popular among all companies and it used by most of them but due to the security threat on the server make this companies are concerned when using it so that in this paper we will design a secure system based on one time password and third parity authentication (smart phone). The proposed system make security to the login process of server by using one time password to authenticate person how have permission to login and third parity device (smart phone) as other level of security.

The enhancement of security in healthcare information systems.

PubMed

Liu, Chia-Hui; Chung, Yu-Fang; Chen, Tzer-Shyong; Wang, Sheng-De

2012-06-01

With the progress and the development of information technology, the internal data in medical organizations have become computerized and are further established the medical information system. Moreover, the use of the Internet enhances the information communication as well as affects the development of the medical information system that a lot of medical information is transmitted with the Internet. Since there is a network within another network, when all networks are connected together, they will form the "Internet". For this reason, the Internet is considered as a high-risk and public environment which is easily destroyed and invaded so that a relevant protection is acquired. Besides, the data in the medical network system are confidential that it is necessary to protect the personal privacy, such as electronic patient records, medical confidential information, and authorization-controlled data in the hospital. As a consequence, a medical network system is considered as a network requiring high security that excellent protections and managerial strategies are inevitable to prevent illegal events and external attacks from happening. This study proposes secure medical managerial strategies being applied to the network environment of the medical organization information system so as to avoid the external or internal information security events, allow the medical system to work smoothly and safely that not only benefits the patients, but also allows the doctors to use it more conveniently, and further promote the overall medical quality. The objectives could be achieved by preventing from illegal invasion or medical information being stolen, protecting the completeness and security of medical information, avoiding the managerial mistakes of the internal information system in medical organizations, and providing the highly-reliable medical information system.

Distributed intrusion detection system based on grid security model

NASA Astrophysics Data System (ADS)

Su, Jie; Liu, Yahui

2008-03-01

Grid computing has developed rapidly with the development of network technology and it can solve the problem of large-scale complex computing by sharing large-scale computing resource. In grid environment, we can realize a distributed and load balance intrusion detection system. This paper first discusses the security mechanism in grid computing and the function of PKI/CA in the grid security system, then gives the application of grid computing character in the distributed intrusion detection system (IDS) based on Artificial Immune System. Finally, it gives a distributed intrusion detection system based on grid security system that can reduce the processing delay and assure the detection rates.

Integrated secure solution for electronic healthcare records sharing

NASA Astrophysics Data System (ADS)

Yao, Yehong; Zhang, Chenghao; Sun, Jianyong; Jin, Jin; Zhang, Jianguo

2007-03-01

The EHR is a secure, real-time, point-of-care, patient-centric information resource for healthcare providers. Many countries and regional districts have set long-term goals to build EHRs, and most of EHRs are usually built based on the integration of different information systems with different information models and platforms. A number of hospitals in Shanghai are also piloting the development of an EHR solution based on IHE XDS/XDS-I profiles with a service-oriented architecture (SOA). The first phase of the project targets the Diagnostic Imaging domain and allows seamless sharing of images and reports across the multiple hospitals. To develop EHRs for regional coordinated healthcare, some factors should be considered in designing architecture, one of which is security issue. In this paper, we present some approaches and policies to improve and strengthen the security among the different hospitals' nodes, which are compliant with the security requirements defined by IHE IT Infrastructure (ITI) Technical Framework. Our security solution includes four components: Time Sync System (TSS), Digital Signature Manage System (DSMS), Data Exchange Control Component (DECC) and Single Sign-On (SSO) System. We give a design method and implementation strategy of these security components, and then evaluate the performance and overheads of the security services or features by integrating the security components into an image-based EHR system.

Designing Intelligent Secure Android Application for Effective Chemical Inventory

NASA Astrophysics Data System (ADS)

Shukran, Mohd Afizi Mohd; Naim Abdullah, Muhammad; Nazri Ismail, Mohd; Maskat, Kamaruzaman; Isa, Mohd Rizal Mohd; Shahfee Ishak, Muhammad; Adib Khairuddin, Muhamad

2017-08-01

Mobile services support various situations in everyday life and with the increasing sophistication of phone functions, the daily life is much more easier and better especially in term of managing tools and apparatus. Since chemical inventory management system has been experiencing a new revolution from antiquated to an automated inventory management system, some additional features should be added in current chemical inventory system. Parallel with the modern technologies, chemical inventory application using smart phone has been developed. Several studies about current related chemical inventory management using smart phone application has been done in this paper in order to obtain an overview on recent studies in smartphone application for chemical inventory system which are needed in schools, universities or other education institutions. This paper also discuss about designing the proposed secure mobile chemical inventory system. The study of this paper can provide forceful review analysis support for the chemical inventory management system related research.

The Use of Electronic Book Theft Detection Systems in Libraries.

ERIC Educational Resources Information Center

Witt, Thomas B.

1996-01-01

Although electronic book theft detection systems can be a deterrent to library material theft, no electronic system is foolproof, and a total security program is necessary to ensure collection security. Describes how book theft detection systems work, their effectiveness, and the problems inherent in technology. A total security program considers…

77 FR 71474 - Seventeenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-30

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the seventeenth meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

78 FR 31627 - Twenty-Second Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-24

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the twenty-second meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

78 FR 7850 - Nineteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-04

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the nineteenth meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

77 FR 2343 - Eleventh Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-17

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the eleventh meeting of RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held...

78 FR 22025 - Twenty First Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-12

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the twenty first meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

77 FR 25525 - Thirteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems.

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-30

... Committee 224, Airport Security Access Control Systems. AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the thirteenth meeting of RTCA Special Committee 224, Airport Security Access Control Systems DATES: The meeting will be...

77 FR 15448 - Twelfth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-15

... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the twelfth meeting of RTCA Special Committee 224, Airport Security Access Control Systems DATES: The meeting will be...

Security Systems Commissioning: An Old Trick for Your New Dog

ERIC Educational Resources Information Center

Black, James R.

2009-01-01

Sophisticated, software-based security systems can provide powerful tools to support campus security. By nature, such systems are flexible, with many capabilities that can help manage the process of physical protection. However, the full potential of these systems can be overlooked because of unfamiliarity with the products, weaknesses in security…

75 FR 67363 - Notice of Public Information Collection(s) Being Reviewed by the Federal Communications...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-02

... proceeding were required to file system security statements under the Commission's rules. (Security systems..., including broadband Internet access and interconnected VoIP providers, must file updates to their systems... Commission's rules, the information in the CALEA security system filings and petitions will not be made...

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew A.

2014-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to the communication among the military branches legionnaires. With advanced persistent threats (APT's) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning, and configuration of network devices i.e. routers and IDS's/IPS's. In addition, I will be completing security assessments on software and hardware, vulnerability assessments and reporting, and conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew

2013-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere was heightened from Airports to the communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning and configuration of network devices i.e. routers and IDSsIPSs. In addition I will be completing security assessments on software and hardware, vulnerability assessments and reporting, conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, policies and procedures.

Prospective Relations between Family Conflict and Adolescent Maladjustment: Security in the Family System as a Mediating Process

PubMed Central

Cummings, E. Mark; Koss, Kalsea J.; Davies, Patrick T.

2018-01-01

Conflict in specific family systems (e.g., interparental, parent-child) has been implicated in the development of a host of adjustment problems in adolescence, but little is known about the impact of family conflict involving multiple family systems. Furthermore, questions remain about the effects of family conflict on symptoms of specific disorders and adjustment problems and the processes mediating these effects. The present study prospectively examines the impact of family conflict and emotional security about the family system on adolescent symptoms of specific disorders and adjustment problems, including the development of symptoms of anxiety, depression, conduct problems, and peer problems. Security in the family system was examined as a mediator of these relations. Participants included 295 mother-father-adolescent families (149 girls) participating across three annual time points (grades 7–9). Including auto-regressive controls for initial levels of emotional insecurity and multiple adjustment problems (T1), higher-order emotional insecurity about the family system (T2) mediated relations between T1 family conflict and T3 peer problems, anxiety, and depressive symptoms. Further analyses supported specific patterns of emotional security/insecurity (i.e., security, disengagement, preoccupation) as mediators between family conflict and specific domains of adolescent adjustment. Family conflict was thus found to prospectively predict the development of symptoms of multiple specific adjustment problems, including symptoms of depression, anxiety, conduct problems, and peer problems, by elevating in in adolescent’s emotional insecurity about the family system. The clinical implications of these findings are considered. PMID:25131144