WorldWideScience

Sample records for cabig security requirements

  1. INDECT Advanced Security Requirements

    CERN Document Server

    Uruena, Manuel; Martinez, Maria; Niemiec, Marcin; Stoianov, Nikolai

    2010-01-01

    This paper reviews the requirements for the security mechanisms that are currently being developed in the framework of the European research project INDECT. An overview of features for integrated technologies such as Virtual Private Networks (VPNs), Cryptographic Algorithms, Quantum Cryptography, Federated ID Management and Secure Mobile Ad-hoc networking are described together with their expected use in INDECT.

  2. GRID INFORMATION SECURITY FUNCTIONAL REQUIREMENT

    Directory of Open Access Journals (Sweden)

    Amy Poh Ai Ling

    2011-07-01

    Full Text Available This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application ofhermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them and its awareness of this information infrastructure has become critical to the reliability of the power system. Community benefits from of cost savings, flexibility and deployment along with the establishment of wireless communications. However, concern revolves around the security protections for easily accessible devices such as the smart meter and the related communications hardware. On the other hand, the changing points between traditional versus smart grid networking trend and the information security importance on the communication field reflects the criticality of grid information security functional requirement identification. The goal of this paper is to identify the functional requirement and relate its significance addresses to the consumer requirement of an information security of a smart grid. Vulnerabilities may bring forth possibility for an attacker to penetrate a network, make headway admission to control software, alter it to load conditions that destabilize the grid in unpredictable ways. Focusing on the grid information security functional requirement is stepping ahead in developing consumer trust and satisfaction towardsmart grid completeness.

  3. GRID INFORMATION SECURITY FUNCTIONAL REQUIREMENT

    OpenAIRE

    Amy Poh Ai Ling; Mukaidono Masao

    2011-01-01

    This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application ofhermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them ...

  4. Capturing security requirements for software systems

    OpenAIRE

    Hassan El-Hadary; Sherif El-Kassas

    2014-01-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. Th...

  5. 42 CFR 3.106 - Security requirements.

    Science.gov (United States)

    2010-10-01

    ... ORGANIZATIONS AND PATIENT SAFETY WORK PRODUCT PSO Requirements and Agency Procedures § 3.106 Security requirements. (a) Application. A PSO must secure patient safety work product in conformance with the security... the confidentiality and security of patient safety work product. (2) Distinguishing patient...

  6. Security Requirements and Security Solutions For Community Administrations

    OpenAIRE

    2003-01-01

    The Internet is slowly becoming a mirror of the society. Everything we do in the real world, we want to do out on the Net: conduct private conversations, keep personal papers, sign letters and contracts, shop, publish documents etc. All these things require security, but we go ahead using the net without asking too many questions. Today security issues are not a fundamental starting point. This also means that the limits of security are the limits of the Internet. There are several reaso...

  7. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  8. Getting Grip on Security Requirements Elicitation by Structuring and Reusing Security Requirements Sources

    Directory of Open Access Journals (Sweden)

    Christian Schmitt

    2015-07-01

    Full Text Available This paper presents a model for structuring and reusing security requirements sources. The model serves as blueprint for the development of an organization-specific repository, which provides relevant security requirements sources, such as security information and knowledge sources and relevant compliance obligations, in a structured and reusable form. The resulting repository is intended to be used by development teams during the elicitation and analysis of security requirements with the goal to understand the security problem space, incorporate all relevant requirements sources, and to avoid unnecessary effort for identifying, understanding, and correlating applicable security requirements sources on a project-wise basis. We start with an overview and categorization of important security requirements sources, followed by the description of the generic model. To demonstrate the applicability and benefits of the model, the instantiation approach and details of the resulting repository of security requirements sources are presented.

  9. Cloud computing security requirements: a systematic review

    NARCIS (Netherlands)

    Iankoulova, Iliana; Daneva, Maya; Rolland, C.; Castro, J.; Pastor, O.

    2012-01-01

    Many publications have dealt with various types of security requirements in cloud computing but not all types have been explored in sufficient depth. It is also hard to understand which types of requirements have been under-researched and which are most investigated. This paper's goal is to provide

  10. Argumentation-based security requirements elicitation: the next round

    NARCIS (Netherlands)

    Ionita, Dan; Bullee, Jan-Willem; Wieringa, Roel

    2014-01-01

    Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of the

  11. Smart Grid Information Security (IS) Functional Requirement

    OpenAIRE

    Ling, Amy Poh Ai; Masao, Mukaidono

    2011-01-01

    It is important to implement safe smart grid environment to enhance people's lives and livelihoods. This paper provides information on smart grid IS functional requirement by illustrating some discussion points to the sixteen identified requirements. This paper introduces the smart grid potential hazards that can be referred as a triggering factor to improve the system and security of the entire grid. The background of smart information infrastructure and the needs for smart grid IS is descri...

  12. Measuring Security of Web Services in Requirement Engineering Phase

    Directory of Open Access Journals (Sweden)

    Davoud Mougouei

    2015-05-01

    Full Text Available Addressing security in early stages of web service development has always been a major engineering trend. However, to assure security of web services it is required to perform security evaluation in a rigorous and tangible manner. The results of such an evaluation if performed in early stages of the development process can be used to improve the quality of the target web service. On the other hand, it is impossible to remove all of the security faults during the security analysis of web services. As a result, absolute security is never possible to achieve and a security failure may occur during the execution of web service. To avoid security failures, a measurable level of fault tolerance is required to be achieved through partial satisfaction of security goals. Thus any proposed measurement technique must care for this partiality. Even though there are some approaches toward assessing the security of web services but still there is no precise model for evaluation of security goal satisfaction specifically during the requirement engineering phase. This paper introduces a Security Measurement Model (SMM for evaluating the Degree of Security (DS in security requirements of web services by taking into consideration partial satisfaction of security goals. The proposed model evaluates overall security of the target service through measuring the security in Security Requirement Model (SRM of the service. The proposed SMM also takes into account cost, technical ability, impact and flexibility as the key features of security evaluation.

  13. Security and Reliability Requirements for Advanced Security Event Management

    OpenAIRE

    RIEKE, Roland; COPPOLINO, Luigi; Hutchinson, Andrew; PRIETO, Elsa; Gaber, Chrystel

    2012-01-01

    This paper addresses security information management in complex application scenarios. Security Information and Event Management (SIEM) systems collect and examine security related events, with the goal of providing a unified view of the monitored systems' security status. While various SIEMs are in production, there is scope to extend the capability and resilience of these systems. The use of SIEM technology in four disparate scenario areas is used in this paper as a catalyst for the develop...

  14. 7 CFR 762.126 - Security requirements.

    Science.gov (United States)

    2010-01-01

    .... (c) Identifiable security. The guaranteed loan must be secured by identifiable collateral. To be identifiable, the lender must be able to distinguish the collateral item and adequately describe it in the... be secured by the best lien obtainable. Provided that: (1) Any chattel-secured guaranteed loan...

  15. Requirements of a Better Secure Program Coding

    Directory of Open Access Journals (Sweden)

    Marius POPA

    2012-01-01

    Full Text Available Secure program coding refers to how manage the risks determined by the security breaches because of the program source code. The papers reviews the best practices must be doing during the software development life cycle for secure software assurance, the methods and techniques used for a secure coding assurance, the most known and common vulnerabilities determined by a bad coding process and how the security risks are managed and mitigated. As a tool of the better secure program coding, the code review process is presented, together with objective measures for code review assurance and estimation of the effort for the code improvement.

  16. Pattern and security requirements engineering-based establishment of security standards

    CERN Document Server

    Beckers, Kristian

    2015-01-01

    Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security standards presented, and the relations to the elementary concepts of security requirements engineering (SRE) methods explored. Using this knowledge, engineers can build customised methods that support the establishment of security standards. Standard

  17. Validating Cyber Security Requirements: A Case Study

    Energy Technology Data Exchange (ETDEWEB)

    Abercrombie, Robert K [ORNL; Sheldon, Frederick T [ORNL; Mili, Ali [New Jersey Insitute of Technology

    2011-01-01

    Vulnerabilities in a system may have widely varying impacts on system security. In practice, security should not be defined as the absence of vulnerabilities. In practice, security should not be quantified by the number of vulnerabilities. Security should be managed by pursuing a policy that leads us first to the highest impact vulnerabilities. In light of these observations, we argue in favor of shifting our focus from vulnerability avoidance/removal to measurable security attributes. To this effect, we recommend a logic be used for system security, which captures/represents security properties in quantifiable, verifiable, measurable terms so that it is possible to reason about security in terms of its observable/perceptible effects rather than its hypothesized causes. This approach is orthogonal to existing techniques for vulnerability avoidance, removal, detection, and recovery, in the sense that it provides a means to assess, quantify, and combine these techniques.

  18. The Cancer Biomedical Informatics Grid (caBIG™) Security Infrastructure

    OpenAIRE

    Langella, Stephen; Oster, Scott; Hastings, Shannon; Siebenlist, Frank; Phillips, Joshua; Ervin, David; Permar, Justin; Kurc, Tahsin; Saltz, Joel

    2007-01-01

    Security is a high priority issue in medical domain, because many institutions performing biomedical research work with sensitive medical data regularly. This issue becomes more complicated, when it is desirable or needed to access and analyze data in a multi-institutional setting. In the NCI cancer Biomedical Informatics Grid (caBIG™) program, several security issues were raised that existing security technologies could not address. Considering caBIG is envisioned to span a large number of c...

  19. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    Directory of Open Access Journals (Sweden)

    Weems William A

    2009-06-01

    Full Text Available Abstract Background Data protection is important for all information systems that deal with human-subjects data. Grid-based systems – such as the cancer Biomedical Informatics Grid (caBIG – seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. Methods An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios – difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Results Thirty-one (31 individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31 individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and

  20. 7 CFR 3550.108 - Security requirements (loans only).

    Science.gov (United States)

    2010-01-01

    ... 7 CFR part 1927, subpart B. These requirements need not be followed for: (1) Loans where the total... 7 Agriculture 15 2010-01-01 2010-01-01 false Security requirements (loans only). 3550.108 Section... 306C Water and Waste Disposal Grants § 3550.108 Security requirements (loans only). When the...

  1. Agile Security Requirements : A master study into their application

    OpenAIRE

    Knudsen, Anders Nordli

    2014-01-01

    Agile is the contemporary development practice of choice but security has been claimed as a challenge for it. This thesis investigates whether agile methods can be used for security-critical software and if the reason why the majority of Norwegian companies deviate from the agile methodology in their development is linked to security, by looking at the security requirements. A questionnaire and interviews of Norwegian companies were undertaken, and while the questionnaire did not yield any re...

  2. SECURED CLOUD SUPPORT FOR GLOBAL SOFTWARE REQUIREMENT RISK MANAGEMENT

    OpenAIRE

    Shruti Patil; Roshani Ade

    2014-01-01

    This paper presents core problem solution to security of Global Software Development Requirement Information. Currently the major issue deals with hacking of sensitive client information which may lead to major financial as well as social loss. To avoid this system provides cloud security by encryption of data as well as deployment of tool over the cloud will provide significant security to whole global content management system. The core findings are presented in terms of how hac...

  3. Decomposition of the Security Requirements for Connected Information Domains

    NARCIS (Netherlands)

    Schotanus, H.A.; Boonstra, D.; Broenink, E.G.

    2011-01-01

    The introduction of network enabled capabilities (NEC) changed the way defence organisations look at their IT infrastructure. Finding the right balance between security and duty-to-share has proven to be a difficult challenge. The situations are complex and may lead to high security requirements t

  4. Required Security Screenings for Researchers: A Policy Analysis and Commentary

    Science.gov (United States)

    Zucker, Andrew A.

    2011-01-01

    After the attacks of 9/11/2001 the federal government implemented new policies intended to protect people and institutions in the United States. A surprising policy requires education researchers conducting research under contract to the U.S. Department of Education (ED) to obtain security clearances, sometimes known as security screenings.…

  5. Security Requirements for One Stop Government

    Science.gov (United States)

    Schäfer, Georg E.

    The highest ranking e-government solutions are based on one-window, one-click or one stop government concepts. For Europe, the EU services directive sets new requirements for e-government, that have to be met till December 2009. Simple, easy to understand and complete information is one requirement. The other requirements are, that the services covered by this directive shall be available electronically and at a distance (which means mostly “by Internet”). Acceptable solutions are digitally signed mails and, as an alternative or supplement, transaction oriented online services. To implement this, a one stop government with document safe is best practice.

  6. Information security requirements in patient-centred healthcare support systems.

    Science.gov (United States)

    Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

    2013-01-01

    Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

  7. Grid Information Security Functional Requirement - Fulfilling Information Security of a Smart Grid System

    OpenAIRE

    Ling, Amy Poh Ai; Masao, Mukaidono

    2011-01-01

    This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application of hermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them ...

  8. Meeting EHR security requirements: SeAAS approach.

    Science.gov (United States)

    Katt, Basel; Trojer, Thomas; Breu, Ruth; Schabetsberger, Thomas; Wozak, Florian

    2010-01-01

    In the last few years, Electronic Health Record (EHR) systems have received a great attention in the literature, as well as in the industry. They are expected to lead to health care savings, increase health care quality and reduce medical errors. This interest has been accompanied by the development of different standards and frameworks to meet EHR challenges. One of the most important initiatives that was developed to solve problems of EHR is IHE (Integrating the Healthcare Enterprise), which adapts the distributed approach to store and manage healthcare data. IHE aims at standardizing the way healthcare systems exchange information in distributed environments. For this purpose it defines several so called Integration Profiles that specify the interactions and the interfaces (Transactions) between various healthcare systems (Actors) or entities. Security was considered also in few profiles that tackled the main security requirements, mainly authentication and audit trails. The security profiles of IHE currently suffer two drawbacks. First, they apply end point security methodology, which has been proven recently to be insufficient and cumbersome in distributed and heterogeneous environment. Second, the current security profiles for more complex security requirements are oversimplified, vague and do not consider architectural design. This recently changed to some extend e.g., with the introduction of newly published white papers regarding privacy [5] and access control [9]. In order to solve the first problem we utilize results of previous studies conducted in the area of security-aware IHE-based systems and the state-of-the-art Security-as-a-Service approach as a convenient methodology to group domain-wide security needs and overcome the end point security shortcomings. PMID:20543314

  9. 7 CFR 764.104 - General real estate security requirements.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 7 2010-01-01 2010-01-01 false General real estate security requirements. 764.104 Section 764.104 Agriculture Regulations of the Department of Agriculture (Continued) FARM SERVICE AGENCY, DEPARTMENT OF AGRICULTURE SPECIAL PROGRAMS DIRECT LOAN MAKING Requirements for All Direct Program Loans § 764.104 General real estate...

  10. 48 CFR 1337.110-70 - Personnel security processing requirements.

    Science.gov (United States)

    2010-10-01

    ... where foreign national access to any DOC facility or DOC IT system is required. The language of the... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Personnel security processing requirements. 1337.110-70 Section 1337.110-70 Federal Acquisition Regulations System DEPARTMENT...

  11. Grid Information Security Functional Requirement - Fulfilling Information Security of a Smart Grid System

    CERN Document Server

    Ling, Amy Poh Ai; 10.5121/ijgca.2011.2201

    2011-01-01

    This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application of hermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them and its awareness of this information infrastructure has become critical to the reliability of the power system. Community benefits from of cost savings, flexibility and deployment along with the establishment of wireless communications. However, concern revolves around the security protections for easily accessible devices such as the smart meter and the related communications hardware. On the other hand, the changing points between traditional versus smart grid networking trend and the information security importance on...

  12. Security and Privacy in Video Surveillance: Requirements and Challenges

    DEFF Research Database (Denmark)

    Mahmood Rajpoot, Qasim; Jensen, Christian D.

    2014-01-01

    Use of video surveillance has substantially increased in the last few decades. Modern video surveillance systems are equipped with techniques that allow traversal of data in an effective and efficient manner, giving massive powers to operators and potentially compromising the privacy of anyone...... observed by the system. Several techniques to protect the privacy of individuals have therefore been proposed, but very little research work has focused on the specific security requirements of video surveillance data (in transit or in storage) and on authorizing access to this data. In this paper, we...... present a general model of video surveillance systems that will help identify the major security and privacy requirements for a video surveillance system and we use this model to identify practical challenges in ensuring the security of video surveillance data in all stages (in transit and at rest). Our...

  13. 48 CFR 52.204-2 - Security Requirements.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Security Requirements. 52.204-2 Section 52.204-2 Federal Acquisition Regulations System FEDERAL ACQUISITION REGULATION... Contractor agrees to insert terms that conform substantially to the language of this clause, including...

  14. Transforming security audit requirements into a software architecture

    OpenAIRE

    Yskout, Koen; De Win, Bart; Joosen, Wouter

    2008-01-01

    In this paper, an approach for automated transformations from a security requirements model to a consistent architectural model is presented. The approach can be used with an existing architectural model, and allows input from the architect to be taken into account. The transformation from audit requirements into a UML model is implementated using QVT and Eclipse EMF, and is illustrated by means of a small case study.

  15. 77 FR 71369 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-11-30

    ... From the Federal Register Online via the Government Publishing Office SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 RIN 3235-AL12 Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security-Based Swap Participants and Capital Requirements for...

  16. 33 CFR 106.305 - Facility Security Assessment (FSA) requirements.

    Science.gov (United States)

    2010-07-01

    ..., including computer systems and networks; (vi) Existing agreements with private security companies; (vii) Any... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Facility Security Assessment (FSA... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer...

  17. 49 CFR 1562.29 - Armed security officer requirements.

    Science.gov (United States)

    2010-10-01

    ... provided in § 1562.23(d)(1) of this part. (d) Training. Each armed security officer onboard an aircraft... security officer onboard an aircraft operating into or out of DCA must— (i) Comply with the Armed Security... security officer onboard an aircraft operating into or out of DCA may not consume alcohol or use...

  18. 48 CFR 1352.237-72 - Security processing requirements-national security contracts.

    Science.gov (United States)

    2010-10-01

    ... prescribed in 48 CFR 1337.110-70(d), use the following clause: Security Processing Requirements—National... the performance of their work. Regardless of the contractor employees' location, appropriate security... Office of Security before start of work. (2) The Contracting Officer's Representative must send...

  19. 20 CFR 603.9 - What safeguards and security requirements apply to disclosed information?

    Science.gov (United States)

    2010-04-01

    ... 20 Employees' Benefits 3 2010-04-01 2010-04-01 false What safeguards and security requirements... security requirements apply to disclosed information? (a) In general. For disclosures of confidential UC... audit of compliance with the requirements of this part. (2) In the case of disclosures made under §...

  20. 48 CFR 352.239-72 - Security requirements for Federal information technology resources.

    Science.gov (United States)

    2010-10-01

    ... surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer... requirements of Federal Information Processing Standard (FIPS) 200, Recommended Security Controls for...

  1. 13 CFR 107.1420 - Articles requirements for 4 percent Preferred Securities.

    Science.gov (United States)

    2010-01-01

    ... ADMINISTRATION SMALL BUSINESS INVESTMENT COMPANIES SBA Financial Assistance for Licensees (Leverage) Preferred Securities Leverage-Section 301(d) Licensees § 107.1420 Articles requirements for 4 percent...

  2. 13 CFR 107.1410 - Requirement to redeem 4 percent Preferred Securities.

    Science.gov (United States)

    2010-01-01

    ... SMALL BUSINESS INVESTMENT COMPANIES SBA Financial Assistance for Licensees (Leverage) Preferred Securities Leverage-Section 301(d) Licensees § 107.1410 Requirement to redeem 4 percent Preferred...

  3. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    OpenAIRE

    Herrmann, Andrea; Morali, Ayse; Etalle, Sandro; Wieringa, Roel

    2012-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security” but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justificat...

  4. Demanding Requirement of Security for Wireless Mobile Devices: A Survey

    Directory of Open Access Journals (Sweden)

    K. Muthumanickam

    2014-12-01

    Full Text Available Today, the technology advancement in telecommunication facilitates users to bear portable devices with convenient and timely accessing to their personal and business data on the fly. In this regard, mobile and ubiquitous devices become part of the user’s personal or business growing. Recently, the usage of portable devices has drastically amplified due to wireless data technologies such as GPRS, GSM, Bluetooth, WI-Fi and WiMAX. As the use of wireless portable devices increases, the risks associated with them also increases. Specifically Android Smart-phone which can access the Internet may now signify an ultimate option for malware authors. As the core open communication mediocre, the Airwave, is susceptible, there has been a rise of a security technique suggested by researchers. When comparing to security measures proposed to protect wireless devices, protecting mobile vulnerabilities is still immature. So in this study, we present an organized and widespread overview of the research on the security elucidation for wireless portable devices. This survey study discusses the security risks imposed by vulnerabilities, threats and security measures in the recent past, mainly spotlighting on complex attacks to user applications. We classify existing countermeasures at guarding wireless mobile devices facing different kinds of attacks into various groups; depend on the revealing technique, collected information and operating systems. In the next phase we will design and implement new security model to protect mobile phone resources against unknown vulnerabilities.

  5. A survey of requirements and standardization efforts for IP-telephony-security

    OpenAIRE

    Rensing, Christoph; Roedig, Utz; Ackermann, Ralf; Steinmetz, Ralf

    2000-01-01

    Security as a dimension of trustworthiness in IP-Telephony systems and protocols is a main condition for the commercial success of IP-Telephony. In this work, we present a survey of security requirements and show how various standardization efforts address these requirements. We describe the basic tasks and elements of IP-Telephony systems and compare them to Telephony via PSTNs to derive some possible attacks for example. We classify the security preconditions to achieve trustworthiness of u...

  6. 17 CFR 405.5 - Risk assessment reporting requirements for registered government securities brokers and dealers.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Risk assessment reporting requirements for registered government securities brokers and dealers. 405.5 Section 405.5 Commodity and... OF 1934 REPORTS AND AUDIT § 405.5 Risk assessment reporting requirements for registered...

  7. 28 CFR 105.11 - Individuals not requiring a security risk assessment.

    Science.gov (United States)

    2010-07-01

    ... requiring a security risk assessment. (a) Citizens and nationals of the United States. A citizen or national... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Individuals not requiring a security risk assessment. 105.11 Section 105.11 Judicial Administration DEPARTMENT OF JUSTICE (CONTINUED) CRIMINAL...

  8. 48 CFR 1352.239-72 - Security requirements for information technology resources.

    Science.gov (United States)

    2010-10-01

    ... Clauses 1352.239-72 Security requirements for information technology resources. As prescribed in 48 CFR 1339.270(b), insert the following clause: Security Requirements for Information Technology Resources... information technology resources. 1352.239-72 Section 1352.239-72 Federal Acquisition Regulations...

  9. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, Ayse; Etalle, Sandro; Wieringa, Roel

    2012-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security” but need to be able to justify their security investment plans. Currently companies achieve this by means of c

  10. 33 CFR 105.305 - Facility Security Assessment (FSA) requirements.

    Science.gov (United States)

    2010-07-01

    ... that the following background information, if applicable, is provided to the person or persons who will... and inactive access point to the facility; (ii) The number, reliability, and security duties of...) Procedures for controlling keys and other access prevention systems; (6) Procedures for cargo and...

  11. Automated analysis of security requirements through risk-based argumentation

    NARCIS (Netherlands)

    Yu, Yijun; Franqueira, Virginia N.L.; Tun, Thein Tan; Wieringa, Roel J.; Nuseibeh, Bashar

    2015-01-01

    Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about atta

  12. 78 FR 4365 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2013-01-22

    ... Friday, February 22, 2013. \\1\\ See Exchange Act Release No. 68071 (Oct. 18, 2012), 77 FR 70213 (Nov. 23... COMMISSION 17 CFR Part 240 RIN 3235-AL12 Capital, Margin, and Segregation Requirements for Security-Based... Federal Register a proposed rule for public comment to establish capital, margin, and...

  13. Critical water requirements for food, methodology and policy consequences for food security

    NARCIS (Netherlands)

    Gerbens-Leenes, P.W.; Nonhebel, S.

    2004-01-01

    Food security and increasing water scarcity have a dominant place on the food policy agenda. Food security requires sufficient water of adequate quality because water is a prerequisite for plant growth. Nowadays, agriculture accounts for 70% of the worldwide human fresh water use. The expected incre

  14. Leadership in organizations with high security and reliability requirements

    International Nuclear Information System (INIS)

    Developing leadership skills in organizations is the key to ensure the sustainability of excellent results in industries with high requirements safety and reliability. In order to have a model of leadership development specific to this type of organizations, Tecnatom in 2011, we initiated a project internal, to find and adapt a competency model to these requirements.

  15. 48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... (IT) resources....

  16. 48 CFR 1352.237-70 - Security processing requirements-high or moderate risk contracts.

    Science.gov (United States)

    2010-10-01

    ... prescribed in 48 CFR 1337.110-70 (b), insert the following clause: Security Processing Requirements—High or...—Moderate Background Investigation (MBI). (2) Investigative requirements for IT Service Contracts are:...

  17. Selecting Appropriate Requirements Management Tool for Developing Secure Enterprises Software

    Directory of Open Access Journals (Sweden)

    Daniyal M Alghazzawi

    2014-03-01

    Full Text Available This paper discusses about the significance of selecting right requirements management tools. It’s no secret that poorly understood user requirements and uncontrolled scope creep to many software project failures. Many of the application development professionals buy wrong tools for the wrong reasons. To avoid purchasing the more complex and expensive tool, the organization needs to be realistic about the particular problem for which they opt. Software development organizations are improving the methods, they use to gather, analyze, trace, document, prioritize and manage their requirements. This paper considers four leading Requirements Management tools; Analyst Pro, CORE, Cradle and Caliber RM, the focus is to select the appropriate tool according to their capabilities and customers need.

  18. DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTURES – WEB SERVICES CASE STUDY

    Directory of Open Access Journals (Sweden)

    M.Upendra Kumar

    2011-07-01

    Full Text Available Software Engineering covers the definition of processes, techniques and models suitable for its environment to guarantee quality of results. An important design artifact in any software development project is the Software Architecture. Software Architecture’s important part is the set of architectural design rules. A primary goal of the architecture is to capture the architecture design decisions. An important part of these design decisions consists of architectural design rules In an MDA (Model-Driven Architecture context, the design of the system architecture is captured in the models of the system. MDA is known to be layered approach for modeling the architectural design rules and uses design patterns to improve the quality of software system. And to include the security to the software system, security patterns are introduced that offer security at the architectural level. More over, agile software development methods are used to build secure systems. There are different methods defined in agile development as extreme programming (XP, scrum, feature driven development (FDD, test driven development (TDD, etc. Agile processing is includes the phases as agile analysis, agile design and agile testing. These phases are defined in layers of MDA to provide security at the modeling level which ensures that security at the system architecture stage will improve the requirements for that system. Agile modeled Layered Security Architectures increase the dependability of the architecture in terms of privacy requirements. We validate this with a case study of dependability of privacy of Web Services Security Architectures, which helps for secure service oriented security architecture. In this paper the major part is given to model architectural design rules using MDA so that architects and developers are responsible to automatic enforcement on the detailed design and easy to understand and use by both of them. This MDA approach is implemented in use of

  19. Requirements for Development of an Assessment System for IT&C Security Audit

    Directory of Open Access Journals (Sweden)

    Marius Popa

    2010-12-01

    Full Text Available IT&C security audit processes are carried out to implement information security management. The audit processes are included in an audit program as decision of the management staff to establish the organization situation against to the planned or expected one. The audit processes require evidence to highlight the above issues. The evidences are gathered by audit team and some automation processes to increase the productivity and accuracy of the audit are needed. The paper presents some issues of the requirements for development of an assessment system with some considerations for IT&C security audit. The emphasized issues are grouped in the following sections: IT&C security audit processes, characteristics of the indicators development process and implementation issues of an assessment system.

  20. Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

    Science.gov (United States)

    Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

    2015-01-01

    This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

  1. 10 CFR 73.58 - Safety/security interface requirements for nuclear power reactors.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Safety/security interface requirements for nuclear power reactors. 73.58 Section 73.58 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) PHYSICAL PROTECTION OF... requirements for nuclear power reactors. (a) Each operating nuclear power reactor licensee with a...

  2. Analysis of impact of noncompliance with physical-security requirements at nuclear facilities

    International Nuclear Information System (INIS)

    Inspectors are required to analyze the impact of instances of noncompliance with physical security requirements at licensed nuclear facilities. A scoring procedure for components and a method for evaluating the effectiveness of the subsystems involved are proposed to reinforce an inspector's judgment about the remaining level of safeguards

  3. Requirements for Development of an Assessment System for IT&C Security Audit

    OpenAIRE

    Marius Popa

    2010-01-01

    IT&C security audit processes are carried out to implement information security management. The audit processes are included in an audit program as decision of the management staff to establish the organization situation against to the planned or expected one. The audit processes require evidence to highlight the above issues. The evidences are gathered by audit team and some automation processes to increase the productivity and accuracy of the audit are needed. The paper presents som...

  4. The Health Insurance Portability and Accountability Act: security and privacy requirements.

    Science.gov (United States)

    Tribble, D A

    2001-05-01

    The security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their implications for pharmacy are discussed. HIPAA was enacted to improve the portability of health care insurance for persons leaving jobs. A section of the act encourages the use of electronic communications for health care claims adjudication, mandates the use of new standard code sets and transaction sets, and establishes the need for regulations to protect the security and privacy of individually identifiable health care information. Creating these regulations became the task of the Department of Health and Human Services. Regulations on security have been published for comment. Regulations on privacy and the definition of standard transaction sets and code sets are complete. National identifiers for patients, providers, and payers have not yet been established. The HIPAA regulations on security and privacy will require that pharmacies adopt policies and procedures that limit access to health care information. Existing pharmacy information systems may require upgrading or replacement. Costs of implementation nationwide are estimated to exceed $8 billion. The health care community has two years from the finalization of each regulation to comply with that regulation. The security and privacy requirements of HIPAA will require pharmacies to review their practices regarding the storage, use, and disclosure of protected health care information. PMID:11351916

  5. 76 FR 30204 - Exelon Nuclear, Dresden Nuclear Power Station, Unit 1; Exemption From Certain Security Requirements

    Science.gov (United States)

    2011-05-24

    ... COMMISSION Exelon Nuclear, Dresden Nuclear Power Station, Unit 1; Exemption From Certain Security... issued for Dresden Nuclear Power Station (DNPS), Unit 1, located in Grundy County, Illinois. DNPS Unit 1... ``Requirements for physical protection of licensed activities in nuclear power reactors against...

  6. 48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... emphasis on rules of behavior. (j) The Contractor shall afford the Government access to the Contractor's and subcontractors' facilities, installations, operations, documentation, databases and personnel used... resources. As prescribed in (TAR) 48 CFR 1239.70, insert the following clause: Security Requirements...

  7. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, Ayse; Etalle, Sandro; Wieringa, Roel

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security” but need to be able to justify their security investment plans. In this paper, we present a Risk-Based Require

  8. 48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information Technology... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition...

  9. 13 CFR 107.1505 - Liquidity requirements for Licensees issuing Participating Securities.

    Science.gov (United States)

    2010-01-01

    ... BUSINESS ADMINISTRATION SMALL BUSINESS INVESTMENT COMPANIES SBA Financial Assistance for Licensees (Leverage) Participating Securities Leverage § 107.1505 Liquidity requirements for Licensees issuing... the terms of your Leverage under § 107.1820(e). (a) Definition of Liquidity Impairment. A condition...

  10. 信息系统安全需求分析方法研究%Approaches for Security Requirements Analysis of Information Systems

    Institute of Scientific and Technical Information of China (English)

    曹阳; 张维明

    2003-01-01

    Security requirements analysis is a precondition to provide effective and appropriate safeguard for information systems. Based on the existing theories and approaches, this paper discusses the categories and analysis procedure of security requirements in information systems. And according to the basic steps of security requirements analysis, the security hazard analysis model and the security risk analysis model are presented here. At the end, the methods of security requirements specification and the corresponding improvements are also introduced.

  11. 75 FR 65442 - Disclosure for Asset-Backed Securities Required by Section 943 of the Dodd-Frank Wall Street...

    Science.gov (United States)

    2010-10-25

    ... Register of October 13, 2010, in FR Doc. 2010-25361, the reference ``249.1300'' is corrected to read ``249... Securities Required by Section 943 of the Dodd-Frank Wall Street Reform and Consumer Protection Act AGENCY...-Backed Securities Required by Section 943 of the Dodd-Frank Wall Street Reform and Consumer...

  12. Connecting Security Requirements and Software Architecture with Patterns (Beveiligingsvereisten en softwarearchitectuur verbinden met patronen)

    OpenAIRE

    Yskout, Koen

    2013-01-01

    Recurring solutions to software engineering problems are often captured in patterns, which describe, in a generic but reusable manner, a specific problem and a corresponding solution. This thesis develops a deeper understanding about how pattern catalogs can help a software architect to reconcile the software's requirements and the architecture in the context of security. To achieve this goal, we follow an empirical approach.Two aspects of development are taken into account, namely (1) the co...

  13. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    OpenAIRE

    Herrmann, Andrea; Morali, Ayse; Etalle, Sandro; Wieringa, Roel

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security” but need to be able to justify their security investment plans. In this paper, we present a Risk-Based Requirements Prioritization method (RiskREP) that extends misuse case-based methods with IT architecture based risk assessment and countermeasure definition and prioritization. Countermeasure prioritizati...

  14. An analysis of Technical Security Control Requirements For Digital I and C Systems in Nuclear Power Plants

    International Nuclear Information System (INIS)

    Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system

  15. Security

    Science.gov (United States)

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  16. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  17. C2 Link Security for UAS: Technical Literature Study and Preliminary Functional Requirements. Version 0.9 (Working Draft)

    Science.gov (United States)

    2005-01-01

    This document provides a study of the technical literature related to Command and Control (C2) link security for Unmanned Aircraft Systems (UAS) for operation in the National Airspace System (NAS). Included is a preliminary set of functional requirements for C2 link security.

  18. 76 FR 54374 - Disclosure for Asset-Backed Securities Required by Section 943 of the Dodd-Frank Wall Street...

    Science.gov (United States)

    2011-09-01

    ..., 2011), and was published in FR Doc. 2011-1504 on page 4489 in the Federal Register on January 26, 2011 (76 FR 4489). List of Subjects in 17 CFR Part 240 Reporting and recordkeeping requirements, Securities... the Dodd-Frank Wall Street Reform and Consumer Protection Act AGENCY: Securities and...

  19. Safeguards and security requirements for weapons plutonium disposition in light water reactors

    Energy Technology Data Exchange (ETDEWEB)

    Thomas, L.L.; Strait, R.S. [Lawrence Livermore National Lab., CA (United States). Fission Energy and Systems Safety Program

    1994-10-01

    This paper explores the issues surrounding the safeguarding of the plutonium disposition process in support of the United States nuclear weapons dismantlement program. It focuses on the disposition of the plutonium by burning mixed oxide fuel in light water reactors (LWR) and addresses physical protection, material control and accountability, personnel security and international safeguards. The S and S system needs to meet the requirements of the DOE Orders, NRC Regulations and international safeguards agreements. Experience has shown that incorporating S and S measures into early facility designs and integrating them into operations provides S and S that is more effective, more economical, and less intrusive. The plutonium disposition safeguards requirements with which the US has the least experience are the implementation of international safeguards on plutonium metal; the large scale commercialization of the mixed oxide fuel fabrication; and the transportation to and loading in the LWRs of fresh mixed oxide fuel. It is in these areas where the effort needs to be concentrated if the US is to develop safeguards and security systems that are effective and efficient.

  20. 77 FR 71568 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-12-03

    ... (October 18, 2012), which was published in FR Doc. 2012-26164 and appeared on page 70214 of the Federal Register on November 23, 2012 (77 FR 70214): 1. In footnote 172 in the first column of page 70233, the...; ] SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 RIN 3235-AL12 Capital, Margin, and...

  1. 48 CFR 1852.204-76 - Security requirements for unclassified information technolocgy resources.

    Science.gov (United States)

    2010-10-01

    ... annual IT security training in NASA IT Security policies, procedures, computer ethics, and best practices..., documentation, databases, and personnel used in performance of the contract. Access shall be provided to...

  2. 75 FR 10973 - Hazardous Materials: Risk-Based Adjustment of Transportation Security Plan Requirements

    Science.gov (United States)

    2010-03-09

    ... to address the security of hazardous materials shipments.'' 68 FR 14511. PHMSA noted in the NPRM that... to evaluate the transportation security risks posed by all types of hazardous materials and the... disagree with some of the types and classes of materials that would be subject to security...

  3. Resolving vulnerability identification errors using security requirements on business process models

    OpenAIRE

    Taubenberger, Stefan; Jürjens, Jan; Yu, Yijun; Nuseibeh, Bashar

    2013-01-01

    peer-reviewed Purpose - In any information security risk assessment, vulnerabilities are usually identified by information-gathering techniques. However, vulnerability identification errors - wrongly identified or unidentified vulnerabilities - can occur as uncertain data are used. Furthermore, businesses??? security needs are not considered sufficiently. Hence, security functions may not protect business assets sufficiently and cost-effectively. Design/methodology/approach ...

  4. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  5. Examining self-protection requirements: methods to improve security of HEU materials

    International Nuclear Information System (INIS)

    Full text: Preventing non-state actors from obtaining highly enriched uranium (HEU) is critical to impeding nuclear terrorism, yet security levels at civil sites with HEU on the premises continue to vary greatly throughout the globe. One critical problem thwarting efforts to improve the physical protection of this material is the lack of an international assessment of 1) the conversion time (the time which would be required to convert the material concerned into the metallic components of an explosive device) of spent fuel and other irradiated HEU materials, such as target waste, in particular giving due consideration to the fact that long cooling times may have reduced significantly radiation levels required to deter and/or prevent theft and subsequent handling, and 2) clear recommendations on the ways to evaluate the adequacy of related physical protection measures. While this issue has been studied in some detail for spent fuel from power reactors, with particular emphasis on Pu, similar assessments have not been completed for HEU fuel types, such as those used in more than 130 research reactors and numerous naval installations, in addition to other fuel cycles. This paper provides a preliminary assessment of 'self-protection' standards, by examining the level of radiation needed to incapacitate a would-be thief within hours. The inadequacy of current standards has been suggested by previous assessments with respect to HEU targets used for Mo-99 production. The basis for the evaluation includes historical data on fuel burn-up from the IAEA Research Reactor database, the results of modelling fuel parameters for nuclear submarines, and data on target waste for radioisotope production. These categories of spent materials arc known to be stored at numerous sites in all parts of the world, leading to security concerns. The paper offers an overview of the number of sites that may have spent HEU materials, including non-defueled, decommissioned facilities. The

  6. A Novel Web-based Approach for Balancing Usability and Security Requirements of Text Passwords

    Directory of Open Access Journals (Sweden)

    Dhananjay Kulkarni

    2010-07-01

    Full Text Available Many Internet applications, for example e-commerce or email services require that users create a username and passwordwhich serves as an authentication mechanism. Though text passwords have been around for a while, not muchhas been done in helping naive Internet users in creating strong passwords. Generally users prefer easy-to-rememberpasswords, but service provides prefer that users use a strong, difficult-to-guess password policy to protect their ownresources. In this work we have explored how appropriate feedback on password strength can be useful in choosing astrong password. We first discuss the results of a security vs. usability study that we did, which shows the currenttrends in choosing passwords, and how a password cracking tools can easily guess a majority of weak passwords. Next,we propose a novel framework, which addresses our problem of enforcing password policies. Given a password policy,our framework is able to monitor password strength, and suggest passwords that are stronger. Moreover, since ourpasswords are pareto-efficient, and involve user participation in making a selection, we believe that our frameworkmakes appropriate tradeoffs between password strength and difficulty in remembering. We also propose novel ways tocompute the password reminder interval so that user-satisfaction remains within bounds. Experimental study showsthat our approach is much better that current password creation models, and serves as a practical tool that can beintegrated with Internet applications.

  7. 48 CFR 652.239-71 - Security Requirements for Unclassified Information Technology Resources.

    Science.gov (United States)

    2010-10-01

    ... State information security sections of the Foreign Affairs Manual (FAM) and Foreign Affairs Handbook... FAH 11, Information Assurance Handbook. (c) Submittal of IT Security Plan. Within 30 days after... for access! DOS information systems and related equipment are intended for communication,...

  8. 12 CFR 350.12 - Disclosure required by applicable banking or securities law or regulations.

    Science.gov (United States)

    2010-01-01

    ... securities law or regulations. 350.12 Section 350.12 Banks and Banking FEDERAL DEPOSIT INSURANCE CORPORATION REGULATIONS AND STATEMENTS OF GENERAL POLICY DISCLOSURE OF FINANCIAL AND OTHER INFORMATION BY FDIC-INSURED... made under applicable banking or securities law or regulations....

  9. 77 FR 70213 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-11-23

    ... U.S. bank holding company would be subject to a ``tangible net equity'' capital standard (the CFTC... affiliates of U.S. bank holding companies). The CFTC proposed a tangible net equity requirement for certain... affiliates are subject to bank capital standards. \\37\\ CFTC Capital Proposing Release, 76 FR 27802....

  10. Maritime supply chain security: Navigating through a sea of compliance requirements

    Directory of Open Access Journals (Sweden)

    Emma Maspero

    2008-11-01

    Full Text Available As a direct result of the 9-11 New York attack all modes of freight and passengertransportation were scrutinised for vulnerabilities. Over 90% of international trade takes place via sea transport for at least some part of the supply chain and as a result there has been a drive to better secure maritime transportation. This paper outlines the background to and the rationale behind the most important of the new security measures for maritime transportation and provides an overview of the likely implications for supply chain role-players. In addition the paper endeavours to create awareness of the importance of maritime supply chain security.

  11. 77 FR 35259 - Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment

    Science.gov (United States)

    2012-06-13

    ... 29, 2011 (76 FR 73777), the OCC issued proposed guidance together with a notice of proposed... investment securities under section 5(c) of the Home Owners' Loan Act (HOLA), to the extent specified...

  12. Technology transfer of dynamic IT outsourcing requires security measures in SLAs

    NARCIS (Netherlands)

    F. Dickmann (Frank); M. Brodhun (Maximilian); J. Falkner (Jürgen); T.A. Knoch (Tobias); U. Sax (Ulrich)

    2010-01-01

    textabstractFor the present efforts in dynamic IT outsourcing environments like Grid or Cloud computing security and trust are ongoing issues. SLAs are a proved remedy to build up trust in outsourcing relations. Therefore, it is necessary to determine whether SLAs can improve trust from the perspect

  13. LTE security

    CERN Document Server

    Forsberg, Dan; Moeller, Wolf-Dietrich

    2010-01-01

    Addressing the security solutions for LTE, a cellular technology from Third Generation Partnership Project (3GPP), this book shows how LTE security substantially extends GSM and 3G security. It also encompasses the architectural aspects, known as SAE, to give a comprehensive resource on the topic. Although the security for SAE/LTE evolved from the security for GSM and 3G, due to different architectural and business requirements of fourth generation systems the SAE/LTE security architecture is substantially different from its predecessors. This book presents in detail the security mechanisms em

  14. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production.

    Science.gov (United States)

    Coles, Graeme D; Wratten, Stephen D; Porter, John R

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude that mixed dairy/cropping systems provide the greatest quantity of high-quality protein per unit price to the consumer, have the highest food energy production and can support the dietary requirements of the highest number of people, when assessed as all-year-round production systems. Global food and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies.

  15. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production.

    Science.gov (United States)

    Coles, Graeme D; Wratten, Stephen D; Porter, John R

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude that mixed dairy/cropping systems provide the greatest quantity of high-quality protein per unit price to the consumer, have the highest food energy production and can support the dietary requirements of the highest number of people, when assessed as all-year-round production systems. Global food and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies. PMID:27478691

  16. 76 FR 73777 - Guidance on Due Diligence Requirements in Determining Whether Investment Securities Are Eligible...

    Science.gov (United States)

    2011-11-29

    ... characteristics. Institutions possessing investment portfolios that lack diversification in one of the... associations in meeting due diligence requirements in assessing credit risk for portfolio investments. DATES... their investment portfolios to verify that their portfolios meet safety and soundness requirements...

  17. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey

    Directory of Open Access Journals (Sweden)

    Mohamed S. Abdalzaher

    2016-06-01

    Full Text Available We present a study of using game theory for protecting wireless sensor networks (WSNs from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  18. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey.

    Science.gov (United States)

    Abdalzaher, Mohamed S; Seddik, Karim; Elsabrouty, Maha; Muta, Osamu; Furukawa, Hiroshi; Abdel-Rahman, Adel

    2016-06-29

    We present a study of using game theory for protecting wireless sensor networks (WSNs) from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  19. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey.

    Science.gov (United States)

    Abdalzaher, Mohamed S; Seddik, Karim; Elsabrouty, Maha; Muta, Osamu; Furukawa, Hiroshi; Abdel-Rahman, Adel

    2016-01-01

    We present a study of using game theory for protecting wireless sensor networks (WSNs) from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs. PMID:27367700

  20. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey

    Science.gov (United States)

    Abdalzaher, Mohamed S.; Seddik, Karim; Elsabrouty, Maha; Muta, Osamu; Furukawa, Hiroshi; Abdel-Rahman, Adel

    2016-01-01

    We present a study of using game theory for protecting wireless sensor networks (WSNs) from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs. PMID:27367700

  1. Node security

    CERN Document Server

    Barnes, Dominic

    2013-01-01

    A practical and fast-paced guide that will give you all the information you need to secure your Node applications.If you are a developer who wishes to secure your Node applications, whether you are already using Node Security in production, or are considering using it for your next project, then this book will enable you to ensure security of your applications. An understanding of JavaScript is a prerequisite, and some experience with Node is recommended, though not required.

  2. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-01-01

    ... ethics, and best practices in accordance with NPG 2810.1, Section 4.3 requirements. The Recipient may use...' facilities, installations, operations, documentation, databases and personnel used in performance of...

  3. Improving Deterministic Reserve Requirements for Security Constrained Unit Commitment and Scheduling Problems in Power Systems

    Science.gov (United States)

    Wang, Fengyu

    Traditional deterministic reserve requirements rely on ad-hoc, rule of thumb methods to determine adequate reserve in order to ensure a reliable unit commitment. Since congestion and uncertainties exist in the system, both the quantity and the location of reserves are essential to ensure system reliability and market efficiency. The modeling of operating reserves in the existing deterministic reserve requirements acquire the operating reserves on a zonal basis and do not fully capture the impact of congestion. The purpose of a reserve zone is to ensure that operating reserves are spread across the network. Operating reserves are shared inside each reserve zone, but intra-zonal congestion may block the deliverability of operating reserves within a zone. Thus, improving reserve policies such as reserve zones may improve the location and deliverability of reserve. As more non-dispatchable renewable resources are integrated into the grid, it will become increasingly difficult to predict the transfer capabilities and the network congestion. At the same time, renewable resources require operators to acquire more operating reserves. With existing deterministic reserve requirements unable to ensure optimal reserve locations, the importance of reserve location and reserve deliverability will increase. While stochastic programming can be used to determine reserve by explicitly modelling uncertainties, there are still scalability as well as pricing issues. Therefore, new methods to improve existing deterministic reserve requirements are desired. One key barrier of improving existing deterministic reserve requirements is its potential market impacts. A metric, quality of service, is proposed in this thesis to evaluate the price signal and market impacts of proposed hourly reserve zones. Three main goals of this thesis are: 1) to develop a theoretical and mathematical model to better locate reserve while maintaining the deterministic unit commitment and economic dispatch

  4. 78 FR 48218 - Emergency Order Establishing Additional Requirements for Attendance and Securement of Certain...

    Science.gov (United States)

    2013-08-07

    ... Federal Railroad Administration Emergency Order Establishing Additional Requirements for Attendance and... crude oil (U.S. DOT Hazard Class 3, UN 1267). At approximately 11:00 p.m. the train stopped near... left unattended for one hour or less, attendance related to locomotives attached to loaded tank...

  5. 49 CFR 1572.17 - Applicant information required for TWIC security threat assessment.

    Science.gov (United States)

    2010-10-01

    ... guilty by reason of insanity, of a disqualifying crime listed in 49 CFR 1572.103(b), in a civilian or... disqualifying crime listed in 49 CFR 1572.103(b), during the five years before the date of the application, or... involuntarily, or is applying for a waiver; (6) Meets the immigration status requirements described in 49...

  6. 49 CFR 1572.9 - Applicant information required for HME security threat assessment.

    Science.gov (United States)

    2010-10-01

    ... reason of insanity, of a disqualifying crime listed in 49 CFR 1572.103(b), in a civilian or military... disqualifying crime listed in 49 CFR 1572.103(b), during the five years before the date of the application, or... involuntarily or is applying for a waiver; (6) Meets the immigration status requirements described in 49...

  7. Regional, national and international security requirements for the transport of nuclear cargo by sea

    International Nuclear Information System (INIS)

    Since the beginning of the nuclear age in the 1940's, the world has focused on the immense possibilities of nuclear power with both its destructive and productive capabilities. The civil nuclear industry in the UK, as in most nuclear weapons states, grew from the military facilities built in the post war years under the political climate of the Cold War. In the early years of the industry, civil and defence nuclear facilities were inextricably linked both in public perceptions and the regulatory infrastructure under which they operated. The nuclear arms race and the spread of communism overshadowed people's perceptions of there being two separate uses of nuclear material. This was a double edged sword which initially allowed the industry to develop largely unhindered by public concerns but latterly meant the industry could not break away from its roots and to many is still perceived as a dangerous and destructive force. Regulatory frameworks governing all aspects of the industry have developed both nationally and internationally driven by valid public concerns, political agendas and an international consensus that the unregulated use of nuclear material has catastrophic possibilities on an international scale. With the internationalisation of the civil nuclear industry and the costs associated with developing facilities to fully support each stage of the fuel cycle, from enrichment, fuel manufacturing, reprocessing and waste remediation, it became inevitable that a transport infrastructure would develop to make best use of the facilities. Regulations, both national and international are implicit in ensuring the security of nuclear material in transit. Due to the physical size of many of the irradiated fuel packages and implications of the changes to transport safety regulations, international transports of nuclear material, other than within mainland Europe, is predominantly carried out by sea

  8. Regional, national and international security requirements for the transport of nuclear cargo by sea

    Energy Technology Data Exchange (ETDEWEB)

    Booker, P.A.; Barnwell, I. [Marine Operations, BNFL International Transport and British Nuclear Group Security (United Kingdom)

    2004-07-01

    Since the beginning of the nuclear age in the 1940's, the world has focused on the immense possibilities of nuclear power with both its destructive and productive capabilities. The civil nuclear industry in the UK, as in most nuclear weapons states, grew from the military facilities built in the post war years under the political climate of the Cold War. In the early years of the industry, civil and defence nuclear facilities were inextricably linked both in public perceptions and the regulatory infrastructure under which they operated. The nuclear arms race and the spread of communism overshadowed people's perceptions of there being two separate uses of nuclear material. This was a double edged sword which initially allowed the industry to develop largely unhindered by public concerns but latterly meant the industry could not break away from its roots and to many is still perceived as a dangerous and destructive force. Regulatory frameworks governing all aspects of the industry have developed both nationally and internationally driven by valid public concerns, political agendas and an international consensus that the unregulated use of nuclear material has catastrophic possibilities on an international scale. With the internationalisation of the civil nuclear industry and the costs associated with developing facilities to fully support each stage of the fuel cycle, from enrichment, fuel manufacturing, reprocessing and waste remediation, it became inevitable that a transport infrastructure would develop to make best use of the facilities. Regulations, both national and international are implicit in ensuring the security of nuclear material in transit. Due to the physical size of many of the irradiated fuel packages and implications of the changes to transport safety regulations, international transports of nuclear material, other than within mainland Europe, is predominantly carried out by sea.

  9. Mobile intelligent terminal security technology requirements standard interpretation%移动智能终端安全能力技术要求标准解读

    Institute of Scientific and Technical Information of China (English)

    谢利涛

    2013-01-01

    主要介绍了YD/T2407-2013《移动智能终端安全能力技术要求》标准的范围、安全能力框架及目标、主要技术要求、功能限制要求、安全能力分级和贯彻实施的相关建议。重点针对硬件安全能力、操作系统安全能力、外围接口安全能力、应用层安全要求和用户数据保护安全能力等方面进行了说明。%Mainly introduces YD/T2407-2013“intelligent mobile terminal security technical requirements”standard range,security framework and target,main technical requirements,functional limitations,safety re-quirements Ability Classification and implementation suggestions.Focusing on ability,hardware security op-erating system security capacity,peripheral interface security ability,application layer security require-ments and user data safety protection ability and other aspects are described.

  10. Information security fundamentals

    CERN Document Server

    Peltier, Thomas R

    2013-01-01

    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

  11. Security for grids

    Energy Technology Data Exchange (ETDEWEB)

    Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

    2005-08-14

    Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.

  12. Application of Improved SQUARE Model in Software Security Requirements Elicitation%改进的 SQUARE 模型在软件安全需求获取中的应用

    Institute of Scientific and Technical Information of China (English)

    范洁; 许盛伟; 娄嘉鹏

    2013-01-01

    The eliciting of security requirement is a key factor to ensure software's security .To obtain the software's security requirement effectively , on the basis of the analysis of the Security Quality Re-quirements Engineering model , the steps of the SQUARE model was improved , and the classification standard about security requirements was defined , and the XML Schema definition of security require-ments document was presented .This thesis applied the Light -SQUARE model to university student Score Management System and elicited its security requirement , and stored the security requirement with XML format , realized cross-platform usability of the security requirement .%安全需求的获取是确保软件安全性的关键因素。为有效地获取软件的安全需求,在分析安全质量需求工程SQUARE模型的基础上,改进了该模型的执行步骤,制定了安全需求的分类标准,给出了安全需求文档的XML模式定义。应用改进的SQUARE模型对高校学生成绩管理系统进行安全需求获取,并将安全需求文档以XML格式进行存储,实现了安全需求的跨平台通用。

  13. Security during the Construction of New Nuclear Power Plants: Technical Basis for Access Authorization and Fitness-For-Duty Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Branch, Kristi M.; Baker, Kathryn A.

    2009-09-01

    A technical letter report to the NRC summarizing the findings of a benchmarking study, literature review, and workshop with experts on current industry standards and expert judgments about needs for security during the construction phase of critical infrastructure facilities in the post-September 11 U.S. context, with a special focus on the construction phase of nuclear power plants and personnel security measures.

  14. Information Security Maturity Model

    OpenAIRE

    Information Security Maturity Model

    2011-01-01

    To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

  15. Junos Security

    CERN Document Server

    Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

    2010-01-01

    Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag

  16. 物联网发展的安全需求%The Security Requirements of IOT Development

    Institute of Scientific and Technical Information of China (English)

    孙伟; 刘志杰

    2013-01-01

      The needs of security focused on the development of IOT were discussed, and the currently available security mechanisms and methods were analyzed, including integrating the existing security mechanisms into IOT, programs given to adapt IOT, or new designs.%  重点讨论了物联网发展面临的安全需求,分析了当前可用的安全机制和方法,通过把原有安全机制整合到物联网中,或者是给出适应物联网的方案,再或者是进行全新的设计。

  17. FOOD SECURITY

    Directory of Open Access Journals (Sweden)

    Dorina Ardelean

    2013-12-01

    Full Text Available The assurance of food security at the individual level doesn’t implicitly provide for the one at family level as the concepts of hunger, malnutrition and food insecurity are the steps of the same process of access restricted to a sufficient supply of food. In order to achieve food security at the individual level the following is necessary: ensuring food availability (production, reserve stocks; redistribution of food availability within the country or out through international exchanges; effective access of the population to purchase food consumer goods, by ensuring its effective demand as required. Food security of families (FFS is required for assuring individual food security (IFS, but it is not sufficient because the food available may be unevenly distributed between family members. National food security (NFS corresponds to the possibilities that different countries have to ensure both FFS and IFS without sacrificing other important objectives. Under the name of GAS is defined the global food security which represents permanent access for the entire population of the globe to the necessary food for a healthy and active life.

  18. Secure portal.

    Energy Technology Data Exchange (ETDEWEB)

    Nelson, Cynthia Lee

    2007-09-01

    There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allow special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing

  19. Data security.

    Science.gov (United States)

    2016-09-01

    A government-commissioned review of data security across health and care has led to the proposal of new standards for security and options for a consent/opt-out model. Standards include that all staff complete appropriate annual data security training and pass a mandatory test provided through the revised Information Governance Toolkit, that personal confidential data is only accessible to staff who need it for their current role, and that access is removed as soon as it is no longer required. The consent/opt-out model is outlined under 8 statements, and includes certain circumstances where it will not apply, for example, where there is an overriding public interest, or mandatory legal requirement.

  20. Data security.

    Science.gov (United States)

    2016-09-01

    A government-commissioned review of data security across health and care has led to the proposal of new standards for security and options for a consent/opt-out model. Standards include that all staff complete appropriate annual data security training and pass a mandatory test provided through the revised Information Governance Toolkit, that personal confidential data is only accessible to staff who need it for their current role, and that access is removed as soon as it is no longer required. The consent/opt-out model is outlined under 8 statements, and includes certain circumstances where it will not apply, for example, where there is an overriding public interest, or mandatory legal requirement. PMID:27581899

  1. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage

    Science.gov (United States)

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called “privacy principles” to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions – when implementing laboratory data protocols – with experts in the fields. PMID:26955504

  2. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage.

    Science.gov (United States)

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called "privacy principles" to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions - when implementing laboratory data protocols - with experts in the fields.

  3. Leadership in organizations with high security and reliability requirements; Liderazgo en organizaciones con altos requisitos de seguridad y fiabilidad

    Energy Technology Data Exchange (ETDEWEB)

    Gonzalez, F.

    2013-07-01

    Developing leadership skills in organizations is the key to ensure the sustain ability of excellent results in industries with high requirements safety and reliability. In order to have a model of leadership development specific to this type of organizations, Tecnatom in 2011, we initiated a project internal, to find and adapt a competency model to these requirements.

  4. Safety Guide no. 5.14 issued in Spain by the Nuclear Safety Council: Security and radiological requirements in the industrial gamma radiography facilities

    International Nuclear Information System (INIS)

    Radioactive facilities where industrial gamma radiography equipment are used, require a use authorization in accordance to the Spanish regulations. In order to get authorized the person in charge of the installation has to display a set of documents; among them two of the most important attending to radiological safety, are the 'Operatory Manual' and the 'Emergency Procedures'. The fulfillment of these documents is essential to get, from the radiological point of view, the optimal conditions for the running of the installation. The Regulation on Sanitary Protection against the Ionizing Radiation, transposition of Directives 80/836/EURATOM and 84/467/EURATOM, provides certain targets to be reached and a set of radioactive protection measures, applied, in general terms, to this kind of installations. The experience gathered on the running of these specially radioactive risky installations demands special attention to the fulfillment of the security and radiological protection measures. The Nuclear Safety Council issued in 1998 the safety guide 5.14, in order to help people in charge of those installations to fulfill the security and radiological requirements, as well to became the guideline in the writing of obligatory documents, specially those referring to the 'Operatory Manual' and the 'Emergency Procedures', where the safe operational procedures of this kind of equipment are described. (author)

  5. Secure Disk Mixed System

    Directory of Open Access Journals (Sweden)

    Myongchol Ri

    2013-01-01

    Full Text Available We propose a disk encryption method, called Secure Disk Mixed System (SDMS in this paper, for data protection of disk storages such as USB flash memory, USB hard disk and CD/DVD. It is aimed to solve temporal and spatial limitations of existing disk encryption methods and to control security performance flexibly according to the security requirement of system.

  6. Microsoft Azure security

    CERN Document Server

    Freato, Roberto

    2015-01-01

    This book is intended for Azure administrators who want to understand the application of security principles in distributed environments and how to use Azure to its full capability to reduce the risks of security breaches. Only basic knowledge of the security processes and services of Microsoft Azure is required.

  7. Learning Puppet security

    CERN Document Server

    Slagle, Jason

    2015-01-01

    If you are a security professional whose workload is increasing, or a Puppet professional looking to increase your knowledge of security, or even an experienced systems administrator, then this book is for you. This book will take you to the next level of security automation using Puppet. The book requires no prior knowledge of Puppet to get started.

  8. Alternative security

    International Nuclear Information System (INIS)

    This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview

  9. Android application security essentials

    CERN Document Server

    Rai, Pragati

    2013-01-01

    Android Application Security Essentials is packed with examples, screenshots, illustrations, and real world use cases to secure your apps the right way.If you are looking for guidance and detailed instructions on how to secure app data, then this book is for you. Developers, architects, managers, and technologists who wish to enhance their knowledge of Android security will find this book interesting. Some prior knowledge of development on the Android stack is desirable but not required.

  10. Relaxing Chosen-Ciphertext Security

    DEFF Research Database (Denmark)

    Canetti, Ran; Krawczyk, Hugo; Nielsen, Jesper Buus

    2003-01-01

    Security against adaptive chosen ciphertext attacks (or, CCA security) has been accepted as the standard requirement from encryption schemes that need to withstand active attacks. In particular, it is regarded as the appropriate security notion for encryption schemes used as components within...... general protocols and applications. Indeed, CCA security was shown to suffice in a large variety of contexts. However, CCA security often appears to be somewhat too strong: there exist encryption schemes (some of which come up naturally in practice) that are not CCA secure, but seem sufficiently secure...... “for most practical purposes.” We propose a relaxed variant of CCA security, called Replayable CCA (RCCA) security. RCCA security accepts as secure the non-CCA (yet arguably secure) schemes mentioned above; furthermore, it suffices for most existing applications of CCA security. We provide three...

  11. 78 FR 5116 - NASA Information Security Protection

    Science.gov (United States)

    2013-01-24

    ... SPACE ADMINISTRATION 14 CFR Part 1203 RIN 2700-AD61 NASA Information Security Protection AGENCY..., Classified National Security Information, and appropriately to correspond with NASA's internal requirements, NPR 1600.2, Classified National Security Information, that establishes the Agency's requirements...

  12. DISPOSAL OF TRU WASTE FROM THE PLUTONIUM FINISHING PLANT IN PIPE OVERPACK CONTAINERS TO WIPP INCLUDING NEW SECURITY REQUIREMENTS

    Energy Technology Data Exchange (ETDEWEB)

    Hopkins, A.M.; Sutter, C.; Hulse, G.; Teal, J.

    2003-02-27

    The Department of Energy is responsible for the safe management and cleanup of the DOE complex. As part of the cleanup and closure of the Plutonium Finishing Plant (PFP) located on the Hanford site, the nuclear material inventory was reviewed to determine the appropriate disposition path. Based on the nuclear material characteristics, the material was designated for stabilization and packaging for long term storage and transfer to the Savannah River Site or, a decision for discard was made. The discarded material was designated as waste material and slated for disposal to the Waste Isolation Pilot Plant (WIPP). Prior to preparing any residue wastes for disposal at the WIPP, several major activities need to be completed. As detailed a processing history as possible of the material including origin of the waste must be researched and documented. A technical basis for termination of safeguards on the material must be prepared and approved. Utilizing process knowledge and processing history, the material must be characterized, sampling requirements determined, acceptable knowledge package and waste designation completed prior to disposal. All of these activities involve several organizations including the contractor, DOE, state representatives and other regulators such as EPA. At PFP, a process has been developed for meeting the many, varied requirements and successfully used to prepare several residue waste streams including Rocky Flats incinerator ash, Hanford incinerator ash and Sand, Slag and Crucible (SS&C) material for disposal. These waste residues are packed into Pipe Overpack Containers for shipment to the WIPP.

  13. Non-proliferation of nuclear weapons and nuclear security. Overview of Safeguards requirements for States with limited nuclear material and activities

    International Nuclear Information System (INIS)

    This booklet provides an overview of safeguards obligations that apply to States which are parties to the Nuclear Non-Proliferation Treaty (NPT) that have no nuclear facilities and only limited quantities of nuclear material. Most State parties to the NPT have no nuclear facilities and only limited quantities of nuclear material. For such States, safeguards implementation is expected to be simple and straightforward. This booklet provides an overview of the safeguards obligations that apply to such States. It is hoped that a better understanding of these requirements will facilitate the conclusion and implementation of safeguards agreements and additional protocols, and thereby contribute to the strengthening of the IAEA?s safeguards system and of collective security

  14. Modified Small Business Network Security

    Directory of Open Access Journals (Sweden)

    Md. Belayet Ali

    2012-02-01

    Full Text Available This paper covers some likely threats and effectivesteps for a secure small business. It also involves a flowchart tocomprehend the overall small business network security easilyand we identify a set of security issues and applyappropriate techniques to satisfy the correspondingsecurity requirements. In respect of all, this document isstrong enough for any small business network security.

  15. Secure Transportation Management

    Energy Technology Data Exchange (ETDEWEB)

    Gibbs, P. W. [Brookhaven National Lab. (BNL), Upton, NY (United States)

    2014-10-15

    Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

  16. Nuclear security

    International Nuclear Information System (INIS)

    This paper reports that despite an Executive Order limiting the authority to make original classification decisions to government officials, DOE has delegated this authority to a number of contractor employees. Although the number of original classification decisions made by these contractors is small, this neither negates nor diminishes the significance of the improper delegation of authority. If misclassification were to occur, particularly at the Top Secret level, U.S. national security interests could potentially be seriously affected and threatened. DOE's argument that the delegation of such authority is a long-standing policy and done on a selective basis does not legitimize the practice and does not relieve DOE of its responsibility to meet the requirements of the Executive Order. DOE needs to independently assess all original classification determinations made by contractors; otherwise, it cannot be sure that U.S. national security interests have been or are being adequately protected

  17. Federal technology transfer requirements :a focused study of principal agencies approaches with implications for the Department of Homeland Security.

    Energy Technology Data Exchange (ETDEWEB)

    Koker, Denise; Micheau, Jill M.

    2006-07-01

    This report provides relevant information and analysis to the Department of Homeland Security (DHS) that will assist DHS in determining how to meet the requirements of federal technology transfer legislation. These legal requirements are grouped into five categories: (1) establishing an Office of Research and Technology Applications, or providing the functions thereof; (2) information management; (3) enabling agreements with non-federal partners; (4) royalty sharing; and (5) invention ownership/obligations. These five categories provide the organizing framework for this study, which benchmarks other federal agencies/laboratories engaged in technology transfer/transition Four key agencies--the Department of Health & Human Services (HHS), the U.S. Department of Agriculture (USDA), the Department of Energy (DOE), and the Department of Defense (DoD)--and several of their laboratories have been surveyed. An analysis of DHS's mission needs for commercializing R&D compared to those agencies/laboratories is presented with implications and next steps for DHS's consideration. Federal technology transfer legislation, requirements, and practices have evolved over the decades as agencies and laboratories have grown more knowledgeable and sophisticated in their efforts to conduct technology transfer and as needs and opinions in the federal sector have changed with regards to what is appropriate. The need to address requirements in a fairly thorough manner has, therefore, resulted in a lengthy paper. There are two ways to find summary information. Each chapter concludes with a summary, and there is an overall ''Summary and Next Steps'' chapter on pages 57-60. For those readers who are unable to read the entire document, we recommend referring to these pages.

  18. Operating System Security

    CERN Document Server

    Jaeger, Trent

    2008-01-01

    Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to

  19. Fragile States : Securing Development

    OpenAIRE

    Zoellick, R.

    2008-01-01

    Fragile states are the toughest development challenge of our era. But we ignore them at our peril: about one billion people live in fragile states, including a disproportionate number of the world's extreme poor, and they account for most of today's wars. These situations require a different framework of building security, legitimacy, governance, and the economy. Only by securing development - bringing security and development together to smooth the transition from conflict to peace and then ...

  20. Comparison of Adaptive Information Security Approaches

    OpenAIRE

    Antti Evesti; Eila Ovaska

    2013-01-01

    Dynamically changing environments and threat landscapes require adaptive information security. Adaptive information security makes it possible to change and modify security mechanisms at runtime. Hence, all security decisions are not enforced at design-time. This paper builds a framework to compare security adaptation approaches. The framework contains three viewpoints, that is, adaptation, security, and lifecycle. Furthermore, the paper describes five security adaptation approaches and compa...

  1. Information security management with ITIL V3

    CERN Document Server

    Cazemier, Jacques A; Peters, Louk

    2010-01-01

    This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

  2. E-learning for Transport Security

    International Nuclear Information System (INIS)

    In this course we will look at how to ensure nuclear and radioactive material is transported safely and securely through the following topics: Objectives of transport security; International and national requirements, recommendations and guidance; Background of safety regulations; Basic principles and fundamentals; Application of security functions; Transport security technologies; Transport security plans, readiness reviews and corrective actions

  3. On Provable Security for Complex Systems

    OpenAIRE

    Achenbach, Dirk

    2016-01-01

    We investigate the contribution of cryptographic proofs of security to a systematic security engineering process. To this end we study how to model and prove security for concrete applications in three practical domains: computer networks, data outsourcing, and electronic voting. We conclude that cryptographic proofs of security can benefit a security engineering process in formulating requirements, influencing design, and identifying constraints for the implementation.

  4. 7 CFR 1942.114 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 13 2010-01-01 2009-01-01 true Security. 1942.114 Section 1942.114 Agriculture... Security. Specific requirements for security for each loan will be included in the letter of conditions. Loans must be secured by the best security position practicable, in a manner which will...

  5. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  6. Financial security

    NARCIS (Netherlands)

    M. de Goede

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  7. Security studies

    International Nuclear Information System (INIS)

    physical protection system is not covered by such studies, since this type of detection gives no information on either the effectiveness or the reliability of the MC and A systems. A critical scenario is defined as one which leads to discrepancies involving substantial amounts of NM or for which the detection delay is long. Special care is taken when analysing these scenarios. For critical scenarios, sensitivity analysis could be made to determine the smallest quantity of NM the disappearance of which could be detected or the criteria leading to the detection of the disappearance in the control system or in the accounting system. The threats taken into account are identified with reference to the design basis threat specified by the competent authority. Both internal and external threats are taken in account. Internal threats are defined as attempts by insiders to steal quantities of nuclear material, either once or on several occasions; accumulating these quantities leads to a significant quantity of NM. External threats are defined as attempts by groups of aggressors to steal significant amounts of nuclear material. Two hypotheses are taken into account to test the ability of the physical protection system to counter threats of this type. The first is based on a small group of aggressors with limited resources and the second involves a larger team with more sophisticated resources. Of course security studies have to be carried out in compliance with the corresponding confidentiality rules. In addition, such studies have to be regularly updated, notably if significant modifications are made in the MC and A or PP systems. It is important that security studies are available in the facilities for competent personnel, as it gives the rationale behind control and protection of NM. In particular, it could be used, in a performance-based approach, to support analysis reports or to illustrate that the required level of security has been re

  8. Security Expertise

    DEFF Research Database (Denmark)

    This volume brings together scholars from different fields to explore the power, consequences and everyday practices of security expertise. Expertise mediates between different forms of knowledge: scientific and technological, legal, economic and political knowledge. This book offers the first...... systematic study of security expertise and opens up a productive dialogue between science and technology studies and security studies to investigate the character and consequences of this expertise. In security theory, the study of expertise is crucial to understanding whose knowledge informs security making...... and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think tanks...

  9. Surviving security how to integrate people, process, and technology

    CERN Document Server

    Andress, Amanda

    2003-01-01

    WHY DO I NEED SECURITY? Introduction The Importance of an Effective Security Infrastructure People, Process, and Technology What Are You Protecting Against? Types of Attacks Types of Attackers Security as a Competitive Advantage Choosing a Solution Finding Security Employees The Layered Approach UNDERSTANDING REQUIREMENTS AND RISK What Is Risk? Embracing Risk Information Security Risk Assessment Assessing Risk Insurance SECURITY POLICIES AND PROCEDURES Internal Focus Is Key Security Awareness and Education Policy Life Cycle Developing Policies Components of a Security Policy Sample Security Po

  10. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    OpenAIRE

    X. Su; Bolzoni, D; van Eck, P.A.T.

    2006-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business rationale for security requirements. The rationale is then used a...

  11. Secure Scrum: Development of Secure Software with Scrum

    OpenAIRE

    Pohl, Christoph; Hof, Hans-Joachim

    2015-01-01

    Nowadays, the use of agile software development methods like Scrum is common in industry and academia. Considering the current attacking landscape, it is clear that developing secure software should be a main concern in all software development projects. In traditional software projects, security issues require detailed planning in an initial planning phase, typically resulting in a detailed security analysis (e.g., threat and risk analysis), a security architecture, and instructions for secu...

  12. Security Policies for Securing Cloud Databases

    Directory of Open Access Journals (Sweden)

    Ingrid A. Buckley

    2014-07-01

    Full Text Available Databases are an important and almost mandatory means for storing information for later use. Databases require effective security to protect the information stored within them. In particular access control measures are especially important for cloud databases, because they can be accessed from anywhere in the world at any time via the Internet. The internet has provided a plethora of advantages by increasing accessibility to various services, education, information and communication. The internet also presents challenges and disadvantages, which include securing services, information and communication. Naturally, the internet is being used for good but also to carry out malicious attacks on cloud databases. In this paper we discuss approaches and techniques to protect cloud databases, including security policies which can realized as security patterns.

  13. Watermarking security

    CERN Document Server

    Bas, Patrick; Cayre, François; Doërr, Gwenaël; Mathon, Benjamin

    2016-01-01

    This book explains how to measure the security of a watermarking scheme, how to design secure schemes but also how to attack popular watermarking schemes. This book gathers the most recent achievements in the field of watermarking security by considering both parts of this cat and mouse game. This book is useful to industrial practitioners who would like to increase the security of their watermarking applications and for academics to quickly master this fascinating domain.

  14. Being Secure

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    As the world wrestles with challenges from nontraditional security threats, a new concept of security management is emerging Security has traditionally been seen as the means of defending a territory, primarily through the use of military power. However, as the world evolves through the process of globalization, so too does the concept of security. It now incorporates military, political, economic, societal and environmental issues, as well as the many links that bind them. Yet for most people in the wor...

  15. Design of secure operating systems with high security levels

    Institute of Scientific and Technical Information of China (English)

    QING SiHan; SHEN ChangXiang

    2007-01-01

    Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level (hereafter simply referred to as ANSHENG OS), this paper addresses the following key issues in the design of secure operating systems with high security levels: security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models: confidentiality,integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated.Cover channel analysis (CCA) is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.

  16. Security Locks

    Science.gov (United States)

    Hart, Kevin

    2010-01-01

    According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions affected--perhaps the…

  17. Moving towards Cloud Security

    Directory of Open Access Journals (Sweden)

    Edit Szilvia Rubóczki

    2015-01-01

    Full Text Available Cloud computing hosts and delivers many different services via Internet. There are a lot of reasons why people opt for using cloud resources. Cloud development is increasing fast while a lot of related services drop behind, for example the mass awareness of cloud security. However the new generation upload videos and pictures without reason to a cloud storage, but only few know about data privacy, data management and the proprietary of stored data in the cloud. In an enterprise environment the users have to know the rule of cloud usage, however they have little knowledge about traditional IT security. It is important to measure the level of their knowledge, and evolve the training system to develop the security awareness. The article proves the importance of suggesting new metrics and algorithms for measuring security awareness of corporate users and employees to include the requirements of emerging cloud security.

  18. The Johnson Space Center Management Information Systems (JSCMIS). 1: Requirements Definition and Design Specifications for Versions 2.1 and 2.1.1. 2: Documented Test Scenario Environments. 3: Security Design and Specifications

    Science.gov (United States)

    1986-01-01

    The Johnson Space Center Management Information System (JSCMIS) is an interface to computer data bases at NASA Johnson which allows an authorized user to browse and retrieve information from a variety of sources with minimum effort. This issue gives requirements definition and design specifications for versions 2.1 and 2.1.1, along with documented test scenario environments, and security object design and specifications.

  19. Automated Security Compliance Tool for the Cloud

    OpenAIRE

    Ullah, Kazi Wali

    2012-01-01

    Security, especially security compliance, is a major concern that is slowing down the large scale adoption of cloud computing in the enterprise environment. Business requirements, governmental regulations and trust are among the reasons why the enterprises require certain levels of security compliance from cloud providers. So far, this security compliance or auditing information has been generated by security specialists manually. This process involves manual data collection and assessment wh...

  20. Security: a supranational legal asset

    OpenAIRE

    Manuel Monteiro Guedes Valente

    2012-01-01

    This paper discusses the concept of security as a manysided, multifunctional and multilevel regulation topology which requires its several actors to view legal assets from a polygonal perspective worthy of legal protection from local to global and from global to local space. The concept of security as a supranational legal asset requires criminal legislation which defines the principles of criminal policy and the intervention of criminal Law, barriers to security trends and to the attempt to ...

  1. Model-Based Security Testing

    CERN Document Server

    Schieferdecker, Ina; Schneider, Martin; 10.4204/EPTCS.80.1

    2012-01-01

    Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing,...

  2. Access Point Security Service for wireless ad-hoc communication

    NARCIS (Netherlands)

    Scholten, J.; Nijdam, M.

    2006-01-01

    This paper describes the design and implementation of a security solution for ad-hoc peer-to-peer communication. The security solution is based on a scenario where two wireless devices require secure communication, but share no security relationship a priori. The necessary requirements for the secur

  3. 42 CFR 73.11 - Security.

    Science.gov (United States)

    2010-10-01

    ... 42 Public Health 1 2010-10-01 2010-10-01 false Security. 73.11 Section 73.11 Public Health PUBLIC... AND TOXINS § 73.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan. The security plan must be sufficient to safeguard...

  4. 7 CFR 1780.14 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 12 2010-01-01 2010-01-01 false Security. 1780.14 Section 1780.14 Agriculture... (CONTINUED) WATER AND WASTE LOANS AND GRANTS General Policies and Requirements § 1780.14 Security. Loans will be secured by the best security position practicable in a manner which will adequately protect...

  5. 9 CFR 121.11 - Security.

    Science.gov (United States)

    2010-01-01

    ... 9 Animals and Animal Products 1 2010-01-01 2010-01-01 false Security. 121.11 Section 121.11... AGENTS AND TOXINS § 121.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan. The security plan must be sufficient to...

  6. Grid Security

    CERN Document Server

    CERN. Geneva

    2004-01-01

    The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

  7. Securing Hadoop

    CERN Document Server

    Narayanan, Sudheesh

    2013-01-01

    This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

  8. Lemnos Interoperable Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Halbgewachs, Ron [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Smith, Rhett [Schweitzer Engineering Laboratories, Chattanooga, TN (United States); Teumim, David [Teumim Technical, Allentown, PA (United States)

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  9. Security@Runtime: A flexible MDE approach to enforce fine-grained security policies

    OpenAIRE

    Elrakaiby, Yehia; Amrani, Moussa; Le Traon, Yves

    2014-01-01

    In this paper, we present a policy-based approach for automating the integration of security mechanisms into Java-based business applications. In particular, we introduce an expressive Domain Specific modeling Language (Dsl), called Security@Runtime, for the specification of security configurations of targeted systems. The Security@Runtime Dsl supports the expression of authorization, obligation and reaction policies, covering many of the security requirements of modern applications. Security...

  10. Redefining security.

    Science.gov (United States)

    Mathews, J T

    1989-01-01

    The concept of US national security was redefined in the 1970s to include international economics, and lately environmental degradation has also become a factor, as pollution transcends boundaries. By 2100 another 5-6 billion people may be added to the world's population requiring dramatic production and technology transformation with the resultant expanded energy use, emissions, and waste impacting the ecosystem. Climate change through global warming is in the offing. The exponential growth of the population in the developing world poses a crucial challenge for food production, housing, and employment. At a 1% growth rate population doubles in 72 years, while at 3% it doubles in 24 years. Africa's growth rate is almost 3%, it is close to 2% in Latin America, and it is somewhat less in Asia. Renewable resources such as overfished fishing grounds can become nonrenewable, and vanished species can never be resurrected. Deforestation leads to soil erosion, damage to water resources through floods and silting of irrigation networks, and accelerated loss of species. 20% of species could disappear by 2000 thereby losing genetic resources for chemicals, drugs, and food sources. Overcultivation has caused major erosion and decline of agricultural productivity in Haiti, Guatemala, Turkey, and India. Lopsided land ownership in Latin America requires land reform for sustainable agricultural production in the face of the majority of people cultivating plots for bare subsistence. Human practices that have caused environmental damage include concessions granted to logging companies in the Philippines, mismanagement of natural resources in sub-Saharan Africa, the ozone hole, and the greenhouse effect with potential climate changes. Solutions include family planning, efficient energy use, sustainable agroforestry techniques, and environmental accounting of goods and services.

  11. Secure Cloud Architecture

    Directory of Open Access Journals (Sweden)

    Kashif Munir

    2013-02-01

    Full Text Available Cloud computing is set of resources and services offered through the Internet. Cloud services are delivered from data centers located throughout the world. Cloud computing facilitates its consumers by providing virtual resources via internet. The biggest challenge in cloud computing is the security and privacy problems caused by its multi-tenancy nature and the outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting cloud services for their businesses, measures need to be developed so that organizations can be assured of security in their businesses and can choose a suitable vendor for their computing needs. Cloud computing depends on the internet as a medium for users to access the required services at any time on pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers from threats and vulnerabilities that prevent the users from trusting it. Various malicious activitiesfrom illegal users have threatened this technology such as data misuse, inflexible access control and limited monitoring. The occurrence of these threats may result into damaging or illegal access of critical and confidential data of users. In this paper we identify the most vulnerable security threats/attacks in cloud computing, which will enable both end users and vendors to know a bout the k ey security threats associated with cloud computing and propose relevant solution directives to strengthen security in the Cloud environment. We also propose secure cloud architecture for organizations to strengthen the security.

  12. Social Security.

    Science.gov (United States)

    Social and Labour Bulletin, 1983

    1983-01-01

    This group of articles discusses a variety of studies related to social security and retirement benefits. These studies are related to both developing and developed nations and are also concerned with studying work conditions and government role in administering a democratic social security system. (SSH)

  13. Specifying Information Security Needs for the Delivery of High Quality Security Services

    OpenAIRE

    Su, Xiaomeng; Bolzoni, Damiano; Eck, van, C.F.

    2007-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. We propose to explicitly link security requirements with the organizations' business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process f...

  14. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  15. Global nuclear security engagement

    International Nuclear Information System (INIS)

    Full text: The Nuclear Security Summits in Washington (2010) and Seoul (2012) were convened with the goal of reducing the threat of nuclear terrorism. These meetings have engaged States with established nuclear fuel cycle activities and encouraged their commitment to nuclear security. The participating States have reaffirmed that it is a fundamental responsibility of nations to maintain effective nuclear security in order to prevent unauthorized actors from acquiring nuclear materials. To that end, the participants have identified important areas for improvement and have committed to further progress. Yet, a broader message has emerged from the Summits: effective nuclear security requires both global and regional engagement. Universal commitment to domestic nuclear security is essential, if only because the peaceful use of nuclear energy remains a right of all States: Nations may someday adopt nuclear energy, even if they are not currently developing nuclear technology. However, the need for nuclear security extends beyond domestic power production. To harvest natural resources and to develop part of a nuclear fuel cycle, a State should embrace a nuclear security culture. Nuclear materials may be used to produce isotopes for medicine and industry. These materials are transported worldwide, potentially crossing a nation's borders or passing by its shores. Regrettably, measures to prevent the loss of control may not be sufficient against an adversary committed to using nuclear or other radioactive materials for malicious acts. Nuclear security extends beyond prevention measures, encompassing efforts to detect illicit activities and respond to nuclear emergencies. The Seoul Communique introduces the concept of a Global Nuclear Security Architecture, which includes multilateral instruments, national legislation, best practices, and review mechanisms to promote adoption of these components. Key multilateral instruments include the Convention on Physical Protection of

  16. Demarcation of Security in Authentication Protocols

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    easier, and enables us to define security goals with a fine granularity. We present one such separation, by introducing the notion of binding sequence as a security primitive. A binding sequence, roughly speaking, is the only required security property of an authentication protocol. All other...... authentication goals, the correctness requirements, can be derived from the binding sequence....

  17. Security and Architectural Patterns for Securing the Cloud Architecture

    OpenAIRE

    Golajapu Venu Madhava Rao; Venu Madhav Kuthadi; Rajalakshmi Selvaraj

    2015-01-01

    Operating a cloud securely and efficiently entails a great deal of advanceplanning. A data center and redundant internet connection is required at the beginning to connect to cloud. This can constitute the technology portion of an information security and some network devices that safely and securely serve the communication. National Institute of Standards and Technology states that the process of uniquely assigning the information resources to an information system will define the securit...

  18. Health Security and Risk Aversion.

    Science.gov (United States)

    Herington, Jonathan

    2016-09-01

    Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy. PMID:26990349

  19. Health Security and Risk Aversion.

    Science.gov (United States)

    Herington, Jonathan

    2016-09-01

    Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy.

  20. Secure data aggregation for wireless sensor network

    OpenAIRE

    Tran-Thi-Thuy, Trang

    2010-01-01

    Like conventional networks, security is also a big concern in wireless sensor networks. However, security in this type of networks faces not only typical but also new challenges. Constrained devices, changing topology or susceptibility to unprecedented security threats such as node capture and node compromise has refrained developers from applying conventional security solutions into wireless sensor networks. Hence, developing security solutions for wireless sensor networks not only requires...

  1. Enhancing the security of electronic commerce transactions

    OpenAIRE

    Khu-smith, Vorapranee

    2003-01-01

    This thesis looks at the security of electronic commerce transaction process- ing. It begins with an introduction to security terminology used in the thesis. Security requirements for card payments via the Internet are then described, as are possible protocols for electronic transaction processing. It appears that currently the Secure Socket Layer (SSL) protocol together with its standardised version Transport Layer Security (TLS) are the most widely used means to se- cure e...

  2. Formal analysis of security metrics and risk

    OpenAIRE

    Krautsevich L.; Martinelli F.; Yautsiukhin A.

    2011-01-01

    Security metrics are usually defined informally and, therefore, the rigourous analysis of these metrics is a hard task. This analysis is required to identify the existing relations between the security metrics, which try to quantify the same quality: security. Risk, computed as Annualised Loss Expectancy, is often used in order to give the overall assessment of security as a whole. Risk and security metrics are usually defined separately and the relation between these indicators have not been...

  3. Developing security protocols in χ-Spaces

    DEFF Research Database (Denmark)

    Crazzolara, Federico; Milicia, Giuseppe

    2002-01-01

    It is of paramount importance that a security protocol effectively enforces the desired security requirements. The apparent simplicity of informal protocol descriptions hides the inherent complexity of their interactions which, often, invalidate informal correctness arguments and justify the effo......-Spaces aids several steps in the development of a security protocol – protocol executions can be simulated in hostile environments, a security protocol can be implemented, and security properties of implementations can be formally verified....

  4. Security Bingo

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Want to check your security awareness and win one of three marvellous books on computer security? Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us by 31 October 2011 at either Computer.Security@cern.ch or P.O. Box G19710.   Winners[1] must show that they fulfil at least five good practices in a continuous vertical, horizontal or diagonal row. For details on CERN Computer Security, please consult http://cern.ch/security. I personally…   …am concerned about computer security. …run my computer with an anti-virus software and up-to-date signature files. …lock my computer screen whenever I leave my office. …have chosen a reasonably complex password. …have restricted access to all my files and data. …am aware of the security risks and threats to CERN’s computing facilities. &hell...

  5. Secure PVM

    Energy Technology Data Exchange (ETDEWEB)

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  6. Network Security

    CERN Document Server

    Huang, Scott; Du, Ding-Zhu

    2010-01-01

    This book provides a reference tool for the increasing number of the scientists whose research is related to sensor network security. The book is organized into several sections, each including some chapters exploring a specific topic. Network security is attracting great attention and there are many research topics waiting to be studied. In this book, the topics covered include network design and modeling, network management, data management, security and applications. The aim, intent, and motivation of this book is to provide a reference tool for the increasing number of scientists whose res

  7. Computer security

    CERN Document Server

    Gollmann, Dieter

    2011-01-01

    A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing sec

  8. Secure Java For Web Application Development

    CERN Document Server

    Bhargav, Abhay

    2010-01-01

    As the Internet has evolved, so have the various vulnerabilities, which largely stem from the fact that developers are unaware of the importance of a robust application security program. This book aims to educate readers on application security and building secure web applications using the new Java Platform. The text details a secure web application development process from the risk assessment phase to the proof of concept phase. The authors detail such concepts as application risk assessment, secure SDLC, security compliance requirements, web application vulnerabilities and threats, security

  9. Cyber Security Risks and Requirements for Customer Interaction of Smart Grid%互动用电方式下的信息安全风险与安全需求分析

    Institute of Scientific and Technical Information of China (English)

    刘念; 张建华

    2011-01-01

    互动用电是智能电网的基本特征之一,针对因互动用电方式而引入的信息安全风险和安全需求展开研究.首先,从风险分析的角度,将互动用电方式下的信息安全与广域环境下的电力信息安全进行定性比较,重点论述了二者在威胁产生的客观条件、主观动机和事故后果等方面的差异.在此基础上,结合互动用电的业务流程和高级量测体系的特点,从保密性、完整性和可用性等信息安全需求出发,提炼出可用性评估、密钥管理和异常行为检测等3个方面的难点问题.%Customer interaction is one of the basic features of the smart grid. The study is focused on the risk and demand of cyber security stemming from customer interaction. First, in the perspective of risk analysis, the cyber security of customer interaction is qualitatively compared with that of wide area power cyber security with emphasis on the difference between the two in terms of the objective condition, subjective motivation, and consequence of threat. Furthermore, by referring to the business process of customer interaction and features of advanced metering infrastructure (AMI), the related difficulties including availability assessment, key management and abnormal action detection, are extracted from the cyber security requirements such as confidentiality, integrity and availability.

  10. Secure medical digital libraries.

    Science.gov (United States)

    Papadakis, I; Chrissikopoulos, V; Polemi, D

    2001-12-01

    In this paper, a secure medical digital library is presented. It is based on the CORBA specifications for distributed systems. The described approach relies on a three-tier architecture. Interaction between the medical digital library and its users is achieved through a Web server. The choice of employing Web technology for the dissemination of medical data has many advantages compared to older approaches, but also poses extra requirements that need to be fulfilled. Thus, special attention is paid to the distinguished nature of such medical data, whose integrity and confidentiality should be preserved at all costs. This is achieved through the employment of Trusted Third Parties (TTP) technology for the support of the required security services. Additionally, the proposed digital library employs smartcards for the management of the various security tokens that are used from the above services.

  11. Security and Architectural Patterns for Securing the Cloud Architecture

    Directory of Open Access Journals (Sweden)

    Golajapu Venu Madhava Rao

    2015-09-01

    Full Text Available Operating a cloud securely and efficiently entails a great deal of advanceplanning. A data center and redundant internet connection is required at the beginning to connect to cloud. This can constitute the technology portion of an information security and some network devices that safely and securely serve the communication. National Institute of Standards and Technology states that the process of uniquely assigning the information resources to an information system will define the security boundary for that system. A massive amount of gear that is racked and cabled following defined patterns is enabled inside this boundary. Need for the infrastructure that is used to manage the cloud and its resources as it operates the cloud. Each component like server, network and storagerequires some degree of configuration. While designing or planning a complex systemit is important to look ahead the process and procedures required for operation of the system. Small cloud systems can be build without much of planning. But any Cloud system substantially bigger size needs significant planning and design. If we fail to plan it leads to higher cost due to inefficiency in design and process. In this paper we study on the architectural components that can be used to build a cloud with security as a priority. This can be achieved by identifying requirements for secured cloud architecture along with key patterns and architectural elements. This paper first discusses on security patterns and an architectural element required and also focuses on several different cloud architectures and secure cloud operation strategies.

  12. 12 CFR 220.103 - Borrowing of securities.

    Science.gov (United States)

    2010-01-01

    ... delivery of such securities in the case of short sales, failure to receive securities he is required to... occurred or is in immediate prospect. The provision does not authorize a broker to borrow securities...

  13. Intrinsic information security - embedding security issues in the design process of telematics systems

    OpenAIRE

    Tettero, Olaf

    2000-01-01

    This book presents the Information Security Embedded Design process (ISED process), a systematic approach to embed information security issues (ISI) in the design process of telematics systems. The approach supports both designers and user organisations. We elaborate on actors, activities and related needs in a design process to design telematics systems in which requirements concerning information security (security for short) are adequately dealt with.

  14. Process Control/SCADA system vendor security awareness and security posture.

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Lüders, S.

    2009-01-01

    A starting point for the adequate security of process control/SCADA systems is the security awareness and security posture by the manufacturers, vendors, system integrators, and service organisations. The results of a short set of questions indicate that major security improvements are required in t

  15. Collective Security

    DEFF Research Database (Denmark)

    Galster, Kjeld

    Collective Security: National Egotism (Abstract) In Danish pre-World War I defence debate the notion of collective security is missing. During the early years of the 19th century, the political work is influenced by a pervasive feeling of rising tension and danger on the continent of Europe...... World War I it is not surprising that a salient feature of the defence debate is aversion against armed conflict. The Wilsonian agenda of a new system of collective security featuring prominently in the peace talks as well as in European debate generally does indeed have ramifications in Danish...... be implemented, the sooner the better. In order to accelerate peaceful development, and because their armed forces were seen rather as harmful than conducive to security, pacifist politicians believed that small states should set an example and disarm to a level just adequate for monitoring the borders so...

  16. Security Analysis in Wireless Sensor Networks

    OpenAIRE

    Murat Dener

    2014-01-01

    In recent years, wireless sensor network (WSN) is employed in many application areas such as monitoring, tracking, and controlling. For many applications of WSN, security is an important requirement. However, security solutions in WSN differ from traditional networks due to resource limitation and computational constraints. This paper analyzes security solutions: TinySec, IEEE 802.15.4, SPINS, MiniSEC, LSec, LLSP, LISA, and LISP in WSN. The paper also presents characteristics, security requir...

  17. Privatising Security

    OpenAIRE

    Irina Mindova-Docheva

    2016-01-01

    The article proposes an analysis of the different approaches towards employing the international legal framework in the regulation and oversight of private military and security companies’ operation in armed conflicts and in peace time security systems. It proposes a partnership-based approach for public and private actors aiming at creating and sharing common values under the principles of solidarity, protection of human rights and rule of law. A focus of further research shou...

  18. European Security

    DEFF Research Database (Denmark)

    Møller, Bjørn

    Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"......Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"...

  19. Energy Security

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    With an increasing number of countries becoming industrialized, energy, the so-called blood of modern economies, is becoming increasingly important Energy security has become an important factor that directly influences world economic stability and international relations. In an article posted on People's Daily Online, Liu Jianfei, professor at the International Strategic Research Center of the Party School of the Central Committee of the Communist Party of China, shares his opinions on energy security.

  20. Security an introduction

    CERN Document Server

    Purpura, Philip P

    2011-01-01

    Section I The History and Profession of SecurityDefinition, Role, and History of Security Security Defined The Contexts of Security The Roles of Security The History of Security Security in an Environment of Threats, Terrorism, and All-Hazards Threats and Hazards Terrorism National Strategies The Profession and Business of Security The Business of Security Professionalism and Security Associations Ethics Regulation of the Security Industry Security Training Higher Education Careers Section II Protecting People and AssetsSecurity Methodology Methodology Defined Security Business Proposals Secur

  1. [Food security in Mexico].

    Science.gov (United States)

    Urquía-Fernández, Nuria

    2014-01-01

    An overview of food security and nutrition in Mexico is presented, based on the analysis of the four pillars of food security: availability, access, utilization of food, and stability of the food supply. In addition, the two faces of malnutrition in Mexico were analyzed: obesity and undernourishment. Data were gathered from the food security indicators of the United Nations's Food and Agriculture Organization, from the Mexican Scale of Food Security, and from the National Health and Nutrition Survey. Mexico presents an index of availability of 3 145 kilocalories per person per day, one of the highest indexes in the world, including both food production and imports. In contrast, Mexico is affected by a double burden of malnutrition: whereas children under five present 14% of stunt, 30% of the adult population is obese. Also, more than 18% of the population cannot afford the basic food basket (food poverty). Using perception surveys, people reports important levels of food insecurity, which concentrates in seven states of the Mexican Federation. The production structure underlying these indicators shows a very heterogeneous landscape, which translates in to a low productivity growth across the last years. Food security being a multidimensional concept, to ensure food security for the Mexican population requires a revision and redesign of public productive and social policies, placing a particular focus on strengthening the mechanisms of institutional governance. PMID:25649459

  2. Privacy and security in teleradiology

    International Nuclear Information System (INIS)

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  3. Privacy and security in teleradiology.

    Science.gov (United States)

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper. PMID:19914020

  4. Site security personnel training manual

    International Nuclear Information System (INIS)

    As required by 10 CFR Part 73, this training manual provides guidance to assist licensees in the development of security personnel training and qualifications programs. The information contained in the manual typifies the level and scope of training for personnel assigned to perform security related tasks and job duties associated with the protection of nuclear fuel cycle facilities and nuclear power reactors

  5. Security and privacy threats in RFID traceability network

    Institute of Scientific and Technical Information of China (English)

    Chu; Chao-Hsien

    2008-01-01

    To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communication protocol, access permission and privacy preservation. According to the security requirements that are needed in an RFID system, a security model that incorporates security requirements that include privacy of tag data, privacy of ownership, and availability of tag identity is introduced. ...

  6. HUMAN RIGHTS IN TIME OF GLOBALIZING SECURITY

    Directory of Open Access Journals (Sweden)

    Gregor Garb

    2013-01-01

    Full Text Available Diversity of processes in the contemporary international environment and the attendant effects, including security risks bring rapid changes in society. On the other hand, new opportunities and challenges are characterized by globalization of security and modern security paradigm, triggered by the overwhelming number of processes within existing systems of national security that modify the state's role in ensuring the safety of its citizens or residents.In the contemporary security paradigm appears a tendency to provide individual security or deviation to the concept of ensuring security of the individual. Security is becoming a fundamental civil right which requires the synthesis of a wide range of state and social policies, including respect of human rights.International terrorism, as one of the security risks, against which many countries have accepted anti-terrorism laws, which intervene in the free exercise of individual rights and that leads to an imbalance between freedom and security.

  7. An Efficient Secure Real-Time Concurrency Control Protocol

    Institute of Scientific and Technical Information of China (English)

    XIAO Yingyuan; LIU Yunsheng; CHEN Xiangyang

    2006-01-01

    Secure real-time databases must simultaneously satisfy two requirements in guaranteeing data security and minimizing the missing deadlines ratio of transactions. However, these two requirements can conflict with each other and achieve one requirement is to sacrifice the other. This paper presents a secure real-time concurrency control protocol based on optimistic method. The concurrency control protocol incorporates security constraints in a real-time optimistic concurrency control protocol and makes a suitable tradeoff between security and real-time requirements by introducing secure influence factor and real-time influence factor. The experimental results show the concurrency control protocol achieves data security without degrading real-time performance significantly.

  8. Cloud Computing Security: A Survey

    Directory of Open Access Journals (Sweden)

    Issa M. Khalil

    2014-02-01

    Full Text Available Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures.

  9. Transportation security personnel training manual

    International Nuclear Information System (INIS)

    Objective of this manual is to train security personnel to protect special nuclear materials and nuclear facilities against theft and sabotage as required by 10 CFR Part 73. This volume contains the introduction and rationale

  10. Food security under climate change

    Science.gov (United States)

    Hertel, Thomas W.

    2016-01-01

    Using food prices to assess climate change impacts on food security is misleading. Differential impacts on income require a broader measure of household well-being, such as changes in absolute poverty.

  11. 75 FR 47311 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security...

    Science.gov (United States)

    2010-08-05

    ... security costs and information reasonably necessary to complete an audit. This requirement includes... SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Aviation Security Infrastructure Fee Records Retention AGENCY: Transportation...

  12. 24 CFR 884.115 - Security and utility deposits.

    Science.gov (United States)

    2010-04-01

    ... 24 Housing and Urban Development 4 2010-04-01 2010-04-01 false Security and utility deposits. 884... Security and utility deposits. (a) An Owner may require Families to pay a security deposit in an amount... security and utility deposits, if required, from their own resources and/or other private or public sources....

  13. International Energy Security Indicators and Turkey’s Energy Security Risk Score

    OpenAIRE

    Gelengul KOCASLAN

    2014-01-01

    Energy security has been a priority for many countries. What makes energy security that important is; its bilateral relationship with economic, political, social, environmental sustainability and military issues. As an inevitable consequence of globalization cooperation in the field has been a must and it is required international energy security indicators to make energy security risk evaluations in order to establish adequate policies. The aim of the study is to review energy security withi...

  14. Concepts and Practices of Cooperative Security

    DEFF Research Database (Denmark)

    Keating, Vincent; Wheeler, Nicholas J

    2013-01-01

    development of a security community, Charles Osgood's GRIT strategy and a unilateral 'leap of trust.' Both of these, however, initially require elites to develop security dilemma sensibility. The long-term stability of security communities is fundamentally linked to the presence of embedded trust among the...

  15. 24 CFR 891.775 - Security deposits.

    Science.gov (United States)

    2010-04-01

    ... 24 Housing and Urban Development 4 2010-04-01 2010-04-01 false Security deposits. 891.775 Section 891.775 Housing and Urban Development Regulations Relating to Housing and Urban Development (Continued... Individuals-Section 162 Assistance § 891.775 Security deposits. The general requirements for security...

  16. 14 CFR 460.53 - Security.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 4 2010-01-01 2010-01-01 false Security. 460.53 Section 460.53 Aeronautics and Space COMMERCIAL SPACE TRANSPORTATION, FEDERAL AVIATION ADMINISTRATION, DEPARTMENT OF....53 Security. An operator must implement security requirements to prevent any space flight...

  17. 14 CFR 129.25 - Airplane security.

    Science.gov (United States)

    2010-01-01

    ... security. Foreign air carriers conducting operations under this part must comply with the applicable security requirements in 49 CFR chapter XII. ... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Airplane security. 129.25 Section...

  18. 7 CFR 1951.866 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 14 2010-01-01 2009-01-01 true Security. 1951.866 Section 1951.866 Agriculture... REGULATIONS (CONTINUED) SERVICING AND COLLECTIONS Rural Development Loan Servicing § 1951.866 Security. (a) Loans from RDLF intermediaries to ultimate recipients. Security requirements for loans...

  19. 14 CFR 135.125 - Aircraft security.

    Science.gov (United States)

    2010-01-01

    ....125 Aircraft security. Certificate holders conducting operators conducting operations under this part must comply with the applicable security requirements in 49 CFR chapter XII. ... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Aircraft security. 135.125 Section...

  20. 7 CFR 331.11 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 5 2010-01-01 2010-01-01 false Security. 331.11 Section 331.11 Agriculture..., DEPARTMENT OF AGRICULTURE POSSESSION, USE, AND TRANSFER OF SELECT AGENTS AND TOXINS § 331.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security...

  1. 15 CFR 742.4 - National security.

    Science.gov (United States)

    2010-01-01

    ... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false National security. 742.4 Section 742.4... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS CONTROL POLICY-CCL BASED CONTROLS § 742.4 National security. (a) License requirements. It is the policy of the United States...

  2. 10 CFR 39.71 - Security.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Security. 39.71 Section 39.71 Energy NUCLEAR REGULATORY COMMISSION LICENSES AND RADIATION SAFETY REQUIREMENTS FOR WELL LOGGING Security, Records, Notifications § 39.71 Security. (a) A logging supervisor must be physically present at a temporary jobsite...

  3. 14 CFR 121.538 - Aircraft security.

    Science.gov (United States)

    2010-01-01

    ..., FLAG, AND SUPPLEMENTAL OPERATIONS Flight Operations § 121.538 Aircraft security. Certificate holders conducting operations under this part must comply with the applicable security requirements in 49 CFR chapter... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Aircraft security. 121.538 Section...

  4. Information Security

    NARCIS (Netherlands)

    Hartel, Pieter; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W.Ph.

    2012-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is

  5. Arctic Security

    DEFF Research Database (Denmark)

    Wang, Nils

    2013-01-01

    of the general security situation and to identify both the explicit and the implicit agendas of the primary state actors. The region contains all the ingredients for confrontation and conflict but the economical potential for all the parties concerned creates a general interest in dialogue and cooperation...

  6. Energy security

    International Nuclear Information System (INIS)

    In the case of Cuba, energy security goes beyond the typical security framework of energy supply to encompass the economic blockade which affects Cuba's access to some markets for its traditional products and obstructs international credit options. Recent problems concerning security of national energy supply include: - Shortages of foreign exchange necessary for the purchase of fuel and spare parts, for new investments and for the implementation of programmes supporting the rational use of energy. - High dependence on imported energy, including oil and petroleum products. -Use of domestic crude oil, with energy performance slightly below that of the imported fuels it replaces, especially fuel oil. The main negative aspect is the high sulphur content, which has adverse operational and environmental effects. - Interruptions in energy services resulting from hurricanes and tropical storms, and from breakdowns and accidents related to the transport of fuels, especially coastal transport. The strategies employed to improve Cuba's energy security situation are based on: - Increased economic competitiveness; - Fuel conservation and rational use of energy; - Efficient exploration and use of oil and natural gas; - Development of renewable energy sources; - Legal and institutional support of activities in the energy sector; - Active involvement in the international arena focused on regional integration efforts and international forums related to technological, energy and environmental issues, and on strengthening bilateral alliances aimed at creating the necessary environment for trade, technological transfer and foreign investment for guaranteeing national energy supply

  7. The Informatics Security Cost of Distributed Applications

    Directory of Open Access Journals (Sweden)

    Ion IVAN

    2010-01-01

    Full Text Available The objective, necessity, means and estimated efficiency of information security cost modeling are presented. The security requirements of distributed informatics applications are determined. Aspects regarding design, development and implementation are established. Influence factors for informatics security are presented and their correlation is analyzed. The costs associated to security processes are studied. Optimal criteria for informatics security are established. The security cost of the informatics application for validating organizational identifiers is determined using theoretical assumptions made for cost models. The conclusions highlight the validity of research results and offer perspectives for future research.

  8. Security Systems Consideration: A Total Security Approach

    Science.gov (United States)

    Margariti, S. V.; Meletiou, G.; Stergiou, E.; Vasiliadis, D. C.; Rizos, G. E.

    2007-12-01

    The "safety" problem for protection systems is to determine in a given situation whether a subject can acquire a particular right to an object. Security and audit operation face the process of securing the application on computing and network environment; however, storage security has been somewhat overlooked due to other security solutions. This paper identifies issues for data security, threats and attacks, summarizes security concepts and relationships, and also describes storage security strategies. It concludes with recommended storage security plan for a total security solution.

  9. Opinions about Component Energetic Security

    OpenAIRE

    Elena GOLUMBEANU (GEORGESCU)

    2012-01-01

    Collective security (international) represent the morphological expression of individual security components. According to the Report presented at the United Nations Development Programme, collective security (international) as well as national security, is the expression of seven synergistic dimensions as follows: economic security, food security, environmental security, personal security, community security, political security and individual security. As part of economic security, energy an...

  10. Secured Ontology Mapping

    Directory of Open Access Journals (Sweden)

    Manjula Shenoy.K

    2012-11-01

    Full Text Available Today’s market evolution and high volatility of business requirements put an increasing emphasis on theability for systems to accommodate the changes required by new organizational needs while maintainingsecurity objectives satisfiability. This is all the more true in case of collaboration and interoperabilitybetween different organizations and thus between their information systems. Ontology mapping has beenused for interoperability and several mapping systems have evolved to support the same. Usual solutionsdo not take care of security. That is almost all systems do a mapping of ontologies which are unsecured.We have developed a system for mapping secured ontologies using graph similarity concept. Here we giveno importance to the strings that describe ontology concepts ,properties etc. Because these strings may beencrypted in the secured ontology. Instead we use the pure graphical structure to determine mappingbetween various concepts of given two secured ontologies. The paper also gives the measure of accuracyof experiment in a tabular form in terms of precision, recall and F-measure.

  11. Information Security Awareness: An Innovation Approach

    OpenAIRE

    Corona, Carlos Orozco

    2010-01-01

    Scholars and security practitioners seem to converge in the understanding that Information Security is in great part a problem about people; hence the need for a more holistic approach in order to understand human behaviour in the Information Security field which requires a multidisciplinary approach. Recent events such as the “Interdisciplinary Workshop on Security and Human Behaviour” hosted in Boston, Massachusetts in June 2008, are considering this approach and they have conveyed a multi...

  12. Managing Security in Advanced Computational Infrastructure

    Institute of Scientific and Technical Information of China (English)

    2001-01-01

    Proposed by Education Ministry of China, Advanced Computational Infrastructure (ACI) aims at sharing geographically distributed high-performance computing and huge-capacity data resource among the universities of China. With the fast development of large-scale applications in ACI, the security requirements become more and more urgent. The special security needs in ACI is first analyzed in this paper, and security management system based on ACI is presented. Finally, the realization of security management system is discussed.

  13. Towards integrated security for sensor network aplications

    OpenAIRE

    Cionca, Victor; Newe, Thomas; Dad??rlat, Vasile

    2010-01-01

    Widespread and commercial usage of Wireless Sensor Networks is kept back by the lack of strong and easy to use security. The wide range of applications of WSNs implies different and often contradictory security requirements. This paper argues the need for a configurable security architecture for WSNs and presents a methodology and software implementation to determine the most resource efficient suite of security protocols for a given application.

  14. Overview of Security Threats in WSN

    OpenAIRE

    Ms. Poonam Barua; Mr. Sanjeev Indora

    2013-01-01

    Wireless sensor network is a combination of tiny devices called as sensor nodes which havecomputing, sensing and processing capabilities. As WSN are deployed in hostile environment usually and canbe physically accessible by an adversary; he/she can affect the confidentiality and integrity of the data as wellas some other security measures. So security is a main concern in wireless sensor network especially inhostile environment. In this paper we focus on security requirements, security scheme...

  15. Computer Security: the security marathon

    CERN Multimedia

    Computer Security Team

    2014-01-01

    If you believe that “security” is a sprint, that a quick hack is invulnerable, that quick bug fixing is sufficient, that plugging security measures on top of existing structures is good, that once you are secure your life will be easy... then let me convince you otherwise.   An excellent example of this is when the summer students join us at CERN. As the summer period is short, software projects must be accomplished quickly, like a sprint. Rush, rush! But often, this sprint ends with aching muscles. Regularly, these summer students approach us to have their project or web server made visible to the Internet. Regularly, quick security reviews of those web servers diagnose severe underperformance with regards to security: the web applications are flawed or use insecure protocols; the employed software tools, databases or web frameworks are sub-optimal and not adequately chosen for that project; the operating system is non-standard and has never been brought up-to-date; and ...

  16. THz and Security Applications

    CERN Document Server

    Sizov, Fedir; Detectors, Sources and Associated Electronics for THz Applications

    2014-01-01

    These proceedings comprise invited papers from highly experienced researchers in THz technology and security applications. THz detection of explosives represents one of the most appealing technologies to have recently emerged in dealing with terrorist attacks encountered by civil security and military forces throughout the world. Discussed are the most advanced technologies and developments, the various points of operational strength and weaknesses as well as are suggestions and predictions the best technological solutions to  overcome current operational limits.  The current status of various levels of cooling in THz detectors, sources and associated electronics are also addressed. The goal was to provide a clear view on the current technologies available and the required advances needed in order to achieve more efficient systems. This goal was outlined in part by establishing the baseline of current uncertainty estimations in physics-based modelling and the identification of key areas which require additi...

  17. Strengthening nuclear security

    International Nuclear Information System (INIS)

    The international situation after the end of the Cold-War has been quite unstable, due to the occurrence of frequent regional conflicts and domestic wars based on ethnic, religious or racial reasons. Further, threats to the would peace and security by non-state actors, like international terrorist groups, have been recognized after 9.11 terrorist attacks to the World Trade Center buildings and to the Pentagon. Utilization of nuclear energy, which encompasses both peaceful uses and military ones, required an establishment of regulatory system, by which risks associated with the development of nuclear energy can be controlled. Accordingly, nuclear safety control system, and then non-proliferation control system has been developed, both in the international level and notional level. In recognition of the present unstable international situations, it is required to establish, maintain and strengthen a system which control nuclear security aspect, in addition to the present systems. (author)

  18. Password Security

    OpenAIRE

    Danuvasin Charoen

    2014-01-01

    This study investigates users’ behavior in password utilization. Good password practices are critical to the security of any information system. End users often use weak passwords that are short, simple, and based on personal and meaningful information that can be easily guessed. A survey was conducted among executive MBA students who hold managerial positions. The results of the survey indicate that users practice insecure behaviors in the utilization of passwords. The results support the li...

  19. Watermarking security

    OpenAIRE

    Furon, Teddy

    2016-01-01

    International audience This chapter deals with applications where watermarking is a security primitive included in a larger system protecting the value of multimedia content. In this context, there might exist dishonest users, in the sequel so-called attackers, willing to read/overwrite hidden messages or simply to remove the watermark signal.The goal of this section is to play the role of the attacker. We analyze means to deduce information about the watermarking technique that will later...

  20. Security system

    Science.gov (United States)

    Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

    2016-02-02

    A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

  1. Security in Industrial Networks

    OpenAIRE

    Sørensen, Jan Tore

    2007-01-01

    A major trend in the automation and power industries is the transition from closed proprietary network solutions to open TCP/IP protocols running on Ethernet technologies. As these industries converge on an all IP platform, new challenges and requirements on the security level of the devices arise. The introduction of integrated operations in the oil and gas industry has provided many benefits for the industry, but it has also opened up the information flow between Distributed Control Systems...

  2. On Building Secure Communication Systems

    DEFF Research Database (Denmark)

    Carvalho Quaresma, Jose Nuno

    ’s flexibility allows for the addition of constructs that model new security properties as well as new plugins that implement the security properties. In order to provide higher security assurances, the system specification can be verified by formal methods tools such as the Beliefs and Knowledge (BAK) tool......This thesis presents the Guided System Development (GSD) framework, which aims at supporting the development of secure communication systems. A communication system is specified in a language similar to the Alice and Bob notation, a simple and intuitive language used to describe the global...... perspective of the communications between different principals. The notation used in the GSD framework extends that notation with constructs that allow the security requirements of the messages to be described. From that specification, the developer is guided through a semi-automatic translation that enables...

  3. Single Page Web Applications Security

    Directory of Open Access Journals (Sweden)

    Bogdan Beda

    2015-06-01

    Full Text Available With the constant spread of internet access, the world of software is constantly transforming product shapes into services delivered via web browsers. Modern next generation web applications change the way browsers and users interact with servers. A lot of word scale services have already been delivered by top companies as Single Page Applications. Moving services online poses a big attention towards data protection and web application security. Single Page Application are exposed to server-side web applications security in a new way. Also, having application logic being executed by untrusted client environment requires close attention on client application security. Single Page Applications are vulnerable to the same security threads as server-side web application thus not making them less secure. Defending techniques can be easily adapted to guard against hacker attacks.

  4. Metric-Aware Secure Service Orchestration

    Directory of Open Access Journals (Sweden)

    Gabriele Costa

    2012-12-01

    Full Text Available Secure orchestration is an important concern in the internet of service. Next to providing the required functionality the composite services must also provide a reasonable level of security in order to protect sensitive data. Thus, the orchestrator has a need to check whether the complex service is able to satisfy certain properties. Some properties are expressed with metrics for precise definition of requirements. Thus, the problem is to analyse the values of metrics for a complex business process. In this paper we extend our previous work on analysis of secure orchestration with quantifiable properties. We show how to define, verify and enforce quantitative security requirements in one framework with other security properties. The proposed approach should help to select the most suitable service architecture and guarantee fulfilment of the declared security requirements.

  5. Security engineering: Phisical security measures for high-risk personnel

    OpenAIRE

    Jelena S. Cice; Marko D. Andrejić; Nebojša K. Dragović

    2013-01-01

    The design of physical security measures is a specialized technical area that does not fall in the normal skill record and resume of commanders, architects, engineers, and project managers. This document provides guidance to those parties tasked with implementing existing and emerging physical protection system requirements: -    Creation of a single-source reference for the design and construction of physical security measures for high-risk personnel (HRP). -    Promulgation of multi-servic...

  6. Information Security and Integrity Systems

    Science.gov (United States)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  7. Human Security

    OpenAIRE

    Mary Kaldor

    2012-01-01

    The essay poses the question whether the so-called Arab spring offers the potential to complete the 1989 revolutions. It first discusses what was hoped to be achieved in 1989, and it then argues that the post-1989 arrangements failed to prevent new security challenges from emerging. The Islamist threat came to play the role that the Communist threat had played to the West or the Western threat had played to the East. The essay then turns to the question on what needs to happen if current even...

  8. Network security

    CERN Document Server

    Perez, André

    2014-01-01

    This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring. Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying

  9. IAEA Nuclear Security Human Resource Development Program

    International Nuclear Information System (INIS)

    The IAEA is at the forefront of international efforts to strengthen the world's nuclear security framework. The current Nuclear Security Plan for 2006-2009 was approved by the IAEA Board of Governors in September 2005. This Plan has three main points of focus: needs assessment, prevention, detection and response. Its overall objective is to achieve improved worldwide security of nuclear and other radioactive material in use, storage and transport, and of their associated facilities. This will be achieved, in particular, through the provision of guidelines and recommendations, human resource development, nuclear security advisory services and assistance for the implementation of the framework in States, upon request. The presentation provides an overview of the IAEA nuclear security human resource development program that is divided into two parts: training and education. Whereas the training program focuses on filling gaps between the actual performance of personnel working in the area of nuclear security and the required competencies and skills needed to meet the international requirements and recommendations described in UN and IAEA documents relating to nuclear security, the Educational Program in Nuclear Security aims at developing nuclear security experts and specialists, at fostering a nuclear security culture and at establishing in this way sustainable knowledge in this field within a State. The presentation also elaborates on the nuclear security computer based learning component and provides insights into the use of human resource development as a tool in achieving the IAEA's long term goal of improving sustainable nuclear security in States. (author)

  10. Framework Design of Secure Cloud Transmission Protocol

    Directory of Open Access Journals (Sweden)

    Dinesha H A

    2013-01-01

    Full Text Available Cloud computing technologies are in high demand because of several benefits. Many business organizations are looking into cloud computing services to reduce the cost and complexity of their business infrastructure and its preservation. However, there are certain security issues in cloud computing technologies. To overcome those security issues, we propose secure cloud transmission protocol design. This framework design details will help us in developing a secure protocol for the customers who are using cloud computing technologies over insecure internet. In this paper we discuss: i Overview model of proposed secure cloud transmission system in internet ii Security requirements iii roles and responsibilities of secure transmission protocol in OSI and iv Framework Design of secure cloud transmission.

  11. Communication security in open health care networks.

    Science.gov (United States)

    Blobel, B; Pharow, P; Engel, K; Spiegel, V; Krohn, R

    1999-01-01

    Fulfilling the shared care paradigm, health care networks providing open systems' interoperability in health care are needed. Such communicating and co-operating health information systems, dealing with sensitive personal medical information across organisational, regional, national or even international boundaries, require appropriate security solutions. Based on the generic security model, within the European MEDSEC project an open approach for secure EDI like HL7, EDIFACT, XDT or XML has been developed. The consideration includes both securing the message in an unsecure network and the transport of the unprotected information via secure channels (SSL, TLS etc.). Regarding EDI, an open and widely usable security solution has been specified and practically implemented for the examples of secure mailing and secure file transfer (FTP) via wrapping the sensitive information expressed by the corresponding protocols. The results are currently prepared for standardisation. PMID:10724890

  12. Usable security and e-banking

    DEFF Research Database (Denmark)

    Hertzum, Morten; Jørgensen, Niels; Nørgaard, Mie

    2004-01-01

    Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Our analysis of the weaknesses suggests that security requirements are among their causes...... and that the weaknesses may in turn cause decreased security. We view the conflict between ease of use and security in the context of usable security, a concept that is intended to match security principles and demands against user knowledge and motivation. Automation, instruction, and understanding can be identified...... as different approaches to usable security. Instruction is the main approach of the systems evaluated; automation relieves the user from involvement in security, as far as possible; and understanding goes beyond step-by-step instructions, to enable users to act competently and safely in situations...

  13. A security architecture for health information networks.

    Science.gov (United States)

    Kailar, Rajashekar; Muralidhar, Vinod

    2007-10-11

    Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

  14. INFORMATION SECURITY IN LOGISTICS COOPERATION

    Directory of Open Access Journals (Sweden)

    Tomasz Małkus

    2015-03-01

    Full Text Available Cooperation of suppliers of raw materials, semi-finished products, finished products, wholesalers, retailers in the form of the supply chain, as well as outsourcing of specialized logistics service require ensuring adequate support of information. It concerns the use of appropriate computer tools. The security of information in such conditions of collaboration becomes the important problem for parties of contract. The objective of the paper is to characterize main issues relating to security of information in logistics cooperation.

  15. MODEL-BASED SECURITY ENGINEERING OF SOA SYSTEM USING SECURITY INTENT DSL

    Directory of Open Access Journals (Sweden)

    Muhammad Qaiser Saleem

    2011-01-01

    Full Text Available Currently most of the enterprises are using SOA and web services technologies to build their web information system. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of development and left onto developer. Properly configuring security requirements in SOA applications is quite difficult for developers because they are not security experts. Furthermore SOA security is cross-domain and all required information are not available at downstream phases. Furthermore, business process expert; who is the actual stakeholder of the business process model is unable to specify security objectives due to lake of security modelling elements in a general purpose modelling languages like UML. As a result, business process expert either ignore the security intents in their model or indicate them in textual way. A security intents DSL is presented as a UML profile where security intents can be modelled as stereotypes on UML modelling elements during the business process modelling. Aim is to facilitate the business process expert in modelling the security requirements along the business process modelling. This security annotated business process model will facilitate the architectural team in specifying the concrete security implementation. As a proof of work we apply our approach to a typical on-line flight booking system business process.

  16. Extremely secure identification documents

    Energy Technology Data Exchange (ETDEWEB)

    Tolk, K.M. [Sandia National Labs., Albuquerque, NM (United States); Bell, M. [Sandia National Labs., Livermore, CA (United States)

    1997-09-01

    The technology developed in this project uses biometric information printed on the document and public key cryptography to ensure that an adversary cannot issue identification documents to unauthorized individuals or alter existing documents to allow their use by unauthorized individuals. This process can be used to produce many types of identification documents with much higher security than any currently in use. The system is demonstrated using a security badge as an example. This project focused on the technologies requiring development in order to make the approach viable with existing badge printing and laminating technologies. By far the most difficult was the image processing required to verify that the picture on the badge had not been altered. Another area that required considerable work was the high density printed data storage required to get sufficient data on the badge for verification of the picture. The image processing process was successfully tested, and recommendations are included to refine the badge system to ensure high reliability. A two dimensional data array suitable for printing the required data on the badge was proposed, but testing of the readability of the array had to be abandoned due to reallocation of the budgeted funds by the LDRD office.

  17. Extremely secure identification documents

    International Nuclear Information System (INIS)

    The technology developed in this project uses biometric information printed on the document and public key cryptography to ensure that an adversary cannot issue identification documents to unauthorized individuals or alter existing documents to allow their use by unauthorized individuals. This process can be used to produce many types of identification documents with much higher security than any currently in use. The system is demonstrated using a security badge as an example. This project focused on the technologies requiring development in order to make the approach viable with existing badge printing and laminating technologies. By far the most difficult was the image processing required to verify that the picture on the badge had not been altered. Another area that required considerable work was the high density printed data storage required to get sufficient data on the badge for verification of the picture. The image processing process was successfully tested, and recommendations are included to refine the badge system to ensure high reliability. A two dimensional data array suitable for printing the required data on the badge was proposed, but testing of the readability of the array had to be abandoned due to reallocation of the budgeted funds by the LDRD office

  18. 33 CFR 104.210 - Company Security Officer (CSO).

    Science.gov (United States)

    2010-07-01

    ... inspections under 46 CFR part 2; (7) Ensure the timely or prompt correction of problems identified by audits... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Company Security Officer (CSO... MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Requirements § 104.210 Company...

  19. Security Metrics: A Solution in Search of a Problem

    Science.gov (United States)

    Rosenblatt, Joel

    2008-01-01

    Computer security is one of the most complicated and challenging fields in technology today. A security metrics program provides a major benefit: looking at the metrics on a regular basis offers early clues to changes in attack patterns or environmental factors that may require changes in security strategy. The term "security metrics" loosely…

  20. 32 CFR 2400.45 - Information Security Program Review.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Program Review. 2400.45... SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45 Information Security Program Review. (a) The Director, OSTP, shall require an annual formal review of the...

  1. Information Security and Transparency in the Electronic Government

    OpenAIRE

    Mohamed Mohamed Al Hady

    2006-01-01

    A Study about information security in the electronic government, starts with a general introduction about information technology, then deals information systems in the digital environment, requirements of natural security for information systems, then offers some considerations related to information security, and finally defines how to execute information security.

  2. 17 CFR 242.600 - NMS security designation and definitions.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false NMS security designation and... (CONTINUED) REGULATIONS M, SHO, ATS, AC, AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY FUTURES Regulation Nms-Regulation of the National Market System § 242.600 NMS security designation and...

  3. Secure Storage Architectures

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2015-01-01

    help with this issue, which are a particular instances of the more general challenge of efficient host/guest IO that is the focus of interfaces like virtio. A collection of bridging technologies have been identified in Chapter 4, which can be helpful to overcome the limitations and challenges of supporting efficient storage for secure enclaves. The synthesis of native filesystem security mechanisms and bridging technologies led to an isolation-centric storage architecture that is proposed in Chapter 5, which leverages isolation mechanisms from different layers to facilitate secure storage for an enclave. Recommendations: The following highlights recommendations from the investigations done thus far. - The Lustre filesystem offers excellent performance but does not support some security related features, e.g., encryption, that are included in GPFS. If encryption is of paramount importance, then GPFS may be a more suitable choice. - There are several possible Lustre related enhancements that may provide functionality of use for secure-enclaves. However, since these features are not currently integrated, the use of Lustre as a secure storage system may require more direct involvement (support). (*The network that connects the storage subsystem and users, e.g., Lustre s LNET.) - The use of OpenStack with GPFS will be more streamlined than with Lustre, as there are available drivers for GPFS. - The Manilla project offers Filesystem as a Service for OpenStack and is worth further investigation. Manilla has some support for GPFS. - The proposed Lustre enhancement of Dynamic-LNET should be further investigated to provide more dynamic changes to the storage network which could be used to isolate hosts and their tenants. - The Linux namespaces offer a good solution for creating efficient restrictions to shared HPC filesystems. However, we still need to conduct a thorough round of storage/filesystem benchmarks. - Vendor products should be more closely reviewed, possibly to

  4. Embedding security messages in existing processes: a pragmatic and effective approach to information security culture change

    CERN Document Server

    Lopienski, Sebastian

    Companies and organizations world-wide depend more and more on IT infrastructure and operations. Computer systems store vital information and sensitive data; computing services are essential for main business processes. This high dependency comes with a number of security risks, which have to be managed correctly on technological, organizational and human levels. Addressing the human aspects of information security often boils down just to procedures, training and awareness raising. On the other hand, employees and collaborators do not adopt security attitude and habits simply when told to do so – a real change in behaviour requires an established security culture. But how to introduce a security culture? This thesis outlines the need of developing or improving security culture, and discusses how this can be done. The proposed approach is to gradually build security knowledge and awareness, and influence behaviours. The way to achieve this is to make security communication pervasive by embedding security me...

  5. 7 CFR 764.355 - Security requirements.

    Science.gov (United States)

    2010-01-01

    ... repaid based upon the applicant's production and income history; addresses applicable pricing risks through the use of marketing contracts, hedging, options, or other revenue protection mechanisms, and includes a marketing plan or similar risk management practice; (3) The applicant has had positive net...

  6. Information Security: Past, Present and Future - Impact of Developments in Information Technology on Security

    OpenAIRE

    Overbeek, P.L.

    1991-01-01

    The development of information security is addressed in relation to the development of information technology. The leading question is: how has information security developed itself so far, and how should it progress to address tomorrow's security needs. An overwiew is given of the use of information technology in the past, present and expectations for the future. For each period, the security requirements and solutions are discussed, It is made clear that the developments in information tech...

  7. SECURITY CHALLENGESASA FACTOR AFFECTINGTHE SECURITY OFMANET: ATTACKS, AND SECURITY SOLUTIONS

    OpenAIRE

    Dr.Nabeel Zanoon; Dr.Nashat Albdour; Dr.Hatem S. A. Hamatta; RashaMoh'd Al-Tarawneh

    2015-01-01

    The Ad Hoc mobile network (MANET) is a wireless network with properties which may constitute challenges and weaknesses before the security progress in MANET network. It causes weakness in security, which leads to increased attacks on MANET. In this paper the challenges and attacks likely to threaten MANET will be investigated. As a corollary, security solutions will be discussed, the relationship between them will be concluded and architectural security solutions in MANET will beproposed.

  8. SECURITY CHALLENGESASA FACTOR AFFECTINGTHE SECURITY OFMANET: ATTACKS, AND SECURITY SOLUTIONS

    Directory of Open Access Journals (Sweden)

    Dr.Nabeel Zanoon

    2015-06-01

    Full Text Available The Ad Hoc mobile network (MANET is a wireless network with properties which may constitute challenges and weaknesses before the security progress in MANET network. It causes weakness in security, which leads to increased attacks on MANET. In this paper the challenges and attacks likely to threaten MANET will be investigated. As a corollary, security solutions will be discussed, the relationship between them will be concluded and architectural security solutions in MANET will beproposed.

  9. Computer Security: the security marathon, part 2

    CERN Multimedia

    Computer Security Team

    2014-01-01

    Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

  10. Securing the Global Airspace System Via Identity-Based Security

    Science.gov (United States)

    Ivancic, William D.

    2015-01-01

    Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

  11. Information security management handbook, v.7

    CERN Document Server

    O'Hanley, Richard

    2013-01-01

    Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics

  12. A REVIEW ON SECURED CLOUD COMPUTING ENVIRONMENT

    Directory of Open Access Journals (Sweden)

    M. Hemanth Chakravarthy

    2014-01-01

    Full Text Available Nowadays, the scientific problem becomes very complex; therefore, it requires more computing power and storage space. These requirements are very common in an organization while dealing with current technological data and requirements. Based on these basic requirements, need of higher computational resources is an important issue when dealing with current technological methodology. Hence, cloud computing has become the most important computing paradigm of recent world. The cloud computing is an open source and using Internet as network model. Rapid growth in the field of “cloud computing” also increases severe security concerns, because security has a constant issue. This study reviews security models of cloud computing.

  13. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  14. Information Systems Security Audit

    Directory of Open Access Journals (Sweden)

    Gheorghe Popescu

    2007-12-01

    Full Text Available The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  15. Knowledge-based computer security advisor

    International Nuclear Information System (INIS)

    The rapid expansion of computer security information and technology has included little support to help the security officer identify the safeguards needed to comply with a policy and to secure a computing system. This paper reports that Los Alamos is developing a knowledge-based computer security system to provide expert knowledge to the security officer. This system includes a model for expressing the complex requirements in computer security policy statements. The model is part of an expert system that allows a security officer to describe a computer system and then determine compliance with the policy. The model contains a generic representation that contains network relationships among the policy concepts to support inferencing based on information represented in the generic policy description

  16. A Learning-Based Approach to Reactive Security

    OpenAIRE

    Barth, Adam; Rubinstein, Benjamin I. P.; Sundararajan, Mukund; Mitchell, John C.; Song, Dawn; Bartlett, Peter L.

    2009-01-01

    Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst-case assumptions about the attacker: we grant the attacker complete knowledge of the defender's strategy and do not require the ...

  17. Pool-site E-voting Security

    Directory of Open Access Journals (Sweden)

    Ciprian Ezeanu

    2009-12-01

    Full Text Available The aim of this paper is to present e-voting procedure describing its advantages and disadvantages. Conventional security measures such as firewalls or SSL communications are necessary but not sufficient to guarantee the specific security requirements of e-voting. Besides these conventional security measures, it is also necessary to implement an additional layer of specialized security technology to address the specific risks posed by electronic voting and guarantee critical security requirements such as voters’ privacy, vote integrity and voter-verifiability. Analyzing the security of Diebold AccuVote-TS voting machine it was observed the vulnerabilities of this machine to different classes of attacks like: vote-stealing attack, Denial-of-Service (DoS attack and injecting attack code.

  18. Routing architecture and security for airborne networks

    Science.gov (United States)

    Deng, Hongmei; Xie, Peng; Li, Jason; Xu, Roger; Levy, Renato

    2009-05-01

    Airborne networks are envisioned to provide interconnectivity for terrestial and space networks by interconnecting highly mobile airborne platforms. A number of military applications are expected to be used by the operator, and all these applications require proper routing security support to establish correct route between communicating platforms in a timely manner. As airborne networks somewhat different from traditional wired and wireless networks (e.g., Internet, LAN, WLAN, MANET, etc), security aspects valid in these networks are not fully applicable to airborne networks. Designing an efficient security scheme to protect airborne networks is confronted with new requirements. In this paper, we first identify a candidate routing architecture, which works as an underlying structure for our proposed security scheme. And then we investigate the vulnerabilities and attack models against routing protocols in airborne networks. Based on these studies, we propose an integrated security solution to address routing security issues in airborne networks.

  19. Transforming Homeland Security [video

    OpenAIRE

    McIntyre, David; Center for Homeland Defense and Security Naval Postgraduate School

    2011-01-01

    A pioneer in homeland security, and homeland security education, David McIntyre discusses the complexities in transforming homeland security from a national program in its inception, to also include state and local agencies and other public and private parties.

  20. Social Security Administration

    Science.gov (United States)

    ... Languages Sign in / up The United States Social Security Administration Cost-Of-Living Adjustment (COLA) Information about ... replacement Medicare card Change of Address my Social Security Check out your Social Security Statement , change your ...

  1. Transportation Security Administration

    Science.gov (United States)

    ... content Official website of the Department of Homeland Security Transportation Security Administration A - Z Index What Can I Bring? Search form Apples Main menu Administrator Travel Security Screening Special Procedures TSA Pre✓® Passenger Support Travel ...

  2. Cyberspace security system

    Energy Technology Data Exchange (ETDEWEB)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  3. Cyberspace security system

    Science.gov (United States)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  4. Security and Security Complex: Operational Concepts

    OpenAIRE

    Luis Tomé

    2010-01-01

    Security is one of the most ambiguous, contested, and debated ideas in the conceptual framework of international relations. The "traditional" perspective has been severely contested as new approaches develop, and the concept of security has been reworked in all its fundamental components and dimensions, from object and reference to range and security instruments. Likewise, the discussion over the definition and characterization of international security systems, namely regarding competitive s...

  5. A Research Agenda for Security Engineering

    Directory of Open Access Journals (Sweden)

    Rich Goyette

    2013-08-01

    Full Text Available Despite nearly 30 years of research and application, the practice of information system security engineering has not yet begun to exhibit the traits of a rigorous scientific discipline. As cyberadversaries have become more mature, sophisticated, and disciplined in their tradecraft, the science of security engineering has not kept pace. The evidence of the erosion of our digital security – upon which society is increasingly dependent – appears in the news almost daily. In this article, we outline a research agenda designed to begin addressing this deficit and to move information system security engineering toward a mature engineering discipline. Our experience suggests that there are two key areas in which this movement should begin. First, a threat model that is actionable from the perspectives of risk management and security engineering should be developed. Second, a practical and relevant security-measurement framework should be developed to adequately inform security-engineering and risk-management processes. Advances in these areas will particularly benefit business/government risk assessors as well as security engineers performing security design work, leading to more accurate, meaningful, and quantitative risk analyses and more consistent and coherent security design decisions. Threat modelling and security measurement are challenging activities to get right – especially when they need to be applied in a general context. However, these are decisive starting points because they constitute the foundation of a scientific security-engineering practice. Addressing these challenges will require stronger and more coherent integration between the sub-disciplines of risk assessment and security engineering, including new tools to facilitate that integration. More generally, changes will be required in the way security engineering is both taught and practiced to take into account the holistic approach necessary from a mature, scientific

  6. Security Testing: A Survey

    OpenAIRE

    Felderer, M.; Büchlein, M.; Johns, M; Brucker, A.D.; Breu, R.; Pretschner, A.

    2015-01-01

    Identifying vulnerabilities and ensuring security functionality by security testing is a widely applied measure to evaluate and improve the security of software. Due to the openness of modern software-based systems, applying appropriate security testing techniques is of growing importance and essential to perform effective and efficient security testing. Therefore, an overview of actual security testing techniques is of high value both for researchers to evaluate and refine the techniques and...

  7. Foundational aspects of security

    DEFF Research Database (Denmark)

    Chatzikokolakis, Konstantinos; Mödersheim, Sebastian Alexander; Palamidessi, Catuscia;

    2014-01-01

    This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security.......This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security....

  8. Keystone Business Models for Network Security Processors

    OpenAIRE

    Arthur Low; Steven Muegge

    2013-01-01

    Network security processors are critical components of high-performance systems built for cybersecurity. Development of a network security processor requires multi-domain experience in semiconductors and complex software security applications, and multiple iterations of both software and hardware implementations. Limited by the business models in use today, such an arduous task can be undertaken only by large incumbent companies and government organizations. Neither the “fabless semiconductor...

  9. Management of Information Security in Financial Accounting

    OpenAIRE

    Aurel Serb; Constantin Baron; Nicoleta Magdalena Iacob (Ciobanu); Costinela - Luminita Defta

    2014-01-01

    Security issues in financial accounting are complex, and the risks are often difficult to stipulate, even for experts. The issues presented in this article try to be formed in a contribution to the consolidation of problems in the field of risk, and former vulnerabilities in cyber security in financial accounting. The use of an information security management system became a requirement for organizations because on the states began adopting mandatory data protection legislation and informatio...

  10. Reconciling food security and bioenergy: priorities for action

    NARCIS (Netherlands)

    Kline, Keith L.; Msangi, Siwa; Dale, Virginia H.; Woods, Jeremy; Souza, Glaucia M.; Osseweijer, Patricia; Clancy, Joy S.; Hilbert, Jorge A.; Johnson, Francis X.; McDonnell, Patrick C.; Mugera, Harriet K.

    2016-01-01

    Understanding the complex interactions among food security, bioenergy sustainability, and resource management requires a focus on specific contextual problems and opportunities. The United Nations’ 2030 Sustainable Development Goals place a high priority on food and energy security; bioenergy plays

  11. Securing the Application Layer in eCommerce

    Directory of Open Access Journals (Sweden)

    Bala Musa S

    2012-01-01

    Full Text Available As e-commerce transaction is evolving, security is becoming a paramount issue since a great deal of credit cards, fund transfer, web shopping and public retirements are involved. Therefore, an appropriate development process is necessary for such security critical application. Also, handling security issues at early stage of software development is paramount to avoiding vulnerabilities from scaling through production environment unnoticed. This paper proposes a comprehensive security requirements and security design within the development phase of an e-commerce application as a security control to identify security flaws at early stage of web application development which might prevent re-architecture when discovered at a later stage.

  12. Security: a supranational legal asset

    Directory of Open Access Journals (Sweden)

    Manuel Monteiro Guedes Valente

    2012-01-01

    Full Text Available This paper discusses the concept of security as a manysided, multifunctional and multilevel regulation topology which requires its several actors to view legal assets from a polygonal perspective worthy of legal protection from local to global and from global to local space. The concept of security as a supranational legal asset requires criminal legislation which defines the principles of criminal policy and the intervention of criminal Law, barriers to security trends and to the attempt to enhance the principle of presumed hazard as a basis for criminal intervention. We contend that the obstacle to "human self-objectification" in the global polygon is a (new world legal order as humanity's future balance.

  13. Secure proxy signature scheme with fast revocation in the standard model

    Institute of Scientific and Technical Information of China (English)

    LIU Zhen-hua; HU Yu-pu; ZHANG Xiang-song; MA Hua

    2009-01-01

    proposed scheme is provably secure based on the computational Diffie-Hellman (CDH) intractability assumption without relying on the random oracles, and satisfies all the security requirements for a secure proxy signature.

  14. Secure Obfuscation for Encrypted Group Signatures.

    Directory of Open Access Journals (Sweden)

    Yang Shi

    Full Text Available In recent years, group signature techniques are widely used in constructing privacy-preserving security schemes for various information systems. However, conventional techniques keep the schemes secure only in normal black-box attack contexts. In other words, these schemes suppose that (the implementation of the group signature generation algorithm is running in a platform that is perfectly protected from various intrusions and attacks. As a complementary to existing studies, how to generate group signatures securely in a more austere security context, such as a white-box attack context, is studied in this paper. We use obfuscation as an approach to acquire a higher level of security. Concretely, we introduce a special group signature functionality-an encrypted group signature, and then provide an obfuscator for the proposed functionality. A series of new security notions for both the functionality and its obfuscator has been introduced. The most important one is the average-case secure virtual black-box property w.r.t. dependent oracles and restricted dependent oracles which captures the requirement of protecting the output of the proposed obfuscator against collision attacks from group members. The security notions fit for many other specialized obfuscators, such as obfuscators for identity-based signatures, threshold signatures and key-insulated signatures. Finally, the correctness and security of the proposed obfuscator have been proven. Thereby, the obfuscated encrypted group signature functionality can be applied to variants of privacy-preserving security schemes and enhance the security level of these schemes.

  15. Security 2020 Reduce Security Risks This Decade

    CERN Document Server

    Howard, Doug; Schneier, Bruce

    2010-01-01

    Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine

  16. The corporate security professional

    DEFF Research Database (Denmark)

    Petersen, Karen Lund

    2013-01-01

    In our age of globalization and complex threat environments, every business is called upon to manage security. This tendency is reflected in the fact that a wide range of businesses increasingly think about security in broad terms and strive to translate national security concerns into corporate...... speech. This article argues that the profession of the security manager has become central for understanding how the relationship between national and corporate security is currently negotiated. The national security background of most private sector security managers makes the corporate security...... professional inside the company a powerful hybrid agent. By zooming in on the profession and the practice of national security inside companies, the article raises questions about where to draw the line between corporate security and national security along with the political consequences of the constitution...

  17. Motorola Secure Software Development Model

    Directory of Open Access Journals (Sweden)

    Francis Mahendran

    2008-08-01

    Full Text Available In today's world, the key to meeting the demand for improved security is to implement repeatable processes that reliably deliver measurably improved security. While many organizations have announced efforts to institutionalize a secure software development process, there is little or no industry acceptance for a common process improvement framework for secure software development. Motorola has taken the initiative to develop such a framework, and plans to share this with the Software Engineering Institute for possible inclusion into its Capability Maturity Model Integration (CMMI®. This paper will go into the details of how Motorola is addressing this issue. The model that is being developed is designed as an extension of the existing CMMI structure. The assumption is that the audience will have a basic understanding of the SEI CMM® / CMMI® process framework. The paper will not describe implementation details of a security process model or improvement framework, but will address WHAT security practices are required for a company with many organizations operating at different maturity levels. It is left to the implementing organization to answer the HOW, WHEN, WHO and WHERE aspects. The paper will discuss how the model is being implemented in the Motorola Software Group.

  18. Security Technologies for Open Networking Environments (STONE)

    Energy Technology Data Exchange (ETDEWEB)

    Muftic, Sead

    2005-03-31

    -domain scenarios is supported by a set of security engines that represent the core of the Federated Identities Management Server, which is also an extension of the Domain Security Server. The Federated Identity Management server allows users to federate their identities or terminate the federation between the service provider and the identity provider. At the service provider web site, the users are offered a list of identity providers to which they can choose to federate their identities. After users federate their identity, they can perform Single Sign-On protocol in an environment of federated domains. The group security system consists of a number of security technologies under a unified architecture, which supports creation of secure groups and execution of secure group transactions and applications in an open networking environment. The system is based on extensions of the GSAKMP standard for group key distribution and management. The Top layer is the Security Infrastructure with the Security Management and Administration System components and protocols that provide security functions common to all secure network applications The Middle layer is the Secure Group Protocols and Applications layer, consisting of the Policy and Group Key Distribution Server and Web-based (thin) Client. The Bottom layer is the supporting Middleware Security Platform, the cryptographic platform already described above. The group security system is designed to perform the functions necessary to create secure groups and enable secure group applications. Specifically, the system can manage group roles, create and disseminate a group security policy, perform authentication and authorization of users using PKI certificates and Web services security, generate group keys, and recover from compromises. In accordance with the GSAKMP standard, the group security system must perform all the required group life-cycle functions: group definition, group establishment, group maintenance, and group removal. The

  19. Metro Manila Water Security Study

    OpenAIRE

    World Bank

    2012-01-01

    The metropolitan waterworks and sewerage system (MWSS) services the water supply and sewerage requirements of Metro Manila including the Province of Rizal and parts of Cavite, an area composed of the estimated 15 million residents in one of the fast growing urban centers in the world. In order to secure the water supply for Metro Manila, some alternative water sources, that is Laguna Lake, ...

  20. Securing underwater wireless communication networks

    OpenAIRE

    Domingo Aladrén, Mari Carmen

    2011-01-01

    Underwater wireless communication networks are particularly vulnerable to malicious attacks due to the high bit error rates, large and variable propagation delays, and low bandwidth of acoustic channels. The unique characteristics of the underwater acoustic communication channel, and the differences between underwater sensor networks and their ground-based counterparts require the development of efficient and reliable security mechanisms. In this article, a compl...

  1. 12 CFR 703.11 - Valuing securities.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Valuing securities. 703.11 Section 703.11 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING CREDIT UNIONS INVESTMENT AND... price quotation on the security from an industry-recognized information provider. This requirement...

  2. Cyber Security--Are You Prepared?

    Science.gov (United States)

    Newman, Scott

    2007-01-01

    During the summer 2002 term, Oklahoma State University-Okmulgee's Information Technologies Division offered a one credit-hour network security course--which barely had adequate student interest to meet the institution's enrollment requirements. Today, OSU-Okmulgee boasts one of the nation's premier cyber security programs. Many prospective…

  3. 27 CFR 18.19 - Security.

    Science.gov (United States)

    2010-04-01

    ... 27 Alcohol, Tobacco Products and Firearms 1 2010-04-01 2010-04-01 false Security. 18.19 Section 18.19 Alcohol, Tobacco Products and Firearms ALCOHOL AND TOBACCO TAX AND TRADE BUREAU, DEPARTMENT OF THE... Provisions Document Requirements § 18.19 Security. The concentrate plant and equipment will be so...

  4. 支持动态策略的安全核(Security Kernel)机制的研究%Research of Security Kernel Mechanism Supporting Dynamical Policies

    Institute of Scientific and Technical Information of China (English)

    吴新勇; 熊光泽

    2002-01-01

    Security of information system requires a secure operation system. Security kernel meets the requirement and provides a bedrock to security of operation system. This paper extracts the deficiency of traditional security kernel, presents a security kernel mechanism supporting policy flexibility, simplified secure interface. It optimizes the performance by reused policy cache, provids a method to revoke granted permissions and assures the atomicity of revocation permissions and granting new permissions. As a result, all refinements help security kernel to improve its flexibility, extensibility and portability.

  5. Secure Storage Architectures

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2015-01-01

    help with this issue, which are a particular instances of the more general challenge of efficient host/guest IO that is the focus of interfaces like virtio. A collection of bridging technologies have been identified in Chapter 4, which can be helpful to overcome the limitations and challenges of supporting efficient storage for secure enclaves. The synthesis of native filesystem security mechanisms and bridging technologies led to an isolation-centric storage architecture that is proposed in Chapter 5, which leverages isolation mechanisms from different layers to facilitate secure storage for an enclave. Recommendations: The following highlights recommendations from the investigations done thus far. - The Lustre filesystem offers excellent performance but does not support some security related features, e.g., encryption, that are included in GPFS. If encryption is of paramount importance, then GPFS may be a more suitable choice. - There are several possible Lustre related enhancements that may provide functionality of use for secure-enclaves. However, since these features are not currently integrated, the use of Lustre as a secure storage system may require more direct involvement (support). (*The network that connects the storage subsystem and users, e.g., Lustre s LNET.) - The use of OpenStack with GPFS will be more streamlined than with Lustre, as there are available drivers for GPFS. - The Manilla project offers Filesystem as a Service for OpenStack and is worth further investigation. Manilla has some support for GPFS. - The proposed Lustre enhancement of Dynamic-LNET should be further investigated to provide more dynamic changes to the storage network which could be used to isolate hosts and their tenants. - The Linux namespaces offer a good solution for creating efficient restrictions to shared HPC filesystems. However, we still need to conduct a thorough round of storage/filesystem benchmarks. - Vendor products should be more closely reviewed, possibly to

  6. 17 CFR 41.45 - Required margin.

    Science.gov (United States)

    2010-04-01

    ... PRODUCTS Customer Accounts and Margin Requirements § 41.45 Required margin. (a) Applicability. Each... positions held on behalf of a customer in a securities account or futures account as set forth in this... security future shall be twenty (20) percent of the current market value of such security future....

  7. 17 CFR 242.403 - Required margin.

    Science.gov (United States)

    2010-04-01

    ...) REGULATIONS M, SHO, ATS, AC, AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY FUTURES Customer Margin... of a customer in a securities account or futures account as set forth in this section. (b) Required... be twenty (20) percent of the current market value of such security future. (2) Offsetting...

  8. 17 CFR 240.14d-4 - Dissemination of tender offers to security holders.

    Science.gov (United States)

    2010-04-01

    ... to security holders. 240.14d-4 Section 240.14d-4 Commodity and Securities Exchanges SECURITIES AND... offers to security holders. As soon as practicable on the date of commencement of a tender offer, the bidder must publish, send or give the disclosure required by § 240.14d-6 to security holders of the...

  9. 17 CFR 242.102 - Activities by issuers and selling security holders during a distribution.

    Science.gov (United States)

    2010-04-01

    ... selling security holders during a distribution. 242.102 Section 242.102 Commodity and Securities Exchanges... REQUIREMENTS FOR SECURITY FUTURES Regulation M § 242.102 Activities by issuers and selling security holders... or on behalf of an issuer or selling security holder, it shall be unlawful for such person, or...

  10. 17 CFR 240.14d-6 - Disclosure of tender offer information to security holders.

    Science.gov (United States)

    2010-04-01

    ... information to security holders. 240.14d-6 Section 240.14d-6 Commodity and Securities Exchanges SECURITIES AND... information to security holders. (a) Information required on date of commencement—(1) Long-form publication. If a tender offer is published, sent or given to security holders on the date of commencement...

  11. 计算机网络安全技术%Security Technologies of Computer Network

    Institute of Scientific and Technical Information of China (English)

    罗明宇; 卢锡城; 卢泽新; 韩亚欣

    2000-01-01

    With the development of computer network,requirements of computer network security have been more and more urgent. In tills paper, goals of network security are reviewed. Several network attack methods,such as interruption,interception, modification, fabrication,are studied. Network security technologies,such as security mechan!sm,encryption,security detection,firewall,were discussed.

  12. Untangle network security

    CERN Document Server

    El-Bawab, Abd El-Monem A

    2014-01-01

    If you are a security engineer or a system administrator and want to secure your server infrastructure with the feature-rich Untangle, this book is for you. For individuals who want to start their career in the network security field, this book would serve as a perfect companion to learn the basics of network security and how to implement it using Untangle NGFW.

  13. Improved verification methods for OVI security ink

    Science.gov (United States)

    Coombs, Paul G.; Markantes, Tom

    2000-04-01

    Together, OVP Security Pigment in OVI Security Ink, provide an excellent method of overt banknote protection. The effective use of overt security feature requires an educated public. The rapid rise in computer-generated counterfeits indicates that consumers are not as educate das to banknote security features as they should be. To counter the education issue, new methodologies have been developed to improve the validation of banknotes using the OVI ink feature itself. One of the new methods takes advantage of the overt nature of the product's optically variable effect. Another method utilizes the unique optical interference characteristics provided by the OVP platelets.

  14. Security for multi-hop wireless networks

    CERN Document Server

    Mahmoud, Mohamed M E A

    2014-01-01

    This Springer Brief discusses efficient security protocols and schemes for multi-hop wireless networks. It presents an overview of security requirements for these networks, explores challenges in securing networks and presents system models. The authors introduce mechanisms to reduce the overhead and identify malicious nodes that drop packets intentionally. Also included is a new, efficient cooperation incentive scheme to stimulate the selfish nodes to relay information packets and enforce fairness. Many examples are provided, along with predictions for future directions of the field. Security

  15. Safety versus Security in the Quality Calculus

    DEFF Research Database (Denmark)

    Nielson, Hanne Riis; Nielson, Flemming

    2013-01-01

    Safety and security are both needed for ensuring that cyber-physical systems live up to expectations, but often an intelligent trade-off is called for, because sometimes it is impossible to obtain optimal safety at the same time as optimal security. In the context of the Quality Calculus we develop...... a type system for checking the extent to which safety and security goals have been met. Safety goals include showing that certain error configurations are in fact not reachable and hence do not require intelligent error handling. Security goals include showing that highly trusted communications can only...

  16. Professional Cocoa Application Security

    CERN Document Server

    Lee, Graham J

    2010-01-01

    The first comprehensive security resource for Mac and iPhone developers. The Mac platform is legendary for security, but consequently, Apple developers have little appropriate security information available to help them assure that their applications are equally secure. This Wrox guide provides the first comprehensive go-to resource for Apple developers on the available frameworks and features that support secure application development.: While Macs are noted for security, developers still need to design applications for the Mac and the iPhone with security in mind; this guide offers the first

  17. IAEA nuclear security program

    Energy Technology Data Exchange (ETDEWEB)

    Ek, D. [International Atomic Energy Agency, Vienna (Austria)

    2006-07-01

    Although nuclear security is a State responsibility, it is nevertheless an international concern, as the consequences of a nuclear security incident would have worldwide impact. These concerns have resulted in the development of numerous international instruments on nuclear security since the terrorist events in the USA on September 11, 2001. The IAEA Office of Nuclear Security has been charged to assist Member States to improvement their nuclear security and to meet the intent of these international obligations in order to ensure a cohesive thread of nuclear security protects the global community. The programs underway and planned by the Office of Nuclear Security will be discussed in this paper. (author)

  18. Security guide for subcontractors

    International Nuclear Information System (INIS)

    The objectives of security in the Department of Energy (DOE) contractor/subcontractor program are: (1) to ensure the protection of information which, if related, would endanger the common defense and security of the nation; and (2) to safeguard the plants and installations of the DOE and its contractors in order that research and production programs will not be interrupted. To achieve these objectives, security responsibilities have been divided into three interdependent categories: personnel security, physical security, and security education and quality audits. This guide presents instructions for implementing a security program at a contractor/subcontractor site

  19. Survey of information security

    Institute of Scientific and Technical Information of China (English)

    SHEN ChangXiang; ZHANG HuangGuo; FENG DengGuo; CAO ZhenFu; HUANG JiWu

    2007-01-01

    The 21st century is the age of information when information becomes an important strategic resource. The information obtaining, processing and security guarantee capability are playing critical roles in comprehensive national power, and information security is related to the national security and social stability. Therefore, we should take measures to ensure the information security of our country. In recent years, momentous accomplishments have been obtained with the rapid development of jnformation security technology. There are extensive theories about information security and technology. However, due to the limitation of length, this article mainly focuses on the research and development of cryptology, trusted computing, security of network, and information hiding, etc.

  20. Hybrid-secure MPC 

    DEFF Research Database (Denmark)

    Lucas, Christoph; Raub, Dominik; Maurer, Ueli

    2010-01-01

    Most protocols for distributed, fault-tolerant computation, or multi-party computation (MPC), provide security guarantees in an all-or-nothing fashion. In contrast, a hybrid-secure protocol provides different security guarantees depending on the set of corrupted parties and the computational power...... of the adversary, without being aware of the actual adversarial setting. Thus, hybrid-secure MPC protocols allow for graceful degradation of security. We present a hybrid-secure MPC protocol that provides an optimal trade-off between IT robustness and computational privacy: For any robustness parameter ρ ... obtain one MPC protocol that is simultaneously IT secure with robustness for up to t ≤ ρ actively corrupted parties, IT secure with fairness (no robustness) for up to t secure with agreement on abort (privacy and correctness only) for up to t secure...

  1. Lecture 2: Software Security

    CERN Document Server

    CERN. Geneva

    2013-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development, testing and deployment. Sebastian Lopienski is CERN’s deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and ...

  2. Considerations on Cyber Security Assessments of Korean Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Jung-Woon; Song, Jae-Gu; Han, Kyung-Soo; Lee, Cheol Kwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Kang, Mingyun [E-Gonggam Co. Ltd., Daejeon (Korea, Republic of)

    2015-10-15

    Korea Institute of Nuclear Nonproliferation and Control (KINAC) has prepared the regulatory standard RS-015 based on RG 5.71. RS-015 defines the elements of a cyber security program to be established in nuclear facilities and describes the security control items and relevant requirements. Cyber security assessments are important initial activities in a cyber security program for NPPs. Cyber security assessments can be performed in the following key steps: 1) Formation of a cyber security assessment team (CSAT); 2) Identification of critical systems and critical digital assets (CDAs); 3) Plant compliance checks with the security control requirements in RS-015. Through the assessments, the current status of security controls applied to NPPs can be found out. The assessments provide baseline data for remedial activities. Additional analyses with the results from the assessments should be performed before the implementation of remedial security controls. The cyber security team at the Korea Atomic Energy Research Institute (KAERI) has studied how to perform cyber security assessments for NPPs based on the regulatory requirements. Recently, KAERI's cyber security team has performed pilot cyber security assessments of a Korean NPP. Based on this assessment experience, considerations and checkpoints which would be helpful for full-scale cyber security assessments of Korean NPPs and the implementation of remedial security controls are discussed in this paper. Cyber security assessment is one of important and immediate activities for NPP cyber security. The quality of the first assessment will be a barometer for NPP cyber security. Hence cyber security assessments of Korean NPPs should be performed elaborately.

  3. Network Security Scanner

    OpenAIRE

    G. MURALI; M.Pranavi; Y.Navateja; K. Bhargavi

    2011-01-01

    Network Security Scanner (NSS) is a tool that allows auditing and monitoring remote network computers for possible vulnerabilities, checks your network for all potential methods that a hacker might use to attack it. Network Security Scanner is a complete networking utilities package that includes a wide range of tools for network security auditing, vulnerability Auditing, scanning, monitoring and more. Network Security Scanner (NSS) is an easy to use, intuitive network security scanner that c...

  4. Quality of Protection Evaluation of Security Mechanisms

    Directory of Open Access Journals (Sweden)

    Bogdan Ksiezopolski

    2014-01-01

    Full Text Available Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol.

  5. Quality of protection evaluation of security mechanisms.

    Science.gov (United States)

    Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

    2014-01-01

    Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol. PMID:25136683

  6. Social security for seafarers globally

    DEFF Research Database (Denmark)

    Jensen, Olaf; Canals, Luisa; Haarløv, Erik;

    2013-01-01

    among the nationalities. Especially it is worth mentioning that more than half of the respondents believe they are uncovered economically for disability from an injury on board and from a work related disease. Conclusions: The results confirm the ILO statements that a significant part of the seafarers...... comes from poorer countries without substantial social security systems. The solutions suggested are to implement the minimum requirements as recommended by the ILO 2006 Convention, to survey the implementation and in the long term to struggle for global social equality. Key words: Social security...

  7. Open source systems security certification

    CERN Document Server

    Damiani, Ernesto; El Ioini, Nabil

    2009-01-01

    Open Source Advances in Computer Applications book series provides timely technological and business information for: Enabling Open Source Systems (OSS) to become an integral part of systems and devices produced by technology companies; Inserting OSS in the critical path of complex network development and embedded products, including methodologies and tools for domain-specific OSS testing (lab code available), plus certification of security, dependability and safety properties for complex systems; Ensuring integrated systems, including OSS, meet performance and security requirements as well as achieving the necessary certifications, according to the overall strategy of OSS usage on the part of the adopter

  8. Information security protecting the global enterprise

    CERN Document Server

    Pipkin, Donald L

    2000-01-01

    In this book, IT security expert Donald Pipkin addresses every aspect of information security: the business issues, the technical process issues, and the legal issues. Pipkin starts by reviewing the key business issues: estimating the value of information assets, evaluating the cost to the organization if they are lost or disclosed, and determining the appropriate levels of protection and response to security incidents. Next, he walks through the technical processes required to build a consistent, reasonable information security system, with appropriate intrusion detection and reporting features. Finally, Pipkin reviews the legal issues associated with information security, including corporate officers' personal liability for taking care that information is protected. The book's coverage is applicable to businesses of any size, from 50 employees to 50,000 or more, and ideal for everyone who needs at least a basic understanding of information security: network/system administrators, managers, planners, archite...

  9. Incorporating User-oriented Security into CC

    DEFF Research Database (Denmark)

    Sharp, Robin

    2009-01-01

    in an environment which contains not only other computer systems, but also human users. A case study involving the design of a secure medical instrumentation system will be used to illustrate the problems involved in incorporating user requirements into a secure design, so that system, when implemented, will help......Current versions of the Common Criteria concentrate very heavily on technical security issues which are relevant for the design of secure systems. This approach largely ignores a number of questions which can have great significance for whether or not the system can be operated securely...... users to understand whether they are operating the system in a secure manner, thus avoiding user-related pitfalls such as leaking of confidential data as a result of inappropriate input, loss of patient privacy, inappropriate user reactions due to slow system response, or other similar threats...

  10. Radioactive source security: the cultural challenges

    International Nuclear Information System (INIS)

    Radioactive source security is an essential part of radiation protection. Sources can be abandoned, lost or stolen. If they are stolen, they could be used to cause deliberate harm and the risks are varied and significant. There is a need for a global security protection system and enhanced capability to achieve this. The establishment of radioactive source security requires 'cultural exchanges'. These exchanges include collaboration between: radiation protection specialists and security specialists; the nuclear industry and users of radioactive sources; training providers and regulators/users. This collaboration will facilitate knowledge and experience exchange for the various stakeholder groups, beyond those already provided. This will promote best practice in both physical and information security and heighten security awareness generally. Only if all groups involved are prepared to open their minds to listen to and learn from, each other will a suitable global level of control be achieved. (authors)

  11. International Legal Framework for Nuclear Security

    International Nuclear Information System (INIS)

    The responsibility for nuclear security rests entirely with each State. There is no single international instrument that addresses nuclear security in a comprehensive manner. The legal foundation for nuclear security comprises international instruments and recognized principles that are implemented by national authorities. Security systems at the national level will contribute to a strengthened and more universal system of nuclear security at the international level. The binding security treaties are; Convention on the Physical Protection of Nuclear Material, the 2005 amendment thereto, Safeguards Agreements between the Agency and states required in Connection with the Treaty on the Non-Proliferation of Nuclear Weapons. Model Protocol additional to agreement(s) between State(s) and the Agency for the application of Safeguards Convention on Early Notification of a Nuclear Accident, Convention on Assistance in the Case of a Nuclear Accident or Radiological Emergency, Convention on Nuclear Safety, Joint Convention on the Safety of Spent Fuel Management and on the Safety of Radioactive Waste Management

  12. Bioethics and the national security state.

    Science.gov (United States)

    Moreno, Jonathan D

    2004-01-01

    In previous work, I have described the history and ethics of human experiments for national security purposes during he cold war and developed the bioethical issues that will be apparent in the "war on terror". This paper is an attempt to bring these two previous lines of work together under the rubric of the "national security state," a concept familiar to Cold War historians and political scientists. The founding of the national security state was associated with the first articulations of informed consent requirements by national security agencies. My analysis indicates that strengthened consent standards, though conventionally thought to be antithetical crisis, can be seen as an attempt by the postwar national security state to protect itself from critics of expanded governmental power. During the coming years the renewed mission of the national security state in the war on terror should impel students of bioethics to consider its implications for the field.

  13. Security Service Technology for Mobile Networks

    Institute of Scientific and Technical Information of China (English)

    Aiqun Hu; Tao Li; Mingfu Xue

    2011-01-01

    As mobile networks become high speed and attain an all-IP structure, more services are possible. This brings about many new security requirements that traditional security programs cannot handle. This paper analyzes security threats and the needs of 3G/4G mobile networks, and then proposes a novel protection scheme for them based on their whole structure. In this scheme, a trusted computing environment is constructed on the mobile terminal side by combining software validity verification with access control. At the security management center, security services such as validity verification and integrity check are provided to mobile terminals. In this way, terminals and the network as a whole are secured to a much greater extent. This paper also highlights problems to be addressed in future research and development.

  14. Static Stress Analysis of Security Injection Tank

    Institute of Scientific and Technical Information of China (English)

    2011-01-01

    The static structural analysis of the security injection tank is made to make sure whether the tank can withstand concerned loads or not on all conditions conforming to concerned code prescripts and design requirements. The tanks

  15. Combining security risk assessment and security testing

    OpenAIRE

    Großmann, Jürgen; Seehusen, Fredrik

    2014-01-01

    Complex networked systems have become an integral part of our supply infrastructure. Mobile devices, home automation, smart grids and even vehicles are connected via the Internet and becoming accessible and thus vulnerable to hacker attacks. While the number of security incidents drastically increases, we are more than ever dependent on a secure and mature ICT infrastructure. One of the keys to maintain such a secure and dependable infrastructure are mature, systematic and capable proactive m...

  16. Principles of Security: Human, Cyber, and Biological

    CERN Document Server

    Stacey, Blake C

    2013-01-01

    Cybersecurity attacks are a major and increasing burden to economic and social systems globally. Here we analyze the principles of security in different domains and demonstrate an architectural flaw in current cybersecurity. Cybersecurity is inherently weak because it is missing the ability to defend the overall system instead of individual computers. The current architecture enables all nodes in the computer network to communicate transparently with one another, so security would require protecting every computer in the network from all possible attacks. In contrast, other systems depend on system-wide protections. In providing conventional security, police patrol neighborhoods and the military secures borders, rather than defending each individual household. Likewise, in biology, the immune system provides security against viruses and bacteria using primarily action at the skin, membranes, and blood, rather than requiring each cell to defend itself. We propose applying these same principles to address the c...

  17. On Invertible Sampling and Adaptive Security

    DEFF Research Database (Denmark)

    Ishai, Yuval; Kumarasubramanian, Abishek; Orlandi, Claudio;

    2011-01-01

    Secure multiparty computation (MPC) is one of the most general and well studied problems in cryptography. We focus on MPC protocols that are required to be secure even when the adversary can adaptively corrupt parties during the protocol, and under the assumption that honest parties cannot reliably...... erase their secrets prior to corruption. Previous feasibility results for adaptively secure MPC in this setting applied either to deterministic functionalities or to randomized functionalities which satisfy a certain technical requirement. The question whether adaptive security is possible for all...... functionalities was left open. We provide the first convincing evidence that the answer to this question is negative, namely that some (randomized) functionalities cannot be realized with adaptive security. We obtain this result by studying the following related invertible sampling problem: given an efficient...

  18. Analysis of Security Protocols in Embedded Systems

    DEFF Research Database (Denmark)

    Bruni, Alessandro

    .e., protecting the system from the external world). With increased connectivity of these systems to external networks the attack surface has grown, and consequently there is a need for securing the system from external attacks. Introducing security protocols in safety critical systems requires careful......Embedded real-time systems have been adopted in a wide range of safety-critical applications—including automotive, avionics, and train control systems—where the focus has long been on safety (i.e., protecting the external world from the potential damage caused by the system) rather than security (i...... considerations on the available resources, especially in meeting real-time and resource constraints, as well as cost and reliability requirements. For this reason many proposed security protocols in this domain have peculiar features, not present in traditional security literature. In this thesis we tackle...

  19. Macro Security Methodology for Conducting Facility Security and Sustainability Assessments

    International Nuclear Information System (INIS)

    Pacific Northwest National Laboratory (PNNL) has developed a macro security strategy that not only addresses traditional physical protection systems, but also focuses on sustainability as part of the security assessment and management process. This approach is designed to meet the needs of virtually any industry or environment requiring critical asset protection. PNNL has successfully demonstrated the utility of this macro security strategy through its support to the NNSA Office of Global Threat Reduction implementing security upgrades at international facilities possessing high activity radioactive sources that could be used in the assembly of a radiological dispersal device, commonly referred to as a 'dirty bomb'. Traditional vulnerability assessments provide a snap shot in time of the effectiveness of a physical protection system without significant consideration to the sustainability of the component elements that make up the system. This paper describes the approach and tools used to integrate technology, plans and procedures, training, and sustainability into a simple, quick, and easy-to-use security assessment and management tool.

  20. ENDPOINT PROTECTION SECURITY SYSTEM FOR AN ENTERPRISE

    OpenAIRE

    Ruotsalainen, Petri

    2013-01-01

    The thesis subscriber was Metso Shared Services Ltd. The objective was to find out if Microsoft Forefront Endpoint Protection 2010 (FEP) would be secure and cost-effective enough system to fulfill the requirements of the company’s endpoint protection security system. Microsoft FEP was compared and benchmarked with some other most significant endpoint protection products based on the requirements and definitions of the subscriber. The comparison and evaluation were based on investigation a...

  1. Establishing a National Nuclear Security Support Centre

    International Nuclear Information System (INIS)

    The responsibility for creating and sustaining a nuclear security regime for the protection of nuclear and other radiological material clearly belongs to the State. The nuclear security regime resembles the layers of an onion, with the equipment and personnel securing the borders and ports representing the outer layer, and nuclear power, research reactors and nuclear medicine facilities representing the inner layers, and the actual target material representing the core. Components of any nuclear security regime include not only technological systems, but the human resources needed to manage, operate, administer and maintain equipment, including hardware and software. This publication provides practical guidance on the establishment and maintenance of a national nuclear security support centre (NSSC) as a means to ensure nuclear security sustainability in a State. An NSSC's basic purpose is to provide a national focal point for passing ownership of nuclear security knowledge and associated technical skills to the competent authorities involved in nuclear security. It describes processes and methodologies that can be used by a State to analyse the essential elements of information in a manner that allows several aspects of long term, systemic sustainability of nuclear security to be addressed. Processes such as the systematic approach to training, sometimes referred to as instructional system design, are the cornerstone of the NSSC concept. Proper analysis can provide States with data on the number of personnel requiring training and instructors needed, scale and scope of training, technical and scientific support venues, and details on the type and number of training aids or simulators required so that operational systems are not compromised in any way. Specific regulatory guidance, equipment or technology lists, or specifications/design of protection systems are not included in this publication. For such details, the following IAEA publications should be consulted

  2. Robotic systems for homeland security

    Science.gov (United States)

    Esser, Brian; Miller, Jon; Huston, Dryver R.; Bourn, Phil

    2004-07-01

    This paper will present the concept of utilizing various mobile robotic platforms for homeland security. Highly specialized mobile robots equipped with the proper sensors and data processing capabilities have the ability to provide security and surveillance for a wide variety of applications. Large infrastructure components, such as bridges, pipelines, dams, and electrical power grids pose severe challenges for monitoring, surveillance, and protection against man-made and natural hazards. The structures are enormous, often with awkward and dangerous configurations that make it difficult, if not impossible, for continuous human surveillance. Properly outfitted robots have the potential to provide long-term surveillance without requiring continuous human supervision. Furthermore, these robotic platforms can have disaster mitigation capabilities such as evaluation of infrastructure integrity at the disaster site. The results presented will include proof-of-concept robotic platforms equipped with various sensor arrays, as well as discussion of design criteria for numerous homeland security applications.

  3. Do you write secure code?

    CERN Multimedia

    Computer Security Team

    2011-01-01

    At CERN, we are excellent at producing software, such as complex analysis jobs, sophisticated control programs, extensive monitoring tools, interactive web applications, etc. This software is usually highly functional, and fulfils the needs and requirements as defined by its author. However, due to time constraints or unintentional ignorance, security aspects are often neglected. Subsequently, it was even more embarrassing for the author to find out that his code flawed and was used to break into CERN computers, web pages or to steal data…   Thus, if you have the pleasure or task of producing software applications, take some time before and familiarize yourself with good programming practices. They should not only prevent basic security flaws in your code, but also improve its readability, maintainability and efficiency. Basic rules for good programming, as well as essential books on proper software development, can be found in the section for software developers on our security we...

  4. Managing Cisco network security

    CERN Document Server

    Knipp, Eric

    2002-01-01

    An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

  5. Cyber Security and Resilient Systems

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson

    2009-07-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  6. Secure and Efficient Routable Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.; Winn, Jennifer D.

    2010-05-01

    This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

  7. Course Material Selection Rubric for Creating Network Security Courses

    OpenAIRE

    Marriotti, Matthew

    2009-01-01

    Teaching network security can be a difficult task for university teachers, especially for teachers at smaller universities where the course loads are more diverse. Creating a new course in network security requires investigation into multiple subject areas within the field and from multiple sources. This task can be daunting and overwhelming for teachers from smaller universities because of their requirement to teach multiple subjects, not just network security. Along with the requirement of ...

  8. Security classification of information

    Energy Technology Data Exchange (ETDEWEB)

    Quist, A.S.

    1993-04-01

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

  9. INNOVATIVE SECURITY: THE BASIC CONCEPTS, ESSENCE

    Directory of Open Access Journals (Sweden)

    V. A. Sakovich

    2016-01-01

    of the person. That is, the spheres which problems of safe development cannot be solved within the limits of economic security are mentioned. There is an objective requirement, for the decision of these many-sided and multidimensional problems arising in the course of formation of innovative economy, its safe development to generate within the limits of system of national security a new direction innovative security.

  10. 33 CFR 106.205 - Company Security Officer (CSO).

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Company Security Officer (CSO...) Facility Security Requirements § 106.205 Company Security Officer (CSO). (a) General. (1) An OCS facility...; (6) Ensure the timely correction of problems identified by audits or inspections; (7)...

  11. A layered approach to user-centered security

    DEFF Research Database (Denmark)

    Bødker, Susanne

    2008-01-01

    The workshop will explore the possibilities of a user-centered perspective on security. With exceptions, existing research may be criticized for being highly system-centered, focusing on how one may change user behavior to deal with the requirements of security, or on how security aspects can...

  12. The chief information security officer insights, tools and survival skills

    CERN Document Server

    Kouns, Barry

    2011-01-01

    Chief Information Security Officers are bombarded with huge challenges every day, from recommending security applications to strategic thinking and business innovation. This guide describes the hard and soft skills that a successful CISO requires: not just a good knowledge of information security, but also attributes such as flexibility and communication skills.

  13. 33 CFR 106.255 - Security systems and equipment maintenance.

    Science.gov (United States)

    2010-07-01

    ... maintenance. 106.255 Section 106.255 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND... Shelf (OCS) Facility Security Requirements § 106.255 Security systems and equipment maintenance. (a... procedures for identifying and responding to security system and equipment failures or malfunctions....

  14. 48 CFR 6.302-6 - National security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 1 2010-10-01 2010-10-01 false National security. 6.302-6... COMPETITION REQUIREMENTS Other Than Full and Open Competition 6.302-6 National security. (a) Authority. (1... for when the disclosure of the agency's needs would compromise the national security unless the...

  15. 48 CFR 606.302-6 - National security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 4 2010-10-01 2010-10-01 false National security. 606.302... ACQUISITION PLANNING COMPETITION REQUIREMENTS Other Than Full and Open Competition 606.302-6 National security. (b) This subsection applies to all acquisitions involving national security information,...

  16. Disaster at a University: A Case Study in Information Security

    Science.gov (United States)

    Ayyagari, Ramakrishna; Tyks, Jonathan

    2012-01-01

    Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

  17. It-security seen from a user experience perspective

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg

    The workshop will explore the possibilities of a user-centered perspective on security. With exceptions, existing research may be criticized for being highly system-centered, focusing on how one may change user behavior to deal with the requirements of security, or on how security aspects can be ...

  18. 13 CFR 107.1500 - General description of Participating Securities.

    Science.gov (United States)

    2010-01-01

    ... SMALL BUSINESS INVESTMENT COMPANIES SBA Financial Assistance for Licensees (Leverage) Participating Securities Leverage § 107.1500 General description of Participating Securities. (a) Types of Participating... requirements for Leverage under § 107.1120, Participating Securities issuers must also comply with...

  19. ICT security management

    OpenAIRE

    Schreurs, Jeanne; Moreau, Rachel

    2008-01-01

    Security becomes more and more important and companies are aware that it has become a management problem. It’s critical to know what are the critical resources and processes of the company and their weaknesses. A security audit can be a handy solution. We have developed BEVA, a method to critically analyse the company and to uncover the weak spots in the security system. BEVA results also in a general security score and security scores for each security factor. These will be used in the risk ...

  20. Securing the Vista Environment

    CERN Document Server

    Gregory, Peter

    2007-01-01

    "Securing the Vista Environment" takes you on a quick tour of the most significant security features in Vista, Microsoft's first revision of Windows in almost six years. You'll get background on threats and vulnerabilities that will make you think differently about security. Security is more than just the technology and configurations--it's about how we use the system that makes it secure or not. Then we'll cover Vista's security features, from user privileges to Windows Defender, User Account Control, and BitLocker, as well as strategies for protecting your information from unwanted disclo

  1. Android apps security

    CERN Document Server

    Gunasekera, Sheran

    2012-01-01

    Android Apps Security provides guiding principles for how to best design and develop Android apps with security in mind. It explores concepts that can be used to secure apps and how developers can use and incorporate these security features into their apps. This book will provide developers with the information they need to design useful, high-performing, and secure apps that expose end-users to as little risk as possible.  Overview of Android OS versions, features, architecture and security.  Detailed examination of areas where attacks on applications can take place and what controls should b

  2. Security Design of Remote Maintenance Systems for Nuclear Power Plants Based on ISO/IEC 15408

    Science.gov (United States)

    Watabe, Ryosuke; Oi, Tadashi; Endo, Yoshio

    This paper presents a security design of remote maintenance systems for nuclear power plants. Based on ISO/IEC 15408, we list assets to be protected, threats to the assets, security objectives against the threats, and security functional requirements that achieve the security objectives. Also, we show relations between the threats and the security objectives, and relations between the security objectives and the security functional requirements. As a result, we concretize a necessary and sufficient security design of remote maintenance systems for nuclear power plants that can protect the instrumentation and control system against intrusion, impersonation, tapping, obstruction and destruction.

  3. Security barriers in the physical protection concept of nuclear facilities in Switzerland

    International Nuclear Information System (INIS)

    The presentation describes the structural security measures - security zones and barriers - used for the physical protection of nuclear facilities in Switzerland, especially nuclear power plants. Part 1 deals with the concept of security zones and barriers: arrangement and functions of security zones and barriers, requirements on the level of resistance of security barriers, allocation of buildings, systems and installations to security zones in nuclear facilities. Part 2 deals with examples concerning requirements, construction and inspection of the various security barriers, and describes the development of special components for security barriers

  4. Protection of data carriers using secure optical codes

    Science.gov (United States)

    Peters, John A.; Schilling, Andreas; Staub, René; Tompkin, Wayne R.

    2006-02-01

    Smartcard technologies, combined with biometric-enabled access control systems, are required for many high-security government ID card programs. However, recent field trials with some of the most secure biometric systems have indicated that smartcards are still vulnerable to well equipped and highly motivated counterfeiters. In this paper, we present the Kinegram Secure Memory Technology which not only provides a first-level visual verification procedure, but also reinforces the existing chip-based security measures. This security concept involves the use of securely-coded data (stored in an optically variable device) which communicates with the encoded hashed information stored in the chip memory via a smartcard reader device.

  5. Based on the government website required by e-government information security research%基于电子政务发展要求的政府网站信息安全问题研究

    Institute of Scientific and Technical Information of China (English)

    侯亚杰

    2015-01-01

    随着信息技术的加快发展,各类网站不断建立,为人们管理和应用信息资源提供了很多方便,同时加强网站的安全性也已经成为一个巨大的挑战。目前,政府网站已成为犯罪分子的关键目标,政府网站加强安全建设十分重要,对此根据我国政府网站安全管理的问题,对政府网站的安全进行了探究。%With the rapid development of information technology , various sites continue to build, for people to manage and use information resources to provide a lot of convenience, while enhancing site security has become a huge challenge. At present, the government website has become a key target of criminals, strengthen the construction of government websites security imperative, which according to the existing shortcomings of our government website security management, security issues of government websites were explored.

  6. DEPLOYMENT-DRIVEN SECURITY CONFIGURATION FOR VIRTUAL NETWORKS

    Directory of Open Access Journals (Sweden)

    Ramaswamy Chandramouli

    2014-12-01

    Full Text Available Virtualized Infrastructures are increasingly deployed in many data centers. One of the key components of this virtualized infrastructure is the virtual network – a software-defined communication fabric that links together the various Virtual Machines (VMs to each other and to the physical host on which the VMs reside. Because of its key role in providing connectivity among VMs and the applications hosted on them, Virtual Networks have to be securely configured to provide the foundation for the overall security of the virtualized infrastructure in any deployment scenario. The objective of this paper is to illustrate a deployment-driven methodology for deriving a security configuration for Virtual Networks. The methodology outlines two typical deployment scenarios, identifies use cases and their associated security requirements, the security solutions to meet those requirements, the virtual network security configuration to implement each security solution and then analyzes the pros and cons of each security solution.

  7. An SLA based SaaS Security Level

    Directory of Open Access Journals (Sweden)

    Yongjing A. Li

    2013-07-01

    Full Text Available This paper proposes a data security protection strategy of the SaaS mode -the SLA based SaaS Security Level. At the same time, it gives concept model and implementation architecture of the security scheme which based on the SaaS Security Level. The SLA based SaaS Security Level takes the requirements of tenants to the data security as a starting point, and it mainly relates to data security of the data center, data security of the servers and data security of the clients. This Security Level can better meet diversified users needs than the traditional security model. According to the tenants desired service number and the protection degree of data information, they can dynamically select different levels of the security strategies. Then, according to the dynamic changes of SLA, the SaaS vendors can adjust data protection strategy of the user timely. For supporting our SaaS Security Level, we build SSM (SaaS Security Model test-bed. On the SSM test-bed, we have done some experiments, which confirmed our SaaS Security Level is feasible and easy to use.  

  8. Secure surface identification codes

    Science.gov (United States)

    Beekhof, F.; Voloshynovskiy, S.; Koval, O.; Villan, R.; Pun, T.

    2008-02-01

    This paper introduces an identification framework for random microstructures of material surfaces. These microstructures represent a kind of unique fingerprints that can be used to track and trace an item as well as for anti-counterfeiting. We first consider the architecture for mobile phone-based item identification and then introduce a practical identification algorithm enabling fast searching in large databases. The proposed algorithm is based on reference list decoding. The link to digital communications and robust perceptual hashing is shown. We consider a practical construction of reference list decoding, which comprizes computational complexity, security, memory storage and performance requirements. The efficiency of the proposed algorithm is demonstrated on experimental data obtained from natural paper surfaces.

  9. Security Protocols in a Nutshell

    OpenAIRE

    Toorani, Mohsen

    2016-01-01

    Security protocols are building blocks in secure communications. They deploy some security mechanisms to provide certain security services. Security protocols are considered abstract when analyzed, but they can have extra vulnerabilities when implemented. This manuscript provides a holistic study on security protocols. It reviews foundations of security protocols, taxonomy of attacks on security protocols and their implementations, and different methods and models for security analysis of pro...

  10. Educational Programme in Nuclear Security (Chinese Version)

    International Nuclear Information System (INIS)

    Higher education plays an essential role in nuclear security capacity building. It ensures the availability of experts able to provide the necessary competencies for the effective national nuclear security oversight of nuclear and other radioactive material and to establish and maintain an appropriate nuclear regime in a State. This guide provides both the theoretical knowledge and the practical skills necessary to meet the requirements described in the international framework for nuclear security. Emphasis is placed on the implementation of these requirements and recommendations in States. On the basis of this guide, each university should be able to develop its own academic programme tailored to suit the State's educational needs in the area of nuclear security and to meet national requirements.

  11. The User-level Security of Mobile Communication Systems

    Institute of Scientific and Technical Information of China (English)

    2002-01-01

    This paper studies the user-level security of mobile systems. The current mobile phone users trust the invisible security of the 2G systems. The evolution from the second-generation mobile systems (2G) to the third generation systems (3G) will introduce the threats and opportunities of the Internet to the world of mobile communications. From the technical point of view, the new security requirements are similar to the security requirements met with today in a company Intranet environment. There is, however, one great difference; the charge paid for accessing the service. In future the users of mobile systems will have to be more aware of the security issues.

  12. Ubiquitous Health Monitoring Systems: Addressing Security Concerns

    Directory of Open Access Journals (Sweden)

    Mahmoud Elkhodr

    2011-01-01

    Full Text Available Problem statement: It is important to secure the transmission of patient’s EHR in remote health monitoring systems. Security is among the main issues that need to be realized for the adaption of this monitoring technology. The face of healthcare is changing as ubiquitous computing technologies are being incorporated into the existing infrastructure. We specify the requirements, needed security mechanism, outstanding issues and the future challenges as well as the open problems that need to be achieved. Approach: Although there were benefits to technology, approaches that offer reliable privacy and security features must be presented to users in order to make these systems socially accepted. Results: We investigated the privacy and security implications generated from the deployment of remote health monitoring technology. To achieve these security requirements, building on the strengths of Transport Layer Security (TLS protocol, a trust negotiation approach was proposed. The application of this approach results in significant improvements in overcoming security related concerns compared to the traditional identity-based only access control techniques. Conclusion: We believe these considerations will eventually contribute toward an efficient and practical deployment of remote monitoring systems.

  13. Security in Computer Applications

    CERN Document Server

    CERN. Geneva

    2004-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development. The last part of the lecture covers some miscellaneous issues like the use of cryptography, rules for networking applications, and social engineering threats. This lecture was first given on Thursd...

  14. Secure DTN Communications Project

    Data.gov (United States)

    National Aeronautics and Space Administration — Innoflight proposes to implement and perform an on-orbit demonstration of a Secure DTN communications suite on the SCaN Testbed aboard the ISS. Secure DTN is a...

  15. Wireshark network security

    CERN Document Server

    Verma, Piyush

    2015-01-01

    If you are network administrator or a security analyst with an interest in using Wireshark for security analysis, then this is the book for you. Basic familiarity with common network and application services terms and technologies is assumed.

  16. Department of Homeland Security

    Science.gov (United States)

    ... Content Official website of the Department of Homeland Security Contact Us Quick Links Site Map A-Z ... HP - 2016 CISRM HP - 2016 CISRM Critical Infrastructure Security HP - Surge Capacity Force HP - Surge Capacity Force ...

  17. Security of Dependable Systems

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...... in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions....

  18. Methodology for security development of an electronic prescription system.

    OpenAIRE

    Niinimäki, J.; M.; Savolainen; Forsström, J. J.

    1998-01-01

    Data security is an essential requirement in all health care applications. Developers of medical information systems should utilize the existing security development and evaluation methods to foresee as many of the technical and human factors that may endanger data security as possible and apply appropriate precautions. Modern smart card technology facilitates the building of robust security framework for interorganizational shared care systems. In this article, we describe the way we utilize...

  19. Norms, standards, models and recommendations for information security management

    OpenAIRE

    Karol Kreft

    2010-01-01

    Information is the factor which can decide about the potential and market value of a company. An increase in the value of intellectual capital of an information-driven company requires development of an effective security management system. More and more often companies develop information security management systems (ISMS) based on already verified models. In the article, the main problems with management of information security were discussed. Security models were described, as well as the ...

  20. Cyber security best practices for the nuclear industry

    International Nuclear Information System (INIS)

    When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

  1. Secure transaction processing in firm real-time database systems

    OpenAIRE

    George, Binto; Haritsa, Jayant

    1997-01-01

    Many real-time database applications arise in safety-critical installations and military systems where enforcing security is crucial to the success of the enterprise. A secure real-time database system has to simultaneously satisfy who requirements guarantee data security and minimize the number of missed transaction deadlines. We investigate here the performance implications, in terms of missed deadlines, of guaranteeing security in a real-time database system. In particular, we focus on the...

  2. Restricted access processor - An application of computer security technology

    Science.gov (United States)

    Mcmahon, E. M.

    1985-01-01

    This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

  3. Traceability for adaptive information security in the cloud

    OpenAIRE

    Nhlabatsi, Armstrong; Tun, Thein; Khan, Niamul; Yu, Yijun; Bandara, Arosha; Khan, Khaled; Nuseibeh, Bashar

    2014-01-01

    One of the key challenges in cloud computing is the security of the consumer data stored and processed by cloud machines. When the usage context of a cloud application changes, or when the context is unknown, there is a risk that security policies are violated. To minimize this risk, cloud applications need to be engineered to adapt their security policies to maintain satisfaction of security requirements despite changes in their usage context. We call such adaptation capability Adaptive Info...

  4. Managing security in an e-business environment

    OpenAIRE

    Davcev, Ljupco

    2009-01-01

    Technological developments over the past few years have made significant contributions to securing the Internet for e-business. Ensuring security for e-business information exchange is essential as it entails exchange of sensitive information. E-business transactions entail transfer of funds with buyers, sellers and business partners. Vulnerabilities and security incidents in the digital environment require an understanding of technology issues and security challenges for privacy and trust...

  5. Cyber security best practices for the nuclear industry

    Energy Technology Data Exchange (ETDEWEB)

    Badr, I. [Rational IBM Software Group, IBM Corporation, Evanston, IL 60201 (United States)

    2012-07-01

    When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

  6. Security Issues in VoIP Based on H.323

    Institute of Scientific and Technical Information of China (English)

    HUANG Yong-feng; DENG Ze; LI Xing

    2004-01-01

    We first discusses some threats to VoIP system and H.323 architectures designed for VoIP communications on security point of view. Continues with presenting security requirements of VoIP, and explaining the essential security constraints surrounding a successful VoIP deployment. Finally, suggests some strategies to implement the security and encryption functions of VoIP system based on H.323.

  7. SECURE REMOTE CLIENT AUTHENTICATION

    Directory of Open Access Journals (Sweden)

    K.Pradeep,

    2010-10-01

    Full Text Available This paper discusses an application of Secure Remote Client Authentication. It presents a Smart Cards and Digitally certification from third party vendors, Smart cards are based on algorithm to provide secure Remote client Authentication. These schemes vary significantly.In relation to today’s security challenges, which includephishing, man-in-the-middle attacks and malicious software. Secure Remote Client authentication plays a key role.

  8. SECURE REMOTE CLIENT AUTHENTICATION

    OpenAIRE

    K.Pradeep,; R.Usha Rani; E.Ravi Kumar; K.Nikhila,; Vijay Sankar

    2010-01-01

    This paper discusses an application of Secure Remote Client Authentication. It presents a Smart Cards and Digitally certification from third party vendors, Smart cards are based on algorithm to provide secure Remote client Authentication. These schemes vary significantly.In relation to today’s security challenges, which includephishing, man-in-the-middle attacks and malicious software. Secure Remote Client authentication plays a key role.

  9. Social Security Financial Crises

    OpenAIRE

    Rodrigo Cerda

    2003-01-01

    This paper explores the causes of the social security financial crises. We indicate that the financial crisis might be endogenous to the social security system. The main idea is that the PAYG social security system might affect fertility and human capital's decisions and therefore, may negatively impact the aggregated growth rate of the economy. These effects lead to an endogenous erosion of the financial basis of the PAYG social security program so that, as a consequence, the PAYG system is ...

  10. East Asia's Security System

    OpenAIRE

    Hojzáková, Věra

    2012-01-01

    The aim of the master thesis is to characterize and evaluate the current security system in East Asia, to show the security strategies of the system actors and the existing friction points, and to assess the future development of the security system in place. For this purpose the author first defines the East Asia's security system using the conceptual tools of three international relations theories, namely neo-realism, neo-liberalism, and constructivism. In the following section, the securit...

  11. Hybrid Security Policies

    Directory of Open Access Journals (Sweden)

    Radu CONSTANTINESCU

    2006-01-01

    Full Text Available Policy is defined as the rules and regulations set by the organization. They are laid down by management in compliance with industry regulations, law and internal decisions. Policies are mandatory. Security policies rules how the information is protected against security vulnerabilities and they are the basis for security awareness, training and vital for security audits. Policies are focused on desired results. The means of achieving the goals are defined on controls, standards and procedures.

  12. Mobile platform security

    CERN Document Server

    Asokan, N; Dmitrienko, Alexandra

    2013-01-01

    Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrat

  13. Network Security with Cryptography

    OpenAIRE

    Prof. Mukund R. Joshi; Renuka Avinash Karkade

    2015-01-01

    Network Security & Cryptography is a concept to protect network and data transmission over wireless network. Data Security is the main aspect of secure data transmission over unreliable network. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Netw...

  14. Security system signal supervision

    International Nuclear Information System (INIS)

    This purpose of this NUREG is to present technical information that should be useful to NRC licensees for understanding and applying line supervision techniques to security communication links. A review of security communication links is followed by detailed discussions of link physical protection and DC/AC static supervision and dynamic supervision techniques. Material is also presented on security for atmospheric transmission and video line supervision. A glossary of security communication line supervision terms is appended. 16 figs

  15. Information Security Management

    OpenAIRE

    Huang, Lu

    2015-01-01

    The main purpose of the thesis was to present different areas of information security controls based on the international information security standard ISO 27001. The thesis also describes the methods of risk analysis and how to establish, implement, maintain and improve information security system in organizations. Most of the material was collected from books and various online resources. Some information was taken also from the teaching materials of the information security course. ...

  16. Developing Secure Cloud Applications

    OpenAIRE

    Rak, Massimiliano; Ficco, Massimo; Battista, Ermanno; Casola, Valentina; Mazzocca, Nicola

    2014-01-01

    Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud service provider prospective in order to securely integrate frameworks and Infrastructures as a Services in a Cloud datacenter. Customer could not monitor and evaluate the security mechanisms enforced by service provider. Service Level Agreements mainly focus on performance related terms and no guarantees are ...

  17. Security Policy Enforcement

    OpenAIRE

    Irvine, Cynthia E.

    2005-01-01

    Many chapters of this Handbook describe mechanisms that contribute to various facets of security. The arbitrary use of security mechanisms provides no prescription for the achievement of security goals. It is only in their application in the context of organizational objectives for the protection of information and computational assets that security can be assessed. This chapter is intended to discuss the policies that provide a rationale for those mechanisms and to broadly examine their enfo...

  18. Web Application Security Testing

    OpenAIRE

    Bukovský, Ondřej

    2012-01-01

    The purpose of this bachelor's thesis is to present the topic of web applications security. The purpose of the first, theoretical part of this work is to introduce and describe fundamentals like web security or penetration testing. OWASP (Open Web Application Security Project) and their ten most critical web applications security risks are presented in the rest of the first part. Second, practical part describes tested web application and defines purpose and scope of penetration tests. Then t...

  19. Web Security Testing Cookbook

    CERN Document Server

    Hope, Paco

    2008-01-01

    Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.

  20. Electronic healthcare information security

    CERN Document Server

    Dube, Kudakwashe; Shoniregun, Charles A

    2010-01-01

    The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

  1. Educational Programme in Nuclear Security

    International Nuclear Information System (INIS)

    The potential of a malicious act involving nuclear or other radioactive material is a continuing worldwide threat. Available data indicate circumstances in which nuclear and other radioactive material are vulnerable to theft, are uncontrolled, or are in unauthorized circulation. States must establish sustainable security measures to prevent such acts and to protect society from nuclear terrorism. Appropriate training and education at all levels and in all relevant organizations and facilities can play a major role in this process. There is increased interest in nuclear applications. Many States have expressed interest in expanding or introducing nuclear power in their country as a result of their own assessment of their energy supply needs, because of climate change, and development requirements. The projected increase in the demand for nuclear energy will increase the number of nuclear reactors worldwide and, consequently, the amount of nuclear material in use. Possible malicious acts involving nuclear or other radioactive material are a real threat. These developments are mirrored by an increase in the use of nuclear techniques in non-power applications. As a result, the need for experts in the area of nuclear security has become of great importance, and both universities and students have shown an increasing interest in nuclear security specialities. In September 2005, the Board of Governors approved a Nuclear Security Plan covering the period 2006-2009. This emphasized, inter alia, the importance of human resource development to assist States in building capacity to establish and maintain appropriate nuclear security to prevent, detect and respond to malicious acts involving nuclear and other radioactive material. The Nuclear Security Plan envisages the development of guidance for an educational programme in nuclear security that could be used by all States. In pursuit of this goal, this publication has been developed to provide advice and assistance to

  2. A methodology for performing computer security reviews

    International Nuclear Information System (INIS)

    DOE Order 5637.1, ''Classified Computer Security,'' requires regular reviews of the computer security activities for an ADP system and for a site. Based on experiences gained in the Los Alamos computer security program through interactions with DOE facilities, we have developed a methodology to aid a site or security officer in performing a comprehensive computer security review. The methodology is designed to aid a reviewer in defining goals of the review (e.g., preparation for inspection), determining security requirements based on DOE policies, determining threats/vulnerabilities based on DOE and local threat guidance, and identifying critical system components to be reviewed. Application of the methodology will result in review procedures and checklists oriented to the review goals, the target system, and DOE policy requirements. The review methodology can be used to prepare for an audit or inspection and as a periodic self-check tool to determine the status of the computer security program for a site or specific ADP system. 1 tab

  3. A methodology for performing computer security reviews

    International Nuclear Information System (INIS)

    This paper reports on DIE Order 5637.1, Classified Computer Security, which requires regular reviews of the computer security activities for an ADP system and for a site. Based on experiences gained in the Los Alamos computer security program through interactions with DOE facilities, the authors have developed a methodology to aid a site or security officer in performing a comprehensive computer security review. The methodology is designed to aid a reviewer in defining goals of the review (e.g., preparation for inspection), determining security requirements based on DOE policies, determining threats/vulnerabilities based on DOE and local threat guidance, and identifying critical system components to be reviewed. Application of the methodology will result in review procedures and checklists oriented to the review goals, the target system, and DOE policy requirements. The review methodology can be used to prepare for an audit or inspection and as a periodic self-check tool to determine the status of the computer security program for a site or specific ADP system

  4. Secure pairing with biometrics

    NARCIS (Netherlands)

    Buhan, I.R.; Boom, B.J.; Doumen, J.M.; Hartel, P.H.; Veldhuis, R.N.J.

    2009-01-01

    Secure pairing enables two devices that share no prior context with each other to agree upon a security association, which they can use to protect their subsequent communication. Secure pairing offers guarantees of the association partner identity and it should be resistant to eavesdropping and to a

  5. Quantum secure circuit evaluation

    Institute of Scientific and Technical Information of China (English)

    CHEN Huanhuan; LI Bin; ZHUANG Zhenquan

    2004-01-01

    In order to solve the problem of classical secure circuit evaluation, this paper proposes a quantum approach. In this approach, the method of inserting redundant entangled particles and quantum signature has been employed to strengthen the security of the system. Theoretical analysis shows that our solution is secure against classical and quantum attacks.

  6. Lemnos interoperable security project.

    Energy Technology Data Exchange (ETDEWEB)

    Halbgewachs, Ronald D.

    2010-03-01

    With the Lemnos framework, interoperability of control security equipment is straightforward. To obtain interoperability between proprietary security appliance units, one or both vendors must now write cumbersome 'translation code.' If one party changes something, the translation code 'breaks.' The Lemnos project is developing and testing a framework that uses widely available security functions and protocols like IPsec - to form a secure communications channel - and Syslog, to exchange security log messages. Using this model, security appliances from two or more different vendors can clearly and securely exchange information, helping to better protect the total system. Simplify regulatory compliance in a complicated security environment by leveraging the Lemnos framework. As an electric utility, are you struggling to implement the NERC CIP standards and other regulations? Are you weighing the misery of multiple management interfaces against committing to a ubiquitous single-vendor solution? When vendors build their security appliances to interoperate using the Lemnos framework, it becomes practical to match best-of-breed offerings from an assortment of vendors to your specific control systems needs. The Lemnos project is developing and testing a framework that uses widely available open-source security functions and protocols like IPsec and Syslog to create a secure communications channel between appliances in order to exchange security data.

  7. Refelctions on the security

    Directory of Open Access Journals (Sweden)

    Ladislav Hofreiter

    2013-07-01

    Full Text Available In this paper are presented the author‘s reflections about concept meaning of the security, about his systemic perception and actual scientific access to the security research. The author presented securitology paradigm for valuation security optional reference object.

  8. Indicators for energy security

    NARCIS (Netherlands)

    Kruyt, B.; van Vuuren, D.P.; de Vries, H.J.M.; Groenenberg, H.

    2009-01-01

    The concept of energy security is widely used, yet there is no consensus on its precise interpretation. In this research, we have provided an overview of available indicators for long-term security of supply (SOS). We distinguished four dimensions of energy security that relate to the availability,

  9. Android Security Framework: Enabling Generic and Extensible Access Control on Android

    OpenAIRE

    Backes, Michael; Bugiel, Sven; Gerling, Sebastian; von Styp-Rekowsky, Philipp

    2014-01-01

    We introduce the Android Security Framework (ASF), a generic, extensible security framework for Android that enables the development and integration of a wide spectrum of security models in form of code-based security modules. The design of ASF reflects lessons learned from the literature on established security frameworks (such as Linux Security Modules or the BSD MAC Framework) and intertwines them with the particular requirements and challenges from the design of Android's software stack. ...

  10. Web Applications Security : A security model for client-side web applications

    OpenAIRE

    Prabhakara, Deepak

    2009-01-01

    The Web has evolved to support sophisticated web applications. These web applications are exposed to a number of attacks and vulnerabilities. The existing security model is unable to cope with these increasing attacks and there is a need for a new security model that not only provides the required security but also supports recent advances like AJAX and mashups. The attacks on client-side Web Applications can be attributed to four main reasons – 1) lack of a security context for Web Browsers...

  11. Regulating the private security industry

    CERN Document Server

    Percy, Sarah

    2002-01-01

    The under-regulation of the private security industry has increasingly become a topic of media and academic interest. This Adelphi Paper enters the debate by explaining why the industry requires further regulation, and what is wrong with the current system. It begins by briefly defining the industry and explaining the need for more effective regulation, before analysing three types of regulation: domestic, international and informal (including self-regulation).

  12. Pro Spring security

    CERN Document Server

    Scarioni, Carlo

    2013-01-01

    Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications

  13. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2014-01-01

    The runaway growth of computer viruses and worms and the ongoing nuisance posed by malicious hackers and employees who exploit the security vulnerabilities of open network protocols make the tightness of an organization's security system an issue of prime importance. And information systems technology is advancing at a frenetic pace. Against this background, the challenges facing information security professionals are increasing rapidly.Information Security Management Handbook, Fourth Edition, Volume 2 is an essential reference for anyone involved in the security of information systems.

  14. Poland's gas security

    OpenAIRE

    Rosicki, Remigiusz

    2015-01-01

    The subject matter analyzed in the text is Poland’s energy security as illustrated with the security of gas supply (gas supply security). The text analyzes a selection of problems concerned with gas security and so the focus is on: (1) a description of gas supply contracts, and (2) an assessment of gas supply security with regard to the technical import capabilities of the transmission infrastructure. In both cases two time-frames were applied: (1) 2006–2010, (2) the period after 2010 with a ...

  15. Android security cookbook

    CERN Document Server

    Makan, Keith

    2013-01-01

    Android Security Cookbook' breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabilities in the form of detailed recipes and walkthroughs.""Android Security Cookbook"" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from

  16. Information security management handbook

    CERN Document Server

    2002-01-01

    The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech

  17. Network Security Using Firewalls

    Directory of Open Access Journals (Sweden)

    Radu Lucaciu

    2008-05-01

    Full Text Available As networks increase in size and complexity, security products are growing in sophistication and security threats are becoming more ingenious. The usage of security solutions has become inevitable for all modern organisations. There is no perfect security, but the idea is to make a network so hard to access, that it doesn’t worth trying. One of the crucial components that contribute to this security are firewalls. It is important to prevent undesired data before it ever gets into the target system. This is the job of firewalls and the article covers this topic.

  18. Information security fundamentals

    CERN Document Server

    Blackley, John A; Peltier, Justin

    2004-01-01

    Effective security rules and procedures do not exist for their own sake-they are put in place to protect critical assets, thereby supporting overall business objectives. Recognizing security as a business enabler is the first step in building a successful program.Information Security Fundamentals allows future security professionals to gain a solid understanding of the foundations of the field and the entire range of issues that practitioners must address. This book enables students to understand the key elements that comprise a successful information security program and eventually apply thes

  19. Using IND-CVA for constructing secure communication

    Institute of Scientific and Technical Information of China (English)

    HU ZhenYu; JIANG JianChun; SUN FuChun

    2009-01-01

    Within the framework of UC (universally composable) security, a general method is presented to con-struct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext verification attacks). A channel protocol with using the method first invokes an ideal key-exchange protocol to get a session key, and then computes the messages with an authenticated en-cryption scheme. The paper shows that a channel protocol is UC secure if and only if the underlying authenticated encryption scheme is both IND-CVA secure and INT-PTXT secure. The condition about secure channel protocol in this paper is much weaker than IND-CCA secure and INT-CTXT secure. The IND-CVA can be presented for describing the privacy requirements of secure channels in detail. More-over, the method for designing secure channel protocol in the paper reduces the UC security of secure channels, which are measured by action-simulation in the UC security framework, to the security of authenticated encryption schemes, which are measured semantically.

  20. Secure Vehicular Communication Systems: Design and Architecture

    CERN Document Server

    Papadimitratos, P; Holczer, T; Schoch, E; Freudiger, J; Raya, M; Ma, Z; Kargl, F; Kung, A; Hubaux, J -P

    2009-01-01

    Significant developments have taken place over the past few years in the area of vehicular communication (VC) systems. Now, it is well understood in the community that security and protection of private user information are a prerequisite for the deployment of the technology. This is so, precisely because the benefits of VC systems, with the mission to enhance transportation safety and efficiency, are at stake. Without the integration of strong and practical security and privacy enhancing mechanisms, VC systems could be disrupted or disabled, even by relatively unsophisticated attackers. We address this problem within the SeVeCom project, having developed a security architecture that provides a comprehensive and practical solution. We present our results in a set of two papers in this issue. In this first one, we analyze threats and types of adversaries, we identify security and privacy requirements, and we present a spectrum of mechanisms to secure VC systems. We provide a solution that can be quickly adopte...

  1. A Framework for Secure Cloud Computing

    Directory of Open Access Journals (Sweden)

    Ahmed E. Youssef

    2012-07-01

    Full Text Available Cloud computing is one of the most discussed topics today in the field of information technology. It introduces a new Internet-based environment for on-demand, dynamic provision of reconfigurable computing resources. The biggest challenge in cloud computing is the security and privacy problems caused by its multi-tenancy nature and the outsourcing of infrastructure, sensitive data and critical applications. In this paper, we propose a framework that identifies security and privacy challenges in cloud computing. It highlights cloud-specific attacks and risks and clearly illustrates their mitigations and countermeasures. We also propose a generic cloud computing security model that helps satisfy security and privacy requirements in the clouds and protect them against various vulnerabilities. The purpose of this work is to advise on security and privacy considerations that should be taken and solutions that might be considered when using the cloud environment by individuals and organizations.

  2. Security Protocols: Specification, Verification, Implementation, and Composition

    DEFF Research Database (Denmark)

    Almousa, Omar

    An important aspect of Internet security is the security of cryptographic protocols that it deploys. We need to make sure that such protocols achieve their goals, whether in isolation or in composition, i.e., security protocols must not suffer from any aw that enables hostile intruders to break...... their security. Among others, tools like OFMC [MV09b] and Proverif [Bla01] are quite efficient for the automatic formal verification of a large class of protocols. These tools use different approaches such as symbolic model checking or static analysis. Either approach has its own pros and cons, and therefore, we...... called SPS (Security Protocol Specification) language, that enables users, without requiring deep expertise in formal models from them, to specify a wide range of real-world protocols in a simple and intuitive way. Thus, SPS allows users to verify their protocols using different tools, and generate...

  3. Analysis of MANET Security, Architecture and Assessment

    Directory of Open Access Journals (Sweden)

    Sweta Kaushik

    2012-03-01

    Full Text Available in these days, the Mobile ad hoc network (MANET technology spreads widely. Architecture and security issue is the most sensitive challenge of MANET. MANET support to nodes for directly communications with all the other nodes within their radio ranges through multiple wireless links, where the nodes are not in the direct communication range using intermediate node(s to communicate with each other. In a MANET, the users’ mobile devices behave as a network, and they must cooperatively provide the different functions which are generally provided by the network infrastructure like as routers, switches, servers. The security issues and requirement of the MANET depends on its application. Specific security architecture is necessary for specific application. The security challenges in the MANET generate because of its dynamic topology, vulnerable wireless link and nomadic environment. In this paper we have discussed the architecture and security issues of MANET.

  4. Review your Computer Security Now and Frequently!

    CERN Multimedia

    IT Department

    2009-01-01

    The start-up of LHC is foreseen to take place in the autumn and we will be in the public spotlight again. This increases the necessity to be vigilant with respect to computer security and the defacement of an experiment’s Web page in September last year shows that we should be particularly attentive. Attackers are permanently probing CERN and so we must all do the maximum to reduce future risks. Security is a hierarchical responsibility and requires to balance the allocation of resources between making systems work and making them secure. Thus all of us, whether users, developers, system experts, administrators, or managers are responsible for securing our computing assets. These include computers, software applications, documents, accounts and passwords. There is no "silver bullet" for securing systems, which can only be achieved by a painstaking search for all possible vulnerabilities followed by their mitigation. Additional advice on particular topics can be obtained from the relevant I...

  5. Securing remote services by integrating SecurID strong authentication technology in EFDA-Federation infrastructure

    International Nuclear Information System (INIS)

    Remote participation facilities among fusion laboratories require access control solutions with two main objectives: to preserve the usability of the systems and to guaranty the required level of security for accessing to shared services. On one hand, this security solution has to be: single-sign-on, transparent for users, compatible with user mobility, and compatible with used client applications. On the other hand, it has to be compatible with shared services and resources among organisations, providing in each case the required access security level. EFDA-Federation is a security infrastructure that integrates a set of fusion laboratories and enables to share resources and services fulfilling the requirements previously described. In EFDA community, JET and RFX have security access policies to some of their services that require strong authentication mechanisms. In both cases, strong authentication is based on RSA SecurID tokens. This is a hardware device that is supplied to and generates a new password every minute. The job presents two main results. The first one is the integration of RSA SecurID into EFDA-Federation. Thanks to it, federated organisations are able to offer SecurID to their users as an alternative strong authentication mechanism, with the corresponding increase of security level. The second result is the development of a new access control mechanism based on port knocking techniques and its integration into EFDA-Federation. Additionally, a real application in RFX is presented and includes the integration of its SecurID infrastructure as federated authentication mechanism, and the application of the new access control mechanism to its MDSplus server.

  6. Public key infrastructure for DOE security research

    Energy Technology Data Exchange (ETDEWEB)

    Aiken, R.; Foster, I.; Johnston, W.E. [and others

    1997-06-01

    This document summarizes the Department of Energy`s Second Joint Energy Research/Defence Programs Security Research Workshop. The workshop, built on the results of the first Joint Workshop which reviewed security requirements represented in a range of mission-critical ER and DP applications, discussed commonalties and differences in ER/DP requirements and approaches, and identified an integrated common set of security research priorities. One significant conclusion of the first workshop was that progress in a broad spectrum of DOE-relevant security problems and applications could best be addressed through public-key cryptography based systems, and therefore depended upon the existence of a robust, broadly deployed public-key infrastructure. Hence, public-key infrastructure ({open_quotes}PKI{close_quotes}) was adopted as a primary focus for the second workshop. The Second Joint Workshop covered a range of DOE security research and deployment efforts, as well as summaries of the state of the art in various areas relating to public-key technologies. Key findings were that a broad range of DOE applications can benefit from security architectures and technologies built on a robust, flexible, widely deployed public-key infrastructure; that there exists a collection of specific requirements for missing or undeveloped PKI functionality, together with a preliminary assessment of how these requirements can be met; that, while commercial developments can be expected to provide many relevant security technologies, there are important capabilities that commercial developments will not address, due to the unique scale, performance, diversity, distributed nature, and sensitivity of DOE applications; that DOE should encourage and support research activities intended to increase understanding of security technology requirements, and to develop critical components not forthcoming from other sources in a timely manner.

  7. Network security with openSSL cryptography for secure communications

    CERN Document Server

    Viega, John; Chandra, Pravir

    2002-01-01

    Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications.The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. The library is the only free, full-featured SSL implementation for C and C++, and it can be used programmatically or from the command line to secure most TCP-based network protocols.Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library?s advanced features. And, inst...

  8. Computer Security Systems Enable Access.

    Science.gov (United States)

    Riggen, Gary

    1989-01-01

    A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

  9. Secured 7 Layer Security Architecture (S7LSA For Mobile Ad Hoc Network

    Directory of Open Access Journals (Sweden)

    Manu Srivastava

    2014-04-01

    Full Text Available Mobile Ad hoc Networks (MANET constitutes a group of wireless mobile nodes that transmit information without any centralized control. MANETs are infrastructure-less and are dynamic in nature that is why; they require peremptorily new set of networking approach to put through to provide efficacious and successful end-to-end communication. The wireless and distributed nature of MANET poses a great challenge to system security designers. Although security problems in MANET have attracted much attention in the last few years, most research efforts have been focused on specific security areas, such as establishing trust infrastructure, securing routing protocols, or intrusion detection and response, none of the previous work proposes security solutions from a system architectural view. In this paper, we propose seven-layer security architecture for mobile ad hoc networks. A general description of functionalities in each layer is given.

  10. Information security cost management

    CERN Document Server

    Bazavan, Ioana V

    2006-01-01

    While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

  11. Introduction to Hardware Security

    Directory of Open Access Journals (Sweden)

    Yier Jin

    2015-10-01

    Full Text Available Hardware security has become a hot topic recently with more and more researchers from related research domains joining this area. However, the understanding of hardware security is often mixed with cybersecurity and cryptography, especially cryptographic hardware. For the same reason, the research scope of hardware security has never been clearly defined. To help researchers who have recently joined in this area better understand the challenges and tasks within the hardware security domain and to help both academia and industry investigate countermeasures and solutions to solve hardware security problems, we will introduce the key concepts of hardware security as well as its relations to related research topics in this survey paper. Emerging hardware security topics will also be clearly depicted through which the future trend will be elaborated, making this survey paper a good reference for the continuing research efforts in this area.

  12. Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

    Energy Technology Data Exchange (ETDEWEB)

    Hadley, Mark D.; Clements, Samuel L.

    2009-01-01

    Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

  13. HTTPI BASED WEB SERVICE SECURITY OVER SOAP

    Directory of Open Access Journals (Sweden)

    Pankaj Choudhary

    2013-06-01

    Full Text Available Now a days, a new family of web applications 'open applications’, are emerging (e.g., Social Networking, News and Blogging. Generally, these open applications are non-confidential. The security needs of these applications are only client/server authentication and data integrity. For securing these open applications, effectively and efficiently, HTTPI, a new transport protocol is proposed, which ensures the entire security requirements of open applications. Benefit of using the HTTPI is that it is economical in use, well-suited for cache proxies, like HTTP is, and provides security against many Internet attacks (Server Impersonation and Message Modification like HTTPS does. In terms of performance HTTPI is very close to the HTTP, but much better than HTTPS. A Web service is a method of communication between two ends over the Internet. These web services are developed over XML and HTTP. Today, most of the open applications use web services for most of their operations. For securing these web services, security design based on HTTPI is proposed. Our work involves securing the web services over SOAP, based on the HTTPI. This secure web service might be applicable for open applications, where authentication and integrity is needed, but no confidentiality required. In our paper, we introduce a web service security model based on HTTPI protocol over SOAP and develop a preliminary implementation of this model. We also analyze the performance of our approach through an experiment and show that our proposed approach provides higher throughput, lower average response time and lower response size than HTTPS based web service security approach.

  14. Emergency Response Communications and Associated Security Challenges

    Directory of Open Access Journals (Sweden)

    Muhammad Ibrahim Channa

    2010-10-01

    Full Text Available The natural or man-made disaster demands an efficient communication and coordination among firstresponders to save life and other community resources. Normally, the traditional communicationinfrastructures such as landline or cellular networks are damaged and don’t provide adequatecommunication services to first responders for exchanging emergency related information. Wireless adhoc networks such as mobile ad hoc networks, wireless sensor networks and wireless mesh networks arethe promising alternatives in such type of situations. The security requirements for emergency responsecommunications include privacy, data integrity, authentication, key management, access control andavailability. Various ad hoc communication frameworks have been proposed for emergency responsesituations. The majority of the proposed frameworks don’t provide adequate security services for reliableand secure information exchange. This paper presents a survey of the proposed emergency responsecommunication frameworks and the potential security services required by them to provide reliable andsecure information exchange during emergency situations.

  15. Overt security features through digital printing

    Science.gov (United States)

    Hampden-Smith, Mark; Haubrich, Scott; Kornbrekke, Ralph; Shah, Jainisha; Bhatia, Rimple; Hardman, Ned; Einhorn, Rich

    2006-02-01

    Digital printing technology represents a counterfeiting threat and a counterfeiting deterrence opportunity. Digital reproduction methods have been used to produce holographic and printed features similar to those on banknotes. As digital technology continues to improve, the quality of those features will become nearly indistinguishable from intaglio printing, offset printing and holograms. Optically active devices and inks have been useful to slow counterfeiters, but security document and feature designers need more tools. The toolbox for digital technologies is very large and being exploited by the counterfeiters, but their toolbox has been limited to commercially available digital technologies. Security designers also need to take advantage of this toolbox with the additional lever of secure materials. By leveraging digital technologies with secure materials, variable information and integration with other security features, security document designers can create new, attractive features that are hard to replicate. The high level of difficulty to create security materials in the sub-micron to nanometer size range with multiple functionalities is one barrier. Creating inks that are formulated to fit the stringent requirements for custom digital printing methods creates another barrier to unauthorized reproduction. All of the other valuable aspects of digital technology are therefore accessible only to those with access to these secure materials. Leveraging these digital materials to make optical effects make them useful for the end-user authentication. Furthermore, use of digital technologies allows the incorporation of variable data that can be authenticated visually or using proprietary algorithms and detection / sorting equipment.

  16. On Secure Workflow Decentralisation on the Internet

    Directory of Open Access Journals (Sweden)

    Petteri Kaskenpalo

    2010-06-01

    Full Text Available Decentralised workflow management systems are a new research area, where most work to-date has focused on the system's overall architecture. As little attention has been given to the security aspects in such systems, we follow a security driven approach, and consider, from the perspective of available security building blocks, how security can be implemented and what new opportunities are presented when empowering the decentralised environment with modern distributed security protocols. Our research is motivated by a more general question of how to combine the positive enablers that email exchange enjoys, with the general benefits of workflow systems, and more specifically with the benefits that can be introduced in a decentralised environment. This aims to equip email users with a set of tools to manage the semantics of a message exchange, contents, participants and their roles in the exchange in an environment that provides inherent assurances of security and privacy. This work is based on a survey of contemporary distributed security protocols, and considers how these protocols could be used in implementing a distributed workflow management system with decentralised control . We review a set of these protocols, focusing on the required message sequences in reviewing the protocols, and discuss how these security protocols provide the foundations for implementing core control-flow, data, and resource patterns in a distributed workflow environment.

  17. 78 FR 38851 - Electric Reliability Organization Proposal To Retire Requirements in Reliability Standards

    Science.gov (United States)

    2013-06-28

    ... Control CIP-003-3, -4, Requirement R1.2--Cyber Security--Security Management Controls \\20\\ \\20\\ NERC... sixteen. CIP-003-3, -4, Requirements R3, R3.1, R3.2, and R3.3--Cyber Security--Security Management Controls CIP-003-3, -4, Requirement R4.2--Cyber Security--Security Management Controls CIP-005-3a,...

  18. Information security policy development for compliance

    CERN Document Server

    Williams, Barry L

    2013-01-01

    Although compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control. Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will he

  19. Security, privacy and trust in cloud systems

    CERN Document Server

    Nepal, Surya

    2013-01-01

    The book compiles technologies for enhancing and provisioning security, privacy and trust in cloud systems based on Quality of Service requirements. It is a timely contribution to a field that is gaining considerable research interest, momentum, and provides a comprehensive coverage of technologies related to cloud security, privacy and trust. In particular, the book includes - Cloud security fundamentals and related technologies to-date, with a comprehensive coverage of evolution, current landscape, and future roadmap. - A smooth organization with introductory, advanced and specialist content

  20. ZigBee-2007 Security Essentials

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    2008-01-01

    ZigBee is a fairly new but promising standard for wireless networks due to its low resource requirements. As in other wireless network standards, security is an important issue and each new version of the ZigBee Specification enhances the level of the ZigBee security. In this paper, we present...... the security essentials of the latest ZigBee Specification, ZigBee-2007. We explain the key concepts, protocols, and computations. In addition, we formulate the protocols using standard protocol narrations. Finally, we identify the key challenges to be considered for consolidating ZigBee....

  1. Nuclear Security in the Uranium Extraction Industry

    International Nuclear Information System (INIS)

    This publication provides States and operators with advice for defining, implementing, maintaining or enhancing their nuclear security regime for the protection of uranium ore concentrate against unauthorized removal. It defines prudent management practice as required by IAEA recommendations document IAEA Nuclear Security Series No. 13, Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/Revision 5), for this category of material. This advice can be adopted in the form of regulations or applied as voluntary standards. States, regulatory bodies, and industry may choose to tailor their implementation of this advice to meet their national circumstances

  2. Human Security Agendas

    Institute of Scientific and Technical Information of China (English)

    Alan Hunter

    2012-01-01

    Ⅰ.IntroductionThe need for governments and international organisations to gain a better understanding of "security" is ever more urgent.For example in the conflict in Libya in early 2011,many security dilemmas were visible:the protection of Libyan civilians,the security of the regime,whether and how the UN or NATO should intervene,whether Europe would be threatened with a massive refugee flow,how to protect or evacuate foreign citizens (including Chinese),how to secure food and medical supplies in the midst of armed conflict.Such events may be termed "complex emergencies" which often raise legal, military and humanitarian issues simultaneously.International law and practice do not provide clear guidelines on such situations,and responses can be random,contingent on a variety of factors.Traditional concepts of security,for example protection of national borders,are certainly still relevant and legally enforceable,but more sophisticated concepts are needed to respond to security dilemmas in today's globalised world.Human security as a concept was first developed within the UN system in the 1990s,and set out,for example,in Human Security Now [1] The first section of this paper tracks the development of Human Security discourse,and also examines the broadening of the "security"concept in recent years.The second section reports on institutions with a specific interest in Human Security,for example within the UN system and in universities.The third section acknowledges some critiques of the Human Security paradigm.The last section reports on new directions that may enrich the Human Security agenda.

  3. The government as a client for security support services. A commercial security contractor's perspective

    International Nuclear Information System (INIS)

    This paper presents a look at the challenges confronting security management personnel contracting with the U.S. government to provide security and related support services. From the corporate decision to enter the ''Big Leagues'' via proposal submission, through commitments and required expertise necessary to achieve ''outstanding'' ratings, this paper is an overview of a broad spectrum of security related topics including: the proposal process, the first step; oral review boards and ''Catch-22'' dilemmas; contractual requirements vs. court orders; personnel, the human factor; the carousel approach to fiscal accountability; and avoiding communication barriers

  4. An electronically controlled automatic security access gate

    OpenAIRE

    Jonathan A. Enokela; Michael N. TYOWUAH

    2014-01-01

    The security challenges being encountered in many places require electronic means of controlling access to communities, recreational centres, offices, and homes. The electronically controlled automated security access gate being proposed in this work helps to prevent an unwanted access to controlled environments. This is achieved mainly through the use of a Radio Frequency (RF) transmitter-receiver pair. In the design a microcontroller is programmed to decode a given sequence of keys that is ...

  5. Secure electronic payments for Islamic finance

    OpenAIRE

    Al-Meaither, Mansour

    2005-01-01

    Secure electronic payment systems are of paramount importance in supporting the further development of electronic commerce. While an electronic payment system must meet the needs of both businesses and consumers, most of the current electronic payment schemes are based on the traditional methods of finance we are familiar with in the western world. The main aim of this thesis is to develop new secure electronic payment schemes that satisfy the requirements posed by Isla...

  6. Principles of Security: Human, Cyber, and Biological

    OpenAIRE

    Stacey, Blake C.; Bar-Yam, Yaneer

    2013-01-01

    Cybersecurity attacks are a major and increasing burden to economic and social systems globally. Here we analyze the principles of security in different domains and demonstrate an architectural flaw in current cybersecurity. Cybersecurity is inherently weak because it is missing the ability to defend the overall system instead of individual computers. The current architecture enables all nodes in the computer network to communicate transparently with one another, so security would require pro...

  7. Security and Privacy Issues of Big Data

    OpenAIRE

    Moura, Jose; Serrao, Carlos

    2016-01-01

    This chapter revises the most important aspects in how computing infrastructures should be configured and intelligently managed to fulfill the most notably security aspects required by Big Data applications. One of them is privacy. It is a pertinent aspect to be addressed because users share more and more personal data and content through their devices and computers to social networks and public clouds. So, a secure framework to social networks is a very hot topic research. This last topic is...

  8. Context-Based Mobile Security Enclave

    OpenAIRE

    Carter, Joey C.

    2012-01-01

    Currently, there are no secure access control methods of controlling restricted material access on a mobile device using context-based authentication methods. Simple challenge/response protocols do not provide the security required for some restricted information. A lost/misplaced device or compromised password can easily lead to the compromise of any restricted information to which the device may have access. Due to the inherent portability of a mobile device, a broader, more comprehensive s...

  9. Adjustable Fusion to Support Cyber Security Operators

    OpenAIRE

    Aguessy, François-Xavier; Bettan, Olivier; Dobigny, Romuald; Laudy, Claire; Lortal, Gaëlle; Faure, David

    2015-01-01

    International audience Cyber security operators use Security Information and Event Management systems to process and summarize the huge amount of heterogeneous logs and alerts. However, these systems do not give to the operator a concise view of the attack status or context, a mandatory feature to understand and remediate properly a threat. Moreover, the number of alerts to analyze for a single information system is high, and thus requires to be split into several levels of responsibility ...

  10. Information security risk assessment, aggregation, and mitigation

    OpenAIRE

    Voss, T.; Lenstra, Arjen K.

    2004-01-01

    As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is currently under development for deployment. We show how to find a risk mitigation strategy that is optimal with respect to the model used and the available budget.

  11. Flexible And Secure Access To Computing Clusters

    OpenAIRE

    Jan Meizner; Maciej Malawski; Marian Bubak

    2010-01-01

    The investigation presented in this paper was prompted by the need to provide a manageablesolution for secure access to computing clusters with a federated authentication framework.This requirement is especially important for scientists who need direct access to computingnodes in order to run their applications (e.g. chemical or medical simulations) with proprietary,open-source or custom-developed software packages. Our existing software, whichenables non-Web clients to use Shibboleth-secured...

  12. 24 CFR 886.116 - Security and utility deposits.

    Science.gov (United States)

    2010-04-01

    ... 24 Housing and Urban Development 4 2010-04-01 2010-04-01 false Security and utility deposits. 886... utility deposits. (a) An Owner may require Families to pay a security deposit in an amount up to, but not... utility deposits, if required, from their own resources and/or other private or public sources....

  13. Ghana's Integrated Nuclear Security Support Plan

    International Nuclear Information System (INIS)

    recently reviewed to identify additional areas for improvement. Based on IAEA nuclear security guidance, it is designed to identify those actions required to ensure that Ghana's national nuclear security regime is effective and can be implemented over a period of time to ensure sustainability. The main objectives of an INSSP are to identify and consolidate the nuclear security needs of an individual State into an integrated document. But it is more than a document; it is nuclear security in action. Joseph Gdadago, Manager of the National Nuclear Research Institute at the Ghana Atomic Energy Commission (GAEC), explains, ''Nuclear security is very important. This reactor uses highly enriched uranium. We put all necessary security measures in place to protect this and prevent any sabotage or theft of any kind.''

  14. Security Risks and Modern Cyber Security Technologies for Corporate Networks

    CERN Document Server

    Gharibi, Wajeb

    2011-01-01

    This article aims to highlight current trends on the market of corporate antivirus solutions. Brief overview of modern security threats that can destroy IT environment is provided as well as a typical structure and features of antivirus suits for corporate users presented on the market. The general requirements for corporate products are determined according to the last report from av-comparatives.org [1]. The detailed analysis of new features is provided based on an overview of products available on the market nowadays. At the end, an enumeration of modern trends in antivirus industry for corporate users completes this article. Finally, the main goal of this article is to stress an attention about new trends suggested by AV vendors in their solutions in order to protect customers against newest security threats.

  15. CORBA security services for health information systems.

    Science.gov (United States)

    Blobel, B; Holena, M

    1998-01-01

    The structure of healthcare systems in developed countries is changing to 'shared care', enforced by economic constraints and caused by a change in the basic conditions of care. That development results in co-operative health information systems across the boundaries of organisational, technological, and policy domains. Increasingly, these distributed and, as far as their domains are concerned, heterogeneous systems are based on middleware approaches, such as CORBA. Regarding the sensitivity of personal and medical data, such open, distributed, and heterogeneous health information systems require a high level of data protection and data security, both with respect to patient information and with respect to users. This paper, relying on experience gained through our activities in CORBAmed, describes the possibilities the CORBA middleware provides to achieve application and communication security. On the background of the overall CORBA architecture, it outlines the different security services previewed in the adopted CORBA specifications which are discussed in the context of the security requirements of healthcare information systems. Security services required in the healthcare domain but not available at the moment are mentioned. A solution is proposed, which on the one hand allows to make use of the available CORBA security services and additional ones, on the other hand remains open to other middleware approaches, such as DHE or HL7.

  16. 17 CFR 242.602 - Dissemination of quotations in NMS securities.

    Science.gov (United States)

    2010-04-01

    ... NMS securities. 242.602 Section 242.602 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS M, SHO, ATS, AC, AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY FUTURES Regulation Nms-Regulation of the National Market System § 242.602 Dissemination of quotations...

  17. While working around security

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg; Bødker, Susanne; Petersen, Marianne Graves

    This paper describes our work at two levels. First of all the paper discusses how users of IT deal with issues of IT security in their everyday life. Secondly, we discuss how the kind of understanding of IT security that comes out of careful analyses of use confronts the ways in which usable...... IT security is established in the literature. Recent literature has called for better conceptual models as a starting point for improving IT security. In contrast to such models we propose to dress up designers by helping them better understand the work that goes into everyday security. The result...... is a methodological toolbox that helps address and design for usable and useful IT security. We deploy examples of analyses and design, carried out by ourselves and by others to fine-tune our design perspective; in particular we use examples from three current research projects....

  18. EU Security Strategy

    Institute of Scientific and Technical Information of China (English)

    Hong Jianjun

    2007-01-01

    The European Security and Defence Policy (ESDP) comprises an important part of the EU's Common Foreign and Security Policy (CFSP). The aim of ESDP is to strengthen the EU's external ability to act through the development of civilian and military capabilities for international conflict prevention and crisis management. In December 2003, the EU adopted its first European Security Strategy (ESS). Ever since then, the implementation of the ESS has been regarded as one of the biggest challenges for the EU in CFSP/ESDP matters. Although much progress has been made in its independent security and defence-building process, EU still faces serious problems and difficulties in this policy area. This paper tries to examine these recent developments, assess their impacts in regional-global security, and analyze existing problems and future trends. Finally, the author also examines EU-China engagements in recent years and explores possibilities for their future cooperation in the area of international security.

  19. While Working Around Security

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg

    Users of technology encounter various IT security mechanisms in their everyday lives. If these mechanisms fail to support everyday activities, they either get in the way, or the users find a way to work around them. Even though users manage to carry out everyday activities by using substandard...... IT security mechanisms or via workarounds, it will influence their experience of security. If researchers and designers only focus on IT security artifacts and fail to take the user experience into account, incorrect processes or workarounds will occur. Accordingly, to get users to follow the correct process...... may seem to be a criterion of success, even though it may yield a less appropriate experience of security. This dissertation deals with an improved understanding of IT security sensitive IT artifacts and presents three design methods, and a framework for addressing the complexities and contingencies...

  20. Security through Play

    OpenAIRE

    Gondree, Mark; Peterson, Zachary N. J.; Denning, Tamara

    2013-01-01

    Precollege classrooms have neither the support nor the room to explore computer security topics. At best, students are the targets of in-school safety campaigns, absorbing rules and best practices that only hint at the rich landscape of security problems. How to expose young students to cybersecurity outside the classroom!to computer security technology, concepts, and careers!is a challenge. Unfortunately, popular media might give more visibility to cybe...

  1. Security consideration for virtualization

    OpenAIRE

    Gebhardt, Carl

    2008-01-01

    Virtualization is not a new technology, but has recently experienced a resurgence of interest among industry and research. New products and technologies are emerging quickly, and are being deployed with little considerations to security concerns. It is vital to understand that virtualization does not improve security by default. Hence, any aspect of virtualization needs to undergo constant security analysis and audit. Virtualization is a changeable and very dynamic field wit...

  2. ITIL® and information security

    International Nuclear Information System (INIS)

    This paper discusses the context of ITIL framework and management of information security. It is therefore a summary study, where the first part is focused on the safety objectives in connection with the ITIL framework. First of all, there is a focus on ITIL process ISM (Information Security Management), its principle and system management. The conclusion is about link between standards, which are related to security, and ITIL framework

  3. Information Security Training & Awareness

    OpenAIRE

    Hogervorst, Monique

    2009-01-01

    Information security standards, best practices and literature all identify the need for Training & Awareness, the theory is clear. The surveys studied show that in the real world the situation is different: the focus of businesses is still on technical information security controls aimed at the external attacker. And although threats and vulnerabilities point out that personnel security becomes more important, the attitude of managers and employees does not reflect tha...

  4. Towards Information Security Awareness

    OpenAIRE

    Marius Petrescu; Delia Mioara Popescu; Nicoleta Sirbu

    2010-01-01

    Information security has come to be recognized as increasingly important because global communication and information systems allow a potentially large number of unauthorized users to access and possibly alter information from around the world. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. Information security involves both technology and people. Any securi...

  5. Addressing Software Security

    Science.gov (United States)

    Bailey, Brandon

    2015-01-01

    Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

  6. Secure shell session resumption

    OpenAIRE

    Kuryla, S. V.

    2009-01-01

    The Secure Shell (SSH) Protocol is a protocol for secure remote login and other secure network services over an insecure network. However, using modern cryptography techniques might be computationally expensive, especially for low-end devices such as wireless access points and DSL routers. Here I present an implementation of a session resumption mechanism that has been proposed earlier to improve the performance of SSI I.

  7. Automated security management

    CERN Document Server

    Al-Shaer, Ehab; Xie, Geoffrey

    2013-01-01

    In this contributed volume, leading international researchers explore configuration modeling and checking, vulnerability and risk assessment, configuration analysis, and diagnostics and discovery. The authors equip readers to understand automated security management systems and techniques that increase overall network assurability and usability. These constantly changing networks defend against cyber attacks by integrating hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers, and crypto systems. Automated Security Managemen

  8. Outsourcing information security

    CERN Document Server

    Axelrod, Warren

    2004-01-01

    This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions.

  9. A secure communications infrastructure for high-performance distributed computing

    Energy Technology Data Exchange (ETDEWEB)

    Foster, I.; Koenig, G.; Tuecke, S. [and others

    1997-08-01

    Applications that use high-speed networks to connect geographically distributed supercomputers, databases, and scientific instruments may operate over open networks and access valuable resources. Hence, they can require mechanisms for ensuring integrity and confidentially of communications and for authenticating both users and resources. Security solutions developed for traditional client-server applications do not provide direct support for the program structures, programming tools, and performance requirements encountered in these applications. The authors address these requirements via a security-enhanced version of the Nexus communication library; which they use to provide secure versions of parallel libraries and languages, including the Message Passing Interface. These tools permit a fine degree of control over what, where, and when security mechanisms are applied. In particular, a single application can mix secure and nonsecure communication, allowing the programmer to make fine-grained security/performance tradeoffs. The authors present performance results that quantify the performance of their infrastructure.

  10. Recent applications of thermal imagers for security assessment

    Energy Technology Data Exchange (ETDEWEB)

    Bisbee, T.L.

    1997-06-01

    This paper discusses recent applications by Sandia National Laboratories of cooled and uncooled thermal infrared imagers to wide-area security assessment systems. Thermal imagers can solve many security assessment problems associated with the protection of high-value assets at military bases, secure installations, and commercial facilities. Thermal imagers can provide surveillance video from security areas or perimeters both day and night without expensive security lighting. Until fairly recently, thermal imagers required open-loop cryogenic cooling to operate. The high cost of these systems and associated maintenance requirements restricted their widespread use. However, recent developments in reliable, closed-loop, linear drive cryogenic coolers and uncooled infrared imagers have dramatically reduced maintenance requirements, extended MTBF, and are leading to reduced system cost. These technology developments are resulting in greater availability and practicality for military as well as civilian security applications.

  11. Help for the Developers of Control System Cyber Security Standards

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2008-05-01

    A Catalog of Control Systems Security: Recommendations for Standards Developers (Catalog), aimed at assisting organizations to facilitate the development and implementation of control system cyber security standards, has been developed. This catalog contains requirements that can help protect control systems from cyber attacks and can be applied to the Critical Infrastructures and Key Resources of the United States and other nations. The requirements contained in the catalog are a compilation of practices or various industry bodies used to increase the security of control systems from both physical and cyber attacks. They should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cyber security standards for control systems. The recommendations in the Catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cyber security standards specific to their individual security requirements.

  12. Effective Security Architecture for Virtualized Data Center Networks

    Directory of Open Access Journals (Sweden)

    Udeze Chidiebele. C

    2012-01-01

    Full Text Available This work presents a candidate scheme for effective security policy that defines the requirements that will facilitate protection of network resources from internal and external security threats. Also, it ensures data privacy and integrity in a virtualized data center network (VDCN. An integration of Open Flow Software Defined Networking (OFSDN with VLAN Virtual Server Security (VVSS architecture is presented to address distinct security issues in virtualized data centers. The OFSDN with VVSS is proposed to create a more secured protection and maintain compliance integrity of servers and applications in the DCN. This proposal though still on the prototype phase, calls for community driven responses.

  13. A Novel Advanced Heap Corruption and Security Method

    Directory of Open Access Journals (Sweden)

    Arundhati Walia

    2012-05-01

    Full Text Available Heap security has been a major concern since the past two decades. Recently many methods have been proposed to secure heap i.e. to avoid heap overrun and attacks. The paper describes a method suggested to secure heap at the operating system level. Major emphasis is given to Solaris operating systems dynamic memory manager. When memory is required dynamically during runtime, the SysVmalloc acts as a memory allocator.Vmalloc allocates the chunks of memory in the form of splay tree structure. A self adjusting binary tree structure is reviewed in the paper, moreover major security issue to secure heap area is also suggested in the paper.

  14. Secure Vehicular Communication Systems: Implementation, Performance, and Research Challenges

    CERN Document Server

    Kargl, F; Buttyan, L; Muter, M; Wiedersheim, B; Schoch, E; Thong, T -V; Calandriello, G; Held, A; Kung, A; Hubaux, J -P

    2009-01-01

    Vehicular Communication (VC) systems are on the verge of practical deployment. Nonetheless, their security and privacy protection is one of the problems that have been addressed only recently. In order to show the feasibility of secure VC, certain implementations are required. In [1] we discuss the design of a VC security system that has emerged as a result of the European SeVeCom project. In this second paper, we discuss various issues related to the implementation and deployment aspects of secure VC systems. Moreover, we provide an outlook on open security research issues that will arise as VC systems develop from today's simple prototypes to full-fledged systems.

  15. A Novel Model for Security Evaluation for Compliance

    DEFF Research Database (Denmark)

    Hald, Sara Ligaard; Pedersen, Jens Myrup; Prasad, Neeli R.;

    2011-01-01

    With the increasing focus on security in information systems, it is becoming necessary to be able to describe and compare security attributes for different technologies. Existing are well-described and comprehensive, but expensive and resource demanding to apply. The Security Evaluation...... for Compliance (SEC) model offers a lightweight alternative for use by decision makers to get a quick overview of the security attributes of different technologies for easy comparison and requirement compliance evaluation. The scientific contribution is this new approach to security modelling as well...

  16. Information security governance simplified from the boardroom to the keyboard

    CERN Document Server

    Fitzgerald, Todd

    2011-01-01

    Security practitioners must be able to build cost-effective security programs while also complying with government regulations. Information Security Governance Simplified: From the Boardroom to the Keyboard lays out these regulations in simple terms and explains how to use control frameworks to build an air-tight information security (IS) program and governance structure. Defining the leadership skills required by IS officers, the book examines the pros and cons of different reporting structures and highlights the various control frameworks available. It details the functions of the security d

  17. Security-Enhanced Fast Mobile IPv6 Handover

    Science.gov (United States)

    Park, Chang-Seop

    Motivated by the fact that the existing FMIPv6 security scheme has several weaknesses in terms of security and efficiency, we propose a security-enhanced fast mobile IPv6 in this letter. Based on the concept of a secret key-based CGA (Cryptographically Generated Address), we show how to establish a new security association between the MN and AR (Access Router) whenever a handover occurs. We also show that the proposed scheme is robust against several types of security attacks feasible with the existing scheme. Our scheme is more efficient in that it requires fewer public key operations.

  18. Data security in Intelligent Transport Systems

    Directory of Open Access Journals (Sweden)

    Tomas Zelinka

    2012-10-01

    Full Text Available Intelligent Transport Services expect availability of the secure seamless communications solutions typically covering widely spread areas. Different ITS solutions require different portfolio of telecommunications service quality. These parameters have to correspond with ITS service performance parameters required by specific service. Even though quite extensive range of public wireless data services with reasonable coverage are provided, most of them are provided with no guaranteed quality and security. ITS requirements can be in most parameters easier reached if multi-path communications systems are applied core solution is combined with both public as well as private ones where and when it is needed. Such solution requires implementation of relevant flexible system architecture supported by the efficient decision processes. This paper is concentrated the telecommunications security issues relevant to the ITS wide area networking. Expected level of security varies in dependence on relevant ITS service requirements. Data volumes transferred both in private data vehicle on board networks as well as between vehicles and infrastructure (C2I or other vehicles (C2C progressively grow. Such trend upsurges the fatal problems appearance probability in case security of the wide area networks is not relevantly treated. That is reason why relevant communications security treatment becomes crucial part of the ITS solution. Besides of available "off shelf" security tools we present solution based on non-public universal identifier with dynamical extension (time and position dependency as an autonomous variables and data selection according to actor role or category. Presented results were obtained within projects e-Ident1, DOTEK2 and SRATVU3.

  19. Chemical Security Analysis Center

    Data.gov (United States)

    Federal Laboratory Consortium — In 2006, by Presidential Directive, DHS established the Chemical Security Analysis Center (CSAC) to identify and assess chemical threats and vulnerabilities in the...

  20. Microsoft Windows Security Essentials

    CERN Document Server

    Gibson, Darril

    2011-01-01

    Windows security concepts and technologies for IT beginners IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built. This straightforward guide begins each chapter by laying out a list of topics to be discussed,

  1. Beyond grid security

    International Nuclear Information System (INIS)

    While many fields relevant to Grid security are already covered by existing working groups, their remit rarely goes beyond the scope of the Grid infrastructure itself. However, security issues pertaining to the internal set-up of compute centres have at least as much impact on Grid security. Thus, this talk will present briefly the EU ISSeG project (Integrated Site Security for Grids). In contrast to groups such as OSCT (Operational Security Coordination Team) and JSPG (Joint Security Policy Group), the purpose of ISSeG is to provide a holistic approach to security for Grid computer centres, from strategic considerations to an implementation plan and its deployment. The generalised methodology of Integrated Site Security (ISS) is based on the knowledge gained during its implementation at several sites as well as through security audits, and this will be briefly discussed. Several examples of ISS implementation tasks at the Forschungszentrum Karlsruhe will be presented, including segregation of the network for administration and maintenance and the implementation of Application Gateways. Furthermore, the web-based ISSeG training material will be introduced. This aims to offer ISS implementation guidance to other Grid installations in order to help avoid common pitfalls

  2. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2003-01-01

    Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a c

  3. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2004-01-01

    For more than a decade, the Information Security Management Handbook has served as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination and as a reference for information security practitioners. Now thoroughly revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a comprehensive understanding of all the items in it. This is a valuable book, both for preparing for the CISSP exam and as a complete, up-to

  4. Beginning ASPNET Security

    CERN Document Server

    Dorrans, Barry

    2010-01-01

    Beginning ASP.NET 3.5 Security is geared for novice to intermediate ASP.NET programmers who wish to protect and defend their web sites against attack and exploitation. Beginning with a discussion of why we need security and the things that may occur when it is ignored and an overview of how ASP.NET works, readers are taken through the common steps in developing a web site, the security problems each area exposes and how these can be exploited. Visual Studio Security MVP Barry Dorrans teaches readers how they can defend their applications using the standard .NET framework, industry patterns and

  5. Building a strategic security organisation.

    Science.gov (United States)

    Howard, Mike

    2016-01-01

    In everyone's day-to-day jobs there is constant need to deal with current and newly detected matters. This is now a world of immediacy, driven by the cadence of the business and its needs. These concerns should not be ignored, as failing to deal with these issues would not bode well for the future. It is essential that the gears are kept spinning. The challenge for any security organisation is to identify its short-term tactical requirements, while developing longer-term strategic needs. Once done, the differences can be accounted for and strides can be made toward a desired future state. This paper highlights several steps that the author and his team have taken in their own journey. There is no magic answer, each organisation will have its own unique challenges. Nevertheless, some of the approaches to building a strategic security organisation described in this paper are applicable to all organisations, irrespective of their size. PMID:27318284

  6. Efficient and Secure Information Sharing For Security Personnels: A Role and Cooperation Based Approach

    Directory of Open Access Journals (Sweden)

    G.K. Pradhan

    2010-07-01

    Full Text Available To facilitate users to interact with and share information without difficulty and faultlessly across various networks and databases nationwide, a secure and trusted information-sharing environment has been recognized as an imperative requirement and to advance homeland security effort. The key incentive following this research is to build a secure and trusted information-sharing approach for governmentdepartments. This paper presents an efficient role and cooperation based information sharing approach for secure exchange of confidential and top secret information amongst security personnels and government departments within the national boundaries using public key cryptography. The devised approach makes use of cryptographic hash function; public key cryptosystem and a unique and complex mapping function for securely exchanging confidential information. Furthermore, the proposed approach facilitates privacy preserving information sharing with probable restrictions based on the rank of the security personnels. The developed role and cooperation based information sharing approach ensures secure and stream-lined information sharing among security personnels and government intelligence departments to avoid threatening activities. The experimental results demonstrate the effectiveness of theproposed information sharing approach.

  7. Land Ecological Security Evaluation of Guangzhou, China

    Directory of Open Access Journals (Sweden)

    Linyu Xu

    2014-10-01

    Full Text Available As the land ecosystem provides the necessary basic material resources for human development, land ecological security (LES plays an increasingly important role in sustainable development. Given the degradation of land ecological security under rapid urbanization and the urgent LES requirements of urban populations, a comprehensive evaluation method, named Double Land Ecological Security (DLES, has been introduced with the city of Guangzhou, China, as a case study, which evaluates the LES in regional and unit scales for reasonable and specific urban planning. In the evaluation process with this method, we have combined the material security with the spiritual security that is inevitably associated with LES. Some new coefficients of land-security supply/demand distribution and technology contribution for LES evaluation have also been introduced for different spatial scales, including the regional and the unit scales. The results for Guangzhou indicated that, temporally, the LES supply indices were 0.77, 0.84 and 0.77 in 2000, 2006 and 2009 respectively, while LES demand indices for the city increased in 2000, 2006 and 2009 from 0.57 to 0.95, which made the LES level decreased slowly in this period. Spatially, at the regional scale, the urban land ecological security (ULES level decreased from 0.2 (marginal security to −0.18 (marginal insecurity as a whole; in unit scale, areas in the north and in parts of the east were relatively secure and the security area was shrinking with time, but the central and southern areas turned to be marginal insecurity, especially in 2006 and 2009. This study proposes that DLES evaluation should be conducted for targeted and efficient urban planning and management, which can reflect the LES level of study area in general and in detail.

  8. Land ecological security evaluation of Guangzhou, China.

    Science.gov (United States)

    Xu, Linyu; Yin, Hao; Li, Zhaoxue; Li, Shun

    2014-01-01

    As the land ecosystem provides the necessary basic material resources for human development, land ecological security (LES) plays an increasingly important role in sustainable development. Given the degradation of land ecological security under rapid urbanization and the urgent LES requirements of urban populations, a comprehensive evaluation method, named Double Land Ecological Security (DLES), has been introduced with the city of Guangzhou, China, as a case study, which evaluates the LES in regional and unit scales for reasonable and specific urban planning. In the evaluation process with this method, we have combined the material security with the spiritual security that is inevitably associated with LES. Some new coefficients of land-security supply/demand distribution and technology contribution for LES evaluation have also been introduced for different spatial scales, including the regional and the unit scales. The results for Guangzhou indicated that, temporally, the LES supply indices were 0.77, 0.84 and 0.77 in 2000, 2006 and 2009 respectively, while LES demand indices for the city increased in 2000, 2006 and 2009 from 0.57 to 0.95, which made the LES level decreased slowly in this period. Spatially, at the regional scale, the urban land ecological security (ULES) level decreased from 0.2 (marginal security) to -0.18 (marginal insecurity) as a whole; in unit scale, areas in the north and in parts of the east were relatively secure and the security area was shrinking with time, but the central and southern areas turned to be marginal insecurity, especially in 2006 and 2009. This study proposes that DLES evaluation should be conducted for targeted and efficient urban planning and management, which can reflect the LES level of study area in general and in detail. PMID:25321873

  9. Cyberspace security: How to develop a security strategy

    CERN Document Server

    Raggad, Bel G

    2007-01-01

    Despite all visible dividers, the Internet is getting us closer and closer, but with a great price. Our security is the price. The internatl. community is fully aware of the urgent need to secure the cyberspace as you see the multiplication of security standards and national schemes interpreting them beyond borders: ISO 15408, ISO 17799, and ISO 27001. Even though some countries, incl. the Security Big Six (SB6), are equipped with their security books and may feel relatively safe; this remains a wrong sense of security as long as they share their networks with entities of less security. The standards impose security best practices and system specifications for the development of information security management systems. Partners beyond borders have to be secure as this is only possible if all entities connected to the partnership remain secure. Unfortunately, there is no way to verify the continuous security of partners without periodic security auditing and certification, and members who do not comply should ...

  10. Security engineering: Phisical security measures for high-risk personnel

    Directory of Open Access Journals (Sweden)

    Jelena S. Cice

    2013-06-01

    Full Text Available The design of physical security measures is a specialized technical area that does not fall in the normal skill record and resume of commanders, architects, engineers, and project managers. This document provides guidance to those parties tasked with implementing existing and emerging physical protection system requirements: -    Creation of a single-source reference for the design and construction of physical security measures for high-risk personnel (HRP. -    Promulgation of multi-service standard recommendations and considerations. -    Potential increase of productivity of HRP and reduced temporary housing costs through clarification of considerations, guidance on planning, and provision of design solutions. -    Reduction of facility project costs. -    Better performance of modernized facilities, in terms of force protection, than original facilities. Throughout this process you must ensure: confidentiality, appropriate Public Relations, sustainability, compliance with all industrial guidelines and legal and regulatory requirement, constant review and revision to accommodate new circumstances or threats. Introduction Physical security is an extremely broad topic. It encompasses access control devices such as smart cards, air filtration and fireproofing. It is also heavily reliant on infrastructure. This means that many of the ideal physical security measures may not be economically or physically feasible for existing sites. Many businesses do not have the option of building their own facility from the ground up; thus physical security often must be integrated into an existing structure. This limits the overall set of security measures that can be installed. There is an aspect of physical security that is often overlooked; the humans that interact with it. Humans commit crime for a number of reasons. The document focuses on two building types: the HRP office and the HRP residence. HRP are personnel who are likely to be

  11. Tactical Automated Security System (TASS) RF communications

    Energy Technology Data Exchange (ETDEWEB)

    Thurber, J. [AVJG, Hanscom AFB, MA (United States). Electronic Systems Center; Dumais, B. [Horizons Technology, Inc., Billerica, MA (United States); Kenyon, D. [Analytical Systems Engineering Corp., Bedford, MA (United States); Harrington, J. [Sandia National Labs., Albuquerque, NM (United States)

    1993-12-31

    The Tactical Automated Security System (TASS) spearheads a new way of performing security for the US Air Force: a portable, relocatable security system that deploys and moves with the troops. TASS applications will range from temporary assets located in remote areas to performing traditional, semipermanent roles on main operating bases. In addition, the system is designed for tactical and covert applications. The main elements of TASS include tactical and relocatable sensors, thermal imagers and assessment devices, data communications, alarm annunciation and power. A primary requirement for the TASS system is to utilize wireless communications links to the maximum extent possible. Current wireless technology best supports TASS with radio frequency (RF) based links, but other techniques may eventually be used. This paper addresses the TASS data communications requirements, actions taken to fulfill these requirements, and continuing challenges to operating in the RF mode.

  12. Securing XML Documents

    Directory of Open Access Journals (Sweden)

    Charles Shoniregun

    2004-11-01

    Full Text Available XML (extensible markup language is becoming the current standard for establishing interoperability on the Web. XML data are self-descriptive and syntax-extensible; this makes it very suitable for representation and exchange of semi-structured data, and allows users to define new elements for their specific applications. As a result, the number of documents incorporating this standard is continuously increasing over the Web. The processing of XML documents may require a traversal of all document structure and therefore, the cost could be very high. A strong demand for a means of efficient and effective XML processing has posed a new challenge for the database world. This paper discusses a fast and efficient indexing technique for XML documents, and introduces the XML graph numbering scheme. It can be used for indexing and securing graph structure of XML documents. This technique provides an efficient method to speed up XML data processing. Furthermore, the paper explores the classification of existing methods impact of query processing, and indexing.

  13. Comprehensive test ban treaty international monitoring system security threats and proposed security attributes

    Energy Technology Data Exchange (ETDEWEB)

    Draelos, T.J.; Craft, R.L.

    1996-03-01

    To monitor compliance with a Comprehensive Test Ban Treaty (CTBT), a sensing network, referred to as the International Monitoring System (IMS), is being deployed. Success of the IMS depends on both its ability to preform its function and the international community`s confidence in the system. To ensure these goals, steps must be taken to secure the system against attacks that would undermine it; however, it is not clear that consensus exists with respect to the security requirements that should be levied on the IMS design. In addition, CTBT has not clearly articulated what threats it wishes to address. This paper proposes four system-level threats that should drive IMS design considerations, identifies potential threat agents, and collects into one place the security requirements that have been suggested by various elements of the IMS community. For each such requirement, issues associated with the requirement are identified and rationale for the requirement is discussed.

  14. Deliberate Secure Grid Computing Blueprint Design in Indian Context

    Directory of Open Access Journals (Sweden)

    Sanjeev Puri

    2012-06-01

    Full Text Available The novel concept of grid computing, clusters of computational power is constructed from a network of many small and widespread different computers servers or workstations into a single resource. We now proceed to translate the grid security problem into specific grid security requirements. The purpose of Grid technologies is to support the secure sharing and scalable coordinated use of diverse resources in dynamic, distributed VOs. We propose a secure blueprint design for grid systems that addresses requirements for single sign-on, interoperability with local policies of any grid city of India, with dynamically varying resource demands.

  15. An Approach to Secure Mobile Enterprise Architectures

    Directory of Open Access Journals (Sweden)

    Florian Georg Furtmanduuml;ller

    2013-01-01

    Full Text Available Due to increased security awareness of enterprises for mobile applications operating with sensitive or personal data as well as extended regulations form legislative (the principle of proportionality various approaches, how to implement (extended two-factor authentication, multi-factor authentication or virtual private network within enterprise mobile environments to ensure delivery of secure applications, have been developed. Within mobile applications it will not be sufficient to rely on security measures of the individual components or interested parties, an overall concept of a security solution has to be established which requires the interaction of several technologies, standards and system components. These include the physical fuses on the device itself as well as on the network layer (such as integrated security components, security measures (such as employee agreements, contract clauses, insurance coverage, but also software technical protection at the application level (e.g. password protection, encryption, secure container. The purpose of this paper is to summarize the challenges and practical successes, providing best practices to fulfill appropriate risk coverage of mobile applications. I present a use case, in order to proof the concept in actual work settings, and to demonstrate the adaptability of the approach.

  16. SECURING VIRTUAL IMAGES USING BLIND AUTHENTICATION PROTOCOL

    Directory of Open Access Journals (Sweden)

    RAVIKIRAN PEELUKHANA,

    2011-04-01

    Full Text Available The cloud virtualization technology improves the economy of scale for data centers through server consolidation, application consolidation and resources consolidation. Virtualization allows the provider to move Virtual Images from more congested host to less-congested hosts, as required. Enterprises also get improved server reliability, which in turn increases application performance. Despite these benefits, it includes major security challenges with the portability of Virtual Images between different cloud providers.The security and integrity of Virtual images is the foundation for the overall security of the cloud. Many of the Virtual images are intended to be shared by diverse and unrelated users. Unfortunately, existing approaches to cloud security built by cloud practitioners fall short when dealing with Virtual images. Secure transmission of virtual Images can bepossible by providing authentication using Blind Authentication protocol (BAP. The proposed approach authenticates the allocation of virtual images using Blind authentication protocol. It provides provable protection against replay and client side attacks even if the keys of the user are compromised. The encryption also provides template protection, revocability and alleviates the concerns on privacy in widespread use of biometrics. Carrying out the authentication in the encrypted domain is a secure process, while the encryption key acts as an additional layer of security.

  17. A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE

    Directory of Open Access Journals (Sweden)

    Arijit Ukil

    2013-09-01

    Full Text Available In a typical cloud computing diverse facilitating components like hardware, software, firmware,networking, and services integrate to offer different computational facilities, while Internet or a privatenetwork (or VPN provides the required backbone to deliver the services. The security risks to the cloud system delimit the benefits of cloud computing like “on-demand, customized resource availability and performance management”. It is understood that current IT and enterprise security solutions are not adequate to address the cloud security issues. This paper explores the challenges and issues of security concerns of cloud computing through different standard and novel solutions. We propose analysis and architecture for incorporating different security schemes, techniques and protocols for cloud computing,particularly in Infrastructure-as-a-Service (IaaS and Platform-as-a-Service (PaaS systems. The proposedarchitecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and is not coupled with the underlying backbone. This would facilitate to manage the cloud system more effectively and provide the administrator to include the specific solution to counter the threat. We have also shown using experimental data how a cloud service provider can estimate the charging based on the security service it provides and security-related cost-benefit analysis can be estimated.

  18. Security Policy Enforcement in Cloud Infrastructure

    Directory of Open Access Journals (Sweden)

    Arijit Ukil

    2013-05-01

    Full Text Available Cloud computing is a computing environment consisti ng of different facilitating components like hardware, software, firmware, networking, and servi ces. Internet or a private network provides the required backbone to deliver the cloud services . The benefits of cloud computing like “on- demand, customized resource availability and perfor mance management” are overpowered by the associated security risks to the cloud system, particularly to the cloud users or clients. Existing traditional IT and enterprise security are not adequate to address the cloud security issues. In order to deploy different cloud applicat ions, it is understood that security concerns of cloud computing are to be effectively addressed. Cl oud security is such an area which deals with the concerns and vulnerabilities of cloud comp uting for ensuring safer computing environment. This paper explores the challenges and issues of security concerns of cloud computing through different standard and novel solu tions. This paper proposes architecture for incorporating different security schemes, technique s and protocols for cloud computing, particularly in Infrastructure-as-a-Service (IaaS and Platform-as-a-Service (PaaS systems. The proposed architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and is not coupled with the un derlying backbone. This would facilitate to manage the cloud system more effectively and provid e the administrator to include the specific solution to counter the threat.

  19. Quantum Oblivious Transfer: a secure practical implementation

    Science.gov (United States)

    Nagy, Marius; Nagy, Naya

    2016-09-01

    Together with bit commitment, Oblivious Transfer is a very useful cryptographic primitive with important applications, most notably in secure multiparty computations. It has been long known that secure Quantum Oblivious Transfer can be achieved from a secure implementation of Quantum Bit Commitment. Unfortunately, it is also well known that unconditionally secure Quantum Bit Commitment is impossible, so building a secure Oblivious Transfer protocol on top of Quantum Bit Commitment is ruled out. In this paper, we propose a relatively simple quantum protocol for Oblivious Transfer which does not require qubit storage, does not rely on bit commitment as a primitive and is easily implementable with current technology, if the two actors are honest. The protocol is proven to be secure against any individual measurements and entanglement-based attacks. Any cheating attempt trying to speculate collective measurements would be considerably difficult to put in practice, even in the near future. Furthermore, the number of qubits used in our scheme (embodied as photons in a physical realization of the protocol) acts as a security parameter, making it increasingly hard to cheat.

  20. Security Embedding Codes

    CERN Document Server

    Ly, Hung D; Blankenship, Yufei

    2011-01-01

    This paper considers the problem of simultaneously communicating two messages, a high-security message and a low-security message, to a legitimate receiver, referred to as the security embedding problem. An information-theoretic formulation of the problem is presented. A coding scheme that combines rate splitting, superposition coding, nested binning and channel prefixing is considered and is shown to achieve the secrecy capacity region of the channel in several scenarios. Specifying these results to both scalar and independent parallel Gaussian channels (under an average individual per-subchannel power constraint), it is shown that the high-security message can be embedded into the low-security message at full rate (as if the low-security message does not exist) without incurring any loss on the overall rate of communication (as if both messages are low-security messages). Extensions to the wiretap channel II setting of Ozarow and Wyner are also considered, where it is shown that "perfect" security embedding...