Sample records for cacore common security
-
caCORE: a common infrastructure for cancer informatics.
Covitz, Peter A; Hartel, Frank; Schaefer, Carl; De Coronado, Sherri; Fragoso, Gilberto; Sahni, Himanso; Gustafson, Scott; Buetow, Kenneth H
2003-12-12
Sites with substantive bioinformatics operations are challenged to build data processing and delivery infrastructure that provides reliable access and enables data integration. Locally generated data must be processed and stored such that relationships to external data sources can be presented. Consistency and comparability across data sets requires annotation with controlled vocabularies and, further, metadata standards for data representation. Programmatic access to the processed data should be supported to ensure the maximum possible value is extracted. Confronted with these challenges at the National Cancer Institute Center for Bioinformatics, we decided to develop a robust infrastructure for data management and integration that supports advanced biomedical applications. We have developed an interconnected set of software and services called caCORE. Enterprise Vocabulary Services (EVS) provide controlled vocabulary, dictionary and thesaurus services. The Cancer Data Standards Repository (caDSR) provides a metadata registry for common data elements. Cancer Bioinformatics Infrastructure Objects (caBIO) implements an object-oriented model of the biomedical domain and provides Java, Simple Object Access Protocol and HTTP-XML application programming interfaces. caCORE has been used to develop scientific applications that bring together data from distinct genomic and clinical science sources. caCORE downloads and web interfaces can be accessed from links on the caCORE web site (http://ncicb.nci.nih.gov/core). caBIO software is distributed under an open source license that permits unrestricted academic and commercial use. Vocabulary and metadata content in the EVS and caDSR, respectively, is similarly unrestricted, and is available through web applications and FTP downloads. http://ncicb.nci.nih.gov/core/publications contains links to the caBIO 1.0 class diagram and the caCORE 1.0 Technical Guide, which provide detailed information on the present caCORE architecture
-
[caCORE: core architecture of bioinformation on cancer research in America].
Gao, Qin; Zhang, Yan-lei; Xie, Zhi-yun; Zhang, Qi-peng; Hu, Zhang-zhi
2006-04-18
A critical factor in the advancement of biomedical research is the ease with which data can be integrated, redistributed and analyzed both within and across domains. This paper summarizes the Biomedical Information Core Infrastructure built by National Cancer Institute Center for Bioinformatics in America (NCICB). The main product from the Core Infrastructure is caCORE--cancer Common Ontologic Reference Environment, which is the infrastructure backbone supporting data management and application development at NCICB. The paper explains the structure and function of caCORE: (1) Enterprise Vocabulary Services (EVS). They provide controlled vocabulary, dictionary and thesaurus services, and EVS produces the NCI Thesaurus and the NCI Metathesaurus; (2) The Cancer Data Standards Repository (caDSR). It provides a metadata registry for common data elements. (3) Cancer Bioinformatics Infrastructure Objects (caBIO). They provide Java, Simple Object Access Protocol and HTTP-XML application programming interfaces. The vision for caCORE is to provide a common data management framework that will support the consistency, clarity, and comparability of biomedical research data and information. In addition to providing facilities for data management and redistribution, caCORE helps solve problems of data integration. All NCICB-developed caCORE components are distributed under open-source licenses that support unrestricted usage by both non-profit and commercial entities, and caCORE has laid the foundation for a number of scientific and clinical applications. Based on it, the paper expounds caCORE-base applications simply in several NCI projects, of which one is CMAP (Cancer Molecular Analysis Project), and the other is caBIG (Cancer Biomedical Informatics Grid). In the end, the paper also gives good prospects of caCORE, and while caCORE was born out of the needs of the cancer research community, it is intended to serve as a general resource. Cancer research has historically
-
Directory of Open Access Journals (Sweden)
Warzel Denise
2006-01-01
Full Text Available Abstract Background Robust, programmatically accessible biomedical information services that syntactically and semantically interoperate with other resources are challenging to construct. Such systems require the adoption of common information models, data representations and terminology standards as well as documented application programming interfaces (APIs. The National Cancer Institute (NCI developed the cancer common ontologic representation environment (caCORE to provide the infrastructure necessary to achieve interoperability across the systems it develops or sponsors. The caCORE Software Development Kit (SDK was designed to provide developers both within and outside the NCI with the tools needed to construct such interoperable software systems. Results The caCORE SDK requires a Unified Modeling Language (UML tool to begin the development workflow with the construction of a domain information model in the form of a UML Class Diagram. Models are annotated with concepts and definitions from a description logic terminology source using the Semantic Connector component. The annotated model is registered in the Cancer Data Standards Repository (caDSR using the UML Loader component. System software is automatically generated using the Codegen component, which produces middleware that runs on an application server. The caCORE SDK was initially tested and validated using a seven-class UML model, and has been used to generate the caCORE production system, which includes models with dozens of classes. The deployed system supports access through object-oriented APIs with consistent syntax for retrieval of any type of data object across all classes in the original UML model. The caCORE SDK is currently being used by several development teams, including by participants in the cancer biomedical informatics grid (caBIG program, to create compatible data services. caBIG compatibility standards are based upon caCORE resources, and thus the caCORE SDK has
-
Komatsoulis, George A; Warzel, Denise B; Hartel, Francis W; Shanbhag, Krishnakant; Chilukuri, Ram; Fragoso, Gilberto; Coronado, Sherri de; Reeves, Dianne M; Hadfield, Jillaine B; Ludet, Christophe; Covitz, Peter A
2008-02-01
One of the requirements for a federated information system is interoperability, the ability of one computer system to access and use the resources of another system. This feature is particularly important in biomedical research systems, which need to coordinate a variety of disparate types of data. In order to meet this need, the National Cancer Institute Center for Bioinformatics (NCICB) has created the cancer Common Ontologic Representation Environment (caCORE), an interoperability infrastructure based on Model Driven Architecture. The caCORE infrastructure provides a mechanism to create interoperable biomedical information systems. Systems built using the caCORE paradigm address both aspects of interoperability: the ability to access data (syntactic interoperability) and understand the data once retrieved (semantic interoperability). This infrastructure consists of an integrated set of three major components: a controlled terminology service (Enterprise Vocabulary Services), a standards-based metadata repository (the cancer Data Standards Repository) and an information system with an Application Programming Interface (API) based on Domain Model Driven Architecture. This infrastructure is being leveraged to create a Semantic Service-Oriented Architecture (SSOA) for cancer research by the National Cancer Institute's cancer Biomedical Informatics Grid (caBIG).
-
Komatsoulis, George A.; Warzel, Denise B.; Hartel, Frank W.; Shanbhag, Krishnakant; Chilukuri, Ram; Fragoso, Gilberto; de Coronado, Sherri; Reeves, Dianne M.; Hadfield, Jillaine B.; Ludet, Christophe; Covitz, Peter A.
2007-01-01
One of the requirements for a federated information system is interoperability, the ability of one computer system to access and use the resources of another system. This feature is particularly important in biomedical research systems, which need to coordinate a variety of disparate types of data. In order to meet this need, the National Cancer Institute Center for Bioinformatics (NCICB) has created the cancer Common Ontologic Representation Environment (caCORE), an interoperability infrastr...
-
Nuclear Security and Nuclear Safeguards; Differences, Commonalities and Synergies
International Nuclear Information System (INIS)
Jorant, C.
2015-01-01
Reference to the three S's in the nuclear world is recurring and much has been said about the need to build on synergies to reinforce safeguards, safety and security. In practice, the 3S's communities are seldom interconnected even though some interaction can be observed between safety and security and security and safeguards. Ensuring a better understanding between those three sectors about their scope, requirements, implementation methods and tools would stimulate cooperation. The second Nuclear Security Summit and particularly the industry related event stressed the synergies between safety and security. The first IAEAs Security Conference organized in July 2013 did not address specifically nuclear safeguards and security relations. Last Security Summit took place in The Hague in March 2014 and this type of issue was not really raised either. The safeguards Symposium provides a timely opportunity to tackle possible enhanced cooperation between safeguards and security communities and assess the prospect for addressing such issue at the next and allegedly last security summit in 2016. This presentation will analyze the differences and commonalities between those two sectors, in particular with regards to the objectives and actors, the organization and technicalities, or to the conceptual approaches (DBT and APA/SLC, attractiveness/accessibility). It will then assess the possible synergies or cooperation between both communities. It will discuss the merits of a global and comprehensive involvement of the different actors, (State, industry and international bodies including the NGOs) and of exchanges on good practices to contribute to a common understanding and references while allowing for an adaptable and national approach. Indeed the need to reassure the stakeholders, including the general public, that security, as well as safeguards are addressed in a consistent manner worldwide is of utmost importance for building future nuclear energy programmes on a
-
ENERGY IN THE CONTEXT OF THE PRESENT CHALLENGES TO THE EUROPEAN COMMON SECURITY AND DEFENCE POLICY
Directory of Open Access Journals (Sweden)
Gabriel ANDRUSEAC
2014-10-01
Full Text Available The Common Security and Defence Policy is a part of the European Union’s Common Foreign and Security Policy (CFSP and establishes the policy framework for the institutional structures and military instruments which have to deal with the security challenges in Europe’s geopolitical neighborhood. The article aims to identify and analyze the role of energy as one of the present challenges to the European Common Security and Defence Policy in the context of the recent events in the world economy.
-
International Nuclear Information System (INIS)
2012-01-01
Cyber security measures are generally implemented at nuclear facilities to protect against cyber-attacks that may compromise safety. The implementation of such cyber security measures may vary based on site specific requirements and each country's regulatory frameworks. Safety measures and cyber security measures for a nuclear power plant should be designed and implemented so that they do not compromise one another. This common position is intended to only apply to systems classified to the highest level of safety. The Digital Instrumentation and Controls Working Group (DICWG) has agreed that a common position on this topic is warranted given the increase of use of Digital I and C in new reactor designs, its safety implications, and the need to develop a common understanding from the perspectives of regulatory authorities. This action follows the DICWG examination of the regulatory requirements of the participating members and of relevant industry standards and IAEA documents. The DICWG proposes a common position based on its recent experience with the new reactor application reviews and operating plant issues
-
In Support of the Common Defense: A Homeland Defense and Security Journal. Volume 2
2013-06-01
create a coast-to-coast, interoperable digital emergency communications network.36 Accordingly, Homeland Security Act 2002 and Homeland Security...or fixed monitor that depicts friendly forces on an easy-to-read digitized geospatial map. The number of assets being tracked directly determines...Common Defense diminished since Colombian security forces killed notorious Medellin cartel leader Pablo Escobar in 1993.74 There undeniably is an
-
Common Operating Picture: UAV Security Study
2004-01-01
This initial communication security study is a top-level assessment of basic security issues related to the operation of Unmanned Aerial Vehicles (UAVs) in the National Airspace System (NAS). Security considerations will include information relating to the use of International Civil Aviation Organization (ICAO) Aeronautical Telecommunications Network (ATN) protocols and applications identifying their maturity, as well as the use of IPV4 and a version of mobile IPV6. The purpose of this assessment is to provide an initial analysis of the security implications of introducing UAVs into the NAS.
-
Role of Global Food Security in the Common Agrarian Policy of the European Union
Directory of Open Access Journals (Sweden)
Igor N. Shcherbak
2014-01-01
Full Text Available The author devoted his research to the role of the global food security in the priorities of the Common Agricultural Policy of the European Union (CAP. The research sheds light on the parameters of the Common Agricultural Policy and the basic steps on the path of its reform. The research demonstrates that the priorities of the EC are mainly concentrated on achieving food security for the member-states of the EC, its population and the interests of the agricultural sector. The modern challenges to the Global Food Security (global food crises of 2007-2009, acute food shortages and hunger in crises regions of Africa and chronic malnutrition are placed high on the agenda of the CAP. In this situation, the EU is trying in the interests of stabilization of the world agricultural market to solve simultaneously the tasks of providing assistance for development and mitigation of the threats to the Global Food security. The deepening rift between the strategy of the CAP oriented towards promotion of agricultural export and real contribution of the EC to the Global Food Security and assistance for development is becoming more and more the most «vulnerable» place of the CAP.
-
(Inefficiency of EU Common Foreign and Security Policy: Ukraine, Brexit, Trump and beyond
Directory of Open Access Journals (Sweden)
Filipec Ondřej
2017-10-01
Full Text Available The main aim of this article is to explore and analyze key determinants of EU Common Foreign and Security Policy efficiency. For this purpose a 3C analytical approach is used, exploring EU foreign and security policy consistency, capacities and the dimension of cooperation. Article analyzes both horizontal and vertical, consistency of EU Foreign and Security policy especially with connection to Ukraine crises and diverging interests of EU member states. EU capacities are explored with main focus on military spending and challenges related to limited spending. EU military decline is put in contrast with new emerging regional powers. In the area of cooperation article is dedicated mainly to ineffective partnership with Turkey, cold attitude of Trump administration towards Europe and the implications of Brexit for EU foreign and security policy.
-
The Common Body of Knowledge: A Framework to Promote Relevant Information Security Research
Directory of Open Access Journals (Sweden)
Kenneth J. Knapp
2007-03-01
Full Text Available This study proposes using an established common body of knowledge (CBK as one means of organizing information security literature. Consistent with calls for more relevant information systems (IS research, this industry-developed framework can motivate future research towards topics that are important to the security practitioner. In this review, forty-eight articles from ten IS journals from 1995 to 2004 are selected and cross-referenced to the ten domains of the information security CBK. Further, we distinguish articles as empirical research, frameworks, or tutorials. Generally, this study identified a need for additional empirical research in every CBK domain including topics related to legal aspects of information security. Specifically, this study identified a need for additional IS security research relating to applications development, physical security, operations security, and business continuity. The CBK framework is inherently practitioner oriented and using it will promote relevancy by steering IS research towards topics important to practitioners. This is important considering the frequent calls by prominent information systems scholars for more relevant research. Few research frameworks have emerged from the literature that specifically classify the diversity of security threats and range of problems that businesses today face. With the recent surge of interest in security, the need for a comprehensive framework that also promotes relevant research can be of great value.
-
Directory of Open Access Journals (Sweden)
Gary Shiffman
2013-02-01
Full Text Available Individuals increasingly rely upon the internet for basic economic interaction. Current cyber security mechanisms are unable to stop adversaries and hackers from gaining access to sensitive information stored on government, business, and public computers. Experts propose implementing attribution and audit frameworks in cyberspace to deter, prevent, and prosecute cyber criminals and attackers. However, this method faces significant policy and resource constraints. Social science research, specifically in law and economics, concerning common-pool resources suggests an organic approach to cyber security may yield an appropriate solution. This cyber commons method involves treating the internet as a commons and encouraging individuals and institutions to voluntarily implement innovative and adaptive monitoring mechanisms. Such mechanisms are already in use and in many cases have proven more effective than attribution mechanisms in resisting and tracing the source of cyber attacks.
-
News framing and public support for a common foreign and security policy
de Vreese, C.H.; Kandyla, A.
2009-01-01
Abstract A common EU foreign and security policy (CFSP) can be framed by elites and media as a risk or as an opportunity. This article examines the effects of framing in terms of ‘risk’ and ‘opportunity’ on public support. Moreover, we examine first whether the effect of framing CFSP as a ‘risk for
-
Energy Technology Data Exchange (ETDEWEB)
Badwan, Faris M. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States); Demuth, Scott Francis [Los Alamos National Lab. (LANL), Los Alamos, NM (United States); Miller, Michael Conrad [Los Alamos National Lab. (LANL), Los Alamos, NM (United States); Pshakin, Gennady [Obninsk Institute of Physics and Power Engineering (Russian Federation)
2015-02-23
Small Modular Reactors (SMR) with power levels significantly less than the currently standard 1000 to 1600-MWe reactors have been proposed as a potential game changer for future nuclear power. SMRs may offer a simpler, more standardized, and safer modular design by using factory built and easily transportable components. Additionally, SMRs may be more easily built and operated in isolated locations, and may require smaller initial capital investment and shorter construction times. Because many SMRs designs are still conceptual and consequently not yet fixed, designers have a unique opportunity to incorporate updated design basis threats, emergency preparedness requirements, and then fully integrate safety, physical security, and safeguards/material control and accounting (MC&A) designs. Integrating safety, physical security, and safeguards is often referred to as integrating the 3Ss, and early consideration of safeguards and security in the design is often referred to as safeguards and security by design (SSBD). This paper describes U.S./Russian collaborative efforts toward developing an internationally accepted common approach for implementing SSBD/3Ss for SMRs based upon domestic requirements, and international guidance and requirements. These collaborative efforts originated with the Nuclear Energy and Nuclear Security working group established under the U.S.-Russia Bilateral Presidential Commission during the 2009 Presidential Summit. Initial efforts have focused on review of U.S. and Russian domestic requirements for Security and MC&A, IAEA guidance for security and MC&A, and IAEA requirements for international safeguards. Additionally, example SMR design features that can enhance proliferation resistance and physical security have been collected from past work and reported here. The development of a U.S./Russian common approach for SSBD/3Ss should aid the designer of SMRs located anywhere in the world. More specifically, the application of this approach may
-
International Nuclear Information System (INIS)
Badwan, Faris M.; Demuth, Scott Francis; Miller, Michael Conrad; Pshakin, Gennady
2015-01-01
Small Modular Reactors (SMR) with power levels significantly less than the currently standard 1000 to 1600-MWe reactors have been proposed as a potential game changer for future nuclear power. SMRs may offer a simpler, more standardized, and safer modular design by using factory built and easily transportable components. Additionally, SMRs may be more easily built and operated in isolated locations, and may require smaller initial capital investment and shorter construction times. Because many SMRs designs are still conceptual and consequently not yet fixed, designers have a unique opportunity to incorporate updated design basis threats, emergency preparedness requirements, and then fully integrate safety, physical security, and safeguards/material control and accounting (MC&A) designs. Integrating safety, physical security, and safeguards is often referred to as integrating the 3Ss, and early consideration of safeguards and security in the design is often referred to as safeguards and security by design (SSBD). This paper describes U.S./Russian collaborative efforts toward developing an internationally accepted common approach for implementing SSBD/3Ss for SMRs based upon domestic requirements, and international guidance and requirements. These collaborative efforts originated with the Nuclear Energy and Nuclear Security working group established under the U.S.-Russia Bilateral Presidential Commission during the 2009 Presidential Summit. Initial efforts have focused on review of U.S. and Russian domestic requirements for Security and MC&A, IAEA guidance for security and MC&A, and IAEA requirements for international safeguards. Additionally, example SMR design features that can enhance proliferation resistance and physical security have been collected from past work and reported here. The development of a U.S./Russian common approach for SSBD/3Ss should aid the designer of SMRs located anywhere in the world. More specifically, the application of this approach may
-
Whither a Common Security for Southeast Asia?
1998-06-05
by China. Even in 1994, the then-Malaysian Defense Minister Najib was careful to play down the security role of ASEAN as he still saw it as being... Razak Baginda. "Southeast Asia and Pacific Regional Security: Towards Multilateralism Amid Uncertainty?" Military Technology (April 1994): 10- 16
-
Energy Technology Data Exchange (ETDEWEB)
Gree, M.W.
1998-11-03
Security technologies are not the answer to all school security problems. However, they can be an excellent tool for school administrators and security personnel when incorporated into a total security strategy involving personnel, procedures, and facility layout. Unfortunately, very few of the tougher security problems in schools have solutions that are affordable, effective, and acceptable. Like any other type of facility, a school's security staff must understand the strengths and limitations of the security measures they are c
security practices, which will rarely increase new building costs if included in the initial planning. -
Successes and Shortfalls of European Union Common Security and Defence Policy Missions in Africa
DEFF Research Database (Denmark)
Højstrup Christensen, Gitte; Kammel, Arnold; Nervanto, Elisa
This brief synthesises the IECEU project’s most essential findings on the effectiveness of European Union (EU) missions in four Africa countries: Libya, South Sudan, the Democratic Republic of the Congo (DRC) and the Central African Republic (CAR). It describes the main elements and impact...... and context. However, the EU missions presented in this brief share the main characteristic that they have all been deployed under the union’s Common Security and Defence Policy (CSDP)2 with the explicit intent of improving the overall security situation and addressing conflicts in Africa. This brief...... will start by providing a short overview of each case, describing the conflict(s), security situation, mission objectives and obstacles. In this way, it compares the overall effectiveness of EU operational conflict prevention across the four African countries and discusses what lessons can be learned from...
-
Kandyla, A.-A.; de Vreese, C.
2011-01-01
This study is a cross-national comparative content analysis of the broadsheet press coverage of EU Common Foreign and Security issues (n=1453) focusing on the presence of indicators of a European Public Sphere. Specifically, we investigated the visibility of Common Foreign and Security Policy (CFSP)
-
2017-03-01
Secure ASIC Architecture for Optimized Utilization of a Trusted Supply Chain for Common Architecture A&D Applications Ezra Hall, Ray Eberhard...use applications. Furthermore, a product roadmap must be comprehended as part of this platform, offering A&D programs a solution to their...existing solutions for adoption to occur. Additionally, a well-developed roadmap to future secure SoCs, leveraging the value add of future advanced
-
PAPI based federation as a test-bed for a common security infrastructure in EFDA sites
International Nuclear Information System (INIS)
Castro, R.; Vega, J.; Portas, A.; Lopez, D.R.; Balme, S.; Theis, J.M.; Lebourg, P.; Fernandes, H.; Neto, A.; Duarte, A.; Oliveira, F.; Reis, F.; Purahoo, K.; Thomsen, K.; Schiller, W.; Kadlecsik, J.
2008-01-01
Federated authentication and authorization systems provide several advantages to collaborative environments, for example, easy authentication integration, simpler user management, easier security policy implementation and quicker implementation of access control elements for new type of resources. A federation integrates different aspects that have to be coordinated by all the organizations involved. The most relevant are: definition of common schemas and attributes, definition of common policies and procedures, management of keys and certificates, management of common repositories and implementation of a home location service. A federation enabling collaboration of European sites has been put into operation. Four laboratories have been integrated and two more organizations (EFDA and KFKI/HAS) are finishing their integration. The federation infrastructure is based on Point of Access to Providers of Information (PAPI), a distributed authentication and authorization system. PAPI technology gives some important features, such as, single sign on for accessing to different resources, mobility for users, and compatibility with open and standard technologies: Java, JNLP protocol, XML-RPC and web technologies among others. In this article, the test-bed of EFDA federation is presented. Some examples of resources, securely shared inside the federation, are shown. Specific issues and experience gained in deploying federated collaboration systems will be addressed as well
-
PAPI based federation as a test-bed for a common security infrastructure in EFDA sites
Energy Technology Data Exchange (ETDEWEB)
Castro, R. [Asociacion EURATOM/CIEMAT para Fusion, Madrid (Spain)], E-mail: rodrigo.castro@ciemat.es; Vega, J.; Portas, A. [Asociacion EURATOM/CIEMAT para Fusion, Madrid (Spain); Lopez, D.R. [Departamento RedIRIS, Entidad publica empresarial Red.es, Madrid (Spain); Balme, S.; Theis, J.M.; Lebourg, P. [Association EURATOM-CEA, CEA/DSM/Departement de Recherches sur la Fusion Controlee DRFC, CEA-Cadarache (France); Fernandes, H.; Neto, A.; Duarte, A.; Oliveira, F.; Reis, F. [Centro de Fusao Nuclear, Associacao EURATOM/IST, Lisboa (Portugal); Purahoo, K. [EURATOM/UKAEA Fusion Association, Culham Science Centre, Abingdon OX14 3DB (United Kingdom); Thomsen, K.; Schiller, W. [EFDA Close Support Unit Garching, Max Planck Institut fuer Plasmaphysik, Boltzmannstr. 2, D-85748 Garching (Germany); Kadlecsik, J. [KFKI R.I. for Particle and Nuclear Physics of the Hungarian Academy of Sciences, and the Association EURATOM/HAS, Budapest (Hungary)
2008-04-15
Federated authentication and authorization systems provide several advantages to collaborative environments, for example, easy authentication integration, simpler user management, easier security policy implementation and quicker implementation of access control elements for new type of resources. A federation integrates different aspects that have to be coordinated by all the organizations involved. The most relevant are: definition of common schemas and attributes, definition of common policies and procedures, management of keys and certificates, management of common repositories and implementation of a home location service. A federation enabling collaboration of European sites has been put into operation. Four laboratories have been integrated and two more organizations (EFDA and KFKI/HAS) are finishing their integration. The federation infrastructure is based on Point of Access to Providers of Information (PAPI), a distributed authentication and authorization system. PAPI technology gives some important features, such as, single sign on for accessing to different resources, mobility for users, and compatibility with open and standard technologies: Java, JNLP protocol, XML-RPC and web technologies among others. In this article, the test-bed of EFDA federation is presented. Some examples of resources, securely shared inside the federation, are shown. Specific issues and experience gained in deploying federated collaboration systems will be addressed as well.
-
Directory of Open Access Journals (Sweden)
Taoying Huang
2009-01-01
Full Text Available Lymphomas are the fifth most common cancer in United States with numerous histological subtypes. Integrating existing clinical information on lymphoma patients provides a platform for understanding biological variability in presentation and treatment response and aids development of novel therapies. We developed a cancer Biomedical Informatics Grid™ (caBIG™ Silver level compliant lymphoma database, called the Lymphoma Enterprise Architecture Data-system™ (LEAD™, which integrates the pathology, pharmacy, laboratory, cancer registry, clinical trials, and clinical data from institutional databases. We utilized the Cancer Common Ontological Representation Environment Software Development Kit (caCORE SDK provided by National Cancer Institute’s Center for Bioinformatics to establish the LEAD™ platform for data management. The caCORE SDK generated system utilizes an n-tier architecture with open Application Programming Interfaces, controlled vocabularies, and registered metadata to achieve semantic integration across multiple cancer databases. We demonstrated that the data elements and structures within LEAD™ could be used to manage clinical research data from phase 1 clinical trials, cohort studies, and registry data from the Surveillance Epidemiology and End Results database. This work provides a clear example of how semantic technologies from caBIG™ can be applied to support a wide range of clinical and research tasks, and integrate data from disparate systems into a single architecture. This illustrates the central importance of caBIG™ to the management of clinical and biological data.
-
Directory of Open Access Journals (Sweden)
Taoying Huang
2009-04-01
Full Text Available Lymphomas are the fifth most common cancer in United States with numerous histological subtypes. Integrating existing clinical information on lymphoma patients provides a platform for understanding biological variability in presentation and treatment response and aids development of novel therapies. We developed a cancer Biomedical Informatics Grid™ (caBIG™ Silver level compliant lymphoma database, called the Lymphoma Enterprise Architecture Data-system™ (LEAD™, which integrates the pathology, pharmacy, laboratory, cancer registry, clinical trials, and clinical data from institutional databases. We utilized the Cancer Common Ontological Representation Environment Software Development Kit (caCORE SDK provided by National Cancer Institute’s Center for Bioinformatics to establish the LEAD™ platform for data management. The caCORE SDK generated system utilizes an n-tier architecture with open Application Programming Interfaces, controlled vocabularies, and registered metadata to achieve semantic integration across multiple cancer databases. We demonstrated that the data elements and structures within LEAD™ could be used to manage clinical research data from phase 1 clinical trials, cohort studies, and registry data from the Surveillance Epidemiology and End Results database. This work provides a clear example of how semantic technologies from caBIG™ can be applied to support a wide range of clinical and research tasks, and integrate data from disparate systems into a single architecture. This illustrates the central importance of caBIG™ to the management of clinical and biological data.
-
Huang, Taoying; Shenoy, Pareen J.; Sinha, Rajni; Graiser, Michael; Bumpers, Kevin W.; Flowers, Christopher R.
2009-01-01
Lymphomas are the fifth most common cancer in United States with numerous histological subtypes. Integrating existing clinical information on lymphoma patients provides a platform for understanding biological variability in presentation and treatment response and aids development of novel therapies. We developed a cancer Biomedical Informatics Grid™ (caBIG™) Silver level compliant lymphoma database, called the Lymphoma Enterprise Architecture Data-system™ (LEAD™), which integrates the pathology, pharmacy, laboratory, cancer registry, clinical trials, and clinical data from institutional databases. We utilized the Cancer Common Ontological Representation Environment Software Development Kit (caCORE SDK) provided by National Cancer Institute’s Center for Bioinformatics to establish the LEAD™ platform for data management. The caCORE SDK generated system utilizes an n-tier architecture with open Application Programming Interfaces, controlled vocabularies, and registered metadata to achieve semantic integration across multiple cancer databases. We demonstrated that the data elements and structures within LEAD™ could be used to manage clinical research data from phase 1 clinical trials, cohort studies, and registry data from the Surveillance Epidemiology and End Results database. This work provides a clear example of how semantic technologies from caBIG™ can be applied to support a wide range of clinical and research tasks, and integrate data from disparate systems into a single architecture. This illustrates the central importance of caBIG™ to the management of clinical and biological data. PMID:19492074
-
Development of the Lymphoma Enterprise Architecture Database: a caBIG Silver level compliant system.
Huang, Taoying; Shenoy, Pareen J; Sinha, Rajni; Graiser, Michael; Bumpers, Kevin W; Flowers, Christopher R
2009-04-03
Lymphomas are the fifth most common cancer in United States with numerous histological subtypes. Integrating existing clinical information on lymphoma patients provides a platform for understanding biological variability in presentation and treatment response and aids development of novel therapies. We developed a cancer Biomedical Informatics Grid (caBIG) Silver level compliant lymphoma database, called the Lymphoma Enterprise Architecture Data-system (LEAD), which integrates the pathology, pharmacy, laboratory, cancer registry, clinical trials, and clinical data from institutional databases. We utilized the Cancer Common Ontological Representation Environment Software Development Kit (caCORE SDK) provided by National Cancer Institute's Center for Bioinformatics to establish the LEAD platform for data management. The caCORE SDK generated system utilizes an n-tier architecture with open Application Programming Interfaces, controlled vocabularies, and registered metadata to achieve semantic integration across multiple cancer databases. We demonstrated that the data elements and structures within LEAD could be used to manage clinical research data from phase 1 clinical trials, cohort studies, and registry data from the Surveillance Epidemiology and End Results database. This work provides a clear example of how semantic technologies from caBIG can be applied to support a wide range of clinical and research tasks, and integrate data from disparate systems into a single architecture. This illustrates the central importance of caBIG to the management of clinical and biological data.
-
Privacy and security in teleradiology
International Nuclear Information System (INIS)
Ruotsalainen, Pekka
2010-01-01
Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.
-
Privacy and security in teleradiology
Energy Technology Data Exchange (ETDEWEB)
Ruotsalainen, Pekka [National Institute for Health and Welfare, Helsinki (Finland)], E-mail: pekka.ruotsalainen@THL.fi
2010-01-15
Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.
-
Privacy and security in teleradiology.
Ruotsalainen, Pekka
2010-01-01
Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper. Copyright (c) 2009 Elsevier Ireland Ltd. All rights reserved.
-
National Research Council Canada - National Science Library
Hartmann, Uwe
2001-01-01
... as a core element of the Common Security and Defense Policy of the EU, Based on the interpretation of Clausewitz's theory of war and strategy in Britain, France, and Germany, main commonalities...
-
Computer Security: Security operations at CERN (4/4)
CERN. Geneva
2012-01-01
Stefan Lueders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and infrastructure control systems against cyber-threats. Subsequently, he joined the CERN Computer Security Incident Response Team and is today heading this team as CERN's Computer Security Officer with the mandate to coordinate all aspects of CERN's computer security --- office computing security, computer centre security, GRID computing security and control system security --- whilst taking into account CERN's operational needs. Dr. Lueders has presented on these topics at many different occasions to international bodies, governments, and companies, and published several articles. With the prevalence of modern information technologies and...
-
Enterprise Mac Security Mac OS X Snow Leopard Security
Edge, Stephen Charles; Hunter, Beau; Sullivan, Gene; LeBlanc, Dee-Ann
2010-01-01
A common misconception in the Mac community is that Mac's operating system is more secure than others. While this might be true in certain cases, security on the Mac is still a crucial issue. When sharing is enabled or remote control applications are installed, Mac OS X faces a variety of security threats. Enterprise Mac Security: Mac OS X Snow Leopard is a definitive, expert-driven update of the popular, slash-dotted first edition and was written in part as a companion to the SANS Institute course for Mac OS X. It contains detailed Mac OS X security information, and walkthroughs on securing s
-
What kind of cyber security? Theorising cyber security and mapping approaches
Laura Fichtner
2018-01-01
Building on conceptual work on security and cyber security, the paper explores how different approaches to cyber security are constructed. It outlines structural components and presents four common approaches. Each of them suggests a different role for the actors involved and is motivated and justified by different values such as privacy, economic order and national security. When a cyber security policy or initiative is chosen by policymakers, the analysis of the underlying approach enhances...
-
Directory of Open Access Journals (Sweden)
Irina Mindova-Docheva
2016-06-01
Full Text Available The article proposes an analysis of the different approaches towards employing the international legal framework in the regulation and oversight of private military and security companies’ operation in armed conflicts and in peace time security systems. It proposes a partnership-based approach for public and private actors aiming at creating and sharing common values under the principles of solidarity, protection of human rights and rule of law. A focus of further research should be the process of shaping those common values.
-
White, J.; Schuller, B.; Qiang, W.; Groep, D.; Koeroo, O.; Salle, M.; Sustr, Z.; Kouril, D.; Millar, P.; Benedyczak, K.; Ceccanti, A.; Leinen, S.; Tschopp, V.; Fuhrmann, P.; Heyman, E.; Konstantinov, A.
2013-01-01
This document describes the various architectures of the three middlewares that comprise the EMI software stack. It also outlines the common efforts in the security area that allow interoperability between these middlewares. The assessment of the EMI Security presented in this document was performed internally by members of the Security Area of the EMI project.
-
Information risk and security modeling
Zivic, Predrag
2005-03-01
This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.
-
Verma, Piyush
2015-01-01
If you are network administrator or a security analyst with an interest in using Wireshark for security analysis, then this is the book for you. Basic familiarity with common network and application services terms and technologies is assumed.
-
Use of Security Officers on Inpatient Psychiatry Units.
Lawrence, Ryan E; Perez-Coste, Maria M; Arkow, Stan D; Appelbaum, Paul S; Dixon, Lisa B
2018-04-02
Violent and aggressive behaviors are common among psychiatric inpatients. Hospital security officers are sometimes used to address such behaviors. Research on the role of security in inpatient units is scant. This study examined when security is utilized and what happens when officers arrive. The authors reviewed the security logbook and the medical records for all patients discharged from an inpatient psychiatry unit over a six-month period. Authors recorded when security calls happened, what behaviors triggered security calls, what outcomes occurred, and whether any patient characteristics were associated with security calls. A total of 272 unique patients were included. A total of 49 patients (18%) generated security calls (N=157 calls). Security calls were most common in the first week of hospitalization (N=45 calls), and roughly half of the patients (N=25 patients) had only one call. The most common inciting behavior was "threats to persons" (N=34 calls), and the most common intervention was intramuscular antipsychotic injection (N=49 calls). The patient variables associated with security calls were having more than one prior hospitalization (odds ratio [OR]=4.56, p=.001, 95% confidence interval [CI]=1.80-11.57), involuntary hospitalization (OR=5.09, pSecurity officers were often called for threats of violence and occasionally called for actual violence. Patient variables associated with security calls are common among inpatients, and thus clinicians should stay attuned to patients' moment-to-moment care needs.
-
DEFF Research Database (Denmark)
Manners, Ian James
2013-01-01
The past 20 years, since the 1992 Treaty on European Union, have seen the gradual creation of both an “Area of Freedom, Security and Justice” and a “Common Foreign and Security Policy”. More recent is the development of a “European Neighbourhood Policy” over the past 10 years. All three...... of these policies involved the navigation and negotiation of security, borders and governance in and by the European Union (EU). This article analyses these practices of bordering and governance through a five-fold security framework. The article argues that a richer understanding of EU security discourses can...
-
Fontanini, Piero
2008-01-01
VOIP or Voice Over Internet Protocol is a common term for phone service over IP based networks. There are much information about VoIP and some of how VoIP can be secured. There is however no standard for VoIP and no general solution for VoIP Security. The security in VoIP systems today are often non existing or in best case weak and often based on proprietary solutions. This master thesis investigates threats to VoIP system and describes existing alternatives for securing Vo...
-
2010-01-01
... 12 Banks and Banking 5 2010-01-01 2010-01-01 false Security. 561.44 Section 561.44 Banks and... SAVINGS ASSOCIATIONS § 561.44 Security. The term security means any non-withdrawable account, note, stock... commonly known as a security, or any certificate of interest or participation in, temporary or interim...
-
What kind of cyber security? Theorising cyber security and mapping approaches
Directory of Open Access Journals (Sweden)
Laura Fichtner
2018-05-01
Full Text Available Building on conceptual work on security and cyber security, the paper explores how different approaches to cyber security are constructed. It outlines structural components and presents four common approaches. Each of them suggests a different role for the actors involved and is motivated and justified by different values such as privacy, economic order and national security. When a cyber security policy or initiative is chosen by policymakers, the analysis of the underlying approach enhances our understanding of how this shapes relationships between actors and of the values prioritised, promoted and inscribed into the concerned technologies.
-
Designing a Secure Point-of-Sale System
DEFF Research Database (Denmark)
Sharp, Robin; Pedersen, Allan; Hedegaard, Anders
2006-01-01
This paper describes some experiences with using the ''Common Criteria for Information Security Evaluation'' as the basis for a design methodology when designing secure systems. As an example, the design process for a Point-of-Sale (POS) system is described.......This paper describes some experiences with using the ''Common Criteria for Information Security Evaluation'' as the basis for a design methodology when designing secure systems. As an example, the design process for a Point-of-Sale (POS) system is described....
-
17 CFR 41.21 - Requirements for underlying securities.
2010-04-01
... underlying security is: (i) Common stock, (ii) Such other equity security as the Commission and the SEC jointly deem appropriate, or (iii) A note, bond, debenture, or evidence of indebtedness; and (3) The... Exchange Act of 1934; (3) The securities in the index are: (i) Common stock, (ii) Such other equity...
-
Dorrans, Barry
2010-01-01
Beginning ASP.NET 3.5 Security is geared for novice to intermediate ASP.NET programmers who wish to protect and defend their web sites against attack and exploitation. Beginning with a discussion of why we need security and the things that may occur when it is ignored and an overview of how ASP.NET works, readers are taken through the common steps in developing a web site, the security problems each area exposes and how these can be exploited. Visual Studio Security MVP Barry Dorrans teaches readers how they can defend their applications using the standard .NET framework, industry patterns and
-
2010-01-01
... 10 Energy 4 2010-01-01 2010-01-01 false Security. 780.8 Section 780.8 Energy DEPARTMENT OF ENERGY PATENT COMPENSATION BOARD REGULATIONS General Provisions § 780.8 Security. In any proceeding under this... the Act to assure compliance with Department security regulations and the common defense. ...
-
CC-based Design of Secure Application Systems
DEFF Research Database (Denmark)
Sharp, Robin
2009-01-01
This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secu...... an effective and secure design, starting with the formulation of a Protection Profile and ending with a concrete design, within the project timeframe.......This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secure...
-
DEFF Research Database (Denmark)
Lucas, Christoph; Raub, Dominik; Maurer, Ueli
2010-01-01
of the adversary, without being aware of the actual adversarial setting. Thus, hybrid-secure MPC protocols allow for graceful degradation of security. We present a hybrid-secure MPC protocol that provides an optimal trade-off between IT robustness and computational privacy: For any robustness parameter ρ ... obtain one MPC protocol that is simultaneously IT secure with robustness for up to t ≤ ρ actively corrupted parties, IT secure with fairness (no robustness) for up to t ... in the universal composability (UC) framework (based on a network of secure channels, a broadcast channel, and a common reference string). It achieves the bound on the trade-off between robustness and privacy shown by Ishai et al. [CRYPTO'06] and Katz [STOC'07], the bound on fairness shown by Cleve [STOC'86...
-
A Secure Routing Protocol for Wireless Sensor Networks Considering Secure Data Aggregation
Directory of Open Access Journals (Sweden)
Triana Mugia Rahayu
2015-06-01
Full Text Available The commonly unattended and hostile deployments of WSNs and their resource-constrained sensor devices have led to an increasing demand for secure energy-efficient protocols. Routing and data aggregation receive the most attention since they are among the daily network routines. With the awareness of such demand, we found that so far there has been no work that lays out a secure routing protocol as the foundation for a secure data aggregation protocol. We argue that the secure routing role would be rendered useless if the data aggregation scheme built on it is not secure. Conversely, the secure data aggregation protocol needs a secure underlying routing protocol as its foundation in order to be effectively optimal. As an attempt for the solution, we devise an energy-aware protocol based on LEACH and ESPDA that combines secure routing protocol and secure data aggregation protocol. We then evaluate its security effectiveness and its energy-efficiency aspects, knowing that there are always trade-off between both.
-
Security of Dependable Systems
DEFF Research Database (Denmark)
Ahmed, Naveed; Jensen, Christian D.
2011-01-01
Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...... in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions....
-
Security guide for subcontractors
Energy Technology Data Exchange (ETDEWEB)
Adams, R.C.
1993-06-01
This guide is provided to aid in the achievement of security objectives in the Department of Energy (DOE) contractor/subcontractor program. The objectives of security are to protect information that, if released, would endanger the common defense and security of the nation and to safeguard plants and installations of the DOE and its contractors to prevent the interruption of research and production programs. The security objective and means of achieving the objective are described. Specific security measures discussed in this guide include physical barriers, personnel identification systems, personnel and vehicular access control, classified document control, protection of classified matter in use, storing classified matter, and repository combinations. Means of dealing with security violations and security infractions are described. Maintenance of a security education program is discussed. Also discussed are methods of handling clearance terminations, visitor control, travel to sensitive countries, and shipment security. The Technical Surveillance Countermeasures Program (TSCM), the Computer Security Program, and the Operations Security Plan (OPSEC) are examined.
-
Process Models for Security Architectures
Directory of Open Access Journals (Sweden)
Floarea NASTASE
2006-01-01
Full Text Available This paper presents a model for an integrated security system, which can be implemented in any organization. It is based on security-specific standards and taxonomies as ISO 7498-2 and Common Criteria. The functionalities are derived from the classes proposed in the Common Criteria document. In the paper we present the process model for each functionality and also we focus on the specific components.
-
The nature of international health security.
Chiu, Ya-Wen; Weng, Yi-Hao; Su, Yi-Yuan; Huang, Ching-Yi; Chang, Ya-Chen; Kuo, Ken N
2009-01-01
Health issues occasionally intersect security issues. Health security has been viewed as an essential part of human security. Policymakers and health professionals, however, do not share a common definition of health security. This article aims to characterize the notions of health security in order to clarify what constitutes the nexus of health and security. The concept of health security has evolved over time so that it encompasses many entities. Analyzing the health reports of four multilateral organizations (the United Nations, World Health Organization, Asia-Pacific Economic Cooperation, and the European Union) produced eight categories of most significant relevance to contemporary health security, allowing comparison of the definitions. The four categories are: emerging diseases; global infectious disease; deliberate release of chemical and biological materials; violence, conflict, and humanitarian emergencies. Two other categories of common concern are natural disasters and environmental change, as well as chemical and radioactive accidents. The final two categories, food insecurity and poverty, are discussed less frequently. Nevertheless, food security is emerging as an increasingly important issue in public health. Health security is the first line of defence against health emergencies. As globalization brings more complexities, dealing with the increased scale and extent of health security will require greater international effort and political support.
-
Sasaki, Takuma; Kakesu, Izumi; Mitsui, Yusuke; Rontani, Damien; Uchida, Atsushi; Sunada, Satoshi; Yoshimura, Kazuyuki; Inubushi, Masanobu
2017-10-16
We experimentally achieve common-signal-induced synchronization in two photonic integrated circuits with short external cavities driven by a constant-amplitude random-phase light. The degree of synchronization can be controlled by changing the optical feedback phase of the two photonic integrated circuits. The change in the optical feedback phase leads to a significant redistribution of the spectral energy of optical and RF spectra, which is a unique characteristic of PICs with the short external cavity. The matching of the RF and optical spectra is necessary to achieve synchronization between the two PICs, and stable synchronization can be obtained over an hour in the presence of optical feedback. We succeed in generating information-theoretic secure keys and achieving the final key generation rate of 184 kb/s using the PICs.
-
Information security management handbook
Tipton, Harold F
2003-01-01
Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a c
-
CERN. Geneva
2013-01-01
Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development, testing and deployment. Sebastian Lopienski is CERN’s deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and ...
-
Dykstra, Holly; Davey, Adam; Fisher, Jennifer O; Polonsky, Heather; Sherman, Sandra; Abel, Michelle L; Dale, Lauren C; Foster, Gary D; Bauer, Katherine W
2016-03-01
Universal access to the School Breakfast Program (SBP) is intended to help low-income and food-insecure students overcome barriers to eating breakfast. However, SBP participation is often still low despite universal access. Further information is needed with regard to these children's breakfast behaviors, and in particular breakfast behaviors among youth from food-insecure families, to inform effective breakfast interventions. The objective of this study was to examine breakfast behaviors among a large sample of urban students with universal access to the SBP and to identify differences in breakfast behaviors among children from food-secure compared with food-insecure households. A cross-sectional study of 821 fourth- through sixth-grade students and their parents from 16 schools was conducted. Students reported the foods/drinks selected and location of obtaining food/drink on the morning of data collection, parents reported household food security status using the 6-item Food Security Survey Module, and the school district provided SBP participation data during the fall semester of 2013. Multivariable linear regression models accounting for school-level clustering were used to examine differences in breakfast behaviors across 3 levels of household food security: food secure, low food secure, and very low food secure. Students participated in the SBP 31.2% of possible days, with 13% never participating in the SBP. One-fifth (19.4%) of students purchased something from a corner store for breakfast, and 16.9% skipped breakfast. Forty-six percent of students were food insecure; few differences in breakfast behaviors were observed across levels of food security. Despite universal access to the SBP, participation in the SBP is low. Breakfast skipping and selection of foods of low nutritional quality in the morning are common, regardless of household food security status. Additional novel implementation of the SBP and addressing students' breakfast preferences may be
-
Fitzpatrick, William Mark
2015-01-01
Approved for public release; distribution is unlimited After the attacks of September 11, 2001, and the creation of the federal Department of Homeland Security in 2002, many local agencies formed their own homeland security entity. Since that time, significant economic downturns have resulted in reductions in the amount of homeland security funding available to local jurisdictions. Another issue involves the lack of a common definition of homeland security and what it entails and how daily...
-
A Novel Multifactor Authentication System Ensuring Usability and Security
Mathew, Gloriya; Thomas, Shiney
2013-01-01
User authentication is one of the most important part of information security. Computer security most commonly depends on passwords to authenticate human users. Password authentication systems will be either been usable but not secure, or secure but not usable. While there are different types of authentication systems available alphanumeric password is the most commonly used authentication mechanism. But this method has significant drawbacks. An alternative solution to the text based authenti...
-
Cyber security issues in online games
Zhao, Chen
2018-04-01
With the rapid development of the Internet, online gaming has become a way of entertainment for many young people in the modern era. However, in recent years, cyber security issues in online games have emerged in an endless stream, which have also caused great attention of many game operators. Common cyber security problems in the game include information disclosure and cyber-attacks. These problems will directly or indirectly cause economic losses to gamers. Many gaming companies are enhancing the stability and security of their network or gaming systems in order to enhance the gaming user experience. This article has carried out the research of the cyber security issues in online games by introducing the background and some common cyber security threats, and by proposing the latent solution. Finally, it speculates the future research direction of the cyber security issues of online games in the hope of providing feasible solution and useful information for game operators.
-
Security Administrator Street Smarts A Real World Guide to CompTIA Security+ Skills
Miller, David R
2011-01-01
A step-by-step guide to the tasks involved in security administration If you aspire to a career in security administration, one of your greatest challenges will be gaining hands-on experience. This book takes you through the most common security admin tasks step by step, showing you the way around many of the roadblocks you can expect on the job. It offers a variety of scenarios in each phase of the security administrator's job, giving you the confidence of first-hand experience. In addition, this is an ideal complement to the brand-new, bestselling CompTIA Security+ Study Guide, 5th Edition o
-
Understanding the security management practices of humanitarian organizations.
Bollettino, Vincenzo
2008-06-01
Humanitarian organisations operate in increasingly hostile environments. Although authoritative statistics are scarce, anecdotal evidence suggests that aid workers face life-threatening risks that are exacerbated by the growing number of humanitarian organisations operating in the field, the diversity of their mandates, the lack of common professional security standards, and limited success in inter-agency security coordination. Despite broad acceptance of the need for better security management and coordination, many humanitarian organisations remain ambivalent about devoting increased resources to security management and security coordination. A critical lack of basic empirical knowledge of the field security environment hampers efforts to enhance security management practices. The absence of a systematic means of sharing incident data undermines the capacity of the humanitarian community to address proactively security threats. In discussions about humanitarian staff safety and security, the least common denominator remains cumulative anecdotal evidence provided by the many security personnel working for humanitarian organisations in the feld.
-
CERN. Geneva
2013-01-01
The CERN Computer Security Team is mandated to coordinate all aspects of CERN’s computer security --- office computing security, computer centre security, GRID computing security and control system security --- whilst taking into account CERN’s operational needs. This presentation will cover a series of security incidents which happened at CERN over the last five years, and discuss the lessons-learned in order to avoid similar things from happening again (there is enough blunder out there so there is need to make the same mistake twice). In the second part, I will outline how computer security --- prevention, protection, detection and response --- is generated at CERN, what the main objectives of the CERN computer security team are, and which policies, procedures and tools have been put in place. Stefan Lüders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadr...
-
International Nuclear Information System (INIS)
Hoeft, B; Epting, U; Koenig, T
2008-01-01
While many fields relevant to Grid security are already covered by existing working groups, their remit rarely goes beyond the scope of the Grid infrastructure itself. However, security issues pertaining to the internal set-up of compute centres have at least as much impact on Grid security. Thus, this talk will present briefly the EU ISSeG project (Integrated Site Security for Grids). In contrast to groups such as OSCT (Operational Security Coordination Team) and JSPG (Joint Security Policy Group), the purpose of ISSeG is to provide a holistic approach to security for Grid computer centres, from strategic considerations to an implementation plan and its deployment. The generalised methodology of Integrated Site Security (ISS) is based on the knowledge gained during its implementation at several sites as well as through security audits, and this will be briefly discussed. Several examples of ISS implementation tasks at the Forschungszentrum Karlsruhe will be presented, including segregation of the network for administration and maintenance and the implementation of Application Gateways. Furthermore, the web-based ISSeG training material will be introduced. This aims to offer ISS implementation guidance to other Grid installations in order to help avoid common pitfalls
-
2010-04-01
..., that is a note, bond, debenture, or evidence of indebtedness; (ii) None of the securities of an issuer included in the index is an equity security, as defined in section 3(a)(11) of the Securities Exchange Act... of 1934; (B) The issuer of the security has a worldwide market value of its outstanding common equity...
-
Bauer, Michael D
2005-01-01
Linux consistently appears high up in the list of popular Internet servers, whether it's for the Web, anonymous FTP, or general services such as DNS and delivering mail. But security is the foremost concern of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts with some frequency as well. This highly regarded book, originally titled Building Secure Servers with Linux, combines practical advice with a firm knowledge of the technical tools needed to ensure security. The book focuses on the most common use of Linux--
-
Security in Computer Applications
CERN. Geneva
2004-01-01
Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development. The last part of the lecture covers some miscellaneous issues like the use of cryptography, rules for networking applications, and social engineering threats. This lecture was first given on Thursd...
-
Mitigations for Security Vulnerabilities Found in Control System Networks
Energy Technology Data Exchange (ETDEWEB)
Trent D. Nelson
2006-05-01
Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in on-site CS assessments and suggests mitigation strategies to provide asset owners with the information they need to better protect their systems from common security flows.
-
Macro Security Methodology for Conducting Facility Security and Sustainability Assessments
International Nuclear Information System (INIS)
Herdes, Greg A.; Freier, Keith D.; Wright, Kyle A.
2007-01-01
Pacific Northwest National Laboratory (PNNL) has developed a macro security strategy that not only addresses traditional physical protection systems, but also focuses on sustainability as part of the security assessment and management process. This approach is designed to meet the needs of virtually any industry or environment requiring critical asset protection. PNNL has successfully demonstrated the utility of this macro security strategy through its support to the NNSA Office of Global Threat Reduction implementing security upgrades at international facilities possessing high activity radioactive sources that could be used in the assembly of a radiological dispersal device, commonly referred to as a 'dirty bomb'. Traditional vulnerability assessments provide a snap shot in time of the effectiveness of a physical protection system without significant consideration to the sustainability of the component elements that make up the system. This paper describes the approach and tools used to integrate technology, plans and procedures, training, and sustainability into a simple, quick, and easy-to-use security assessment and management tool.
-
Indirection and computer security.
Energy Technology Data Exchange (ETDEWEB)
Berg, Michael J.
2011-09-01
The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyze common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.
-
Multi-Variate EEG Analysis as a Novel Tool to Examine Brain Responses to Naturalistic Music Stimuli.
Directory of Open Access Journals (Sweden)
Irene Sturm
Full Text Available Note onsets in music are acoustic landmarks providing auditory cues that underlie the perception of more complex phenomena such as beat, rhythm, and meter. For naturalistic ongoing sounds a detailed view on the neural representation of onset structure is hard to obtain, since, typically, stimulus-related EEG signatures are derived by averaging a high number of identical stimulus presentations. Here, we propose a novel multivariate regression-based method extracting onset-related brain responses from the ongoing EEG. We analyse EEG recordings of nine subjects who passively listened to stimuli from various sound categories encompassing simple tone sequences, full-length romantic piano pieces and natural (non-music soundscapes. The regression approach reduces the 61-channel EEG to one time course optimally reflecting note onsets. The neural signatures derived by this procedure indeed resemble canonical onset-related ERPs, such as the N1-P2 complex. This EEG projection was then utilized to determine the Cortico-Acoustic Correlation (CACor, a measure of synchronization between EEG signal and stimulus. We demonstrate that a significant CACor (i can be detected in an individual listener's EEG of a single presentation of a full-length complex naturalistic music stimulus, and (ii it co-varies with the stimuli's average magnitudes of sharpness, spectral centroid, and rhythmic complexity. In particular, the subset of stimuli eliciting a strong CACor also produces strongly coordinated tension ratings obtained from an independent listener group in a separate behavioral experiment. Thus musical features that lead to a marked physiological reflection of tone onsets also contribute to perceived tension in music.
-
Practical Computer Security through Cryptography
McNab, David; Twetev, David (Technical Monitor)
1998-01-01
The core protocols upon which the Internet was built are insecure. Weak authentication and the lack of low level encryption services introduce vulnerabilities that propagate upwards in the network stack. Using statistics based on CERT/CC Internet security incident reports, the relative likelihood of attacks via these vulnerabilities is analyzed. The primary conclusion is that the standard UNIX BSD-based authentication system is by far the most commonly exploited weakness. Encryption of Sensitive password data and the adoption of cryptographically-based authentication protocols can greatly reduce these vulnerabilities. Basic cryptographic terminology and techniques are presented, with attention focused on the ways in which technology such as encryption and digital signatures can be used to protect against the most commonly exploited vulnerabilities. A survey of contemporary security software demonstrates that tools based on cryptographic techniques, such as Kerberos, ssh, and PGP, are readily available and effectively close many of the most serious security holes. Nine practical recommendations for improving security are described.
-
Network security with openSSL cryptography for secure communications
Viega, John; Chandra, Pravir
2002-01-01
Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications.The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. The library is the only free, full-featured SSL implementation for C and C++, and it can be used programmatically or from the command line to secure most TCP-based network protocols.Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library?s advanced features. And, inst...
-
Network perimeter security building defense in-depth
Riggs, Cliff
2003-01-01
PREFACEWho is this Book For?The Path to Network SecurityWho Should Read This Book?MANAGING NETWORK SECURITYThe Big Picture: Security Policies from A to ZAdministrative CountermeasuresPhysical CountermeasuresTechnological CountermeasuresCreating the Security Standards DocumentCreating the Configuration Guide DocumentPulling it All Together: Sample Security Policy CreationProteris Security Standards and ProceduresTHE NETWORK STACK AND SECURITYConnecting the NetworkProtocolsServers and HostsCRYPTOGRAPHY AND VPN TERMINOLOGYKeysCertificatesHashingDigital SignaturesCommon Encryption AlgorithmsSplit
-
External dimension of Ukraine’s security policy
Directory of Open Access Journals (Sweden)
O. S. Vonsovych
2015-07-01
Full Text Available Investigation of the external dimension of security policy of Ukraine is stipulated for the need to analyse the current state of relations with organizations such as the Organization for Security and Co-operation in Europe and The Collective Security Treaty Organization, and relations within the Common European Security and Defence Policy. Ukraine’s European Integration means inclusion in the global space security with countries that it shares common values and principles. It does not exclude the collaboration with the countries that belong to other systems of collective security in the scope that is appropriate to basic national interests of Ukraine. It is proved that the activities of the OSCE Special Monitoring Mission is an important contribution to the process of peaceful conflict resolution, and helps to develop democratic principles and foundations of foreign policy. It is determined that the further development of the constructive cooperation between the EU advisory mission under CSDP will provide an opportunity to improve and increase the security of national borders from external threats and challenges, and help to accelerate the process of integration into the European security space. The attention is paid to the fact that, taken into consideration the state of relations with Russia, the further cooperation with the Collective Security Treaty Organization (CSTO may adversely affect the overall security situation in Ukraine and lead to further tension with Russia today.
-
School Security and Crisis Preparedness: Make It Your Business.
Trump, Kenneth S.
1999-01-01
The top five security risks in today's schools include aggressive behavior, weapons possession or use, drug trafficking, gangs, and "stranger danger." Home-made bomb threats are common. This article also discusses security system costs, risk-reduction frameworks, security assessments, crisis-preparedness guidelines, and security-related…
-
Proactive Security Testing and Fuzzing
Takanen, Ari
Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flaw-less. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and patches were quietly and humbly installed), they now are probably one of the most common reasons why people switch vendors or software providers. The maintenance costs from security updates often add to become one of the biggest cost items to large Enterprise users. Fortunately test automation techniques have also improved. Techniques like model-based testing (MBT) enable efficient generation of security tests that reach good confidence levels in discovering zero-day mistakes in software. This technique is called fuzzing.
-
Information security management handbook, v.7
O'Hanley, Richard
2013-01-01
Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics
-
Security Aspects of an Enterprise-Wide Network Architecture.
Loew, Robert; Stengel, Ingo; Bleimann, Udo; McDonald, Aidan
1999-01-01
Presents an overview of two projects that concern local area networks and the common point between networks as they relate to network security. Discusses security architectures based on firewall components, packet filters, application gateways, security-management components, an intranet solution, user registration by Web form, and requests for…
-
Common security and defence policy of the European Union and NATO
Directory of Open Access Journals (Sweden)
Beriša Hatidža
2015-01-01
Full Text Available The paper presents the structural analysis of cooperation collectivity NATO and the EU, who are the guarantors of foreign security policy in the region and in the world. In this regard, it outlines the hypothetical discourse in the EU's relations with NATO, the United States, that have marked the start of the independence of each individual battle in terms of security. Standalone approach, reflecting the credibility of each individual collectivity, ultimately lead to a reduction of investment potential. It starts by considering a presentation of possible options on the reflection of the relations between the EU and NATO that the 'fine-tuning' proclaims the need for integration and pragmatic and rational manner, accepted by the political and economic realities in achieving interests. In this paper, the intention of the data on CSDP and critical analysis of relations between the EU and NATO and the presentation of the most significant agreements between the two collectives, help bridge the gap in the division of political interest and commitment of its leading members.
-
Goseva-Popstojanova, Katerina; Tyo, Jacob P.; Sizemore, Brian
2017-01-01
NASA develops, runs, and maintains software systems for which security is of vital importance. Therefore, it is becoming an imperative to develop secure systems and extend the current software assurance capabilities to cover information assurance and cybersecurity concerns of NASA missions. The results presented in this report are based on the information provided in the issue tracking systems of one ground mission and one flight mission. The extracted data were used to create three datasets: Ground mission IVV issues, Flight mission IVV issues, and Flight mission Developers issues. In each dataset, we identified the software bugs that are security related and classified them in specific security classes. This information was then used to create the security vulnerability profiles (i.e., to determine how, why, where, and when the security vulnerabilities were introduced) and explore the existence of common trends. The main findings of our work include:- Code related security issues dominated both the Ground and Flight mission IVV security issues, with 95 and 92, respectively. Therefore, enforcing secure coding practices and verification and validation focused on coding errors would be cost effective ways to improve mission's security. (Flight mission Developers issues dataset did not contain data in the Issue Category.)- In both the Ground and Flight mission IVV issues datasets, the majority of security issues (i.e., 91 and 85, respectively) were introduced in the Implementation phase. In most cases, the phase in which the issues were found was the same as the phase in which they were introduced. The most security related issues of the Flight mission Developers issues dataset were found during Code Implementation, Build Integration, and Build Verification; the data on the phase in which these issues were introduced were not available for this dataset.- The location of security related issues, as the location of software issues in general, followed the Pareto
-
Synthesis of securement device options and strategies
2002-03-01
The Americans with Disabilities Act of 1990 (ADA) requires that public transit vehicles be equipped with securement location(s) and device(s) that are able to secure common wheelchairs," as defined in the ADA regulations. The definition and size spec...
-
The executive MBA in information security
Trinckes, John J
2009-01-01
Supplying a complete overview of the concepts executives need to know, this book provides the tools needed to ensure your organization has an effective information security management program in place. It also includes a ready-to use security framework for developing workable programs and supplies proven tips for avoiding common pitfalls.
-
Incorporating User-oriented Security into CC
DEFF Research Database (Denmark)
Sharp, Robin
2009-01-01
Current versions of the Common Criteria concentrate very heavily on technical security issues which are relevant for the design of secure systems. This approach largely ignores a number of questions which can have great significance for whether or not the system can be operated securely in an env...... not currently dealt with in CC. Tentative proposals for extensions to the current classes of SFRs will be made on the basis of the analysis of the case....
-
Strengthening the Security of ESA Ground Data Systems
Flentge, Felix; Eggleston, James; Garcia Mateos, Marc
2013-08-01
A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.
-
7 CFR 1710.113 - Loan security.
2010-01-01
... 7 Agriculture 11 2010-01-01 2010-01-01 false Loan security. 1710.113 Section 1710.113 Agriculture... GENERAL AND PRE-LOAN POLICIES AND PROCEDURES COMMON TO ELECTRIC LOANS AND GUARANTEES Loan Purposes and Basic Policies § 1710.113 Loan security. (a) RUS makes loans only if, in the judgment of the...
-
European security and defense policy and its implications for Turkey
Özköse, Ö Faruk
2002-01-01
Cataloged from PDF version of article. The “European Security and Defense Policy” is an evolving process. Since the Maastricht Treaty (1991), the European Union members have been trying to constitute a common security and defense policy within the framework of Common Foreign and Security Policy, second pillar of the European Union. The efforts to create “separable but not separate” European forces within NATO have increased speed in the last years and changed direction towar...
-
2014-06-13
Foreign and Security Policy EAS East Asia Summit EU European Union NATO North Atlantic Treaty Organization SCS South China Sea U.S. United States...operational vacuum. While ASEAN has rejected “hard” security institutions like the North Atlantic Treaty Organization to resolve inter-state... Bali Concord II) calls for the establishment of an ASEAN Community by the 74Sheldon W. Simon, “The ASEAN Regional Forum: Beyond the Talk Shop?,” NBR
-
Zen and the art of information security
Winkler, Ira
2007-01-01
While security is generally perceived to be a complicated and expensive process, Zen and the Art of Information Security makes security understandable to the average person in a completely non-technical, concise, and entertaining format. Through the use of analogies and just plain common sense, readers see through the hype and become comfortable taking very simple actions to secure themselves. Even highly technical people have misperceptions about security concerns and will also benefit from Ira Winkler's experiences making security understandable to the business world. Mr. Winkler is one of the most popular and highly rated speakers in the field of security, and lectures to tens of thousands of people a year. Zen and the Art of Information Security is based on one of his most well received international presentations.
-
A Common Criteria-Based Team Project for High Assurance Secure Systems
2005-01-01
experience in the FHM, full system documentation, and plenty of time. The students had little experience and little time. The MINIX operating... MINIX is a very appropriate target for student enhancements. Since the principle objective of Secure Systems is to teach the concepts of...to construct a system when one of the developmental threats is subversion. Because students were studying MINIX in a prerequisite operating systems
-
Extended eTVRA vs. Security Checklist: Experiences in a Value-Web
Morali, A.; Zambon, Emmanuele; Houmb, S.H.; Sallhammar, Karin; Etalle, Sandro
2008-01-01
Security evaluation according to ISO 15408 (Common Criteria) is a resource and time demanding activity, as well as being costly. For this reason, only few companies take their products through a Common Criteria evaluation. To support security evaluation, the European Telecommunications Standards
-
Extended eTVRA vs. Security Checklist: Experiences in a Value-Web
Morali, A.; Zambon, Emmanuele; Houmb, S.H.; Sallhammar, Karin; Etalle, Sandro
2009-01-01
Security evaluation according to ISO 15408 (common criteria) is a resource and time demanding activity, as well as being costly. For this reason, only few companies take their products through a common criteria evaluation. To support security evaluation, the European Telecommunications Standards
-
Extended eTVRA vs. security checklist: Experiences in a value-web
Morali, A.; Zambon, E.; Houmb, S.H.; Sallhammar, K.; Etalle, S.
2009-01-01
Security evaluation according to ISO 15408 (Common Criteria) is a resource and time demanding activity, as well as being costly. For this reason, only few companies take their products through a Common Criteria evaluation. To support security evaluation, the European Telecommunications Standards
-
Cyber Security Audit and Attack Detection Toolkit
Energy Technology Data Exchange (ETDEWEB)
Peterson, Dale
2012-05-31
This goal of this project was to develop cyber security audit and attack detection tools for industrial control systems (ICS). Digital Bond developed and released a tool named Bandolier that audits ICS components commonly used in the energy sector against an optimal security configuration. The Portaledge Project developed a capability for the PI Historian, the most widely used Historian in the energy sector, to aggregate security events and detect cyber attacks.
-
The Evolution of European Security: From Confrontation to Cooperation
2013-03-01
Vasconcelos , (Paris: The European Union Institute for Security Studies, 2009), 41. 60 Ibid. 61 European Union Home Page, “Common Security and...of ESDP,” in What Ambitions for European Defense in 2020?, 2nd ed., ed. Álvaro de Vasconcelos (Paris: The European Union Institute for Security
-
Rowley, Elizabeth; Burns, Lauren; Burnham, Gilbert
2013-06-01
To identify the most and least commonly cited security management messages that nongovernmental organizations (NGOs) are communicating to their field staff, to determine the types of documentation that NGOs most often use to communicate key security messages, and to distinguish the points of commonality and divergence across organizations in the content of key security messages. The authors undertook a systematic review of available security policies, manuals, and training materials from 20 international humanitarian NGOs using the InterAction Minimum Operating Security Standards as the basis for a review framework. The most commonly cited standards include analytical security issues such as threat and risk assessment processes and guidance on acceptance, protection, and deterrence approaches. Among the least commonly cited standards were considering security threats to national staff during staffing decision processes, incorporating security awareness into job descriptions, and ensuring that national staff security issues are addressed in trainings. NGO staff receive security-related messages through multiple document types, but only 12 of the 20 organizations have a distinct security policy document. Points of convergence across organizations in the content of commonly cited standards were found in many areas, but differences in security risk and threat assessment guidance may undermine communication between aid workers about changes in local security environments. Although the humanitarian community has experienced significant progress in the development of practical staff security guidance during the past 10 years, gaps remain that can hinder efforts to garner needed resources, clarify security responsibilities, and ensure that the distinct needs of national staff are recognized and addressed.
-
Perspectives on Energy Security
International Nuclear Information System (INIS)
Carlsson-Kanyama, Annika; Holmgren, Aake J.; Joensson, Thomas; Larsson, Robert L.
2007-05-01
A common notion of 'Energy Security' is that it includes access to energy resources without risking the the survival of the state. 'Security of supply' is most often the concept emphasized in the political discourse on energy security and it includes both production as well as secure and safe delivery of energy to the end consumers. Another aspect of energy security is the need for reducing energy consumption by improving energy efficiency. In this report, eight chapters covering these and other perspectives on energy security are presented. Six of the chapters deal with the supply perspective. Included topics cover power politics and geopolitical perspectives regarding large infrastructure projects and the ambitions of the EU in this regard. Further, methods and approaches for conducting risk analyses of electricity supply systems as well as for improving the security of digital control systems are discussed. As climate change will affect the supply and distribution of energy, one chapter presents an overview of this topic. The consumption perspective is discussed against the backdrop of research about household consumption practices and the role of climate change for future consumption levels. Finally, the role of armed forces as a large energy users is touched upon, as well as how so-called 'future studies' have dealt with energy as a topic
-
Control system security in nuclear power plant
International Nuclear Information System (INIS)
Li Jianghai; Huang Xiaojin
2012-01-01
The digitalization and networking of control systems in nuclear power plants has brought significant improvements in system control, operation and maintenance. However, the highly digitalized control system also introduces additional security vulnerabilities. Moreover, the replacement of conventional proprietary systems with common protocols, software and devices makes these vulnerabilities easy to be exploited. Through the interaction between control systems and the physical world, security issues in control systems impose high risks on health, safety and environment. These security issues may even cause damages of critical infrastructures and threaten national security. The importance of control system security by reviewing several control system security incidents that happened in nuclear power plants was showed in recent years. Several key difficulties in addressing these security issues were described. Finally, existing researches on control system security and propose several promising research directions were reviewed. (authors)
-
Mobile IP: Security & application
Tuquerres, G.; Salvador, M.R.; Sprenkels, Ron
1999-01-01
As required in the TGS Mobile IP Advanced Module, this paper presents a survey of common security threats which mobile IP networks are exposed to as well as some proposed solutions to deal with such threats.
-
Complicating food security: Definitions, discourses, commitments
Directory of Open Access Journals (Sweden)
William Ramp
2014-12-01
Full Text Available Food security is now commonly seen as one of the defining global issues of the century, intertwined with population and consumption shifts, climate change, environmental degradation, water scarcity, and the geopolitics attending globalization. Some analysts suggest that food security threats are so urgent that philosophical scruples must be set aside in order to concentrate all resources on developing and implementing radical strategies to avert a looming civilizational crisis. This article suggests that definitions of food security invoke commitments and have consequences, and that continued critical and conceptual attention to the language employed in food security research and policy is warranted.
-
Software To Secure Distributed Propulsion Simulations
Blaser, Tammy M.
2003-01-01
Distributed-object computing systems are presented with many security threats, including network eavesdropping, message tampering, and communications middleware masquerading. NASA Glenn Research Center, and its industry partners, has taken an active role in mitigating the security threats associated with developing and operating their proprietary aerospace propulsion simulations. In particular, they are developing a collaborative Common Object Request Broker Architecture (CORBA) Security (CORBASec) test bed to secure their distributed aerospace propulsion simulations. Glenn has been working with its aerospace propulsion industry partners to deploy the Numerical Propulsion System Simulation (NPSS) object-based technology. NPSS is a program focused on reducing the cost and time in developing aerospace propulsion engines
-
The common European flexicurity principles
DEFF Research Database (Denmark)
Mailand, Mikkel
2010-01-01
This article analyses the decision-making process underlying the adoption of common EU flexicurity principles. Supporters of the initiative succeeded in convincing the sceptics one by one; the change of government in France and the last-minute support of the European social partner organizations...... were instrumental in this regard. However, the critics succeeded in weakening the initially strong focus on the transition from job security to employment security and the divisions between insiders and outsiders in the labour market. In contrast to some decision-making on the European Employment...
-
Tele-Lab IT-Security: an Architecture for an online virtual IT Security Lab
Directory of Open Access Journals (Sweden)
Christoph Meinel
2008-05-01
Full Text Available Recently, Awareness Creation in terms of IT security has become a big thing – not only for enterprises. Campaigns for pupils try to highlight the importance of IT security even in the user’s early years. Common practices in security education – as seen in computer science courses at universities – mainly consist of literature and lecturing. In the best case, the teaching facility offers practical courses in a dedicated isolated computer lab. Additionally, there are some more or less interactive e-learning applications around. Most existing offers can do nothing more than impart theoretical knowledge or basic information. They all lack of possibilities to provide practical experience with security software or even hacker tools in a realistic environment. The only exceptions are the expensive and hard-to-maintain dedicated computer security labs. Those can only be provided by very few organizations. Tele-Lab IT-Security was designed to offer hands-on experience exercises in IT security without the need of additional hardware or maintenance expenses. The existing implementation of Tele-Lab even provides access to the learning environment over the Internet – and thus can be used anytime and anywhere. The present paper describes the extended architecture on which the current version of the Tele-Lab server is built.
-
Security challenges for virtualization in cloud
International Nuclear Information System (INIS)
Tayab, A.
2015-01-01
Virtualization is a model that is vastly growing in IT industry. Virtualization provides more than one logical resource in one single physical machine. Infrastructure use cloud services and on behalf of virtualization, cloud computing is also a rapidly growing model of IT industry. Cloud provider and cloud user, both remain ignorant of each other's security. Since virtualization and cloud computing are rapidly expanding and becoming more and more complex in infrastructure, more security is required to protect them from potential attacks and security threats. Virtualization provides various benefits in terms of hardware utilization, resources protection, remote access and other resources. This paper intends to discuss the common exploits of security uses in the virtualized environment and focuses on the security threats from the attacker's perspective. This paper discuss the major areas of virtualized model environment and also address the security concerns. And finally presents a solution for secure valorization in IT infrastructure and to protect inter communication of virtual machines. (author)
-
Computer-Aided Sensor Development Focused on Security Issues.
Bialas, Andrzej
2016-05-26
The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research.
-
Command and Control during Security Incidents/Emergencies
Energy Technology Data Exchange (ETDEWEB)
Knipper, W. [NSTec
2013-10-16
This presentation builds on our response to events that pose, or have the potential to pose, a serious security or law enforcement risk and must be responded to and controlled in a clear a decisive fashion. We will examine some common concepts in the command and control of security-centric events.
-
Constructing Secure Mobile Agent Systems Using the Agent Operating System
van t Noordende, G.J.; Overeinder, B.J.; Timmer, R.J.; Brazier, F.M.; Tanenbaum, A.S.
2009-01-01
Designing a secure and reliable mobile agent system is a difficult task. The agent operating system (AOS) is a building block that simplifies this task. AOS provides common primitives required by most mobile agent middleware systems, such as primitives for secure communication, secure and
-
A Design Methodology for Computer Security Testing
Ramilli, Marco
2013-01-01
The field of "computer security" is often considered something in between Art and Science. This is partly due to the lack of widely agreed and standardized methodologies to evaluate the degree of the security of a system. This dissertation intends to contribute to this area by investigating the most common security testing strategies applied nowadays and by proposing an enhanced methodology that may be effectively applied to different threat scenarios with the same degree of effectiveness. ...
-
Security engineering: Phisical security measures for high-risk personnel
Directory of Open Access Journals (Sweden)
Jelena S. Cice
2013-06-01
terrorist or criminal targets based on their grade, assignment, symbolic value, criticality, and threat and vulnerability assessment. Levels of protection The recommendations contained in this criterion are intended to minimize the possibility of HRP casualties in buildings or portions of buildings in which they work and live. These recommendations provide appropriate and implementable measures to establish a level of protection against terrorist attacks where no known threat of terrorist activity currently exists. While complete protection against all potential threats is cost prohibitive, the intent of these recommendations can be achieved through prudent master planning, real estate acquisition, and design and construction practices. Tag number The tag number at the beginning of each physical security measure (recommendation is unique and is intended to be a communication aid when linking the requirement (recommendation to the supporting text or commentary. The three-character tag number uses the following legend. Tag Number First Character -The first character is an abbreviation for the defense zone layer that is most applicable for the countermeasure. “S” is used to represent site or external zone issues. “P” is used to represent the perimeter zone. “G” is used to represent issues relative to the property grounds. “E” is used to represent issues associated with the building exterior of the HRP office or residence. “I” is used to represent issues associated with the building interior. “H” is used to represent issues associated with the safe room or safe haven. Tag Number Second Character - The second character is a sequential number for countermeasures in a given zone - a requirement or a recommendation. This number ensures a unique tag number. Tag Number Third Character- The third character indicates whether the countermeasure is applicable to offices, residences, or both (common. “O” indicates a requirement or recommendation unique to
-
Directory of Open Access Journals (Sweden)
Silvia Lucía Forero Castañeda
2015-12-01
Full Text Available This article examines how the recent evolution of asylum migration has affected the construction of the European Common Foreign and Security Policy (EU-CFSP, taking the Greek case during the 2001-2012 period as a starting point. With this in mind, the normative progress of the EU-CFSP facing the reception of asylum seekers in Greece is analyzed, under the scope of what Barry Buzan and Ole Waever would call Securitization Process. Both legal and political frameworks on asylum migration in Greece and in the European Union are approached, in the context of the evolution of the EU-CFSP in three main areas: Neighborhood Policy, Development and Cooperation Policy, and Human Rights Protection. The conclusión points toward the partial influence of asylum migration in the configuration of the UE-CFSP during the studied period.
-
2000-05-01
Security Establishment from Canada and Ministry of Finance from Finland and Service Central de la Sécurité des Systèmes d’Information from France and...Nazionale per la Sicurezza CESIS III Reparto - UCSi from Italy and Ministry of the Interior and Kingdom Relations from The Netherlands and Page 3 of...39 HQ Defence Command Norway/Security Division from Norway and Ministerio de Administraciones Públicas from Spain and Communications-Electronics
-
Information Security and Integrity Systems
1990-01-01
Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.
-
2011-09-01
to my tutor.” Alexander the Great, referring to his tutor, Aristotle (356–323 BC) xvi THIS PAGE INTENTIONALLY LEFT BLANK 1 I. INTRODUCTION...an actual policy since the Turkish invasion of Cyprus. Despite his political rhetoric and posturing while in opposition, Papandreou’s tenure...responsibility for global security.”139 Limited in breadth within the Petersberg tasks framework, the ESS focuses its rhetoric on the internal, rather
-
Data fusion in cyber security: first order entity extraction from common cyber data
Giacobe, Nicklaus A.
2012-06-01
The Joint Directors of Labs Data Fusion Process Model (JDL Model) provides a framework for how to handle sensor data to develop higher levels of inference in a complex environment. Beginning from a call to leverage data fusion techniques in intrusion detection, there have been a number of advances in the use of data fusion algorithms in this subdomain of cyber security. While it is tempting to jump directly to situation-level or threat-level refinement (levels 2 and 3) for more exciting inferences, a proper fusion process starts with lower levels of fusion in order to provide a basis for the higher fusion levels. The process begins with first order entity extraction, or the identification of important entities represented in the sensor data stream. Current cyber security operational tools and their associated data are explored for potential exploitation, identifying the first order entities that exist in the data and the properties of these entities that are described by the data. Cyber events that are represented in the data stream are added to the first order entities as their properties. This work explores typical cyber security data and the inferences that can be made at the lower fusion levels (0 and 1) with simple metrics. Depending on the types of events that are expected by the analyst, these relatively simple metrics can provide insight on their own, or could be used in fusion algorithms as a basis for higher levels of inference.
-
Interface for safety and security of radioactive sources
International Nuclear Information System (INIS)
Seggane, Richard
2016-04-01
In facilities and activities involving use of radiation sources, safety and security measures have in common the aim of protecting human life and health and the environment. In addition, safety and security measures must be designed and implemented in an integrated manner, so that security measures do not compromise safety and safety measures do not compromise security measures. This work reviewed issues related to establishing a clear interface between safety and security of radiation sources. The Government, the Regulatory Authority and licensee/registrants and other relevant stakeholders should work together and contribute to ensure that safety and security of sources is ensured and well interfaced. A Radiotherapy facility has been used as a case study. (au)
-
Towards the Security Evaluation of Biometric Authentication Systems
El-Abed , Mohamad; Giot , Romain; Hemery , Baptiste; Rosenberger , Christophe; Schwartzmann , Jean-Jacques
2011-01-01
International audience; Despite the obvious advantages of biometric authentication systems over traditional security ones (based on tokens or passwords), they are vulnerable to attacks which may considerably decrease their security. In order to contribute in resolving such problematic, we propose a modality-independent evaluation methodology for the security evaluation of biometric systems. It is based on the use of a database of common threats and vulnerabilities of biometric systems, and th...
-
Latvian Security and Defense Policy within the Twenty-First Century Security Environment
Directory of Open Access Journals (Sweden)
Rublovskis Raimonds
2014-12-01
Full Text Available The aim of this paper is to analyze fundamental factors which form and profoundly shape security and defense policy of the Republic of Latvia. One can argue that historical background, geographical location, common institutional history within the former Soviet Union, the Russia factor, the relative smallness of the territory of state and the population, the ethnic composition of the population, the low density of the population and rather limited financial and manpower resources available for the defense of the Republic of Latvia are the key factors of influence on the state security and defense policy. The core principles of the security and defense policy of Latvia are the membership in powerful global military alliance of NATO and bilateral strategic partnership with the United States. However, security and defense cooperation among the three Baltic States as well as enhanced cooperation within the Baltic-Nordic framework is seen as an important supplementary factor for the increased security of the Republic of Latvia. Latvia has developed a sustainable legal and institutional framework in order to contribute to state security and defense; however, security challenges and significant changes within the global security environment of the twenty-first century will further challenge the ability of the Republic of Latvia to sustain its current legal framework, and more importantly, current institutional structure of Latvian security and defense architecture. Significant internal and external challenges will impact the fundamental pillars of Latvian security and defense policy, such as American strategic shift to the Pacific, and lack of political will to increase defense budgets in European part of NATO. It has to be clear that very independence, security and defense of the Republic of Latvia depend on the ability of NATO to remain an effective organization with timely and efficient decision-making, and the ability of the United States to remain
-
DEFF Research Database (Denmark)
Hansen, Hans
Elements of Social Security contains an overview of important benefit schemes in Denmark, Sweden, Finland, Austria, Germany, the Netherlands, Great Britain and Canada. The schemes are categorized according to common sets of criteria and compared. Stylized cases illustrate the impact on disposable...
-
DEFF Research Database (Denmark)
Hansen, Hans
Elements of Social Security contains an overview of important benefit schemes in Denmark, Sweden, Finland, Germany, the Netherlands, Great Britain and Canada. The schemes are categorized according to common sets of criteria and compared. Stylized cases illustrate the impact on disposable income...
-
DEFF Research Database (Denmark)
Hansen, Hans
Elements of Social Security contains an overview of important benefit schemes in Denmark, Sweden, Finland, Germany, Great Britain, the Netherlands and Canada. The schemes are categorized according to common sets of criteria and compared. Stylized cases illustrate the impact on disposable income...
-
It Security Issues Within the Video Game Industry
STEPHEN MOHR; SYED (SHAWON) RAHMAN,
2011-01-01
IT security issues are an important aspect for each and every organization within the video game industry. Within the video game industry alone, you might not normally think of security risks being an issue. But as we can and have seen in recent news, no company is immune to security risks no matter how big or how small. While each of these organizations will never be exactly the same as the next, there are common security issues that can and do affect each and every video game company. In or...
-
Computer-Aided Sensor Development Focused on Security Issues
Directory of Open Access Journals (Sweden)
Andrzej Bialas
2016-05-01
Full Text Available The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research.
-
Nuclear safety and security culture - an integrated approach to regulatory oversight
International Nuclear Information System (INIS)
Tronea, M.; Ciurea Ercau, C.
2013-01-01
The paper presents the development and implementation of regulatory guidelines for the oversight of safety and security culture within licensees organizations. CNCAN (the National Commission for Nuclear Activities of Romania) has used the International Atomic Energy Agency (IAEA) attributes for a strong safety culture as the basis for its regulatory guidelines providing support to the reviewers and inspectors for recognizing and gathering information relevant to safety culture. These guidelines are in process of being extended to address also security culture, based on the IAEA Nuclear Security Series No. 7 document Nuclear Security Culture: Implementing Guide. Recognizing that safety and security cultures coexist and need to reinforce each other because they share the common objective of limiting risk and that similar regulatory review and inspection processes are in place for nuclear security oversight, an integrated approach is considered justified, moreover since the common elements of these cultures outweigh the differences. (authors)
-
Information security value in e-entrepreneurship
Nunes, Sérgio
2012-01-01
This paper researches the information security value in e-entrepreneurship by revising the literature that establishes the entrepreneurial domain and by relating it with the development of technological resources that create value for the customer in an online business. It details multiple paradigms regarding consumer’s values of information security, while relating them with common practices and previous researches in technological entrepreneurship. This research presents and discusses the b...
-
Directory of Open Access Journals (Sweden)
PABLO RIVAS PARDO
2017-09-01
in mind, it is possible to study the variability of the Security Strategy in relation to four strategic guidelines: strategic self-perception, the necessity to tune these postulates with the common objectives of the European Union, the statement of threats and finally the actions projected by these strategies to face the changing environment of international security. This variability will seek the fact of the existence or nonexistence of tuning and consistency between the Security Strategies and the community positions in the matter of security and defense. The selected countries are those who have published their documents after the signing of the Treaty of Lisbon and the publication of the European Security Strategy, in other words, after2009: Austria, Bulgaria, Slovenia, Spain, Estonia, Holland, Hungary, Lithuania, UK and the Czech Republic.
-
Security in the Asia Pacific region
International Nuclear Information System (INIS)
1999-01-01
The Working Group began by discussing the meaning of security in terms of its comprehensive, cooperative and human dimensions. In doing so, the members of the Group focused on major issues which could endanger regional stability and non-proliferation. In order to identify the major problems and sources of tension, it was agreed that the Group would concentrate on two sub-regions, namely, East Asia and South East Asia and then to compare these briefly with South Asia and Latin America, the aim being to identify common security concerns. The discussion was framed in terms of: (i) evaluating the adequacy of the existing institutional framework for security cooperation; (ii) evaluating linkages between economic development and security; and (iii) seeking ways to reduce tension and to increase security in the region. Discussion was focused on the broad subject of security risks and challenges as well as opportunities for effective cooperative security in the Asia Pacific region. Attention was devoted to ways of changing Cold War mentalities, which still hinder the normalization process and the achievement of comprehensive security cooperation among the countries in the region
-
Energy Technology Data Exchange (ETDEWEB)
Paskins, B.
1986-01-01
The alliance between the United States and her NATO partners has been strained severely in the last few years. American perceptions of European disloyalty and European impressions of American assertiveness and lack of judgment have played a large part in generating tensions between the allies and emphasising the new peace movements. This book is an attempt to develop a broader understanding of the problem of European security based on Christian ethics. There are disagreements and differences of emphasis among the contributors but they have in common the view that an exclusive preoccupation with the military dimension is damagingly one-sided. Instead the contributors argue that moral and theological concerns are a vital part of the politics and mechanics of European security and must be incorporated in any effort to devise new policies for security in Europe and the West.
-
IT Security Standards and Legal Metrology - Transfer and Validation
Thiel, F.; Hartmann, V.; Grottker, U.; Richter, D.
2014-08-01
Legal Metrology's requirements can be transferred into the IT security domain applying a generic set of standardized rules provided by the Common Criteria (ISO/IEC 15408). We will outline the transfer and cross validation of such an approach. As an example serves the integration of Legal Metrology's requirements into a recently developed Common Criteria based Protection Profile for a Smart Meter Gateway designed under the leadership of the Germany's Federal Office for Information Security. The requirements on utility meters laid down in the Measuring Instruments Directive (MID) are incorporated. A verification approach to check for meeting Legal Metrology's requirements by their interpretation through Common Criteria's generic requirements is also presented.
-
A Learning-Based Approach to Reactive Security
Barth, Adam; Rubinstein, Benjamin I. P.; Sundararajan, Mukund; Mitchell, John C.; Song, Dawn; Bartlett, Peter L.
Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst-case assumptions about the attacker: we grant the attacker complete knowledge of the defender's strategy and do not require the attacker to act rationally. In this model, we bound the competitive ratio between a reactive defense algorithm (which is inspired by online learning theory) and the best fixed proactive defense. Additionally, we show that, unlike proactive defenses, this reactive strategy is robust to a lack of information about the attacker's incentives and knowledge.
-
Chaos-based CAZAC scheme for secure transmission in OFDM-PON
Fu, Xiaosong; Bi, Meihua; Zhou, Xuefang; Yang, Guowei; Lu, Yang; Hu, Miao
2018-01-01
To effectively resist malicious eavesdropping and performance deterioration, a novel chaos-based secure transmission scheme is proposed to enhance the physical layer security and reduce peak-to-average power ratio (PAPR) in orthogonal frequency division multiplexing passive optical network (OFDM-PON). By the randomly extracting operation of common CAZAC values, the specially-designed constant amplitude zero autocorrelation (CAZAC) is created for system encryption and PAPR reduction enhancing the transmission security. This method is verified in {10-Gb/s encrypted OFDM-PON with 20-km fiber transmission. Results show that, compared to common OFDM-PON, our scheme achieves {3-dB PAPR reduction and {1-dB receiver sensitivity improvement.
-
Maternal secure-base scripts and children's attachment security in an adopted sample.
Veríssimo, Manuela; Salvaterra, Fernanda
2006-09-01
Studies of families with adopted children are of special interest to attachment theorists because they afford opportunities to probe assumptions of attachment theory with regard to the developmental timing of interactions necessary to form primary attachments and also with regard to effects of shared genes on child attachment quality. In Bowlby's model, attachment-relevant behaviors and interactions are observable from the moment of birth, but for adoptive families, these interactions cannot begin until the child enters the family, sometimes several months or even years post-partum. Furthermore, because adoptive parents and adopted children do not usually share genes by common descent, any correspondence between attachment representations of the parent and secure base behavior of the child must arise as a consequence of dyadic interaction histories. The objectives of this study were to evaluate whether the child's age at the time of adoption or at the time of attachment assessment predicted child attachment security in adoptive families and also whether the adoptive mother's internal attachment representation predicted the child's attachment security. The participants were 106 mother - child dyads selected from the 406 adoptions carried out through the Lisbon Department of Adoption Services over a period of 3 years. The Attachment Behavior Q-Set (AQS; Waters, 1995) was used to assess secure base behavior and an attachment script representation task was used to assess the maternal attachment representations. Neither child's age at the time of adoption, nor age of the child at assessment significantly predicted the AQS security score; however, scores reflecting the presence and quality of maternal secure base scripts did predict AQS security. These findings support the notion that the transmission of attachment security across generations involves mutual exchanges and learning by the child and that the exchanges leading to secure attachment need not begin at birth
-
2010-04-01
... respective rules promulgated thereunder, that is a note, bond, debenture, or evidence of indebtedness; (ii) None of the securities of an issuer included in the index is an equity security, as defined in section... its outstanding common equity held by non-affiliates of $71 million or more; (C) The issuer of the...
-
Additional Security Considerations for Grid Management
Eidson, Thomas M.
2003-01-01
The use of Grid computing environments is growing in popularity. A Grid computing environment is primarily a wide area network that encompasses multiple local area networks, where some of the local area networks are managed by different organizations. A Grid computing environment also includes common interfaces for distributed computing software so that the heterogeneous set of machines that make up the Grid can be used more easily. The other key feature of a Grid is that the distributed computing software includes appropriate security technology. The focus of most Grid software is on the security involved with application execution, file transfers, and other remote computing procedures. However, there are other important security issues related to the management of a Grid and the users who use that Grid. This note discusses these additional security issues and makes several suggestions as how they can be managed.
-
Interrelationship between nuclear safety, safeguards and nuclear security
International Nuclear Information System (INIS)
Irie, Kazutomo
2007-01-01
As preventive activities against danger within nuclear systems, three major areas exist; nuclear safety, safeguards and nuclear security. Considering the purpose of these activities, to prevent non-peaceful use is common in nuclear security in general and safeguards. At the same time, measures against sabotage, one of the subcategory in nuclear security, is similar to nuclear safety in aiming at preventing nuclear accidents. When taking into account the insider issues in nuclear security, the distinction between measures against sabotage and nuclear safety becomes ambiguous. Similarly, the distinction between measures against theft, another subcategory in nuclear security, and safeguards also becomes vague. These distinctions are influenced by psychological conditions of members in nuclear systems. Members who have the intention to make nuclear systems dangerous to human society shall be the 'enemy' to nuclear systems and thus be the target for nuclear security. (author)
-
2011-07-01
Lieutenant General, Canadian Forces, Canadian Military Repre- sentative to NATO Elizabeth Race, Deputy Defence Policy Advisor, Canadian Joint...Ruehle, Head, Energy Security Section, Emerging Security Challenges Division, NATO ( Brus - sels) Patrick Nash, Lieutenant General, Irish Army, for- mer
-
A study of authorization architectures for grid security
International Nuclear Information System (INIS)
Pang Yanguang; Sun Gongxing; Pei Erming; Ma Nan
2006-01-01
Grid security is one of key issues in grid computing, while current research focus is put on the grid authorization. There is a brief discussion about the drawback of the common GSI (Grid Security Infrastructure) authorization firstly, then analysis is made on the latest several grid authorization architectures, such as structures, policy descriptions, engines, applications, and finally their features are summarized. (authors)
-
Comparisons of Bitcoin Cryptosystem with Other Common Internet Transaction Systems by AHP Technique
Directory of Open Access Journals (Sweden)
Davor Maček
2017-01-01
Full Text Available This paper describes proposed methodology for evaluation of critical systems and prioritization of critical risks and assets identified in highly secured information systems. For different types of information assets or security environments it is necessary to apply different techniques and methods for their prioritization and evaluation. In this article, VECTOR matrix method for prioritization of critical assets and critical risks is explained and integrated into AHP (Analytic Hierarchy Process technique as a set of fixed criteria for evaluation of defined alternatives. Bitcoin cryptocurrency was compared and evaluated along with other common Internet transaction systems by information security professionals according to defined VECTOR criteria. Also, the newly proposed hybrid AHP model is presented with potential case studies for future research. This article tries to discover security posture of Bitcoin cryptocurrency in the context of information security risks related to the existing most common online payment systems like e-banking, m-banking, and e-commerce.
-
The challenges of multi-layered security governance in Ituri
DEFF Research Database (Denmark)
Hoffmann, Kasper; Vlassenroot, Koen
governance is that the inclusion of local non-state actors in security governance will improve security provision to people because they have more legitimacy. But in reality ‘multi-layered’ security governance is often marked by conflict and competition as much as by collaboration and common solutions......There has been a slow, but growing awareness among external actors that some local non-state security actors should be involved in security governance in conflict-affected situations. Already in 2006, the OECD published a report that called for a ‘multi-layered’ approach to reforming actors...... and institutions that provide security and justice services (Scheye and McLean, 2006). Often these actors consist of local authorities, such as customary chiefs, village elders, or business people working in collaboration with different kinds of self-defense groups. The idea behind ‘multi-layered’ security...
-
A European Perspective on Security Research
Liem, Khoen; Hiller, Daniel; Castex, Christoph
Tackling the complexity and interdependence of today's security environment in the globalized world of the 21st century is an everlasting challenge. Whereas the end of the Cold War presented a caesura of global dimension for the political and economic architecture and a realignment of power distribution and international relations between former adversaries, September 11th of 2001 may be seen as another caesura. Since then, specifically among countries of the Western hemisphere, traditional security paradigms and theories have been critically questioned and the different security cultures and perceptions have resulted in diverse security and defence policies as well as in security research efforts of individual countries. Consensus, it seems, exists on the question of what the threats are that our modern interconnected societies are facing. Whether looking at international terrorism, organized crime, climate change, the illegal trafficking of goods and people or naturally caused catastrophes, these phenomena all have in common that they are in most cases of transnational nature. Formerly existing dividing lines between internal and external security continue to fade, presenting an enormous challenge for those in charge of designing security policy and even more so for the various institutions safeguarding European security. That is why dissent often revolves around the question on how to get hold of these complex problems. Geographic location, cultural background, ethical make-up of society as well as relations with neighbouring countries are all important aspects to be considered when assessing the security culture and policy of individual countries.
-
Breaking a chaos-noise-based secure communication scheme
Li, Shujun; Álvarez, Gonzalo; Chen, Guanrong; Mou, Xuanqin
2005-03-01
This paper studies the security of a secure communication scheme based on two discrete-time intermittently chaotic systems synchronized via a common random driving signal. Some security defects of the scheme are revealed: 1) The key space can be remarkably reduced; 2) the decryption is insensitive to the mismatch of the secret key; 3) the key-generation process is insecure against known/chosen-plaintext attacks. The first two defects mean that the scheme is not secure enough against brute-force attacks, and the third one means that an attacker can easily break the cryptosystem by approximately estimating the secret key once he has a chance to access a fragment of the generated keystream. Yet it remains to be clarified if intermittent chaos could be used for designing secure chaotic cryptosystems.
-
Möller, B.; Croom-Johnson, S.; Huiskamp, W.
2013-01-01
As joint, combined and Civil-Military exercises are becoming increasingly common, the need for security in collective mission simulation is growing. SISO has developed the Distributed Simulation Engineering and Execution Process (DSEEP) standard that provides a recommended process for development,
-
Data Mediation with Enterprise Level Security
Directory of Open Access Journals (Sweden)
Kevin E. Foltz
2017-10-01
Full Text Available Enterprise Level Security (ELS is an architecture for enabling information sharing with strong security guarantees. It is built upon basic tenets and concepts that shape its component technologies and implementation. One challenge in sharing information is that the source and recipient of the information may use different units, protocols, data formats, or tools to process information. As a result, a transformation of the data is needed before the recipient can use the information. These conversions introduce potential security weaknesses into an ELS system, so an approach for enterprise-wide mediation is required. Methods in common use today, such as a man-in-the-middle (MITM translation and an online mediation service, do not preserve the basic ELS tenets and concepts. This paper examines these existing approaches and compares them with two new approaches designed to preserve ELS security. It looks at the complete picture of security, performance, and ease of implementation, offering a framework for choosing the best mediation approach based on the data sharing context.
-
Valuation of common and preferred stocks
Directory of Open Access Journals (Sweden)
Nikolić Ljubica
2014-01-01
Full Text Available Buying stocks is a modern way of investing. The investors may place the available capital on the domestic and foreign stock market, they may buy more stocks of a single issuer or distribute money to purchase stocks of various public (stock-exchange companies, and they may form a portfolio of various securities. The investors' decisions on these options are based on their estimate on returns and risks underlying individual security instruments (securities. The two basic approaches to valuation of common stocks are: the Present Value Approach (method of valuating the capitalization of income and the P/E Ratio Approach (the method of valuating the multiple of per-share earnings. Instead of viewing these methods as competing alternatives, they should better be viewed as mutually complementary methods. Both methods are equally useful and their concurrent use may provide better grounds for the analysts' valuation of stocks.
-
Synergy in the areas of NPP nuclear safety and nuclear security
International Nuclear Information System (INIS)
Dybach, A.M.; Kuzmyak, I.Ya.; Kukhotskij, A.V.
2013-01-01
The paper considers the question of synergy between nuclear safety and nuclear security. Special attention is paid to identifying interface of the two areas of safety and definition of common principles for nuclear security and nuclear safety measures. The principles of defense in depth, safety culture and graded approach are analyzed in detail.Specific features characteristic of nuclear safety and security are outlined
-
Explanation and trust: what to tell the user in security and AI?
Pieters, Wolter
There is a common problem in artificial intelligence (AI) and information security. In AI, an expert system needs to be able to justify and explain a decision to the user. In information security, experts need to be able to explain to the public why a system is secure. In both cases, an important
-
17 CFR 230.415 - Delayed or continuous offering and sale of securities.
2010-04-01
... majority-owned subsidiary; or (xi) Shares of common stock which are to be offered and sold on a delayed or... an existing trading market for outstanding shares of the same class at other than a fixed price. (5... and sale of securities. 230.415 Section 230.415 Commodity and Securities Exchanges SECURITIES AND...
-
Conducting an information security audit
Directory of Open Access Journals (Sweden)
Prof. Ph.D . Gheorghe Popescu
2008-05-01
Full Text Available The rapid and dramatic advances in information technology (IT in recent years have withoutquestion generated tremendous benefits. At the same time, information technology has created significant,nunprecedented risks to government and to entities operations. So, computer security has become muchmore important as all levels of government and entities utilize information systems security measures toavoid data tampering, fraud, disruptions in critical operations, and inappropriate disclosure of sensitiveinformation. Obviously, uses of computer security become essential in minimizing the risk of malicious attacksfrom individuals and groups, considering that there are many current computer systems with onlylimited security precautions in place.As we already know financial audits are the most common examinations that a business manager en-counters.This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical securityaudits. However, they are unlikely to be acquainted with information security audits; that is an audit ofhow the confidentiality, availability and integrity of an organizations information are assured. Any way,if not, they should be, especially that an information security audit is one of the best ways to determine thesecurity of an organizations information without incurring the cost and other associated damages of a securityincident.
-
Securing the energy industry : perspectives in security risk management
Energy Technology Data Exchange (ETDEWEB)
Hurd, G.L. [Anadarko Canada Corp., Calgary, AB (Canada)
2003-07-01
This presentation offered some perspectives in security risk management as it relates to the energy sector. Since the events of September 11, 2001 much attention has been given to terrorism and the business is reviewing protection strategies. The paper made reference to each of the following vulnerabilities in the energy sector: information technology, globalization, business restructuring, interdependencies, political/regulatory change, and physical/human factors. The vulnerability of information technology is that it can be subject to cyber and virus attacks. Dangers of globalization lie in privacy and information security, forced nationalization, organized crime, and anti-globalization efforts. It was noted that the Y2K phenomenon provided valuable lessons regarding interdependencies and the effects of power outages, water availability, transportation disruption, common utility corridor accidents, and compounding incidents. The paper also noted the conflict between the government's desire to have a resilient infrastructure that can withstand and recover from attacks versus a company's ability to afford this capability. The physical/human factors that need to be considered in risk management include crime, domestic terrorism, and disasters such as natural disasters, industrial disasters and crisis. The energy industry has geographically dispersed vulnerable systems. It has done a fair job of physical security and has good emergency management practices, but it was noted that the industry cannot protect against all threats. A strategy of vigilance and awareness is needed to deal with threats. Other strategies include contingency planning, physical security, employee communication, and emergency response plans. tabs., figs.
-
Implementing healthcare information security: standards can help.
Orel, Andrej; Bernik, Igor
2013-01-01
Using widely spread common approaches to systems security in health dedicated controlled environments, a level of awareness, confidence and acceptance of relevant standardisation is evaluated. Patients' information is sensitive, so putting appropriate organisational techniques as well as modern technology in place to secure health information is of paramount importance. Mobile devices are becoming the top priorities in advanced information security planning with healthcare environments being no exception. There are less and less application areas in healthcare without having a need for a mobile functionality which represents an even greater information security challenge. This is also true in emergency treatments, rehabilitation and homecare just to mention a few areas outside hospital controlled environments. Unfortunately quite often traditional unsecured communications principles are still in routine use for communicating sensitive health related information. The security awareness level with users, patients and care professionals is not high enough so potential threats and risks may not be addressed and the respective information security management is therefore weak. Standards like ISO/IEC 27000 ISMS family, the ISO/IEC 27799 information security guidelines in health are often not well known, but together with legislation principles such as HIPAA, they can help.
-
A Comparison of Cross-Sector Cyber Security Standards
Energy Technology Data Exchange (ETDEWEB)
Robert P. Evans
2005-09-01
This report presents a review and comparison (commonality and differences) of three cross-sector cyber security standards and an internationally recognized information technology standard. The comparison identifies the security areas covered by each standard and reveals where the standards differ in emphasis. By identifying differences in the standards, the user can evaluate which standard best meets their needs. For this report, only cross-sector standards were reviewed.
-
Security for ICT collaboration tools
Broenink, E.G.; Kleinhuis, G.; Fransen, F.
2010-01-01
In order for collaboration tools to be productive in an operational setting, an information base that is shared across the collaborating parties is needed. Therefore, a lot of research is done for tooling to create such a common information base in a collaboration tool. However, security is often
-
Security for ICT collaboration tools
Broenink, E.G.; Kleinhuis, G.; Fransen, F.
2011-01-01
In order for collaboration tools to be productive in an operational setting, an information base that is shared across the collaborating parties is needed. Therefore, a lot of research is done for tooling to create such a common information base in a collaboration tool. However, security is often
-
Explanation and trust: what to tell the user in security and AI?
Pieters, Wolter
2010-01-01
There is a common problem in artificial intelligence (AI) and information security. In AI, an expert system needs to be able to justify and explain a decision to the user. In information security, experts need to be able to explain to the public why a system is secure. In both cases, the goal of
-
7 CFR 1744.207 - Investment not to jeopardize loan security.
2010-01-01
... 7 Agriculture 11 2010-01-01 2010-01-01 false Investment not to jeopardize loan security. 1744.207... SERVICE, DEPARTMENT OF AGRICULTURE POST-LOAN POLICIES AND PROCEDURES COMMON TO GUARANTEED AND INSURED TELEPHONE LOANS Borrower Investments § 1744.207 Investment not to jeopardize loan security. A borrower shall...
-
Cybersecurity as a Politikum : Implications of Security Discourses for Infrastructures
Fichtner, L.V.E.; Pieters, W.; Herdeiro Teixeira, A.M.
2016-01-01
In the cybersecurity community it is common to think of security as a design feature for systems and infrastructures that may be difficult to balance with other requirements. What is less studied is how security requirements come about, for which reasons, and what their influence is on the actions
-
Turkey as a U.S. Security Partner
National Research Council Canada - National Science Library
Larrabee, F. S
2008-01-01
.... Now, however, trends in the greater Middle East, in Turkish security policies, and within Turkish society itself appear to be eroding the commonality of interests that constitutes the foundation of that partnership...
-
Authorization & security aspects in the middleware-based healthcare information system.
Andany, J; Bjorkendal, C; Ferrara, F M; Scherrer, J R; Spahni, S
1999-01-01
The integration and evolution of existing systems represents one of the most urgent priorities of health care information systems in order to allow the whole organisation to meet the increasing clinical organisational and managerial needs. The CEN ENV 12967-1 'Healthcare Information Systems Architecture'(HISA) standard defines an architectural approach based on a middleware of business-specific common services, enabling all parts of the local and geographical system to operate on the common information heritage of the organisation and on exploiting a set of common business-oriented functionality. After an overview on the key aspects of HISA, this paper discusses the positioning of the authorization and security aspects in the overall architecture. A global security framework is finally proposed.
-
IT Security Standards and Legal Metrology – Transfer and Validation
Directory of Open Access Journals (Sweden)
Thiel F.
2014-01-01
Full Text Available Legal Metrology’s requirements can be transferred into the IT security domain applying a generic set of standardized rules provided by the Common Criteria (ISO/IEC 15408. We will outline the transfer and cross validation of such an approach. As an example serves the integration of Legal Metrology’s requirements into a recently developed Common Criteria based Protection Profile for a Smart Meter Gateway designed under the leadership of the Germany’s Federal Office for Information Security. The requirements on utility meters laid down in the Measuring Instruments Directive (MID are incorporated. A verification approach to check for meeting Legal Metrology’s requirements by their interpretation through Common Criteria’s generic requirements is also presented.
-
An Adaptive Multilevel Security Framework for the Data Stored in Cloud Environment
Dorairaj, Sudha Devi; Kaliannan, Thilagavathy
2015-01-01
Cloud computing is renowned for delivering information technology services based on internet. Nowadays, organizations are interested in moving their massive data and computations into cloud to reap their significant benefits of on demand service, resource pooling, and rapid elasticity that helps to satisfy the dynamically changing infrastructure demand without the burden of owning, managing, and maintaining it. Since the data needs to be secured throughout its life cycle, security of the data in cloud is a major challenge to be concentrated on because the data is in third party's premises. Any uniform simple or high level security method for all the data either compromises the sensitive data or proves to be too costly with increased overhead. Any common multiple method for all data becomes vulnerable when the common security pattern is identified at the event of successful attack on any information and also encourages more attacks on all other data. This paper suggests an adaptive multilevel security framework based on cryptography techniques that provide adequate security for the classified data stored in cloud. The proposed security system acclimates well for cloud environment and is also customizable and more reliant to meet the required level of security of data with different sensitivity that changes with business needs and commercial conditions. PMID:26258165
-
An Adaptive Multilevel Security Framework for the Data Stored in Cloud Environment
Directory of Open Access Journals (Sweden)
Sudha Devi Dorairaj
2015-01-01
Full Text Available Cloud computing is renowned for delivering information technology services based on internet. Nowadays, organizations are interested in moving their massive data and computations into cloud to reap their significant benefits of on demand service, resource pooling, and rapid elasticity that helps to satisfy the dynamically changing infrastructure demand without the burden of owning, managing, and maintaining it. Since the data needs to be secured throughout its life cycle, security of the data in cloud is a major challenge to be concentrated on because the data is in third party’s premises. Any uniform simple or high level security method for all the data either compromises the sensitive data or proves to be too costly with increased overhead. Any common multiple method for all data becomes vulnerable when the common security pattern is identified at the event of successful attack on any information and also encourages more attacks on all other data. This paper suggests an adaptive multilevel security framework based on cryptography techniques that provide adequate security for the classified data stored in cloud. The proposed security system acclimates well for cloud environment and is also customizable and more reliant to meet the required level of security of data with different sensitivity that changes with business needs and commercial conditions.
-
An Adaptive Multilevel Security Framework for the Data Stored in Cloud Environment.
Dorairaj, Sudha Devi; Kaliannan, Thilagavathy
2015-01-01
Cloud computing is renowned for delivering information technology services based on internet. Nowadays, organizations are interested in moving their massive data and computations into cloud to reap their significant benefits of on demand service, resource pooling, and rapid elasticity that helps to satisfy the dynamically changing infrastructure demand without the burden of owning, managing, and maintaining it. Since the data needs to be secured throughout its life cycle, security of the data in cloud is a major challenge to be concentrated on because the data is in third party's premises. Any uniform simple or high level security method for all the data either compromises the sensitive data or proves to be too costly with increased overhead. Any common multiple method for all data becomes vulnerable when the common security pattern is identified at the event of successful attack on any information and also encourages more attacks on all other data. This paper suggests an adaptive multilevel security framework based on cryptography techniques that provide adequate security for the classified data stored in cloud. The proposed security system acclimates well for cloud environment and is also customizable and more reliant to meet the required level of security of data with different sensitivity that changes with business needs and commercial conditions.
-
Lecture 13: Control System Cyber Security
CERN. Geneva
2013-01-01
Today, the industralized world lives in symbiosis with control systems: it depends on power distribution, oil production, public transport, automatic production lines. While the convenience is at hand, still too many control systems are designed without any security in mind, lack basic security protections, and are not even robust enough to withstand basic attacks. The Stuxnet worm attacking Siemens PLCs in 2010 was another close call. Attackers currently enjoy hacking control systems, and aim to switch lights off. This presentation shall recap the current situation and outline why the presenter is still waiting for a change in paradigm. Stefan Lüders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and...
-
Fundamental quantitative security in quantum key generation
International Nuclear Information System (INIS)
Yuen, Horace P.
2010-01-01
We analyze the fundamental security significance of the quantitative criteria on the final generated key K in quantum key generation including the quantum criterion d, the attacker's mutual information on K, and the statistical distance between her distribution on K and the uniform distribution. For operational significance a criterion has to produce a guarantee on the attacker's probability of correctly estimating some portions of K from her measurement, in particular her maximum probability of identifying the whole K. We distinguish between the raw security of K when the attacker just gets at K before it is used in a cryptographic context and its composition security when the attacker may gain further information during its actual use to help get at K. We compare both of these securities of K to those obtainable from conventional key expansion with a symmetric key cipher. It is pointed out that a common belief in the superior security of a quantum generated K is based on an incorrect interpretation of d which cannot be true, and the security significance of d is uncertain. Generally, the quantum key distribution key K has no composition security guarantee and its raw security guarantee from concrete protocols is worse than that of conventional ciphers. Furthermore, for both raw and composition security there is an exponential catch-up problem that would make it difficult to quantitatively improve the security of K in a realistic protocol. Some possible ways to deal with the situation are suggested.
-
Cybersecurity as a Politikum: Implications of Security Discourses for Infrastructures
Fichtner, Laura; Pieters, Wolter; Texeira, Andre
In the cybersecurity community it is common to think of security as a design feature for systems and infrastructures that may be dicult to balance with other requirements. What is less studied is how security requirements come about, for which reasons, and what their influence is on the actions the
-
Unconditionally Secure Quantum Signatures
Directory of Open Access Journals (Sweden)
Ryan Amiri
2015-08-01
Full Text Available Signature schemes, proposed in 1976 by Diffie and Hellman, have become ubiquitous across modern communications. They allow for the exchange of messages from one sender to multiple recipients, with the guarantees that messages cannot be forged or tampered with and that messages also can be forwarded from one recipient to another without compromising their validity. Signatures are different from, but no less important than encryption, which ensures the privacy of a message. Commonly used signature protocols—signatures based on the Rivest–Adleman–Shamir (RSA algorithm, the digital signature algorithm (DSA, and the elliptic curve digital signature algorithm (ECDSA—are only computationally secure, similar to public key encryption methods. In fact, since these rely on the difficulty of finding discrete logarithms or factoring large primes, it is known that they will become completely insecure with the emergence of quantum computers. We may therefore see a shift towards signature protocols that will remain secure even in a post-quantum world. Ideally, such schemes would provide unconditional or information-theoretic security. In this paper, we aim to provide an accessible and comprehensive review of existing unconditionally securesecure signature schemes for signing classical messages, with a focus on unconditionally secure quantum signature schemes.
-
In Support of the Common Defense: Homeland Defense and Security Journal. Volume 1
2012-04-01
as the United Kingdom, France, and Norway to name a few. Sharia law is Islamic law. While most people understand that the Quran is the Bible of Islam...grotesquely, Satanism . The Cult serves as a stabilizing religious force by using traditional cultural norms to justify the new narco-culture.35...irp/offdocs/pdd/pdd-39. pdf (accessed November 3, 2010). 4. Executive Order 13228 of October 8, 2001, Establishing the Office of Homeland Security and
-
The European Union’s Aviation Security Mission in South Sudan
DEFF Research Database (Denmark)
Højstrup Christensen, Gitte; Kammel, Arnold; Rodt, Annemarie Peen
of the security situation in the country, all EU personnel were evacuated in January 2014, and the mission was (informally) terminated after fulfilling its mandated deployment period. Even though the mission had succeeded in training 350 personnel prior to the evacuation, its contribution to the overall security......When South Sudan gained independence in 2011, the new country needed assistance from external actors during the transition to prevent the security situation from deteriorating. In 2012 the EU launched its Aviation Security Mission (EUAVSEC) in South Sudan as part of its Common Security and Defence...... Policy. This came in response to a South Sudanese request for EU support and assistance in strengthening the security in Juba International Airport, as it had proven difficult for South Sudan to establish a fully operational transport hub. The EU estimated that an improvement of the airport security...
-
Non-proliferation and security: synergy and differences
International Nuclear Information System (INIS)
Joly, J.
2013-01-01
Operators of nuclear facilities put in place both physical and organisational means to meet in a comprehensive way the requirements associated with Nuclear Non-Proliferation, Safety and Security. The common aim is to protect man and the environment from ionising radiation. The approaches for meeting these requirements have real similarities, but also differences which need to be respected in order to develop an appropriate synergy for obtaining the best possible level of safety, security and non-proliferation. This article aims to show the provisions that have been taken with regard to non-proliferation, security and safety which complement and reinforce each other.The paper is followed by the slides of the presentation. (author)
-
Understanding and applying cryptography and data security
Elbirt, Adam J
2009-01-01
Introduction A Brief History of Cryptography and Data Security Cryptography and Data Security in the Modern World Existing Texts Book Organization Symmetric-Key Cryptography Cryptosystem Overview The Modulo Operator Greatest Common Divisor The Ring ZmHomework ProblemsSymmetric-Key Cryptography: Substitution Ciphers Basic Cryptanalysis Shift Ciphers Affine Ciphers Homework ProblemsSymmetric-Key Cryptography: Stream Ciphers Random Numbers The One-Time Pad Key Stream GeneratorsReal-World ApplicationsHomework ProblemsSymmetric-Key Cryptography: Block Ciphers The Data Encryption StandardThe Advance
-
An evaluation of smartphone communication (in)security
Brodd-Reijer, Christoffer
2014-01-01
The purpose of this study is to examine and evaluate the security of the data traffic sent to and from smartphone devices. Since smartphones are becoming more common, are highly connected, often use cloud based computation, and contain highly personal data, it is important that the communication is secure and safe. This paper examines the Android and iOS platforms and focuses on three key parts: platform, application, and user. The platforms are evaluated on the basis of their libraries, APIs...
-
Wireless Physical Layer Security with CSIT Uncertainty
Hyadi, Amal
2017-09-01
Recent years have been marked by an enormous growth of wireless communication networks and an extensive use of wireless applications. In return, this phenomenal expansion induced more concerns about the privacy and the security of the users. Physical layer security is one of the most promising solutions that were proposed to enhance the security of next generation wireless systems. The fundamental idea behind this technique is to exploit the randomness and the fluctuations of the wireless channel to achieve security without conditional assumptions on the computational capabilities of the eavesdropper. In fact, while these elements have traditionally been associated with signal deterioration, physical layer security uses them to ensure the confidentiality of the users. Nevertheless, these technical virtues rely heavily on perhaps idealistic channel state information assumptions. In that regard, the aim of this thesis is to look at the physical layer security paradigm from the channel uncertainty perspective. In particular, we discuss the ergodic secrecy capacity of different wiretap channels when the transmitter is hampered by the imperfect knowledge of the channel state information (CSI). We consider two prevalent causes of uncertainty for the CSI at transmitter (CSIT); either an error of estimation occurs at the transmitter and he can only base his coding and the transmission strategies on a noisy version of the CSI, or the CSI feedback link has a limited capacity and the legitimate receivers can only inform the transmitter about the quantized CSI. We investigate both the single-user multiple-input multiple-output (MIMO) wiretap channel and the multi-user broadcast wiretap channel. In the latter scenario, we distinguish between two situations: multiple messages transmission and common message transmission. We also discuss the broadcast channel with confidential messages (BCCM) where the transmitter has one common message to be transmitted to two users and one
-
Security research roadmap; Security-tutkimuksen roadmap
Energy Technology Data Exchange (ETDEWEB)
Naumanen, M.; Rouhiainen, V. (eds.)
2006-02-15
Requirements for increasing security have arisen in Europe after highly visible and tragic events in Madrid and in London. While responsibility for security rests largely with the national activities, the EU has also started planning a research area .Space and security. as a part of the 7th Framework Programme. As the justification for this research area it has been presented that technology alone can not assure security, but security can not be assured without the support of technology. Furthermore, the justification highlights that security and military research are becoming ever closer. The old separation between civil and military research is decreasing, because it has been noticed that both areas are nowadays utilising the same knowledge. In Finland, there is already now noteworthy entrepreneurship related to security. Although some of the companies are currently only operating in Finland, others are already international leaders in their area. The importance of the security area is increasing and remarkable potential for new growth business areas can already be identified. This however also requires an increase in research efforts. VTT has a broad range of security research ongoing in many technology areas. The main areas have been concentrating on public safety and security, but VTT is participating also in several research projects related to the defence technology. For identifying and defining in more detail the expertise and research goals, the Security research roadmap was developed. The roadmap identified three particularly significant areas related to security. The assurance of critical infrastructure emphasises the protection of energy networks, information networks, water supply, traffic and transport, and obviously also the citizens. For assuring the activities of entrepreneurship, significant areas include the security of production and services, the security of sites and assets, and information security for embedded systems. The most important
-
INFORMATION SYSTEM SECURITY (CYBER SECURITY
Directory of Open Access Journals (Sweden)
Muhammad Siddique Ansari
2016-03-01
Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers
-
Security Awareness of the Digital Natives
Directory of Open Access Journals (Sweden)
Vasileios Gkioulos
2017-04-01
Full Text Available Young generations make extensive use of mobile devices, such as smartphones, tablets and laptops, while a plethora of security risks associated with such devices are induced by vulnerabilities related to user behavior. Furthermore, the number of security breaches on or via portable devices increases exponentially. Thus, deploying suitable risk treatments requires the investigation of how the digital natives (young people, born and bred in the digital era use their mobile devices and their level of security awareness, in order to identify common usage patterns with negative security impact. In this article, we present the results of a survey performed across a multinational sample of digital natives with distinct backgrounds and levels of competence in terms of security, to identify divergences in user behavior due to regional, educational and other factors. Our results highlight significant influences on the behavior of digital natives, arising from user confidence, educational background, and parameters related to usability and accessibility. The outcomes of this study justify the need for further analysis of the topic, in order to identify the influence of fine-grained semantics, but also the consolidation of wide and robust user-models.
-
European Security through EU-Russian Relations: Towards a New Multilateral Order?
Directory of Open Access Journals (Sweden)
Sandra Fernandes
2011-05-01
Full Text Available Since the end of the Cold War, the EU and Russia have managed to create an original framework for institutionalised cooperation despite asymmetric characteristics. Yet, the way these two main security actors interact has an impact on the (non-resolution of security issues in Europe, ranging from ‘‘frozen conflicts’’ to the discussion of the security architecture. Since the second mandate of President Putin, the relation has been characterised by two paradoxical features. On the one hand, the methodology and the domains of cooperation have reached a high degree of achievement. On the other hand, the political quality of the relationship has deteriorated and it is not able to achieve the desired ‘‘strategic partnership’’ that should be based on a common set of values and principles. This article aims to define multilateralism as a paradigm applicable to EU-Russian relations. It examines their relationship in the security and defence realm and the Union’s reactions to a new security approach by Russia since the 2008 Medvedev proposal. The article questions how the EU-Russian political dialogue impacts on multilateralism in the security field. The conclusion considers EU-Russian relations as a peculiar multilateral playground addressing common security challenges, which still needs to be developed further in order to be instrumental in the search for collective and legitimate solutions.
-
Effective ASCII-HEX steganography for secure cloud
International Nuclear Information System (INIS)
Afghan, S.
2015-01-01
There are many reasons of cloud computing popularity some of the most important are; backup and rescue, cost effective, nearly limitless storage, automatic software amalgamation, easy access to information and many more. Pay-as-you-go model is followed to provide everything as a service. Data is secured by using standard security policies available at cloud end. In spite of its many benefits, as mentioned above, cloud computing has also some security issues. Provider as well as customer has to provide and collect data in a secure manner. Both of these issues plus efficient transmitting of data over cloud are very critical issues and needed to be resolved. There is need of security during the travel time of sensitive data over the network that can be processed or stored by the customer. Security to the customer's data at the provider end can be provided by using current security algorithms, which are not known by the customer. There is reliability problem due to existence of multiple boundaries in the cloud resource access. ASCII and HEX security with steganography is used to propose an algorithm that stores the encrypted data/cipher text in an image file which will be then sent to the cloud end. This is done by using CDM (Common Deployment Model). In future, an algorithm should be proposed and implemented for the security of virtual images in the cloud computing. (author)
-
A Common Definition of the System Operators' Core Activities
International Nuclear Information System (INIS)
2006-02-01
In this report a common definition of the system operator's core activities in the Nordic countries is identified and also a list of non-core activities is introduced. As a starting point the common tasks for system responsibility as identified by Nordel has been used for the work. The term TSO (Transmission System Operator) is employed as a common denominator in the report. It is found out that the TSOs carry out common core activities in the roles as a transmission operator, a system operator and a balance settlement responsible. The core activities for the TSO as a transmission network operator are: Maintain the adequate transmission system in the long run and network development plan on the national as well as on the Nordic level using sophisticated analysis and planning methods and tools. Plan the transmission network on the national as well as on the Nordic level utilising new investments, renewal and maintenance of existing network components so that the network is secure to operate and adequate transmission capacity is guaranteed. Aim at timely network expansions using enhanced information exchange between the Nordic TSOs, and on the national level between the TSO and distribution and regional network operators, large consumers and large producers. Secure the technical compatibility with networks across the border and within a country by establishing connection requirements on the national level and ensuring that the national requirements are compatible across the Nordic power system. The core activities for the TSO as a system operator are: Define common technical requirements for the secure system operation using common planning, operation, connection and data exchange procedures. Secure the system operation with the operational planning for the following year by using information exchange between TSOs enabling the TSOs to make the best possible forecast of the global grid situation in order to assess the flows in their network and the available
-
DEFF Research Database (Denmark)
use of violence as being the domain of the modern state, which as a natural consequence, delegitimises non-state providers of security. Legitimacy is, therefore, tied to the formal state. Th e international debate concerning the role of PMSCs has been split primarily into two segments. One argues...... to control confl icts has led to low-intensity confl icts (LIC), which can be witnessed, for instance, in Uganda, the Democratic Republic of Congo, Colombia and Sri Lanka (O’Brien, 1998, p. 80). Since the end of the Cold War it has been common for weak state rulers with formal state legitimacy...... security contractors have led, both historically and at the present day, to fi erce academic and public debate. As Sarah Percy argues, the anti-mercenary discourse has two basic elements. One focuses on the fact that mercenaries use force outside what is considered to be legitimate, authoritative control...
-
European security framework for healthcare.
Ruotsalainen, Pekka; Pohjonen, Hanna
2003-01-01
eHealth and telemedicine services are promising business areas in Europe. It is clear that eHealth products and services will be sold and ordered from a distance and over national borderlines in the future. However, there are many barriers to overcome. For both national and pan-European eHealth and telemedicine applications a common security framework is needed. These frameworks set security requirements needed for cross-border eHealth services. The next step is to build a security infrastructure which is independent of technical platforms. Most of the European eHealth platforms are regional or territorial. Some countries are looking for a Public Key Infrastructure, but no large scale solutions do exist in healthcare. There is no clear candidate solution for European-wide interoperable eHealth platform. Gross-platform integration seems to be the most practical integration method at a European level in the short run. The use of Internet as a European integration platform is a promising solution in the long run.
-
CLASSIFICATION OF THREATS OF ECONOMIC SECURITY OF TAJIKISTAN
Directory of Open Access Journals (Sweden)
Blinichkina N. Yu.
2016-06-01
Full Text Available Ensuring of the state economic security suggests the fight against threats to such security. At the same time it is extremely important, firstly, to understand the essence of a threat to economic security and, secondly, to identify the common characteristics of threats allowing to systematize them and to determine the necessary measures to neutralize them on this basis. The traditional approach offers a classification of economic security threats depending on areas of their origin but it is impossible to determine the gravity of the threat to the economy and ways of neutralizing it.In this context we propose allocation of the economic threats to five groups depends on a number of characteristics that determine the level of their negative impact to the economy. Such classification of threats to economic security of Tajikistan helped to determine neutralization of which of them requires outside support, what requires priority within the framework of the strategy of economic security and national economic policy, and what does not require serious government efforts and may be neutralized automatically during neutralization of the other threats.
-
SPCC- Software Elements for Security Partition Communication Controller
Herpel, H. J.; Willig, G.; Montano, G.; Tverdyshev, S.; Eckstein, K.; Schoen, M.
2016-08-01
Future satellite missions like Earth Observation, Telecommunication or any other kind are likely to be exposed to various threats aiming at exploiting vulnerabilities of the involved systems and communications. Moreover, the growing complexity of systems coupled with more ambitious types of operational scenarios imply increased security vulnerabilities in the future. In the paper we will describe an architecture and software elements to ensure high level of security on-board a spacecraft. First the threats to the Security Partition Communication Controller (SPCC) will be addressed including the identification of specific vulnerabilities to the SPCC. Furthermore, appropriate security objectives and security requirements are identified to be counter the identified threats. The security evaluation of the SPCC will be done in accordance to the Common Criteria (CC). The Software Elements for SPCC has been implemented on flight representative hardware which consists of two major elements: the I/O board and the SPCC board. The SPCC board provides the interfaces with ground while the I/O board interfaces with typical spacecraft equipment busses. Both boards are physically interconnected by a high speed spacewire (SpW) link.
-
The European Security and Defence Policy
DEFF Research Database (Denmark)
Adler-Nissen, Rebecca
2009-01-01
The European Security and Defence Policy (ESDP), which is the operational military and civilian dimension of the Common Foreign and Security Policy (CFSP), is today one of the most dynamic areas of the European Union. However, it is only recently that the EU has acquired explicit military decision....... The Union is thus gradually emerging as an important player on the international scene, with a strategic vision, as well as diplomatic, civilian and military crisis-management instruments that complement the existing economic, commercial, humanitarian and development policies on which the EU has hitherto...... built its reputation as a ‘soft power'. Despite its rapid development, many still regard the EU as weak and ineffi cient when it comes to security and defence policy. Moreover, the EU struggles with internal divisions and has a strained relationship with NATO. Nonetheless, there are good reasons...
-
Increasing Distributed IT&C Application Security
Directory of Open Access Journals (Sweden)
Ion IVAN
2013-01-01
Full Text Available The development of distributed IT & C applications – DIA is presented alongside their main characteristics and the actors involved in activities through-out their lifecycle are identified in the before-mentioned scope. Aspects pertaining security risks, as well as methods of enhancing security, are detailed by DIA architectural features. The analysis includes risk elements, vulnerabilities, means of enhancing the behavior of the system, as well as a hierarchical feature dependency model based on a qualitative assessment of DIA security features, obtained through an inquiry in the common means of protection used by Romanian professionals, as well as their prioritization in the context of limited resources. A graph-based model of feature interactions is built. The last section deals with the ways of improving risk detection methods, as derived from the answers and features presented.
-
14 CFR 129.25 - Airplane security.
2010-01-01
... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Airplane security. 129.25 Section 129.25 Aeronautics and Space FEDERAL AVIATION ADMINISTRATION, DEPARTMENT OF TRANSPORTATION (CONTINUED) AIR CARRIERS... AND FOREIGN OPERATORS OF U.S.-REGISTERED AIRCRAFT ENGAGED IN COMMON CARRIAGE General § 129.25 Airplane...
-
Agent-Based Modelling for Security Risk Assessment
Janssen, S.A.M.; Sharpans'kykh, Alexei; Bajo, J.; Vale, Z.; Hallenborg, K.; Rocha, A.P.; Mathieu, P.; Pawlewski, P.; Del Val, E.; Novais, P.; Lopes, F.; Duque Méndez, N.D.; Julián, V.; Holmgren, J.
2017-01-01
Security Risk Assessment is commonly performed by using traditional methods based on linear probabilistic tools and informal expert judgements. These methods lack the capability to take the inherent dynamic and intelligent nature of attackers into account. To partially address the limitations,
-
What is Security? A perspective on achieving security
Energy Technology Data Exchange (ETDEWEB)
Atencio, Julian J.
2014-05-05
This presentation provides a perspective on achieving security in an organization. It touches upon security as a mindset, ability to adhere to rules, cultivating awareness of the reason for a security mindset, the quality of a security program, willingness to admit fault or acknowledge failure, peer review in security, science as a model that can be applied to the security profession, the security vision, security partnering, staleness in the security program, security responsibilities, and achievement of success over time despite the impossibility of perfection.
-
Wireless Local Area Network (WLAN) Vulnerability Assessment and Security
National Research Council Canada - National Science Library
Kessel, Adam; Goodwin, Shane
2005-01-01
The proliferation of wireless computer equipment and Local Area Networks (LANs) create an increasingly common and growing threat to Marine Corps Network infrastructure and communication security (COMSEC...
-
A survey of visualization systems for network security.
Shiravi, Hadi; Shiravi, Ali; Ghorbani, Ali A
2012-08-01
Security Visualization is a very young term. It expresses the idea that common visualization techniques have been designed for use cases that are not supportive of security-related data, demanding novel techniques fine tuned for the purpose of thorough analysis. Significant amount of work has been published in this area, but little work has been done to study this emerging visualization discipline. We offer a comprehensive review of network security visualization and provide a taxonomy in the form of five use-case classes encompassing nearly all recent works in this area. We outline the incorporated visualization techniques and data sources and provide an informative table to display our findings. From the analysis of these systems, we examine issues and concerns regarding network security visualization and provide guidelines and directions for future researchers and visual system developers.
-
Cyber Security and Resilient Systems
Energy Technology Data Exchange (ETDEWEB)
Robert S. Anderson
2009-07-01
The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the
-
Cyber Security and Resilient Systems
International Nuclear Information System (INIS)
Anderson, Robert S.
2009-01-01
The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation's cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested - both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the
-
The Advantages and Disadvantages of Seeking Commonality in Military Equipment
2011-01-01
RAND ReseARch AReAs Children and Families eduCation and the arts energy and environment health and health Care inFrastruCture and transportation... international aFFairs law and Business national seCurity population and aging puBliC saFety sCienCe and teChnology terrorism and homeland seCurity this...rand 2011 www.rand.org The Advantages and Disadvantages of Seeking Commonality in Military Equipment I ncreasingly, the Army and the Department
-
Integrating QoS and security functions in an IP-VPN gateway
Fan, Kuo-Pao; Chang, Shu-Hsin; Lin, Kuan-Ming; Pen, Mau-Jy
2001-10-01
IP-based Virtual Private Network becomes more and more popular. It can not only reduce the enterprise communication cost but also increase the revenue of the service provider. The common IP-VPN application types include Intranet VPN, Extranet VPN, and remote access VPN. For the large IP-VPN market, some vendors develop dedicated IP-VPN devices; while some vendors add the VPN functions into their existing network equipment such as router, access gateway, etc. The functions in the IP-VPN device include security, QoS, and management. The common security functions supported are IPSec (IP Security), IKE (Internet Key Exchange), and Firewall. The QoS functions include bandwidth control and packet scheduling. In the management component, policy-based network management is under standardization in IETF. In this paper, we discuss issues on how to integrate the QoS and security functions in an IP-VPN Gateway. We propose three approaches to do this. They are (1) perform Qos first (2) perform IPSec first and (3) reserve fixed bandwidth for IPSec. We also compare the advantages and disadvantages of the three proposed approaches.
-
Security surveillance challenges and proven thermal imaging capabilities in real-world applications
Francisco, Glen L.; Roberts, Sharon
2004-09-01
Uncooled thermal imaging was first introduced to the public in early 1980's by Raytheon (legacy Texas Instruments Defense Segment Electronics Group) as a solution for military applications. Since the introduction of this technology, Raytheon has remained the leader in this market as well as introduced commercial versions of thermal imaging products specifically designed for security, law enforcement, fire fighting, automotive and industrial uses. Today, low cost thermal imaging for commercial use in security applications is a reality. Organizations of all types have begun to understand the advantages of using thermal imaging as a means to solve common surveillance problems where other popular technologies fall short. Thermal imaging has proven to be a successful solution for common security needs such as: ¸ vision at night where lighting is undesired and 24x7 surveillance is needed ¸ surveillance over waterways, lakes and ports where water and lighting options are impractical ¸ surveillance through challenging weather conditions where other technologies will be challenged by atmospheric particulates ¸ low maintenance requirements due to remote or difficult locations ¸ low cost over life of product Thermal imaging is now a common addition to the integrated security package. Companies are relying on thermal imaging for specific applications where no other technology can perform.
-
Russia and the European Union: an elusive quest for common values?
Directory of Open Access Journals (Sweden)
Ryngaert Cedric
2012-12-01
Full Text Available This article focuses on the dialogue between the Russian Federation and the European Union based on “common values” (legal sphere and the rule of law, which form the framework for the EU-Russia “common spaces” — on the economy, freedom, security and justice, as well as in the field of research and education (including cultural aspects. The author analyses the current state of the EU-Russia dialogue (section 1, East-West cooperation in the framework of the Organisation for Security and Cooperation in Europe (section 2, and the position of the Council of Europe member states on the European Court for Human Rights (section 3. The author comes to a conclusion that the concept of “common values” is to a great degree fictitious, and its viability depends on whether Russia behaves as a European country. The complete internalisation of democratic values, human rights, and good governance is still unattainable for the Russian Federation, which uses the platform of common values predominantly to achieve strategic goals (section 4.
-
Motivating Contributions for Home Computer Security
Wash, Richard L.
2009-01-01
Recently, malicious computer users have been compromising computers en masse and combining them to form coordinated botnets. The rise of botnets has brought the problem of home computers to the forefront of security. Home computer users commonly have insecure systems; these users do not have the knowledge, experience, and skills necessary to…
-
Engineering security agreements against external insider threat
Nunes Leal Franqueira, V.; van Cleeff, A.; van Eck, Pascal; Wieringa, Roelf J.
2013-01-01
Companies are increasingly engaging in complex inter-organisational networks of business and trading part- ners, service and managed security providers to run their operations. Therefore, it is now common to outsource critical business processes and to completely move IT resources to the custody of
-
LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS
Energy Technology Data Exchange (ETDEWEB)
Ray Fink
2006-10-01
The results from ten cyber security vulnerability assessments of process control, SCADA and energy management systems, or components of those systems were reviewed to identify common problem areas. The common vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and ease with which an attacker could exploit the vulnerability. Suggested mitigations are identified in each category. Recommended mitigations having the highest impact on reducing vulnerability are listed for asset owners and system vendors.
-
Basic security measures for IEEE 802.11 wireless networks
Directory of Open Access Journals (Sweden)
Oscar P. Sarmiento
2008-05-01
Full Text Available This article presents a tutorial/discussion of three commonly-used IEEE 802.11 wireless network security standards: WEP, WPA and WPA2. A detailed analysis of the RC4 algorithm supporting WEP is presented, including its vulnera-bilities. The WPA and WPA2 encryption protocols’ most relevant aspects and technical characteristics are reviewed for a comparative analysis of the three standards in terms of the security they provide. Special attention has been paid to WEP encryption by using an educational simulation tool written in C++ Builder for facilitating the unders-tanding of this protocol at academic level. Two practical cases of wireless security configurations using Cisco net-working equipment are also presented: configuring and enabling WPA-Personal and WPA2-Personal (these being security options used by TKIP and AES, respectively.
-
Computer Security: the security marathon, part 2
Computer Security Team
2014-01-01
Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy? In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...
-
ICT security- aspects important for nuclear facilities
International Nuclear Information System (INIS)
Thunem, Atoosa P-J.
2005-09-01
Rapid application growth of complex Information and Communication Technologies (ICT) in every society and state infrastructure as well as industry has revealed vulnerabilities that eventually have given rise to serious security breaches. These vulnerabilities together with the course of the breaches from cause to consequence are gradually about to convince the field experts that ensuring the security of ICT-driven systems is no longer possible by only relying on the fundaments of computer science, IT, or telecommunications. Appropriating knowledge from other disciplines is not only beneficial, but indeed very necessary. At the same time, it is a common observation today that ICT-driven systems are used everywhere, from the nuclear, aviation, commerce and healthcare domains to camera-equipped web-enabled cellular phones. The increasing interdisciplinary and inter-sectoral aspects of ICT security worldwide have been providing updated and useful information to the nuclear domain, as one of the emerging users of ICT-driven systems. Nevertheless, such aspects have also contributed to new and complicated challenges, as ICT security for the nuclear domain is in a much more delicate manner than for any other domains related to the concept of safety, at least from the public standpoint. This report addresses some important aspects of ICT security that need to be considered at nuclear facilities. It deals with ICT security and the relationship between security and safety from a rather different perspective than usually observed and applied. The report especially highlights the influence on the security of ICT-driven systems by all other dependability factors, and on that basis suggests a framework for ICT security profiling, where several security profiles are assumed to be valid and used in parallel for each ICT-driven system, sub-system or unit at nuclear facilities. The report also covers a related research topic of the Halden Project with focus on cyber threats and
-
Directory of Open Access Journals (Sweden)
Mina Malekzadeh
2010-01-01
Full Text Available In wireless network communications, radio waves travel through free space; hence, the information reaches any receiving point with appropriate radio receivers. This aspect makes the wireless networks vulnerable to various types of attacks. A true understanding of these attacks provides better ability to defend the network against the attacks, thus eliminating potential threats from the wireless systems. This work presents a series of cyberwar laboratory exercises that are designed for IEEE 802.11 wireless networks security courses. The exercises expose different aspects of violations in security such as confidentiality, privacy, availability, and integrity. The types of attacks include traffic analysis, rogue access point, MAC filtering, replay, man-in-the-middle, and denial of service attacks. For each exercise, the materials are presented as open-source tools along with descriptions of the respective methods, procedures, and penetration techniques.
-
International Nuclear Information System (INIS)
Weston, B.H.
1990-01-01
This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview
-
Parmar, Parveen Kaur; Agrawal, Pooja; Goyal, Ravi; Scott, Jennifer; Greenough, P Gregg
2014-01-01
Human security shifts traditional concepts of security from interstate conflict and the absence of war to the security of the individual. Broad definitions of human security include livelihoods and food security, health, psychosocial well-being, enjoyment of civil and political rights and freedom from oppression, and personal safety, in addition to absence of conflict. In March 2010, we undertook a population-based health and livelihood study of female refugees from conflict-affected Central African Republic living in Djohong District, Cameroon and their female counterparts within the Cameroonian host community. Embedded within the survey instrument were indicators of human security derived from the Leaning-Arie model that defined three domains of psychosocial stability suggesting individuals and communities are most stable when their core attachments to home, community and the future are intact. While the female refugee human security outcomes describe a population successfully assimilated and thriving in their new environments based on these three domains, the ability of human security indicators to predict the presence or absence of lifetime and six-month sexual violence was inadequate. Using receiver operating characteristic (ROC) analysis, the study demonstrates that common human security indicators do not uncover either lifetime or recent prevalence of sexual violence. These data suggest that current gender-blind approaches of describing human security are missing serious threats to the safety of one half of the population and that efforts to develop robust human security indicators should include those that specifically measure violence against women.
-
Certified training for nuclear and radioactive source security management
International Nuclear Information System (INIS)
Johnson, Daniel
2017-01-01
Radioactive sources are used by hospitals, research facilities and industry for such purposes as diagnosing and treating illnesses, sterilising equipment and inspecting welds. Unfortunately, many States, regulatory authorities and licensees may not appreciate how people with malevolent intentions could use radioactive sources, and statistics confirm that a number of security incidents happen around the globe. The adversary could be common thieves, activists, insiders, terrorists and organised crime groups. Mitigating this risk requires well trained and competent staff who have developed the knowledge, attributes and skills necessary to successfully discharge their security responsibilities. The International Atomic Energy Agency and the World Institute for Nuclear Security are leading international training efforts. The target audience is a multi-disciplinary group of professionals with management responsibilities for security at facilities with radioactive sources. These efforts to promote training and competence amongst practitioners have been recognised at the 2014 and 2016 Nuclear Security and Nuclear Industry Summits. (author)
-
Secure steganography designed for mobile platforms
Agaian, Sos S.; Cherukuri, Ravindranath; Sifuentes, Ronnie R.
2006-05-01
Adaptive steganography, an intelligent approach to message hiding, integrated with matrix encoding and pn-sequences serves as a promising resolution to recent security assurance concerns. Incorporating the above data hiding concepts with established cryptographic protocols in wireless communication would greatly increase the security and privacy of transmitting sensitive information. We present an algorithm which will address the following problems: 1) low embedding capacity in mobile devices due to fixed image dimensions and memory constraints, 2) compatibility between mobile and land based desktop computers, and 3) detection of stego images by widely available steganalysis software [1-3]. Consistent with the smaller available memory, processor capabilities, and limited resolution associated with mobile devices, we propose a more magnified approach to steganography by focusing adaptive efforts at the pixel level. This deeper method, in comparison to the block processing techniques commonly found in existing adaptive methods, allows an increase in capacity while still offering a desired level of security. Based on computer simulations using high resolution, natural imagery and mobile device captured images, comparisons show that the proposed method securely allows an increased amount of embedding capacity but still avoids detection by varying steganalysis techniques.
-
Unified communications forensics anatomy of common UC attacks
Grant, Nicholas Mr
2013-01-01
Unified Communications Forensics: Anatomy of Common UC Attacks is the first book to explain the issues and vulnerabilities and demonstrate the attacks, forensic artifacts, and countermeasures required to establish a secure (UC) environment. This book is written by leading UC experts Nicholas Grant and Joseph W. Shaw II and provides material never before found on the market, including: analysis of forensic artifacts in common UC attacks an in-depth look at established UC technologies and attack exploits hands-on understanding of UC attack vectors and associated countermeasures
-
Security infrastructures: towards the INDECT system security
Stoianov, Nikolai; Urueña, Manuel; Niemiec, Marcin; Machník, Petr; Maestro, Gema
2012-01-01
This paper provides an overview of the security infrastructures being deployed inside the INDECT project. These security infrastructures can be organized in five main areas: Public Key Infrastructure, Communication security, Cryptography security, Application security and Access control, based on certificates and smartcards. This paper presents the new ideas and deployed testbeds for these five areas. In particular, it explains the hierarchical architecture of the INDECT PKI...
-
Basic security measures for IEEE 802.11 wireless networks
Sarmiento, Oscar P.; Guerrero, Fabio G.; Rey Argote, David
2008-01-01
This article presents a tutorial/discussion of three commonly-used IEEE 802.11 wireless network security standards: WEP, WPA and WPA2. A detailed analysis of the RC4 algorithm supporting WEP is presented, including its vulnerabilities. The WPA and WPA2 encryption protocols’ most relevant aspects and technical characteristics are reviewed for a comparative analysis of the three standards in terms of the security they provide. Special attention has been paid to WEP encryption by using an educat...
-
Data Leakage Prevention for Secure Cross-Domain Information Exchange
Nordbotten, Nils Agne; Engelstad, Paal E.; Kongsgård, Kyrre Wahl; Haakseth, Raymond; Mancini, Federico
2017-01-01
Cross-domain information exchange is an increasingly important capability for conducting efficient and secure operations, both within coalitions and within single nations. A data guard is a common cross-domain sharing solution that inspects the security labels of exported data objects and validates that they are such that they can be released according to policy. While we see that guard solutions can be implemented with high assurance, we find that obtaining an equivalent level of assurance i...
-
Nation State as Security Provider in Human Security Issue
Maya Padmi, Made Fitri
2015-01-01
Human Security notion is emphasizing on human as the central of security studies, challenging the position of state as the core of security. Some studies are tried to separate the state security and human security, however there are strong connection between these two notions. State has important role in establishing and maintaining the security of its own citizens. Through social contract and social security protection, state are oblige to set the security of its own people as their security...
-
Deciding Security for a Fragment of ASLan
DEFF Research Database (Denmark)
Mödersheim, Sebastian Alexander
2012-01-01
situations in security such as the interaction between the workflow of a system with its access control policies. While even the transition relation is undecidable for ASLan in general, we show the security problem is decidable for a large and useful fragment that we call TASLan, as long as we bound......ASLan is the input language of the verification tools of the AVANTSSAR platform, and an extension of the AVISPA Intermediate Format IF. One of ASLan's core features over IF is to integrate a transition system with Horn clauses that are evaluated at every state. This allows for modeling many common...... the number of steps of honest participants. The restriction of TASLan is that all messages and predicates must be in a certain sense unambiguous in their interpretation, excluding “type-confusions” similar to some tagging results for security protocols....
-
Haas, de M.
2016-01-01
This article examines the security policy of the Central Asian (CA) states, by comparing theory (security documents) with practice (the actual security challenges). The lack of CA regional (security) cooperation and authoritarian rule puts political and economic stability at stake. The internal and
-
Securing your Site in Development and Beyond
Energy Technology Data Exchange (ETDEWEB)
Akopov, Mikhail S.
2018-01-04
Why wait until production deployment, or even staging and testing deployment to identify security vulnerabilities? Using tools like Burp Suite, you can find security vulnerabilities before they creep up on you. Prevent cross-site scripting attacks, and establish a firmer trust between your website and your client. Verify that Apache/Nginx have the correct SSL Ciphers set. We explore using these tools and more to validate proper Apache/Nginx configurations, and to be compliant with modern configuration standards as part of the development cycle. Your clients can use tools like https://securityheaders.io and https://ssllabs.com to get a graded report on your level of compliance with OWASP Secure Headers Project and SSLLabs recommendations. Likewise, you should always use the same sites to validate your configurations. Burp Suite will find common misconfigurations and will also perform more thorough security testing of your applications. In this session you will see examples of vulnerabilities that were detected early on, as well has how to integrate these practices into your daily workflow.
-
Directed Security Policies: A Stateful Network Implementation
Directory of Open Access Journals (Sweden)
Cornelius Diekmann
2014-05-01
Full Text Available Large systems are commonly internetworked. A security policy describes the communication relationship between the networked entities. The security policy defines rules, for example that A can connect to B, which results in a directed graph. However, this policy is often implemented in the network, for example by firewalls, such that A can establish a connection to B and all packets belonging to established connections are allowed. This stateful implementation is usually required for the network's functionality, but it introduces the backflow from B to A, which might contradict the security policy. We derive compliance criteria for a policy and its stateful implementation. In particular, we provide a criterion to verify the lack of side effects in linear time. Algorithms to automatically construct a stateful implementation of security policy rules are presented, which narrows the gap between formalization and real-world implementation. The solution scales to large networks, which is confirmed by a large real-world case study. Its correctness is guaranteed by the Isabelle/HOL theorem prover.
-
Security Economics and Critical National Infrastructure
Anderson, Ross; Fuloria, Shailendra
There has been considerable effort and expenditure since 9/11 on the protection of ‘Critical National Infrastructure' against online attack. This is commonly interpreted to mean preventing online sabotage against utilities such as electricity,oil and gas, water, and sewage - including pipelines, refineries, generators, storage depots and transport facilities such as tankers and terminals. A consensus is emerging that the protection of such assets is more a matter of business models and regulation - in short, of security economics - than of technology. We describe the problems, and the state of play, in this paper. Industrial control systems operate in a different world from systems previously studied by security economists; we find the same issues (lock-in, externalities, asymmetric information and so on) but in different forms. Lock-in is physical, rather than based on network effects, while the most serious externalities result from correlated failure, whether from cascade failures, common-mode failures or simultaneous attacks. There is also an interesting natural experiment happening, in that the USA is regulating cyber security in the electric power industry, but not in oil and gas, while the UK is not regulating at all but rather encouraging industry's own efforts. Some European governments are intervening, while others are leaving cybersecurity entirely to plant owners to worry about. We already note some perverse effects of the U.S. regulation regime as companies game the system, to the detriment of overall dependability.
-
Internet Banking Security Strategy: Securing Customer Trust
Frimpong Twum; Kwaku Ahenkora
2012-01-01
Internet banking strategies should enhance customers¡¯ online experiences which are affected by trust and security issues. This study provides perspectives of users and nonusers on internet banking security with a view to understanding trust and security factors in relation to adoption and continuous usage. Perception of internet banking security influenced usage intentions. Nonusers viewed internet banking to be insecure but users perceived it to be secure with perceived ease of use influenc...
-
Invariant-based reasoning about parameterized security protocols
Mooij, A.J.
2010-01-01
We explore the applicability of the programming method of Feijen and van Gasteren to the domain of security protocols. This method addresses the derivation of concurrent programs from a formal specification, and it is based on common notions like invariants and pre- and post-conditions. We show that
-
Achieving Security Assurance with Assertion-based Application Construction
Directory of Open Access Journals (Sweden)
Carlos E. Rubio-Medrano
2015-12-01
Full Text Available Modern software applications are commonly built by leveraging pre-fabricated modules, e.g. application programming interfaces (APIs, which are essential to implement the desired functionalities of software applications, helping reduce the overall development costs and time. When APIs deal with security-related functionality, it is critical to ensure they comply with their design requirements since otherwise unexpected flaws and vulnerabilities may consequently occur. Often, such APIs may lack sufficient specification details, or may implement a semantically-different version of a desired security model to enforce, thus possibly complicating the runtime enforcement of security properties and making it harder to minimize the existence of serious vulnerabilities. This paper proposes a novel approach to address such a critical challenge by leveraging the notion of software assertions. We focus on security requirements in role-based access control models and show how proper verification at the source-code level can be performed with our proposed approach as well as with automated state-of-the-art assertion-based techniques.
-
Knowing What Others Know: Common Knowledge, Accounting, and Capital Markets
Shyam NMI Sunder
2001-01-01
The concept of common knowledge concerning higher orders of knowledge has seen exciting new developments in the fields of philosophy, game theory, statistics, economics and cognitive science in the recent decades. Even though information lies at the heart of accounting and capital markets research, these new developments have remained at the periphery of these fields. Common knowledge thinking may significantly advance our understanding of financial reporting, analysis, securities valuation, ...
-
Design and Development of Layered Security: Future Enhancements and Directions in Transmission
Shahzad, Aamir; Lee, Malrey; Kim, Suntae; Kim, Kangmin; Choi, Jae-Young; Cho, Younghwa; Lee, Keun-Kwang
2016-01-01
Today, security is a prominent issue when any type of communication is being undertaken. Like traditional networks, supervisory control and data acquisition (SCADA) systems suffer from a number of vulnerabilities. Numerous end-to-end security mechanisms have been proposed for the resolution of SCADA-system security issues, but due to insecure real-time protocol use and the reliance upon open protocols during Internet-based communication, these SCADA systems can still be compromised by security challenges. This study reviews the security challenges and issues that are commonly raised during SCADA/protocol transmissions and proposes a secure distributed-network protocol version 3 (DNP3) design, and the implementation of the security solution using a cryptography mechanism. Due to the insecurities found within SCADA protocols, the new development consists of a DNP3 protocol that has been designed as a part of the SCADA system, and the cryptographically derived security is deployed within the application layer as a part of the DNP3 stack. PMID:26751443
-
Design and Development of Layered Security: Future Enhancements and Directions in Transmission
Directory of Open Access Journals (Sweden)
Aamir Shahzad
2016-01-01
Full Text Available Today, security is a prominent issue when any type of communication is being undertaken. Like traditional networks, supervisory control and data acquisition (SCADA systems suffer from a number of vulnerabilities. Numerous end-to-end security mechanisms have been proposed for the resolution of SCADA-system security issues, but due to insecure real-time protocol use and the reliance upon open protocols during Internet-based communication, these SCADA systems can still be compromised by security challenges. This study reviews the security challenges and issues that are commonly raised during SCADA/protocol transmissions and proposes a secure distributed-network protocol version 3 (DNP3 design, and the implementation of the security solution using a cryptography mechanism. Due to the insecurities found within SCADA protocols, the new development consists of a DNP3 protocol that has been designed as a part of the SCADA system, and the cryptographically derived security is deployed within the application layer as a part of the DNP3 stack.
-
Public key infrastructure for DOE security research
Energy Technology Data Exchange (ETDEWEB)
Aiken, R.; Foster, I.; Johnston, W.E. [and others
1997-06-01
This document summarizes the Department of Energy`s Second Joint Energy Research/Defence Programs Security Research Workshop. The workshop, built on the results of the first Joint Workshop which reviewed security requirements represented in a range of mission-critical ER and DP applications, discussed commonalties and differences in ER/DP requirements and approaches, and identified an integrated common set of security research priorities. One significant conclusion of the first workshop was that progress in a broad spectrum of DOE-relevant security problems and applications could best be addressed through public-key cryptography based systems, and therefore depended upon the existence of a robust, broadly deployed public-key infrastructure. Hence, public-key infrastructure ({open_quotes}PKI{close_quotes}) was adopted as a primary focus for the second workshop. The Second Joint Workshop covered a range of DOE security research and deployment efforts, as well as summaries of the state of the art in various areas relating to public-key technologies. Key findings were that a broad range of DOE applications can benefit from security architectures and technologies built on a robust, flexible, widely deployed public-key infrastructure; that there exists a collection of specific requirements for missing or undeveloped PKI functionality, together with a preliminary assessment of how these requirements can be met; that, while commercial developments can be expected to provide many relevant security technologies, there are important capabilities that commercial developments will not address, due to the unique scale, performance, diversity, distributed nature, and sensitivity of DOE applications; that DOE should encourage and support research activities intended to increase understanding of security technology requirements, and to develop critical components not forthcoming from other sources in a timely manner.
-
A secure key agreement protocol based on chaotic maps
International Nuclear Information System (INIS)
Wang Xing-Yuan; Luan Da-Peng
2013-01-01
To guarantee the security of communication in the public channel, many key agreement protocols have been proposed. Recently, Gong et al. proposed a key agreement protocol based on chaotic maps with password sharing. In this paper, Gong et al.'s protocol is analyzed, and we find that this protocol exhibits key management issues and potential security problems. Furthermore, the paper presents a new key agreement protocol based on enhanced Chebyshev polynomials to overcome these problems. Through our analysis, our key agreement protocol not only provides mutual authentication and the ability to resist a variety of common attacks, but also solve the problems of key management and security issues existing in Gong et al.'s protocol
-
Secure and Authenticated Data Communication in Wireless Sensor Networks
Directory of Open Access Journals (Sweden)
Omar Alfandi
2015-08-01
Full Text Available Securing communications in wireless sensor networks is increasingly important as the diversity of applications increases. However, even today, it is equally important for the measures employed to be energy efficient. For this reason, this publication analyzes the suitability of various cryptographic primitives for use in WSNs according to various criteria and, finally, describes a modular, PKI-based framework for confidential, authenticated, secure communications in which most suitable primitives can be employed. Due to the limited capabilities of common WSN motes, criteria for the selection of primitives are security, power efficiency and memory requirements. The implementation of the framework and the singular components have been tested and benchmarked in our testbed of IRISmotes.
-
The European Union as a Security Actor: Moving Beyond the Second Pillar
Directory of Open Access Journals (Sweden)
Kamil Zwolski
2009-04-01
Full Text Available It is suggested in this article that there is a discrepancy between, on the one hand, literature that focuses on the European Union (EU as a security actor and, on the other, contemporary security studies literature. This difference concerns the fact that the literature on the EU as a security actor treats security in a narrower sense than how it is approached in the literature on security studies. Over the past few decades, security studies literature has begun to fully acknowledge that the concept of security has broadened beyond traditional ‘hard’ security concerns and can encompass many different issues, for example the security implications of climate change. However, the literature on the EU as a security actor very often associates security only with the second pillar of the EU’s organisational structure; in particular the intergovernmental cooperation embodied by the Common Foreign and Security Policy (CFSP and the European Security and Defence Policy (ESDP. The main purpose of this article is to utilise the broader security studies approach to security as a means to expand the understanding of security in the context of the EU’s performance on the international stage. This is important because it allows the Union’s �����actorness’ in the field of security to be examined in a more holistic manner.
-
Bernat, Debra H; Lenk, Kathleen M; Nelson, Toben F; Winters, Ken C; Toomey, Traci L
2014-08-01
Campus police and security personnel are often the first to respond to alcohol-related incidents on campus. The purpose of this study is to examine how campus law enforcement and security respond to alcohol-related incidents, and how consequences and communication differ based on characteristics of the incident. Directors of campus police/security from 343 colleges across the United States completed a survey regarding usual practice following serious, underage, and less serious alcohol incidents on and off campus. Campus law enforcement and security most commonly reported contacting campus officials. A minority reported issuing citations and referring students to the health center. Enforcement actions were more commonly reported for serious and underage incidents than for less serious incidents. Large (vs. small) colleges, public (vs. private) colleges, and those located in small (vs. large) towns more consistently reported taking actions against drinkers. Understanding how campus police and security respond to alcohol-related incidents is essential for reducing alcohol-related problems on college campuses. Copyright © 2014 by the Research Society on Alcoholism.
-
Threats or threads: from usable security to secure experience
DEFF Research Database (Denmark)
Bødker, Susanne; Mathiasen, Niels Raabjerg
2008-01-01
While the domain of security dependent technologies brings new challenges to HCI research it seems that the results and breakthroughs of HCI have not been used in design of security dependent technologies. With exceptions, work in the research field of usable security may be criticized for focusing...... mainly on adjusting user behavior to behave securely. With our background in newer HCI perspectives we address secure interaction from the perspective of security technology as experience. We analyze a number of collected user stories to understand what happens when everyday users encounter security...... dependent technologies. We apply McCarthy & Wright's [12] experience framework to the security domain and our collected stories. We point out that there are significant differences between being secure and having a secure experience, and conclude that classical usable security, focus on people's immediate...
-
Global energy security and the implications for the EU
International Nuclear Information System (INIS)
Umbach, Frank
2010-01-01
The following article will analyse the global and geopolitical dimensions of the future international energy security and its implications for Europe and the EU-27. In this context, I will discuss to which extent the EU's newly proclaimed 'Energy Action Plan' of the EU Spring summit of 2007 and its declared common energy (foreign) policy are a sufficient strategy to cope with the new global and geopolitical challenges. The article concludes the following: (1) The interlinkage between globally designed traditional energy security concepts - that rely just on economic factors and 'market-strategies' - and domestic as well as regional political stability demands new thinking with regard to both energy supply security and foreign and security policies. (2) Although after the Russian-Ukrainian gas conflict in January 2006, energy security has forced its way up the European energy and foreign policy agendas, the EU-27 member states have largely failed to forge a coherent European energy security and energy foreign policy strategy after their Spring summit of 2007 because its declared political solidarity has been still lacking. But the 2nd Strategic Energy Review of November 2008 has recommended new initiatives to overcome this lack by promoting concrete infrastructure and other projects for enhancing Europe's supply security and its political solidarity as part of a common energy (foreign) policy. If the EU is able to implement the March 2007 and November 2008 decisions, the EU oil and gas demand will drastically reduce and freeze at current levels. In this case, Putin's energy policies by using Russia's energy resources and pipeline monopolies as a political instrument to enforce its economic and geopolitical interests will be proved as self-defeating in Russia's long-term strategic interests. It will reduce Gazprom's gas exports to a much smaller EU gas market than originally forecasted as the result of a deliberate EU policy of decreasing its overall gas demand and
-
Elements of Social Security in 6 European Countries
DEFF Research Database (Denmark)
Hansen, Hans
Elements of Social Security in 6 European Countries contains an overview of important benefit schemes in Denmark, Sweden, Finland, Germany, Great Britain and the Nether-lands. The schemes are categorized according to common sets of criteria and compared. Stylized cases illustrate the impact...
-
Purpura, Philip P
2011-01-01
Section I The History and Profession of SecurityDefinition, Role, and History of Security Security Defined The Contexts of Security The Roles of Security The History of Security Security in an Environment of Threats, Terrorism, and All-Hazards Threats and Hazards Terrorism National Strategies The Profession and Business of Security The Business of Security Professionalism and Security Associations Ethics Regulation of the Security Industry Security Training Higher Education Careers Section II Protecting People and AssetsSecurity Methodology Methodology Defined Security Business Proposals Secur
-
Zoltán BALLA
2009-01-01
National security administration is the special executivedisposal activity of the national security agencies, the section of the state administration that helps the governmental work by reconnoitering and preventing with secret-servicing methods of the risks that shall harm or endanger the national security’s interests. The main operational principles of national security governing are the followings among others: - controlling the operation of national security organization belongs to the ex...
-
CHANGES IN THE SECURITY AGENDA: CRITICAL SECURITY STUDIES AND HUMAN SECURITY. THE CASE OF CHINA
Directory of Open Access Journals (Sweden)
Nguyen THI THUY HANG
2012-06-01
Full Text Available Since the end of the Cold War the meaning of security has fundamentally changed. Issues which are labeled as non-traditional security namely human development, economic crises, environmental degradation, natural disaster, poverty, epidemics… have become a crucial part of the security agenda. These changes have been intensified with the development of the two approaches: Critical Security Studies and Human Security. This article explores how the meaning of security has changed and how the boundaries between traditional and non-traditional security have become blurred. The case of China is taken as empirical evidence to support the assertion that security has evolved beyond its traditional focus on the state.
-
Legal significance of the private security sector in Kosovo
Directory of Open Access Journals (Sweden)
Fidair Berisha
2015-11-01
Full Text Available Privatization of the security sector is considered a new phenomenon in the post communist society. The security system has been under a total monopol of the state institutions. Therefore, even the legal adjustment of this system is considered that only state institutions are entitled for provision of the security services, by excluding participation of civic organizations from this activity. Beside this, state enterprises have been obliged to establish its safet structures for property protection and involved employers in enterprises. Immediately after the conflictual period the privatization of the security sector was rapidly increased, including various parts of society. In Kosovo immediately after the conflictual period there was legal gaps, which means that the private security sector has not been adjusted and as a result of this has been uncontrolled and without supervision. Therefore in 2000 the UNMIK administration has undertaken measures and has carried out the first act which has regulated this sector in Kosova. The draft law has undergone significant changes starting from the title. Saying in more common manner, “Draft law for private security” is amended in the LAW no. 04/L-004.2001 for private security services, and this amendment of the private security sector is based in the above mentioned law.
-
Security bound of cheat sensitive quantum bit commitment.
He, Guang Ping
2015-03-23
Cheat sensitive quantum bit commitment (CSQBC) loosens the security requirement of quantum bit commitment (QBC), so that the existing impossibility proofs of unconditionally secure QBC can be evaded. But here we analyze the common features in all existing CSQBC protocols, and show that in any CSQBC having these features, the receiver can always learn a non-trivial amount of information on the sender's committed bit before it is unveiled, while his cheating can pass the security check with a probability not less than 50%. The sender's cheating is also studied. The optimal CSQBC protocols that can minimize the sum of the cheating probabilities of both parties are found to be trivial, as they are practically useless. We also discuss the possibility of building a fair protocol in which both parties can cheat with equal probabilities.
-
Security bound of cheat sensitive quantum bit commitment
He, Guang Ping
2015-03-01
Cheat sensitive quantum bit commitment (CSQBC) loosens the security requirement of quantum bit commitment (QBC), so that the existing impossibility proofs of unconditionally secure QBC can be evaded. But here we analyze the common features in all existing CSQBC protocols, and show that in any CSQBC having these features, the receiver can always learn a non-trivial amount of information on the sender's committed bit before it is unveiled, while his cheating can pass the security check with a probability not less than 50%. The sender's cheating is also studied. The optimal CSQBC protocols that can minimize the sum of the cheating probabilities of both parties are found to be trivial, as they are practically useless. We also discuss the possibility of building a fair protocol in which both parties can cheat with equal probabilities.
-
Generating WS-SecurityPolicy documents via security model transformation
DEFF Research Database (Denmark)
Jensen, Meiko
2009-01-01
When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriat...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development.......When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...
-
Security Engine Management of Router based on Security Policy
Su Hyung Jo; Ki Young Kim; Sang Ho Lee
2007-01-01
Security management has changed from the management of security equipments and useful interface to manager. It analyzes the whole security conditions of network and preserves the network services from attacks. Secure router technology has security functions, such as intrusion detection, IPsec(IP Security) and access control, are applied to legacy router for secure networking. It controls an unauthorized router access and detects an illegal network intrusion. This paper re...
-
Cyber security. Compliance to the new CSA 290.7 standard
Energy Technology Data Exchange (ETDEWEB)
Daley, M.; Doucet, R.; Echlin, M.; MacDonald, M.; Mihaylov, V.; Sijs, J.; Trask, D. [Canadian Nuclear Laboratories, Chalk River, Ontario (Canada)
2015-12-15
Since 2008, the Canadian Nuclear Safety Commission (CNSC), similar to regulators of other critical industries, has requested their licensees to implement cyber security programs and conduct self- assessments without the benefit of an industry specific cyber security standard that provides common metrics for coverage and effectiveness of their programs. However, for the nuclear industry, a new CSA standard 290.7 entitled 'Cyber security for nuclear power plants and small reactor facilities', released in December 2014, will have the CNSC looking to facility operators to be compliant to the new standard. This paper will discuss initiatives at Canadian Nuclear Laboratories to develop of a suite of tools, techniques, and best practices that can be used by the regulator and industry for assessing compliance and effectiveness of cyber security technology and implementations. (author)
-
Cyber security - compliance to the new CSA 290.7 standard
Energy Technology Data Exchange (ETDEWEB)
Daley, M.; Doucet, R.; Echlin, M.; MacDonald, M.; Mihaylov, V.; Sijs, J.; Trask, D., E-mail: Matthew.Daley@cnl.ca [Canadian Nuclear Laboratories, Chalk River, ON, (Canada)
2015-07-01
Since 2008, the Canadian Nuclear Safety Commission (CNSC), similar to regulators of other critical industries, has requested their licensees to implement cyber security programs and conduct self-assessments without the benefit of an industry specific cyber security standard that provides common metrics for coverage and effectiveness of their programs. However, for the nuclear industry, a new CSA standard 290.7 entitled 'Cyber security for nuclear power plants and small reactor facilities' [1], released in December 2014, will have the CNSC looking to facility operators to be compliant to the new standard. This paper will discuss initiatives at Canadian Nuclear Laboratories to develop of a suite of tools, techniques, and best practices that can be used by the regulator and industry for assessing compliance and effectiveness of cyber security technology and implementations. (author)
-
Cyber security. Compliance to the new CSA 290.7 standard
International Nuclear Information System (INIS)
Daley, M.; Doucet, R.; Echlin, M.; MacDonald, M.; Mihaylov, V.; Sijs, J.; Trask, D.
2015-01-01
Since 2008, the Canadian Nuclear Safety Commission (CNSC), similar to regulators of other critical industries, has requested their licensees to implement cyber security programs and conduct self- assessments without the benefit of an industry specific cyber security standard that provides common metrics for coverage and effectiveness of their programs. However, for the nuclear industry, a new CSA standard 290.7 entitled 'Cyber security for nuclear power plants and small reactor facilities', released in December 2014, will have the CNSC looking to facility operators to be compliant to the new standard. This paper will discuss initiatives at Canadian Nuclear Laboratories to develop of a suite of tools, techniques, and best practices that can be used by the regulator and industry for assessing compliance and effectiveness of cyber security technology and implementations. (author)
-
Cyber security - compliance to the new CSA 290.7 standard
International Nuclear Information System (INIS)
Daley, M.; Doucet, R.; Echlin, M.; MacDonald, M.; Mihaylov, V.; Sijs, J.; Trask, D.
2015-01-01
Since 2008, the Canadian Nuclear Safety Commission (CNSC), similar to regulators of other critical industries, has requested their licensees to implement cyber security programs and conduct self-assessments without the benefit of an industry specific cyber security standard that provides common metrics for coverage and effectiveness of their programs. However, for the nuclear industry, a new CSA standard 290.7 entitled 'Cyber security for nuclear power plants and small reactor facilities' [1], released in December 2014, will have the CNSC looking to facility operators to be compliant to the new standard. This paper will discuss initiatives at Canadian Nuclear Laboratories to develop of a suite of tools, techniques, and best practices that can be used by the regulator and industry for assessing compliance and effectiveness of cyber security technology and implementations. (author)
-
National security through the preservation and development of cultural sphere
Directory of Open Access Journals (Sweden)
Malakshinova N.Sh.
2016-10-01
Full Text Available matters of national security in the context of the inextricable interrelationship and interdependence of national security and socio-economic development are presented in the article. The particular attention is paid to the legislative consolidation of security categories, the system of national security elements, and changes in the domestic legislation updates. Therefore, safety, a list of national interests, highlighted by long-term perspective, and questions about the means of implementation of strategic national priorities, including the named culture as a sphere of life are very important. Sphere of culture as a national priority and an important factor in the quality of life growth and harmonization of public relations, collateral dynamic socio-economic development and the preservation of a common cultural space and sovereignty of Russia are studied more detailed.
-
Theoretical Aspects of Analysis of International Environmental Security
Directory of Open Access Journals (Sweden)
Juliya A. Rusakova
2015-01-01
Full Text Available Abstract: International environmental security is a very hot contemporary issue of world politics, which in a large part defines the future of our environment. Dealing with this issue is of outmost importance since its failure will render all other issues and challenges as negligible. The article examines the theoretical aspects of solving the problem of environmental security. In particular, it analyzes the problem of negative social externalities, and the related concept of "tragedy of the commons." These problems create a fundamental obstacle to the implementation of environmental security at the global level. Traditionally, the problem of externalities in the environmental field have been approached economically, states and their manufacturers were to pay for the externalities in the form of additional taxes. However, experience shows that the economic tools of dealing with environmental security are not effective. The author suggests alternative non-economic approaches: strengthening and developing the system of permanent institutions of international negotiations on environmental security and promotion of environmental awareness. Solving the acute environmental problems is impossible without a change of the political philosophy of the ruling elites in most states.
-
Pragmatic security metrics applying metametrics to information security
Brotby, W Krag
2013-01-01
Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics.Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system (a comprehensive suite of metrics) to
-
Best Practices for the Security of Radioactive Materials
Energy Technology Data Exchange (ETDEWEB)
Coulter, D.T.; Musolino, S.
2009-05-01
This work is funded under a grant provided by the US Department of Health and Human Services, Centers for Disease Control. The Department of Health and Mental Hygiene (DOHMH) awarded a contract to Brookhaven National Laboratory (BNL) to develop best practices guidance for Office of Radiological Health (ORH) licensees to increase on-site security to deter and prevent theft of radioactive materials (RAM). The purpose of this document is to describe best practices available to manage the security of radioactive materials in medical centers, hospitals, and research facilities. There are thousands of such facilities in the United States, and recent studies suggest that these materials may be vulnerable to theft or sabotage. Their malevolent use in a radiological-dispersion device (RDD), viz., a dirty bomb, can have severe environmental- and economic- impacts, the associated area denial, and potentially large cleanup costs, as well as other effects on the licensees and the public. These issues are important to all Nuclear Regulatory Commission and Agreement State licensees, and to the general public. This document outlines approaches for the licensees possessing these materials to undertake security audits to identify vulnerabilities in how these materials are stored or used, and to describe best practices to upgrade or enhance their security. Best practices can be described as the most efficient (least amount of effort/cost) and effective (best results) way of accomplishing a task and meeting an objective, based on repeatable procedures that have proven themselves over time for many people and circumstances. Best practices within the security industry include information security, personnel security, administrative security, and physical security. Each discipline within the security industry has its own 'best practices' that have evolved over time into common ones. With respect to radiological devices and radioactive-materials security, industry best practices
-
Best Practices for the Security of Radioactive Materials
International Nuclear Information System (INIS)
Coulter, D.T.; Musolino, S.
2009-01-01
This work is funded under a grant provided by the US Department of Health and Human Services, Centers for Disease Control. The Department of Health and Mental Hygiene (DOHMH) awarded a contract to Brookhaven National Laboratory (BNL) to develop best practices guidance for Office of Radiological Health (ORH) licensees to increase on-site security to deter and prevent theft of radioactive materials (RAM). The purpose of this document is to describe best practices available to manage the security of radioactive materials in medical centers, hospitals, and research facilities. There are thousands of such facilities in the United States, and recent studies suggest that these materials may be vulnerable to theft or sabotage. Their malevolent use in a radiological-dispersion device (RDD), viz., a dirty bomb, can have severe environmental- and economic- impacts, the associated area denial, and potentially large cleanup costs, as well as other effects on the licensees and the public. These issues are important to all Nuclear Regulatory Commission and Agreement State licensees, and to the general public. This document outlines approaches for the licensees possessing these materials to undertake security audits to identify vulnerabilities in how these materials are stored or used, and to describe best practices to upgrade or enhance their security. Best practices can be described as the most efficient (least amount of effort/cost) and effective (best results) way of accomplishing a task and meeting an objective, based on repeatable procedures that have proven themselves over time for many people and circumstances. Best practices within the security industry include information security, personnel security, administrative security, and physical security. Each discipline within the security industry has its own 'best practices' that have evolved over time into common ones. With respect to radiological devices and radioactive-materials security, industry best practices encompass
-
Device-independent two-party cryptography secure against sequential attacks
DEFF Research Database (Denmark)
Kaniewski, Jedrzej; Wehner, Stephanie
2016-01-01
The goal of two-party cryptography is to enable two parties, Alice and Bob, to solve common tasks without the need for mutual trust. Examples of such tasks are private access to a database, and secure identification. Quantum communication enables security for all of these problems in the noisy......-storage model by sending more signals than the adversary can store in a certain time frame. Here, we initiate the study of device-independent (DI) protocols for two-party cryptography in the noisy-storage model. Specifically, we present a relatively easy to implement protocol for a cryptographic building block...... known as weak string erasure and prove its security even if the devices used in the protocol are prepared by the dishonest party. DI two-party cryptography is made challenging by the fact that Alice and Bob do not trust each other, which requires new techniques to establish security. We fully analyse...
-
Strategic information security
Wylder, John
2003-01-01
Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles
-
Reviews on Security Issues and Challenges in Cloud Computing
An, Y. Z.; Zaaba, Z. F.; Samsudin, N. F.
2016-11-01
Cloud computing is an Internet-based computing service provided by the third party allowing share of resources and data among devices. It is widely used in many organizations nowadays and becoming more popular because it changes the way of how the Information Technology (IT) of an organization is organized and managed. It provides lots of benefits such as simplicity and lower costs, almost unlimited storage, least maintenance, easy utilization, backup and recovery, continuous availability, quality of service, automated software integration, scalability, flexibility and reliability, easy access to information, elasticity, quick deployment and lower barrier to entry. While there is increasing use of cloud computing service in this new era, the security issues of the cloud computing become a challenges. Cloud computing must be safe and secure enough to ensure the privacy of the users. This paper firstly lists out the architecture of the cloud computing, then discuss the most common security issues of using cloud and some solutions to the security issues since security is one of the most critical aspect in cloud computing due to the sensitivity of user's data.
-
Certified Training for Nuclear and Radioactive Source Security Management.
Johnson, Daniel
2017-04-01
Radioactive sources are used by hospitals, research facilities and industry for such purposes as diagnosing and treating illnesses, sterilising equipment and inspecting welds. Unfortunately, many States, regulatory authorities and licensees may not appreciate how people with malevolent intentions could use radioactive sources, and statistics confirm that a number of security incidents happen around the globe. The adversary could be common thieves, activists, insiders, terrorists and organised crime groups. Mitigating this risk requires well trained and competent staff who have developed the knowledge, attributes and skills necessary to successfully discharge their security responsibilities. The International Atomic Energy Agency and the World Institute for Nuclear Security are leading international training efforts. The target audience is a multi-disciplinary group of professionals with management responsibilities for security at facilities with radioactive sources. These efforts to promote training and competence amongst practitioners have been recognised at the 2014 and 2016 Nuclear Security and Nuclear Industry Summits. © The Author 2016. Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com.
-
DEFF Research Database (Denmark)
systematic study of security expertise and opens up a productive dialogue between science and technology studies and security studies to investigate the character and consequences of this expertise. In security theory, the study of expertise is crucial to understanding whose knowledge informs security making......This volume brings together scholars from different fields to explore the power, consequences and everyday practices of security expertise. Expertise mediates between different forms of knowledge: scientific and technological, legal, economic and political knowledge. This book offers the first...... and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think tanks...
-
Cyber Security Scenarios and Control for Small and Medium Enterprises
Directory of Open Access Journals (Sweden)
Nilaykumar Kiran SANGANI
2012-01-01
Full Text Available As the world advances towards the computing era, security threats keeps on increasing in the form of malware, viruses, internet attack, theft of IS assets / technology and a lot more. This is a major concern for any form of business. Loss in company’s status / liability / reputation is a huge downfall for a running business. We have witnessed the attacks getting carried out; large firm’s data getting breached / government bodies’ sites getting phished / attacked. These huge entities have technology expertise to safeguard their company’s interest against such attacks through investing huge amounts of capital in manpower and secure tools. But what about SMEs? SMEs enrich a huge part of the country’s economy. Big organizations have their own security measures policy which ideally is not applied when it comes to a SME. The aim of this paper is to come out with an Information Security Assurance Cyber Control for SMEs (ISACC against common cyber security threats implemented at a cost effective measure.
-
Security Analysis of Dynamic SDN Architectures Based on Game Theory
Directory of Open Access Journals (Sweden)
Chao Qi
2018-01-01
Full Text Available Security evaluation of SDN architectures is of critical importance to develop robust systems and address attacks. Focused on a novel-proposed dynamic SDN framework, a game-theoretic model is presented to analyze its security performance. This model can represent several kinds of players’ information, simulate approximate attack scenarios, and quantitatively estimate systems’ reliability. And we explore several typical game instances defined by system’s capability, players’ objects, and strategies. Experimental results illustrate that the system’s detection capability is not a decisive element to security enhancement as introduction of dynamism and redundancy into SDN can significantly improve security gain and compensate for its detection weakness. Moreover, we observe a range of common strategic actions across environmental conditions. And analysis reveals diverse defense mechanisms adopted in dynamic systems have different effect on security improvement. Besides, the existence of equilibrium in particular situations further proves the novel structure’s feasibility, flexibility, and its persistent ability against long-term attacks.
-
New nuclear power in the UK: A strategy for energy security?
International Nuclear Information System (INIS)
Watson, Jim; Scott, Alister
2009-01-01
The aim of this paper is to explore the extent to which the construction of new nuclear power plants in the UK can safeguard or enhance energy security. The paper starts with a discussion of energy security, and breaks it down into four main categories of threat. These include threats due to fossil fuel scarcity and external disruptions, problems due to a lack of investment in infrastructure, threats due to technology or infrastructure failure, and risks due to domestic activism or terrorism. The paper then discusses one of the most common strategies put forward to improve security-the promotion of diversity within energy systems. Following this, the paper assesses the potential for new nuclear investment to ameliorate security threats in each of the four categories introduced earlier in the paper. The paper concludes that whilst nuclear investment can help to mitigate some threats to UK energy security, the government's case for supporting this investment ignores some equally important security issues. As a result, the energy security case for nuclear power has not yet been made.
-
New nuclear power in the UK. A strategy for energy security?
Energy Technology Data Exchange (ETDEWEB)
Watson, Jim; Scott, Alister [Sussex Energy Group, SPRU, The Freeman Centre, University of Sussex, Brighton, East Sussex BN1 9QE (United Kingdom)
2009-12-15
The aim of this paper is to explore the extent to which the construction of new nuclear power plants in the UK can safeguard or enhance energy security. The paper starts with a discussion of energy security, and breaks it down into four main categories of threat. These include threats due to fossil fuel scarcity and external disruptions, problems due to a lack of investment in infrastructure, threats due to technology or infrastructure failure, and risks due to domestic activism or terrorism. The paper then discusses one of the most common strategies put forward to improve security - the promotion of diversity within energy systems. Following this, the paper assesses the potential for new nuclear investment to ameliorate security threats in each of the four categories introduced earlier in the paper. The paper concludes that whilst nuclear investment can help to mitigate some threats to UK energy security, the government's case for supporting this investment ignores some equally important security issues. As a result, the energy security case for nuclear power has not yet been made. (author)
-
New nuclear power in the UK: A strategy for energy security?
Energy Technology Data Exchange (ETDEWEB)
Watson, Jim, E-mail: w.j.watson@sussex.ac.u [Sussex Energy Group, SPRU, Freeman Centre, University of Sussex, Brighton, East Sussex BN1 9QE (United Kingdom); Scott, Alister [Sussex Energy Group, SPRU, Freeman Centre, University of Sussex, Brighton, East Sussex BN1 9QE (United Kingdom)
2009-12-15
The aim of this paper is to explore the extent to which the construction of new nuclear power plants in the UK can safeguard or enhance energy security. The paper starts with a discussion of energy security, and breaks it down into four main categories of threat. These include threats due to fossil fuel scarcity and external disruptions, problems due to a lack of investment in infrastructure, threats due to technology or infrastructure failure, and risks due to domestic activism or terrorism. The paper then discusses one of the most common strategies put forward to improve security-the promotion of diversity within energy systems. Following this, the paper assesses the potential for new nuclear investment to ameliorate security threats in each of the four categories introduced earlier in the paper. The paper concludes that whilst nuclear investment can help to mitigate some threats to UK energy security, the government's case for supporting this investment ignores some equally important security issues. As a result, the energy security case for nuclear power has not yet been made.
-
Security Technologies for Open Networking Environments (STONE)
Energy Technology Data Exchange (ETDEWEB)
Muftic, Sead
2005-03-31
-domain scenarios is supported by a set of security engines that represent the core of the Federated Identities Management Server, which is also an extension of the Domain Security Server. The Federated Identity Management server allows users to federate their identities or terminate the federation between the service provider and the identity provider. At the service provider web site, the users are offered a list of identity providers to which they can choose to federate their identities. After users federate their identity, they can perform Single Sign-On protocol in an environment of federated domains. The group security system consists of a number of security technologies under a unified architecture, which supports creation of secure groups and execution of secure group transactions and applications in an open networking environment. The system is based on extensions of the GSAKMP standard for group key distribution and management. The Top layer is the Security Infrastructure with the Security Management and Administration System components and protocols that provide security functions common to all secure network applications The Middle layer is the Secure Group Protocols and Applications layer, consisting of the Policy and Group Key Distribution Server and Web-based (thin) Client. The Bottom layer is the supporting Middleware Security Platform, the cryptographic platform already described above. The group security system is designed to perform the functions necessary to create secure groups and enable secure group applications. Specifically, the system can manage group roles, create and disseminate a group security policy, perform authentication and authorization of users using PKI certificates and Web services security, generate group keys, and recover from compromises. In accordance with the GSAKMP standard, the group security system must perform all the required group life-cycle functions: group definition, group establishment, group maintenance, and group removal. The
-
Microsoft Security Bible A Collection of Practical Security Techniques
Mullen, Timothy "Thor"
2011-01-01
Thor's Microsoft® Security Bible provides a "one-stop-shop" for Microsoft-related security techniques and procedures as applied to the typical deployment of a Microsoft-based infrastructure. The book contains detailed security concepts and methodologies described at every level: Server, Client, Organizational Structure, Platform-specific security options, application specific security (IIS, SQL, Active Directory, etc.) and also includes new, never-before-published security tools complete with source code. Detailed technical information on security processes for all major Microsoft applications
-
Security 2020 Reduce Security Risks This Decade
Howard, Doug; Schneier, Bruce
2010-01-01
Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine
-
Directory of Open Access Journals (Sweden)
Laurentiu Barcan
2018-04-01
Full Text Available Being required to conform to the large number of regulations, standards and requirements, information security should be considered a general problem of organization that requires involvement at the level of management and must involve all departments and activities of an organization, from professionals in the field to information to users. Creating a culture of security is essential to the organization through continuous education of staff, permanent collaboration with partners in a common approach to security issues, but also through customer awareness of information security risks.
-
Integrating security in a group oriented distributed system
Reiter, Michael; Birman, Kenneth; Gong, LI
1992-01-01
A distributed security architecture is proposed for incorporation into group oriented distributed systems, and in particular, into the Isis distributed programming toolkit. The primary goal of the architecture is to make common group oriented abstractions robust in hostile settings, in order to facilitate the construction of high performance distributed applications that can tolerate both component failures and malicious attacks. These abstractions include process groups and causal group multicast. Moreover, a delegation and access control scheme is proposed for use in group oriented systems. The focus is the security architecture; particular cryptosystems and key exchange protocols are not emphasized.
-
De Patta, Joe
2003-01-01
Examines how to evaluate school security, begin making schools safe, secure schools without turning them into fortresses, and secure schools easily and affordably; the evolution of security systems into information technology systems; using schools' high-speed network lines; how one specific security system was developed; pros and cons of the…
-
DEFF Research Database (Denmark)
Wivel, Anders
2011-01-01
What is a security dilemma? What are the consequences of security dilemmas in international politics?......What is a security dilemma? What are the consequences of security dilemmas in international politics?...
-
Black Sea Energy Security - Present and Future
Directory of Open Access Journals (Sweden)
Florinel Iftode
2011-05-01
Full Text Available We chose this theme to highlight the need for continuous and sustained human society to secure energy resources needed to survive, needs reflected in an increasingly in recent years in the strategies adopted at both states, as at the level of international organizations. Achieving security and stability in the wider Black Sea area has been among the priorities of each country's interests in this region. In this context, state and non-state actors were being called to come up with new solutions to achieve those interests. Certainly not in all cases the negotiations were completed or not yet found a generally accepted formula for others to apply, but most of them show off their values. The main environmental threats to security environment in the Black Sea region are represented by ethnic conflicts and territorial secessionism. A significant contribution to the security environment of the Black Sea region has the phenomenon of globalization, which in this region is manifested by a steady increase in traffic and volume of shipping passage of communication, which largely affects the security in the region. Globalization and the need for energy resources in the Black Sea was an important area not only as energy transport route, but as a potential supplier of material energy (oil and natural gas. Black Sea Basin can be stabilized and secured only by the will and input from all States and interested international organizations in pragmatic and effective institutional frameworks, meant to promote and protect the common interests of countries decided to participate in actions aimed at ensuring a stable environment security.
-
A improved Network Security Situation Awareness Model
Directory of Open Access Journals (Sweden)
Li Fangwei
2015-08-01
Full Text Available In order to reflect the situation of network security assessment performance fully and accurately, a new network security situation awareness model based on information fusion was proposed. Network security situation is the result of fusion three aspects evaluation. In terms of attack, to improve the accuracy of evaluation, a situation assessment method of DDoS attack based on the information of data packet was proposed. In terms of vulnerability, a improved Common Vulnerability Scoring System (CVSS was raised and maked the assessment more comprehensive. In terms of node weights, the method of calculating the combined weights and optimizing the result by Sequence Quadratic Program (SQP algorithm which reduced the uncertainty of fusion was raised. To verify the validity and necessity of the method, a testing platform was built and used to test through evaluating 2000 DAPRA data sets. Experiments show that the method can improve the accuracy of evaluation results.
-
A comparative approach to nuclear safety and nuclear security
International Nuclear Information System (INIS)
2009-01-01
The operators in charge of nuclear facilities or activities have to deal with nuclear and radiological risks, which implies implementing two complementary approaches - safety and security - each of which entails specific methods. Targeting the same ultimate purpose, these two approaches must interact to mutually reinforce each other, without compromising one another. In this report, IRSN presents its reflections on the subject, drawing on its expertise in assessing risks on behalf of the French safety and security authorities, together with the lessons learned from sharing experience at international level. Contents: 1 - Purpose and context: Definitions, Similar risks but different causes, Transparency and confidentiality, Synergy in dealing with sabotage, A common purpose: protecting Man and the environment; 2 - Organizational principles: A legislative and regulatory framework relative to safety as well as security, The competent nuclear safety and security authorities, A difference in the distribution of responsibilities between the operators and the State (Prime responsibility of operators, A different involvement of the State), Safety culture and security culture; 3 - Principles for the application of safety and security approaches: Similar design principles (The graded approach, Defence-in-depth, Synergy between safety and security), Similar operating principles (The same requirement regarding constant monitoring, The same need to take account of feedback, The same need to update the baseline, Sharing good practices is more restricted in the area of security, The need to deal with the respective requirements of safety and security), Similar emergency management (Developing emergency and contingency plans, Carrying out exercises), Activities subject to quality requirements; 4 - Conclusion
-
The intelligence-security services and national security
Mijalković, Saša
2011-01-01
Since their inception, states have been trying to protect their vital interests and values more effectively, in which they are often impeded by other countries. At the same time, they seek to protect the internal order and security against the so-called internal enemy. Therefore, the states organize (national) security systems within their (state) systems, in which they form some specialized security entities. Among them, however, intelligence and security services are the ones that stand out...
-
Information security improving blocklist driven firewall implementation
Kylmänen, J. (Juha)
2013-01-01
Abstract The Internet has become a commodity and with it information security and privacy issues have appeared. Common threats against the end users include malware and phishing. Phishing is a social engineering technique used to mimic legit banking or social networking websites in an attempt to gain sensitive information from the user and malware is software with malicious intent. ...
-
Security intelligence a practitioner's guide to solving enterprise security challenges
Li, Qing
2015-01-01
Identify, deploy, and secure your enterprise Security Intelligence, A Practitioner's Guide to Solving Enterprise Security Challenges is a handbook for security in modern times, against modern adversaries. As leaders in the design and creation of security products that are deployed globally across a range of industries and market sectors, authors Qing Li and Gregory Clark deliver unparalleled insight into the development of comprehensive and focused enterprise security solutions. They walk you through the process of translating your security goals into specific security technology domains, fo
-
Center for computer security: Computer Security Group conference. Summary
Energy Technology Data Exchange (ETDEWEB)
None
1982-06-01
Topics covered include: computer security management; detection and prevention of computer misuse; certification and accreditation; protection of computer security, perspective from a program office; risk analysis; secure accreditation systems; data base security; implementing R and D; key notarization system; DOD computer security center; the Sandia experience; inspector general's report; and backup and contingency planning. (GHT)
-
Security dialogues: building better relationships between security and business
Ashenden, Debi; Lawrence, Darren
2016-01-01
In the real world, there's often a discrepancy between an organization's mandated security processes and what actually happens. The social practice of security flourishes in the space between and around formal organizational security processes. By recognizing the value of risk management as a communication tool, security practitioners can tap opportunities to improve the security dialogue with staff.
-
Hardware-Assisted System for Program Execution Security of SOC
Directory of Open Access Journals (Sweden)
Wang Xiang
2016-01-01
Full Text Available With the rapid development of embedded systems, the systems’ security has become more and more important. Most embedded systems are at the risk of series of software attacks, such as buffer overflow attack, Trojan virus. In addition, with the rapid growth in the number of embedded systems and wide application, followed embedded hardware attacks are also increasing. This paper presents a new hardware assisted security mechanism to protect the program’s code and data, monitoring its normal execution. The mechanism mainly monitors three types of information: the start/end address of the program of basic blocks; the lightweight hash value in basic blocks and address of the next basic block. These parameters are extracted through additional tools running on PC. The information will be stored in the security module. During normal program execution, the security module is designed to compare the real-time state of program with the information in the security module. If abnormal, it will trigger the appropriate security response, suspend the program and jump to the specified location. The module has been tested and validated on the SOPC with OR1200 processor. The experimental analysis shows that the proposed mechanism can defence a wide range of common software and physical attacks with low performance penalties and minimal overheads.
-
Enterprise security IT security solutions : concepts, practical experiences, technologies
Fumy, Walter
2013-01-01
Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book provides a broad knowledge on the major security issues affecting today's corporations and organizations, and presents state-of-the-art concepts and current trends for securing an enterprise.Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart card based solutions and biometrics), and security certification. In-depth discussion of relevant technologies and standards (including cr
-
Securing Chinese nuclear power development: further strengthening nuclear security
International Nuclear Information System (INIS)
Zhang Hui
2014-01-01
Chinese President Xi Jinping addresses China's new concept of nuclear security with four 'equal emphasis' at the third Nuclear Security Summit, and makes four commitments to strengthen nuclear security in the future. To convert President Xi's political commitments into practical, sustainable reality, China should take further steps to install a complete, reliable, and effective security system to ensure that all its nuclear materials and nuclear facilities are effectively protected against the full spectrum of plausible terrorist and criminal threats. This paper suggests the following measures be taken to improve China's existing nuclear security system, including updating and clarifying the requirements for a national level DBT; updating and enforcing existing regulations; further promoting nuclear security culture; balancing the costs of nuclear security, and further strengthening international cooperation on nuclear security. (author)
-
Alexander A. Galushkin
2015-01-01
In the present article author analyzes value of the concepts "national security", "information security", "national information security". Author gives opinions of scientists-jurists, definitions given by legislators and normotvorets in various regulations.
-
Security Testing in Agile Web Application Development - A Case Study Using the EAST Methodology
Erdogan, Gencer
2010-01-01
There is a need for improved security testing methodologies specialized for Web applications and their agile development environment. The number of web application vulnerabilities is drastically increasing, while security testing tends to be given a low priority. In this paper, we analyze and compare Agile Security Testing with two other common methodologies for Web application security testing, and then present an extension of this methodology. We present a case study showing how our Extended Agile Security Testing (EAST) performs compared to a more ad hoc approach used within an organization. Our working hypothesis is that the detection of vulnerabilities in Web applications will be significantly more efficient when using a structured security testing methodology specialized for Web applications, compared to existing ad hoc ways of performing security tests. Our results show a clear indication that our hypothesis is on the right track.
-
Middleware-based Security for Hyperconnected Applications in Future In-Car Networks
Directory of Open Access Journals (Sweden)
Alexandre Bouard
2013-12-01
Full Text Available Today’s cars take advantage of powerful electronic platforms and provide more and more sophisticated connected services. More than just ensuring the role of a safe transportation mean, they process private information, industrial secrets, communicate with our smartphones, Internet and will soon host thirdparty applications. Their pervasive computerization makes them vulnerable to common security attacks, against which automotive technologies cannot protect. The transition toward Ethernet/IP-based on-board communication could be a first step to respond to these security and privacy issues. In this paper, we present a security framework leveraging local and distributed information flow techniques in order to secure the on-board network against internal and external untrusted components. We describe the implementation and integration of such a framework within an IP-based automotive middleware and provide its evaluation.
-
Nuclear security - New challenge to the safety of nuclear power plants
International Nuclear Information System (INIS)
Li Ganjie
2008-01-01
preparation and drills of emergency preparedness of nuclear facilities and carried out actively the preparation of anti terrorism in nuclear sector. Although the international community has been working on the nuclear security with a series of measures, according to the author there is a need author to discuss the following key perspectives. (1) It is essential to determine the definition of the nuclear security for power plants and come to a common understanding in the nuclear sector as soon as possible. (2) An international unified design basis threat to nuclear security of nuclear power plants should be developed to apply to the design of the nuclear security system of newly-built nuclear power plants and to evaluate the existing nuclear security system in the operating nuclear power plants so as to take improved measures. (3) The dividing of responsibilities between national government and nuclear power plants should be redefined in the new regime of nuclear security of nuclear power plants. (4) The relationship between the requirements of nuclear security and of the economy of nuclear power development should be balanced. (5) The technical standard system that suitable for new regime of nuclear security of nuclear power plants should be developed and improved to accelerate the enhancing of capability in nuclear security of nuclear power plants. It was concluded that nuclear terrorism is the common enemy to all the human beings. To strengthen the capacity of nuclear security of power plants, to ensure nuclear safety, are in the common interest and the responsibility of the entire international society. Recognizing the significance of strengthening the international cooperation on nuclear security, it is expected that the international society should closely cooperate together to establish the regime for nuclear security, share information and crack down nuclear terrorism. It was stated that China, as a responsible member of the international community, will continue to
-
Mitrović, Miroslav M.; Ivaniš, Željko
2013-01-01
Contemporary security challenges, risks and threats represent a resultant of the achieved level of interaction between various entities within the paradigm of global security relations. Asymmetry and nonlinearity are main features of contemporary challenges in the field of global security. Negotiation in the area of security, namely the security negotiation, thus goes beyond just the domain of negotiation in conflicts and takes into consideration particularly asymmetric forms of possible sour...
-
Food security in the context of HIV: towards harmonized definitions and indicators.
Anema, Aranka; Fielden, Sarah J; Castleman, Tony; Grede, Nils; Heap, Amie; Bloem, Martin
2014-10-01
Integration of HIV and food security services is imperative to improving the health and well-being of people living with HIV. However, consensus does not exist on definitions and measures of food security to guide service delivery and evaluation in the context of HIV. This paper reviews definitions and indicators of food security used by key agencies; outlines their relevance in the context of HIV; highlights opportunities for harmonized monitoring and evaluation indicators; and discusses promising developments in data collection and management. In addition to the commonly used dimensions of food availability, access, utilization and stability, we identify three components of food security-food sufficiency, dietary quality, and food safety-that are useful for understanding and measuring food security needs of HIV-affected and other vulnerable people. Harmonization across agencies of food security indicators in the context of HIV offers opportunities to improve measurement and tracking, strengthen coordination, and inform evidence-based programming.
-
Abolishing the Security Dilemma: Why we need to integrate the militaries
Directory of Open Access Journals (Sweden)
Anna Cornelia Beyer
2018-01-01
Full Text Available This article argues that the Security Dilemma can in fact be abolished by integrating the militaries into one common global organisation, possibly under one common command. The existence and workings of North Atlantic Treaty Organization (NATO are an approximate example of this ideal in a geographically limited space. For illustrating this argument, this article discusses the logic of the Prisoners Dilemma, as the intellectual model underlying the Security Dilemma, and proposes an alternative version of the Prisoners Dilemma. It is then argued that the Security Dilemma only persists in a politically and economically ever farther integrated world because the international militaries are not integrated and hence partial anarchy persists at least in the military realm. The solution to remaining international conflicts, such as arguably one between NATO and Russia recently, would be to expand NATO to include “threatening” states’ militaries until all militaries are joined in a global organisation, a truly global NATO. Finally, revised non-violent functions for NATO, as well as a global welfare state and an early warning system for civil wars, are proposed and discussed.
-
Improving Security in the ATLAS PanDA System
International Nuclear Information System (INIS)
Caballero, J; Maeno, T; Potekhin, M; Wenaus, T; Nilsson, P; Stewart, G
2011-01-01
The security challenges faced by users of the grid are considerably different to those faced in previous environments. The adoption of pilot jobs systems by LHC experiments has mitigated many of the problems associated with the inhomogeneities found on the grid and has greatly improved job reliability; however, pilot jobs systems themselves must then address many security issues, including the execution of multiple users' code under a common 'grid' identity. In this paper we describe the improvements and evolution of the security model in the ATLAS PanDA (Production and Distributed Analysis) system. We describe the security in the PanDA server which is in place to ensure that only authorized members of the VO are allowed to submit work into the system and that jobs are properly audited and monitored. We discuss the security in place between the pilot code itself and the PanDA server, ensuring that only properly authenticated workload is delivered to the pilot for execution. When the code to be executed is from a 'normal' ATLAS user, as opposed to the production system or other privileged actor, then the pilot may use an EGEE developed identity switching tool called gLExec. This changes the grid proxy available to the job and also switches the UNIX user identity to protect the privileges of the pilot code proxy. We describe the problems in using this system and how they are overcome. Finally, we discuss security drills which have been run using PanDA and show how these improved our operational security procedures.
-
ENTERPRISE ECONOMIC SECURITY: ESSENTIAL CHARACTERISTICS OF THE CONCEPT
Directory of Open Access Journals (Sweden)
Nina Avanesova
2017-09-01
Full Text Available The subjectmatter of the study is determining the essence of economic security. The aim is to systematize the approaches to the interpretation of the concept "enterprise economic security". The immediacy of the study is motivated by the lack of consistency, co-ordination and common views on the discourse in this area, as well as insufficiently substantiated offers for implementing modern methods and models of economic security management at all levels of economy. At the same time, despite a large number of publications, there remain many unsolved problems in the management of economic security, which is the main component of protection against threats, both at the state level and at the level of business entities such as enterprises and organizations. The following methods of theoretical and empirical research were used: logical generalization – to substantiate the relevance of the topic, the goals and objectives of the study, to determine the essential features of the problem; analysis and synthesis – to describe the theories of economic security. Economic security of an enterprise gives rise to a company’s capability to develop, increase its competitiveness and the competitiveness of its products, sustain its position on competitive markets, and characterizes the strength and economic potential of enterprises to counteract the negative impact of the external and internal environment. At the same time, the company’s economic security mirrors the conditions of its protection against any threats which are achieved due to the use of existing and potential resources of the company in order to ensure its safe operation in the long run.
-
Measuring the security of energy exports demand in OPEC economies
International Nuclear Information System (INIS)
Dike, Jude Chukwudi
2013-01-01
One of the objectives of OPEC is the security of demand for the crude oil exports of its members. Achieving this objective is imperative with the projected decline in OECD countries' crude oil demand among other crude oil demand shocks. This paper focuses on determining the external crude oil demand security risks of OPEC member states. In assessing these risks, this study introduces two indexes. The first index, Risky Energy Exports Demand (REED), indicates the level of energy export demand security risks for OPEC members. It combines measures of export dependence, economic dependence, monopsony risk and transportation risk. The second index, Contribution to OPEC Risk Exposure (CORE), indicates the individual contribution of the OPEC members to OPEC's risk exposure. This study utilises the disaggregated index approach in measuring energy demand security risks for crude oil and natural gas and involves a country level analysis. With the disaggregated approach, the study shows that OPEC's energy export demand security risks differ across countries and energy types. - Highlights: • REED and CORE indexes are suitable measures for energy exports demand security risk. • The indexes show that energy demand security risk is different for each OPEC country. • The countries contribution to OPEC's energy demand security risk is also different. • The outcome is necessary for OPEC's common energy and climate change policies. • The outcome makes a case for oil demand security as a topical issue in the literature
-
Improving the Security of Internet Banking Applications by Using Multimodal Biometrics
Directory of Open Access Journals (Sweden)
Cătălin Lupu
2015-03-01
Full Text Available Online banking applications are used by more and more people all over the world. Most of the banks are providing these services to their customers. The authentication methods varies from the basic user and password to username and a onetime password (OTP generated by a virtual or a physical digipass. The common thing among authentication methods is that the login wepage is provided through a secure channel. Some banks have introduced (especially for testing purposes the authentication using common biometric characteristics, like fingerprint, voice or keystroke recognition. This paper will present some of the most common online banking authentication methods, together with basic biometric characteristics that could be used in these applications. The security in internet banking applications can be improved by using biometrics for the authentication process. Also, the authors have developed an application for authentication of users using fingerprint as the main characteristic, which will be presented at the end of this paper.
-
Polish Defense Policy in the Context of National Security Strategy
National Research Council Canada - National Science Library
Bieniek, Piotr S
2006-01-01
... goals to eliminate current threats and risks such as terrorism. As far as Poland is concerned, its priority is to be an active leader in improving common security policy within the boundaries of the European Union (EU...
-
de Goede, M.; Burgess, J.P.
2010-01-01
1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered
-
Energy Technology Data Exchange (ETDEWEB)
Robert P. Evans
2005-09-01
Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was
-
School Security Measures and Longitudinal Trends in Adolescents' Experiences of Victimization.
Fisher, Benjamin W; Mowen, Thomas J; Boman, John H
2018-06-01
Although school security measures have become a common fixture in public schools across the United States, research on the relationship between security and adolescent victimization is mixed, with very few studies examining trends in adolescent victimization across time. Using two waves of data from the Educational Longitudinal Study 2002 (N = 7659; 50.6% female; 56.7% White, 13.3% Black, 13.5% Hispanic, 11.3% Asian American, 5.4% other race), results from a series of multi-level models demonstrate that adolescents in schools with more security measures report higher odds of being threatened with harm, and no difference in odds of being in a physical altercation or having something stolen over time. Although prior research has established racial disparities in using school security measures, results demonstrate inconsistent patterns in the extent to which adolescents' race conditions the relationship between security and victimization. The findings are discussed in light of existing theoretical and empirical work, and implications for both research and practice are offered.
-
Phosphorus recycling and food security in the long run
Weikard, Hans Peter
2016-01-01
Food security for all is a global political goal and an outstanding moral concern. The common response to this concern is agricultural intensification, which includes among other things increasing inputs of fertilisers. The paper addresses the fact that phosphorus (P) is essential for
-
Through the Frosted Glass: Security Problems in a Translucent UI
Renkema-Padmos, Arne; Baum, Jerome
2014-01-01
Translucency is now a common design element in at least one popular mobile operating system. This raises security concerns as it can make it harder for users to correctly identify and interpret trusted interaction elements. In this paper, we demonstrate this security problem using the example of the Safari browser in the latest iOS version on Apple tablets and phones (iOS7), and discuss technical challenges of an attack as well as solutions to these challenges. We conclude with a survey-based...
-
Security in Transition: Police Reform in El Salvador and South Africa
National Research Council Canada - National Science Library
Desilets-Bixler, Nicole
2002-01-01
This thesis studies police reform in El Salvador and South Africa. While both countries differ considerably in geographic size culture location population and economic and military strength they share common security concerns...
-
Security patterns in practice designing secure architectures using software patterns
Fernandez-Buglioni, Eduardo
2013-01-01
Learn to combine security theory and code to produce secure systems Security is clearly a crucial issue to consider during the design and implementation of any distributed software architecture. Security patterns are increasingly being used by developers who take security into serious consideration from the creation of their work. Written by the authority on security patterns, this unique book examines the structure and purpose of security patterns, illustrating their use with the help of detailed implementation advice, numerous code samples, and descriptions in UML. Provides
-
Database and applications security integrating information security and data management
Thuraisingham, Bhavani
2005-01-01
This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging
-
The House of Security: Stakeholder Perceptions of Security Assessment and Importance
Ang, Wee Horng; Deng, Vicki; Lee, Yang; Madnick, Stuart; Mistree, Dinsha; Siegel, Michael; Strong, Diane
2007-01-01
In this paper we introduce a methodology for analyzing differences regarding security perceptions within and between stakeholders, and the elements which affect these perceptions. We have designed the €܈ouse of Security€ݬ a security assessment model that provides the basic framework for considering eight different constructs of security: Vulnerability, Accessibility, Confidentiality, Technology Resources for Security, Financial Resources for Security, Business Strategy for Security, Secur...
-
Learners’ Perception on Security Issues in M-learning (Nigerian Universities Case Study
Directory of Open Access Journals (Sweden)
Shaibu Adekunle Shonola
2014-10-01
Full Text Available With the advent of modern technology, mobile phones and smartphones are used not only for calling and text messages but also for banking and social networking. Recent developments in technology have made the use of mobile devices feasible in other sectors such as education and government. While educators are using mobile devices as teaching aids, students are also using them as learning tools. In some cases the developers of mobile learning in universities are making m-learning apps without serious consideration for security aspects whereas the handheld devices pose a serious threat to confidentiality, integrity and privacy of users including the learners. As a case study, this paper investigates the security concerns that students may have with the introduction of m-learning in higher education institutions in Nigeria and how this impacts on their learning. It examines the effects of security threats in m-learning on students and provides recommendations for alleviating these threats. Photo credit: "Sysop actions of la cabale camembière - croped" by PierreSelim - Own work. Licensed under Creative Commons Attribution 3.0 via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Sysop_actions_of_la_cabale_camembi%C3%A8re_-_croped.jpg#mediaviewer/
-
Brock, Gordon; Gurekas, Vydas; Gelinas, Anne-Fredrique; Rollin, Karina
2009-01-01
Little has been published on the management of psychiatric crises in rural areas, and little is known of the security needs or use of "secure rooms" in rural hospitals. We conducted a 3-year retrospective chart audit on the use of our secure room/security guard system at a rural hospital in a town of 3500, located 220 km from our psychiatric referral centre. Use of our secure room/security guard system occurred at the rate of 1.1 uses/1000 emergency department visits, with the most common indication being physician perception of risk of patient suicide or self-harm. Concern for staff safety was a factor in 10% of uses. Eighty percent of patients were treated locally, with most being released from the secure room after 2 days or less. Fourteen percent of patients required ultimate transfer to our psychiatric referral centre and 6% to a detoxification centre. The average annual cost of security was $16 259.61. A secure room can provide the opportunity for close observation of a potentially self-harming patient, additional security for staff and early warning if a patient flees the hospital. Most admissions were handled locally, obviating the need for transfer to distant psychiatric referral centres. Most patients who were admitted were already known as having a psychiatric illness and 80% of the patients required the use of the secure room/security guard system for less than a 2-night stay, suggesting that most rural mental health crises pass quickly. Most patients admitted to a rural hospital with a mental health crisis can be managed locally if an adequate secure room/security guard system is available.
-
Information-Pooling Bias in Collaborative Security Incident Correlation Analysis.
Rajivan, Prashanth; Cooke, Nancy J
2018-03-01
Incident correlation is a vital step in the cybersecurity threat detection process. This article presents research on the effect of group-level information-pooling bias on collaborative incident correlation analysis in a synthetic task environment. Past research has shown that uneven information distribution biases people to share information that is known to most team members and prevents them from sharing any unique information available with them. The effect of such biases on security team collaborations are largely unknown. Thirty 3-person teams performed two threat detection missions involving information sharing and correlating security incidents. Incidents were predistributed to each person in the team based on the hidden profile paradigm. Participant teams, randomly assigned to three experimental groups, used different collaboration aids during Mission 2. Communication analysis revealed that participant teams were 3 times more likely to discuss security incidents commonly known to the majority. Unaided team collaboration was inefficient in finding associations between security incidents uniquely available to each member of the team. Visualizations that augment perceptual processing and recognition memory were found to mitigate the bias. The data suggest that (a) security analyst teams, when conducting collaborative correlation analysis, could be inefficient in pooling unique information from their peers; (b) employing off-the-shelf collaboration tools in cybersecurity defense environments is inadequate; and (c) collaborative security visualization tools developed considering the human cognitive limitations of security analysts is necessary. Potential applications of this research include development of team training procedures and collaboration tool development for security analysts.
-
Radioactive Sources in Medicine: Impact of Additional Security Measures
International Nuclear Information System (INIS)
Classic, K. L.; Vetter, R. J.; Nelson, K. L.
2004-01-01
For many years, medical centers and hospitals have utilized appropriate security measures to prevent theft or unauthorized use of radioactive materials. Recent anxiety about orphan sources and terrorism has heightened concern about diversion of radioactive sources for purposes of constructing a radiological dispersion device. Some medical centers and hospitals may have responded by conducting threat assessments and incorporating additional measures into their security plans, but uniform recommendations or regulations have not been promulgated by regulatory agencies. The International Atomic Energy Agency drafted interim guidance for the purpose of assisting member states in deciding what security measures should be taken for various radioactive sources. The recommendations are aimed at regulators, but suppliers and users also may find the recommendations to be helpful. The purpose of this paper is to describe threat assessments and additional security actions that were taken by one large and one medium-sized medical center and the impact these measures had on operations. Both medical centers possess blood bank irradiators, low-dose-rate therapy sources, and Mo-99/Tc-99m generators that are common to many health care organizations. Other medical devices that were evaluated include high-dose-rate after loaders, intravascular brachytherapy sources, a Co-60 stereotactic surgery unit, and self-shielded irradiators used in biomedical research. This paper will discuss the impact additional security has had on practices that utilize these sources, cost of various security alternatives, and the importance of a security culture in assuring the integrity of security measures without negatively impacting beneficial use of these sources. (Author) 10 refs
-
Securing Land Tenure, Improving Food Security and Reducing ...
International Development Research Centre (IDRC) Digital Library (Canada)
Securing Land Tenure, Improving Food Security and Reducing Poverty in Rural ... land tenure regimes as obstacles to food security, economic integration and ... its 2017 call for proposals to establish Cyber Policy Centres in the Global South.
-
Researches on the Security of Cluster-based Communication Protocol for Wireless Sensor Networks
Directory of Open Access Journals (Sweden)
Yanhong Sun
2014-08-01
Full Text Available Along with the in-depth application of sensor networks, the security issues have gradually become the bottleneck of wireless sensor applications. To provide a solution for security scheme is a common concern not only of researchers but also of providers, integrators and users of wireless sensor networks. Based on this demand, this paper focuses on the research of strengthening the security of cluster-based wireless sensor networks. Based on the systematic analysis of the clustering protocol and its security enhancement scheme, the paper introduces the broadcast authentication scheme, and proposes an SA-LEACH network security enhancement protocol. The performance analysis and simulation experiments prove that the protocol consumes less energy with the same security requirements, and when the base station is comparatively far from the network deployment area, it is more advantageous in terms of energy consumption and t more suitable for wireless sensor networks.
-
Voeller, John G
2014-01-01
Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.
-
Computer Security: the security marathon
Computer Security Team
2014-01-01
If you believe that “security” is a sprint, that a quick hack is invulnerable, that quick bug fixing is sufficient, that plugging security measures on top of existing structures is good, that once you are secure your life will be easy... then let me convince you otherwise. An excellent example of this is when the summer students join us at CERN. As the summer period is short, software projects must be accomplished quickly, like a sprint. Rush, rush! But often, this sprint ends with aching muscles. Regularly, these summer students approach us to have their project or web server made visible to the Internet. Regularly, quick security reviews of those web servers diagnose severe underperformance with regards to security: the web applications are flawed or use insecure protocols; the employed software tools, databases or web frameworks are sub-optimal and not adequately chosen for that project; the operating system is non-standard and has never been brought up-to-date; and ...
-
Secure external access to CERN's services to replace VPN
2005-01-01
CERN has recently experienced several computer security incidents caused by people opening VPN connections and (unknown to them) allowing malicious software to enter CERN. VPN should be used to connect to CERN only in extreme and exceptional circumstances and it is formally discouraged as a general solution. If incidents continue, the availability of the service will need to be reviewed. Recommended methods of connecting to CERN from the Internet for common functionalities such as e-mail, access to CERN web or file servers and interactive sessions on CERN systems are described at http://cern.ch/security/vpn
-
Force Protection Common Operational Picture/Common Tactical Picture
National Research Council Canada - National Science Library
Peter, Russell
1998-01-01
... has taken an integrated approach to Force Protection. There is a recognition that Force Protection is not a Security Police operation; but is a Security Force oDeration. This exemplifies a mindset change and a movement away from pure.
-
Provides an overview of EPA's homeland security roles and responsibilities, and links to specific homeland security issues: water security, research, emergency response, recovery, and waste management.
-
International Nuclear Security Education Network (INSEN): Promoting nuclear security education
International Nuclear Information System (INIS)
Muhamad Samudi Yasir
2013-01-01
Full-text: The need for human resource development programmes in nuclear security was underlined at several International Atomic Energy Agency (IAEA) General Conferences and Board of Governors Meetings. Successive IAEA Nuclear Security Plans, the most recent of which was agreed by the Board of Governors in September 2009, give high priority to assisting States in establishing educational programmes in nuclear security in order to ensure the sustainability of nuclear security improvements. The current Nuclear Security Plan 1 covering 2010-2013 emphasizes on the importance of considering existing capacities at international, regional and national levels while designing nuclear security academic programmes. In the course of implementing the Plan, the IAEA developed a guide entitled Educational Programme in Nuclear Security (IAEA Nuclear Security Series No. 12) that consists of a model of a MAster of Science (M.Sc.) and a Certificate Programme in Nuclear Security. This guide was aims at assisting universities or other educational institutes to developed academic programmes in nuclear security. Independently, some universities already offered academic programmes covering some areas of nuclear security, while other universities have asked the IAEA to support the implementation of these programmes. In order to better address current and future request for assistance in this area, the IAEA establish a collaboration network-International Nuclear Security Education Network (INSEN), among universities who are providing nuclear security education or who are interested in starting an academic programme/ course(s) in nuclear security. Universiti Kebangsaan Malaysia (UKM) is a first local university became a member of INSEN since the beginning of the establishment. (author)
-
The common objectives of the European Nordic countries and the role of space
Lehnert, Christopher; Giannopapa, Christina; Vaudo, Ersilia
2016-11-01
The European Space Agency (ESA) has twenty two Member States with common goals of engaging in European space activities. However, the various Member States have a variety of governance structures, strategic priorities regarding space and other sectorial areas depending on their cultural and geopolitical aspirations. The Nordic countries, namely Denmark, Finland, Norway and Sweden, have similarities which result often in common geopolitical and cultural aspects. These in turn shape their respective priorities and interests in setting up their policies in a number of sectorial areas like shipping and fisheries, energy, immigration, agriculture, security and defence, infrastructures, climate change and the Arctic. Space technology, navigation, earth observation, telecommunication and integrated applications can assist the Nordic countries in developing, implementing and monitoring policies of common interest. This paper provides an in-depth overview and a comprehensive assessment of these common interests in policy areas where space can provide support in their realisation. The first part provides a synthesis of the Nordic countries respective priorities through analysing their government programmes and plans. The priorities are classified according to the six areas of sustainability: energy, environment and climate change, transport, knowledge and innovation, natural resources (fisheries, agriculture, forestry, mining, etc), and security and external relations. Although the national strategies present different national perspectives, at the same time, there are a number of similarities when it comes to overall policy objectives in a number of areas such as the Arctic and climate change. In other words, even though the Arctic plays a different role in each country's national context and there are clear differences as regards geography, access to resources and security policies, the strategies display common general interest in sustainable development and management of
-
Quality of Security Service: Adaptive Security
National Research Council Canada - National Science Library
Levin, Timothy E; Irvine, Cynthia E; Spyropoulou, Evdoxia
2004-01-01
The premise of Quality of Security Service is that system and network management functions can be more effective if variable levels of security services and requirements can be presented to users or network tasks...
-
Energy Technology Data Exchange (ETDEWEB)
Rouhiainen, V. (ed.)
2007-02-15
VTT has a broad range of security research ongoing in many areas of technology. The main areas have been concentrating on public safety and security, but VTT is also participating in several research projects related to defence technology. To identify and define expertise and research goals in more detail, the Security research roadmap was developed. The roadmap identified three particularly significant areas related to security. The assurance of a critical infrastructure emphasises the protection of energy networks, information networks, water supply, traffic and transport, and obviously also the citizens. For assuring the activities of entrepreneurship, significant areas include the security of production and services, the security of sites and assets, and information security for embedded systems. The most important security products and technologies needed are, for example, management of total security, detection, identification, localisation and communication, protection of information networks and systems, as well as physical protection. In the EU's Security programme, which aims at ensuring the security of society and its vital functions, it is stated that. Technology alone can not assure security, but security can not be assured without the support of technology. VTT is conducting security research in all its areas of expertise and clusters. The area has a significant research potential. The development of products and systems designed for the improvement of security has just started. There is still room for innovation. This report presents knowledge and development needs in more detail, as well as future development potential seen in the area of security. (orig.)
-
Cristina-Maria Titrade
2011-01-01
This paper presents some security issues, namely security database system level, data level security, user-level security, user management, resource management and password management. Security is a constant concern in the design and database development. Usually, there are no concerns about the existence of security, but rather how large it should be. A typically DBMS has several levels of security, in addition to those offered by the operating system or network. Typically, a DBMS has user a...
-
Pattern and security requirements engineering-based establishment of security standards
Beckers, Kristian
2015-01-01
Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security standards presented, and the relations to the elementary concepts of security requirements engineering (SRE) methods explored. Using this knowledge, engineers can build customised methods that support the establishment of security standards. Standard
-
Information security fundamentals
Peltier, Thomas R
2013-01-01
Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r
-
Computer Security Team
2011-01-01
Want to check your security awareness and win one of three marvellous books on computer security? Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us by 31 October 2011 at either Computer.Security@cern.ch or P.O. Box G19710. Winners[1] must show that they fulfil at least five good practices in a continuous vertical, horizontal or diagonal row. For details on CERN Computer Security, please consult http://cern.ch/security. I personally… …am concerned about computer security. …run my computer with an anti-virus software and up-to-date signature files. …lock my computer screen whenever I leave my office. …have chosen a reasonably complex password. …have restricted access to all my files and data. …am aware of the security risks and threats to CERN’s computing facilities. &hell...
-
The Role Of Commercially Provided Security in Africa's Patrimonial Security Complexes
Kinsey, Christopher; Krieg, Andreas
2014-01-01
With the concept of public security generally absent in Africa and a factionalized security sector of both state and non-state actors delivering security exclusively to certain groups affiliated with patrimonial elites, this paper examines the role of commercial providers of security within African security sectors. In factionalized security sectors with limited territorial reach, the state unable or unwilling to provide security as a public good within its boundaries has long lost its monopo...
-
Attacks on Heartbeat-Based Security Using Remote Photoplethysmography.
Seepers, Robert Mark; Wang, Wenjin; de Haan, Gerard; Sourdis, Ioannis; Strydis, Christos
2018-05-01
The time interval between consecutive heartbeats (interpulse interval, IPI) has previously been suggested for securing mobile-health solutions. This time interval is known to contain a degree of randomness, permitting the generation of a time- and person-specific identifier. It is commonly assumed that only devices trusted by a person can make physical contact with him/her, and that this physical contact allows each device to generate a similar identifier based on its own cardiac recordings. Under these conditions, the identifiers generated by different trusted devices can facilitate secure authentication. Recently, a wide range of techniques have been proposed for measuring heartbeats remotely, a prominent example of which is remote photoplethysmography (rPPG). These techniques may pose a significant threat to heartbeat-based security, as an adversary may pretend to be a trusted device by generating a similar identifier without physical contact, thus bypassing one of the core security conditions. In this paper, we assess the feasibility of such remote attacks using state-of-the-art rPPG methods. Our evaluation shows that rPPG has similar accuracy as contact PPG and, thus, forms a substantial threat to heartbeat-based-security systems that permit trusted devices to obtain their identifiers from contact PPG recordings. Conversely, rPPG cannot obtain an accurate representation of an identifier generated from electrical cardiac signals, making the latter invulnerable to state-of-the-art remote attacks.
-
Information Systems Security Management: A Review and a Classification of the ISO Standards
Tsohou, Aggeliki; Kokolakis, Spyros; Lambrinoudakis, Costas; Gritzalis, Stefanos
The need for common understanding and agreement of functional and non-functional requirements is well known and understood by information system designers. This is necessary for both: designing the "correct" system and achieving interoperability with other systems. Security is maybe the best example of this need. If the understanding of the security requirements is not the same for all involved parties and the security mechanisms that will be implemented do not comply with some globally accepted rules and practices, then the system that will be designed will not necessarily achieve the desired security level and it will be very difficult to securely interoperate with other systems. It is therefore clear that the role and contribution of international standards to the design and implementation of security mechanisms is dominant. In this paper we provide a state of the art review on information security management standards published by the International Organization for Standardization and the International Electrotechnical Commission. Such an analysis is meaningful to security practitioners for an efficient management of information security. Moreover, the classification of the standards in the clauses of ISO/IEC 27001:2005 that results from our analysis is expected to provide assistance in dealing with the plethora of security standards.
-
Japanese Technology and U.S. National Security
1990-12-01
Japanese penchant for situational ethics allowed a sharp psychological about-face following the war, enabling them to accept the American policies. Power...Reagan/Bush Administrations have exaggerated the nation’s defense needs and that selfish interests are overriding objectivity and common sense in the ...security.195 They view the United States as having benign political motives and having the largest domestic market needed to develop regional
-
DOES FINANCIAL LITERACY CONTRIBUTE TO FOOD SECURITY?
Directory of Open Access Journals (Sweden)
Katherine Grace Carman
2016-01-01
Full Text Available Food insecurity, not having consistent access to adequate food for active, healthy lives for all household members is most common among low income households. However, income alone is not sufficient to explain who experiences food insecurity. This study investigates the relationship between financial literacy and food security. We find that low income households who exhibit financial literacy are less likely to experience food insecurity.
-
Does Financial Literacy Contribute to Food Security?
Carman, Katherine G; Zamarro, Gema
2016-01-01
Food insecurity, not having consistent access to adequate food for active, healthy lives for all household members, is most common among low income households. However, income alone is not sufficient to explain who experiences food insecurity. This study investigates the relationship between financial literacy and food security. We find that low income households who exhibit financial literacy are less likely to experience food insecurity.
-
Energy Technology Data Exchange (ETDEWEB)
Park, Jaekwan; Suh, Yongsuk [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)
2014-02-15
The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.
-
Securing the Cloud Cloud Computer Security Techniques and Tactics
Winkler, Vic (JR)
2011-01-01
As companies turn to cloud computing technology to streamline and save money, security is a fundamental concern. Loss of certain control and lack of trust make this transition difficult unless you know how to handle it. Securing the Cloud discusses making the move to the cloud while securing your peice of it! The cloud offers felxibility, adaptability, scalability, and in the case of security-resilience. This book details the strengths and weaknesses of securing your company's information with different cloud approaches. Attacks can focus on your infrastructure, communications network, data, o
-
The Concepts of Risk, Safety, and Security: Applications in Everyday Language.
Boholm, Max; Möller, Niklas; Hansson, Sven Ove
2016-02-01
The concepts of risk, safety, and security have received substantial academic interest. Several assumptions exist about their nature and relation. Besides academic use, the words risk, safety, and security are frequent in ordinary language, for example, in media reporting. In this article, we analyze the concepts of risk, safety, and security, and their relation, based on empirical observation of their actual everyday use. The "behavioral profiles" of the nouns risk, safety, and security and the adjectives risky, safe, and secure are coded and compared regarding lexical and grammatical contexts. The main findings are: (1) the three nouns risk, safety, and security, and the two adjectives safe and secure, have widespread use in different senses, which will make any attempt to define them in a single unified manner extremely difficult; (2) the relationship between the central risk terms is complex and only partially confirms the distinctions commonly made between the terms in specialized terminology; (3) whereas most attempts to define risk in specialized terminology have taken the term to have a quantitative meaning, nonquantitative meanings dominate in everyday language, and numerical meanings are rare; and (4) the three adjectives safe, secure, and risky are frequently used in comparative form. This speaks against interpretations that would take them as absolute, all-or-nothing concepts. © 2015 Society for Risk Analysis.
-
CORBASec Used to Secure Distributed Aerospace Propulsion Simulations
Blaser, Tammy M.
2003-01-01
The NASA Glenn Research Center and its industry partners are developing a Common Object Request Broker (CORBA) Security (CORBASec) test bed to secure their distributed aerospace propulsion simulations. Glenn has been working with its aerospace propulsion industry partners to deploy the Numerical Propulsion System Simulation (NPSS) object-based technology. NPSS is a program focused on reducing the cost and time in developing aerospace propulsion engines. It was developed by Glenn and is being managed by the NASA Ames Research Center as the lead center reporting directly to NASA Headquarters' Aerospace Technology Enterprise. Glenn is an active domain member of the Object Management Group: an open membership, not-for-profit consortium that produces and manages computer industry specifications (i.e., CORBA) for interoperable enterprise applications. When NPSS is deployed, it will assemble a distributed aerospace propulsion simulation scenario from proprietary analytical CORBA servers and execute them with security afforded by the CORBASec implementation. The NPSS CORBASec test bed was initially developed with the TPBroker Security Service product (Hitachi Computer Products (America), Inc., Waltham, MA) using the Object Request Broker (ORB), which is based on the TPBroker Basic Object Adaptor, and using NPSS software across different firewall products. The test bed has been migrated to the Portable Object Adaptor architecture using the Hitachi Security Service product based on the VisiBroker 4.x ORB (Borland, Scotts Valley, CA) and on the Orbix 2000 ORB (Dublin, Ireland, with U.S. headquarters in Waltham, MA). Glenn, GE Aircraft Engines, and Pratt & Whitney Aircraft are the initial industry partners contributing to the NPSS CORBASec test bed. The test bed uses Security SecurID (RSA Security Inc., Bedford, MA) two-factor token-based authentication together with Hitachi Security Service digital-certificate-based authentication to validate the various NPSS users. The test
-
Iceland and the EU’s Common Security and Defence Policy: Challenge or Opportunity?
Directory of Open Access Journals (Sweden)
Alyson J.K. Bailes
2012-06-01
Full Text Available Iceland had initial misgivings about the EU’s capacity created in 1999 for military crisis management. In the current debate over Iceland’s EU application, questions have been raised about the possible impact of CSDP on the nation’s non-military status. In fact the CSDP is designed to respect national choices in defence; requires unanimity on new actions; and allows case-by-case decisions on participation. Preliminary study of six other small states in the EU suggests that none of them has been obliged by membership to abandon national preferences in this field, though all have made special efforts to support EU police and civilian operations - an area where Iceland is also well qualified to contribute. The more significant effects of EU membership for Icelandic security might in fact come in other, ‘softer’ areas including EU obligations for mutual assistance in civil emergencies.
-
1985-01-01
The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.
-
Müthing, Jannis; Jäschke, Thomas
2017-01-01
Background Mobile health (mHealth) apps show a growing importance for patients and health care professionals. Apps in this category are diverse. Some display important information (ie, drug interactions), whereas others help patients to keep track of their health. However, insufficient transport security can lead to confidentiality issues for patients and medical professionals, as well as safety issues regarding data integrity. mHealth apps should therefore deploy intensified vigilance to protect their data and integrity. This paper analyzes the state of security in mHealth apps. Objective The objectives of this study were as follows: (1) identification of relevant transport issues in mHealth apps, (2) development of a platform for test purposes, and (3) recommendation of practices to mitigate them. Methods Security characteristics relevant to the transport security of mHealth apps were assessed, presented, and discussed. These characteristics were used in the development of a prototypical platform facilitating streamlined tests of apps. For the tests, six lists of the 10 most downloaded free apps from three countries and two stores were selected. As some apps were part of these top 10 lists in more than one country, 53 unique apps were tested. Results Out of the 53 apps tested from three European App Stores for Android and iOS, 21/53 (40%) showed critical results. All 21 apps failed to guarantee the integrity of data displayed. A total of 18 apps leaked private data or were observable in a way that compromised confidentiality between apps and their servers; 17 apps used unprotected connections; and two apps failed to validate certificates correctly. None of the apps tested utilized certificate pinning. Many apps employed analytics or ad providers, undermining user privacy. Conclusions The tests show that many mHealth apps do not apply sufficient transport security measures. The most common security issue was the use of any kind of unprotected connection. Some apps
-
Conference on the security of electricity supply: France-Germany crossed views
International Nuclear Information System (INIS)
Caron, Antoine; Kaelble, Laure; Maurer, Christoph; Veyrenc, Thomas; Roques, Fabien; Jacquemart, Yannick; John, Oliver
2015-01-01
The French-German office for Renewable energies (OFAEnR), in cooperation with the French transmission system operator - RTE, organised a conference on security of electricity supply in France and in Germany. In the framework of this French-German exchange of experience, about 160 participants exchanged their views on the following topics: the regulatory framework and the legal instruments for ensuring the security of supply, the role of energy transmission system operators, the role of renewable energies in the electricity market and their impact on the security of supplies. This document brings together the available presentations (slides) made during this event: 1 - Security of supply and electricity markets (Antoine Caron); 2 - White Paper on electricity Market Design (Laure Kaelble); 3 - Security of Supply - Concept and Definition: On the Way to a Common Understanding? (Christoph Maurer); 4 - The French capacity market: lessons learnt and way forward (Thomas Veyrenc); 5 - electricity market evolutions: divergencies and compatibilities between French and German models? (Fabien Roques); 6 - Infrastructures and European coordination: action of the French transmission system operator - RTE (Yannick Jacquemart); 7 - Interconnection and Security of Supply - experiences of the German TSO Amprion at the French-German Border (Oliver John)
-
Assessing the Financial and Market Components of the Enterprise’s Economic Security
Directory of Open Access Journals (Sweden)
Vakhlakova Viktoriia V.
2017-08-01
Full Text Available The most common in assessing economic security of an enterprise is the functional approach, but it needs to be improved on the basis of accumulated knowledge in the science of economic security at the micro-level, thus allowing for different organizing its usage. In order to assess the economic security of enterprise using a functional approach, it is proposed to abandon many functional components in favor of focusing on the financial and market ones, and to discard the traditional rollup of the normalized single and complex indicators to obtain an integral measure of the enterprise’s economic security. In order to assess the economic security of enterprise by the financial and market components, it is proposed to use the signature criteria for the selected indicators by each component, the number of which should be small. For each of the assessed components of the enterprise’s economic security four single indicators were selected, making possible to visualize the assessments by using the elliptic form of the Euler – Venn circles for the four multitudes of assessments as to each component.
-
A secured authentication protocol for wireless sensor networks using elliptic curves cryptography.
Yeh, Hsiu-Lien; Chen, Tien-Ho; Liu, Pin-Chuan; Kim, Tai-Hoo; Wei, Hsin-Wen
2011-01-01
User authentication is a crucial service in wireless sensor networks (WSNs) that is becoming increasingly common in WSNs because wireless sensor nodes are typically deployed in an unattended environment, leaving them open to possible hostile network attack. Because wireless sensor nodes are limited in computing power, data storage and communication capabilities, any user authentication protocol must be designed to operate efficiently in a resource constrained environment. In this paper, we review several proposed WSN user authentication protocols, with a detailed review of the M.L Das protocol and a cryptanalysis of Das' protocol that shows several security weaknesses. Furthermore, this paper proposes an ECC-based user authentication protocol that resolves these weaknesses. According to our analysis of security of the ECC-based protocol, it is suitable for applications with higher security requirements. Finally, we present a comparison of security, computation, and communication costs and performances for the proposed protocols. The ECC-based protocol is shown to be suitable for higher security WSNs.
-
Secure it now or secure it later: the benefits of addressing cyber-security from the outset
Olama, Mohammed M.; Nutaro, James
2013-05-01
The majority of funding for research and development (R&D) in cyber-security is focused on the end of the software lifecycle where systems have been deployed or are nearing deployment. Recruiting of cyber-security personnel is similarly focused on end-of-life expertise. By emphasizing cyber-security at these late stages, security problems are found and corrected when it is most expensive to do so, thus increasing the cost of owning and operating complex software systems. Worse, expenditures on expensive security measures often mean less money for innovative developments. These unwanted increases in cost and potential slowing of innovation are unavoidable consequences of an approach to security that finds and remediate faults after software has been implemented. We argue that software security can be improved and the total cost of a software system can be substantially reduced by an appropriate allocation of resources to the early stages of a software project. By adopting a similar allocation of R&D funds to the early stages of the software lifecycle, we propose that the costs of cyber-security can be better controlled and, consequently, the positive effects of this R&D on industry will be much more pronounced.
-
The Role of Europe in Peacekeeping and International Security
Directory of Open Access Journals (Sweden)
Pablo Antonio Fernández Sánchez
1998-09-01
Full Text Available All of the States in Europe belong to the United Nations and two of them enjoy status as Permanent Members of the Security Council, which is the primordial organism for dealing with peacekeeping and international security. Besides this, one or two European States have almost always been chosen to form part of the Security Council as rotating, non-permanent members, with voting priviliges and the capacity to design policies for peacekeeping and international security. Such State participation in the Security Council is not carried out collectively, but rather individually, which explains, in part, Europe’s political “dwarfism” in regards these two matters. Another aspect to consider is this: The 15 Member States of the European Union pay, on time, 35.41% of the United Nation’s budget, whereas the one State that pays the most, 25%, the United States of America, is a nation in persistent arrears, if not an endemic debtor. Before this, though, national egoisms ask each European country to impart its own foreign policy, a fact observed when each deals with security and peace matters. This individualistic isolationism is prejudicial to the many European interests, which are seen as fragmented if not in confrontation. The problematic above is seen to be growing in complexity for lack of a common defense structure that allows for pre-existent structures and logistics to facilitate the work of the United Nations in matters of peacekeeping and international security. To an analysis of these issues are these pages dedicated.
-
The Extended Concept of Security and the Czech Security Practice
Directory of Open Access Journals (Sweden)
Libor Stejskal
2008-12-01
Full Text Available According to the extended concept of security, the nation state is no longer the sole privileged reference object of security. The traditional model of national security is developing from military terms to a broader concept which embraces the international, economic, social, environmental, and human rights dimensions of security. The meaning and relevance of the concept is being extended “upwards”, to international organisations, and “downwards”, to regional and local authorities, non-governmental organisations, communities, and individual citizens. This has immediate bearing on the everyday security reality of the Czech Republic. In international context, the “security frontier” of the Czech Republic is expanding, e.g. through the country’s involvement in UN and NATO security missions in conflict-ridden regions of Europe and the world. The country also helps enhance the internal security of the European Union, whose strength depends on its Member States’ willingness to “harmonise” the pursuit of their respective national security interests. This approach is especially important with regard to the principal security threats Europe faces and will continue to face in the future: terrorism and organised crime. It is vital that the Czech Republic have a well-working security system capable of responding effectively to a broad range of threats. This requirement applies first and foremost to the Police, the Fire and Rescue Service, and intelligence services. Unfortunately, with the present effectiveness of the Czech security system, much remains wishful thinking and, due to the lack of a comprehensive framework, a comparatively low level of protection against emergencies exists. Fight against crime is hampered by inefficient operation of the Police and judiciary. A thorough analysis of the aforementioned problems could provide basis for a broader public debate over the priorities and goals of Czech security policy, which should
-
Process Control/SCADA system vendor security awareness and security posture.
Luiijf, H.A.M.; Lüders, S.
2009-01-01
A starting point for the adequate security of process control/SCADA systems is the security awareness and security posture by the manufacturers, vendors, system integrators, and service organisations. The results of a short set of questions indicate that major security improvements are required in
-
Information Security Service Branding – beyond information security awareness
Directory of Open Access Journals (Sweden)
Rahul Rastogi
2012-12-01
Full Text Available End-users play a critical role in the effective implementation and running of an information security program in any organization. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls and the resultant behavior and actions of end-users. However, end-users often have negative perception of information security in the organization and exhibit non-compliance. In order to improve compliance levels, it is vital to improve the image of information security in the minds of end-users. This paper borrows the concepts of brands and branding from the domain of marketing to achieve this objective and applies these concepts to information security. The paper also describes a process for creating the information security service brand in the organization.
-
Security and Privacy Implications of Cloud Computing – Lost in the Cloud
Tchifilionova , Vassilka
2010-01-01
Part 4: Security for Clouds; International audience; Cloud computing - the new paradigm, the future for IT consumer utility, the economy of scale approach, the illusion of un infinite resources availability, yet the debate over security and privacy issues is still undergoing and a common policy framework is missing. Research confirms that users are concern when presented with scenarios in which companies may put their data to uses of which they may not be aware. Therefore, privacy and securit...
-
A changing European Security and defense architecture and its impact on Turkey
Yikilkan, Orhan.
2001-01-01
Since the 1991 Maastricht Treaty, the European Union countries have been trying to form a common security and defense identity as one facet of the European Union unification process. The efforts to create "separable but not separate" European forces within NATO have accelerated in the last three years and changed direction toward creating an autonomous "European Security and Defense Policy (ESDP)" within the framework of the EU. This policy concerns some non-EU European NATO allies, such as T...
-
Bas, Patrick; Cayre, François; Doërr, Gwenaël; Mathon, Benjamin
2016-01-01
This book explains how to measure the security of a watermarking scheme, how to design secure schemes but also how to attack popular watermarking schemes. This book gathers the most recent achievements in the field of watermarking security by considering both parts of this cat and mouse game. This book is useful to industrial practitioners who would like to increase the security of their watermarking applications and for academics to quickly master this fascinating domain.
-
TWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKS
Sen-Tarng Lai
2015-01-01
E-commerce is an important information system in the network and digital age. However, the network intrusion, malicious users, virus attack and system security vulnerabilities have continued to threaten the operation of the e-commerce, making e-commerce security encounter serious test. How to improve ecommerce security has become a topic worthy of further exploration. Combining routine security test and security event detection procedures, this paper proposes the Two-Layer Secure ...
-
Tanner, M. James
2009-01-01
Securing a computer from unwanted intrusion requires astute planning and effort to effectively minimize the security invasions computers are plagued with today. While all of the efforts to secure a computer are needed, it seems that the underlying issue of what is being secured has been overlooked. The operating system is at the core of the security issue. Many applications and devices have been put into place to add layers of protection to an already weak operating system. Security did not u...
-
Optimized ECC Implementation for Secure Communication between Heterogeneous IoT Devices
Directory of Open Access Journals (Sweden)
Leandro Marin
2015-08-01
Full Text Available The Internet of Things is integrating information systems, places, users and billions of constrained devices into one global network. This network requires secure and private means of communications. The building blocks of the Internet of Things are devices manufactured by various producers and are designed to fulfil different needs. There would be no common hardware platform that could be applied in every scenario. In such a heterogeneous environment, there is a strong need for the optimization of interoperable security. We present optimized elliptic curve Cryptography algorithms that address the security issues in the heterogeneous IoT networks. We have combined cryptographic algorithms for the NXP/Jennic 5148- and MSP430-based IoT devices and used them to created novel key negotiation protocol.
-
Optimized ECC Implementation for Secure Communication between Heterogeneous IoT Devices.
Marin, Leandro; Pawlowski, Marcin Piotr; Jara, Antonio
2015-08-28
The Internet of Things is integrating information systems, places, users and billions of constrained devices into one global network. This network requires secure and private means of communications. The building blocks of the Internet of Things are devices manufactured by various producers and are designed to fulfil different needs. There would be no common hardware platform that could be applied in every scenario. In such a heterogeneous environment, there is a strong need for the optimization of interoperable security. We present optimized elliptic curve Cryptography algorithms that address the security issues in the heterogeneous IoT networks. We have combined cryptographic algorithms for the NXP/Jennic 5148- and MSP430-based IoT devices and used them to created novel key negotiation protocol.
-
Diversity for security: case assessment for FPGA-based safety-critical systems
Directory of Open Access Journals (Sweden)
Kharchenko Vyacheslav
2016-01-01
Full Text Available Industrial safety critical instrumentation and control systems (I&Cs are facing more with information (in general and cyber, in particular security threats and attacks. The application of programmable logic, first of all, field programmable gate arrays (FPGA in critical systems causes specific safety deficits. Security assessment techniques for such systems are based on heuristic knowledges and the expert judgment. Main challenge is how to take into account features of FPGA technology for safety critical I&Cs including systems in which are applied diversity approach to minimize risks of common cause failure. Such systems are called multi-version (MV systems. The goal of the paper is in description of the technique and tool for case-based security assessment of MV FPGA-based I&Cs.
-
Green Secure Processors: Towards Power-Efficient Secure Processor Design
Chhabra, Siddhartha; Solihin, Yan
With the increasing wealth of digital information stored on computer systems today, security issues have become increasingly important. In addition to attacks targeting the software stack of a system, hardware attacks have become equally likely. Researchers have proposed Secure Processor Architectures which utilize hardware mechanisms for memory encryption and integrity verification to protect the confidentiality and integrity of data and computation, even from sophisticated hardware attacks. While there have been many works addressing performance and other system level issues in secure processor design, power issues have largely been ignored. In this paper, we first analyze the sources of power (energy) increase in different secure processor architectures. We then present a power analysis of various secure processor architectures in terms of their increase in power consumption over a base system with no protection and then provide recommendations for designs that offer the best balance between performance and power without compromising security. We extend our study to the embedded domain as well. We also outline the design of a novel hybrid cryptographic engine that can be used to minimize the power consumption for a secure processor. We believe that if secure processors are to be adopted in future systems (general purpose or embedded), it is critically important that power issues are considered in addition to performance and other system level issues. To the best of our knowledge, this is the first work to examine the power implications of providing hardware mechanisms for security.
-
Now called RSA SecurID, SecurID is a mechanism developed by Security Dynamics that allows two-factor authentication for a user on a network resource. It works on the principle of the unique password mode, based on a shared secret. Every sixty seconds, the component generates a new six-digit token on the screen. The latter comes from the current time (internal clock) and the seed (SecurID private key that is available on the component, and is also from the SecurID server). During an authentication request, the SecurID server will check the entered token by performing exactly the same calculation as that performed by your component. The server knows the two information required for this calculation: the current time and the seed of your component. Access is allowed if the token calculated by the server matches the token you specified.
-
A Security Audit Framework to Manage Information System Security
Pereira, Teresa; Santos, Henrique
The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.
-
An Australian Perspective On The Challenges For Computer And Network Security For Novice End-Users
Directory of Open Access Journals (Sweden)
Patryk Szewczyk
2012-12-01
Full Text Available It is common for end-users to have difficulty in using computer or network security appropriately and thus have often been ridiculed when misinterpreting instructions or procedures. This discussion paper details the outcomes of research undertaken over the past six years on why security is overly complex for end-users. The results indicate that multiple issues may render end-users vulnerable to security threats and that there is no single solution to address these problems. Studies on a small group of senior citizens has shown that educational seminars can be beneficial in ensuring that simple security aspects are understood and used appropriately.
-
Defining Information Security.
Lundgren, Björn; Möller, Niklas
2017-11-15
This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.
-
Peace, Security, Globalisation & Cultural Diplomacy
Directory of Open Access Journals (Sweden)
Ashok Natarajan
2017-06-01
Full Text Available This article argues for a positive, comprehensive conception of peace that goes beyond the mere absence of war and a more integrated conception of human security that encompasses a wider range of issues than threats of physical violence. Education is one of humanity’s most effective social institutions for redirecting the violent physical energies of destruction into higher avenues of civilization and culture as an instrument of conscious social evolution. Organization is knowledge of higher accomplishment. Organization has the power to vastly accelerate and multiply the potentials of education for the promotion of peace and security. Peace and Security have a mutually reinforcing effect on each other in the sense that peace results in security while security results in peace. Physical violence eventually led to the development of the knowledge needed for the avoidance of violence by means of diplomacy, trade and cultural exchanges, marking the beginning of the transition from the physical to the mental level of evolution. Trade requires travel, transport, human interaction, exchange, trust with respect to products, and reliable mechanisms for the exchange of a stable currency that can only be effectively founded on an enduring peace that generates confidence among the traders. Isolated communities evolve a communal consciousness as they mature into organized social units founded on shared customs and culture, which later develop into a common legal framework. What began as diplomacy so many centuries ago has now evolved into a near universal recognition of fundamental human rights and the rule of law. The evolution of diplomacy in previous centuries is the foundation for the remarkable betterment of human life witnessed in recent times. The world is in the process of evolving a unifying global culture founded on universal values and recognition of the rich contributions of different cultures to humanity’s progress. As physical force once
-
Breaking the cyber-security dilemma: aligning security needs and removing vulnerabilities.
Dunn Cavelty, Myriam
2014-09-01
Current approaches to cyber-security are not working. Rather than producing more security, we seem to be facing less and less. The reason for this is a multi-dimensional and multi-faceted security dilemma that extends beyond the state and its interaction with other states. It will be shown how the focus on the state and "its" security crowds out consideration for the security of the individual citizen, with detrimental effects on the security of the whole system. The threat arising from cyberspace to (national) security is presented as possible disruption to a specific way of life, one building on information technologies and critical functions of infrastructures, with relatively little consideration for humans directly. This non-focus on people makes it easier for state actors to militarize cyber-security and (re-)assert their power in cyberspace, thereby overriding the different security needs of human beings in that space. Paradoxically, the use of cyberspace as a tool for national security, both in the dimension of war fighting and the dimension of mass-surveillance, has detrimental effects on the level of cyber-security globally. A solution out of this dilemma is a cyber-security policy that is decidedly anti-vulnerability and at the same time based on strong considerations for privacy and data protection. Such a security would have to be informed by an ethics of the infosphere that is based on the dignity of information related to human beings.
-
SCHREURS, Jeanne; MOREAU, Rachel
2007-01-01
Security becomes more and more important and companies are aware that it has become a management problem. It’s critical to know what are the critical resources and processes of the company and their weaknesses. A security audit can be a handy solution. We have developed BEVA, a method to critically analyse the company and to uncover the weak spots in the security system. BEVA results also in a general security score and security scores for each security factor. These will be used in the risk ...
-
OpenDBDDAS Toolkit: Secure MapReduce and Hadoop-like Systems
Fabiano, Enrico
2015-06-01
The OpenDBDDAS Toolkit is a software framework to provide support for more easily creating and expanding dynamic big data-driven application systems (DBDDAS) that are common in environmental systems, many engineering applications, disaster management, traffic management, and manufacturing. In this paper, we describe key features needed to implement a secure MapReduce and Hadoop-like system for high performance clusters that guarantees a certain level of privacy of data from other concurrent users of the system. We also provide examples of a secure MapReduce prototype and compare it to another high performance MapReduce, MR-MPI.
-
Relaxing Chosen-Ciphertext Security
DEFF Research Database (Denmark)
Canetti, Ran; Krawczyk, Hugo; Nielsen, Jesper Buus
2003-01-01
Security against adaptive chosen ciphertext attacks (or, CCA security) has been accepted as the standard requirement from encryption schemes that need to withstand active attacks. In particular, it is regarded as the appropriate security notion for encryption schemes used as components within...... general protocols and applications. Indeed, CCA security was shown to suffice in a large variety of contexts. However, CCA security often appears to be somewhat too strong: there exist encryption schemes (some of which come up naturally in practice) that are not CCA secure, but seem sufficiently secure...... “for most practical purposes.” We propose a relaxed variant of CCA security, called Replayable CCA (RCCA) security. RCCA security accepts as secure the non-CCA (yet arguably secure) schemes mentioned above; furthermore, it suffices for most existing applications of CCA security. We provide three...
-
International Nuclear Information System (INIS)
Karp, R.C.
1991-01-01
Recent improvements in East-West relations and the process of dramatic political change in Europe may result in unprecedented opportunities to reduce the global arsenal of nuclear weapons. Despite these welcome developments, the prospects for effectively controlling the spread of nuclear capability in the Third World have remained much less encouraging. The possibility of large reductions in nuclear weapons poses fundamental questions about their purpose. Why have some states chosen to acquire nuclear weapons? How and why have these decisions been maintained over time? Why have some states elected to approach, but not cross, the nuclear threshold? This book examines the commonalities and differences in political approaches to nuclear weapons both within and between three groups of states: nuclear, non-nuclear and threshold. The chapters explore the evolution of thinking about nuclear weapons and the role these weapons play in national security planning, and question the official security rationales offered by the nuclear weapon states for the maintenance of nuclear capabilities. For the non-nuclear weapon states, the book presents an analysis of alternative ways of assuring security and foreign policy effectiveness. For the threshold states, it examines the regional contexts within which these states maintain their threshold status. This book transcends traditional East-West approaches to analysis of nuclear issues by giving equal prominence to the issues of nuclear proliferation and non-nuclearism. The book also provides a comprehensive analysis of how current approaches to nuclear weapons have evolved both within and among the groups of countries under study
-
CSIR Research Space (South Africa)
Phahlamohlaka, LJ
2011-05-01
Full Text Available The aim of this paper is to propose an approach that South Africa could follow in implementing its proposed cyber security policy. The paper proposes a Cyber Security Awareness Toolkit that is underpinned by key National Security imperatives...
-
Information security architecture an integrated approach to security in the organization
Killmeyer, Jan
2000-01-01
An information security architecture is made up of several components. Each component in the architecture focuses on establishing acceptable levels of control. These controls are then applied to the operating environment of an organization. Functionally, information security architecture combines technical, practical, and cost-effective solutions to provide an adequate and appropriate level of security.Information Security Architecture: An Integrated Approach to Security in the Organization details the five key components of an information security architecture. It provides C-level executives
-
Raina , Sagar; Taylor , Blair; Kaza , Siddharth
2015-01-01
Part 2: Software Security Education; International audience; Learning interventions based on modules are common in computer science education. Traditional learning modules that present a large amount of content in a linear format can lead to students skimming and skipping content resulting in lower student engagement and effectiveness. In this paper, we present theoretical support for increasing engagement and effectiveness of learning modules, describe a system that implements these principl...
-
Secured web-based video repository for multicenter studies.
Yan, Ling; Hicks, Matt; Winslow, Korey; Comella, Cynthia; Ludlow, Christy; Jinnah, H A; Rosen, Ami R; Wright, Laura; Galpern, Wendy R; Perlmutter, Joel S
2015-04-01
We developed a novel secured web-based dystonia video repository for the Dystonia Coalition, part of the Rare Disease Clinical Research network funded by the Office of Rare Diseases Research and the National Institute of Neurological Disorders and Stroke. A critical component of phenotypic data collection for all projects of the Dystonia Coalition includes a standardized video of each participant. We now describe our method for collecting, serving and securing these videos that is widely applicable to other studies. Each recruiting site uploads standardized videos to a centralized secured server for processing to permit website posting. The streaming technology used to view the videos from the website does not allow downloading of video files. With appropriate institutional review board approval and agreement with the hosting institution, users can search and view selected videos on the website using customizable, permissions-based access that maintains security yet facilitates research and quality control. This approach provides a convenient platform for researchers across institutions to evaluate and analyze shared video data. We have applied this methodology for quality control, confirmation of diagnoses, validation of rating scales, and implementation of new research projects. We believe our system can be a model for similar projects that require access to common video resources. Copyright © 2015 Elsevier Ltd. All rights reserved.
-
Energy Technology Data Exchange (ETDEWEB)
Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.
2005-08-14
Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.
-
Cyber security evaluation of II&C technologies
Energy Technology Data Exchange (ETDEWEB)
Thomas, Ken [Idaho National Laboratory (INL), Idaho Falls, ID (United States)
2014-11-01
The Light Water Reactor Sustainability (LWRS) Program is a research and development program sponsored by the Department of Energy, which is conducted in close collaboration with industry to provide the technical foundations for licensing and managing the long-term, safe and economical operation of current nuclear power plants The LWRS Program serves to help the US nuclear industry adopt new technologies and engineering solutions that facilitate the continued safe operation of the plants and extension of the current operating licenses. Within the LWRS Program, the Advanced Instrumentation, Information, and Control (II&C) Systems Technologies Pathway conducts targeted research and development (R&D) to address aging and reliability concerns with the legacy instrumentation and control and related information systems of the U.S. operating light water reactor (LWR) fleet. The II&C Pathway is conducted by Idaho National Laboratory (INL). Cyber security is a common concern among nuclear utilities and other nuclear industry stakeholders regarding the digital technologies that are being developed under this program. This concern extends to the point of calling into question whether these types of technologies could ever be deployed in nuclear plants given the possibility that the information in them can be compromised and the technologies themselves can potentially be exploited to serve as attack vectors for adversaries. To this end, a cyber security evaluation has been conducted of these technologies to determine whether they constitute a threat beyond what the nuclear plants already manage within their regulatory-required cyber security programs. Specifically, the evaluation is based on NEI 08-09, which is the industry’s template for cyber security programs and evaluations, accepted by the Nuclear Regulatory Commission (NRC) as responsive to the requirements of the nuclear power plant cyber security regulation found in 10 CFR 73.54. The evaluation was conducted by a
-
Security threads: effective security devices in the past, present, and future
Wolpert, Gary R.
2002-04-01
Security threads were first used to secure banknotes in the mid 1800's. The key to their anti-counterfeiting success was the fact that by being embedded in the paper, they became an integral part of the banknote substrate. Today, all major currencies still utilize this effective security feature. Technological developments have allowed security threads to evolve from a feature authenticated by only visual means to devices that incorporate both visual and machine detectable components. When viewed from the perspective of a thread being a carrier of various security technologies and the fact that they can be incorporated into the core substrate of banknotes, documents, labels, packaging and some high valued articles, it is clear that security threads will remain as effective security devices well into the future. This paper discusses a brief historical background of security threads, current visual and machine authentication technologies incorporated into threads today and a look to the future of threads as effective security devices.
-
Information security management handbook
Tipton, Harold F
2006-01-01
Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.
-
International Nuclear Information System (INIS)
Adams, H.W.
1990-01-01
Technical progress is moving more and more quickly and the systems thus produced are so complex and have become so unclear to the individual that he can no longer estimate the consequences: Faith in progress has given way to deep mistrust. Companies have adjusted to this change in consciousness. An interesting tendency can be identified: technical security is already available - now the organization of security has become an important objective for companies. The key message of the book is: If outworn technical systems are no longer adequate, the organization must be thoroughly overhauled. Five chapters deal with the following themes: organization as an aspect of society; risk control; aspects of security; is there security in ADP; the broader concept of security. (orig./HP) [de
-
Obsessive-Compulsive Homeland Security: Insights from the Neurobiological Security Motivation System
2018-03-01
HOMELAND SECURITY: INSIGHTS FROM THE NEUROBIOLOGICAL SECURITY MOTIVATION SYSTEM by Marissa D. Madrigal March 2018 Thesis Advisor...FROM THE NEUROBIOLOGICAL SECURITY MOTIVATION SYSTEM 5. FUNDING NUMBERS 6. AUTHOR(S) Marissa D. Madrigal 7. PERFORMING ORGANIZATION NAME(S) AND...how activation of the neurobiological security- motivation system can lead to securitization in response to a security speech act. It explores the model
-
Hart, Kevin
2010-01-01
According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions…
-
Event-related stresses in energy systems and their effects on energy security
International Nuclear Information System (INIS)
Hughes, Larry; Ranjan, Ashish
2013-01-01
Energy systems change over time as events, such as grid failures, new energy sources, and extreme weather conditions, occur, often affecting the system's energy security. Understanding events, their causes, and how they are handled, can help a jurisdiction and its energy stakeholders develop better, evidence-based energy policy. This paper employs a definition of stress in combination with systems analysis to specify methods for explaining the states through which an energy process, chain, or system passes in response to an event and how this response results in energy security improving, deteriorating, or being maintained. The definition uses three dimensions-availability, affordability, and acceptability-derived from the International Energy Agency's definition of energy security to show when and how a system's energy security will change. Examples are used to illustrate the application of the methods. - Highlights: • A generic set of methods and a common terminology to formalize the ongoing energy security discourse is proposed. • The methods define, measure and explain how energy security can change when events cause stresses in an energy system. • Events are classified in terms of three dimensions derived from the IEA's definition of energy security. • The application of the method is illustrated with detailed examples
-
Software Security and the "Building Security in Maturity" Model
CERN. Geneva
2011-01-01
Using the framework described in my book "Software Security: Building Security In" I will discuss and describe the state of the practice in software security. This talk is peppered with real data from the field, based on my work with several large companies as a Cigital consultant. As a discipline, software security has made great progress over the last decade. Of the sixty large-scale software security initiatives we are aware of, thirty-two---all household names---are currently included in the BSIMM study. Those companies among the thirty-two who graciously agreed to be identified include: Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Google, Intel, Intuit, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, VMware, and Wells Fargo. The BSIMM was created by observing and analyzing real-world data from thirty-two leading software security initiatives. The BSIMM can...
-
Gunasekera, Sheran
2012-01-01
Android Apps Security provides guiding principles for how to best design and develop Android apps with security in mind. It explores concepts that can be used to secure apps and how developers can use and incorporate these security features into their apps. This book will provide developers with the information they need to design useful, high-performing, and secure apps that expose end-users to as little risk as possible. Overview of Android OS versions, features, architecture and security. Detailed examination of areas where attacks on applications can take place and what controls should b
-
Critical Perspective on ASEAN's Security Policy Under ASEAN Political and Security Community
Directory of Open Access Journals (Sweden)
Irawan Jati
2016-03-01
Full Text Available Despite economic integration challenges, ASEAN faces greater security challenges. It is obvious to assert that a stable economic development requires a secure regional atmosphere. The most probable threats against ASEAN are ranging from hostile foreign entities infiltration, intra and inter states disputes, radical religious movements, human trafficking, drugs and narcotics smuggling, cybercrimes and environmental disasters. In 2009, ASEAN established the ASEAN Political and Security Community as the umbrella of ASEAN’s political and security initiatives. APSC slots in some significant fora; ASEAN Intergovernmental Commission on Human Rights (AICHR, ASEAN Foreign Ministers Meeting (AMM, ASEAN Regional Forum (ARF, ASEAN Defense Minister’s Meeting (ADMM, ASEAN Law Ministers Meeting (ALAWMM, and ASEAN Ministerial Meeting on Transnational Crimes (AMMTC. The wide array of these forums signify ASEAN efforts to confront double features of security; the traditional and nontraditional or critical security. The traditional security considers state security as the primary object security. While the critical security tends to focus on non-state aspects such as individual human being as its referent object. Even though some argue that APSC has been able to preserve the stability in the region, it still lack of confidence in solving critical issues such as territorial disputes and irregular migrants problems.Therefore, this piece would examine the fundamental questions: How does ASEAN address beyond state security issues in its security policy through APSC? To search for the answer this paper would apply critical security studies approach. Critical security posits that threats are not always for the states but in many cases for the people. Based on the examination of ASEAN security policies, this paper argues that ASEAN’s security policy has touched the non-traditional security issues but showing slow progress on its development and application.
-
Narayanan, Sudheesh
2013-01-01
This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.
-
The corporate security professional
DEFF Research Database (Denmark)
Petersen, Karen Lund
2013-01-01
In our age of globalization and complex threat environments, every business is called upon to manage security. This tendency is reflected in the fact that a wide range of businesses increasingly think about security in broad terms and strive to translate national security concerns into corporate...... speech. This article argues that the profession of the security manager has become central for understanding how the relationship between national and corporate security is currently negotiated. The national security background of most private sector security managers makes the corporate security...... professional inside the company a powerful hybrid agent. By zooming in on the profession and the practice of national security inside companies, the article raises questions about where to draw the line between corporate security and national security along with the political consequences of the constitution...
-
Job security or employment security : What's in a name?
Zekic, Nuna
2016-01-01
The main aim of the article is to survey and conceptualize the place of employment security in labour law, and to explore a number of important legal questions relating to this concept. After scrutinizing the notion of employment security, the author endorses the view that job security that exists
-
Unification of Information Security Policies for Network Security Solutions
Directory of Open Access Journals (Sweden)
D.S. Chernyavskiy
2012-03-01
Full Text Available Diversity of command languages on network security solutions’ (NSS interfaces causes problems in a process of information security policy (ISP deployment. Unified model for security policy representation and implementation in NSS could aid to avoid such problems and consequently enhance efficiency of the process. The proposed solution is Unified language for network security policy (ULNSP. The language is based on formal languages theory, and being coupled with its translator, ULNSP makes it possible to formalize and implement ISP independently of particular NSS.
-
Computers, business, and security the new role for security
Schweitzer, James A
1987-01-01
Computers, Business, and Security: The New Role for Security addresses the professional security manager's responsibility to protect all business resources, with operating environments and high technology in mind. This book discusses the technological aspects of the total security programs.Organized into three parts encompassing 10 chapters, this book begins with an overview of how the developing information age is affecting business management, operations, and organization. This text then examines a number of vulnerabilities that arise in the process of using business computing and communicat
-
National Research Council Canada - National Science Library
Ganger, Gregory R
2007-01-01
This report summarizes the results of the work on the AFOSR's Critical Infrastructure Protection Program project, entitled Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security...
-
Safeguards and security progress report, January-December 1984
Energy Technology Data Exchange (ETDEWEB)
Smith, D.B. (comp.)
1986-01-01
From January to December 1984, the Los Alamos Safeguards and Security Program was involved in the activities described in the first four parts of this report: Nuclear Facility Support, Security Development and Support, Safeguards Technology Development, and International Safeguards. Part 1 covers efforts of direct assistance to the Department of Energy (DOE) and Nuclear Regulatory Commission (NRC) licensee facilities. Part 2 treats activities aimed at the security of information and computer systems. was Part 3 describes the broad development efforts essential to continuing improvements in the practice of safeguards. Although these projects are properly classified as developmental, they address recognized problems that commonly occur in operating facilities. Finally, Part 4 covers international safeguards activities, including both support to the International Atomic Energy Agency and bilateral exchanges. Enrichment plant safeguards, especially those concerning the Gas Centrifuge Enrichment Plant, required a significant portion of our resources. These efforts are beginning to provide substantial returns on our investment in technology transfer, not only in raising the level of safeguards effectiveness but also in benefiting from field experiences in operating environments.
-
Safeguards and security progress report, January-December 1984
International Nuclear Information System (INIS)
Smith, D.B.
1986-01-01
From January to December 1984, the Los Alamos Safeguards and Security Program was involved in the activities described in the first four parts of this report: Nuclear Facility Support, Security Development and Support, Safeguards Technology Development, and International Safeguards. Part 1 covers efforts of direct assistance to the Department of Energy (DOE) and Nuclear Regulatory Commission (NRC) licensee facilities. Part 2 treats activities aimed at the security of information and computer systems. was Part 3 describes the broad development efforts essential to continuing improvements in the practice of safeguards. Although these projects are properly classified as developmental, they address recognized problems that commonly occur in operating facilities. Finally, Part 4 covers international safeguards activities, including both support to the International Atomic Energy Agency and bilateral exchanges. Enrichment plant safeguards, especially those concerning the Gas Centrifuge Enrichment Plant, required a significant portion of our resources. These efforts are beginning to provide substantial returns on our investment in technology transfer, not only in raising the level of safeguards effectiveness but also in benefiting from field experiences in operating environments
-
48 CFR 1352.237-72 - Security processing requirements-national security contracts.
2010-10-01
... requirements-national security contracts. 1352.237-72 Section 1352.237-72 Federal Acquisition Regulations... Provisions and Clauses 1352.237-72 Security processing requirements—national security contracts. As prescribed in 48 CFR 1337.110-70(d), use the following clause: Security Processing Requirements—National...
-
DICOM image secure communications with Internet protocols IPv6 and IPv4.
Zhang, Jianguo; Yu, Fenghai; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen
2007-01-01
Image-data transmission from one site to another through public network is usually characterized in term of privacy, authenticity, and integrity. In this paper, we first describe a general scenario about how image is delivered from one site to another through a wide-area network (WAN) with security features of data privacy, integrity, and authenticity. Second, we give the common implementation method of the digital imaging and communication in medicine (DICOM) image communication software library with IPv6/IPv4 for high-speed broadband Internet by using open-source software. Third, we discuss two major security-transmission methods, the IP security (IPSec) and the secure-socket layer (SSL) or transport-layer security (TLS), being used currently in medical-image-data communication with privacy support. Fourth, we describe a test schema of multiple-modality DICOM-image communications through TCP/IPv4 and TCP/IPv6 with different security methods, different security algorithms, and operating systems, and evaluate the test results. We found that there are tradeoff factors between choosing the IPsec and the SSL/TLS-based security implementation of IPv6/IPv4 protocols. If the WAN networks only use IPv6 such as in high-speed broadband Internet, the choice is IPsec-based security. If the networks are IPv4 or the combination of IPv6 and IPv4, it is better to use SSL/TLS security. The Linux platform has more security algorithms implemented than the Windows (XP) platform, and can achieve better performance in most experiments of IPv6 and IPv4-based DICOM-image communications. In teleradiology or enterprise-PACS applications, the Linux operating system may be the better choice as peer security gateways for both the IPsec and the SSL/TLS-based secure DICOM communications cross public networks.
-
Core software security security at the source
Ransome, James
2013-01-01
First and foremost, Ransome and Misra have made an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. This book clarifies to executives the decisions to be made on software security and then provides guidance to managers and developers on process and procedure. Readers are armed with firm solutions for the fight against cyber threats.-Dr. Dena Haritos Tsamitis. Carnegie Mellon UniversityIn the wake of cloud computing and mobile apps, the issue of software security has never been more importan
-
Securing collaborative environments
Energy Technology Data Exchange (ETDEWEB)
Agarwal, Deborah [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Jackson, Keith [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Thompson, Mary [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)
2002-05-16
The diverse set of organizations and software components involved in a typical collaboratory make providing a seamless security solution difficult. In addition, the users need support for a broad range of frequency and locations for access to the collaboratory. A collaboratory security solution needs to be robust enough to ensure that valid participants are not denied access because of its failure. There are many tools that can be applied to the task of securing collaborative environments and these include public key infrastructure, secure sockets layer, Kerberos, virtual and real private networks, grid security infrastructure, and username/password. A combination of these mechanisms can provide effective secure collaboration capabilities. In this paper, we discuss the requirements of typical collaboratories and some proposals for applying various security mechanisms to collaborative environments.
-
Computer security engineering management
International Nuclear Information System (INIS)
McDonald, G.W.
1988-01-01
For best results, computer security should be engineered into a system during its development rather than being appended later on. This paper addresses the implementation of computer security in eight stages through the life cycle of the system; starting with the definition of security policies and ending with continuing support for the security aspects of the system throughout its operational life cycle. Security policy is addressed relative to successive decomposition of security objectives (through policy, standard, and control stages) into system security requirements. This is followed by a discussion of computer security organization and responsibilities. Next the paper directs itself to analysis and management of security-related risks, followed by discussion of design and development of the system itself. Discussion of security test and evaluation preparations, and approval to operate (certification and accreditation), is followed by discussion of computer security training for users is followed by coverage of life cycle support for the security of the system
-
Computer Security: is your code sane?
Stefan Lueders, Computer Security Team
2015-01-01
How many of us write code? Software? Programs? Scripts? How many of us are properly trained in this and how well do we do it? Do we write functional, clean and correct code, without flaws, bugs and vulnerabilities*? In other words: are our codes sane? Figuring out weaknesses is not that easy (see our quiz in an earlier Bulletin article). Therefore, in order to improve the sanity of your code, prevent common pit-falls, and avoid the bugs and vulnerabilities that can crash your code, or – worse – that can be misused and exploited by attackers, the CERN Computer Security team has reviewed its recommendations for checking the security compliance of your code. “Static Code Analysers” are stand-alone programs that can be run on top of your software stack, regardless of whether it uses Java, C/C++, Perl, PHP, Python, etc. These analysers identify weaknesses and inconsistencies including: employing undeclared variables; expressions resu...
-
Water security-National and global issues
Tindall, James A.; Campbell, Andrew A.
2010-01-01
Potable or clean freshwater availability is crucial to life and economic, environmental, and social systems. The amount of freshwater is finite and makes up approximately 2.5 percent of all water on the Earth. Freshwater supplies are small and randomly distributed, so water resources can become points of conflict. Freshwater availability depends upon precipitation patterns, changing climate, and whether the source of consumed water comes directly from desalination, precipitation, or surface and (or) groundwater. At local to national levels, difficulties in securing potable water sources increase with growing populations and economies. Available water improves living standards and drives urbanization, which increases average water consumption per capita. Commonly, disruptions in sustainable supplies and distribution of potable water and conflicts over water resources become major security issues for Government officials. Disruptions are often influenced by land use, human population, use patterns, technological advances, environmental impacts, management processes and decisions, transnational boundaries, and so forth.
-
International Nuclear Information System (INIS)
1991-12-01
This paper reports that despite their crucial importance to national security, safeguards at the Department of Energy's (DOE) weapons facilities may be falling short. DOE security inspections have identified many weaknesses, including poor performance by members of DOE's security force, poor accountability for quantities of nuclear materials, and the inability of personnel to locate documents containing classified information. About 13 percent of the 2,100 identified weakness resulted in DOE inspectors giving out unsatisfactory security ratings; another 38 percent led to marginal ratings. In addition, DOE's centralized safeguards and security information tracking system lacks current data on whether DOE field offices have corrected the identified weaknesses. Without reliable information, DOE has no way of knowing whether timely action was taken to correct problems, nor can it determine whether weaknesses are systematic. DOE has tried to minimize the impact of these security weaknesses at its facilities by establishing multiple layers of protection measures and instituting interim and compensatory measures for identified weaknesses. DOE is planning enhancements to the centralized tracking system that should improve its reliability and increase its effectiveness
-
Directory of Open Access Journals (Sweden)
Dorina Ardelean
2013-12-01
Full Text Available The assurance of food security at the individual level doesn’t implicitly provide for the one at family level as the concepts of hunger, malnutrition and food insecurity are the steps of the same process of access restricted to a sufficient supply of food. In order to achieve food security at the individual level the following is necessary: ensuring food availability (production, reserve stocks; redistribution of food availability within the country or out through international exchanges; effective access of the population to purchase food consumer goods, by ensuring its effective demand as required. Food security of families (FFS is required for assuring individual food security (IFS, but it is not sufficient because the food available may be unevenly distributed between family members. National food security (NFS corresponds to the possibilities that different countries have to ensure both FFS and IFS without sacrificing other important objectives. Under the name of GAS is defined the global food security which represents permanent access for the entire population of the globe to the necessary food for a healthy and active life.
-
Windows 2012 Server network security securing your Windows network systems and infrastructure
Rountree, Derrick
2013-01-01
Windows 2012 Server Network Security provides the most in-depth guide to deploying and maintaining a secure Windows network. The book drills down into all the new features of Windows 2012 and provides practical, hands-on methods for securing your Windows systems networks, including: Secure remote access Network vulnerabilities and mitigations DHCP installations configuration MAC filtering DNS server security WINS installation configuration Securing wired and wireless connections Windows personal firewall
-
Using the safety/security interface to the security manager's advantage
International Nuclear Information System (INIS)
Stapleton, B.W.
1993-01-01
Two aspects of the safety/security interface are discussed: (1) the personal safety of nuclear security officers; and (2) how the security manager can effectively deal with the safety/security interface in solving today's requirements yet supporting the overall mission of the facility. The basis of this presentation is the result of interviews, document analyses, and observations. The conclusion is that proper planning and communication between the players involved in the security/safety interface can benefit the two programs and help achieve overall system integration, ultimately contributing to the bottom line. This is especially important in today's cost conscious environment
-
Design and Implementation of GSM Based Automated Home Security System
Directory of Open Access Journals (Sweden)
Love Aggarwal
2014-05-01
Full Text Available The Automated Home Security System aims at building a security system for common households using GSM modem, sensors and microcontroller. Since many years, impeccable security system has been the prime need of every man who owns a house. The increasing crime rate has further pressed the need for it. Our system is an initiative in this direction. The system provides security function by monitoring the surroundings at home for intruders, fire, gas leakages etc. using sensors and issue alerts to the owners and local authorities by using GSM via SMS. It provides the automation function as it can control (On/Off the various home appliances while the owners are away via SMS. Thus the Automated Home Security System is self-sufficient and can be relied upon undoubtedly. Also, it is capable of establishing two way communication with its owner so that he/she can keep a watch on his/her home via sensor information or live video streaming. A camera can be installed for continuous monitoring of the system and its surroundings. The system consists of two main parts: hardware and software. Hardware consists of Microcontroller, Sensors, Buzzer and GSM modem while software is implemented by tools using Embedded ‘C’.
-
17 CFR 404.5 - Securities counts by registered government securities brokers and dealers.
2010-04-01
... registered government securities brokers and dealers. 404.5 Section 404.5 Commodity and Securities Exchanges... AND PRESERVATION OF RECORDS § 404.5 Securities counts by registered government securities brokers and dealers. (a) Securities counts. Every registered government securities broker or dealer shall comply with...
-
12 CFR 615.5454 - Creation of participant's security entitlement; security interests.
2010-01-01
... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Creation of participant's security entitlement... Procedures for Farm Credit Securities § 615.5454 Creation of participant's security entitlement; security... public money, including without limitation deposits to the Treasury tax and loan accounts, or other...
-
12 CFR 1511.4 - Creation of Participant's Security Entitlement; security interests.
2010-01-01
... 12 Banks and Banking 7 2010-01-01 2010-01-01 false Creation of Participant's Security Entitlement... CORPORATION BOOK-ENTRY PROCEDURE § 1511.4 Creation of Participant's Security Entitlement; security interests... to secure deposits of public money, including without limitation deposits to the Treasury tax and...
-
The Shaping of Managers' Security Objectives through Information Security Awareness Training
Harris, Mark A.
2010-01-01
Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…
-
Müthing, Jannis; Jäschke, Thomas; Friedrich, Christoph M
2017-10-18
Mobile health (mHealth) apps show a growing importance for patients and health care professionals. Apps in this category are diverse. Some display important information (ie, drug interactions), whereas others help patients to keep track of their health. However, insufficient transport security can lead to confidentiality issues for patients and medical professionals, as well as safety issues regarding data integrity. mHealth apps should therefore deploy intensified vigilance to protect their data and integrity. This paper analyzes the state of security in mHealth apps. The objectives of this study were as follows: (1) identification of relevant transport issues in mHealth apps, (2) development of a platform for test purposes, and (3) recommendation of practices to mitigate them. Security characteristics relevant to the transport security of mHealth apps were assessed, presented, and discussed. These characteristics were used in the development of a prototypical platform facilitating streamlined tests of apps. For the tests, six lists of the 10 most downloaded free apps from three countries and two stores were selected. As some apps were part of these top 10 lists in more than one country, 53 unique apps were tested. Out of the 53 apps tested from three European App Stores for Android and iOS, 21/53 (40%) showed critical results. All 21 apps failed to guarantee the integrity of data displayed. A total of 18 apps leaked private data or were observable in a way that compromised confidentiality between apps and their servers; 17 apps used unprotected connections; and two apps failed to validate certificates correctly. None of the apps tested utilized certificate pinning. Many apps employed analytics or ad providers, undermining user privacy. The tests show that many mHealth apps do not apply sufficient transport security measures. The most common security issue was the use of any kind of unprotected connection. Some apps used secure connections only for selected tasks
-
Food Security In South Asia: Major Challenges And Solutions
Directory of Open Access Journals (Sweden)
N. V. Galistcheva
2018-01-01
Full Text Available The subject of the study is analysis of the state of food security of the South Asian countries at the present time. The methodological basis of the study is such methods as induction and deduction, analysis and synthesis. The systematic approach to the overall study of the South Asian countries’ economy and the state of its food security in particular has become the base of this research. Historical and statistical method were used to solve the main task of the research to reveal the conditions of the region’s agricultural development and food availability and food accessibility in the region as well as to carry out an assessment of the ability of households to obtain nutritious food all year round. The author also used the comparative method to analyze the South Asian countries’ approaches to realization of food policy that has allowed to reveal the specific tools used by certain countries of the region and the common characteristics of all countries of South Asia. While selecting the research topics the author proceeded from the idea that the problem of the state of food security of the South Asian countries has not been studied for the last two decades. The research required to attract and summarize a large amount of statistical data that has been drawn from many sources including official-sites of international organizations and South Asian countries. The author also used Russian and Indian scientific journals and monographs. The article highlights the state of food security in the region in accordance with criteria offered by the FAO. The author examines the situation in the South Asian countries’ agriculture sector, its productivity, the volume of production, food waste as well as the countries’ dependency on food imports. The article also presents some information on food accessibility which is generally considered within the context of household income, food distribution systems and ability of the household to obtain food
-
Dahmen, Jessamyn; Cook, Diane J; Wang, Xiaobo; Honglei, Wang
2017-08-01
Smart home design has undergone a metamorphosis in recent years. The field has evolved from designing theoretical smart home frameworks and performing scripted tasks in laboratories. Instead, we now find robust smart home technologies that are commonly used by large segments of the population in a variety of settings. Recent smart home applications are focused on activity recognition, health monitoring, and automation. In this paper, we take a look at another important role for smart homes: security. We first explore the numerous ways smart homes can and do provide protection for their residents. Next, we provide a comparative analysis of the alternative tools and research that has been developed for this purpose. We investigate not only existing commercial products that have been introduced but also discuss the numerous research that has been focused on detecting and identifying potential threats. Finally, we close with open challenges and ideas for future research that will keep individuals secure and healthy while in their own homes.
-
Contemporary security management
Fay, John
2010-01-01
Contemporary Security Management, 3rd Edition teaches security professionals how to operate an efficient security department and how to integrate smoothly with other groups inside and outside their own organizations. Fay demonstrates the specifics of security management: * how to organize, plan, develop and manage a security operation. * how to identify vulnerabilities. * how to determine the protective resources required to offset threats. * how to implement all necessary physical and IT security measures. Security professionals share the responsibility for mitigating damage, serving as a resource to an Emergency Tactical Center, assisting the return of business continuity, and liaising with local response agencies such as police and fire departments, emergency medical responders, and emergency warning centers. At the organizational level, the book addresses budgeting, employee performance, counseling, hiring and termination, employee theft and other misconduct, and offers sound advice on building constructi...
-
Dooley, Michael
2017-01-01
An advanced Domain Name System (DNS) security resource that explores the operation of DNS, its vulnerabilities, basic security approaches, and mitigation strategies DNS Security Management offers an overall role-based security approach and discusses the various threats to the Domain Name Systems (DNS). This vital resource is filled with proven strategies for detecting and mitigating these all too frequent threats. The authors—noted experts on the topic—offer an introduction to the role of DNS and explore the operation of DNS. They cover a myriad of DNS vulnerabilities and include preventative strategies that can be implemented. Comprehensive in scope, the text shows how to secure DNS resolution with the Domain Name System Security Extensions (DNSSEC), DNS firewall, server controls, and much more. In addition, the text includes discussions on security applications facilitated by DNS, such as anti-spam, SFP, and DANE.
-
Polish Security Printing Works in the system of public and economic security
Remigiusz Lewandowski
2013-01-01
The article raises the issue of placing PWPW in the system of economic and public security. Two particular categories of security connected with PWPW business activity, i.e. identification and transactional security, have been defined and discussed in the article. The most essential factors affecting the above security categories as well as relations between identification/transactional security and economic/public security. The article indicates that PWPW plays an important role in the state...
-
Modelling security and trust with Secure Tropos
Giorgini, P.; Mouratidis, H.; Zannone, N.; Mouratidis, H.; Giorgini, P.
2006-01-01
Although the concepts of security and trust play an important issue in the development of information systems, they have been mainly neglected by software engineering methodologies. In this chapter we present an approach that considers security and trust throughout the software development process.
-
24 CFR 81.93 - Creation of Participant's Security Entitlement; security interests.
2010-04-01
... 24 Housing and Urban Development 1 2010-04-01 2010-04-01 false Creation of Participant's Security... Procedures § 81.93 Creation of Participant's Security Entitlement; security interests. (a) A Participant's... Entitlement of a Participant in favor of the United States to secure deposits of public money, including...
-
Agent of opportunity risk mitigation: people, engineering, and security efficacy.
Graham, Margaret E; Tunik, Michael G; Farmer, Brenna M; Bendzans, Carly; McCrillis, Aileen M; Nelson, Lewis S; Portelli, Ian; Smith, Silas; Goldberg, Judith D; Zhang, Meng; Rosenberg, Sheldon D; Goldfrank, Lewis R
2010-12-01
Agents of opportunity (AO) are potentially harmful biological, chemical, radiological, and pharmaceutical substances commonly used for health care delivery and research. AOs are present in all academic medical centers (AMC), creating vulnerability in the health care sector; AO attributes and dissemination methods likely predict risk; and AMCs are inadequately secured against a purposeful AO dissemination, with limited budgets and competing priorities. We explored health care workers' perceptions of AMC security and the impact of those perceptions on AO risk. Qualitative methods (survey, interviews, and workshops) were used to collect opinions from staff working in a medical school and 4 AMC-affiliated hospitals concerning AOs and the risk to hospital infrastructure associated with their uncontrolled presence. Secondary to this goal, staff perception concerning security, or opinions about security behaviors of others, were extracted, analyzed, and grouped into themes. We provide a framework for depicting the interaction of staff behavior and access control engineering, including the tendency of staff to "defeat" inconvenient access controls. In addition, 8 security themes emerged: staff security behavior is a significant source of AO risk; the wide range of opinions about "open" front-door policies among AMC staff illustrates a disparity of perceptions about the need for security; interviewees expressed profound skepticism concerning the effectiveness of front-door access controls; an AO risk assessment requires reconsideration of the security levels historically assigned to areas such as the loading dock and central distribution sites, where many AOs are delivered and may remain unattended for substantial periods of time; researchers' view of AMC security is influenced by the ongoing debate within the scientific community about the wisdom of engaging in bioterrorism research; there was no agreement about which areas of the AMC should be subject to stronger access
-
6 CFR 7.10 - Authority of the Chief Security Officer, Office of Security.
2010-01-01
...) Direct and administer DHS implementation and compliance with the National Industrial Security Program in... 6 Domestic Security 1 2010-01-01 2010-01-01 false Authority of the Chief Security Officer, Office of Security. 7.10 Section 7.10 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE...
-
Rehan, S. C.
This document has been written to help Site Managers secure their Unix hosts from being compromised by hackers. I have given brief introductions to the security tools along with downloading, configuring and running information. I have also included a section on my recommendations for installing these security tools starting from an absolute minimum security requirement.
-
Center for Homeland Defense and Security Homeland Security Affairs Journal
2015-01-01
Homeland Security Affairs is the peer-reviewed online journal of the Center for Homeland Defense and Security (CHDS). The journal provides a forum to propose and debate strategies, policies and organizational arrangements to strengthen U.S. homeland security.
-
18 CFR 1314.5 - Creation of Participant's Security Entitlement; security interests.
2010-04-01
... 18 Conservation of Power and Water Resources 2 2010-04-01 2010-04-01 false Creation of Participant... FEDERAL RESERVE BANKS § 1314.5 Creation of Participant's Security Entitlement; security interests. (a) A... Security Entitlement of a Participant in favor of the United States to secure deposits of public money...
-
Secure Transportation Management
International Nuclear Information System (INIS)
Gibbs, P. W.
2014-01-01
Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.
-
Scarioni, Carlo
2013-01-01
Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications
-
ICT security- aspects important for nuclear facilities; Information and Communication Technologies
Energy Technology Data Exchange (ETDEWEB)
Thunem, Atoosa P-J.
2005-09-15
Rapid application growth of complex Information and Communication Technologies (ICT) in every society and state infrastructure as well as industry has revealed vulnerabilities that eventually have given rise to serious security breaches. These vulnerabilities together with the course of the breaches from cause to consequence are gradually about to convince the field experts that ensuring the security of ICT-driven systems is no longer possible by only relying on the fundaments of computer science, IT, or telecommunications. Appropriating knowledge from other disciplines is not only beneficial, but indeed very necessary. At the same time, it is a common observation today that ICT-driven systems are used everywhere, from the nuclear, aviation, commerce and healthcare domains to camera-equipped web-enabled cellular phones. The increasing interdisciplinary and inter-sectoral aspects of ICT security worldwide have been providing updated and useful information to the nuclear domain, as one of the emerging users of ICT-driven systems. Nevertheless, such aspects have also contributed to new and complicated challenges, as ICT security for the nuclear domain is in a much more delicate manner than for any other domains related to the concept of safety, at least from the public standpoint. This report addresses some important aspects of ICT security that need to be considered at nuclear facilities. It deals with ICT security and the relationship between security and safety from a rather different perspective than usually observed and applied. The report especially highlights the influence on the security of ICT-driven systems by all other dependability factors, and on that basis suggests a framework for ICT security profiling, where several security profiles are assumed to be valid and used in parallel for each ICT-driven system, sub-system or unit at nuclear facilities. The report also covers a related research topic of the Halden Project with focus on cyber threats and
-
Pro PHP Security From Application Security Principles to the Implementation of XSS Defenses
Snyder, Chris; Southwell, Michael
2010-01-01
PHP security, just like PHP itself, has advanced. Updated for PHP 5.3, the second edition of this authoritative PHP security book covers foundational PHP security topics like SQL injection, XSS, user authentication, and secure PHP development. Chris Snyder and Tom Myer also dive into recent developments like mobile security, the impact of Javascript, and the advantages of recent PHP hardening efforts. Pro PHP Security, Second Edition will serve as your complete guide for taking defensive and proactive security measures within your PHP applications. Beginners in secure programming will find a l
-
The Extended Concept of Security and the Czech Security Practice
Libor Stejskal; Antonín Rašek; Miloš Balabán
2008-01-01
According to the extended concept of security, the nation state is no longer the sole privileged reference object of security. The traditional model of national security is developing from military terms to a broader concept which embraces the international, economic, social, environmental, and human rights dimensions of security. The meaning and relevance of the concept is being extended “upwards”, to international organisations, and “downwards”, to regional and local authorities, non-govern...
-
Energy Technology Data Exchange (ETDEWEB)
NONE
2006-02-15
In this report a common definition of the system operator's core activities in the Nordic countries is identified and also a list of non-core activities is introduced. As a starting point the common tasks for system responsibility as identified by Nordel has been used for the work. The term TSO (Transmission System Operator) is employed as a common denominator in the report. It is found out that the TSOs carry out common core activities in the roles as a transmission operator, a system operator and a balance settlement responsible. The core activities for the TSO as a transmission network operator are: Maintain the adequate transmission system in the long run and network development plan on the national as well as on the Nordic level using sophisticated analysis and planning methods and tools. Plan the transmission network on the national as well as on the Nordic level utilising new investments, renewal and maintenance of existing network components so that the network is secure to operate and adequate transmission capacity is guaranteed. Aim at timely network expansions using enhanced information exchange between the Nordic TSOs, and on the national level between the TSO and distribution and regional network operators, large consumers and large producers. Secure the technical compatibility with networks across the border and within a country by establishing connection requirements on the national level and ensuring that the national requirements are compatible across the Nordic power system. The core activities for the TSO as a system operator are: Define common technical requirements for the secure system operation using common planning, operation, connection and data exchange procedures. Secure the system operation with the operational planning for the following year by using information exchange between TSOs enabling the TSOs to make the best possible forecast of the global grid situation in order to assess the flows in their network and the available
-
Safeguards and security progress report, January-December 1983
Energy Technology Data Exchange (ETDEWEB)
Smith, D.B. (comp.)
1984-09-01
From January to December 1983, the Los Alamos Safeguards and Security Program was involved in the activities described in the first four parts of this report: Nuclear Facility Support, Security Development and Support, Safeguards Technology Development, and International Safeguards. Part 1 covers efforts of direct assistance to the Department of Energy (DOE) and Nuclear Regulatory Commission (NRC) licensee facilities. This assistance includes consultation on materials accounting problems, development of specialized techniques and instruments, and comprehensive participation in the design and implementation of advanced safeguards systems. In addition, a series of training courses in various aspects of safeguards makes the technology more accessible to those who must apply it. Part 2 treats activities aimed at the security of information and computer systems. Our focus this peiod was on continuing the activities of the Computer Security Center, which provides the basis for encouraging and disseminating this emerging technology, and on the development and demonstration of secure computer systems. Part 3 describes the broad development efforts essential to continuing improvements in the practice of safeguards. Although these projects are properly classified as developmental, they address recognized problems that commonly occur in operating facilities. Finally, Part 4 covers international safeguards activities, including both support to the International Atomic Energy Agency and bilateral exchanges. Enrichment plant safeguards, especially those concerning the Gas Centrifuge Enrichment Plant, required a significant portion of our resources. These efforts are beginning to provide substantial returns on our investment in technology transfer, not only in raising the level of safeguards effectiveness but also in our benefiting from field experiences in operating environments.
-
Safeguards and security progress report, January-December 1985
International Nuclear Information System (INIS)
1987-03-01
From January to December 1985, the Los Alamos Safeguards and Security Program was involved in the activities described in the first four parts of this report: Safeguards Operations, Security Development and Support, Safeguards Technology Development, and International Support. Part 1 covers efforts of direct assistance to the Department of Energy and Nuclear Regulatory Commission licensee facilities. This assistance includes consultation on materials accounting problems, development and demonstration of specialized techniques and instruments, and comprehensive participation in the design and evaluation of advanced safeguards systems. In addition, a series of training courses in various aspects of safeguards makes the technology more accessible to those who must apply it. Part 2 treats activities aimed at the security of information and computer systems. Our focus this period was on continuing the activities of the Center for Computer Security, which provides the basis for encouraging and disseminating this emerging technology, and on the development and demonstration of secure computer systems. Part 3 describes the broad development efforts essential to continuing improvements in the practice of safeguards. Although these projects are properly classified as developmental, they address recognized problems that commonly occur in operating facilities. Finally, Part 4 covers international safeguards activities, including both support to the International Atomic Energy Agency and bilateral exchanges. Enrichment plant safeguards and international safeguards for reprocessing plants required a significant portion of our resources. All of these efforts are beginning to provide substantial returns on our investment in technology transfer, not only in raising the level of safeguards effectiveness but also in our benefiting from field experiences in operating environments
-
Safeguards and security progress report, January-December 1985
Energy Technology Data Exchange (ETDEWEB)
1987-03-01
From January to December 1985, the Los Alamos Safeguards and Security Program was involved in the activities described in the first four parts of this report: Safeguards Operations, Security Development and Support, Safeguards Technology Development, and International Support. Part 1 covers efforts of direct assistance to the Department of Energy and Nuclear Regulatory Commission licensee facilities. This assistance includes consultation on materials accounting problems, development and demonstration of specialized techniques and instruments, and comprehensive participation in the design and evaluation of advanced safeguards systems. In addition, a series of training courses in various aspects of safeguards makes the technology more accessible to those who must apply it. Part 2 treats activities aimed at the security of information and computer systems. Our focus this period was on continuing the activities of the Center for Computer Security, which provides the basis for encouraging and disseminating this emerging technology, and on the development and demonstration of secure computer systems. Part 3 describes the broad development efforts essential to continuing improvements in the practice of safeguards. Although these projects are properly classified as developmental, they address recognized problems that commonly occur in operating facilities. Finally, Part 4 covers international safeguards activities, including both support to the International Atomic Energy Agency and bilateral exchanges. Enrichment plant safeguards and international safeguards for reprocessing plants required a significant portion of our resources. All of these efforts are beginning to provide substantial returns on our investment in technology transfer, not only in raising the level of safeguards effectiveness but also in our benefiting from field experiences in operating environments.
-
Safeguards and security progress report, January-December 1983
International Nuclear Information System (INIS)
Smith, D.B.
1984-09-01
From January to December 1983, the Los Alamos Safeguards and Security Program was involved in the activities described in the first four parts of this report: Nuclear Facility Support, Security Development and Support, Safeguards Technology Development, and International Safeguards. Part 1 covers efforts of direct assistance to the Department of Energy (DOE) and Nuclear Regulatory Commission (NRC) licensee facilities. This assistance includes consultation on materials accounting problems, development of specialized techniques and instruments, and comprehensive participation in the design and implementation of advanced safeguards systems. In addition, a series of training courses in various aspects of safeguards makes the technology more accessible to those who must apply it. Part 2 treats activities aimed at the security of information and computer systems. Our focus this peiod was on continuing the activities of the Computer Security Center, which provides the basis for encouraging and disseminating this emerging technology, and on the development and demonstration of secure computer systems. Part 3 describes the broad development efforts essential to continuing improvements in the practice of safeguards. Although these projects are properly classified as developmental, they address recognized problems that commonly occur in operating facilities. Finally, Part 4 covers international safeguards activities, including both support to the International Atomic Energy Agency and bilateral exchanges. Enrichment plant safeguards, especially those concerning the Gas Centrifuge Enrichment Plant, required a significant portion of our resources. These efforts are beginning to provide substantial returns on our investment in technology transfer, not only in raising the level of safeguards effectiveness but also in our benefiting from field experiences in operating environments
-
International Organization for Standardization. Geneva
2005-01-01
ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...
-
Social Security Administration — The Social Security Bulletin (ISSN 1937-4666) is published quarterly by the Social Security Administration. The Bulletin is prepared in the Office of Retirement and...
-
Makan, Keith
2013-01-01
Android Security Cookbook' breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabilities in the form of detailed recipes and walkthroughs.""Android Security Cookbook"" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from
-
CERN. Geneva
2004-01-01
The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.
-
Inggrid; Arfianti, Rizka I; Utami, Viany
2009-01-01
Abstract The fast growth of technology has an impact to the accounting field. This relates to the term of information technology (17) auditing. One of the risI6 of using information technology in business which can be fatal enough i fignored is security risk Security risk can be reduced by security controls which include physical security control and logical security contra Information technology auditing is the process of collecting and evaluating evidence to determine whether or not a co...
-
PCI DSS: Security Standard and Security in Fact
M. V. Kuzin
2011-01-01
The article focuses on Payment Card Industry Data Security Standard (PCI DSS) requirements and practices, especially it’s issues and disadvantages to achieve the main goal — security of payment cards infrastructure.
-
El-Bawab, Abd El-Monem A
2014-01-01
If you are a security engineer or a system administrator and want to secure your server infrastructure with the feature-rich Untangle, this book is for you. For individuals who want to start their career in the network security field, this book would serve as a perfect companion to learn the basics of network security and how to implement it using Untangle NGFW.
-
Foundational aspects of security
DEFF Research Database (Denmark)
Chatzikokolakis, Konstantinos; Mödersheim, Sebastian Alexander; Palamidessi, Catuscia
2014-01-01
This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security.......This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security....
-
Foreign-funded M&A Poses No Threatto China’s Economic Security
Institute of Scientific and Technical Information of China (English)
王志乐
2007-01-01
Foreign funded M■A(Mergers ■ Acquisitions) activity is becoming increasingly common in China.In this article Wang Zhile assesses the effects and risks associated with M■A,finding that foreign funded M■A activity is immensely beneficial to China and poses no threat to economic security.
-
Improved Optical Document Security Techniques Based on Volume Holography and Lippmann Photography
Bjelkhagen, Hans I.
Optical variable devices (OVDs), such as holograms, are now common in the field of document security. Up until now mass-produced embossed holograms or other types of mass-produced OVDs are used not only for banknotes but also for personalized documents, such as passports, ID cards, travel documents, driving licenses, credit cards, etc. This means that identical OVDs are used on documents issued to individuals. Today, there is need for a higher degree of security on such documents and this chapter covers new techniques to make improved mass-produced or personalized OVDs.
-
Energy Technology Data Exchange (ETDEWEB)
Cuellar, Jorge (ed.) [Siemens AG, Muenchen (Germany). Corporate Technology
2013-11-01
The engineering, deployment and security of the future smart grid will be an enormous project requiring the consensus of many stakeholders with different views on the security and privacy requirements, not to mention methods and solutions. The fragmentation of research agendas and proposed approaches or solutions for securing the future smart grid becomes apparent observing the results from different projects, standards, committees, etc, in different countries. The different approaches and views of the papers in this collection also witness this fragmentation. This book contains the following papers: 1. IT Security Architecture Approaches for Smart Metering and Smart Grid. 2. Smart Grid Information Exchange - Securing the Smart Grid from the Ground. 3. A Tool Set for the Evaluation of Security and Reliability in Smart Grids. 4. A Holistic View of Security and Privacy Issues in Smart Grids. 5. Hardware Security for Device Authentication in the Smart Grid. 6. Maintaining Privacy in Data Rich Demand Response Applications. 7. Data Protection in a Cloud-Enabled Smart Grid. 8. Formal Analysis of a Privacy-Preserving Billing Protocol. 9. Privacy in Smart Metering Ecosystems. 10. Energy rate at home Leveraging ZigBee to Enable Smart Grid in Residential Environment.
-
Securing abundance : The politics of energy security
Kester, Johannes
2016-01-01
Energy Security is a concept that is known in the literature for its ‘slippery’ nature and subsequent wide range of definitions. Instead of another attempt at grasping the essence of this concept, Securing Abundance reformulates the problem and moves away from a definitional problem to a theoretical
-
Professional Cocoa Application Security
Lee, Graham J
2010-01-01
The first comprehensive security resource for Mac and iPhone developers. The Mac platform is legendary for security, but consequently, Apple developers have little appropriate security information available to help them assure that their applications are equally secure. This Wrox guide provides the first comprehensive go-to resource for Apple developers on the available frameworks and features that support secure application development.: While Macs are noted for security, developers still need to design applications for the Mac and the iPhone with security in mind; this guide offers the first
-
Information Systems Security Audit
Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu
2007-01-01
The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.
-
Ecological and Economic Problems of Environmental Security
Directory of Open Access Journals (Sweden)
Mashchenko Maryna A.
2018-03-01
Full Text Available The article is aimed at defining a common mechanism for assessing the ecological and economic threats and ecological losses on the basis of a long-term study to ensure the environmental security of the State. The necessity of a new approach to the State regulation through achievement of environmental security is displayed, that will allow to reduce tensions of the ecological-economic problems in Ukraine. For implementation of this approach, a general mechanism for estimation of ecological-economic threats and ecological losses is provided, which is carried out through formation of an integral costs system. The costs system is presented in the article in the form of an in-depth mechanism for estimating the ecological-economic threats on the example of ecological impacts. Structuring and preparation of the costs system for applied researches is the next stage of this prolonged research.
-
RISK MANAGEMENT FROM THE INFORMATION SECURITY PERSPECTIVE
Directory of Open Access Journals (Sweden)
Riza Ionuț
2017-11-01
Full Text Available Risk management has emerged ever since the appearance of human communities and it has developed at a slow rate. Over time, a significant improvement was made, from accepting hazards to the identification, evaluation and control of unwanted events, threat prevention and exploitation of opportunities through scientific risk management actions. The fundamental role of research in cyber security is to concentrate the efforts on those contexts and conditions which determine the way in which key players reach a common understanding of the way to conceive and eventually answer to certain challenges in cyber security. In order to build a clear perception of these effects, this work presents the main elements which define cyber space, to come to the aid of turning the management process into an efficient one, especially when talking about cyber space as a space for conflicts, both economic and political.
-
Implementing Cyber Security Requirements and Mechanisms in Microgrids
Mohan , Apurva; Khurana , Himanshu
2015-01-01
Part 4: INFRASTRUCTURE SECURITY; International audience; A microgrid is a collection of distributed energy resources, storage and loads under common coordination and control that provides a single functional interface to enable its management as a single unit. Microgrids provide several advantages such as power quality control, uninterrupted power supply and integration of renewable resources. However, microgrids are increasingly connected to the Internet for remote control and management, wh...
-
Spears, Janine L.; Parrish, James L., Jr.
2013-01-01
This teaching case introduces students to a relatively simple approach to identifying and documenting security requirements within conceptual models that are commonly taught in systems analysis and design courses. An introduction to information security is provided, followed by a classroom example of a fictitious company, "Fun &…
-
Information Security Maturity Model
Information Security Maturity Model
2011-01-01
To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...
-
Security Inequalities in North America: Reassessing Regional Security Complex Theory
Directory of Open Access Journals (Sweden)
Richard Kilroy
2017-12-01
Full Text Available This article re-evaluates earlier work done by the authors on Regional Security Complex Theory (RSCT in North America, using sectoral analysis initially developed by Buzan and Waever, but also adding the variables of institutions, identity, and interests. These variables are assessed qualitatively in the contemporary context on how they currently impress upon the process of securitization within sectoral relations between Canada, Mexico, and the United States. The article reviews the movement from bilateral security relations between these states to the development of a trilateral response to regional security challenges post- 9/11. It further addresses the present period and what appears to be a security process derailed by recent political changes and security inequalities, heightened by the election of Donald Trump in 2016. The article argues that while these three states initially evinced a convergence of regional security interests after 9/11, which did create new institutional responses, under the current conditions, divergence in political interests and security inequalities have reduced the explanatory power of RSCT in North America. Relations between states in North American are becoming less characterized by the role of institutions and interests and more by identity politics in the region.
-
Fuelling Insecurity? Sino-Myanmar Energy Cooperation and Human Security in Myanmar
Botel, Gabriel
literature in human security rarely applied in this context. This includes a brief review of human security and Sino-Myanmar relations, and is grounded in an empirical analysis of Chinese investment in Myanmar's hydropower and oil and gas sectors. Ultimately, this thesis argues that, while insightful, many traditional interpretations of Sino-Myanmar energy cooperation overlook the security interests of those worst affected. Furthermore, that the worst excesses of Chinese companies in Myanmar are not unique to China, but common across all investors in the regime, Western or otherwise.
-
Casajús Ramo, A
2006-01-01
DIRAC is the LHCb Workload and Data Management System. Based on a service-oriented architecture, it enables generic distributed computing with lightweight Agents and Clients for job execution and data transfers. DIRAC implements a client-server architecture exposing server methods through XML Remote Procedure Call (XML-RPC) protocol. DIRAC is mostly coded in python. DIRAC security infrastructure has been designed to be a completely generic XML-RPC transport over a SSL tunnel. This new security layer is able to handle standard X509 certificates as well as grid-proxies to authenticate both sides of the connection. Serve and client authentication relies over OpenSSL and py-Open SSL, but to be able to handle grid proxies some modifications have been added to those libraries. DIRAC security infrastructure handles authorization and authorization as well as provides extended capabilities like secure connection tunneling and file transfer. Using this new security infrastructure all LHCb users can safely make use o...
-
PCI DSS: Security Standard and Security in Fact
Directory of Open Access Journals (Sweden)
M. V. Kuzin
2011-12-01
Full Text Available The article focuses on Payment Card Industry Data Security Standard (PCI DSS requirements and practices, especially it’s issues and disadvantages to achieve the main goal — security of payment cards infrastructure.
-
Why SCADA security is NOT like Computer Centre Security
CERN. Geneva
2014-01-01
Today, the industralized world lives in symbiosis with control systems (aka SCADA systems): it depends on power distribution, oil production, public transport, automatic production lines. While the convenience is at hand, still too many control systems are designed without any security in mind, lack basic security protections, and are not even robust enough to withstand basic attacks. The Stuxnet worm attacking Siemens PLCs in 2010 was another close call. Attackers currently enjoy hacking control systems, and aim to switch lights off. This presentation shall recap the current situation and discuss the differences (or not) between computer center cyber-security and control system cyber-security.
-
Comparison of Routable Control System Security Approaches
Energy Technology Data Exchange (ETDEWEB)
Edgar, Thomas W.; Hadley, Mark D.; Carroll, Thomas E.; Manz, David O.; Winn, Jennifer D.
2011-06-01
This document is an supplement to the 'Secure and Efficient Routable Control Systems.' It addressed security in routable control system communication. The control system environment that monitors and manages the power grid historically has utilized serial communication mechanisms. Leased-line serial communication environments operating at 1200 to 9600 baud rates are common. However, recent trends show that communication media such as fiber, optical carrier 3 (OC-3) speeds, mesh-based high-speed wireless, and the Internet are becoming the media of choice. In addition, a dichotomy has developed between the electrical transmission and distribution environments, with more modern communication infrastructures deployed by transmission utilities. The preceding diagram represents a typical control system. The Communication Links cloud supports all of the communication mechanisms a utility might deploy between the control center and devices in the field. Current methodologies used for security implementations are primarily led by single vendors or standards bodies. However, these entities tend to focus on individual protocols. The result is an environment that contains a mixture of security solutions that may only address some communication protocols at an increasing operational burden for the utility. A single approach is needed that meets operational requirements, is simple to operate, and provides the necessary level of security for all control system communication. The solution should be application independent (e.g., Distributed Network Protocol/Internet Protocol [DNP/IP], International Electrotechnical Commission [IEC] C37.118, Object Linking and Embedding for Process Control [OPC], etc.) and focus on the transport layer. In an ideal setting, a well-designed suite of standards for control system communication will be used for vendor implementation and compliance testing. An expected outcome of this effort is an international standard.
-
Embedded Java security security for mobile devices
Debbabi, Mourad; Talhi, Chamseddine
2007-01-01
Java brings more functionality and versatility to the world of mobile devices, but it also introduces new security threats. This book contains a presentation of embedded Java security and presents the main components of embedded Java. It gives an idea of the platform architecture and is useful for researchers and practitioners.
-
Device-independent two-party cryptography secure against sequential attacks
International Nuclear Information System (INIS)
Kaniewski, Jędrzej; Wehner, Stephanie
2016-01-01
The goal of two-party cryptography is to enable two parties, Alice and Bob, to solve common tasks without the need for mutual trust. Examples of such tasks are private access to a database, and secure identification. Quantum communication enables security for all of these problems in the noisy-storage model by sending more signals than the adversary can store in a certain time frame. Here, we initiate the study of device-independent (DI) protocols for two-party cryptography in the noisy-storage model. Specifically, we present a relatively easy to implement protocol for a cryptographic building block known as weak string erasure and prove its security even if the devices used in the protocol are prepared by the dishonest party. DI two-party cryptography is made challenging by the fact that Alice and Bob do not trust each other, which requires new techniques to establish security. We fully analyse the case of memoryless devices (for which sequential attacks are optimal) and the case of sequential attacks for arbitrary devices. The key ingredient of the proof, which might be of independent interest, is an explicit (and tight) relation between the violation of the Clauser–Horne–Shimony–Holt inequality observed by Alice and Bob and uncertainty generated by Alice against Bob who is forced to measure his system before finding out Alice’s setting (guessing with postmeasurement information). In particular, we show that security is possible for arbitrarily small violation. (paper)
-
Elgamal Elliptic Curve Based Secure Communication Architecture for Microgrids
Directory of Open Access Journals (Sweden)
Sarmadullah Khan
2018-03-01
Full Text Available Microgrids play an important role in today’s power systems as the distributed generation is becoming increasingly common. They can operate in two possible modes: (i standalone and (ii grid-connected. The transitional state from standalone to grid-connected mode is very critical and requires the microgrid to be synchronized with the main grid. Thus, secure, reliable and trustworthy control and communication is utmost necessary to prevent out-of-sync connection which could severely damage the microgrid and/or the main grid. Existing solutions consume more resources and take long time to establish a secure connection. The objective of the proposed work is to reduce the connection establishment time by using efficient computational algorithms and save the resources. This paper proposes a secure authentication and key establishment mechanism for ensuring safe operation and control of the microgrids. The proposed approach uses the concept of Elgamal with slight modification. Private key of the sender is used instead of a random number. The proposed modification ensures the non repudiation. This paper also presents a system threat model along with security network architecture and evaluates the performance of proposed algorithm in protecting microgrid communication against man in the middle attacks and replay attacks that could delay the packets to damage the system and need to be detected. Mathematical modeling and simulation results show that the proposed algorithm performs better than the existing protocols in terms of connection establishment, resource consumption and security level.
-
Device-independent two-party cryptography secure against sequential attacks
Kaniewski, Jędrzej; Wehner, Stephanie
2016-05-01
The goal of two-party cryptography is to enable two parties, Alice and Bob, to solve common tasks without the need for mutual trust. Examples of such tasks are private access to a database, and secure identification. Quantum communication enables security for all of these problems in the noisy-storage model by sending more signals than the adversary can store in a certain time frame. Here, we initiate the study of device-independent (DI) protocols for two-party cryptography in the noisy-storage model. Specifically, we present a relatively easy to implement protocol for a cryptographic building block known as weak string erasure and prove its security even if the devices used in the protocol are prepared by the dishonest party. DI two-party cryptography is made challenging by the fact that Alice and Bob do not trust each other, which requires new techniques to establish security. We fully analyse the case of memoryless devices (for which sequential attacks are optimal) and the case of sequential attacks for arbitrary devices. The key ingredient of the proof, which might be of independent interest, is an explicit (and tight) relation between the violation of the Clauser-Horne-Shimony-Holt inequality observed by Alice and Bob and uncertainty generated by Alice against Bob who is forced to measure his system before finding out Alice’s setting (guessing with postmeasurement information). In particular, we show that security is possible for arbitrarily small violation.
-
Security Protocols in a Nutshell
Toorani, Mohsen
2016-01-01
Security protocols are building blocks in secure communications. They deploy some security mechanisms to provide certain security services. Security protocols are considered abstract when analyzed, but they can have extra vulnerabilities when implemented. This manuscript provides a holistic study on security protocols. It reviews foundations of security protocols, taxonomy of attacks on security protocols and their implementations, and different methods and models for security analysis of pro...
-
Kyrgyzstan's security problems today
Abduvalieva, Ryskul
2009-01-01
Regional stability and security consist of two levels-the external security of each country at the regional level and the internal security of each of them individually. A state's external and internal security are closely interrelated concepts. It stands to reason that ensuring internal security and stability is the primary and most important task. But the external aspect also requires attention. This article takes a look at the most important problems of ensuring Kyrgyzstan's security.
-
“The Thinking Eye” and “The Open Sky:” Developing a Framework of an Environmental View of Security
Directory of Open Access Journals (Sweden)
Dr. Helen MARGARITOU-ANDRIANESSI
2016-07-01
Full Text Available Discussion of security integration began with discussion of the threatened local time-frame of our existence and preferred forms of behavior. We examine strategic requirements and stances toward environmental security, because the “gestalt thinking and ontology” and the “reflective cast of mind” influence our experience of security procedures in order to evaluate successful modes of interventions in ecosystem, changes in politics and security exchanges. The goal is a multi-criterion optimization problem which we suggest to bring to a single criterion one: to embrace more gestalt relations in order to reproduce the basic elements of the concept of security and common strategies.
-
10 CFR 73.28 - Security background checks for secure transfer of nuclear materials.
2010-01-01
... 10 Energy 2 2010-01-01 2010-01-01 false Security background checks for secure transfer of nuclear... PLANTS AND MATERIALS Physical Protection of Special Nuclear Material in Transit § 73.28 Security background checks for secure transfer of nuclear materials. Licensees are excepted from the security...
-
Langley, P.
2017-01-01
What is the contemporary relation between finance and security? This essay encourages further research into the securitization of finance by developing the notion of ‘finance/security/life’. A focus on the intersections of finance/security/life will be shown to prompt a broadened range of critical, cross-disciplinary concerns with the various ways in which financial markets are positioned as vital to securing wealth, welfare and wellbeing.
-
Rethinking energy security in Asia. A non-traditional view of human security
Energy Technology Data Exchange (ETDEWEB)
Caballero-Anthony, Mely [Nanyang Technological Univ., Singapore (SG). Centre for Non-Traditional Security (NTS) Studies; Chang, Youngho [Nanyang Technological Univ., Singapore (Singapore). Division of Economics; Putra, Nur Azha (eds.) [National Univ. of Singapore (Singapore). Energy Security Division
2012-07-01
Traditional notions of security are premised on the primacy of state security. In relation to energy security, traditional policy thinking has focused on ensuring supply without much emphasis on socioeconomic and environmental impacts. Non-traditional security (NTS) scholars argue that threats to human security have become increasingly prominent since the end of the Cold War, and that it is thus critical to adopt a holistic and multidisciplinary approach in addressing rising energy needs. This volume represents the perspectives of scholars from across Asia, looking at diverse aspects of energy security through a non-traditional security lens. The issues covered include environmental and socioeconomic impacts, the role of the market, the role of civil society, energy sustainability and policy trends in the ASEAN region.
-
Objective and Essential Elements of a State's Nuclear Security Regime. Nuclear Security Fundamentals
International Nuclear Information System (INIS)
2013-01-01
The possibility that nuclear material or other radioactive material could be used for criminal purposes or intentionally used in an unauthorized manner cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material and to respond effectively to nuclear security events. States have agreed to strengthen existing instruments and have established new international legal instruments to enhance nuclear security worldwide. Nuclear security is fundamental in the management of nuclear technologies and in applications where nuclear material or other radioactive material is used or transported. Through its nuclear security programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in such material; national response plans; and contingency measures. With its Nuclear Security Series, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. The IAEA Nuclear Security Series comprises: Nuclear Security Fundamentals, which include the objective and essential elements of a State's nuclear security regime; Recommendations; Implementing Guides; and Technical Guidance. Each State carries the full responsibility for nuclear security. Specifically, each State has the responsibility to provide for the security of nuclear material and other radioactive material and their associated facilities and activities; to ensure the security of such material in use, storage, or in transport; to combat illicit trafficking and the inadvertent movement of
-
Transportation Security Administration
... content Official website of the Department of Homeland Security Transportation Security Administration A - Z Index Blog What Can I ... Search form Search the Site Main menu Travel Security Screening Special Procedures TSA Pre✓® Passenger Support Travel ...
-
Indian Academy of Sciences (India)
First page Back Continue Last page Overview Graphics. Secure. Secure. Server – Intruder prevention/detection; Network – Encryption, PKI; Client - Secure. Fraud detection based on audit trails. Automatic alerts like credit-card alerts based on suspicious patterns.
-
Security guide for subcontractors
Energy Technology Data Exchange (ETDEWEB)
Adams, R.C.
1991-01-01
This security guide of the Department of Energy covers contractor and subcontractor access to DOE and Mound facilities. The topics of the security guide include responsibilities, physical barriers, personnel identification system, personnel and vehicular access controls, classified document control, protecting classified matter in use, storing classified matter repository combinations, violations, security education clearance terminations, security infractions, classified information nondisclosure agreement, personnel security clearances, visitor control, travel to communist-controlled or sensitive countries, shipment security, and surreptitious listening devices.
-
Managing Cisco network security
Knipp, Eric
2002-01-01
An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...
-
Securing Digital Audio using Complex Quadratic Map
Suryadi, MT; Satria Gunawan, Tjandra; Satria, Yudi
2018-03-01
In This digital era, exchanging data are common and easy to do, therefore it is vulnerable to be attacked and manipulated from unauthorized parties. One data type that is vulnerable to attack is digital audio. So, we need data securing method that is not vulnerable and fast. One of the methods that match all of those criteria is securing the data using chaos function. Chaos function that is used in this research is complex quadratic map (CQM). There are some parameter value that causing the key stream that is generated by CQM function to pass all 15 NIST test, this means that the key stream that is generated using this CQM is proven to be random. In addition, samples of encrypted digital sound when tested using goodness of fit test are proven to be uniform, so securing digital audio using this method is not vulnerable to frequency analysis attack. The key space is very huge about 8.1×l031 possible keys and the key sensitivity is very small about 10-10, therefore this method is also not vulnerable against brute-force attack. And finally, the processing speed for both encryption and decryption process on average about 450 times faster that its digital audio duration.
-
Applications of superconducting bolometers in security imaging
International Nuclear Information System (INIS)
Luukanen, A; Leivo, M M; Rautiainen, A; Grönholm, M; Toivanen, H; Grönberg, L; Helistö, P; Mäyrä, A; Aikio, M; Luukanen, A; Grossman, E N
2012-01-01
Millimeter-wave (MMW) imaging systems are currently undergoing deployment World-wide for airport security screening applications. Security screening through MMW imaging is facilitated by the relatively good transmission of these wavelengths through common clothing materials. Given the long wavelength of operation (frequencies between 20 GHz to ∼ 100 GHz, corresponding to wavelengths between 1.5 cm and 3 mm), existing systems are suited for close-range imaging only due to substantial diffraction effects associated with practical aperture diameters. The present and arising security challenges call for systems that are capable of imaging concealed threat items at stand-off ranges beyond 5 meters at near video frame rates, requiring substantial increase in operating frequency in order to achieve useful spatial resolution. The construction of such imaging systems operating at several hundred GHz has been hindered by the lack of submm-wave low-noise amplifiers. In this paper we summarize our efforts in developing a submm-wave video camera which utilizes cryogenic antenna-coupled microbolometers as detectors. Whilst superconducting detectors impose the use of a cryogenic system, we argue that the resulting back-end complexity increase is a favorable trade-off compared to complex and expensive room temperature submm-wave LNAs both in performance and system cost.
-
Computer Security: SAHARA - Security As High As Reasonably Achievable
Stefan Lueders, Computer Security Team
2015-01-01
History has shown us time and again that our computer systems, computing services and control systems have digital security deficiencies. Too often we deploy stop-gap solutions and improvised hacks, or we just accept that it is too late to change things. In my opinion, this blatantly contradicts the professionalism we show in our daily work. Other priorities and time pressure force us to ignore security or to consider it too late to do anything… but we can do better. Just look at how “safety” is dealt with at CERN! “ALARA” (As Low As Reasonably Achievable) is the objective set by the CERN HSE group when considering our individual radiological exposure. Following this paradigm, and shifting it from CERN safety to CERN computer security, would give us “SAHARA”: “Security As High As Reasonably Achievable”. In other words, all possible computer security measures must be applied, so long as ...
-
Energy Security of Russia and the EU: Current Legal Problems
International Nuclear Information System (INIS)
Seliverstov, S.
2009-01-01
Security of energy supply is a cornerstone of European energy policy. It receives specific mention both in the Constitution Treaty and in the Lisbon Treaty. Of course, energy and energy-generated revenues are vital for Russia as well. It is a common understanding that Russia and the EU are extremely interdependent in terms of energy. On the one hand, Russia is the strategic energy supplier to the EU as a whole; for some member states Russian supplies represent the only source of the external energy flows. On the other hand, the revenues generated from the west-bound supplies of oil and gas constitute a significant share of the overall export income and of the budget of Russian Federation. Taking the interdependency as a point of departure the present article answers the following questions: What are the differences and the similarities in the European and the Russian approaches towards security of energy supply? Is their understanding of energy security so different? What are the current legal instruments guiding interaction in this sphere? What are the actual trends that could give some indication of how the situation may develop in the future? - While the concepts of 'security of energy supplies' or of 'energy security' are theoretical in nature, the ways the concepts are understood and the legal framework for them directly influences the way they are applied in practice. (author)
-
William C. Figg, Ph.D.; Hwee Joo Kam, M.S.
2011-01-01
Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs an...
-
2014-01-01
Cloud computing has brought great benefits in cost and flexibility for provisioning services. The greatest challenge of cloud computing remains however the question of security. The current standard tools in access control mechanisms and cryptography can only partly solve the security challenges of cloud infrastructures. In the recent years of research in security and cryptography, novel mechanisms, protocols and algorithms have emerged that offer new ways to create secure services atop cloud...
-
Directory of Open Access Journals (Sweden)
Stevanović Miroslav
2016-01-01
Full Text Available Peaceful future based on common values, as a motive for the integration of the peoples of Europe, implies discontinuity with value-concepts that were the cause of conflicts. When the European Union and its member states ignore the promotion of the Ustasha's ideological concept which caused great evil to Serbia, as a neighboring country and a candidate for EU membership, the doubt arises whether the current value concept contains elements of challenge for the candidate's national security. In this article, we assume that the historical legacy of Nazism has influenced the shaping of European values. The analysis starts from the Nazi views embodied in the root of the interest for unity of Europe, and the factors of influence of the Nazi value order after World War II. The idea of unified Europe can be attributed to Nazis, who had territorial ambitions in terms of Europe as the living space of the Germanic race, under the dominance of Germany. During the war, there was a significant level of collaboration in European states, while Nazis basically aimed to annihilate Jews, Slavs and Gypsies. After the war, anti-Nazism was marginalized, due to the Cold War against communism and the Soviet Union. The identified trends are analyzed in the context of shaping the value system at the time of neo-liberalism and globalization. After the undermining of the international financial system in 1971, and the rise of neo-liberalism, globalization has generated a trend of centralization and financial domination. This is accompanied by neo-conservative doctrine and politics, which promote realism in international relations, and 'desovereignization' of nation states. The example of the coup d'état and civil conflict in Ukraine exposed tolerance for ultra-nationalistic and neo-Nazi ideas. We find that elitism and imperialism remain as value similarities between the Nazi and the current neo-liberal European value discourse, and that there is an essentially identical
-
Energy Technology Data Exchange (ETDEWEB)
Ek, D. [International Atomic Energy Agency, Vienna (Austria)
2006-07-01
Although nuclear security is a State responsibility, it is nevertheless an international concern, as the consequences of a nuclear security incident would have worldwide impact. These concerns have resulted in the development of numerous international instruments on nuclear security since the terrorist events in the USA on September 11, 2001. The IAEA Office of Nuclear Security has been charged to assist Member States to improvement their nuclear security and to meet the intent of these international obligations in order to ensure a cohesive thread of nuclear security protects the global community. The programs underway and planned by the Office of Nuclear Security will be discussed in this paper. (author)
-
International Nuclear Information System (INIS)
Ek, D.
2006-01-01
Although nuclear security is a State responsibility, it is nevertheless an international concern, as the consequences of a nuclear security incident would have worldwide impact. These concerns have resulted in the development of numerous international instruments on nuclear security since the terrorist events in the USA on September 11, 2001. The IAEA Office of Nuclear Security has been charged to assist Member States to improvement their nuclear security and to meet the intent of these international obligations in order to ensure a cohesive thread of nuclear security protects the global community. The programs underway and planned by the Office of Nuclear Security will be discussed in this paper. (author)
-
49 CFR 1542.205 - Security of the security identification display area (SIDA).
2010-10-01
... area (SIDA). 1542.205 Section 1542.205 Transportation Other Regulations Relating to Transportation... AIRPORT SECURITY Operations § 1542.205 Security of the security identification display area (SIDA). (a... one SIDA, as follows: (1) Each secured area must be a SIDA. (2) Each part of the air operations area...
-
China's conception of energy security : sources and international impacts
International Nuclear Information System (INIS)
Constantin, C.
2005-01-01
The unique challenges and opportunities associated with China's rapid economic growth were discussed with reference to the potential risk of political disruption or destabilizing international markets. The author notes that two common mistakes are typically made when assessing the evolution of China's energy policy. The first is that China's future path is assimilated with that of developed countries, thereby dismissing evidence that might point toward a different relationship with energy. Second, analysts tend to focus on the external expression of China's energy needs, its oil imports, while overlooking other energy-related issues such as insufficient electricity supplies or environmental degradation. The author argues that Chinese leadership is redefining its understanding of what constitutes energy security for the country. This report assesses the international impacts of such a redefinition along with the international aspects of a business-as-usual scenario in which China pursues its traditional model of energy security. It was emphasized that two different views of energy security lead to different sets of challenges and opportunities for western governments and businesses. 101 refs., 2 figs
-
Secure OpenID Authentication Model by Using Trusted Computing
Directory of Open Access Journals (Sweden)
E. Ghazizadeh
2014-01-01
Full Text Available The growth of Internet online services has been very quick in recent years. Each online service requires Internet users to create a new account to use the service. The problem can be seen when each user usually needs more than one service and, consequently, has numerous accounts. These numerous accounts have to be managed in a secure and simple way to be protected against identity theft. Single sign-on (SSO and OpenID have been used to decrease the complexity of managing numerous accounts required in the Internet identity environment. Trusted Platform Module (TPM and Trust Multitenancy are great trusted computing-based technologies to solve security concerns in the Internet identity environment. Since trust is one of the pillars of security in the cloud, this paper analyzes the existing cloud identity techniques in order to investigate their strengths and weaknesses. This paper proposes a model in which One Time Password (OTP, TPM, and OpenID are used to provide a solution against phishing as a common identity theft in cloud environment.
-
Regional security in Southeast Asia and the South Pacific
International Nuclear Information System (INIS)
Pande, Amba
2002-01-01
Ever since the weapons of mass destruction have become an international currency of power, the efforts for their control and elimination have also developed simultaneously, as an important stream in international politics. Countries all over the globe have strived to evolve various devices to ensure security against these weapons at international, regional as well as national levels. One such regional effort for nuclear arms control is the creation of nuclear-free zone. The nuclear free zones present a potentially effective option to supplement the global nuclear disarmament regime. This is an endeavour towards crisis management, reducing the threat perception, common security and confidence building. In addition, they help in creating a regional security order by developing a code of conduct which binds external actors as well as the regional countries. They are meant to reduce if not eliminate the likelihood of a region getting involved into the war of mass destruction. It is in this context the cases of Southeast Asia and the South Pacific nuclear-free zones have been discussed in this book
-
CLOUD SECURITY AND COMPLIANCE - A SEMANTIC APPROACH IN END TO END SECURITY
Kalaiprasath, R.; Elankavi, R.; Udayakumar, R.
2017-01-01
The Cloud services are becoming an essential part of many organizations. Cloud providers have to adhere to security and privacy policies to ensure their users' data remains confidential and secure. Though there are some ongoing efforts on developing cloud security standards, most cloud providers are implementing a mish-mash of security and privacy controls. This has led to confusion among cloud consumers as to what security measures they should expect from the cloud services, and whether thes...
-
Security of pipeline facilities
Energy Technology Data Exchange (ETDEWEB)
Lee, S.C. [Alberta Energy and Utilities Board, Calgary, AB (Canada); Van Egmond, C.; Duquette, L. [National Energy Board, Calgary, AB (Canada); Revie, W. [Canada Centre for Mineral and Energy Technology, Ottawa, ON (Canada)
2005-07-01
This working group provided an update on provincial, federal and industry directions regarding the security of pipeline facilities. The decision to include security issues in the NEB Act was discussed as well as the Pipeline Security Management Assessment Project, which was created to establish a better understanding of existing security management programs as well as to assist the NEB in the development and implementation of security management regulations and initiatives. Amendments to the NEB were also discussed. Areas of pipeline security management assessment include physical safety management; cyber and information security management; and personnel security. Security management regulations were discussed, as well as implementation policies. Details of the Enbridge Liquids Pipelines Security Plan were examined. It was noted that the plan incorporates flexibility for operations and is integrated with Emergency Response and Crisis Management. Asset characterization and vulnerability assessments were discussed, as well as security and terrorist threats. It was noted that corporate security threat assessment and auditing are based on threat information from the United States intelligence community. It was concluded that the oil and gas industry is a leader in security in North America. The Trans Alaska Pipeline Incident was discussed as a reminder of how costly accidents can be. Issues of concern for the future included geographic and climate issues. It was concluded that limited resources are an ongoing concern, and that the regulatory environment is becoming increasingly prescriptive. Other concerns included the threat of not taking international terrorism seriously, and open media reporting of vulnerability of critical assets, including maps. tabs., figs.
-
Game based cyber security training: are serious games suitable for cyber security training?
Hendrix, Maurice; Al-Sherbaz, Ali; Victoria, Bloom
2016-01-01
Security research and training is attracting a lot of investment and interest from governments and the private sector. Most efforts have focused on physical security, while cyber security or digital security has been given less importance. With recent high-profile attacks it has become clear that training in cyber security is needed. Serious Games have the capability to be effective tools for public engagement and behavioural change and role play games, are already used by security profession...
-
Smart security proven practices
Quilter, J David
2014-01-01
Smart Security: Understanding and Contributing to the Business is a video presentation. Length: 68 minutes. In Smart Security: Understanding and Contributing to the Business, presenter J. David Quilter demonstrates the benefits of how a fully integrated security program increases business profits and delivers smart security practices at the same time. The presentation does away with the misconception that security is only an expense. In fact, a well-integrated security program can protect business interests, thereby enhancing productivity and net income. Quilter covers cost analysis and secu
-
Developing a secured social networking site using information security awareness techniques
Directory of Open Access Journals (Sweden)
Julius O. Okesola
2014-11-01
Full Text Available Background: Ever since social network sites (SNS became a global phenomenon in almost every industry, security has become a major concern to many SNS stakeholders. Several security techniques have been invented towards addressing SNS security, but information security awareness (ISA remains a critical point. Whilst very few users have used social circles and applications because of a lack of users’ awareness, the majority have found it difficult to determine the basis of categorising friends in a meaningful way for privacy and security policies settings. This has confirmed that technical control is just part of the security solutions and not necessarily a total solution. Changing human behaviour on SNSs is essential; hence the need for a privately enhanced ISA SNS. Objective: This article presented sOcialistOnline – a newly developed SNS, duly secured and platform independent with various ISA techniques fully implemented. Method: Following a detailed literature review of the related works, the SNS was developed on the basis of Object Oriented Programming (OOP approach, using PhP as the coding language with the MySQL database engine at the back end. Result: This study addressed the SNS requirements of privacy, security and services, and attributed them as the basis of architectural design for sOcialistOnline. SNS users are more aware of potential risk and the possible consequences of unsecured behaviours. Conclusion: ISA is focussed on the users who are often the greatest security risk on SNSs, regardless of technical securities implemented. Therefore SNSs are required to incorporate effective ISA into their platform and ensure users are motivated to embrace it.
-
Directory of Open Access Journals (Sweden)
Radu CONSTANTINESCU
2006-01-01
Full Text Available Policy is defined as the rules and regulations set by the organization. They are laid down by management in compliance with industry regulations, law and internal decisions. Policies are mandatory. Security policies rules how the information is protected against security vulnerabilities and they are the basis for security awareness, training and vital for security audits. Policies are focused on desired results. The means of achieving the goals are defined on controls, standards and procedures.
-
The Migration Crisis from the East-Central European Perspective: Challenges for Regional Security
Directory of Open Access Journals (Sweden)
Renata Podgórzańska
2017-12-01
Full Text Available Nowadays, the common denominator of involvement of the EastCentral Europe in the international arena, and above all, the premise determining community of interest expressed in the European Union is the migration crisis. Despite the different circumstances of activity in the context of the migration crisis, states in the region express similar opinions on the consequences of immigration for security in the region. Above all, they emphasise the implications of immigration for the internal security of states. Given the complex nature of migration, this article focuses on the phenomenon of immigration in the EU, determining the causes of the escalation of the influx of immigrants and, above all, identifying the consequences for the security of states of East-Central Europe.
-
The Security Gap in Syria: Individual and Collective Security in ‘Rebel-held’ Territories
Ali, Ali Abdul Kadir
2015-01-01
This paper examines security in Syria through the conceptual lens of the security gap, understood as the gap between security practices and objectives which have implications for individual and collective security. Practices of security can be the state apparatus, the military, and militias. The objective – safety – can refer to the safety or security of a range of collectives including the state, political parties, and ethnic groups, while individual security re...
-
Water System Security and Resilience in Homeland Security Research
EPA's water security research provides tools needed to improve infrastructure security and to recover from an attack or contamination incident involving chemical, biological, or radiological (CBR) agents or weapons.
-
National Cyber Security Policy
Indian Academy of Sciences (India)
National Cyber Security Policy. Salient Features: Caters to ... Creating a secure cyber ecosystem. Creating an assurance framework. Encouraging Open Standards. Strengthening the Regulatory framework. Creating mechanisms for security threat early warning, vulnerability management and response to security threats.
-
Critical Security Studies in the 21st Century: Any Directions for Lithuanian Security Studies?
Directory of Open Access Journals (Sweden)
Jakniūnaitė Dovilė
2014-12-01
Full Text Available This article focuses on recent developments and discussions in the field of security studies and aims to suggest new guidelines for the research of Lithuanian security policy. First it covers the main subjects of contemporary security discourse; next it provides evaluation and review of the critical tradition in security studies that frames presuppositions and is the means for analyzing specific security issues as well as that which fosters reflexive thinking about security. The third part deals with three topics of security research (analysis of security through the concepts of risk, exceptionality and media which have become talking-points in recent years and which have provided innovative insights in security studies.
-
Securing the Vista Environment
Gregory, Peter
2007-01-01
"Securing the Vista Environment" takes you on a quick tour of the most significant security features in Vista, Microsoft's first revision of Windows in almost six years. You'll get background on threats and vulnerabilities that will make you think differently about security. Security is more than just the technology and configurations--it's about how we use the system that makes it secure or not. Then we'll cover Vista's security features, from user privileges to Windows Defender, User Account Control, and BitLocker, as well as strategies for protecting your information from unwanted disclo
-
RESPONSIBILITY CENTCOM COALITION MEDIA SOCIAL MEDIA NEWS ARTICLES PRESS RELEASES IMAGERY VIDEOS TRANSCRIPTS VISITORS AND PERSONNEL FAMILY CENTER FAMILY READINESS CENTCOM WEBMAIL SOCIAL MEDIA SECURITY ACCOUNTABILITY HomeVISITORS AND PERSONNELSOCIAL MEDIA SECURITY FAQ on Security for Social Media Due to the widespread use of
-
Sarkar, Prasenjit
2013-01-01
VMware vCloud Security provides the reader with in depth knowledge and practical exercises sufficient to implement a secured private cloud using VMware vCloud Director and vCloud Networking and Security.This book is primarily for technical professionals with system administration and security administration skills with significant VMware vCloud experience who want to learn about advanced concepts of vCloud security and compliance.
-
Big data, little security: Addressing security issues in your platform
Macklin, Thomas; Mathews, Joseph
2017-05-01
This paper describes some patterns for information security problems that consistently emerge among traditional enterprise networks and applications, both with respect to cyber threats and data sensitivity. We draw upon cases from qualitative studies and interviews of system developers, network operators, and certifiers of military applications. Specifically, the problems discussed involve sensitivity of data aggregates, training efficacy, and security decision support in the human machine interface. While proven techniques can address many enterprise security challenges, we provide additional recommendations on how to further improve overall security posture, and suggest additional research thrusts to address areas where known gaps remain.
-
Security of radioactive materials for medical use
International Nuclear Information System (INIS)
Elliott, A.
2006-01-01
Both sealed and unsealed radioactive sources are used in hospitals throughout the world for diagnostic and therapeutic purposes. High activity single sealed sources are used in teletherapy units, although these are becoming less common as they are replaced by linear accelerators, and in blood irradiator units, which are in widespread use. Lower activity sealed sources are used in brachytherapy. High activity unsealed sources are used typically for the treatment of thyroid cancer and neuroblastoma in inpatients while diagnostic doses of unsealed radioactive materials have much lower activities. In the case of a central radiopharmacy producing patient doses of radiopharmaceutical for several Nuclear Medicine departments, however, quite large amounts of radioactive materials may be held. Hospitals are, by their nature, less secure than other licensed nuclear sites and the ever-changing patient /visitor (and staff) population is a further complicating factor. Hitherto, security of radioactive materials in hospitals has tended to be considered from the perspective only of radiation safety but this approach is no longer sufficient
-
Usable Security and E-Banking: ease of use vis-a-vis security
Directory of Open Access Journals (Sweden)
Morten Hertzum
2004-05-01
Full Text Available Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Our analysis of the weaknesses suggests that security requirements are among their causes and that the weaknesses may in turn cause decreased security. We view the conflict between ease of use and security in the context of usable security, a concept that is intended to match security principles and demands against user knowledge and motivation. Automation, instruction, and understanding can be identified as different approaches to usable security. Instruction is the main approach of the systems evaluated; automation relieves the user from involvement in security, as far as possible; and understanding goes beyond step-by-step instructions, to enable users to act competently and safely in situations that transcend preconceived instructions. We discuss the pros and cons of automation and understanding as alternative approaches to the design of web-based e-banking systems.
-
Computer security at ukrainian nuclear facilities: interface between nuclear safety and security
International Nuclear Information System (INIS)
Chumak, D.; Klevtsov, O.
2015-01-01
Active introduction of information technology, computer instrumentation and control systems (I and C systems) in the nuclear field leads to a greater efficiency and management of technological processes at nuclear facilities. However, this trend brings a number of challenges related to cyber-attacks on the above elements, which violates computer security as well as nuclear safety and security of a nuclear facility. This paper considers regulatory support to computer security at the nuclear facilities in Ukraine. The issue of computer and information security considered in the context of physical protection, because it is an integral component. The paper focuses on the computer security of I and C systems important to nuclear safety. These systems are potentially vulnerable to cyber threats and, in case of cyber-attacks, the potential negative impact on the normal operational processes can lead to a breach of the nuclear facility security. While ensuring nuclear security of I and C systems, it interacts with nuclear safety, therefore, the paper considers an example of an integrated approach to the requirements of nuclear safety and security
-
Asokan, N; Dmitrienko, Alexandra
2013-01-01
Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrat
-
DEFF Research Database (Denmark)
Galster, Kjeld
in worldwide market conditions left perceptible ripples in Danish economy, budget discussions grew in importance over this period. The pacifist stance entailed disinclination to accept that the collective security concept and international treaties and accords signed by Denmark should necessitate credible...... and other international treaties provided arguments for adjusting the foreign and security policy ambitions, and since the general flux in worldwide market conditions left perceptible ripples in Danish economy, budget discussions grew in importance over this period. The pacifist stance entailed......Collective Security: National Egotism (Abstract) In Danish pre-World War I defence debate the notion of collective security is missing. During the early years of the 19th century, the political work is influenced by a pervasive feeling of rising tension and danger on the continent of Europe...
-
Kim, Yong-Woon; Cho, Namin; Jang, Hye-Jung
2018-01-01
Information technology involves a risk of privacy violation in providing easy access to confidential information,such as personal information and medical information through the Internet. In this study, we investigated medical information security to gain a better understanding of trends in research related to medical information security. We researched papers published on '의료정보' and 'medical information' in various Korean journals during a 10-year period from 2005 to 2015. We also analyzed these journal papers for each fiscal year; these papers were categorized into the areas of literature research and empirical research, and were further subdivided according to themes and subjects. It was confirmed that 48 papers were submitted to 35 academic journals. There were 33 (68.8%) literature review articles, and analysis of secondary data was not carried out at all. In terms of empirical research, 8 (16.7%) surveys and 7 (14.6%) program developments were studied. As a result of analyzing these papers according to the research theme by research method, 17 (35.4%) papers on laws, systems, and policies were the most numerous. It was found that among the literature research papers on medical personnel were the most common, and among the empirical research papers, research on experts in information protection and medical personnel were the most common. We suggest that further research should be done in terms of social perception, human resource development, and technology development to improve risk management in medical information systems.
-
Forced Engagements: Water Security and Local Rights Formalization in Yanque, Colca Valley, Peru
Boelens, R.A.; Seemann, M.
2014-01-01
For vulnerable groups in society, water insecurity and deficient water availability for food production commonly reflect unequal distribution of water volumes, quality, and services within unequal power structures. Water security is necessarily a political dilemma. Policy debates, however, tend to
-
Web security a whitehat perspective
Wu, Hanqing
2015-01-01
MY VIEW OF THE SECURITY WORLDView of the IT Security WorldBrief History of Web SecurityBrief History of Chinese HackersDevelopment Process of Hacking TechniquesRise of Web SecurityBlack Hat, White HatBack to Nature: The Essence of Secret SecuritySuperstition: There Is No Silver BulletSecurity Is an Ongoing ProcessSecurity ElementsHow to Implement Safety AssessmentAsset ClassificationThreat AnalysisRisk AnalysisDesign of Security ProgramsArt of War of White HatPrinciples of Secure by DefaultBlacklist, WhitelistPrinciple of Least PrivilegePrinciple of Defense in DepthPrinciples of Data and Code
-
Features of modern security policy UK political parties
Directory of Open Access Journals (Sweden)
A. V. Stalovierova
2015-12-01
Full Text Available The security policy of the British coalition government of D. Cameron (2010-2015 is summarized; it’s been proved that political forces of Tory and Liberal Democrat should have compromised to carry out unanimous course in the scope of national security, and the problems of the security strategy on parliamentary elections in 2015 are analyzed, particularly the comparative analysis of the modern safety strategy of leading British parties is exercised. Under conditions of the appearance of new challenges and threats, transformation of international safety system, the questions of safety policy often become the object of attention of the British community and experts. The absence of cross-party consensus on most terms of safety strategy of the United Kingdom during the election campaign in 2015 makes the discussion about perspectives of the British safety policy still more urgent. During the election campaign there was no unity on any aspect of security subject between parties. First of all, Labourists, Liberal Democrats, Scottish National Party and Green Party made a statement about readiness to develop cooperation with the EU and the Conservatives and the UK Independence Party were on the side of the Eurosceptics. The opinions of the parties were also divided on military operations abroad, financing and force level. In terms of one-party government and presence of majority in the House of Commons, the Conservatives have opportunities to realize their own vision of British safety policy.
-
Freato, Roberto
2015-01-01
This book is intended for Azure administrators who want to understand the application of security principles in distributed environments and how to use Azure to its full capability to reduce the risks of security breaches. Only basic knowledge of the security processes and services of Microsoft Azure is required.
-
Broek, F.M.J. van den
2016-01-01
Security of the mobile network Fabian van den Broek We looked at the security of the wireless connection between mobile phone and cell towers and suggested possible improvements. The security was analysed on a design level, by looking at the protocols and encryption techniques, but also on an
-
12 CFR 987.4 - Creation of Participant's Security Entitlement; security interests.
2010-01-01
... 12 Banks and Banking 7 2010-01-01 2010-01-01 false Creation of Participant's Security Entitlement... BOOK-ENTRY PROCEDURE FOR CONSOLIDATED OBLIGATIONS § 987.4 Creation of Participant's Security... of the United States to secure deposits of public money, including, without limitation, deposits to...
-
Jaeger, Trent
2008-01-01
Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to
-
Digital security technology simplified.
Scaglione, Bernard J
2007-01-01
Digital security technology is making great strides in replacing analog and other traditional security systems including CCTV card access, personal identification and alarm monitoring applications. Like any new technology, the author says, it is important to understand its benefits and limitations before purchasing and installing, to ensure its proper operation and effectiveness. This article is a primer for security directors on how digital technology works. It provides an understanding of the key components which make up the foundation for digital security systems, focusing on three key aspects of the digital security world: the security network, IP cameras and IP recorders.