WorldWideScience

Sample records for cabig security requirements

  1. INDECT Advanced Security Requirements

    CERN Document Server

    Uruena, Manuel; Martinez, Maria; Niemiec, Marcin; Stoianov, Nikolai

    2010-01-01

    This paper reviews the requirements for the security mechanisms that are currently being developed in the framework of the European research project INDECT. An overview of features for integrated technologies such as Virtual Private Networks (VPNs), Cryptographic Algorithms, Quantum Cryptography, Federated ID Management and Secure Mobile Ad-hoc networking are described together with their expected use in INDECT.

  2. Reusable Security Requirements

    Science.gov (United States)

    2016-06-13

    2003 by Carnegie Mellon University page 1 Carnegie Mellon Software Engineering Institute Reusable Security Requirements RE’2003 RHAS’03 Workshop...PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Carnegie Mellon University , Software Engineering Institute,Pittsburgh,PA,15213 8. PERFORMING...Carnegie Mellon University page 2 Carnegie Mellon Software Engineering Institute In a Nut Shell • Similar Assets, Attackers, and Threats • Security

  3. Software Security Requirements Gathering Instrument

    OpenAIRE

    2011-01-01

    Security breaches are largely caused by the vulnerable software. Since individuals and organizations mostly depend on softwares, it is important to produce in secured manner. The first step towards producing secured software is through gathering security requirements. This paper describes Software Security Requirements Gathering Instrument (SSRGI) that helps gather security requirements from the various stakeholders. This will guide the developers to gather security requirements along with th...

  4. Software Security Requirements Gathering Instrument

    Directory of Open Access Journals (Sweden)

    Smriti Jain

    2011-08-01

    Full Text Available Security breaches are largely caused by the vulnerable software. Since individuals and organizations mostly depend on softwares, it is important to produce in secured manner. The first step towards producing secured software is through gathering security requirements. This paper describes Software Security Requirements Gathering Instrument (SSRGI that helps gather security requirements from the various stakeholders. This will guide the developers to gather security requirements along with the functional requirements and further incorporate security during other phases of software development. We subsequently present case studies that describe the integration of the SSRGI instrument with Software Requirements Specification (SRS document as specified in standard IEEE 830-1998. Proposed SSRGI will support the software developers in gathering security requirements in detail during requirements gathering phase.

  5. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables, ... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  6. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables, ... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  7. Windows Security patch required

    CERN Multimedia

    3004-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  8. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  9. GRID INFORMATION SECURITY FUNCTIONAL REQUIREMENT

    Directory of Open Access Journals (Sweden)

    Amy Poh Ai Ling

    2011-07-01

    Full Text Available This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application ofhermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them and its awareness of this information infrastructure has become critical to the reliability of the power system. Community benefits from of cost savings, flexibility and deployment along with the establishment of wireless communications. However, concern revolves around the security protections for easily accessible devices such as the smart meter and the related communications hardware. On the other hand, the changing points between traditional versus smart grid networking trend and the information security importance on the communication field reflects the criticality of grid information security functional requirement identification. The goal of this paper is to identify the functional requirement and relate its significance addresses to the consumer requirement of an information security of a smart grid. Vulnerabilities may bring forth possibility for an attacker to penetrate a network, make headway admission to control software, alter it to load conditions that destabilize the grid in unpredictable ways. Focusing on the grid information security functional requirement is stepping ahead in developing consumer trust and satisfaction towardsmart grid completeness.

  10. Development of the Lymphoma Enterprise Architecture Database: a caBIG Silver level compliant system.

    Science.gov (United States)

    Huang, Taoying; Shenoy, Pareen J; Sinha, Rajni; Graiser, Michael; Bumpers, Kevin W; Flowers, Christopher R

    2009-04-03

    Lymphomas are the fifth most common cancer in United States with numerous histological subtypes. Integrating existing clinical information on lymphoma patients provides a platform for understanding biological variability in presentation and treatment response and aids development of novel therapies. We developed a cancer Biomedical Informatics Grid (caBIG) Silver level compliant lymphoma database, called the Lymphoma Enterprise Architecture Data-system (LEAD), which integrates the pathology, pharmacy, laboratory, cancer registry, clinical trials, and clinical data from institutional databases. We utilized the Cancer Common Ontological Representation Environment Software Development Kit (caCORE SDK) provided by National Cancer Institute's Center for Bioinformatics to establish the LEAD platform for data management. The caCORE SDK generated system utilizes an n-tier architecture with open Application Programming Interfaces, controlled vocabularies, and registered metadata to achieve semantic integration across multiple cancer databases. We demonstrated that the data elements and structures within LEAD could be used to manage clinical research data from phase 1 clinical trials, cohort studies, and registry data from the Surveillance Epidemiology and End Results database. This work provides a clear example of how semantic technologies from caBIG can be applied to support a wide range of clinical and research tasks, and integrate data from disparate systems into a single architecture. This illustrates the central importance of caBIG to the management of clinical and biological data.

  11. Security Requirements for Cryptographic Modules

    Science.gov (United States)

    1999-01-01

    module interfaces; roles, services, and authentication; finite state machine model ; physical security; operating system security; cryptographic key...15 4.4 Finite State Machine Model .......................................................................................................... 17...These areas include cryptographic module specification; module interfaces; roles, services, and authentication; finite state machine model ; physical

  12. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  13. Security Requirements – Analysis of the Issue

    Directory of Open Access Journals (Sweden)

    Jhon Vincent

    2013-12-01

    Full Text Available Needs about security are matters little taken into account when managing requirements engineering , and when considered in the life cycle of the system , they tend to become a general list of functions, as password of protection , firewalls , virus detection tools , and other similar. But in fact, they cannot be considered as requirements of security, because they are implementation mechanisms to try to meet unspecified requirements, as an authenticated access. As a result, the security requirements for the system are ignored, which are required to protect essential services and assets, besides, when are specified, is not considered the prospect of future attacks. This paper describes the need for a systematic approach to managing security requirements engineering, in order to help avoid the problem of generic lists and take into account the future perspective. Several related approaches are described and also are provided references additional material that can help requirements engineers to ensure that their products be taken into account, effectively , the security requirements.

  14. Security Requirements Reusability and the SQUARE Methodology

    Science.gov (United States)

    2010-09-01

    creation of SQUARE. Section 3 briefly describes the SQUARE metho - dology. Section 4 presents an argument for reuse in security requirements...be per- formed for each request. physical protection. Secure systems must be protected not only from electronic attack but also physical threats...this is often cost ver- sus benefit. Various other options are explored in SQUARE case studies, including triage, Win- Win, and mathematical models

  15. Cloud computing security requirements: a systematic review

    NARCIS (Netherlands)

    Iankoulova, Iliana; Daneva, Maya; Rolland, C.; Castro, J.; Pastor, O.

    2012-01-01

    Many publications have dealt with various types of security requirements in cloud computing but not all types have been explored in sufficient depth. It is also hard to understand which types of requirements have been under-researched and which are most investigated. This paper's goal is to provide

  16. Argumentation-based security requirements elicitation: the next round

    NARCIS (Netherlands)

    Ionita, Dan; Bullee, Jan-Willem; Wieringa, Roel

    2014-01-01

    Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of the

  17. Measuring Security of Web Services in Requirement Engineering Phase

    Directory of Open Access Journals (Sweden)

    Davoud Mougouei

    2015-05-01

    Full Text Available Addressing security in early stages of web service development has always been a major engineering trend. However, to assure security of web services it is required to perform security evaluation in a rigorous and tangible manner. The results of such an evaluation if performed in early stages of the development process can be used to improve the quality of the target web service. On the other hand, it is impossible to remove all of the security faults during the security analysis of web services. As a result, absolute security is never possible to achieve and a security failure may occur during the execution of web service. To avoid security failures, a measurable level of fault tolerance is required to be achieved through partial satisfaction of security goals. Thus any proposed measurement technique must care for this partiality. Even though there are some approaches toward assessing the security of web services but still there is no precise model for evaluation of security goal satisfaction specifically during the requirement engineering phase. This paper introduces a Security Measurement Model (SMM for evaluating the Degree of Security (DS in security requirements of web services by taking into consideration partial satisfaction of security goals. The proposed model evaluates overall security of the target service through measuring the security in Security Requirement Model (SRM of the service. The proposed SMM also takes into account cost, technical ability, impact and flexibility as the key features of security evaluation.

  18. Pattern and security requirements engineering-based establishment of security standards

    CERN Document Server

    Beckers, Kristian

    2015-01-01

    Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security standards presented, and the relations to the elementary concepts of security requirements engineering (SRE) methods explored. Using this knowledge, engineers can build customised methods that support the establishment of security standards. Standard

  19. Requirements of a Better Secure Program Coding

    Directory of Open Access Journals (Sweden)

    Marius POPA

    2012-01-01

    Full Text Available Secure program coding refers to how manage the risks determined by the security breaches because of the program source code. The papers reviews the best practices must be doing during the software development life cycle for secure software assurance, the methods and techniques used for a secure coding assurance, the most known and common vulnerabilities determined by a bad coding process and how the security risks are managed and mitigated. As a tool of the better secure program coding, the code review process is presented, together with objective measures for code review assurance and estimation of the effort for the code improvement.

  20. Validating Cyber Security Requirements: A Case Study

    Energy Technology Data Exchange (ETDEWEB)

    Abercrombie, Robert K [ORNL; Sheldon, Frederick T [ORNL; Mili, Ali [New Jersey Insitute of Technology

    2011-01-01

    Vulnerabilities in a system may have widely varying impacts on system security. In practice, security should not be defined as the absence of vulnerabilities. In practice, security should not be quantified by the number of vulnerabilities. Security should be managed by pursuing a policy that leads us first to the highest impact vulnerabilities. In light of these observations, we argue in favor of shifting our focus from vulnerability avoidance/removal to measurable security attributes. To this effect, we recommend a logic be used for system security, which captures/represents security properties in quantifiable, verifiable, measurable terms so that it is possible to reason about security in terms of its observable/perceptible effects rather than its hypothesized causes. This approach is orthogonal to existing techniques for vulnerability avoidance, removal, detection, and recovery, in the sense that it provides a means to assess, quantify, and combine these techniques.

  1. Security Measurement Based On GQM To Improve Application Security During Requirements Stage

    Directory of Open Access Journals (Sweden)

    Ala A. Abdulrazeg

    2015-05-01

    Full Text Available Developing secure web applications that can withstand malicious attacks requires a careful injection of security considerations into early stages of development lifecycle. Assessing security at the requirement analysis stage of the application development life cycle may help in mitigating security defects before they spread their wings into the latter stages of the development life cycle and into the final version of product. In this paper, we present a security metrics model based on the Goal Question Metric (GQM approach, focusing on the design of the misuse case model. Misuse case is a technique to identify threats and integrate security requirements during the requirement analysis stage. The security metrics model helps in discovering and evaluating the misuse case models by ensuring a defect-free model. Here, the security metrics are based on the OWASP top 10-2010, in addition to misuse case modeling antipattern.

  2. 7 CFR 764.104 - General real estate security requirements.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 7 2010-01-01 2010-01-01 false General real estate security requirements. 764.104....104 General real estate security requirements. (a) Agency lien position requirements. If real estate... Agency; and (4) Equity in the collateral exists. (b) Real estate held under a purchase contract. If...

  3. 77 FR 63849 - Facility Security Officer Training Requirements; Correction

    Science.gov (United States)

    2012-10-17

    ... SECURITY Coast Guard Facility Security Officer Training Requirements; Correction AGENCY: Coast Guard, DHS...), announcing a public meeting to receive comments on the development of a Facility Security Officer training program. The notice contains an inaccurate Internet link to RSVP for the public meeting. DATES: The...

  4. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    Directory of Open Access Journals (Sweden)

    Weems William A

    2009-06-01

    Full Text Available Abstract Background Data protection is important for all information systems that deal with human-subjects data. Grid-based systems – such as the cancer Biomedical Informatics Grid (caBIG – seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. Methods An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios – difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Results Thirty-one (31 individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31 individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and

  5. Security Quality Requirements Engineering (SQUARE) Methodology

    Science.gov (United States)

    2005-11-01

    Barbara ; Roback, Edward. An Introduction to Computer Security. Gaithersburg, MD: U.S. Department of Commerce, Tech- nology Administration, National...Software Engineering: A Use Case Driven Approach. Boston, MA: Addison-Wesley, 1992. [Jones 86] Jones, Capers , ed. Tutorial: Programming Productivity

  6. SECURED CLOUD SUPPORT FOR GLOBAL SOFTWARE REQUIREMENT RISK MANAGEMENT

    OpenAIRE

    Shruti Patil; Roshani Ade

    2014-01-01

    This paper presents core problem solution to security of Global Software Development Requirement Information. Currently the major issue deals with hacking of sensitive client information which may lead to major financial as well as social loss. To avoid this system provides cloud security by encryption of data as well as deployment of tool over the cloud will provide significant security to whole global content management system. The core findings are presented in terms of how hac...

  7. Decomposition of the Security Requirements for Connected Information Domains

    NARCIS (Netherlands)

    Schotanus, H.A.; Boonstra, D.; Broenink, E.G.

    2011-01-01

    The introduction of network enabled capabilities (NEC) changed the way defence organisations look at their IT infrastructure. Finding the right balance between security and duty-to-share has proven to be a difficult challenge. The situations are complex and may lead to high security requirements t

  8. Requirements for multimedia metadata schemes in surveillance applications for security

    NARCIS (Netherlands)

    Rest, J.; Grootjen, F.A.; Grootjen, M.; Wijn, R.; Aarts, O.; Roelofs, M.L.; Burghouts, G.J.; Bouma, H.; Alic, L.; Kraaij, W.

    2014-01-01

    Surveillance for security requires communication between systems and humans, involves behavioural and multimedia research, and demands an objective benchmarking for the performance of system components. Metadata representation schemes are extremely important to facilitate (system) interoperability a

  9. Information security requirements in patient-centred healthcare support systems.

    Science.gov (United States)

    Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

    2013-01-01

    Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

  10. 48 CFR 1337.110-70 - Personnel security processing requirements.

    Science.gov (United States)

    2010-10-01

    ... where foreign national access to any DOC facility or DOC IT system is required. The language of the... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Personnel security processing requirements. 1337.110-70 Section 1337.110-70 Federal Acquisition Regulations System DEPARTMENT...

  11. Grid Information Security Functional Requirement - Fulfilling Information Security of a Smart Grid System

    CERN Document Server

    Ling, Amy Poh Ai; 10.5121/ijgca.2011.2201

    2011-01-01

    This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application of hermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them and its awareness of this information infrastructure has become critical to the reliability of the power system. Community benefits from of cost savings, flexibility and deployment along with the establishment of wireless communications. However, concern revolves around the security protections for easily accessible devices such as the smart meter and the related communications hardware. On the other hand, the changing points between traditional versus smart grid networking trend and the information security importance on...

  12. Security and Privacy in Video Surveillance: Requirements and Challenges

    DEFF Research Database (Denmark)

    Mahmood Rajpoot, Qasim; Jensen, Christian D.

    2014-01-01

    Use of video surveillance has substantially increased in the last few decades. Modern video surveillance systems are equipped with techniques that allow traversal of data in an effective and efficient manner, giving massive powers to operators and potentially compromising the privacy of anyone...... observed by the system. Several techniques to protect the privacy of individuals have therefore been proposed, but very little research work has focused on the specific security requirements of video surveillance data (in transit or in storage) and on authorizing access to this data. In this paper, we...... present a general model of video surveillance systems that will help identify the major security and privacy requirements for a video surveillance system and we use this model to identify practical challenges in ensuring the security of video surveillance data in all stages (in transit and at rest). Our...

  13. 48 CFR 52.204-2 - Security Requirements.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Security Requirements. 52.204-2 Section 52.204-2 Federal Acquisition Regulations System FEDERAL ACQUISITION REGULATION... Contractor agrees to insert terms that conform substantially to the language of this clause, including...

  14. Mobile health requires mobile security: challenges, solutions, and standardization.

    Science.gov (United States)

    Pharow, Peter; Blobel, Bernd

    2008-01-01

    Extended communication and advanced cooperation in a permanently growing healthcare and welfare domain require a well-defined set of security services provided by an interoperable security infrastructure based on international and European standards. Any communication and collaboration procedure requires a purpose. But such legal purpose-binding is definitely not the only aspect to carefully be observed and investigated. More and more, aspects of security, safety, privacy, ethics, and quality reach importance while discussing about future-proof health information systems and health networks - regardless whether local, regional or even pan-European networks. During the course of the current paradigm change from an organization-centered to a process-related and to a person-centered health system, different new technologies including mobile solutions need to be applied in order to meet challenges arising from both legal and technical circumstances. Beside the typical Information and Communication Technology systems and applications, the extended use of modern technologies includes large medical devices like, e.g., MRI and CT but also small devices like sensors worn by a person or included in clothing. Security and safety are on top of the priority list. The paper addresses the identification of some specific aspects like mobile technology and safety when moving both IT and people towards mobile health aiming at increasing citizens and patients awareness, confidence, and acceptance in future mobile care - a world often still beyond the horizon.

  15. A Business Goal Driven Approach for Understanding and Specifying Information Security Requirements

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; Eck, van P.A.T.

    2006-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most im

  16. 46 CFR 11.811 - Requirements to qualify for an STCW endorsement as vessel security officer.

    Science.gov (United States)

    2010-10-01

    ... 46 Shipping 1 2010-10-01 2010-10-01 false Requirements to qualify for an STCW endorsement as vessel security officer. 11.811 Section 11.811 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY... § 11.811 Requirements to qualify for an STCW endorsement as vessel security officer. (a) The...

  17. 76 FR 12645 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

    Science.gov (United States)

    2011-03-08

    ... COMMISSION 17 CFR Part 242 RIN 3235-AK74 Ownership Limitations and Governance Requirements for Security... FURTHER INFORMATION CONTACT: Proposals relating to security-based swap clearing agencies: Catherine Moore... in and the governance of security-based swap clearing agencies, SB SEFs and SBS...

  18. The Arctic Region: A Requirement for New Security Architecture?

    Science.gov (United States)

    2013-03-01

    the vast array of security challenges that will inevitably arise in the Arctic. In spite of the success of the Treaty of the Antarctic , the Arctic...Unlike Antarctica, there is no comprehensive treaty protecting the Arctic or its resources and many observers argue that innovative security...current international treaty (ex. UNCLOS) as a sufficient regulatory basis to deal with Arctic issues. Finland is open to expanding the Arctic

  19. Demanding Requirement of Security for Wireless Mobile Devices: A Survey

    Directory of Open Access Journals (Sweden)

    K. Muthumanickam

    2014-12-01

    Full Text Available Today, the technology advancement in telecommunication facilitates users to bear portable devices with convenient and timely accessing to their personal and business data on the fly. In this regard, mobile and ubiquitous devices become part of the user’s personal or business growing. Recently, the usage of portable devices has drastically amplified due to wireless data technologies such as GPRS, GSM, Bluetooth, WI-Fi and WiMAX. As the use of wireless portable devices increases, the risks associated with them also increases. Specifically Android Smart-phone which can access the Internet may now signify an ultimate option for malware authors. As the core open communication mediocre, the Airwave, is susceptible, there has been a rise of a security technique suggested by researchers. When comparing to security measures proposed to protect wireless devices, protecting mobile vulnerabilities is still immature. So in this study, we present an organized and widespread overview of the research on the security elucidation for wireless portable devices. This survey study discusses the security risks imposed by vulnerabilities, threats and security measures in the recent past, mainly spotlighting on complex attacks to user applications. We classify existing countermeasures at guarding wireless mobile devices facing different kinds of attacks into various groups; depend on the revealing technique, collected information and operating systems. In the next phase we will design and implement new security model to protect mobile phone resources against unknown vulnerabilities.

  20. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-01-01

    ... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be...

  1. Communications Security: A Timeless Requirement While Conducting Warfare

    Science.gov (United States)

    2012-04-10

    during the battles of Pearl Harbor and Midway, along with the ongoing enigma , comprise valid and tangible examples of the importance of communications...Additionally, they leverage tools such as the media and social networking systems to publish their message, recruit followers, and organize attacks...National Security Agency, 2008. Harper, Stephen, Capturing Enigma : How HMS Petard Seized the German Naval Codes. Trowbridge, Wiltshire: Sutton

  2. Critical water requirements for food, methodology and policy consequences for food security

    NARCIS (Netherlands)

    Gerbens-Leenes, P.W.; Nonhebel, S.

    2004-01-01

    Food security and increasing water scarcity have a dominant place on the food policy agenda. Food security requires sufficient water of adequate quality because water is a prerequisite for plant growth. Nowadays, agriculture accounts for 70% of the worldwide human fresh water use. The expected incre

  3. 77 FR 52692 - NIST Federal Information Processing Standard (FIPS) 140-3 (Second Draft), Security Requirements...

    Science.gov (United States)

    2012-08-30

    ... National Institute of Standards and Technology NIST Federal Information Processing Standard (FIPS) 140-3... sections of Federal Information Processing Standard 140-3 (Second Draft), Security Requirements for... may be sent to: Chief, Computer Security Division, Information Technology Laboratory, Attention:...

  4. 48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information technology (IT) resources....

  5. 48 CFR 27.203 - Security requirements for patent applications containing classified subject matter.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 1 2010-10-01 2010-10-01 false Security requirements for patent applications containing classified subject matter. 27.203 Section 27.203 Federal Acquisition... subject matter....

  6. Engineering Safety- and Security-Related Requirements for Software-Intensive Systems

    Science.gov (United States)

    2016-06-30

    2007 Carnegie Mellon University Engineering Safety- and Security-Related Requirements for Software- Intensive Systems ICCBSS’2007 Conference...Tutorial Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Donald Firesmith 27 February 2007 Report Documentation Page Form...COVERED 00-00-2007 to 00-00-2007 4. TITLE AND SUBTITLE Engineering Safety- and Security-Related Requirements for Software-Intensive Systems 5a

  7. DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTURES – WEB SERVICES CASE STUDY

    Directory of Open Access Journals (Sweden)

    M.Upendra Kumar

    2011-07-01

    Full Text Available Software Engineering covers the definition of processes, techniques and models suitable for its environment to guarantee quality of results. An important design artifact in any software development project is the Software Architecture. Software Architecture’s important part is the set of architectural design rules. A primary goal of the architecture is to capture the architecture design decisions. An important part of these design decisions consists of architectural design rules In an MDA (Model-Driven Architecture context, the design of the system architecture is captured in the models of the system. MDA is known to be layered approach for modeling the architectural design rules and uses design patterns to improve the quality of software system. And to include the security to the software system, security patterns are introduced that offer security at the architectural level. More over, agile software development methods are used to build secure systems. There are different methods defined in agile development as extreme programming (XP, scrum, feature driven development (FDD, test driven development (TDD, etc. Agile processing is includes the phases as agile analysis, agile design and agile testing. These phases are defined in layers of MDA to provide security at the modeling level which ensures that security at the system architecture stage will improve the requirements for that system. Agile modeled Layered Security Architectures increase the dependability of the architecture in terms of privacy requirements. We validate this with a case study of dependability of privacy of Web Services Security Architectures, which helps for secure service oriented security architecture. In this paper the major part is given to model architectural design rules using MDA so that architects and developers are responsible to automatic enforcement on the detailed design and easy to understand and use by both of them. This MDA approach is implemented in use of

  8. Security Quality Requirements Engineering (SQUARE): Case Study Phase III

    Science.gov (United States)

    2006-05-01

    misuse cases (used to generate requirements in the previous year�s project) • soft systems methodology (SSM) • quality function deployment (QFD...team�s output. 72 CMU/SEI-2006-SR-003 Soft Systems Methodology (SSM) SSM deals with problem situations in which there is a high social, political...1990. http://www.sei.cmu.edu /publications/documents/cms/cm.019.html. [Checkland 89] Checkland, P. Soft Systems Methodology : Rational Analysis for

  9. Privacy and data security in E-health: requirements from the user's perspective.

    Science.gov (United States)

    Wilkowska, Wiktoria; Ziefle, Martina

    2012-09-01

    In this study two currently relevant aspects of using medical assistive technologies were addressed-security and privacy. In a two-step empirical approach that used focus groups (n = 19) and a survey (n = 104), users' requirements for the use of medical technologies were collected and evaluated. Specifically, we focused on the perceived importance of data security and privacy issues. Outcomes showed that both security and privacy aspects play an important role in the successful adoption of medical assistive technologies in the home environment. In particular, analysis of data with respect to gender, health-status and age (young, middle-aged and old users) revealed that females and healthy adults require, and insist on, the highest security and privacy standards compared with males and the ailing elderly.

  10. Requirements for Development of an Assessment System for IT&C Security Audit

    Directory of Open Access Journals (Sweden)

    Marius Popa

    2010-12-01

    Full Text Available IT&C security audit processes are carried out to implement information security management. The audit processes are included in an audit program as decision of the management staff to establish the organization situation against to the planned or expected one. The audit processes require evidence to highlight the above issues. The evidences are gathered by audit team and some automation processes to increase the productivity and accuracy of the audit are needed. The paper presents some issues of the requirements for development of an assessment system with some considerations for IT&C security audit. The emphasized issues are grouped in the following sections: IT&C security audit processes, characteristics of the indicators development process and implementation issues of an assessment system.

  11. Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

    Science.gov (United States)

    Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

    2015-01-01

    This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

  12. Moving from Requirements to Design Confronting Security Issues: A Case Study

    Science.gov (United States)

    Halkidis, Spyros T.; Chatzigeorgiou, Alexander; Stephanides, George

    Since the emergence of software security as a research area, it has been evident that security should be incorporated as early as possible in the software lifecycle. The advantage is that large gains can be achieved in terms of cost and effort compared to the introduction of security as an afterthought. The earliest possible phase to consider possible attacks is during requirements specification. A widely accepted approach to consider security in the requirements is the employment of misuse cases. In this paper we examine a case study to automatically generate a class diagram, based on the use and misuse cases present in the requirements. Particularly, we extend a natural language processing approach to move beyond a general domain model and produce a detailed class diagram. Moreover, security patterns are introduced in appropriate places of the design to confront the documented attacks and protect the threatened resources. Additionally, we perform an experimental study to investigate the tradeoff between the additional effort to mitigate the attacks and the security risk of the resulting system. Finally, the optimization problem of finding the smallest system regarding additional effort given a maximum acceptable risk is established and an appropriate algorithm to solve it is proposed.

  13. Security Requirements Metrics for Pattern-Lock Applications on Mobile Devices

    Directory of Open Access Journals (Sweden)

    Irfan Afifullah

    2016-11-01

    Full Text Available Pattern-Lock is one of graphical authentication schemes that shows high popularity today. Based on recent research, the security requirements metrics of Pattern-Lock applications have not proposed yet. The goal of this study is to define security requirements metrics for Pattern-Lock applications on mobile devices. Our study has identified 12 threat statements and 18 requirements statements by analyzing STRIDE (Spoofing the identity, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege and Extended Misuse Case diagram. To develop the metrics we have used Goal-Question-Metric (GQM paradigm. Based on these, we develop 3 Goals and 7 Questions and resulted in 20 metrics for security requirements. The metrics have been evaluated using 30 App Locker Android applications, and the results show that some metrics have higher values than others. Number of Pattern Characteristics that Successfully Detected, Ability to Relock, and Grid Size metrics have the three highest values. These metrics requires higher priorities to look into when developers need to build the App Locker applications. Moreover, developers should ensure that App Locker applications have values higher than average of security goals and metrics achievements.

  14. 信息系统安全需求分析方法研究%Approaches for Security Requirements Analysis of Information Systems

    Institute of Scientific and Technical Information of China (English)

    曹阳; 张维明

    2003-01-01

    Security requirements analysis is a precondition to provide effective and appropriate safeguard for information systems. Based on the existing theories and approaches, this paper discusses the categories and analysis procedure of security requirements in information systems. And according to the basic steps of security requirements analysis, the security hazard analysis model and the security risk analysis model are presented here. At the end, the methods of security requirements specification and the corresponding improvements are also introduced.

  15. 48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition Regulations... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information...

  16. 48 CFR 652.239-71 - Security Requirements for Unclassified Information Technology Resources.

    Science.gov (United States)

    2010-10-01

    ... Unclassified Information Technology Resources. 652.239-71 Section 652.239-71 Federal Acquisition Regulations... Provisions and Clauses 652.239-71 Security Requirements for Unclassified Information Technology Resources. As... Technology Resources (SEP 2007) (a) General. The Contractor shall be responsible for information...

  17. 48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology... Unclassified Information Technology Resources (APR 2005) (a) The Contractor shall be responsible...

  18. 48 CFR 352.239-72 - Security requirements for Federal information technology resources.

    Science.gov (United States)

    2010-10-01

    ... Federal information technology resources. 352.239-72 Section 352.239-72 Federal Acquisition Regulations... Provisions and Clauses 352.239-72 Security requirements for Federal information technology resources. As... Federal Information Technology Resources (January 2010) (a) Applicability. This clause applies whether...

  19. 12 CFR 208.35 - Qualification requirements for transactions in certain securities. [Reserved

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 2 2010-01-01 2010-01-01 false Qualification requirements for transactions in certain securities. 208.35 Section 208.35 Banks and Banking FEDERAL RESERVE SYSTEM BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM MEMBERSHIP OF STATE BANKING INSTITUTIONS IN THE FEDERAL RESERVE...

  20. 13 CFR 107.1410 - Requirement to redeem 4 percent Preferred Securities.

    Science.gov (United States)

    2010-01-01

    ... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Requirement to redeem 4 percent Preferred Securities. 107.1410 Section 107.1410 Business Credit and Assistance SMALL BUSINESS ADMINISTRATION SMALL BUSINESS INVESTMENT COMPANIES SBA Financial Assistance for Licensees (Leverage)...

  1. 13 CFR 107.1420 - Articles requirements for 4 percent Preferred Securities.

    Science.gov (United States)

    2010-01-01

    ... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Articles requirements for 4 percent Preferred Securities. 107.1420 Section 107.1420 Business Credit and Assistance SMALL BUSINESS ADMINISTRATION SMALL BUSINESS INVESTMENT COMPANIES SBA Financial Assistance for Licensees (Leverage)...

  2. 28 CFR 105.11 - Individuals not requiring a security risk assessment.

    Science.gov (United States)

    2010-07-01

    ... citizen or national of the United States prior to providing training in the operation of an aircraft with... BACKGROUND CHECKS Aviation Training for Aliens and Other Designated Individuals § 105.11 Individuals not requiring a security risk assessment. (a) Citizens and nationals of the United States. A citizen or...

  3. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  4. DOE Integrated Safeguards and Security (DISS) historical document archival and retrieval analysis, requirements and recommendations

    Energy Technology Data Exchange (ETDEWEB)

    Guyer, H.B.; McChesney, C.A.

    1994-10-07

    The overall primary Objective of HDAR is to create a repository of historical personnel security documents and provide the functionality needed for archival and retrieval use by other software modules and application users of the DISS/ET system. The software product to be produced from this specification is the Historical Document Archival and Retrieval Subsystem The product will provide the functionality to capture, retrieve and manage documents currently contained in the personnel security folders in DOE Operations Offices vaults at various locations across the United States. The long-term plan for DISS/ET includes the requirement to allow for capture and storage of arbitrary, currently undefined, clearance-related documents that fall outside the scope of the ``cradle-to-grave`` electronic processing provided by DISS/ET. However, this requirement is not within the scope of the requirements specified in this document.

  5. Analyzing the requirements for a robust security criteria and management of multi-level security in the clouds

    Science.gov (United States)

    Farroha, Bassam S.; Farroha, Deborah L.

    2011-06-01

    The new corporate approach to efficient processing and storage is migrating from in-house service-center services to the newly coined approach of Cloud Computing. This approach advocates thin clients and providing services by the service provider over time-shared resources. The concept is not new, however the implementation approach presents a strategic shift in the way organizations provision and manage their IT resources. The requirements on some of the data sets targeted to be run on the cloud vary depending on the data type, originator, user, and confidentiality level. Additionally, the systems that fuse such data would have to deal with the classifying the product and clearing the computing resources prior to allowing new application to be executed. This indicates that we could end up with a multi-level security system that needs to follow specific rules and can send the output to a protected network and systems in order not to have data spill or contaminated resources. The paper discusses these requirements and potential impact on the cloud architecture. Additionally, the paper discusses the unexpected advantages of the cloud framework providing a sophisticated environment for information sharing and data mining.

  6. NERSC Cyber Security Challenges That Require DOE Development andSupport

    Energy Technology Data Exchange (ETDEWEB)

    Draney, Brent; Campbell, Scott; Walter, Howard

    2007-01-16

    Traditional security approaches do not adequately addressall the requirements of open, scientific computing facilities. Many ofthe methods used for more restricted environments, including almost allcorporate/commercial systems, do not meet the needs of today's science.Use of only the available "state of the practice" commercial methods willhave adverse impact on the ability of DOE to accomplish its sciencegoals, and impacts the productivity of the DOE Science community. Inparticular, NERSC and other high performance computing (HPC) centers havespecial security challenges that are unlikely to be met unless DOE fundsdevelopment and support of reliable and effective tools designed to meetthe cyber security needs of High Performance Science. The securitychallenges facing NERSC can be collected into three basic problem sets:network performance and dynamics, application complexity and diversity,and a complex user community that can have transient affiliations withactual institutions. To address these problems, NERSC proposes thefollowing four general solutions: auditing user and system activityacross sites; firewall port configuration in real time;cross-site/virtual organization identity management and access control;and detecting security issues in application middleware. Solutions arealsoproposed for three general long term issues: data volume,application complexity, and information integration.

  7. An analysis of Technical Security Control Requirements For Digital I and C Systems in Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Song, Jaegu; Lee, Jungwoon; Park, Geeyong; Kwon, Keechoon; Lee, Dongyoung; Lee, Cheolkwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2013-10-15

    Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  8. Security

    Science.gov (United States)

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  9. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  10. Teaching Case: IS Security Requirements Identification from Conceptual Models in Systems Analysis and Design: The Fun & Fitness, Inc. Case

    Science.gov (United States)

    Spears, Janine L.; Parrish, James L., Jr.

    2013-01-01

    This teaching case introduces students to a relatively simple approach to identifying and documenting security requirements within conceptual models that are commonly taught in systems analysis and design courses. An introduction to information security is provided, followed by a classroom example of a fictitious company, "Fun &…

  11. A Wireless Sensor Network for Hospital Security: From User Requirements to Pilot Deployment

    Directory of Open Access Journals (Sweden)

    Kaseva Ville

    2011-01-01

    Full Text Available Increasing amount of Wireless Sensor Network (WSN applications require low network delays. However, current research on WSNs has mainly concentrated on optimizing energy-efficiency omitting low network delays. This paper presents a novel WSN design targeted at applications requiring low data transfer delays and high reliability. We present the whole design flow from user requirements to an actual pilot deployment in a real hospital unit. The WSN includes multihop low-delay data transfer and energy-efficient mobile nodes reaching lifetime of years with small batteries. The nodes communicate using a low-cost low-power 2.4 GHz radio. The network is used in a security application with which personnel can send alarms in threatening situations. Also, a multitude of sensor measurements and actuator control is possible with the WSN. A full-scale pilot deployment is extensively experimented for performance results. Currently, the pilot network is in use at the hospital.

  12. Research on Eliciting Security Requirement Methods%软件安全需求获取方法的研究

    Institute of Scientific and Technical Information of China (English)

    金英; 刘鑫; 张晶

    2011-01-01

    Recently more and more attention has been paid to use active defense in software security because it provides a positive way to guarantee software security and effectively construct high-confidential software. Security requirements were critical to software security assurance. Eliciting security requirements was one of major and difficult tasks during the security assurance. Some typical methods about eliciting security requirements were studied, compared and analyzed with respect to their research methods, application, etc. The current status of different approaches to security requirements elicitation were summarized,and future trends were explored in the end. The above work will provide a valuable reference for carrying out research and application in security requirement engineering.%近年来,软件主动式防御思想在软件安全性保障中的地位越来越高,它是一种积极的保障软件安全性的思想,可有效地构建高可信性软件.安全需求的获取是软件安全性保障中最关键的部分,是主动式防御首要完成的任务并且也是最难完成的部分.针对典型的安全需求获取方法,从它们的研究途径、应用情况等方面进行比较和分析,总结并讨论了安全需求获取方法的状况及其未来的发展趋势.上述工作将对安全需求获取方法的研究和实践应用提供有益参考.

  13. AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

    Directory of Open Access Journals (Sweden)

    JAE-GU SONG

    2013-10-01

    Full Text Available Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  14. 77 FR 70213 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-11-23

    ... to enable net capital computations to reflect the market risk inherent in the positioning of the... and Markets, Securities and Exchange Commission, 100 F Street, NE., Washington, DC 20549-7010... Economic Analysis 1. Overview of the OTC Derivatives Markets--Baseline for Proposed Rules 18a-1 through...

  15. Knowledge Base for an Intelligent System in order to Identify Security Requirements for Government Agencies Software Projects

    Directory of Open Access Journals (Sweden)

    Adán Beltrán G.

    2016-01-01

    Full Text Available It has been evidenced that one of the most common causes in the failure of software security is the lack of identification and specification of requirements for information security, it is an activity with an insufficient importance in the software development or software acquisition We propose the knowledge base of CIBERREQ. CIBERREQ is an intelligent knowledge-based system used for the identification and specification of security requirements in the software development cycle or in the software acquisition. CIBERREQ receives functional software requirements written in natural language and produces non-functional security requirements through a semi-automatic process of risk management. The knowledge base built is formed by an ontology developed collaboratively by experts in information security. In this process has been identified six types of assets: electronic data, physical data, hardware, software, person and service; as well as six types of risk: competitive disadvantage, loss of credibility, economic risks, strategic risks, operational risks and legal sanctions. In addition there are defined 95 vulnerabilities, 24 threats, 230 controls, and 515 associations between concepts. Additionally, automatic expansion was used with Wikipedia for the asset types Software and Hardware, obtaining 7125 and 5894 software and hardware subtypes respectively, achieving thereby an improvement of 10% in the identification of the information assets candidates, one of the most important phases of the proposed system.

  16. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  17. A Novel Web-based Approach for Balancing Usability and Security Requirements of Text Passwords

    Directory of Open Access Journals (Sweden)

    Dhananjay Kulkarni

    2010-07-01

    Full Text Available Many Internet applications, for example e-commerce or email services require that users create a username and passwordwhich serves as an authentication mechanism. Though text passwords have been around for a while, not muchhas been done in helping naive Internet users in creating strong passwords. Generally users prefer easy-to-rememberpasswords, but service provides prefer that users use a strong, difficult-to-guess password policy to protect their ownresources. In this work we have explored how appropriate feedback on password strength can be useful in choosing astrong password. We first discuss the results of a security vs. usability study that we did, which shows the currenttrends in choosing passwords, and how a password cracking tools can easily guess a majority of weak passwords. Next,we propose a novel framework, which addresses our problem of enforcing password policies. Given a password policy,our framework is able to monitor password strength, and suggest passwords that are stronger. Moreover, since ourpasswords are pareto-efficient, and involve user participation in making a selection, we believe that our frameworkmakes appropriate tradeoffs between password strength and difficulty in remembering. We also propose novel ways tocompute the password reminder interval so that user-satisfaction remains within bounds. Experimental study showsthat our approach is much better that current password creation models, and serves as a practical tool that can beintegrated with Internet applications.

  18. 76 FR 15874 - Beneficial Ownership Reporting Requirements and Security-Based Swaps

    Science.gov (United States)

    2011-03-22

    ... accumulation of securities, regardless of technique employed, which might represent a potential shift in... securities while in possession of material, non-public information. Upon becoming an insider, or upon Section... Deposit Insurance Corporation. Our staff also consulted with the CFTC. A person's possession of voting...

  19. 48 CFR 1352.239-72 - Security requirements for information technology resources.

    Science.gov (United States)

    2010-10-01

    ..., computer ethics, and best practices, in accordance with DOC IT Security Program Policy, chapter 15, section... term “Sensitive” is defined by the guidance set forth in the Computer Security Act of 1987 (Pub. L. 100... of computer systems, networks, and telecommunications systems. (c) The contractor shall...

  20. Effective Electronic Security: Process for the Development and Validation from Requirements to Testing

    Science.gov (United States)

    2013-06-01

    ALTERNATIVE DEVELOPMENT We will bankrupt ourselves in the vain search for absolute security. Dwight D. Eisenhower The method used to take an...The mysterious stranger and other stories (1st ed.). New York: Harper & Bros. United Kingdom Home Office. (2012). Security industry authority

  1. Identification of the Required Security Practices during e-Government Maturity

    Science.gov (United States)

    Shayan, Ali; Abdi, Behnam; Qeisari, Malihe

    In spite of the e-government benefits, there are some problems during its successful implementation. One of which is information security issues. In this paper, attempts will be made to illustrate the main practices of information security management in each stage of e-government maturity. This study is based on Delphi technique which carried out in two rounds. Based on the literature, a questionnaire was developed and distributed among 38 experts in the first round. In the second round, 12 experts participated. The IQR (Interquartile ranges) was calculated and it founds that the consensus is convenient. According to the results, trends can be depicted in the security practices which have implications for security vision, policies and practices during e-government maturity. The findings suggest that dealing with few aspects is not sufficient, and comprehensive integrated system of information security management should be regarded according to the specific circumstances of the organizations.

  2. Maritime supply chain security: Navigating through a sea of compliance requirements

    Directory of Open Access Journals (Sweden)

    Emma Maspero

    2008-11-01

    Full Text Available As a direct result of the 9-11 New York attack all modes of freight and passengertransportation were scrutinised for vulnerabilities. Over 90% of international trade takes place via sea transport for at least some part of the supply chain and as a result there has been a drive to better secure maritime transportation. This paper outlines the background to and the rationale behind the most important of the new security measures for maritime transportation and provides an overview of the likely implications for supply chain role-players. In addition the paper endeavours to create awareness of the importance of maritime supply chain security.

  3. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production

    DEFF Research Database (Denmark)

    Coles, Graeme D; Wratten, Stephen D; Porter, John Roy

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively...... with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude...... and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies....

  4. LTE security

    CERN Document Server

    Forsberg, Dan; Moeller, Wolf-Dietrich

    2010-01-01

    Addressing the security solutions for LTE, a cellular technology from Third Generation Partnership Project (3GPP), this book shows how LTE security substantially extends GSM and 3G security. It also encompasses the architectural aspects, known as SAE, to give a comprehensive resource on the topic. Although the security for SAE/LTE evolved from the security for GSM and 3G, due to different architectural and business requirements of fourth generation systems the SAE/LTE security architecture is substantially different from its predecessors. This book presents in detail the security mechanisms em

  5. 75 FR 65881 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

    Science.gov (United States)

    2010-10-26

    ... structures relating to ownership, voting, and governance of security- based swap clearing agencies, SB SEFs...: Comments may be submitted by any of the following methods: Electronic Comments Use the Commission's... and transparency in the financial system.\\2\\ Title VII of the Dodd-Frank Act provides the...

  6. Technology transfer of dynamic IT outsourcing requires security measures in SLAs

    NARCIS (Netherlands)

    F. Dickmann (Frank); M. Brodhun (Maximilian); J. Falkner (Jürgen); T.A. Knoch (Tobias); U. Sax (Ulrich)

    2010-01-01

    textabstractFor the present efforts in dynamic IT outsourcing environments like Grid or Cloud computing security and trust are ongoing issues. SLAs are a proved remedy to build up trust in outsourcing relations. Therefore, it is necessary to determine whether SLAs can improve trust from the perspect

  7. 48 CFR 1852.204-76 - Security requirements for unclassified information technolocgy resources.

    Science.gov (United States)

    2010-10-01

    ... Security Incident Reporting Guide, and the United States Computer Emergency Readiness Team's (US-CERT... coordination of its incident response team with the NASA Incident Response Center (NASIRC) and the NASA... Guideline) access to NASA's computer systems, networks, or IT infrastructure; or (2) Information...

  8. 77 FR 35259 - Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment

    Science.gov (United States)

    2012-06-13

    ... Policy Statement emphasizes the importance of establishing and maintaining risk processes to manage the... adequate capacity to meet the financial commitments under the security for the projected life of the investment. An issuer has an adequate capacity to meet financial commitments if the risk of default by...

  9. Texas Should Require Homeland Security Standards for High-Speed Rail

    Science.gov (United States)

    2015-12-01

    psychological and mental health effects, and community involvement. 14. SUBJECT TERMS homeland security, high-speed rail, passenger trains, transit...privacy, screening, psychological and mental health effects, and community involvement. vi THIS PAGE INTENTIONALLY LEFT BLANK vii TABLE OF...environment, offer the opportunity for specific populations to be targeted at particular destinations, and often have iconic structures .2 Regarding the

  10. 76 FR 73777 - Guidance on Due Diligence Requirements in Determining Whether Investment Securities Are Eligible...

    Science.gov (United States)

    2011-11-29

    ...-standing expectation that national banks implement a risk management process to ensure credit risk... credit quality is perceived to be very high. Bank management should ensure they understand the security's... credit quality standards under 12 U.S.C. 1831e. These standards determine whether national banks...

  11. What Are the Security Requirements for a Two-State Solution between Israel and Palestine?

    Science.gov (United States)

    2011-03-01

    Unified Security Agency, directed primarily by Colonel aI- Hindi was merged with the Central Intelligence, headed by Hakam Bal’awi, a wealthy...Amin al- Hindi , Tariq Abu Rajab and Fakhri Shaffurah, ran the new GIS. “In September 2009, Major General Majid Faraj was appointed head of the service...of vehicles that were destroyed attempting to run the blockade as a memorial and a reminder of the lessons learned from their experience. Israel

  12. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production.

    Science.gov (United States)

    Coles, Graeme D; Wratten, Stephen D; Porter, John R

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude that mixed dairy/cropping systems provide the greatest quantity of high-quality protein per unit price to the consumer, have the highest food energy production and can support the dietary requirements of the highest number of people, when assessed as all-year-round production systems. Global food and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies.

  13. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production

    DEFF Research Database (Denmark)

    Coles, Graeme D; Wratten, Stephen D; Porter, John Roy

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively......, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis...... with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude...

  14. Node security

    CERN Document Server

    Barnes, Dominic

    2013-01-01

    A practical and fast-paced guide that will give you all the information you need to secure your Node applications.If you are a developer who wishes to secure your Node applications, whether you are already using Node Security in production, or are considering using it for your next project, then this book will enable you to ensure security of your applications. An understanding of JavaScript is a prerequisite, and some experience with Node is recommended, though not required.

  15. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey

    Directory of Open Access Journals (Sweden)

    Mohamed S. Abdalzaher

    2016-06-01

    Full Text Available We present a study of using game theory for protecting wireless sensor networks (WSNs from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  16. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey.

    Science.gov (United States)

    Abdalzaher, Mohamed S; Seddik, Karim; Elsabrouty, Maha; Muta, Osamu; Furukawa, Hiroshi; Abdel-Rahman, Adel

    2016-06-29

    We present a study of using game theory for protecting wireless sensor networks (WSNs) from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  17. Regional, national and international security requirements for the transport of nuclear cargo by sea

    Energy Technology Data Exchange (ETDEWEB)

    Booker, P.A.; Barnwell, I. [Marine Operations, BNFL International Transport and British Nuclear Group Security (United Kingdom)

    2004-07-01

    Since the beginning of the nuclear age in the 1940's, the world has focused on the immense possibilities of nuclear power with both its destructive and productive capabilities. The civil nuclear industry in the UK, as in most nuclear weapons states, grew from the military facilities built in the post war years under the political climate of the Cold War. In the early years of the industry, civil and defence nuclear facilities were inextricably linked both in public perceptions and the regulatory infrastructure under which they operated. The nuclear arms race and the spread of communism overshadowed people's perceptions of there being two separate uses of nuclear material. This was a double edged sword which initially allowed the industry to develop largely unhindered by public concerns but latterly meant the industry could not break away from its roots and to many is still perceived as a dangerous and destructive force. Regulatory frameworks governing all aspects of the industry have developed both nationally and internationally driven by valid public concerns, political agendas and an international consensus that the unregulated use of nuclear material has catastrophic possibilities on an international scale. With the internationalisation of the civil nuclear industry and the costs associated with developing facilities to fully support each stage of the fuel cycle, from enrichment, fuel manufacturing, reprocessing and waste remediation, it became inevitable that a transport infrastructure would develop to make best use of the facilities. Regulations, both national and international are implicit in ensuring the security of nuclear material in transit. Due to the physical size of many of the irradiated fuel packages and implications of the changes to transport safety regulations, international transports of nuclear material, other than within mainland Europe, is predominantly carried out by sea.

  18. 78 FR 78470 - Registration and Financial Security Requirements for Freight Forwarders; International...

    Science.gov (United States)

    2013-12-26

    ... to set a minimum $75,000 surety bond/ trust fund requirement for brokers of property and freight... necessary to carry out the transportation policy of 49 U.S.C. 13101 Is not needed to protect shippers from... provision of to the person, class, or transportation is necessary to carry out the transportation policy...

  19. 49 CFR 1572.9 - Applicant information required for HME security threat assessment.

    Science.gov (United States)

    2010-10-01

    ... notification via e-mail, the applicant should so state. (3) Date of birth. (4) Gender. (5) Height, weight, hair... work for the employer(s) requires an HME. If the applicant's current employer is the U.S. military... maritime facility or vessel, TSA may provide limited information necessary to reduce the risk of injury...

  20. Mobile intelligent terminal security technology requirements standard interpretation%移动智能终端安全能力技术要求标准解读

    Institute of Scientific and Technical Information of China (English)

    谢利涛

    2013-01-01

    主要介绍了YD/T2407-2013《移动智能终端安全能力技术要求》标准的范围、安全能力框架及目标、主要技术要求、功能限制要求、安全能力分级和贯彻实施的相关建议。重点针对硬件安全能力、操作系统安全能力、外围接口安全能力、应用层安全要求和用户数据保护安全能力等方面进行了说明。%Mainly introduces YD/T2407-2013“intelligent mobile terminal security technical requirements”standard range,security framework and target,main technical requirements,functional limitations,safety re-quirements Ability Classification and implementation suggestions.Focusing on ability,hardware security op-erating system security capacity,peripheral interface security ability,application layer security require-ments and user data safety protection ability and other aspects are described.

  1. Information security fundamentals

    CERN Document Server

    Peltier, Thomas R

    2013-01-01

    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

  2. Security Architectures for Model Driven Web Requirements – Financial Application Case Study

    Directory of Open Access Journals (Sweden)

    A.V.Krishna Prasad

    2010-07-01

    Full Text Available MDA with executable UML offers an approach that embodies all the key ingredients of the process for developing dependable systems, by offering: A uniform strategy for preserving investment in existing models built using unsupported tools, by automatically migrating them to profiled UML models for subsequent maintenance and development using state of the art UML tools; A clean separation of application behavior from the platform specific implementation using technologies such as Integrated Modular Avionics (IMA, allowing the full potential of IMA to be realized in a consistent and dependable way; A semantically well defined formalism that can be used a basis for modular certification of safety related systems; The ability to generate not only the components of the target system, but components of development tool chain, providing scope for model translation and offering “executable specifications” that can be tested early and mapped reliably onto the target, leading to greater levels of dependency. MDA is a new approach for most organizations, and therefore carries additional training and learning curve costs and also currently the availability of production quality code generators is currently limited. MDA requires developers to work at a more abstract level than code although experience shows that most do not have any difficulty making the adjustment, there will be some who find this change of emphasis difficult to achieve. Building upon the initial success of MDA deployment so far, work is now proceeding on the enhancement of Ada code mapping rules to cover the entire xUML formalism. Work is also underway to develop a generic “adapter/router”component to provide a standard component to provide a standard way to interface re-engineered xUML components with pre-existing components. These techniques are now being applied to another avionics system in the same organization, in response to the customers need for a faster and cheaper upgrade

  3. Security for grids

    Energy Technology Data Exchange (ETDEWEB)

    Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

    2005-08-14

    Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.

  4. Application of Improved SQUARE Model in Software Security Requirements Elicitation%改进的 SQUARE 模型在软件安全需求获取中的应用

    Institute of Scientific and Technical Information of China (English)

    范洁; 许盛伟; 娄嘉鹏

    2013-01-01

    The eliciting of security requirement is a key factor to ensure software's security .To obtain the software's security requirement effectively , on the basis of the analysis of the Security Quality Re-quirements Engineering model , the steps of the SQUARE model was improved , and the classification standard about security requirements was defined , and the XML Schema definition of security require-ments document was presented .This thesis applied the Light -SQUARE model to university student Score Management System and elicited its security requirement , and stored the security requirement with XML format , realized cross-platform usability of the security requirement .%安全需求的获取是确保软件安全性的关键因素。为有效地获取软件的安全需求,在分析安全质量需求工程SQUARE模型的基础上,改进了该模型的执行步骤,制定了安全需求的分类标准,给出了安全需求文档的XML模式定义。应用改进的SQUARE模型对高校学生成绩管理系统进行安全需求获取,并将安全需求文档以XML格式进行存储,实现了安全需求的跨平台通用。

  5. Information Security Maturity Model

    OpenAIRE

    Information Security Maturity Model

    2011-01-01

    To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

  6. Security during the Construction of New Nuclear Power Plants: Technical Basis for Access Authorization and Fitness-For-Duty Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Branch, Kristi M.; Baker, Kathryn A.

    2009-09-01

    A technical letter report to the NRC summarizing the findings of a benchmarking study, literature review, and workshop with experts on current industry standards and expert judgments about needs for security during the construction phase of critical infrastructure facilities in the post-September 11 U.S. context, with a special focus on the construction phase of nuclear power plants and personnel security measures.

  7. Junos Security

    CERN Document Server

    Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

    2010-01-01

    Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag

  8. 物联网发展的安全需求%The Security Requirements of IOT Development

    Institute of Scientific and Technical Information of China (English)

    孙伟; 刘志杰

    2013-01-01

      The needs of security focused on the development of IOT were discussed, and the currently available security mechanisms and methods were analyzed, including integrating the existing security mechanisms into IOT, programs given to adapt IOT, or new designs.%  重点讨论了物联网发展面临的安全需求,分析了当前可用的安全机制和方法,通过把原有安全机制整合到物联网中,或者是给出适应物联网的方案,再或者是进行全新的设计。

  9. Proliferation Security Initiative: Agencies Have Adopted Policies and Procedures but Steps Needed to Meet Reporting Requirement and to Measure Results

    Science.gov (United States)

    2012-03-01

    has been actively participating in the Proliferation Security Initiative (PSI) to assist in U.S. efforts to break up black markets , detect and...Committee on Armed Services United States Senate The Honorable John Kerry Chairman The Honorable Richard G. Lugar Ranking Member Committee on

  10. FOOD SECURITY

    Directory of Open Access Journals (Sweden)

    Dorina Ardelean

    2013-12-01

    Full Text Available The assurance of food security at the individual level doesn’t implicitly provide for the one at family level as the concepts of hunger, malnutrition and food insecurity are the steps of the same process of access restricted to a sufficient supply of food. In order to achieve food security at the individual level the following is necessary: ensuring food availability (production, reserve stocks; redistribution of food availability within the country or out through international exchanges; effective access of the population to purchase food consumer goods, by ensuring its effective demand as required. Food security of families (FFS is required for assuring individual food security (IFS, but it is not sufficient because the food available may be unevenly distributed between family members. National food security (NFS corresponds to the possibilities that different countries have to ensure both FFS and IFS without sacrificing other important objectives. Under the name of GAS is defined the global food security which represents permanent access for the entire population of the globe to the necessary food for a healthy and active life.

  11. EPICS: Channel Access security design

    Energy Technology Data Exchange (ETDEWEB)

    Kraimer, M.; Hill, J.

    1994-05-01

    This document presents the design for implementing the requirements specified in: EPICS -- Channel Access Security -- functional requirements, Ned. D. Arnold, 03/09/92. Use of the access security system is described along with a summary of the functional requirements. The programmer`s interface is given. Security protocol is described and finally aids for reading the access security code are provided.

  12. Protein security and food security in China

    Directory of Open Access Journals (Sweden)

    Zheng RUAN,Shumei MI,Yan ZHOU,Zeyuan DENG,Xiangfeng KONG,Tiejun LI,Yulong YIN

    2015-06-01

    Full Text Available Food security, the need to meet nutritional requirements, and four main problems for food protein security in China are analyzed. From the perspective of residentsrsquo; nutritional requirements and balanced dietary patterns, the conclusion is that food security in China is in essence dependent on protein production and security of supply and that fat and carbohydrates supply in China can reach self-sufficiency. Considering the situation of food protein production and consumption in China, policy suggestions are made, which could ensure a balanced supply and demand for food protein and food security in China.

  13. Secure portal.

    Energy Technology Data Exchange (ETDEWEB)

    Nelson, Cynthia Lee

    2007-09-01

    There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allow special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing

  14. Data security.

    Science.gov (United States)

    2016-09-01

    A government-commissioned review of data security across health and care has led to the proposal of new standards for security and options for a consent/opt-out model. Standards include that all staff complete appropriate annual data security training and pass a mandatory test provided through the revised Information Governance Toolkit, that personal confidential data is only accessible to staff who need it for their current role, and that access is removed as soon as it is no longer required. The consent/opt-out model is outlined under 8 statements, and includes certain circumstances where it will not apply, for example, where there is an overriding public interest, or mandatory legal requirement.

  15. Medical database security evaluation.

    Science.gov (United States)

    Pangalos, G J

    1993-01-01

    Users of medical information systems need confidence in the security of the system they are using. They also need a method to evaluate and compare its security capabilities. Every system has its own requirements for maintaining confidentiality, integrity and availability. In order to meet these requirements a number of security functions must be specified covering areas such as access control, auditing, error recovery, etc. Appropriate confidence in these functions is also required. The 'trust' in trusted computer systems rests on their ability to prove that their secure mechanisms work as advertised and cannot be disabled or diverted. The general framework and requirements for medical database security and a number of parameters of the evaluation problem are presented and discussed. The problem of database security evaluation is then discussed, and a number of specific proposals are presented, based on a number of existing medical database security systems.

  16. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage.

    Science.gov (United States)

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called "privacy principles" to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions - when implementing laboratory data protocols - with experts in the fields.

  17. Leadership in organizations with high security and reliability requirements; Liderazgo en organizaciones con altos requisitos de seguridad y fiabilidad

    Energy Technology Data Exchange (ETDEWEB)

    Gonzalez, F.

    2013-07-01

    Developing leadership skills in organizations is the key to ensure the sustain ability of excellent results in industries with high requirements safety and reliability. In order to have a model of leadership development specific to this type of organizations, Tecnatom in 2011, we initiated a project internal, to find and adapt a competency model to these requirements.

  18. Secure Disk Mixed System

    Directory of Open Access Journals (Sweden)

    Myongchol Ri

    2013-01-01

    Full Text Available We propose a disk encryption method, called Secure Disk Mixed System (SDMS in this paper, for data protection of disk storages such as USB flash memory, USB hard disk and CD/DVD. It is aimed to solve temporal and spatial limitations of existing disk encryption methods and to control security performance flexibly according to the security requirement of system.

  19. Learning Puppet security

    CERN Document Server

    Slagle, Jason

    2015-01-01

    If you are a security professional whose workload is increasing, or a Puppet professional looking to increase your knowledge of security, or even an experienced systems administrator, then this book is for you. This book will take you to the next level of security automation using Puppet. The book requires no prior knowledge of Puppet to get started.

  20. Microsoft Azure security

    CERN Document Server

    Freato, Roberto

    2015-01-01

    This book is intended for Azure administrators who want to understand the application of security principles in distributed environments and how to use Azure to its full capability to reduce the risks of security breaches. Only basic knowledge of the security processes and services of Microsoft Azure is required.

  1. Arguing Against Security Communitarianism

    DEFF Research Database (Denmark)

    Bilgin, Pinar

    2016-01-01

    as a particular approach that seeks to limit the scope of security to one’s community – be it the ‘nation-state’ or ‘civilization’. I will suggest that arguing against ‘security communitarianism’ requires paying further attention to the postcolonial critique of cosmopolitanism.......Anthony Burke’s ‘security cosmopolitanism’ is a fresh and thought-provoking contribution to critical theorizing about security. In this discussion piece, I would like to join Burke’s call for ‘security cosmopolitanism’ by way of arguing against ‘security communitarianism’. I understand the latter...

  2. Android application security essentials

    CERN Document Server

    Rai, Pragati

    2013-01-01

    Android Application Security Essentials is packed with examples, screenshots, illustrations, and real world use cases to secure your apps the right way.If you are looking for guidance and detailed instructions on how to secure app data, then this book is for you. Developers, architects, managers, and technologists who wish to enhance their knowledge of Android security will find this book interesting. Some prior knowledge of development on the Android stack is desirable but not required.

  3. 78 FR 5116 - NASA Information Security Protection

    Science.gov (United States)

    2013-01-24

    ... SPACE ADMINISTRATION 14 CFR Part 1203 RIN 2700-AD61 NASA Information Security Protection AGENCY..., Classified National Security Information, and appropriately to correspond with NASA's internal requirements, NPR 1600.2, Classified National Security Information, that establishes the Agency's requirements...

  4. Relaxing Chosen-Ciphertext Security

    DEFF Research Database (Denmark)

    Canetti, Ran; Krawczyk, Hugo; Nielsen, Jesper Buus

    2003-01-01

    Security against adaptive chosen ciphertext attacks (or, CCA security) has been accepted as the standard requirement from encryption schemes that need to withstand active attacks. In particular, it is regarded as the appropriate security notion for encryption schemes used as components within...... general protocols and applications. Indeed, CCA security was shown to suffice in a large variety of contexts. However, CCA security often appears to be somewhat too strong: there exist encryption schemes (some of which come up naturally in practice) that are not CCA secure, but seem sufficiently secure...... “for most practical purposes.” We propose a relaxed variant of CCA security, called Replayable CCA (RCCA) security. RCCA security accepts as secure the non-CCA (yet arguably secure) schemes mentioned above; furthermore, it suffices for most existing applications of CCA security. We provide three...

  5. Biosurveillance capability requirements for the global health security agenda: lessons from the 2009 H1N1 pandemic.

    Science.gov (United States)

    Stoto, Michael A

    2014-01-01

    The biosurveillance capabilities needed to rapidly detect and characterize emerging biological threats are an essential part of the Global Health Security Agenda (GHSA). The analyses of the global public health system's functioning during the 2009 H1N1 pandemic suggest that while capacities such as those identified in the GHSA are essential building blocks, the global biosurveillance system must possess 3 critical capabilities: (1) the ability to detect outbreaks and determine whether they are of significant global concern, (2) the ability to describe the epidemiologic characteristics of the pathogen responsible, and (3) the ability to track the pathogen's spread through national populations and around the world and to measure the impact of control strategies. The GHSA capacities-laboratory and diagnostic capacity, reporting networks, and so on-were essential in 2009 and surely will be in future events. But the 2009 H1N1 experience reminds us that it is not just detection but epidemiologic characterization that is necessary. Similarly, real-time biosurveillance systems are important, but as the 2009 H1N1 experience shows, they may contain inaccurate information about epidemiologic risks. Rather, the ability of scientists in Mexico, the United States, and other countries to make sense of the emerging laboratory and epidemiologic information that was critical-an example of global social capital-enabled an effective global response. Thus, to ensure that it is meeting its goals, the GHSA must track capabilities as well as capacities.

  6. Image Security

    Science.gov (United States)

    2007-11-02

    popularity, contemplates the cru- cial needs for protecting intellectual property rights on multimedia content like images, video, audio , and oth- ers...protection for still images, audio , video, and multimedia products.’ The networking environment of the future will require tools that provide m secure and fast...technique known as steganography ? Steganography , or “covered writing,” George Voyatzis and Ioannis Pitas University of Thessaloniki has a long

  7. Modified Small Business Network Security

    Directory of Open Access Journals (Sweden)

    Md. Belayet Ali

    2012-02-01

    Full Text Available This paper covers some likely threats and effectivesteps for a secure small business. It also involves a flowchart tocomprehend the overall small business network security easilyand we identify a set of security issues and applyappropriate techniques to satisfy the correspondingsecurity requirements. In respect of all, this document isstrong enough for any small business network security.

  8. Operating System Security

    CERN Document Server

    Jaeger, Trent

    2008-01-01

    Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to

  9. 输电网安全性需求评估指标集的构建%Evaluation Indices Set Construction of Security Requirement for Transmission Network

    Institute of Scientific and Technical Information of China (English)

    黄文英; 邓兆云; 邓勇; 何光宇; 陈睿; 刘铠诚

    2014-01-01

    The core requirement of transmission network enterprise lies in the safe operation of transmission network. Failure in satisfying this requirement will result in disastrous loss on economic and social benefits.Hence,transmission network is expected to possess the capability of enduring possible disturbances in order to ensure the normal operation of grid and equipment,as well as avoid the power transmission interruptions.Through the analysis on the requirement satisfaction of transmission system stakeholders,the overall status of transmission network operation can be evaluated.Based on the stochastic characteristics of transmission network operation,this paper used a risk assessment method to construct evaluation indices set for the security requirement,and proposed the calculation model and method of security risk assessment indicators.Compared with the traditional researches on grid security,a scenario analysis approach was introduced.In detail, breakdown or normal operation of certain components under certain specific operating modes was modeled as a scenario,and a probabilistic model for the scenario was constructed with taking into consideration a variety of random factors.All kinds of security problems were studied in the specific scenarios.The security of the situations could be evaluated comprehensively according to the safety criterion indices;therefore a minimum expense of control could be adopted to measure the consequence of the disturbance on the transmission network operation.Through sampling method,the probability and consequence of each situation occurrence could be acquired;and with the assistance of calculating value at risk and conditional value-at-risk,the security risk of transmission network could be evaluated properly.%输电网的安全运行是输电网企业的主要需求,输电网运行的安全性事故将造成输电网企业经济和社会效益的严重损失。输电网企业期望输电网运行中能够经受可能的

  10. Federal technology transfer requirements :a focused study of principal agencies approaches with implications for the Department of Homeland Security.

    Energy Technology Data Exchange (ETDEWEB)

    Koker, Denise; Micheau, Jill M.

    2006-07-01

    This report provides relevant information and analysis to the Department of Homeland Security (DHS) that will assist DHS in determining how to meet the requirements of federal technology transfer legislation. These legal requirements are grouped into five categories: (1) establishing an Office of Research and Technology Applications, or providing the functions thereof; (2) information management; (3) enabling agreements with non-federal partners; (4) royalty sharing; and (5) invention ownership/obligations. These five categories provide the organizing framework for this study, which benchmarks other federal agencies/laboratories engaged in technology transfer/transition Four key agencies--the Department of Health & Human Services (HHS), the U.S. Department of Agriculture (USDA), the Department of Energy (DOE), and the Department of Defense (DoD)--and several of their laboratories have been surveyed. An analysis of DHS's mission needs for commercializing R&D compared to those agencies/laboratories is presented with implications and next steps for DHS's consideration. Federal technology transfer legislation, requirements, and practices have evolved over the decades as agencies and laboratories have grown more knowledgeable and sophisticated in their efforts to conduct technology transfer and as needs and opinions in the federal sector have changed with regards to what is appropriate. The need to address requirements in a fairly thorough manner has, therefore, resulted in a lengthy paper. There are two ways to find summary information. Each chapter concludes with a summary, and there is an overall ''Summary and Next Steps'' chapter on pages 57-60. For those readers who are unable to read the entire document, we recommend referring to these pages.

  11. The future of security training.

    Science.gov (United States)

    Slotnick, Jeffrey A

    2008-01-01

    This article reports on the brave new world of private security training, whether in healthcare or any other industry. It gives details and advice on new requirements, new approaches, and new resources for the forward-looking security director.

  12. Information security factors systematization

    OpenAIRE

    Янченко, Вадим Николавевич; Ивченко, Александр Владимирович; Залога, Вильям Александрович; Дынник, Оксана Дмитриевна

    2015-01-01

    In this article the necessity of solving the theoretical and practical task, aimed on development the methodological basis for elaboration and implementation of information security management system, has been considered. Based on research results of scientific works and the requirements in the field of information security management the universal multilevel system of information security factors of organizations (enterprises) in the wood properties form was offered by using quality control ...

  13. Experiences in Eliciting Security Requirements

    Science.gov (United States)

    2006-12-01

    FODA ) FODA is a domain analysis and engineer- ing method that focuses on developing reusable assets [9]. By examining related software systems and...systems in the form of a domain model, and a set of approaches for their implementation. The FODA method was founded on two modeling concepts...SSM QFD CORE IBIS JAD FODA CDA ARM Adaptability 3 1 3 2 2 3 2 1 2 CASE Tool 1 2 1 1 3 2 1 1 1 Stakeholder Acceptance 2 2 2 2 3 2 1 3 3 Easy

  14. Information security management with ITIL V3

    CERN Document Server

    Cazemier, Jacques A; Peters, Louk

    2010-01-01

    This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

  15. 7 CFR 1942.114 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 13 2010-01-01 2009-01-01 true Security. 1942.114 Section 1942.114 Agriculture... Security. Specific requirements for security for each loan will be included in the letter of conditions. Loans must be secured by the best security position practicable, in a manner which will...

  16. 25 CFR 101.13 - Security.

    Science.gov (United States)

    2010-04-01

    ... 25 Indians 1 2010-04-01 2010-04-01 false Security. 101.13 Section 101.13 Indians BUREAU OF INDIAN... § 101.13 Security. (a) United States direct loans shall be secured by such security as the Commissioner may require. A lack of security will not preclude the making of a loan if the proposed use of...

  17. Security Expertise

    DEFF Research Database (Denmark)

    and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think tanks...

  18. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  19. Financial security

    NARCIS (Netherlands)

    de Goede, M.; Burgess, J.P.

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  20. Mobile IP: Security & application

    NARCIS (Netherlands)

    Tuquerres, Gloria; Salvador, Marcos Rogério; Sprenkels, Ron

    1999-01-01

    As required in the TGS Mobile IP Advanced Module, this paper presents a survey of common security threats which mobile IP networks are exposed to as well as some proposed solutions to deal with such threats.

  1. Surviving security how to integrate people, process, and technology

    CERN Document Server

    Andress, Amanda

    2003-01-01

    WHY DO I NEED SECURITY? Introduction The Importance of an Effective Security Infrastructure People, Process, and Technology What Are You Protecting Against? Types of Attacks Types of Attackers Security as a Competitive Advantage Choosing a Solution Finding Security Employees The Layered Approach UNDERSTANDING REQUIREMENTS AND RISK What Is Risk? Embracing Risk Information Security Risk Assessment Assessing Risk Insurance SECURITY POLICIES AND PROCEDURES Internal Focus Is Key Security Awareness and Education Policy Life Cycle Developing Policies Components of a Security Policy Sample Security Po

  2. Smart grid security

    Energy Technology Data Exchange (ETDEWEB)

    Cuellar, Jorge (ed.) [Siemens AG, Muenchen (Germany). Corporate Technology

    2013-11-01

    The engineering, deployment and security of the future smart grid will be an enormous project requiring the consensus of many stakeholders with different views on the security and privacy requirements, not to mention methods and solutions. The fragmentation of research agendas and proposed approaches or solutions for securing the future smart grid becomes apparent observing the results from different projects, standards, committees, etc, in different countries. The different approaches and views of the papers in this collection also witness this fragmentation. This book contains the following papers: 1. IT Security Architecture Approaches for Smart Metering and Smart Grid. 2. Smart Grid Information Exchange - Securing the Smart Grid from the Ground. 3. A Tool Set for the Evaluation of Security and Reliability in Smart Grids. 4. A Holistic View of Security and Privacy Issues in Smart Grids. 5. Hardware Security for Device Authentication in the Smart Grid. 6. Maintaining Privacy in Data Rich Demand Response Applications. 7. Data Protection in a Cloud-Enabled Smart Grid. 8. Formal Analysis of a Privacy-Preserving Billing Protocol. 9. Privacy in Smart Metering Ecosystems. 10. Energy rate at home Leveraging ZigBee to Enable Smart Grid in Residential Environment.

  3. Design of secure operating systems with high security levels

    Institute of Scientific and Technical Information of China (English)

    QING SiHan; SHEN ChangXiang

    2007-01-01

    Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level (hereafter simply referred to as ANSHENG OS), this paper addresses the following key issues in the design of secure operating systems with high security levels: security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models: confidentiality,integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated.Cover channel analysis (CCA) is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.

  4. Being Secure

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    As the world wrestles with challenges from nontraditional security threats, a new concept of security management is emerging Security has traditionally been seen as the means of defending a territory, primarily through the use of military power. However, as the world evolves through the process of globalization, so too does the concept of security. It now incorporates military, political, economic, societal and environmental issues, as well as the many links that bind them. Yet for most people in the wor...

  5. Watermarking security

    CERN Document Server

    Bas, Patrick; Cayre, François; Doërr, Gwenaël; Mathon, Benjamin

    2016-01-01

    This book explains how to measure the security of a watermarking scheme, how to design secure schemes but also how to attack popular watermarking schemes. This book gathers the most recent achievements in the field of watermarking security by considering both parts of this cat and mouse game. This book is useful to industrial practitioners who would like to increase the security of their watermarking applications and for academics to quickly master this fascinating domain.

  6. Moving towards Cloud Security

    Directory of Open Access Journals (Sweden)

    Edit Szilvia Rubóczki

    2015-01-01

    Full Text Available Cloud computing hosts and delivers many different services via Internet. There are a lot of reasons why people opt for using cloud resources. Cloud development is increasing fast while a lot of related services drop behind, for example the mass awareness of cloud security. However the new generation upload videos and pictures without reason to a cloud storage, but only few know about data privacy, data management and the proprietary of stored data in the cloud. In an enterprise environment the users have to know the rule of cloud usage, however they have little knowledge about traditional IT security. It is important to measure the level of their knowledge, and evolve the training system to develop the security awareness. The article proves the importance of suggesting new metrics and algorithms for measuring security awareness of corporate users and employees to include the requirements of emerging cloud security.

  7. The Johnson Space Center Management Information Systems (JSCMIS). 1: Requirements Definition and Design Specifications for Versions 2.1 and 2.1.1. 2: Documented Test Scenario Environments. 3: Security Design and Specifications

    Science.gov (United States)

    1986-01-01

    The Johnson Space Center Management Information System (JSCMIS) is an interface to computer data bases at NASA Johnson which allows an authorized user to browse and retrieve information from a variety of sources with minimum effort. This issue gives requirements definition and design specifications for versions 2.1 and 2.1.1, along with documented test scenario environments, and security object design and specifications.

  8. Demarcation of Security in Authentication Protocols

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security analysis of communication protocols is a slippery business; many “secure” protocols later turn out to be insecure. Among many, two complains are more frequent: inadequate definition of security and unstated assumptions in the security model. In our experience, one principal cause...... for such state of affairs is an apparent overlap of security and correctness, which may lead to many sloppy security definitions and security models. Although there is no inherent need to separate security and correctness requirements, practically, such separation is significant. It makes security analysis...... easier, and enables us to define security goals with a fine granularity. We present one such separation, by introducing the notion of binding sequence as a security primitive. A binding sequence, roughly speaking, is the only required security property of an authentication protocol. All other...

  9. Generalized Software Security Framework

    Directory of Open Access Journals (Sweden)

    Smriti Jain

    2011-01-01

    Full Text Available Security of information has become a major concern in today's digitized world. As a result, effective techniques to secure information are required. The most effective way is to incorporate security in the development process itself thereby resulting into secured product. In this paper, we propose a framework that enables security to be included in the software development process. The framework consists of three layers namely; control layer, aspect layer and development layer. The control layer illustrates the managerial control of the entire software development process with the help of governance whereas aspect layer recognizes the security mechanisms that can be incorporated during the software development to identify the various security features. The development layer helps to integrate the various security aspects as well as the controls identified in the above layers during the development process. The layers are further verified by a survey amongst the IT professionals. The professionals concluded that the developed framework is easy to use due to its layered architecture and, can be customized for various types of softwares.

  10. Model-Based Security Testing

    CERN Document Server

    Schieferdecker, Ina; Schneider, Martin; 10.4204/EPTCS.80.1

    2012-01-01

    Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing,...

  11. Access Point Security Service for wireless ad-hoc communication

    NARCIS (Netherlands)

    Scholten, J.; Nijdam, M.

    2006-01-01

    This paper describes the design and implementation of a security solution for ad-hoc peer-to-peer communication. The security solution is based on a scenario where two wireless devices require secure communication, but share no security relationship a priori. The necessary requirements for the secur

  12. 78 FR 68784 - Cargo Securing Manuals

    Science.gov (United States)

    2013-11-15

    ... SECURITY Coast Guard 33 CFR Parts 97 and 160, and 46 CFR Part 97 RIN 1625-AA25 Cargo Securing Manuals... proposes requiring cargo securing manuals (CSMs) on vessels of 500 gross tons or more traveling on... Code of Federal Regulations CSAP Cargo safe access plan CSM Cargo Securing Manual CSS Code Code of...

  13. 42 CFR 73.11 - Security.

    Science.gov (United States)

    2010-10-01

    ... 42 Public Health 1 2010-10-01 2010-10-01 false Security. 73.11 Section 73.11 Public Health PUBLIC... AND TOXINS § 73.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan. The security plan must be sufficient to safeguard...

  14. 7 CFR 1780.14 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 12 2010-01-01 2010-01-01 false Security. 1780.14 Section 1780.14 Agriculture... (CONTINUED) WATER AND WASTE LOANS AND GRANTS General Policies and Requirements § 1780.14 Security. Loans will be secured by the best security position practicable in a manner which will adequately protect...

  15. 9 CFR 121.11 - Security.

    Science.gov (United States)

    2010-01-01

    ... 9 Animals and Animal Products 1 2010-01-01 2010-01-01 false Security. 121.11 Section 121.11... AGENTS AND TOXINS § 121.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan. The security plan must be sufficient to...

  16. Securing Hadoop

    CERN Document Server

    Narayanan, Sudheesh

    2013-01-01

    This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

  17. Security Engineering

    Science.gov (United States)

    2012-01-31

    attacks cannot be completely addressed by traditional perimeter security solutions [ Wulf and Jones, 2009], as they have been in the past. A new...the mainstay of the current cyber security solution space [ Wulf and Jones, 2009]. This has enabled the system engineering and security communities...Number: H98230-08-D-0171 DO 002 TO 002 RT 028 Report No. SERC-2012-TR-028 January 31, 2012 UNCLASSIFIED 37 W. A. Wulf and A. K. Jones, Reflections on cyber security, Science Magazine, vol. 326, 2009, pp. 943-944.

  18. Grid Security

    CERN Document Server

    CERN. Geneva

    2004-01-01

    The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

  19. Lemnos Interoperable Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Halbgewachs, Ron [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Smith, Rhett [Schweitzer Engineering Laboratories, Chattanooga, TN (United States); Teumim, David [Teumim Technical, Allentown, PA (United States)

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  20. Specifying Information Security Needs for the Delivery of High Quality Security Services

    OpenAIRE

    Su, Xiaomeng; Bolzoni, Damiano; Eck, van, H.J.

    2007-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. We propose to explicitly link security requirements with the organizations' business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process f...

  1. Secure Cloud Architecture

    Directory of Open Access Journals (Sweden)

    Kashif Munir

    2013-02-01

    Full Text Available Cloud computing is set of resources and services offered through the Internet. Cloud services are delivered from data centers located throughout the world. Cloud computing facilitates its consumers by providing virtual resources via internet. The biggest challenge in cloud computing is the security and privacy problems caused by its multi-tenancy nature and the outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting cloud services for their businesses, measures need to be developed so that organizations can be assured of security in their businesses and can choose a suitable vendor for their computing needs. Cloud computing depends on the internet as a medium for users to access the required services at any time on pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers from threats and vulnerabilities that prevent the users from trusting it. Various malicious activitiesfrom illegal users have threatened this technology such as data misuse, inflexible access control and limited monitoring. The occurrence of these threats may result into damaging or illegal access of critical and confidential data of users. In this paper we identify the most vulnerable security threats/attacks in cloud computing, which will enable both end users and vendors to know a bout the k ey security threats associated with cloud computing and propose relevant solution directives to strengthen security in the Cloud environment. We also propose secure cloud architecture for organizations to strengthen the security.

  2. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  3. Redefining security.

    Science.gov (United States)

    Mathews, J T

    1989-01-01

    The concept of US national security was redefined in the 1970s to include international economics, and lately environmental degradation has also become a factor, as pollution transcends boundaries. By 2100 another 5-6 billion people may be added to the world's population requiring dramatic production and technology transformation with the resultant expanded energy use, emissions, and waste impacting the ecosystem. Climate change through global warming is in the offing. The exponential growth of the population in the developing world poses a crucial challenge for food production, housing, and employment. At a 1% growth rate population doubles in 72 years, while at 3% it doubles in 24 years. Africa's growth rate is almost 3%, it is close to 2% in Latin America, and it is somewhat less in Asia. Renewable resources such as overfished fishing grounds can become nonrenewable, and vanished species can never be resurrected. Deforestation leads to soil erosion, damage to water resources through floods and silting of irrigation networks, and accelerated loss of species. 20% of species could disappear by 2000 thereby losing genetic resources for chemicals, drugs, and food sources. Overcultivation has caused major erosion and decline of agricultural productivity in Haiti, Guatemala, Turkey, and India. Lopsided land ownership in Latin America requires land reform for sustainable agricultural production in the face of the majority of people cultivating plots for bare subsistence. Human practices that have caused environmental damage include concessions granted to logging companies in the Philippines, mismanagement of natural resources in sub-Saharan Africa, the ozone hole, and the greenhouse effect with potential climate changes. Solutions include family planning, efficient energy use, sustainable agroforestry techniques, and environmental accounting of goods and services.

  4. Social Security.

    Science.gov (United States)

    Social and Labour Bulletin, 1983

    1983-01-01

    This group of articles discusses a variety of studies related to social security and retirement benefits. These studies are related to both developing and developed nations and are also concerned with studying work conditions and government role in administering a democratic social security system. (SSH)

  5. Specifying Information Security Needs for the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, Xiaomeng; Bolzoni, Damiano; Eck, van Pascal

    2007-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. We propose to explicitly link security requirements with the organizations' business vision, i.e. to provide business rationale for security requirements. The rationale is then us

  6. Health Security and Risk Aversion.

    Science.gov (United States)

    Herington, Jonathan

    2016-09-01

    Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy.

  7. 物联网应用中有源RFID标签的EAL4安全要求%Assurance level 4 security requirements of active radio frequency identification tags in the Internet of Things

    Institute of Scientific and Technical Information of China (English)

    高金萍; 石竑松; 王宇航; 杨永生; 张翀斌

    2012-01-01

    A framework is given for evaluation assurance level 4(EAL4) security requirements for radio frequency identification(RFID) active tags in applications for the Internet of Things(IOT).The evaluation assurance level and the security assurance requirements are chosen based on ISO/IEC standard 15 408 and an analysis of the asset value and potential threat.Then,the potential threats are related to the active tags to set security objectives for the target to resist potential attacks.A minimal set of security function requirements is given to specify the functionality of active tags.Finally,the consistency between the Abstractions is analyzed to justify the rationale behind the framework.This work provides a reference for designers of security mechanisms for active tags and a basis for the evaluation and procurement of active tags.%该文为物联网应用中安全要求较高的有源RFID标签类产品建立了一套满足评估保证级(EAL)4级的一组安全要求。此安全要求的建立,以通用评估准则(ISO15408)为依据,通过对有源标签保护的资产价值和潜在威胁的分析,为有源标签界定了合理的评估保证级别及相应的安全保证要求,并通过分析其在物联网应用中可能面临的潜在威胁,导出了有源标签需要满足的安全目的,进一步得出了需要满足的最小安全功能要求,并论证了它们之间的对应性。建立的安全要求框架可以作为指引研发者对有源标签进行全面安全性设计考量的重要参考,也可以为有源标签类产品的采购、测评提供依据。

  8. Secure Java For Web Application Development

    CERN Document Server

    Bhargav, Abhay

    2010-01-01

    As the Internet has evolved, so have the various vulnerabilities, which largely stem from the fact that developers are unaware of the importance of a robust application security program. This book aims to educate readers on application security and building secure web applications using the new Java Platform. The text details a secure web application development process from the risk assessment phase to the proof of concept phase. The authors detail such concepts as application risk assessment, secure SDLC, security compliance requirements, web application vulnerabilities and threats, security

  9. Secure Objectives for School Security

    Science.gov (United States)

    Dalton-Noblitt, April

    2012-01-01

    In a study conducted among more than 980 American four-year and two-year colleges and universities, including institutions such as the University of Michigan, MIT, UCLA and Columbia, security staff and other administrators identified the five leading goals for their security systems: (1) Preventing unauthorized people from entering their…

  10. Security Bingo

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Want to check your security awareness and win one of three marvellous books on computer security? Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us by 31 October 2011 at either Computer.Security@cern.ch or P.O. Box G19710.   Winners[1] must show that they fulfil at least five good practices in a continuous vertical, horizontal or diagonal row. For details on CERN Computer Security, please consult http://cern.ch/security. I personally…   …am concerned about computer security. …run my computer with an anti-virus software and up-to-date signature files. …lock my computer screen whenever I leave my office. …have chosen a reasonably complex password. …have restricted access to all my files and data. …am aware of the security risks and threats to CERN’s computing facilities. &hell...

  11. 12 CFR 220.103 - Borrowing of securities.

    Science.gov (United States)

    2010-01-01

    ... delivery of such securities in the case of short sales, failure to receive securities he is required to... occurred or is in immediate prospect. The provision does not authorize a broker to borrow securities...

  12. Process Control/SCADA system vendor security awareness and security posture.

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Lüders, S.

    2009-01-01

    A starting point for the adequate security of process control/SCADA systems is the security awareness and security posture by the manufacturers, vendors, system integrators, and service organisations. The results of a short set of questions indicate that major security improvements are required in t

  13. Computer security

    CERN Document Server

    Gollmann, Dieter

    2011-01-01

    A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing sec

  14. Wireless Security

    CERN Document Server

    Osterhage, Wolfgang

    2011-01-01

    In the wake of the growing use of wireless communications, new types of security risks have evolved. Wireless Security covers the major topic of wireless communications with relevance both to organizations and private users. The technological background of these applications and protocols is laid out and presented in detail. Special emphasis is placed on the IEEE 802.11x-Standards that have been introduced for WLAN technology. Other technologies covered besides WLAN include: mobile phones, bluetooth and infrared. In each chapter a major part is devoted to security risks and provisions includin

  15. Secure medical digital libraries.

    Science.gov (United States)

    Papadakis, I; Chrissikopoulos, V; Polemi, D

    2001-12-01

    In this paper, a secure medical digital library is presented. It is based on the CORBA specifications for distributed systems. The described approach relies on a three-tier architecture. Interaction between the medical digital library and its users is achieved through a Web server. The choice of employing Web technology for the dissemination of medical data has many advantages compared to older approaches, but also poses extra requirements that need to be fulfilled. Thus, special attention is paid to the distinguished nature of such medical data, whose integrity and confidentiality should be preserved at all costs. This is achieved through the employment of Trusted Third Parties (TTP) technology for the support of the required security services. Additionally, the proposed digital library employs smartcards for the management of the various security tokens that are used from the above services.

  16. Cyber Security Risks and Requirements for Customer Interaction of Smart Grid%互动用电方式下的信息安全风险与安全需求分析

    Institute of Scientific and Technical Information of China (English)

    刘念; 张建华

    2011-01-01

    互动用电是智能电网的基本特征之一,针对因互动用电方式而引入的信息安全风险和安全需求展开研究.首先,从风险分析的角度,将互动用电方式下的信息安全与广域环境下的电力信息安全进行定性比较,重点论述了二者在威胁产生的客观条件、主观动机和事故后果等方面的差异.在此基础上,结合互动用电的业务流程和高级量测体系的特点,从保密性、完整性和可用性等信息安全需求出发,提炼出可用性评估、密钥管理和异常行为检测等3个方面的难点问题.%Customer interaction is one of the basic features of the smart grid. The study is focused on the risk and demand of cyber security stemming from customer interaction. First, in the perspective of risk analysis, the cyber security of customer interaction is qualitatively compared with that of wide area power cyber security with emphasis on the difference between the two in terms of the objective condition, subjective motivation, and consequence of threat. Furthermore, by referring to the business process of customer interaction and features of advanced metering infrastructure (AMI), the related difficulties including availability assessment, key management and abnormal action detection, are extracted from the cyber security requirements such as confidentiality, integrity and availability.

  17. Security and privacy threats in RFID traceability network

    Institute of Scientific and Technical Information of China (English)

    Chu; Chao-Hsien

    2008-01-01

    To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communication protocol, access permission and privacy preservation. According to the security requirements that are needed in an RFID system, a security model that incorporates security requirements that include privacy of tag data, privacy of ownership, and availability of tag identity is introduced. ...

  18. Security an introduction

    CERN Document Server

    Purpura, Philip P

    2011-01-01

    Section I The History and Profession of SecurityDefinition, Role, and History of Security Security Defined The Contexts of Security The Roles of Security The History of Security Security in an Environment of Threats, Terrorism, and All-Hazards Threats and Hazards Terrorism National Strategies The Profession and Business of Security The Business of Security Professionalism and Security Associations Ethics Regulation of the Security Industry Security Training Higher Education Careers Section II Protecting People and AssetsSecurity Methodology Methodology Defined Security Business Proposals Secur

  19. [Food security in Mexico].

    Science.gov (United States)

    Urquía-Fernández, Nuria

    2014-01-01

    An overview of food security and nutrition in Mexico is presented, based on the analysis of the four pillars of food security: availability, access, utilization of food, and stability of the food supply. In addition, the two faces of malnutrition in Mexico were analyzed: obesity and undernourishment. Data were gathered from the food security indicators of the United Nations's Food and Agriculture Organization, from the Mexican Scale of Food Security, and from the National Health and Nutrition Survey. Mexico presents an index of availability of 3 145 kilocalories per person per day, one of the highest indexes in the world, including both food production and imports. In contrast, Mexico is affected by a double burden of malnutrition: whereas children under five present 14% of stunt, 30% of the adult population is obese. Also, more than 18% of the population cannot afford the basic food basket (food poverty). Using perception surveys, people reports important levels of food insecurity, which concentrates in seven states of the Mexican Federation. The production structure underlying these indicators shows a very heterogeneous landscape, which translates in to a low productivity growth across the last years. Food security being a multidimensional concept, to ensure food security for the Mexican population requires a revision and redesign of public productive and social policies, placing a particular focus on strengthening the mechanisms of institutional governance.

  20. Privacy and security in teleradiology.

    Science.gov (United States)

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  1. 49 CFR 1552.23 - Security awareness training programs.

    Science.gov (United States)

    2010-10-01

    ... employee to identify— (i) Uniforms and other identification, if any are required at the flight school, for... SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY FLIGHT SCHOOLS Flight School Security Awareness Training § 1552.23 Security awareness training programs. (a) General. A...

  2. Security Studies

    OpenAIRE

    ,

    2005-01-01

    Security Studies has firmly established itself as a leading journal on international security issues. The journal publishes theoretical, historical and policy-oriented articles on the causes and consequences of war, and the sources and conditions of peace. The journal has published articles on balancing vs. bandwagoning, deterrence in enduring rivalries, the Domino theory, nuclear weapons proliferation, civil-military relations, political reforms in China, strategic culture in Asia and the P...

  3. European Security

    DEFF Research Database (Denmark)

    Møller, Bjørn

    Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"......Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"...

  4. Energy Security

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    With an increasing number of countries becoming industrialized, energy, the so-called blood of modern economies, is becoming increasingly important Energy security has become an important factor that directly influences world economic stability and international relations. In an article posted on People's Daily Online, Liu Jianfei, professor at the International Strategic Research Center of the Party School of the Central Committee of the Communist Party of China, shares his opinions on energy security.

  5. Citizen Security

    OpenAIRE

    Beatriz Abizanda

    2011-01-01

    This is a presentation for the Caribbean Regional ConSoc Retreat held on June 16, 2011 in Kingston, Jamaica. This document outlines crime and violence as major roadblocks to development in the Caribbean; citing statistics and providing examples of the economic costs to the region. This presentation then goes on to describe the IDB's strategy with regard to citizen security and highlights IDB Funded security programs in the region. The presentation also identifies Civil Society as a potentiall...

  6. An Efficient Secure Real-Time Concurrency Control Protocol

    Institute of Scientific and Technical Information of China (English)

    XIAO Yingyuan; LIU Yunsheng; CHEN Xiangyang

    2006-01-01

    Secure real-time databases must simultaneously satisfy two requirements in guaranteeing data security and minimizing the missing deadlines ratio of transactions. However, these two requirements can conflict with each other and achieve one requirement is to sacrifice the other. This paper presents a secure real-time concurrency control protocol based on optimistic method. The concurrency control protocol incorporates security constraints in a real-time optimistic concurrency control protocol and makes a suitable tradeoff between security and real-time requirements by introducing secure influence factor and real-time influence factor. The experimental results show the concurrency control protocol achieves data security without degrading real-time performance significantly.

  7. 75 FR 47311 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security...

    Science.gov (United States)

    2010-08-05

    ... security costs and information reasonably necessary to complete an audit. This requirement includes... SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Aviation Security Infrastructure Fee Records Retention AGENCY: Transportation...

  8. Cloud Computing Security: A Survey

    Directory of Open Access Journals (Sweden)

    Issa M. Khalil

    2014-02-01

    Full Text Available Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures.

  9. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, Xiaomeng; Bolzoni, Damiano; Eck, van Pascal

    2007-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most im

  10. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    NARCIS (Netherlands)

    Su, X.; Bolzoni, D.; Eck, P.A.T.

    2006-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most im

  11. 24 CFR 884.115 - Security and utility deposits.

    Science.gov (United States)

    2010-04-01

    ... 24 Housing and Urban Development 4 2010-04-01 2010-04-01 false Security and utility deposits. 884... Security and utility deposits. (a) An Owner may require Families to pay a security deposit in an amount... security and utility deposits, if required, from their own resources and/or other private or public sources....

  12. DIRAC Security

    CERN Document Server

    Casajús Ramo, A

    2006-01-01

    DIRAC is the LHCb Workload and Data Management System. Based on a service-oriented architecture, it enables generic distributed computing with lightweight Agents and Clients for job execution and data transfers. DIRAC implements a client-server architecture exposing server methods through XML Remote Procedure Call (XML-RPC) protocol. DIRAC is mostly coded in python. DIRAC security infrastructure has been designed to be a completely generic XML-RPC transport over a SSL tunnel. This new security layer is able to handle standard X509 certificates as well as grid-proxies to authenticate both sides of the connection. Serve and client authentication relies over OpenSSL and py-Open SSL, but to be able to handle grid proxies some modifications have been added to those libraries. DIRAC security infrastructure handles authorization and authorization as well as provides extended capabilities like secure connection tunneling and file transfer. Using this new security infrastructure all LHCb users can safely make use o...

  13. International Energy Security Indicators and Turkey’s Energy Security Risk Score

    OpenAIRE

    2014-01-01

    Energy security has been a priority for many countries. What makes energy security that important is; its bilateral relationship with economic, political, social, environmental sustainability and military issues. As an inevitable consequence of globalization cooperation in the field has been a must and it is required international energy security indicators to make energy security risk evaluations in order to establish adequate policies. The aim of the study is to review energy security withi...

  14. Privatising Security

    Directory of Open Access Journals (Sweden)

    Irina Mindova-Docheva

    2016-06-01

    Full Text Available The article proposes an analysis of the different approaches towards employing the international legal framework in the regulation and oversight of private military and security companies’ operation in armed conflicts and in peace time security systems. It proposes a partnership-based approach for public and private actors aiming at creating and sharing common values under the principles of solidarity, protection of human rights and rule of law. A focus of further research should be the process of shaping those common values.

  15. 76 FR 4079 - Information Technology (IT) Security

    Science.gov (United States)

    2011-01-24

    ... SPACE ADMINISTRATION 48 CFR Parts 1804 and 1852 RIN 2700-AD46 Information Technology (IT) Security... NASA FAR Supplement (NFS) to update requirements related to Information Technology Security, consistent with Federal policies for the security of unclassified information and information systems. The...

  16. 14 CFR 121.538 - Aircraft security.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Aircraft security. 121.538 Section 121.538..., FLAG, AND SUPPLEMENTAL OPERATIONS Flight Operations § 121.538 Aircraft security. Certificate holders conducting operations under this part must comply with the applicable security requirements in 49 CFR...

  17. 15 CFR 742.4 - National security.

    Science.gov (United States)

    2010-01-01

    ... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false National security. 742.4 Section 742.4... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS CONTROL POLICY-CCL BASED CONTROLS § 742.4 National security. (a) License requirements. It is the policy of the United States...

  18. 7 CFR 1951.866 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 14 2010-01-01 2009-01-01 true Security. 1951.866 Section 1951.866 Agriculture... REGULATIONS (CONTINUED) SERVICING AND COLLECTIONS Rural Development Loan Servicing § 1951.866 Security. (a) Loans from RDLF intermediaries to ultimate recipients. Security requirements for loans...

  19. 14 CFR 129.25 - Airplane security.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Airplane security. 129.25 Section 129.25... security. Foreign air carriers conducting operations under this part must comply with the applicable security requirements in 49 CFR chapter XII....

  20. 31 CFR 202.6 - Collateral security.

    Science.gov (United States)

    2010-07-01

    ... 31 Money and Finance: Treasury 2 2010-07-01 2010-07-01 false Collateral security. 202.6 Section... GOVERNMENT 1 § 202.6 Collateral security. (a) Requirement. Prior to receiving deposits of public money, a depositary authorized to perform services under § 202.3(b) must pledge collateral security in the...

  1. 7 CFR 331.11 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 5 2010-01-01 2010-01-01 false Security. 331.11 Section 331.11 Agriculture..., DEPARTMENT OF AGRICULTURE POSSESSION, USE, AND TRANSFER OF SELECT AGENTS AND TOXINS § 331.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security...

  2. 14 CFR 135.125 - Aircraft security.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Aircraft security. 135.125 Section 135.125....125 Aircraft security. Certificate holders conducting operators conducting operations under this part must comply with the applicable security requirements in 49 CFR chapter XII....

  3. 14 CFR 460.53 - Security.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 4 2010-01-01 2010-01-01 false Security. 460.53 Section 460.53 Aeronautics and Space COMMERCIAL SPACE TRANSPORTATION, FEDERAL AVIATION ADMINISTRATION, DEPARTMENT OF....53 Security. An operator must implement security requirements to prevent any space flight...

  4. 10 CFR 39.71 - Security.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Security. 39.71 Section 39.71 Energy NUCLEAR REGULATORY COMMISSION LICENSES AND RADIATION SAFETY REQUIREMENTS FOR WELL LOGGING Security, Records, Notifications § 39.71 Security. (a) A logging supervisor must be physically present at a temporary jobsite...

  5. Medical network security and viruses.

    Science.gov (United States)

    Fernandez Del Val, C

    1991-01-01

    Medical network as connecting Hospital Information Systems are needed in order to exchange, compare and make accessible data. The use of OSI standard communication protocols (open-network environment) will allow to interconnect multiple vendor systems and to accommodate a wide range of underlaying of communication technologies. The security of information on a given host may become dependent of the security measures employed by the network and by other hosts. Computer viruses modifies the executable code and thrive in network environment filled with personal computers and third-party software. Most networks and computers, permit users to share files; this, let the viruses to bypass the security mechanisms of almost every commercial operating system. However, computer viruses axes not the only threat to the information in a network environment. Other as deliberate (passive attacks -wire-tapping-) and accidental threat (unauthorized access to the information) are potential risks to the security information. Cryptographic techniques that now are widely used can resolve the external security problems of the network and improve the internal security ones. This paper begins describing the threats to security that arise in an open-network environment, and goes to establish the security requirements of medical communication networks. This is followed by a description of security services as: confidentiality, integrity, authentication, access control, etc., that will be provided to include security mechanisms in such network. The integration of these security mechanisms into the communication protocols allows to implement secure communication systems that not only must provide the adequate security, but also must minimize the impact of security on other features as for example the efficiency. The remainder of the paper describes how the security mechanisms are formed using current cryptographic facilities as algorithms, one-way functions, cryptographic systems (symmetric

  6. The Informatics Security Cost of Distributed Applications

    Directory of Open Access Journals (Sweden)

    Ion IVAN

    2010-01-01

    Full Text Available The objective, necessity, means and estimated efficiency of information security cost modeling are presented. The security requirements of distributed informatics applications are determined. Aspects regarding design, development and implementation are established. Influence factors for informatics security are presented and their correlation is analyzed. The costs associated to security processes are studied. Optimal criteria for informatics security are established. The security cost of the informatics application for validating organizational identifiers is determined using theoretical assumptions made for cost models. The conclusions highlight the validity of research results and offer perspectives for future research.

  7. GSM Security Using Identity-based Cryptography

    CERN Document Server

    Agarwal, Animesh; Das, Manik Lal

    2009-01-01

    Current security model in Global System for Mobile Communications (GSM) predominantly use symmetric key cryptography. The rapid advancement of Internet technology facilitates online trading, banking, downloading, emailing using resource-constrained handheld devices such as personal digital assistants and cell phones. However, these applications require more security than the present GSM supports. Consequently, a careful design of GSM security using both symmetric and asymmetric key cryptography would make GSM security more adaptable in security intensive applications. This paper presents a secure and efficient protocol for GSM security using identity based cryptography. The salient features of the proposed protocol are (i) authenticated key exchange; (ii) mutual authentication amongst communicating entities; and (iii) user anonymity. The security analysis of the protocol shows its strength against some known threats observed in conventional GSM security.

  8. Opinions about Component Energetic Security

    OpenAIRE

    Elena GOLUMBEANU (GEORGESCU)

    2012-01-01

    Collective security (international) represent the morphological expression of individual security components. According to the Report presented at the United Nations Development Programme, collective security (international) as well as national security, is the expression of seven synergistic dimensions as follows: economic security, food security, environmental security, personal security, community security, political security and individual security. As part of economic security, energy an...

  9. Secure Ties

    NARCIS (Netherlands)

    Joep de Hart; Frans Knol; Cora Maas - de Waal; Theo Roes

    2002-01-01

    Original title: Zekere banden. Discussions about the Netherlands of today often throw up terms such as 'social cohesion', 'social integration', 'liveability' and 'security'. The Netherlands Institute for Social Research/SCP has carried out a study of this phenomenon and presents the results in this

  10. Secured transactions

    NARCIS (Netherlands)

    Beale, H.

    2008-01-01

    In this paper I describe the work that is currently under way, within the Network of Excellence charged with creating a draft Common Frame of Reference, to draft rules on security over moveable assets. After a brief introduction, I deal with two broad questions: (1) the general aims and scope of the

  11. Information Security

    NARCIS (Netherlands)

    Hartel, Pieter; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W.Ph.

    2012-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is

  12. Arctic Security

    DEFF Research Database (Denmark)

    Wang, Nils

    2013-01-01

    of the general security situation and to identify both the explicit and the implicit agendas of the primary state actors. The region contains all the ingredients for confrontation and conflict but the economical potential for all the parties concerned creates a general interest in dialogue and cooperation...

  13. Food security

    NARCIS (Netherlands)

    Ridder, M. de

    2011-01-01

    Food security is back on the agenda as a top priority for policy makers. In January 2011, record high food prices resulted in protests in Tunisia, which subsequently led to the spread of the revolutions in other North African and Middle Eastern countries. Although experts have asserted that no state

  14. Managing Security in Advanced Computational Infrastructure

    Institute of Scientific and Technical Information of China (English)

    2001-01-01

    Proposed by Education Ministry of China, Advanced Computational Infrastructure (ACI) aims at sharing geographically distributed high-performance computing and huge-capacity data resource among the universities of China. With the fast development of large-scale applications in ACI, the security requirements become more and more urgent. The special security needs in ACI is first analyzed in this paper, and security management system based on ACI is presented. Finally, the realization of security management system is discussed.

  15. Model-Based Security Testing

    Directory of Open Access Journals (Sweden)

    Ina Schieferdecker

    2012-02-01

    Full Text Available Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.

  16. Security Investigation Database (SID)

    Data.gov (United States)

    US Agency for International Development — Security Investigation & Personnel Security Clearance - COTS personnel security application in a USAID virtualized environement that can support USAID's business...

  17. Usable SPACE: Security, Privacy, and Context for the Mobile User

    Science.gov (United States)

    Jutla, Dawn

    Users breach the security of data within many financial applications daily as human and/or business expediency to access and use information wins over corporate security policy guidelines. Recognizing that changing user context often requires different security mechanisms, we discuss end-to-end solutions combining several security and context mechanisms for relevant security control and information presentation in various mobile user situations. We illustrate key concepts using Dimitri Kanevskys (IBM Research) early 2000s patented inventions for voice security and classification.

  18. THE ECONOMIC SECURITY IS IMPERATIVE OF MODERN ENTERPRISE MANAGEMENT

    OpenAIRE

    Ляшенко, О. М.

    2015-01-01

    Studied the substance and determined the structure of economic security; clarified the notion of "economic security", found its properties as an object of management; reviewed the terms of the requirements for handling systems of economic security; studied the nature of economic security, shows his place in the system of economic security; defined the objectives of the system of economic security.

  19. Computer Security: the security marathon

    CERN Multimedia

    Computer Security Team

    2014-01-01

    If you believe that “security” is a sprint, that a quick hack is invulnerable, that quick bug fixing is sufficient, that plugging security measures on top of existing structures is good, that once you are secure your life will be easy... then let me convince you otherwise.   An excellent example of this is when the summer students join us at CERN. As the summer period is short, software projects must be accomplished quickly, like a sprint. Rush, rush! But often, this sprint ends with aching muscles. Regularly, these summer students approach us to have their project or web server made visible to the Internet. Regularly, quick security reviews of those web servers diagnose severe underperformance with regards to security: the web applications are flawed or use insecure protocols; the employed software tools, databases or web frameworks are sub-optimal and not adequately chosen for that project; the operating system is non-standard and has never been brought up-to-date; and ...

  20. THz and Security Applications

    CERN Document Server

    Sizov, Fedir; Detectors, Sources and Associated Electronics for THz Applications

    2014-01-01

    These proceedings comprise invited papers from highly experienced researchers in THz technology and security applications. THz detection of explosives represents one of the most appealing technologies to have recently emerged in dealing with terrorist attacks encountered by civil security and military forces throughout the world. Discussed are the most advanced technologies and developments, the various points of operational strength and weaknesses as well as are suggestions and predictions the best technological solutions to  overcome current operational limits.  The current status of various levels of cooling in THz detectors, sources and associated electronics are also addressed. The goal was to provide a clear view on the current technologies available and the required advances needed in order to achieve more efficient systems. This goal was outlined in part by establishing the baseline of current uncertainty estimations in physics-based modelling and the identification of key areas which require additi...

  1. Security system

    Science.gov (United States)

    Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

    2016-02-02

    A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

  2. Allegiance: Egypt Security Forces

    Science.gov (United States)

    2013-12-01

    Georgia Southern University, 2001 Submitted in partial fulfillment of the requirements for the degree of MASTER OF ARTS IN SECURITY STUDIES...MIDDLE EAST, SOUTH ASIA , SUB-SAHARAN AFRICA) from the NAVAL POSTGRADUATE SCHOOL December 2013 Author: Christopher S. Read...population of mobilization. In 2013, the symbol of a raised hand with four fingers extended and a bent thumb crossing the palm has become a symbol of the

  3. SOA-based security governance middleware

    CERN Document Server

    de Leusse, Pierre; 10.1109/SECURWARE.2010.17

    2012-01-01

    Business requirements for rapid operational efficiency, customer responsiveness as well as rapid adaptability are actively driving the need for ever increasing communication and integration apabilities of software assets. In this context, security, although acknowledged as being a necessity, is often perceived as a hindrance. Indeed, dynamic environments require flexible and understandable security that can be customized, adapted and reconfigured dynamically to face changing requirements. In this paper, the authors propose SOA based security governance middleware that handles security requirements on behalf of a resource exposed through it. The middleware aims at providing different security settings through the use of managed compositions of security services called profiles. The main added value of this work compared to existing handlers or centralized approaches lies in its enhanced flexibility and transparency.

  4. Metric-Aware Secure Service Orchestration

    Directory of Open Access Journals (Sweden)

    Gabriele Costa

    2012-12-01

    Full Text Available Secure orchestration is an important concern in the internet of service. Next to providing the required functionality the composite services must also provide a reasonable level of security in order to protect sensitive data. Thus, the orchestrator has a need to check whether the complex service is able to satisfy certain properties. Some properties are expressed with metrics for precise definition of requirements. Thus, the problem is to analyse the values of metrics for a complex business process. In this paper we extend our previous work on analysis of secure orchestration with quantifiable properties. We show how to define, verify and enforce quantitative security requirements in one framework with other security properties. The proposed approach should help to select the most suitable service architecture and guarantee fulfilment of the declared security requirements.

  5. Security of supply

    OpenAIRE

    2007-01-01

    Paul Isbell revisits the energy security debate; John Gault considers European security and natural gas supplies; William C. Ramsay discusses security of energy supplies in a global market; Hasan M. Qabazard outlines OPEC’s abiding commitment to energy security.

  6. A security architecture for health information networks.

    Science.gov (United States)

    Kailar, Rajashekar; Muralidhar, Vinod

    2007-10-11

    Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

  7. Statistical security for Social Security.

    Science.gov (United States)

    Soneji, Samir; King, Gary

    2012-08-01

    The financial viability of Social Security, the single largest U.S. government program, depends on accurate forecasts of the solvency of its intergenerational trust fund. We begin by detailing information necessary for replicating the Social Security Administration's (SSA's) forecasting procedures, which until now has been unavailable in the public domain. We then offer a way to improve the quality of these procedures via age- and sex-specific mortality forecasts. The most recent SSA mortality forecasts were based on the best available technology at the time, which was a combination of linear extrapolation and qualitative judgments. Unfortunately, linear extrapolation excludes known risk factors and is inconsistent with long-standing demographic patterns, such as the smoothness of age profiles. Modern statistical methods typically outperform even the best qualitative judgments in these contexts. We show how to use such methods, enabling researchers to forecast using far more information, such as the known risk factors of smoking and obesity and known demographic patterns. Including this extra information makes a substantial difference. For example, by improving only mortality forecasting methods, we predict three fewer years of net surplus, $730 billion less in Social Security Trust Funds, and program costs that are 0.66% greater for projected taxable payroll by 2031 compared with SSA projections. More important than specific numerical estimates are the advantages of transparency, replicability, reduction of uncertainty, and what may be the resulting lower vulnerability to the politicization of program forecasts. In addition, by offering with this article software and detailed replication information, we hope to marshal the efforts of the research community to include ever more informative inputs and to continue to reduce uncertainties in Social Security forecasts.

  8. INFORMATION SECURITY IN LOGISTICS COOPERATION

    Directory of Open Access Journals (Sweden)

    Tomasz Małkus

    2015-03-01

    Full Text Available Cooperation of suppliers of raw materials, semi-finished products, finished products, wholesalers, retailers in the form of the supply chain, as well as outsourcing of specialized logistics service require ensuring adequate support of information. It concerns the use of appropriate computer tools. The security of information in such conditions of collaboration becomes the important problem for parties of contract. The objective of the paper is to characterize main issues relating to security of information in logistics cooperation.

  9. Future consumer mobile phone security: A case study using the data-centric security model

    NARCIS (Netherlands)

    Cleeff, van A.

    2008-01-01

    Consumer mobile phone security requires more attention, now that their data storage capacity is increasing. At the same time, much effort is spent on data-centric security for large enterprises. In this article we try to apply data-centric security to consumer mobile phones. We show a maturity model

  10. 33 CFR 104.210 - Company Security Officer (CSO).

    Science.gov (United States)

    2010-07-01

    ... inspections under 46 CFR part 2; (7) Ensure the timely or prompt correction of problems identified by audits... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Company Security Officer (CSO... MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Requirements § 104.210 Company...

  11. Security Metrics: A Solution in Search of a Problem

    Science.gov (United States)

    Rosenblatt, Joel

    2008-01-01

    Computer security is one of the most complicated and challenging fields in technology today. A security metrics program provides a major benefit: looking at the metrics on a regular basis offers early clues to changes in attack patterns or environmental factors that may require changes in security strategy. The term "security metrics" loosely…

  12. Information Security

    OpenAIRE

    Hartel, Pieter; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W. Ph.

    2005-01-01

    Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is trusted to actually handle an asset. Two concepts complement authorisation. Authentication deter-mines who makes a request to handle an asset. To decide who is authorised, a system needs to au-the...

  13. Network security

    CERN Document Server

    Perez, André

    2014-01-01

    This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring. Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying

  14. Extremely secure identification documents

    Energy Technology Data Exchange (ETDEWEB)

    Tolk, K.M. [Sandia National Labs., Albuquerque, NM (United States); Bell, M. [Sandia National Labs., Livermore, CA (United States)

    1997-09-01

    The technology developed in this project uses biometric information printed on the document and public key cryptography to ensure that an adversary cannot issue identification documents to unauthorized individuals or alter existing documents to allow their use by unauthorized individuals. This process can be used to produce many types of identification documents with much higher security than any currently in use. The system is demonstrated using a security badge as an example. This project focused on the technologies requiring development in order to make the approach viable with existing badge printing and laminating technologies. By far the most difficult was the image processing required to verify that the picture on the badge had not been altered. Another area that required considerable work was the high density printed data storage required to get sufficient data on the badge for verification of the picture. The image processing process was successfully tested, and recommendations are included to refine the badge system to ensure high reliability. A two dimensional data array suitable for printing the required data on the badge was proposed, but testing of the readability of the array had to be abandoned due to reallocation of the budgeted funds by the LDRD office.

  15. Embedding security messages in existing processes: a pragmatic and effective approach to information security culture change

    CERN Document Server

    Lopienski, Sebastian

    Companies and organizations world-wide depend more and more on IT infrastructure and operations. Computer systems store vital information and sensitive data; computing services are essential for main business processes. This high dependency comes with a number of security risks, which have to be managed correctly on technological, organizational and human levels. Addressing the human aspects of information security often boils down just to procedures, training and awareness raising. On the other hand, employees and collaborators do not adopt security attitude and habits simply when told to do so – a real change in behaviour requires an established security culture. But how to introduce a security culture? This thesis outlines the need of developing or improving security culture, and discusses how this can be done. The proposed approach is to gradually build security knowledge and awareness, and influence behaviours. The way to achieve this is to make security communication pervasive by embedding security me...

  16. Security Verification of Secure MANET Routing Protocols

    Science.gov (United States)

    2012-03-22

    the destination. The route discovery phase is complete upon receipt of the RREP at the requesting node. The DYMO protocol is a simpler version of AODV ...described in this appendix. The protocols are Secure AODV (SAODV), Secure Efficient Distance Vector (SEAD), and Secure Link State Routing Protocol (SLSP...SECURITY VERIFICATION OF SECURE MANET ROUTING PROTOCOLS THESIS Matthew F. Steele, Captain, USAF AFIT/GCS/ENG/12-03 DEPARTMENT OF THE AIR FORCE AIR

  17. Secure Storage Architectures

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2015-01-01

    help with this issue, which are a particular instances of the more general challenge of efficient host/guest IO that is the focus of interfaces like virtio. A collection of bridging technologies have been identified in Chapter 4, which can be helpful to overcome the limitations and challenges of supporting efficient storage for secure enclaves. The synthesis of native filesystem security mechanisms and bridging technologies led to an isolation-centric storage architecture that is proposed in Chapter 5, which leverages isolation mechanisms from different layers to facilitate secure storage for an enclave. Recommendations: The following highlights recommendations from the investigations done thus far. - The Lustre filesystem offers excellent performance but does not support some security related features, e.g., encryption, that are included in GPFS. If encryption is of paramount importance, then GPFS may be a more suitable choice. - There are several possible Lustre related enhancements that may provide functionality of use for secure-enclaves. However, since these features are not currently integrated, the use of Lustre as a secure storage system may require more direct involvement (support). (*The network that connects the storage subsystem and users, e.g., Lustre s LNET.) - The use of OpenStack with GPFS will be more streamlined than with Lustre, as there are available drivers for GPFS. - The Manilla project offers Filesystem as a Service for OpenStack and is worth further investigation. Manilla has some support for GPFS. - The proposed Lustre enhancement of Dynamic-LNET should be further investigated to provide more dynamic changes to the storage network which could be used to isolate hosts and their tenants. - The Linux namespaces offer a good solution for creating efficient restrictions to shared HPC filesystems. However, we still need to conduct a thorough round of storage/filesystem benchmarks. - Vendor products should be more closely reviewed, possibly to

  18. Guidelines for development of NASA (National Aeronautics and Space Administration) computer security training programs

    Science.gov (United States)

    Tompkins, F. G.

    1983-01-01

    The report presents guidance for the NASA Computer Security Program Manager and the NASA Center Computer Security Officials as they develop training requirements and implement computer security training programs. NASA audiences are categorized based on the computer security knowledge required to accomplish identified job functions. Training requirements, in terms of training subject areas, are presented for both computer security program management personnel and computer resource providers and users. Sources of computer security training are identified.

  19. BUSINESS INTELLIGENCE SECURITY

    Directory of Open Access Journals (Sweden)

    Dragoş Ovidiu TOFAN

    2016-11-01

    Full Text Available Excess information characteristic to the current environment leads to the need for a change of the organizations’ perspective and strategy not only through the raw data processing, but also in terms of existing applications generating new information. The overwhelming evolution of digital technologies and web changes led to the adoption of new and adapted internal policies and the emergence of regulations at level of governments or different social organisms. Information security risks arising from the current dynamics demand fast solutions linked to hardware, software and also to education of human resources. Business Intelligence (BI solutions have their specific evolution in order to bring their contribution to ensure the protection of data through specific components (Big Data, cloud, analytics. The current trend of development of BI applications on mobile devices brings with it a number of shortcomings related to information security and require additional protective measure regarding flows, specific processing and data storage.

  20. Information security management handbook, v.7

    CERN Document Server

    O'Hanley, Richard

    2013-01-01

    Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics

  1. Securing the Global Airspace System Via Identity-Based Security

    Science.gov (United States)

    Ivancic, William D.

    2015-01-01

    Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

  2. Computer Security: the security marathon, part 2

    CERN Multimedia

    Computer Security Team

    2014-01-01

    Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

  3. Information security becoming a priority for utilities

    Energy Technology Data Exchange (ETDEWEB)

    Nicolaides, S. [Numerex, Atlanta, GA (United States)

    2009-10-15

    As part of North America's national critical infrastructure, utilities are finding themselves at the forefront of a security issue. In October 2007, a leading security service provider reported a 90 per cent increase in the number of hackers attempting to attack its utility clients in just one year. Utilities are vulnerable to cyber attacks that could disrupt power production and the transmission system. This article discussed the need for intelligent technologies in securely enabling resource management and operational efficiency of the utilities market. It discussed the unique security challenges that utilities face at a time of greater regulatory activity, heightened environmental concerns, tighter data security requirements and an increasing need for remote monitoring and control. A new tool has emerged for cyber security in the form of an international standard that may offer a strong guideline to work toward 11 security domains. These include security policy; organization of information security; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition; development and maintenance; information security incident management; business continuity management; and compliance. 2 figs.

  4. Defining and Enforcing Hardware Security Requirements

    Science.gov (United States)

    2011-12-01

    only VHDL , does not provide PSL abstract syntax trees, and does not implement DFA minimization [4].1 The two most advanced checker generators...PSL Simple Subset, outputs VHDL or Verilog, provides PSL abstract syntax trees, and implements full DFA min- imization, as well as some boolean...Installation and Operation Instruction Set Registers Interrupts Privilege Levels Cache Libraries Modules Logic Design VHDL , Verilog Optimization Place and

  5. Security Requirements for Post-Transition Cuba

    Science.gov (United States)

    2007-08-01

    in U.S. Army South and U.S. Southern Command in Panama and Miami. He has served two tours at the Pentagon working as a Strategic Plans and Policies...Officer on the Department of the Army Staff and as a Politico-Military Officer at the Joint Staff J-5 (Strategic Plans and Policies Directorate...forces, the Army had 39,000, the Ejército Juvenil de Trabajo (Youth Labor Army [EJT]) had 70,000, the Civil Defense Force had 50,000, and the

  6. 46 CFR 15.1113 - Vessel Security Officer (VSO).

    Science.gov (United States)

    2010-10-01

    ... 46 Shipping 1 2010-10-01 2010-10-01 false Vessel Security Officer (VSO). 15.1113 Section 15.1113 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN MANNING REQUIREMENTS Vessels Subject to Requirements of STCW § 15.1113 Vessel Security Officer (VSO). After July...

  7. Information Systems Security Audit

    Directory of Open Access Journals (Sweden)

    Gheorghe Popescu

    2007-12-01

    Full Text Available The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  8. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  9. Pool-site E-voting Security

    Directory of Open Access Journals (Sweden)

    Ciprian Ezeanu

    2009-12-01

    Full Text Available The aim of this paper is to present e-voting procedure describing its advantages and disadvantages. Conventional security measures such as firewalls or SSL communications are necessary but not sufficient to guarantee the specific security requirements of e-voting. Besides these conventional security measures, it is also necessary to implement an additional layer of specialized security technology to address the specific risks posed by electronic voting and guarantee critical security requirements such as voters’ privacy, vote integrity and voter-verifiability. Analyzing the security of Diebold AccuVote-TS voting machine it was observed the vulnerabilities of this machine to different classes of attacks like: vote-stealing attack, Denial-of-Service (DoS attack and injecting attack code.

  10. Reconciling food security and bioenergy: priorities for action

    NARCIS (Netherlands)

    Kline, Keith L.; Msangi, Siwa; Dale, Virginia H.; Woods, Jeremy; Souza, Glaucia M.; Osseweijer, Patricia; Clancy, Joy S.; Hilbert, Jorge A.; Johnson, Francis X.; McDonnell, Patrick C.; Mugera, Harriet K.

    2016-01-01

    Understanding the complex interactions among food security, bioenergy sustainability, and resource management requires a focus on specific contextual problems and opportunities. The United Nations’ 2030 Sustainable Development Goals place a high priority on food and energy security; bioenergy plays

  11. Transforming Homeland Security [video

    OpenAIRE

    McIntyre, David; Center for Homeland Defense and Security Naval Postgraduate School

    2011-01-01

    A pioneer in homeland security, and homeland security education, David McIntyre discusses the complexities in transforming homeland security from a national program in its inception, to also include state and local agencies and other public and private parties.

  12. Social Security Administration

    Science.gov (United States)

    ... Languages Sign in / up The United States Social Security Administration Cost-Of-Living Adjustment (COLA) Information about ... replacement Medicare card Change of Address my Social Security Check out your Social Security Statement , change your ...

  13. Transportation Security Administration

    Science.gov (United States)

    ... content Official website of the Department of Homeland Security Transportation Security Administration A - Z Index What Can I Bring? ... form Search the Site Main menu Administrator Travel Security Screening Special Procedures TSA Pre✓® Passenger Support Travel ...

  14. Securing the Application Layer in eCommerce

    Directory of Open Access Journals (Sweden)

    Bala Musa S

    2012-01-01

    Full Text Available As e-commerce transaction is evolving, security is becoming a paramount issue since a great deal of credit cards, fund transfer, web shopping and public retirements are involved. Therefore, an appropriate development process is necessary for such security critical application. Also, handling security issues at early stage of software development is paramount to avoiding vulnerabilities from scaling through production environment unnoticed. This paper proposes a comprehensive security requirements and security design within the development phase of an e-commerce application as a security control to identify security flaws at early stage of web application development which might prevent re-architecture when discovered at a later stage.

  15. Cyberspace security system

    Energy Technology Data Exchange (ETDEWEB)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  16. Cyberspace security system

    Science.gov (United States)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  17. Network security risk level

    Directory of Open Access Journals (Sweden)

    Emil BURTESCU

    2006-01-01

    Full Text Available The advantages of the existence of a computers network within any company with pretensions are obvious. But the construction and the existence of a network without meeting some minimum security requirements, although it would be preferable to be optimal, can lead to bad functioning in the performance of the company’s business. The vulnerability of a grouping, such as a network, is given by the weakest point in its competence. The establishing of the risk level of each component of the network, and implicitly of the grouping, is highly necessary

  18. Usable Security For Named Data Networking

    OpenAIRE

    Yu, Yingdi

    2016-01-01

    Named Data Networking (NDN) is a proposed Internet architecture, which changes the network communication model from “speaking to a host” to “retrieving data from network”. Such data-centric communication model requires a data-centric security model, which secures data directly rather than authenticating the host where data is retrieved from and securing the channel through which data is delivered, so that data can be safely distributed into arbitrary untrusted storage and retrieved over untru...

  19. Cloud Security: Issues and Research Directions

    Science.gov (United States)

    2014-11-18

    al. present two storage isolation schemes that enable cloud users with high security requirements to verify that their disk storage is isolated from...Proof of Isolation for Cloud Storage Zhan Wang, Kun Sun, Sushil Jajodia, and Jiwu Jing 6. Selective and Fine-Grained Access to Data in the Cloud ... Cloud Security: Issues and Research Directions We organized an invitational workshop at George Mason University on Cloud Security: Issues and Research

  20. Security and Security Complex: Operational Concepts

    OpenAIRE

    Luis Tomé

    2010-01-01

    Security is one of the most ambiguous, contested, and debated ideas in the conceptual framework of international relations. The "traditional" perspective has been severely contested as new approaches develop, and the concept of security has been reworked in all its fundamental components and dimensions, from object and reference to range and security instruments. Likewise, the discussion over the definition and characterization of international security systems, namely regarding competitive s...

  1. Institutionalizing information security.

    OpenAIRE

    2008-01-01

    Information security has become a much discussed subject all over the world in the last few years. This is because information security is no longer a luxury, but a necessity in all organisations. The securing of information is not an easy task because information security is flexible and always seems to be in a state of development. This means that information security has undergone different development changes due to new technologies in the past few years. Information security became promi...

  2. Foundational aspects of security

    DEFF Research Database (Denmark)

    Chatzikokolakis, Konstantinos; Mödersheim, Sebastian Alexander; Palamidessi, Catuscia

    2014-01-01

    This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security.......This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security....

  3. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1991-01-01

    This security guide of the Department of Energy covers contractor and subcontractor access to DOE and Mound facilities. The topics of the security guide include responsibilities, physical barriers, personnel identification system, personnel and vehicular access controls, classified document control, protecting classified matter in use, storing classified matter repository combinations, violations, security education clearance terminations, security infractions, classified information nondisclosure agreement, personnel security clearances, visitor control, travel to communist-controlled or sensitive countries, shipment security, and surreptitious listening devices.

  4. 78 FR 46594 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security Customer...

    Science.gov (United States)

    2013-08-01

    ... OMB Review: Aviation Security Customer Satisfaction Performance Measurement Passenger Survey AGENCY.... Information Collection Requirement Title: Aviation Security Customer Satisfaction Performance Measurement...; Aviation Security Customer Satisfaction Performance Measurement Passenger Survey. TSA, with OMB's...

  5. 76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

    Science.gov (United States)

    2011-12-15

    ... ADMINISTRATION Information Collection; Implementation of Information Technology Security Provision AGENCY... new information collection requirement regarding Implementation of Information Technology Security... of Information Technology Security Provision,'' under the heading ``Enter Keyword or ID''...

  6. Secure proxy signature scheme with fast revocation in the standard model

    Institute of Scientific and Technical Information of China (English)

    LIU Zhen-hua; HU Yu-pu; ZHANG Xiang-song; MA Hua

    2009-01-01

    proposed scheme is provably secure based on the computational Diffie-Hellman (CDH) intractability assumption without relying on the random oracles, and satisfies all the security requirements for a secure proxy signature.

  7. Personnel Security Investigations -

    Data.gov (United States)

    Department of Transportation — This data set contains the types of background investigations, decisions, level of security clearance, date of security clearance training, and credentials issued to...

  8. On Building Secure Communication Systems

    DEFF Research Database (Denmark)

    Carvalho Quaresma, Jose Nuno

    This thesis presents the Guided System Development (GSD) framework, which aims at supporting the development of secure communication systems. A communication system is specified in a language similar to the Alice and Bob notation, a simple and intuitive language used to describe the global...... perspective of the communications between different principals. The notation used in the GSD framework extends that notation with constructs that allow the security requirements of the messages to be described. From that specification, the developer is guided through a semi-automatic translation that enables...... the verification and implementation of the system. The translation is semi-automatic because the developer has the option of choosing which implementation to use in order to achieve the specified security requirements. The implementation options are given by plugins defined in the framework. The framework...

  9. MODERN NETWORK SECURITY: ISSUES AND CHALLENGES

    Directory of Open Access Journals (Sweden)

    SHAILJA PANDEY

    2011-05-01

    Full Text Available Secure Network has now become a need of any organization. The security threats are increasing day by day and making high speed wired/wireless network and internet services, insecure andunreliable. Now – a - days security measures works more importantly towards fulfilling the cutting edge demands of today’s growing industries. The need is also induced in to the areas like defense, where secure and authenticated access of resources are the key issues related to information security. In this paper Author has described the important measures and parameters regarding large industry/organizational requirements for establishing a secure network. Wi-Fi networks are very common in providing wirelessnetwork access to different resources and connecting various devices wirelessly. There are need of different requirements to handle Wi-Fi threats and network hacking attempts. This paper exploresimportant security measures related to different network scenarios, so that a fully secured network environment could be established in an organization. Author also has discussed a case study to illustratethe minimal set of measures required for establishing network security in any organization.

  10. Secure Obfuscation for Encrypted Group Signatures.

    Directory of Open Access Journals (Sweden)

    Yang Shi

    Full Text Available In recent years, group signature techniques are widely used in constructing privacy-preserving security schemes for various information systems. However, conventional techniques keep the schemes secure only in normal black-box attack contexts. In other words, these schemes suppose that (the implementation of the group signature generation algorithm is running in a platform that is perfectly protected from various intrusions and attacks. As a complementary to existing studies, how to generate group signatures securely in a more austere security context, such as a white-box attack context, is studied in this paper. We use obfuscation as an approach to acquire a higher level of security. Concretely, we introduce a special group signature functionality-an encrypted group signature, and then provide an obfuscator for the proposed functionality. A series of new security notions for both the functionality and its obfuscator has been introduced. The most important one is the average-case secure virtual black-box property w.r.t. dependent oracles and restricted dependent oracles which captures the requirement of protecting the output of the proposed obfuscator against collision attacks from group members. The security notions fit for many other specialized obfuscators, such as obfuscators for identity-based signatures, threshold signatures and key-insulated signatures. Finally, the correctness and security of the proposed obfuscator have been proven. Thereby, the obfuscated encrypted group signature functionality can be applied to variants of privacy-preserving security schemes and enhance the security level of these schemes.

  11. 支持动态策略的安全核(Security Kernel)机制的研究%Research of Security Kernel Mechanism Supporting Dynamical Policies

    Institute of Scientific and Technical Information of China (English)

    吴新勇; 熊光泽

    2002-01-01

    Security of information system requires a secure operation system. Security kernel meets the requirement and provides a bedrock to security of operation system. This paper extracts the deficiency of traditional security kernel, presents a security kernel mechanism supporting policy flexibility, simplified secure interface. It optimizes the performance by reused policy cache, provids a method to revoke granted permissions and assures the atomicity of revocation permissions and granting new permissions. As a result, all refinements help security kernel to improve its flexibility, extensibility and portability.

  12. Security Technologies for Open Networking Environments (STONE)

    Energy Technology Data Exchange (ETDEWEB)

    Muftic, Sead

    2005-03-31

    -domain scenarios is supported by a set of security engines that represent the core of the Federated Identities Management Server, which is also an extension of the Domain Security Server. The Federated Identity Management server allows users to federate their identities or terminate the federation between the service provider and the identity provider. At the service provider web site, the users are offered a list of identity providers to which they can choose to federate their identities. After users federate their identity, they can perform Single Sign-On protocol in an environment of federated domains. The group security system consists of a number of security technologies under a unified architecture, which supports creation of secure groups and execution of secure group transactions and applications in an open networking environment. The system is based on extensions of the GSAKMP standard for group key distribution and management. The Top layer is the Security Infrastructure with the Security Management and Administration System components and protocols that provide security functions common to all secure network applications The Middle layer is the Secure Group Protocols and Applications layer, consisting of the Policy and Group Key Distribution Server and Web-based (thin) Client. The Bottom layer is the supporting Middleware Security Platform, the cryptographic platform already described above. The group security system is designed to perform the functions necessary to create secure groups and enable secure group applications. Specifically, the system can manage group roles, create and disseminate a group security policy, perform authentication and authorization of users using PKI certificates and Web services security, generate group keys, and recover from compromises. In accordance with the GSAKMP standard, the group security system must perform all the required group life-cycle functions: group definition, group establishment, group maintenance, and group removal. The

  13. Security 2020 Reduce Security Risks This Decade

    CERN Document Server

    Howard, Doug; Schneier, Bruce

    2010-01-01

    Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine

  14. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1993-06-01

    This guide is provided to aid in the achievement of security objectives in the Department of Energy (DOE) contractor/subcontractor program. The objectives of security are to protect information that, if released, would endanger the common defense and security of the nation and to safeguard plants and installations of the DOE and its contractors to prevent the interruption of research and production programs. The security objective and means of achieving the objective are described. Specific security measures discussed in this guide include physical barriers, personnel identification systems, personnel and vehicular access control, classified document control, protection of classified matter in use, storing classified matter, and repository combinations. Means of dealing with security violations and security infractions are described. Maintenance of a security education program is discussed. Also discussed are methods of handling clearance terminations, visitor control, travel to sensitive countries, and shipment security. The Technical Surveillance Countermeasures Program (TSCM), the Computer Security Program, and the Operations Security Plan (OPSEC) are examined.

  15. The corporate security professional

    DEFF Research Database (Denmark)

    Petersen, Karen Lund

    2013-01-01

    In our age of globalization and complex threat environments, every business is called upon to manage security. This tendency is reflected in the fact that a wide range of businesses increasingly think about security in broad terms and strive to translate national security concerns into corporate...... speech. This article argues that the profession of the security manager has become central for understanding how the relationship between national and corporate security is currently negotiated. The national security background of most private sector security managers makes the corporate security...... professional inside the company a powerful hybrid agent. By zooming in on the profession and the practice of national security inside companies, the article raises questions about where to draw the line between corporate security and national security along with the political consequences of the constitution...

  16. Multi-cultural network security

    Energy Technology Data Exchange (ETDEWEB)

    Stevens, D.F.

    1996-04-01

    Education and awareness are widely acknowledged to be among the fundamental issues of Internet security, but only in the sense of making Internet users more security conscious. For the Internet to achieve its promise as an information highway, however, a complementary education effort is needed. If adequate Internet security is to be achieved, we must also increase the awareness of the professional security community of the requirements, attitudes, and habits of the many different cultures that participate in the Internet. Discussions of {open_quotes}the Internet{close_quotes} encourage the misapprehension that there is a single, uniform user community instead of a loose alliance of many cultures that differ in many fundamental aspects. This is true even if we limit our consideration to ethical cultures. At this Workshop alone we have representatives of administrative and military cultures, Governmental and commercial cultures, profit-cultures and non-profit cultures, research and operational cultures. Internet cultures are united in their desire to exploit the connectivity, flexibility, and rapidity of communication provided by the net, but differ greatly in their motivations, their attitudes towards authority, their willingness to cooperate within their own communities, their interest in technical arcana, and the patience with which they will put up with - or the enthusiasm with which they will embrace - the growing list of procedures deemed necessary for acceptable security. They even differ in how they define {open_quotes}acceptable security{close_quotes}.

  17. Motorola Secure Software Development Model

    Directory of Open Access Journals (Sweden)

    Francis Mahendran

    2008-08-01

    Full Text Available In today's world, the key to meeting the demand for improved security is to implement repeatable processes that reliably deliver measurably improved security. While many organizations have announced efforts to institutionalize a secure software development process, there is little or no industry acceptance for a common process improvement framework for secure software development. Motorola has taken the initiative to develop such a framework, and plans to share this with the Software Engineering Institute for possible inclusion into its Capability Maturity Model Integration (CMMI®. This paper will go into the details of how Motorola is addressing this issue. The model that is being developed is designed as an extension of the existing CMMI structure. The assumption is that the audience will have a basic understanding of the SEI CMM® / CMMI® process framework. The paper will not describe implementation details of a security process model or improvement framework, but will address WHAT security practices are required for a company with many organizations operating at different maturity levels. It is left to the implementing organization to answer the HOW, WHEN, WHO and WHERE aspects. The paper will discuss how the model is being implemented in the Motorola Software Group.

  18. 17 CFR 240.14d-4 - Dissemination of tender offers to security holders.

    Science.gov (United States)

    2010-04-01

    ... to security holders. 240.14d-4 Section 240.14d-4 Commodity and Securities Exchanges SECURITIES AND... offers to security holders. As soon as practicable on the date of commencement of a tender offer, the bidder must publish, send or give the disclosure required by § 240.14d-6 to security holders of the...

  19. 17 CFR 242.102 - Activities by issuers and selling security holders during a distribution.

    Science.gov (United States)

    2010-04-01

    ... selling security holders during a distribution. 242.102 Section 242.102 Commodity and Securities Exchanges... REQUIREMENTS FOR SECURITY FUTURES Regulation M § 242.102 Activities by issuers and selling security holders... or on behalf of an issuer or selling security holder, it shall be unlawful for such person, or...

  20. 17 CFR 240.14d-6 - Disclosure of tender offer information to security holders.

    Science.gov (United States)

    2010-04-01

    ... information to security holders. 240.14d-6 Section 240.14d-6 Commodity and Securities Exchanges SECURITIES AND... information to security holders. (a) Information required on date of commencement—(1) Long-form publication. If a tender offer is published, sent or given to security holders on the date of commencement...

  1. 计算机网络安全技术%Security Technologies of Computer Network

    Institute of Scientific and Technical Information of China (English)

    罗明宇; 卢锡城; 卢泽新; 韩亚欣

    2000-01-01

    With the development of computer network,requirements of computer network security have been more and more urgent. In tills paper, goals of network security are reviewed. Several network attack methods,such as interruption,interception, modification, fabrication,are studied. Network security technologies,such as security mechan!sm,encryption,security detection,firewall,were discussed.

  2. Cyber Security--Are You Prepared?

    Science.gov (United States)

    Newman, Scott

    2007-01-01

    During the summer 2002 term, Oklahoma State University-Okmulgee's Information Technologies Division offered a one credit-hour network security course--which barely had adequate student interest to meet the institution's enrollment requirements. Today, OSU-Okmulgee boasts one of the nation's premier cyber security programs. Many prospective…

  3. 27 CFR 18.19 - Security.

    Science.gov (United States)

    2010-04-01

    ... 27 Alcohol, Tobacco Products and Firearms 1 2010-04-01 2010-04-01 false Security. 18.19 Section 18.19 Alcohol, Tobacco Products and Firearms ALCOHOL AND TOBACCO TAX AND TRADE BUREAU, DEPARTMENT OF THE... Provisions Document Requirements § 18.19 Security. The concentrate plant and equipment will be so...

  4. Securing underwater wireless communication networks

    OpenAIRE

    Domingo Aladrén, Mari Carmen

    2011-01-01

    Underwater wireless communication networks are particularly vulnerable to malicious attacks due to the high bit error rates, large and variable propagation delays, and low bandwidth of acoustic channels. The unique characteristics of the underwater acoustic communication channel, and the differences between underwater sensor networks and their ground-based counterparts require the development of efficient and reliable security mechanisms. In this article, a compl...

  5. Secure Storage Architectures

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2015-01-01

    help with this issue, which are a particular instances of the more general challenge of efficient host/guest IO that is the focus of interfaces like virtio. A collection of bridging technologies have been identified in Chapter 4, which can be helpful to overcome the limitations and challenges of supporting efficient storage for secure enclaves. The synthesis of native filesystem security mechanisms and bridging technologies led to an isolation-centric storage architecture that is proposed in Chapter 5, which leverages isolation mechanisms from different layers to facilitate secure storage for an enclave. Recommendations: The following highlights recommendations from the investigations done thus far. - The Lustre filesystem offers excellent performance but does not support some security related features, e.g., encryption, that are included in GPFS. If encryption is of paramount importance, then GPFS may be a more suitable choice. - There are several possible Lustre related enhancements that may provide functionality of use for secure-enclaves. However, since these features are not currently integrated, the use of Lustre as a secure storage system may require more direct involvement (support). (*The network that connects the storage subsystem and users, e.g., Lustre s LNET.) - The use of OpenStack with GPFS will be more streamlined than with Lustre, as there are available drivers for GPFS. - The Manilla project offers Filesystem as a Service for OpenStack and is worth further investigation. Manilla has some support for GPFS. - The proposed Lustre enhancement of Dynamic-LNET should be further investigated to provide more dynamic changes to the storage network which could be used to isolate hosts and their tenants. - The Linux namespaces offer a good solution for creating efficient restrictions to shared HPC filesystems. However, we still need to conduct a thorough round of storage/filesystem benchmarks. - Vendor products should be more closely reviewed, possibly to

  6. Security for multi-hop wireless networks

    CERN Document Server

    Mahmoud, Mohamed M E A

    2014-01-01

    This Springer Brief discusses efficient security protocols and schemes for multi-hop wireless networks. It presents an overview of security requirements for these networks, explores challenges in securing networks and presents system models. The authors introduce mechanisms to reduce the overhead and identify malicious nodes that drop packets intentionally. Also included is a new, efficient cooperation incentive scheme to stimulate the selfish nodes to relay information packets and enforce fairness. Many examples are provided, along with predictions for future directions of the field. Security

  7. Concepts and Practices of Cooperative Security

    DEFF Research Database (Denmark)

    Keating, Vincent; Wheeler, Nicholas J

    2013-01-01

    This chapter considers how the security dilemma can be overcome in ways that promote cooperation and even trust, mitigating or transcending the international uncertainty that can otherwise inhibit interstate cooperation. It argues that there are two mechanisms to create the trust necessary...... for the development of a security community, Charles Osgood's GRIT strategy and a unilateral 'leap of trust.' Both of these, however, initially require elites to develop security dilemma sensibility. The long-term stability of security communities is fundamentally linked to the presence of embedded trust among...

  8. Considerations on Cyber Security Assessments of Korean Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Jung-Woon; Song, Jae-Gu; Han, Kyung-Soo; Lee, Cheol Kwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Kang, Mingyun [E-Gonggam Co. Ltd., Daejeon (Korea, Republic of)

    2015-10-15

    Korea Institute of Nuclear Nonproliferation and Control (KINAC) has prepared the regulatory standard RS-015 based on RG 5.71. RS-015 defines the elements of a cyber security program to be established in nuclear facilities and describes the security control items and relevant requirements. Cyber security assessments are important initial activities in a cyber security program for NPPs. Cyber security assessments can be performed in the following key steps: 1) Formation of a cyber security assessment team (CSAT); 2) Identification of critical systems and critical digital assets (CDAs); 3) Plant compliance checks with the security control requirements in RS-015. Through the assessments, the current status of security controls applied to NPPs can be found out. The assessments provide baseline data for remedial activities. Additional analyses with the results from the assessments should be performed before the implementation of remedial security controls. The cyber security team at the Korea Atomic Energy Research Institute (KAERI) has studied how to perform cyber security assessments for NPPs based on the regulatory requirements. Recently, KAERI's cyber security team has performed pilot cyber security assessments of a Korean NPP. Based on this assessment experience, considerations and checkpoints which would be helpful for full-scale cyber security assessments of Korean NPPs and the implementation of remedial security controls are discussed in this paper. Cyber security assessment is one of important and immediate activities for NPP cyber security. The quality of the first assessment will be a barometer for NPP cyber security. Hence cyber security assessments of Korean NPPs should be performed elaborately.

  9. Untangle network security

    CERN Document Server

    El-Bawab, Abd El-Monem A

    2014-01-01

    If you are a security engineer or a system administrator and want to secure your server infrastructure with the feature-rich Untangle, this book is for you. For individuals who want to start their career in the network security field, this book would serve as a perfect companion to learn the basics of network security and how to implement it using Untangle NGFW.

  10. Chapter 3: Energy Security

    Energy Technology Data Exchange (ETDEWEB)

    Foust, Thomas D.; Arent, Doug; de Carvalho Macedo, Isaias; Goldemberg, Jose; Hoysala, Chanakya; Filho, Rubens Maciel; Nigro, Francisco E. B.; Richard, Tom L.; Saddler, Jack; Samseth, Jon; Somerville, Chris R.

    2015-04-01

    This chapter considers the energy security implications and impacts of bioenergy. We provide an assessment to answer the following questions: What are the implications for bioenergy and energy security within the broader policy environment that includes food and water security, development, economic productivity, and multiple foreign policy aspects? What are the conditions under which bioenergy contributes positively to energy security?

  11. Survey of information security

    Institute of Scientific and Technical Information of China (English)

    SHEN ChangXiang; ZHANG HuangGuo; FENG DengGuo; CAO ZhenFu; HUANG JiWu

    2007-01-01

    The 21st century is the age of information when information becomes an important strategic resource. The information obtaining, processing and security guarantee capability are playing critical roles in comprehensive national power, and information security is related to the national security and social stability. Therefore, we should take measures to ensure the information security of our country. In recent years, momentous accomplishments have been obtained with the rapid development of jnformation security technology. There are extensive theories about information security and technology. However, due to the limitation of length, this article mainly focuses on the research and development of cryptology, trusted computing, security of network, and information hiding, etc.

  12. Professional Cocoa Application Security

    CERN Document Server

    Lee, Graham J

    2010-01-01

    The first comprehensive security resource for Mac and iPhone developers. The Mac platform is legendary for security, but consequently, Apple developers have little appropriate security information available to help them assure that their applications are equally secure. This Wrox guide provides the first comprehensive go-to resource for Apple developers on the available frameworks and features that support secure application development.: While Macs are noted for security, developers still need to design applications for the Mac and the iPhone with security in mind; this guide offers the first

  13. Hybrid Level Integration of Biometric Traits for Security Applications

    Directory of Open Access Journals (Sweden)

    Manjunath S Gabasavalagi

    2013-09-01

    Full Text Available In reality the security is to be provided in different levels based on the application and requirement. In attendance related applications require low level security, banking applications may need medium level security and defence applications require high level security. This paper presents a hybrid-modal (Unimodal or Multimodal biometric system which is used to provide better security to applications based on their requirement. Based on the security level, the system uses both single evidence (unimodal for lower level and multiple evidences (multimodal for higher level security. The developed hybrid-modal system employs one or more biometric modalities such as face, voice and fingerprint by alleviating some of the challenges identified in fingerprint, face and voice biometrics modalities. These biometric modalities are selected as they are independent, non-intrusive and robust. Depends on the applications security level requirements like low, medium and high, the number of biometric modalities are provided as evidence to the system. The developed system is tested for 60 users. The accuracy for low level security applications using either fingerprint or face or voice the accuracy of around 94%, 93% and 82% respectively have achieved. The accuracy for medium level security applications using face & fingerprint, face & voice and voice & fingerprint are 91%, 81% and 88% respectively. Further, for high level security using all the three biometric traits the accuracy of 80% is achieved. The developed system provides promising results for all level of security applications.

  14. Lecture 2: Software Security

    CERN Document Server

    CERN. Geneva

    2013-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development, testing and deployment. Sebastian Lopienski is CERN’s deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and ...

  15. Quality of Protection Evaluation of Security Mechanisms

    Directory of Open Access Journals (Sweden)

    Bogdan Ksiezopolski

    2014-01-01

    Full Text Available Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol.

  16. Bioethics and the national security state.

    Science.gov (United States)

    Moreno, Jonathan D

    2004-01-01

    In previous work, I have described the history and ethics of human experiments for national security purposes during he cold war and developed the bioethical issues that will be apparent in the "war on terror". This paper is an attempt to bring these two previous lines of work together under the rubric of the "national security state," a concept familiar to Cold War historians and political scientists. The founding of the national security state was associated with the first articulations of informed consent requirements by national security agencies. My analysis indicates that strengthened consent standards, though conventionally thought to be antithetical crisis, can be seen as an attempt by the postwar national security state to protect itself from critics of expanded governmental power. During the coming years the renewed mission of the national security state in the war on terror should impel students of bioethics to consider its implications for the field.

  17. Information security protecting the global enterprise

    CERN Document Server

    Pipkin, Donald L

    2000-01-01

    In this book, IT security expert Donald Pipkin addresses every aspect of information security: the business issues, the technical process issues, and the legal issues. Pipkin starts by reviewing the key business issues: estimating the value of information assets, evaluating the cost to the organization if they are lost or disclosed, and determining the appropriate levels of protection and response to security incidents. Next, he walks through the technical processes required to build a consistent, reasonable information security system, with appropriate intrusion detection and reporting features. Finally, Pipkin reviews the legal issues associated with information security, including corporate officers' personal liability for taking care that information is protected. The book's coverage is applicable to businesses of any size, from 50 employees to 50,000 or more, and ideal for everyone who needs at least a basic understanding of information security: network/system administrators, managers, planners, archite...

  18. Problem of Information Security Traffic on Internet

    Directory of Open Access Journals (Sweden)

    Slavko Šarić

    2012-10-01

    Full Text Available Internet information traffic becomes greater and moreimportant. With increasing growth of information importancerequirement for its security becomes indispensable. Theinformation security problem especially affect large and smallcompanies whose prosperity is depending on Internet presence.This affecting the three areas of Internet commerce: credit cardtransactions, virtual private networks and digital certification.To ensure information traffic it is necessary to find a solution,in a proper way, for three major problems: frontier problem,market problem and government problem. While the eventualemergence of security standards for Internet transactions isexpected, it will not automatically result in secure Internettransactions. In future, there is a wealth of security issues thatwill continue to require attention: internal security, continuedhacking, social engineering, malicious code, reliability andperformance, skills shortages and denial of se1vice attacks.

  19. Developing security protocols in χ-Spaces

    DEFF Research Database (Denmark)

    Crazzolara, Federico; Milicia, Giuseppe

    2002-01-01

    of formal protocol verification. Verification, however, is usually carried out on an abstract model not at all related with a protocol’s implementation. Experience shows that security breaches introduced in implementations of successfully verified models are rather common. The χ-Spaces framework...... is an implementation of SPL (Security Protocol Language), a formal model for studying security protocols. In this paper we discuss the use of χ-Spaces as a tool for developing robust security protocol implementations. To make the case, we take a family of key-translation protocols due to Woo and Lam and show how χ-Spaces......It is of paramount importance that a security protocol effectively enforces the desired security requirements. The apparent simplicity of informal protocol descriptions hides the inherent complexity of their interactions which, often, invalidate informal correctness arguments and justify the effort...

  20. Incorporating User-oriented Security into CC

    DEFF Research Database (Denmark)

    Sharp, Robin

    2009-01-01

    Current versions of the Common Criteria concentrate very heavily on technical security issues which are relevant for the design of secure systems. This approach largely ignores a number of questions which can have great significance for whether or not the system can be operated securely...... in an environment which contains not only other computer systems, but also human users. A case study involving the design of a secure medical instrumentation system will be used to illustrate the problems involved in incorporating user requirements into a secure design, so that system, when implemented, will help...... users to understand whether they are operating the system in a secure manner, thus avoiding user-related pitfalls such as leaking of confidential data as a result of inappropriate input, loss of patient privacy, inappropriate user reactions due to slow system response, or other similar threats...

  1. Security Service Technology for Mobile Networks

    Institute of Scientific and Technical Information of China (English)

    Aiqun Hu; Tao Li; Mingfu Xue

    2011-01-01

    As mobile networks become high speed and attain an all-IP structure, more services are possible. This brings about many new security requirements that traditional security programs cannot handle. This paper analyzes security threats and the needs of 3G/4G mobile networks, and then proposes a novel protection scheme for them based on their whole structure. In this scheme, a trusted computing environment is constructed on the mobile terminal side by combining software validity verification with access control. At the security management center, security services such as validity verification and integrity check are provided to mobile terminals. In this way, terminals and the network as a whole are secured to a much greater extent. This paper also highlights problems to be addressed in future research and development.

  2. Network Security Scanner

    OpenAIRE

    2011-01-01

    Network Security Scanner (NSS) is a tool that allows auditing and monitoring remote network computers for possible vulnerabilities, checks your network for all potential methods that a hacker might use to attack it. Network Security Scanner is a complete networking utilities package that includes a wide range of tools for network security auditing, vulnerability Auditing, scanning, monitoring and more. Network Security Scanner (NSS) is an easy to use, intuitive network security scanner that c...

  3. Open source systems security certification

    CERN Document Server

    Damiani, Ernesto; El Ioini, Nabil

    2009-01-01

    Open Source Advances in Computer Applications book series provides timely technological and business information for: Enabling Open Source Systems (OSS) to become an integral part of systems and devices produced by technology companies; Inserting OSS in the critical path of complex network development and embedded products, including methodologies and tools for domain-specific OSS testing (lab code available), plus certification of security, dependability and safety properties for complex systems; Ensuring integrated systems, including OSS, meet performance and security requirements as well as achieving the necessary certifications, according to the overall strategy of OSS usage on the part of the adopter

  4. Static Stress Analysis of Security Injection Tank

    Institute of Scientific and Technical Information of China (English)

    2011-01-01

    The static structural analysis of the security injection tank is made to make sure whether the tank can withstand concerned loads or not on all conditions conforming to concerned code prescripts and design requirements. The tanks

  5. Principles of Security: Human, Cyber, and Biological

    CERN Document Server

    Stacey, Blake C

    2013-01-01

    Cybersecurity attacks are a major and increasing burden to economic and social systems globally. Here we analyze the principles of security in different domains and demonstrate an architectural flaw in current cybersecurity. Cybersecurity is inherently weak because it is missing the ability to defend the overall system instead of individual computers. The current architecture enables all nodes in the computer network to communicate transparently with one another, so security would require protecting every computer in the network from all possible attacks. In contrast, other systems depend on system-wide protections. In providing conventional security, police patrol neighborhoods and the military secures borders, rather than defending each individual household. Likewise, in biology, the immune system provides security against viruses and bacteria using primarily action at the skin, membranes, and blood, rather than requiring each cell to defend itself. We propose applying these same principles to address the c...

  6. Analysis of Security Protocols in Embedded Systems

    DEFF Research Database (Denmark)

    Bruni, Alessandro

    .e., protecting the system from the external world). With increased connectivity of these systems to external networks the attack surface has grown, and consequently there is a need for securing the system from external attacks. Introducing security protocols in safety critical systems requires careful......Embedded real-time systems have been adopted in a wide range of safety-critical applications—including automotive, avionics, and train control systems—where the focus has long been on safety (i.e., protecting the external world from the potential damage caused by the system) rather than security (i...... considerations on the available resources, especially in meeting real-time and resource constraints, as well as cost and reliability requirements. For this reason many proposed security protocols in this domain have peculiar features, not present in traditional security literature. In this thesis we tackle...

  7. Security for safety critical space borne systems

    Science.gov (United States)

    Legrand, Sue

    1987-01-01

    The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

  8. ENDPOINT PROTECTION SECURITY SYSTEM FOR AN ENTERPRISE

    OpenAIRE

    Ruotsalainen, Petri

    2013-01-01

    The thesis subscriber was Metso Shared Services Ltd. The objective was to find out if Microsoft Forefront Endpoint Protection 2010 (FEP) would be secure and cost-effective enough system to fulfill the requirements of the company’s endpoint protection security system. Microsoft FEP was compared and benchmarked with some other most significant endpoint protection products based on the requirements and definitions of the subscriber. The comparison and evaluation were based on investigation a...

  9. Robotic systems for homeland security

    Science.gov (United States)

    Esser, Brian; Miller, Jon; Huston, Dryver R.; Bourn, Phil

    2004-07-01

    This paper will present the concept of utilizing various mobile robotic platforms for homeland security. Highly specialized mobile robots equipped with the proper sensors and data processing capabilities have the ability to provide security and surveillance for a wide variety of applications. Large infrastructure components, such as bridges, pipelines, dams, and electrical power grids pose severe challenges for monitoring, surveillance, and protection against man-made and natural hazards. The structures are enormous, often with awkward and dangerous configurations that make it difficult, if not impossible, for continuous human surveillance. Properly outfitted robots have the potential to provide long-term surveillance without requiring continuous human supervision. Furthermore, these robotic platforms can have disaster mitigation capabilities such as evaluation of infrastructure integrity at the disaster site. The results presented will include proof-of-concept robotic platforms equipped with various sensor arrays, as well as discussion of design criteria for numerous homeland security applications.

  10. Do you write secure code?

    CERN Document Server

    Computer Security Team

    2011-01-01

    At CERN, we are excellent at producing software, such as complex analysis jobs, sophisticated control programs, extensive monitoring tools, interactive web applications, etc. This software is usually highly functional, and fulfils the needs and requirements as defined by its author. However, due to time constraints or unintentional ignorance, security aspects are often neglected. Subsequently, it was even more embarrassing for the author to find out that his code flawed and was used to break into CERN computers, web pages or to steal data…   Thus, if you have the pleasure or task of producing software applications, take some time before and familiarize yourself with good programming practices. They should not only prevent basic security flaws in your code, but also improve its readability, maintainability and efficiency. Basic rules for good programming, as well as essential books on proper software development, can be found in the section for software developers on our security we...

  11. Security Design of Remote Maintenance Systems for Nuclear Power Plants Based on ISO/IEC 15408

    Science.gov (United States)

    Watabe, Ryosuke; Oi, Tadashi; Endo, Yoshio

    This paper presents a security design of remote maintenance systems for nuclear power plants. Based on ISO/IEC 15408, we list assets to be protected, threats to the assets, security objectives against the threats, and security functional requirements that achieve the security objectives. Also, we show relations between the threats and the security objectives, and relations between the security objectives and the security functional requirements. As a result, we concretize a necessary and sufficient security design of remote maintenance systems for nuclear power plants that can protect the instrumentation and control system against intrusion, impersonation, tapping, obstruction and destruction.

  12. Secure and Efficient Routable Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.; Winn, Jennifer D.

    2010-05-01

    This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

  13. Cyber Security and Resilient Systems

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson

    2009-07-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  14. Disaster at a University: A Case Study in Information Security

    Science.gov (United States)

    Ayyagari, Ramakrishna; Tyks, Jonathan

    2012-01-01

    Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

  15. A layered approach to user-centered security

    DEFF Research Database (Denmark)

    Bødker, Susanne

    2008-01-01

    The workshop will explore the possibilities of a user-centered perspective on security. With exceptions, existing research may be criticized for being highly system-centered, focusing on how one may change user behavior to deal with the requirements of security, or on how security aspects can...

  16. 32 CFR 552.116 - Privately owned weapons-security.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 3 2010-07-01 2010-07-01 true Privately owned weapons-security. 552.116 Section..., Ammunition, and Explosives-Fort Lewis, Washington § 552.116 Privately owned weapons—security. Privately owned arms and ammunition will be secured in the manner required for military weapons and ammunition...

  17. An Overview Of The Security Concerns In Enterprise Cloud Computing

    OpenAIRE

    Anthony Bisong; Rahman, Syed M

    2011-01-01

    Deploying cloud computing in an enterprise infrastructure bring significant security concerns.Successful implementation of cloud computing in an enterprise requires proper planning andunderstanding of emerging risks, threats, vulnerabilities, and possible countermeasures. We believe enterprise should analyze the company/organization security risks, threats, and available countermeasures before adopting this technology. In this paper, we have discussed security risks and concerns in cloud comp...

  18. An Overview of the Security Concerns in Enterprise Cloud Computing

    OpenAIRE

    Bisong, Anthony; Syed; Rahman, M.

    2011-01-01

    Deploying cloud computing in an enterprise infrastructure bring significant security concerns. Successful implementation of cloud computing in an enterprise requires proper planning and understanding of emerging risks, threats, vulnerabilities, and possible countermeasures. We believe enterprise should analyze the company/organization security risks, threats, and available countermeasures before adopting this technology. In this paper, we have discussed security risks and concerns in cloud co...

  19. 33 CFR 106.205 - Company Security Officer (CSO).

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Company Security Officer (CSO...) Facility Security Requirements § 106.205 Company Security Officer (CSO). (a) General. (1) An OCS facility...; (6) Ensure the timely correction of problems identified by audits or inspections; (7)...

  20. 48 CFR 6.302-6 - National security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 1 2010-10-01 2010-10-01 false National security. 6.302-6... COMPETITION REQUIREMENTS Other Than Full and Open Competition 6.302-6 National security. (a) Authority. (1... for when the disclosure of the agency's needs would compromise the national security unless the...

  1. 48 CFR 606.302-6 - National security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 4 2010-10-01 2010-10-01 false National security. 606.302... ACQUISITION PLANNING COMPETITION REQUIREMENTS Other Than Full and Open Competition 606.302-6 National security. (b) This subsection applies to all acquisitions involving national security information,...

  2. 14 CFR 1212.604 - Social security numbers.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Social security numbers. 1212.604 Section... REGULATIONS Instructions for NASA Employees § 1212.604 Social security numbers. (a) It is unlawful for NASA to...' refusal to disclose their social security numbers, except where: (1) The disclosure is required by law;...

  3. It-security seen from a user experience perspective

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg

    The workshop will explore the possibilities of a user-centered perspective on security. With exceptions, existing research may be criticized for being highly system-centered, focusing on how one may change user behavior to deal with the requirements of security, or on how security aspects can be ...

  4. The chief information security officer insights, tools and survival skills

    CERN Document Server

    Kouns, Barry

    2011-01-01

    Chief Information Security Officers are bombarded with huge challenges every day, from recommending security applications to strategic thinking and business innovation. This guide describes the hard and soft skills that a successful CISO requires: not just a good knowledge of information security, but also attributes such as flexibility and communication skills.

  5. Managing Cisco network security

    CERN Document Server

    Knipp, Eric

    2002-01-01

    An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

  6. INNOVATIVE SECURITY: THE BASIC CONCEPTS, ESSENCE

    Directory of Open Access Journals (Sweden)

    V. A. Sakovich

    2016-01-01

    of the person. That is, the spheres which problems of safe development cannot be solved within the limits of economic security are mentioned. There is an objective requirement, for the decision of these many-sided and multidimensional problems arising in the course of formation of innovative economy, its safe development to generate within the limits of system of national security a new direction innovative security.

  7. Secure and Efficient Vertical Handover in Heterogeneous Wireless Networks

    Directory of Open Access Journals (Sweden)

    Muhammad Waseem Khan

    2013-09-01

    Full Text Available Handover occurs when a wireless node switches from one network to another. One of the main requirements of this process is to make it secure by using reliable security mechanisms, but it can decrease performance as well. So it is very essential to maintain balance between security and performance during handover. Different handover security schemes that can provide reliable security as well as performance to a certain level will be discuss in this paper. The goal of this paper is to know, how to maintain balance between handover security and performance.

  8. Protection of data carriers using secure optical codes

    Science.gov (United States)

    Peters, John A.; Schilling, Andreas; Staub, René; Tompkin, Wayne R.

    2006-02-01

    Smartcard technologies, combined with biometric-enabled access control systems, are required for many high-security government ID card programs. However, recent field trials with some of the most secure biometric systems have indicated that smartcards are still vulnerable to well equipped and highly motivated counterfeiters. In this paper, we present the Kinegram Secure Memory Technology which not only provides a first-level visual verification procedure, but also reinforces the existing chip-based security measures. This security concept involves the use of securely-coded data (stored in an optically variable device) which communicates with the encoded hashed information stored in the chip memory via a smartcard reader device.

  9. Security classification of information

    Energy Technology Data Exchange (ETDEWEB)

    Quist, A.S.

    1993-04-01

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

  10. An SLA based SaaS Security Level

    Directory of Open Access Journals (Sweden)

    Yongjing A. Li

    2013-07-01

    Full Text Available This paper proposes a data security protection strategy of the SaaS mode -the SLA based SaaS Security Level. At the same time, it gives concept model and implementation architecture of the security scheme which based on the SaaS Security Level. The SLA based SaaS Security Level takes the requirements of tenants to the data security as a starting point, and it mainly relates to data security of the data center, data security of the servers and data security of the clients. This Security Level can better meet diversified users needs than the traditional security model. According to the tenants desired service number and the protection degree of data information, they can dynamically select different levels of the security strategies. Then, according to the dynamic changes of SLA, the SaaS vendors can adjust data protection strategy of the user timely. For supporting our SaaS Security Level, we build SSM (SaaS Security Model test-bed. On the SSM test-bed, we have done some experiments, which confirmed our SaaS Security Level is feasible and easy to use.  

  11. DEPLOYMENT-DRIVEN SECURITY CONFIGURATION FOR VIRTUAL NETWORKS

    Directory of Open Access Journals (Sweden)

    Ramaswamy Chandramouli

    2014-12-01

    Full Text Available Virtualized Infrastructures are increasingly deployed in many data centers. One of the key components of this virtualized infrastructure is the virtual network – a software-defined communication fabric that links together the various Virtual Machines (VMs to each other and to the physical host on which the VMs reside. Because of its key role in providing connectivity among VMs and the applications hosted on them, Virtual Networks have to be securely configured to provide the foundation for the overall security of the virtualized infrastructure in any deployment scenario. The objective of this paper is to illustrate a deployment-driven methodology for deriving a security configuration for Virtual Networks. The methodology outlines two typical deployment scenarios, identifies use cases and their associated security requirements, the security solutions to meet those requirements, the virtual network security configuration to implement each security solution and then analyzes the pros and cons of each security solution.

  12. Android apps security

    CERN Document Server

    Gunasekera, Sheran

    2012-01-01

    Android Apps Security provides guiding principles for how to best design and develop Android apps with security in mind. It explores concepts that can be used to secure apps and how developers can use and incorporate these security features into their apps. This book will provide developers with the information they need to design useful, high-performing, and secure apps that expose end-users to as little risk as possible.  Overview of Android OS versions, features, architecture and security.  Detailed examination of areas where attacks on applications can take place and what controls should b

  13. Securing the Vista Environment

    CERN Document Server

    Gregory, Peter

    2007-01-01

    "Securing the Vista Environment" takes you on a quick tour of the most significant security features in Vista, Microsoft's first revision of Windows in almost six years. You'll get background on threats and vulnerabilities that will make you think differently about security. Security is more than just the technology and configurations--it's about how we use the system that makes it secure or not. Then we'll cover Vista's security features, from user privileges to Windows Defender, User Account Control, and BitLocker, as well as strategies for protecting your information from unwanted disclo

  14. The User-level Security of Mobile Communication Systems

    Institute of Scientific and Technical Information of China (English)

    2002-01-01

    This paper studies the user-level security of mobile systems. The current mobile phone users trust the invisible security of the 2G systems. The evolution from the second-generation mobile systems (2G) to the third generation systems (3G) will introduce the threats and opportunities of the Internet to the world of mobile communications. From the technical point of view, the new security requirements are similar to the security requirements met with today in a company Intranet environment. There is, however, one great difference; the charge paid for accessing the service. In future the users of mobile systems will have to be more aware of the security issues.

  15. Securing abundance : The politics of energy security

    NARCIS (Netherlands)

    Kester, Johannes

    2016-01-01

    Energy Security is a concept that is known in the literature for its ‘slippery’ nature and subsequent wide range of definitions. Instead of another attempt at grasping the essence of this concept, Securing Abundance reformulates the problem and moves away from a definitional problem to a theoretical

  16. Cyber security best practices for the nuclear industry

    Energy Technology Data Exchange (ETDEWEB)

    Badr, I. [Rational IBM Software Group, IBM Corporation, Evanston, IL 60201 (United States)

    2012-07-01

    When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

  17. A Model Based Security Testing Method for Protocol Implementation

    Directory of Open Access Journals (Sweden)

    Yu Long Fu

    2014-01-01

    Full Text Available The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation.

  18. Secure surface identification codes

    Science.gov (United States)

    Beekhof, F.; Voloshynovskiy, S.; Koval, O.; Villan, R.; Pun, T.

    2008-02-01

    This paper introduces an identification framework for random microstructures of material surfaces. These microstructures represent a kind of unique fingerprints that can be used to track and trace an item as well as for anti-counterfeiting. We first consider the architecture for mobile phone-based item identification and then introduce a practical identification algorithm enabling fast searching in large databases. The proposed algorithm is based on reference list decoding. The link to digital communications and robust perceptual hashing is shown. We consider a practical construction of reference list decoding, which comprizes computational complexity, security, memory storage and performance requirements. The efficiency of the proposed algorithm is demonstrated on experimental data obtained from natural paper surfaces.

  19. Based on the government website required by e-government information security research%基于电子政务发展要求的政府网站信息安全问题研究

    Institute of Scientific and Technical Information of China (English)

    侯亚杰

    2015-01-01

    随着信息技术的加快发展,各类网站不断建立,为人们管理和应用信息资源提供了很多方便,同时加强网站的安全性也已经成为一个巨大的挑战。目前,政府网站已成为犯罪分子的关键目标,政府网站加强安全建设十分重要,对此根据我国政府网站安全管理的问题,对政府网站的安全进行了探究。%With the rapid development of information technology , various sites continue to build, for people to manage and use information resources to provide a lot of convenience, while enhancing site security has become a huge challenge. At present, the government website has become a key target of criminals, strengthen the construction of government websites security imperative, which according to the existing shortcomings of our government website security management, security issues of government websites were explored.

  20. Hybrid-secure MPC 

    DEFF Research Database (Denmark)

    Lucas, Christoph; Raub, Dominik; Maurer, Ueli

    2010-01-01

    of the adversary, without being aware of the actual adversarial setting. Thus, hybrid-secure MPC protocols allow for graceful degradation of security. We present a hybrid-secure MPC protocol that provides an optimal trade-off between IT robustness and computational privacy: For any robustness parameter ρ ...Most protocols for distributed, fault-tolerant computation, or multi-party computation (MPC), provide security guarantees in an all-or-nothing fashion. In contrast, a hybrid-secure protocol provides different security guarantees depending on the set of corrupted parties and the computational power...... obtain one MPC protocol that is simultaneously IT secure with robustness for up to t ≤ ρ actively corrupted parties, IT secure with fairness (no robustness) for up to t privacy and correctness only) for up to t

  1. Security of Dependable Systems

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...... in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions....

  2. Checking Security Policy Compliance

    CERN Document Server

    Gowadia, Vaibhav; Kudo, Michiharu

    2008-01-01

    Ensuring compliance of organizations to federal regulations is a growing concern. This paper presents a framework and methods to verify whether an implemented low-level security policy is compliant to a high-level security policy. Our compliance checking framework is based on organizational and security metadata to support refinement of high-level concepts to implementation specific instances. Our work uses the results of refinement calculus to express valid refinement patterns and their properties. Intuitively, a low-level security policy is compliant to a high-level security policy if there is a valid refinement path from the high-level security policy to the low-level security policy. Our model is capable of detecting violations of security policies, failures to meet obligations, and capability and modal conflicts.

  3. Secure DTN Communications Project

    Data.gov (United States)

    National Aeronautics and Space Administration — Innoflight proposes to implement and perform an on-orbit demonstration of a Secure DTN communications suite on the SCaN Testbed aboard the ISS. Secure DTN is a...

  4. Security in Computer Applications

    CERN Document Server

    CERN. Geneva

    2004-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development. The last part of the lecture covers some miscellaneous issues like the use of cryptography, rules for networking applications, and social engineering threats. This lecture was first given on Thursd...

  5. Department of Homeland Security

    Science.gov (United States)

    ... Content Official website of the Department of Homeland Security Contact Us Quick Links Site Map A-Z ... HP - 2016 CISRM HP - 2016 CISRM Critical Infrastructure Security HP - Surge Capacity Force HP - Surge Capacity Force ...

  6. Wireshark network security

    CERN Document Server

    Verma, Piyush

    2015-01-01

    If you are network administrator or a security analyst with an interest in using Wireshark for security analysis, then this is the book for you. Basic familiarity with common network and application services terms and technologies is assumed.

  7. Analysis on the Security Technology andAssess Requirements of Mobile Banking based on Mobile Terminal%基于移动终端的手机银行安全性技术及评估需求浅析

    Institute of Scientific and Technical Information of China (English)

    张艳; 沈亮; 顾健

    2012-01-01

      伴随着我国移动终端用户数的不断攀升和互联网的飞速发展,人们对手机等移动终端与互联网进行资源共享的要求越来越迫切,然而基于移动终端的手机银行面临着日益严重的安全威胁。文章从手机银行的发展、现状出发,在对移动终端上手机银行的安全机制和面临的安全威胁进行全面分析的基础上,进一步对手机银行的信息安全保障技术和发展趋势进行了跟踪、比对、归纳与总结,并提出了针对手机银行的安全性评估需求。%  With the rising user number of mobile terminal and the rapid development of Internet in our country, the demand of resources sharing between mobile terminal and the Internet becomes more and more urgent. However, the mobile banking based on mobile terminal is facing increasingly serious security threatens. On the basis of a comprehensive analysis of the development and present situation of mobile banking, this paper describes the related security mechanism and potential security threatens of mobile banking. Furthermore, information security technology and development trend of mobile banking are comprised and summarized in this paper, and pointed propose the security assessment demand for mobile banking.

  8. 信息安全管理体系换版解析--解读《ISO/IEC27001-2013信息安全管理体系要求》%Analysis on Information Security Management System --Interpretation ofISO/IEC 27001-2013:Information Security Management Systems-Requirements

    Institute of Scientific and Technical Information of China (English)

    娄屹萍

    2016-01-01

    Before the national standard of information security management system is about to be formally promulgate, this paper analyzes the newly revised standard of ISO/IEC 27001-2013 with a comparative study of the 2005 version to deepen the understanding of the new version of the information security management system standards, and thus puts forward key recommendations for the revised information security management system.%本文结合ISO/IEC27001-2013新版标准,在信息安全管理体系国家标准即将正式颁布之前,将2013版对照2005版予以解析,以期加深对新版信息安全管理体系标准的理解,从而提出在信息安全管理换版方面的重点建议。

  9. Mobile platform security

    CERN Document Server

    Asokan, N; Dmitrienko, Alexandra

    2013-01-01

    Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrat

  10. Information Security Management

    OpenAIRE

    Huang, Lu

    2015-01-01

    The main purpose of the thesis was to present different areas of information security controls based on the international information security standard ISO 27001. The thesis also describes the methods of risk analysis and how to establish, implement, maintain and improve information security system in organizations. Most of the material was collected from books and various online resources. Some information was taken also from the teaching materials of the information security course. ...

  11. Medical Information Security

    OpenAIRE

    William C. Figg, Ph.D.; Hwee Joo Kam, M.S.

    2011-01-01

    Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs an...

  12. Electronic healthcare information security

    CERN Document Server

    Dube, Kudakwashe; Shoniregun, Charles A

    2010-01-01

    The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

  13. Understanding global security

    OpenAIRE

    Hough, Peter

    2013-01-01

    Fully revised to incorporate recent developments, this third edition of Understanding Global Security analyzes the variety of ways in which peoples lives are threatened and / or secured in contemporary global politics. The traditional focus of Security Studies texts: war, deterrence and terrorism are analyzed alongside non-military security issues such as famine, crime, disease, disasters, environmental degradation and human rights abuses to provide a comprehensive survey of how and why peopl...

  14. Hybrid Security Policies

    Directory of Open Access Journals (Sweden)

    Radu CONSTANTINESCU

    2006-01-01

    Full Text Available Policy is defined as the rules and regulations set by the organization. They are laid down by management in compliance with industry regulations, law and internal decisions. Policies are mandatory. Security policies rules how the information is protected against security vulnerabilities and they are the basis for security awareness, training and vital for security audits. Policies are focused on desired results. The means of achieving the goals are defined on controls, standards and procedures.

  15. Web Security Testing Cookbook

    CERN Document Server

    Hope, Paco

    2008-01-01

    Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.

  16. User Requirements for Wireless

    DEFF Research Database (Denmark)

    technologies or software has been developed. A variety of user requirements are provided illustrating the effect of changing the targeted user group with respect to age,; to the context and the different technologies or software as well as to the difference in viewpoint on ways of involving users...... in the elicitation process. Cases and user requirement elements discussed in the book include: User requirements elicitation processes for children, construction workers, and farmers User requirements for personalized services of a broadcast company Variations in user involvement Practical elements of user...... involvement and requirements elicitation Usable security requirements for design of privacy...

  17. Mobile communication security

    NARCIS (Netherlands)

    Broek, F.M.J. van den

    2016-01-01

    Security of the mobile network Fabian van den Broek We looked at the security of the wireless connection between mobile phone and cell towers and suggested possible improvements. The security was analysed on a design level, by looking at the protocols and encryption techniques, but also on an impl

  18. Quantum secure circuit evaluation

    Institute of Scientific and Technical Information of China (English)

    CHEN Huanhuan; LI Bin; ZHUANG Zhenquan

    2004-01-01

    In order to solve the problem of classical secure circuit evaluation, this paper proposes a quantum approach. In this approach, the method of inserting redundant entangled particles and quantum signature has been employed to strengthen the security of the system. Theoretical analysis shows that our solution is secure against classical and quantum attacks.

  19. Indicators for energy security

    NARCIS (Netherlands)

    Kruyt, B.; van Vuuren, D.P.; de Vries, H.J.M.; Groenenberg, H.

    2009-01-01

    The concept of energy security is widely used, yet there is no consensus on its precise interpretation. In this research, we have provided an overview of available indicators for long-term security of supply (SOS). We distinguished four dimensions of energy security that relate to the availability,

  20. Crayons and security

    OpenAIRE

    Sue Dwyer

    1999-01-01

    Until recently I have thought of security in terms of guards, radios, grilled windows and doors, close coordination with other internationalNGOs and a strong organisational security policy. This was until I attended the InterAction/OFDA security training course in London inSeptember 1998.

  1. Crayons and security

    Directory of Open Access Journals (Sweden)

    Sue Dwyer

    1999-04-01

    Full Text Available Until recently I have thought of security in terms of guards, radios, grilled windows and doors, close coordination with other internationalNGOs and a strong organisational security policy. This was until I attended the InterAction/OFDA security training course in London inSeptember 1998.

  2. Lemnos interoperable security project.

    Energy Technology Data Exchange (ETDEWEB)

    Halbgewachs, Ronald D.

    2010-03-01

    With the Lemnos framework, interoperability of control security equipment is straightforward. To obtain interoperability between proprietary security appliance units, one or both vendors must now write cumbersome 'translation code.' If one party changes something, the translation code 'breaks.' The Lemnos project is developing and testing a framework that uses widely available security functions and protocols like IPsec - to form a secure communications channel - and Syslog, to exchange security log messages. Using this model, security appliances from two or more different vendors can clearly and securely exchange information, helping to better protect the total system. Simplify regulatory compliance in a complicated security environment by leveraging the Lemnos framework. As an electric utility, are you struggling to implement the NERC CIP standards and other regulations? Are you weighing the misery of multiple management interfaces against committing to a ubiquitous single-vendor solution? When vendors build their security appliances to interoperate using the Lemnos framework, it becomes practical to match best-of-breed offerings from an assortment of vendors to your specific control systems needs. The Lemnos project is developing and testing a framework that uses widely available open-source security functions and protocols like IPsec and Syslog to create a secure communications channel between appliances in order to exchange security data.

  3. Homeland Security and Information.

    Science.gov (United States)

    Relyea, Harold C.

    2002-01-01

    Reviews the development of two similar policy concepts, national security and internal security, before exploring the new phrase homeland security that has become popular since the September 11 terrorist attacks. Discusses the significance of each for information policy and practice. (Author/LRW)

  4. EMI Security Architecture

    CERN Document Server

    White, J.; Schuller, B.; Qiang, W.; Groep, D.; Koeroo, O.; Salle, M.; Sustr, Z.; Kouril, D.; Millar, P.; Benedyczak, K.; Ceccanti, A.; Leinen, S.; Tschopp, V.; Fuhrmann, P.; Heyman, E.; Konstantinov, A.

    2013-01-01

    This document describes the various architectures of the three middlewares that comprise the EMI software stack. It also outlines the common efforts in the security area that allow interoperability between these middlewares. The assessment of the EMI Security presented in this document was performed internally by members of the Security Area of the EMI project.

  5. Using IND-CVA for constructing secure communication

    Institute of Scientific and Technical Information of China (English)

    HU ZhenYu; JIANG JianChun; SUN FuChun

    2009-01-01

    Within the framework of UC (universally composable) security, a general method is presented to con-struct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext verification attacks). A channel protocol with using the method first invokes an ideal key-exchange protocol to get a session key, and then computes the messages with an authenticated en-cryption scheme. The paper shows that a channel protocol is UC secure if and only if the underlying authenticated encryption scheme is both IND-CVA secure and INT-PTXT secure. The condition about secure channel protocol in this paper is much weaker than IND-CCA secure and INT-CTXT secure. The IND-CVA can be presented for describing the privacy requirements of secure channels in detail. More-over, the method for designing secure channel protocol in the paper reduces the UC security of secure channels, which are measured by action-simulation in the UC security framework, to the security of authenticated encryption schemes, which are measured semantically.

  6. Review your Computer Security Now and Frequently!

    CERN Multimedia

    IT Department

    2009-01-01

    The start-up of LHC is foreseen to take place in the autumn and we will be in the public spotlight again. This increases the necessity to be vigilant with respect to computer security and the defacement of an experiment’s Web page in September last year shows that we should be particularly attentive. Attackers are permanently probing CERN and so we must all do the maximum to reduce future risks. Security is a hierarchical responsibility and requires to balance the allocation of resources between making systems work and making them secure. Thus all of us, whether users, developers, system experts, administrators, or managers are responsible for securing our computing assets. These include computers, software applications, documents, accounts and passwords. There is no "silver bullet" for securing systems, which can only be achieved by a painstaking search for all possible vulnerabilities followed by their mitigation. Additional advice on particular topics can be obtained from the relevant I...

  7. A Framework for Secure Cloud Computing

    Directory of Open Access Journals (Sweden)

    Ahmed E. Youssef

    2012-07-01

    Full Text Available Cloud computing is one of the most discussed topics today in the field of information technology. It introduces a new Internet-based environment for on-demand, dynamic provision of reconfigurable computing resources. The biggest challenge in cloud computing is the security and privacy problems caused by its multi-tenancy nature and the outsourcing of infrastructure, sensitive data and critical applications. In this paper, we propose a framework that identifies security and privacy challenges in cloud computing. It highlights cloud-specific attacks and risks and clearly illustrates their mitigations and countermeasures. We also propose a generic cloud computing security model that helps satisfy security and privacy requirements in the clouds and protect them against various vulnerabilities. The purpose of this work is to advise on security and privacy considerations that should be taken and solutions that might be considered when using the cloud environment by individuals and organizations.

  8. Analysis of MANET Security, Architecture and Assessment

    Directory of Open Access Journals (Sweden)

    Sweta Kaushik

    2012-03-01

    Full Text Available in these days, the Mobile ad hoc network (MANET technology spreads widely. Architecture and security issue is the most sensitive challenge of MANET. MANET support to nodes for directly communications with all the other nodes within their radio ranges through multiple wireless links, where the nodes are not in the direct communication range using intermediate node(s to communicate with each other. In a MANET, the users’ mobile devices behave as a network, and they must cooperatively provide the different functions which are generally provided by the network infrastructure like as routers, switches, servers. The security issues and requirement of the MANET depends on its application. Specific security architecture is necessary for specific application. The security challenges in the MANET generate because of its dynamic topology, vulnerable wireless link and nomadic environment. In this paper we have discussed the architecture and security issues of MANET.

  9. 17 CFR 405.2 - Reports to be made by registered government securities brokers and dealers.

    Science.gov (United States)

    2010-04-01

    ..., relating to possession or control of customer securities and reserve requirements, mean § 403.4 of this... customer securities and reserve requirements, mean § 403.4 of this chapter. (6) The reference to § 240.15b1... possession or control of customer securities and reserve requirements, mean § 403.4 of this chapter. (4)...

  10. COMBINING REUSABLE TEST CASES AND CONTINUOUS SECURITY TESTING FOR REDUCING WEB APPS SECURITY RISKS

    Directory of Open Access Journals (Sweden)

    Sen-Tarng Lai

    2016-11-01

    Full Text Available In network communication age, information technology is being at the continuous and rapid evolutionprocess. Network access equipment, information system and Web Apps must rapidly and continuouslyupdate to meet the user interested requirements. Major challenge of Web Apps frequent changes is the security of user personal data and transactions information. Vulnerability scanning and penetration testing are the routine methods to improve the security of Web App. However, these two ways not only timeconsuming,but also require too many resources. For coping the continuous changes, in the limitedresources, security testing not only need to be timely completed, but also should concern testing quality.Otherwise, every change maintenance cannot avoid to cause the security risk of new version App. Based on reusable test cases, this paper proposes the continuous security testing procedure (CSTP, using test casesreusability to increase security test efficiency. In Web Apps maintenance process of limited resources, CSTPcan timely handle security testing and quickly identify Web Apps vulnerabilities and defects. Assisting Apps maintainer effectively repair security defects and concretely improve the security of user personal data and transaction information.

  11. Regulating the private security industry

    CERN Document Server

    Percy, Sarah

    2002-01-01

    The under-regulation of the private security industry has increasingly become a topic of media and academic interest. This Adelphi Paper enters the debate by explaining why the industry requires further regulation, and what is wrong with the current system. It begins by briefly defining the industry and explaining the need for more effective regulation, before analysing three types of regulation: domestic, international and informal (including self-regulation).

  12. Computer Security Systems Enable Access.

    Science.gov (United States)

    Riggen, Gary

    1989-01-01

    A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

  13. Pro Spring security

    CERN Document Server

    Scarioni, Carlo

    2013-01-01

    Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications

  14. Network Security Using Firewalls

    Directory of Open Access Journals (Sweden)

    Radu Lucaciu

    2008-05-01

    Full Text Available As networks increase in size and complexity, security products are growing in sophistication and security threats are becoming more ingenious. The usage of security solutions has become inevitable for all modern organisations. There is no perfect security, but the idea is to make a network so hard to access, that it doesn’t worth trying. One of the crucial components that contribute to this security are firewalls. It is important to prevent undesired data before it ever gets into the target system. This is the job of firewalls and the article covers this topic.

  15. Information security fundamentals

    CERN Document Server

    Blackley, John A; Peltier, Justin

    2004-01-01

    Effective security rules and procedures do not exist for their own sake-they are put in place to protect critical assets, thereby supporting overall business objectives. Recognizing security as a business enabler is the first step in building a successful program.Information Security Fundamentals allows future security professionals to gain a solid understanding of the foundations of the field and the entire range of issues that practitioners must address. This book enables students to understand the key elements that comprise a successful information security program and eventually apply thes

  16. Information security management handbook

    CERN Document Server

    2002-01-01

    The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech

  17. Android security cookbook

    CERN Document Server

    Makan, Keith

    2013-01-01

    Android Security Cookbook' breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabilities in the form of detailed recipes and walkthroughs.""Android Security Cookbook"" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from

  18. Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

    Energy Technology Data Exchange (ETDEWEB)

    Hadley, Mark D.; Clements, Samuel L.

    2009-01-01

    Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

  19. Network security with openSSL cryptography for secure communications

    CERN Document Server

    Viega, John; Chandra, Pravir

    2002-01-01

    Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications.The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. The library is the only free, full-featured SSL implementation for C and C++, and it can be used programmatically or from the command line to secure most TCP-based network protocols.Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library?s advanced features. And, inst...

  20. Social Security: Theoretical Aspects

    Directory of Open Access Journals (Sweden)

    O. I. Kashnik

    2013-01-01

    Full Text Available The paper looks at the phenomena of security and social security from the philosophical, sociological and psychological perspective. The undertaken analysis of domestic and foreign scientific materials demonstrates the need for interdisciplinary studies, including pedagogy and education, aimed at developing the guidelines for protecting the social system from destruction. The paper defines the indicators, security level indices and their assessment methods singled out from the analytical reports and security studies by the leading Russian sociological centers and international expert organizations, including the United Nations.The research is aimed at finding out the adequate models of personal and social security control systems at various social levels. The theoretical concepts can be applied by the teachers of the Bases of Life Safety course, the managers and researches developing the assessment criteria and security indices of educational environment evaluation, as well as the methods of diagnostics and expertise of educational establishments from the security standpoint. 

  1. Unconditionally Secure Protocols

    DEFF Research Database (Denmark)

    Meldgaard, Sigurd Torkel

    the secure computation. Especially we look at the communication complexity of protocols in this model, and perfectly secure protocols. We show general protocols for any finite functionality with statistical security and optimal communication complexity (but exponential amount of preprocessing). And for two......This thesis contains research on the theory of secure multi-party computation (MPC). Especially information theoretically (as opposed to computationally) secure protocols. It contains results from two main lines of work. One line on Information Theoretically Secure Oblivious RAMS, and how...... they are used to speed up secure computation. An Oblivious RAM is a construction for a client with a small $O(1)$ internal memory to store $N$ pieces of data on a server while revealing nothing more than the size of the memory $N$, and the number of accesses. This specifically includes hiding the access pattern...

  2. Information security cost management

    CERN Document Server

    Bazavan, Ioana V

    2006-01-01

    While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

  3. Hardware mechanisms and their implementations for secure embedded systems

    OpenAIRE

    QIN, JIAN

    2005-01-01

    Security issues appearing in one or another form become a requirement for an increasing number of embedded systems. Those systems, which will be used to capture, store, manipulate, and access data with a sensitive nature, have posed several unique and urgent challenges. The challenges to those embedded system require new approaches to security covering all aspects of embedded system design from architecture, implementation to the methodology. However, security is always treated by embedded sy...

  4. 78 FR 38851 - Electric Reliability Organization Proposal To Retire Requirements in Reliability Standards

    Science.gov (United States)

    2013-06-28

    ... Control CIP-003-3, -4, Requirement R1.2--Cyber Security--Security Management Controls \\20\\ \\20\\ NERC... sixteen. CIP-003-3, -4, Requirements R3, R3.1, R3.2, and R3.3--Cyber Security--Security Management Controls CIP-003-3, -4, Requirement R4.2--Cyber Security--Security Management Controls CIP-005-3a,...

  5. Unconditional Security In Quantum Key Distribution

    CERN Document Server

    Yuen, Horace P

    2012-01-01

    It has been widely claimed and believed that many protocols in quantum key distribution, especially the single-photon BB84 protocol, have been proved unconditionally secure at least in principle, for both asymptotic and finite protocols with realistic bit lengths. In this paper it is pointed out that the only known quantitative justification for such claims is based on incorrect assertions. The precise security requirements are described in terms of the attacker's sequence and bit error probabilities in estimating the key. The extent to which such requirements can be met from a proper trace distance criterion is established. The results show that the quantitative security levels obtainable in concrete protocols with ideal devices do not rule out drastic breach of security unless privacy amplification is more properly applied.

  6. On Secure Workflow Decentralisation on the Internet

    Directory of Open Access Journals (Sweden)

    Petteri Kaskenpalo

    2010-06-01

    Full Text Available Decentralised workflow management systems are a new research area, where most work to-date has focused on the system's overall architecture. As little attention has been given to the security aspects in such systems, we follow a security driven approach, and consider, from the perspective of available security building blocks, how security can be implemented and what new opportunities are presented when empowering the decentralised environment with modern distributed security protocols. Our research is motivated by a more general question of how to combine the positive enablers that email exchange enjoys, with the general benefits of workflow systems, and more specifically with the benefits that can be introduced in a decentralised environment. This aims to equip email users with a set of tools to manage the semantics of a message exchange, contents, participants and their roles in the exchange in an environment that provides inherent assurances of security and privacy. This work is based on a survey of contemporary distributed security protocols, and considers how these protocols could be used in implementing a distributed workflow management system with decentralised control . We review a set of these protocols, focusing on the required message sequences in reviewing the protocols, and discuss how these security protocols provide the foundations for implementing core control-flow, data, and resource patterns in a distributed workflow environment.

  7. Security Processing for High End Embedded System with Cryptographic Algorithms

    Directory of Open Access Journals (Sweden)

    M.Shankar

    2012-01-01

    Full Text Available This paper is intended to introduce embedded system designers and design tool developers to the challenges involved in designing secure embedded systems. The challenges unique to embedded systems require new approaches to security covering all aspects of embedded system design from architecture to implementation. Security processing, which refers to the computations that must be performed in a system for the purpose of security, can easily overwhelm thecomputational capabilities of processors in both low- and highendembedded systems. The paper also briefs on the security enforced in a device by the use of proprietary security technology and also discusses the security measures taken during the production of the device. We also survey solution techniques to address these challenges, drawing from both current practice and emerging esearch, and identify open research problems that will require innovations in embedded system architecture and design methodologies.

  8. Information security policy development for compliance

    CERN Document Server

    Williams, Barry L

    2013-01-01

    Although compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control. Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will he

  9. Portfolio analysis of layered security measures.

    Science.gov (United States)

    Chatterjee, Samrat; Hora, Stephen C; Rosoff, Heather

    2015-03-01

    Layered defenses are necessary for protecting the public from terrorist attacks. Designing a system of such defensive measures requires consideration of the interaction of these countermeasures. In this article, we present an analysis of a layered security system within the lower Manhattan area. It shows how portfolios of security measures can be evaluated through portfolio decision analysis. Consideration is given to the total benefits and costs of the system. Portfolio diagrams are created that help communicate alternatives among stakeholders who have differing views on the tradeoffs between security and economic activity.

  10. Security, privacy and trust in cloud systems

    CERN Document Server

    Nepal, Surya

    2013-01-01

    The book compiles technologies for enhancing and provisioning security, privacy and trust in cloud systems based on Quality of Service requirements. It is a timely contribution to a field that is gaining considerable research interest, momentum, and provides a comprehensive coverage of technologies related to cloud security, privacy and trust. In particular, the book includes - Cloud security fundamentals and related technologies to-date, with a comprehensive coverage of evolution, current landscape, and future roadmap. - A smooth organization with introductory, advanced and specialist content

  11. ZigBee-2007 Security Essentials

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    2008-01-01

    ZigBee is a fairly new but promising standard for wireless networks due to its low resource requirements. As in other wireless network standards, security is an important issue and each new version of the ZigBee Specification enhances the level of the ZigBee security. In this paper, we present...... the security essentials of the latest ZigBee Specification, ZigBee-2007. We explain the key concepts, protocols, and computations. In addition, we formulate the protocols using standard protocol narrations. Finally, we identify the key challenges to be considered for consolidating ZigBee....

  12. Safe and Secure Services Based on NGN

    Science.gov (United States)

    Fukazawa, Tomoo; Nisase, Takemi; Kawashima, Masahisa; Hariu, Takeo; Oshima, Yoshihito

    Next Generation Network (NGN), which has been undergoing standardization as it has developed, is expected to create new services that converge the fixed and mobile networks. This paper introduces the basic requirements for NGN in terms of security and explains the standardization activities, in particular, the requirements for the security function described in Y.2701 discussed in ITU-T SG-13. In addition to the basic NGN security function, requirements for NGN authentication are also described from three aspects: security, deployability, and service. As examples of authentication implementation, three profiles-namely, fixed, nomadic, and mobile-are defined in this paper. That is, the “fixed profile” is typically for fixed-line subscribers, the “nomadic profile” basically utilizes WiFi access points, and the “mobile profile” provides ideal NGN mobility for mobile subscribers. All three of these profiles satisfy the requirements from security aspects. The three profiles are compared from the viewpoint of requirements for deployability and service. After showing that none of the three profiles can fulfill all of the requirements, we propose that multiple profiles should be used by NGN providers. As service and application examples, two promising NGN applications are proposed. The first is a strong authentication mechanism that makes Web applications more safe and secure even against password theft. It is based on NGN ID federation function. The second provides an easy peer-to-peer broadband virtual private network service aimed at safe and secure communication for personal/SOHO (small office, home office) users, based on NGN SIP (session initiation protocol) session control.

  13. 24 CFR 886.116 - Security and utility deposits.

    Science.gov (United States)

    2010-04-01

    ... 24 Housing and Urban Development 4 2010-04-01 2010-04-01 false Security and utility deposits. 886... utility deposits. (a) An Owner may require Families to pay a security deposit in an amount up to, but not... utility deposits, if required, from their own resources and/or other private or public sources....

  14. Usable Security and E-Banking

    DEFF Research Database (Denmark)

    Hertzum, Morten; Juul, Niels Christian; Jørgensen, Niels Henrik

    2004-01-01

    Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Analysis of the weaknesses suggests that security requirements are among their causes and that the we...... that transcend preconceived instructions. We discuss the pros and cons of automation and understanding as alternative approaches to the design of web-based e-banking systems....

  15. Usable security and e-banking

    DEFF Research Database (Denmark)

    Hertzum, Morten; Jørgensen, Niels; Nørgaard, Mie

    2004-01-01

    Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Our analysis of the weaknesses suggests that security requirements are among their causes and that th...... that transcend preconceived instructions. We discuss the pros and cons of automation and understanding as alternative approaches to the design of web-based e-banking systems....

  16. Acquiring Secure Systems Through Information Economics

    Science.gov (United States)

    2015-05-01

    Acquiring Secure Systems Through Information Economics Chad Dacus Research Professor of Defense Economics Air Force Research Institute Dr. Pano...to 00-00-2015 4. TITLE AND SUBTITLE Acquiring Secure Systems Through Information Economics 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM...If adversary can hack into mission essential software/hardware, then mission is compromised • Mission assurance requires materiel solutions, educated

  17. 6 CFR 37.15 - Physical security features for the driver's license or identification card.

    Science.gov (United States)

    2010-01-01

    ... 6 Domestic Security 1 2010-01-01 2010-01-01 false Physical security features for the driver's..., Verification, and Card Issuance Requirements § 37.15 Physical security features for the driver's license or... of features that are effectively combined and provide multiple layers of security. States...

  18. 17 CFR 242.602 - Dissemination of quotations in NMS securities.

    Science.gov (United States)

    2010-04-01

    ... NMS securities. 242.602 Section 242.602 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS M, SHO, ATS, AC, AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY FUTURES Regulation Nms-Regulation of the National Market System § 242.602 Dissemination of quotations...

  19. 76 FR 61950 - Security Zones, 2011 Asia-Pacific Economic Cooperation Conference, Oahu, HI

    Science.gov (United States)

    2011-10-06

    ... SECURITY Coast Guard 33 CFR Part 165 RIN 1625-AA87 Security Zones, 2011 Asia-Pacific Economic Cooperation... will be in place to provide the necessary security measures required for the Asia-Pacific Economic... temporary Sec. 165.T14-0800 to read as follows: Sec. 165.T14-0800 Security Zones; 2011 Asia-Pacific...

  20. Human Security Agendas

    Institute of Scientific and Technical Information of China (English)

    Alan Hunter

    2012-01-01

    Ⅰ.IntroductionThe need for governments and international organisations to gain a better understanding of "security" is ever more urgent.For example in the conflict in Libya in early 2011,many security dilemmas were visible:the protection of Libyan civilians,the security of the regime,whether and how the UN or NATO should intervene,whether Europe would be threatened with a massive refugee flow,how to protect or evacuate foreign citizens (including Chinese),how to secure food and medical supplies in the midst of armed conflict.Such events may be termed "complex emergencies" which often raise legal, military and humanitarian issues simultaneously.International law and practice do not provide clear guidelines on such situations,and responses can be random,contingent on a variety of factors.Traditional concepts of security,for example protection of national borders,are certainly still relevant and legally enforceable,but more sophisticated concepts are needed to respond to security dilemmas in today's globalised world.Human security as a concept was first developed within the UN system in the 1990s,and set out,for example,in Human Security Now [1] The first section of this paper tracks the development of Human Security discourse,and also examines the broadening of the "security"concept in recent years.The second section reports on institutions with a specific interest in Human Security,for example within the UN system and in universities.The third section acknowledges some critiques of the Human Security paradigm.The last section reports on new directions that may enrich the Human Security agenda.

  1. CORBA security services for health information systems.

    Science.gov (United States)

    Blobel, B; Holena, M

    1998-01-01

    The structure of healthcare systems in developed countries is changing to 'shared care', enforced by economic constraints and caused by a change in the basic conditions of care. That development results in co-operative health information systems across the boundaries of organisational, technological, and policy domains. Increasingly, these distributed and, as far as their domains are concerned, heterogeneous systems are based on middleware approaches, such as CORBA. Regarding the sensitivity of personal and medical data, such open, distributed, and heterogeneous health information systems require a high level of data protection and data security, both with respect to patient information and with respect to users. This paper, relying on experience gained through our activities in CORBAmed, describes the possibilities the CORBA middleware provides to achieve application and communication security. On the background of the overall CORBA architecture, it outlines the different security services previewed in the adopted CORBA specifications which are discussed in the context of the security requirements of healthcare information systems. Security services required in the healthcare domain but not available at the moment are mentioned. A solution is proposed, which on the one hand allows to make use of the available CORBA security services and additional ones, on the other hand remains open to other middleware approaches, such as DHE or HL7.

  2. Security Risks and Modern Cyber Security Technologies for Corporate Networks

    CERN Document Server

    Gharibi, Wajeb

    2011-01-01

    This article aims to highlight current trends on the market of corporate antivirus solutions. Brief overview of modern security threats that can destroy IT environment is provided as well as a typical structure and features of antivirus suits for corporate users presented on the market. The general requirements for corporate products are determined according to the last report from av-comparatives.org [1]. The detailed analysis of new features is provided based on an overview of products available on the market nowadays. At the end, an enumeration of modern trends in antivirus industry for corporate users completes this article. Finally, the main goal of this article is to stress an attention about new trends suggested by AV vendors in their solutions in order to protect customers against newest security threats.

  3. Effective Security Architecture for Virtualized Data Center Networks

    Directory of Open Access Journals (Sweden)

    Udeze Chidiebele. C

    2012-01-01

    Full Text Available This work presents a candidate scheme for effective security policy that defines the requirements that will facilitate protection of network resources from internal and external security threats. Also, it ensures data privacy and integrity in a virtualized data center network (VDCN. An integration of Open Flow Software Defined Networking (OFSDN with VLAN Virtual Server Security (VVSS architecture is presented to address distinct security issues in virtualized data centers. The OFSDN with VVSS is proposed to create a more secured protection and maintain compliance integrity of servers and applications in the DCN. This proposal though still on the prototype phase, calls for community driven responses.

  4. Security-Enhanced Fast Mobile IPv6 Handover

    Science.gov (United States)

    Park, Chang-Seop

    Motivated by the fact that the existing FMIPv6 security scheme has several weaknesses in terms of security and efficiency, we propose a security-enhanced fast mobile IPv6 in this letter. Based on the concept of a secret key-based CGA (Cryptographically Generated Address), we show how to establish a new security association between the MN and AR (Access Router) whenever a handover occurs. We also show that the proposed scheme is robust against several types of security attacks feasible with the existing scheme. Our scheme is more efficient in that it requires fewer public key operations.

  5. Norms, standards, models and recommendations for information security management

    Directory of Open Access Journals (Sweden)

    Karol Kreft

    2010-12-01

    Full Text Available Information is the factor which can decide about the potential and market value of a company. An increase in the value of intellectual capital of an information-driven company requires development of an effective security management system. More and more often companies develop information security management systems (ISMS based on already verified models. In the article, the main problems with management of information security were discussed. Security models were described, as well as the risk analysis in information security management.

  6. Information security governance simplified from the boardroom to the keyboard

    CERN Document Server

    Fitzgerald, Todd

    2011-01-01

    Security practitioners must be able to build cost-effective security programs while also complying with government regulations. Information Security Governance Simplified: From the Boardroom to the Keyboard lays out these regulations in simple terms and explains how to use control frameworks to build an air-tight information security (IS) program and governance structure. Defining the leadership skills required by IS officers, the book examines the pros and cons of different reporting structures and highlights the various control frameworks available. It details the functions of the security d

  7. A Novel Advanced Heap Corruption and Security Method

    Directory of Open Access Journals (Sweden)

    Arundhati Walia

    2012-05-01

    Full Text Available Heap security has been a major concern since the past two decades. Recently many methods have been proposed to secure heap i.e. to avoid heap overrun and attacks. The paper describes a method suggested to secure heap at the operating system level. Major emphasis is given to Solaris operating systems dynamic memory manager. When memory is required dynamically during runtime, the SysVmalloc acts as a memory allocator.Vmalloc allocates the chunks of memory in the form of splay tree structure. A self adjusting binary tree structure is reviewed in the paper, moreover major security issue to secure heap area is also suggested in the paper.

  8. A Novel Model for Security Evaluation for Compliance

    DEFF Research Database (Denmark)

    Hald, Sara Ligaard; Pedersen, Jens Myrup; Prasad, Neeli R.

    2011-01-01

    With the increasing focus on security in information systems, it is becoming necessary to be able to describe and compare security attributes for different technologies. Existing are well-described and comprehensive, but expensive and resource demanding to apply. The Security Evaluation...... for Compliance (SEC) model offers a lightweight alternative for use by decision makers to get a quick overview of the security attributes of different technologies for easy comparison and requirement compliance evaluation. The scientific contribution is this new approach to security modelling as well...

  9. While working around security

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg; Bødker, Susanne; Petersen, Marianne Graves

    This paper describes our work at two levels. First of all the paper discusses how users of IT deal with issues of IT security in their everyday life. Secondly, we discuss how the kind of understanding of IT security that comes out of careful analyses of use confronts the ways in which usable...... IT security is established in the literature. Recent literature has called for better conceptual models as a starting point for improving IT security. In contrast to such models we propose to dress up designers by helping them better understand the work that goes into everyday security. The result...... is a methodological toolbox that helps address and design for usable and useful IT security. We deploy examples of analyses and design, carried out by ourselves and by others to fine-tune our design perspective; in particular we use examples from three current research projects....

  10. EU Security Strategy

    Institute of Scientific and Technical Information of China (English)

    Hong Jianjun

    2007-01-01

    The European Security and Defence Policy (ESDP) comprises an important part of the EU's Common Foreign and Security Policy (CFSP). The aim of ESDP is to strengthen the EU's external ability to act through the development of civilian and military capabilities for international conflict prevention and crisis management. In December 2003, the EU adopted its first European Security Strategy (ESS). Ever since then, the implementation of the ESS has been regarded as one of the biggest challenges for the EU in CFSP/ESDP matters. Although much progress has been made in its independent security and defence-building process, EU still faces serious problems and difficulties in this policy area. This paper tries to examine these recent developments, assess their impacts in regional-global security, and analyze existing problems and future trends. Finally, the author also examines EU-China engagements in recent years and explores possibilities for their future cooperation in the area of international security.

  11. While Working Around Security

    DEFF Research Database (Denmark)

    Mathiasen, Niels Raabjerg

    Users of technology encounter various IT security mechanisms in their everyday lives. If these mechanisms fail to support everyday activities, they either get in the way, or the users find a way to work around them. Even though users manage to carry out everyday activities by using substandard...... of security experiences in design. The methods: Mobile probing, Prompted exploration workshops, and Acting out security involve potential future users in the process of designing IT security sensitive IT artifacts. Mobile probing collects narratives of user encounters with IT security. Prompted exploration...... of a research through design process. An everyday mobile digital signature solution has been designed, and the design problem, the design process, and the design results are presented in this dissertation. Several of my empirical findings show that the way users experience security does matter. Users...

  12. Data security in Intelligent Transport Systems

    Directory of Open Access Journals (Sweden)

    Tomas Zelinka

    2012-10-01

    Full Text Available Intelligent Transport Services expect availability of the secure seamless communications solutions typically covering widely spread areas. Different ITS solutions require different portfolio of telecommunications service quality. These parameters have to correspond with ITS service performance parameters required by specific service. Even though quite extensive range of public wireless data services with reasonable coverage are provided, most of them are provided with no guaranteed quality and security. ITS requirements can be in most parameters easier reached if multi-path communications systems are applied core solution is combined with both public as well as private ones where and when it is needed. Such solution requires implementation of relevant flexible system architecture supported by the efficient decision processes. This paper is concentrated the telecommunications security issues relevant to the ITS wide area networking. Expected level of security varies in dependence on relevant ITS service requirements. Data volumes transferred both in private data vehicle on board networks as well as between vehicles and infrastructure (C2I or other vehicles (C2C progressively grow. Such trend upsurges the fatal problems appearance probability in case security of the wide area networks is not relevantly treated. That is reason why relevant communications security treatment becomes crucial part of the ITS solution. Besides of available "off shelf" security tools we present solution based on non-public universal identifier with dynamical extension (time and position dependency as an autonomous variables and data selection according to actor role or category. Presented results were obtained within projects e-Ident1, DOTEK2 and SRATVU3.

  13. Securing Wireless Sensor Networks: Security Architectures

    Directory of Open Access Journals (Sweden)

    David Boyle

    2008-01-01

    Full Text Available Wireless sensor networking remains one of the most exciting and challenging research domains of our time. As technology progresses, so do the capabilities of sensor networks. Limited only by what can be technologically sensed, it is envisaged that wireless sensor networks will play an important part in our daily lives in the foreseeable future. Privy to many types of sensitive information, both sensed and disseminated, there is a critical need for security in a number of applications related to this technology. Resulting from the continuous debate over the most effective means of securing wireless sensor networks, this paper considers a number of the security architectures employed, and proposed, to date, with this goal in sight. They are presented such that the various characteristics of each protocol are easily identifiable to potential network designers, allowing a more informed decision to be made when implementing a security protocol for their intended application. Authentication is the primary focus, as the most malicious attacks on a network are the work of imposters, such as DOS attacks, packet insertion etc. Authentication can be defined as a security mechanism, whereby, the identity of a node in the network can be identified as a valid node of the network. Subsequently, data authenticity can be achieved; once the integrity of the message sender/receiver has been established.

  14. Towards Information Security Awareness

    OpenAIRE

    Marius Petrescu; Delia Mioara Popescu; Nicoleta Sirbu

    2010-01-01

    Information security has come to be recognized as increasingly important because global communication and information systems allow a potentially large number of unauthorized users to access and possibly alter information from around the world. As the dependence on information systems grows, so the security of information networks becomes ever more critical to any entity, no matter if it is a company or a public institution. Information security involves both technology and people. Any securi...

  15. Information security culture.

    OpenAIRE

    2008-01-01

    The current study originated from the realisation that information security is no longer solely dependent on technology. Information security breaches are often caused by users, most of the time internal to the organisation, who compromise the technology-driven solutions. This interaction between people and the information systems is seemingly the weakest link in information security. A people-oriented approach is needed to address this problem. Incorporating the human element into informatio...

  16. Addressing Software Security

    Science.gov (United States)

    Bailey, Brandon

    2015-01-01

    Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

  17. Design for Security Workshop

    Science.gov (United States)

    2014-09-30

    devices and systems  Tools for secure interplay between hardware and software  Design environment for modeling and simulating hardware attacks and...and email  Improperly secured devices – no PIN lock  User intervention – jailbreaking, unlocking  Mobile has become the enterprise security...Apps  Content providers  DRM for movies, songs, etc.  Finance companies  Account data, passwords  IOT  home automation, health, etc

  18. Vehicle Tracking and Security

    Science.gov (United States)

    Scorer, A. G.

    1998-09-01

    This paper covers the wide area and short range locational technologies that are available for vehicle tracking in particular and mobile user security in general. It also summarises the radio communications services that can deliver information to the user. It considers the use that can be made of these technologies, when combined with procedures for delivering a response, in the security field, notably in relation to personal security, high-value load protection and the after-theft tracking markets.

  19. Automated security management

    CERN Document Server

    Al-Shaer, Ehab; Xie, Geoffrey

    2013-01-01

    In this contributed volume, leading international researchers explore configuration modeling and checking, vulnerability and risk assessment, configuration analysis, and diagnostics and discovery. The authors equip readers to understand automated security management systems and techniques that increase overall network assurability and usability. These constantly changing networks defend against cyber attacks by integrating hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers, and crypto systems. Automated Security Managemen

  20. Outsourcing information security

    CERN Document Server

    Axelrod, Warren

    2004-01-01

    This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions.

  1. Efficient and Secure Information Sharing For Security Personnels: A Role and Cooperation Based Approach

    Directory of Open Access Journals (Sweden)

    G.K. Pradhan

    2010-07-01

    Full Text Available To facilitate users to interact with and share information without difficulty and faultlessly across various networks and databases nationwide, a secure and trusted information-sharing environment has been recognized as an imperative requirement and to advance homeland security effort. The key incentive following this research is to build a secure and trusted information-sharing approach for governmentdepartments. This paper presents an efficient role and cooperation based information sharing approach for secure exchange of confidential and top secret information amongst security personnels and government departments within the national boundaries using public key cryptography. The devised approach makes use of cryptographic hash function; public key cryptosystem and a unique and complex mapping function for securely exchanging confidential information. Furthermore, the proposed approach facilitates privacy preserving information sharing with probable restrictions based on the rank of the security personnels. The developed role and cooperation based information sharing approach ensures secure and stream-lined information sharing among security personnels and government intelligence departments to avoid threatening activities. The experimental results demonstrate the effectiveness of theproposed information sharing approach.

  2. Land Ecological Security Evaluation of Guangzhou, China

    Directory of Open Access Journals (Sweden)

    Linyu Xu

    2014-10-01

    Full Text Available As the land ecosystem provides the necessary basic material resources for human development, land ecological security (LES plays an increasingly important role in sustainable development. Given the degradation of land ecological security under rapid urbanization and the urgent LES requirements of urban populations, a comprehensive evaluation method, named Double Land Ecological Security (DLES, has been introduced with the city of Guangzhou, China, as a case study, which evaluates the LES in regional and unit scales for reasonable and specific urban planning. In the evaluation process with this method, we have combined the material security with the spiritual security that is inevitably associated with LES. Some new coefficients of land-security supply/demand distribution and technology contribution for LES evaluation have also been introduced for different spatial scales, including the regional and the unit scales. The results for Guangzhou indicated that, temporally, the LES supply indices were 0.77, 0.84 and 0.77 in 2000, 2006 and 2009 respectively, while LES demand indices for the city increased in 2000, 2006 and 2009 from 0.57 to 0.95, which made the LES level decreased slowly in this period. Spatially, at the regional scale, the urban land ecological security (ULES level decreased from 0.2 (marginal security to −0.18 (marginal insecurity as a whole; in unit scale, areas in the north and in parts of the east were relatively secure and the security area was shrinking with time, but the central and southern areas turned to be marginal insecurity, especially in 2006 and 2009. This study proposes that DLES evaluation should be conducted for targeted and efficient urban planning and management, which can reflect the LES level of study area in general and in detail.

  3. Functional Requirements Study

    Science.gov (United States)

    2008-07-01

    security, and statistical needs. Some of the major requirements include real time operational, hydrological, and climate data for tactical operation...Milltech Marine (distributor), US / Smart Radio ( Shenzhen Yuantong Telecom), China SR161 AIS Receiver http://www.milltechmarine.com Nasa Marine, UK AIS

  4. Microsoft Windows Security Essentials

    CERN Document Server

    Gibson, Darril

    2011-01-01

    Windows security concepts and technologies for IT beginners IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built. This straightforward guide begins each chapter by laying out a list of topics to be discussed,

  5. Laser security systems

    Science.gov (United States)

    Kolev, Ivan S.; Stoeva, Ivelina S.

    2004-06-01

    This report presents the development of single-beam barrier laser security system. The system utilizes the near infrared (IR) range λ=(850-900)nm. The security system consists of several blocks: Transmitter; Receiver; Logical Unit; Indication; Power Supply. There are four individually software programmable security zones Z1 - Z4. The control logic is implemented on a PIC16F84 MCU. The infrared beam is a pulse pack, coded and modulated in the transmitter with frequency of 36 kHz. The receiver demodulates and decodes the beam. The software for the MCU is developed along with the electrical circuits of the security system.

  6. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2003-01-01

    Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a c

  7. Linux Security Cookbook

    CERN Document Server

    Barrett, Daniel J; Byrnes, Robert G

    2003-01-01

    Computer security is an ongoing process, a relentless contest between system administrators and intruders. A good administrator needs to stay one step ahead of any adversaries, which often involves a continuing process of education. If you're grounded in the basics of security, however, you won't necessarily want a complete treatise on the subject each time you pick up a book. Sometimes you want to get straight to the point. That's exactly what the new Linux Security Cookbook does. Rather than provide a total security solution for Linux computers, the authors present a series of easy-to-fol

  8. Chemical Security Analysis Center

    Data.gov (United States)

    Federal Laboratory Consortium — In 2006, by Presidential Directive, DHS established the Chemical Security Analysis Center (CSAC) to identify and assess chemical threats and vulnerabilities in the...

  9. Beginning ASPNET Security

    CERN Document Server

    Dorrans, Barry

    2010-01-01

    Beginning ASP.NET 3.5 Security is geared for novice to intermediate ASP.NET programmers who wish to protect and defend their web sites against attack and exploitation. Beginning with a discussion of why we need security and the things that may occur when it is ignored and an overview of how ASP.NET works, readers are taken through the common steps in developing a web site, the security problems each area exposes and how these can be exploited. Visual Studio Security MVP Barry Dorrans teaches readers how they can defend their applications using the standard .NET framework, industry patterns and

  10. Cyberspace security: How to develop a security strategy

    CERN Document Server

    Raggad, Bel G

    2007-01-01

    Despite all visible dividers, the Internet is getting us closer and closer, but with a great price. Our security is the price. The internatl. community is fully aware of the urgent need to secure the cyberspace as you see the multiplication of security standards and national schemes interpreting them beyond borders: ISO 15408, ISO 17799, and ISO 27001. Even though some countries, incl. the Security Big Six (SB6), are equipped with their security books and may feel relatively safe; this remains a wrong sense of security as long as they share their networks with entities of less security. The standards impose security best practices and system specifications for the development of information security management systems. Partners beyond borders have to be secure as this is only possible if all entities connected to the partnership remain secure. Unfortunately, there is no way to verify the continuous security of partners without periodic security auditing and certification, and members who do not comply should ...

  11. Security engineering: Phisical security measures for high-risk personnel

    Directory of Open Access Journals (Sweden)

    Jelena S. Cice

    2013-06-01

    Full Text Available The design of physical security measures is a specialized technical area that does not fall in the normal skill record and resume of commanders, architects, engineers, and project managers. This document provides guidance to those parties tasked with implementing existing and emerging physical protection system requirements: -    Creation of a single-source reference for the design and construction of physical security measures for high-risk personnel (HRP. -    Promulgation of multi-service standard recommendations and considerations. -    Potential increase of productivity of HRP and reduced temporary housing costs through clarification of considerations, guidance on planning, and provision of design solutions. -    Reduction of facility project costs. -    Better performance of modernized facilities, in terms of force protection, than original facilities. Throughout this process you must ensure: confidentiality, appropriate Public Relations, sustainability, compliance with all industrial guidelines and legal and regulatory requirement, constant review and revision to accommodate new circumstances or threats. Introduction Physical security is an extremely broad topic. It encompasses access control devices such as smart cards, air filtration and fireproofing. It is also heavily reliant on infrastructure. This means that many of the ideal physical security measures may not be economically or physically feasible for existing sites. Many businesses do not have the option of building their own facility from the ground up; thus physical security often must be integrated into an existing structure. This limits the overall set of security measures that can be installed. There is an aspect of physical security that is often overlooked; the humans that interact with it. Humans commit crime for a number of reasons. The document focuses on two building types: the HRP office and the HRP residence. HRP are personnel who are likely to be

  12. Deliberate Secure Grid Computing Blueprint Design in Indian Context

    Directory of Open Access Journals (Sweden)

    Sanjeev Puri

    2012-06-01

    Full Text Available The novel concept of grid computing, clusters of computational power is constructed from a network of many small and widespread different computers servers or workstations into a single resource. We now proceed to translate the grid security problem into specific grid security requirements. The purpose of Grid technologies is to support the secure sharing and scalable coordinated use of diverse resources in dynamic, distributed VOs. We propose a secure blueprint design for grid systems that addresses requirements for single sign-on, interoperability with local policies of any grid city of India, with dynamically varying resource demands.

  13. Comprehensive test ban treaty international monitoring system security threats and proposed security attributes

    Energy Technology Data Exchange (ETDEWEB)

    Draelos, T.J.; Craft, R.L.

    1996-03-01

    To monitor compliance with a Comprehensive Test Ban Treaty (CTBT), a sensing network, referred to as the International Monitoring System (IMS), is being deployed. Success of the IMS depends on both its ability to preform its function and the international community`s confidence in the system. To ensure these goals, steps must be taken to secure the system against attacks that would undermine it; however, it is not clear that consensus exists with respect to the security requirements that should be levied on the IMS design. In addition, CTBT has not clearly articulated what threats it wishes to address. This paper proposes four system-level threats that should drive IMS design considerations, identifies potential threat agents, and collects into one place the security requirements that have been suggested by various elements of the IMS community. For each such requirement, issues associated with the requirement are identified and rationale for the requirement is discussed.

  14. Quantum Oblivious Transfer: a secure practical implementation

    Science.gov (United States)

    Nagy, Marius; Nagy, Naya

    2016-12-01

    Together with bit commitment, Oblivious Transfer is a very useful cryptographic primitive with important applications, most notably in secure multiparty computations. It has been long known that secure Quantum Oblivious Transfer can be achieved from a secure implementation of Quantum Bit Commitment. Unfortunately, it is also well known that unconditionally secure Quantum Bit Commitment is impossible, so building a secure Oblivious Transfer protocol on top of Quantum Bit Commitment is ruled out. In this paper, we propose a relatively simple quantum protocol for Oblivious Transfer which does not require qubit storage, does not rely on bit commitment as a primitive and is easily implementable with current technology, if the two actors are honest. The protocol is proven to be secure against any individual measurements and entanglement-based attacks. Any cheating attempt trying to speculate collective measurements would be considerably difficult to put in practice, even in the near future. Furthermore, the number of qubits used in our scheme (embodied as photons in a physical realization of the protocol) acts as a security parameter, making it increasingly hard to cheat.

  15. A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE

    Directory of Open Access Journals (Sweden)

    Arijit Ukil

    2013-09-01

    Full Text Available In a typical cloud computing diverse facilitating components like hardware, software, firmware,networking, and services integrate to offer different computational facilities, while Internet or a privatenetwork (or VPN provides the required backbone to deliver the services. The security risks to the cloud system delimit the benefits of cloud computing like “on-demand, customized resource availability and performance management”. It is understood that current IT and enterprise security solutions are not adequate to address the cloud security issues. This paper explores the challenges and issues of security concerns of cloud computing through different standard and novel solutions. We propose analysis and architecture for incorporating different security schemes, techniques and protocols for cloud computing,particularly in Infrastructure-as-a-Service (IaaS and Platform-as-a-Service (PaaS systems. The proposedarchitecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and is not coupled with the underlying backbone. This would facilitate to manage the cloud system more effectively and provide the administrator to include the specific solution to counter the threat. We have also shown using experimental data how a cloud service provider can estimate the charging based on the security service it provides and security-related cost-benefit analysis can be estimated.

  16. Security Policy Enforcement in Cloud Infrastructure

    Directory of Open Access Journals (Sweden)

    Arijit Ukil

    2013-05-01

    Full Text Available Cloud computing is a computing environment consisti ng of different facilitating components like hardware, software, firmware, networking, and servi ces. Internet or a private network provides the required backbone to deliver the cloud services . The benefits of cloud computing like “on- demand, customized resource availability and perfor mance management” are overpowered by the associated security risks to the cloud system, particularly to the cloud users or clients. Existing traditional IT and enterprise security are not adequate to address the cloud security issues. In order to deploy different cloud applicat ions, it is understood that security concerns of cloud computing are to be effectively addressed. Cl oud security is such an area which deals with the concerns and vulnerabilities of cloud comp uting for ensuring safer computing environment. This paper explores the challenges and issues of security concerns of cloud computing through different standard and novel solu tions. This paper proposes architecture for incorporating different security schemes, technique s and protocols for cloud computing, particularly in Infrastructure-as-a-Service (IaaS and Platform-as-a-Service (PaaS systems. The proposed architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and is not coupled with the un derlying backbone. This would facilitate to manage the cloud system more effectively and provid e the administrator to include the specific solution to counter the threat.

  17. An Approach to Secure Mobile Enterprise Architectures

    Directory of Open Access Journals (Sweden)

    Florian Georg Furtmanduuml;ller

    2013-01-01

    Full Text Available Due to increased security awareness of enterprises for mobile applications operating with sensitive or personal data as well as extended regulations form legislative (the principle of proportionality various approaches, how to implement (extended two-factor authentication, multi-factor authentication or virtual private network within enterprise mobile environments to ensure delivery of secure applications, have been developed. Within mobile applications it will not be sufficient to rely on security measures of the individual components or interested parties, an overall concept of a security solution has to be established which requires the interaction of several technologies, standards and system components. These include the physical fuses on the device itself as well as on the network layer (such as integrated security components, security measures (such as employee agreements, contract clauses, insurance coverage, but also software technical protection at the application level (e.g. password protection, encryption, secure container. The purpose of this paper is to summarize the challenges and practical successes, providing best practices to fulfill appropriate risk coverage of mobile applications. I present a use case, in order to proof the concept in actual work settings, and to demonstrate the adaptability of the approach.

  18. Security aspects of space operations data

    Science.gov (United States)

    Schmitz, Stefan

    1993-01-01

    This paper deals with data security. It identifies security threats to European Space Agency's (ESA) In Orbit Infrastructure Ground Segment (IOI GS) and proposes a method of dealing with its complex data structures from the security point of view. It is part of the 'Analysis of Failure Modes, Effects Hazards and Risks of the IOI GS for Operations, including Backup Facilities and Functions' carried out on behalf of the European Space Operations Center (ESOC). The security part of this analysis has been prepared with the following aspects in mind: ESA's large decentralized ground facilities for operations, the multiple organizations/users involved in the operations and the developments of ground data systems, and the large heterogeneous network structure enabling access to (sensitive) data which does involve crossing organizational boundaries. An IOI GS data objects classification is introduced to determine the extent of the necessary protection mechanisms. The proposal of security countermeasures is oriented towards the European 'Information Technology Security Evaluation Criteria (ITSEC)' whose hierarchically organized requirements can be directly mapped to the security sensitivity classification.

  19. SECURING VIRTUAL IMAGES USING BLIND AUTHENTICATION PROTOCOL

    Directory of Open Access Journals (Sweden)

    RAVIKIRAN PEELUKHANA,

    2011-04-01

    Full Text Available The cloud virtualization technology improves the economy of scale for data centers through server consolidation, application consolidation and resources consolidation. Virtualization allows the provider to move Virtual Images from more congested host to less-congested hosts, as required. Enterprises also get improved server reliability, which in turn increases application performance. Despite these benefits, it includes major security challenges with the portability of Virtual Images between different cloud providers.The security and integrity of Virtual images is the foundation for the overall security of the cloud. Many of the Virtual images are intended to be shared by diverse and unrelated users. Unfortunately, existing approaches to cloud security built by cloud practitioners fall short when dealing with Virtual images. Secure transmission of virtual Images can bepossible by providing authentication using Blind Authentication protocol (BAP. The proposed approach authenticates the allocation of virtual images using Blind authentication protocol. It provides provable protection against replay and client side attacks even if the keys of the user are compromised. The encryption also provides template protection, revocability and alleviates the concerns on privacy in widespread use of biometrics. Carrying out the authentication in the encrypted domain is a secure process, while the encryption key acts as an additional layer of security.

  20. Quantum Oblivious Transfer: a secure practical implementation

    Science.gov (United States)

    Nagy, Marius; Nagy, Naya

    2016-09-01

    Together with bit commitment, Oblivious Transfer is a very useful cryptographic primitive with important applications, most notably in secure multiparty computations. It has been long known that secure Quantum Oblivious Transfer can be achieved from a secure implementation of Quantum Bit Commitment. Unfortunately, it is also well known that unconditionally secure Quantum Bit Commitment is impossible, so building a secure Oblivious Transfer protocol on top of Quantum Bit Commitment is ruled out. In this paper, we propose a relatively simple quantum protocol for Oblivious Transfer which does not require qubit storage, does not rely on bit commitment as a primitive and is easily implementable with current technology, if the two actors are honest. The protocol is proven to be secure against any individual measurements and entanglement-based attacks. Any cheating attempt trying to speculate collective measurements would be considerably difficult to put in practice, even in the near future. Furthermore, the number of qubits used in our scheme (embodied as photons in a physical realization of the protocol) acts as a security parameter, making it increasingly hard to cheat.

  1. Securing XML Documents

    Directory of Open Access Journals (Sweden)

    Charles Shoniregun

    2004-11-01

    Full Text Available XML (extensible markup language is becoming the current standard for establishing interoperability on the Web. XML data are self-descriptive and syntax-extensible; this makes it very suitable for representation and exchange of semi-structured data, and allows users to define new elements for their specific applications. As a result, the number of documents incorporating this standard is continuously increasing over the Web. The processing of XML documents may require a traversal of all document structure and therefore, the cost could be very high. A strong demand for a means of efficient and effective XML processing has posed a new challenge for the database world. This paper discusses a fast and efficient indexing technique for XML documents, and introduces the XML graph numbering scheme. It can be used for indexing and securing graph structure of XML documents. This technique provides an efficient method to speed up XML data processing. Furthermore, the paper explores the classification of existing methods impact of query processing, and indexing.

  2. Information security implementations for remote monitoring

    Energy Technology Data Exchange (ETDEWEB)

    Nilsen, C.A.

    1997-10-01

    In September 1993, President Clinton stated the United States would ensure that its fissile material meet the {open_quotes}highest standards of safety, security, and international accountability.{close_quotes} Frequent human inspection of the material could be used to ensure these standards. However, it may be more effective and less expensive to replace these manual inspections with virtual inspections via remote monitoring technologies. A successful implementation of a comprehensive remote monitoring system, however, requires significant attention to a variety of information security issues. In pursuing Project Straight-Line and the follow-on Storage Monitoring System, Sandia National Laboratories developed remote monitoring implementations that can satisfy a variety of information security requirements. Special emphasis was given to developing methods for using the Internet to disseminate the data securely. This paper describes the various information security implementations applied to the Project Straight-Line and the Storage Monitoring System. Also included is a discussion of the security provided by the Windows NT operating system.

  3. Hybrid architecture for building secure sensor networks

    Science.gov (United States)

    Owens, Ken R., Jr.; Watkins, Steve E.

    2012-04-01

    Sensor networks have various communication and security architectural concerns. Three approaches are defined to address these concerns for sensor networks. The first area is the utilization of new computing architectures that leverage embedded virtualization software on the sensor. Deploying a small, embedded virtualization operating system on the sensor nodes that is designed to communicate to low-cost cloud computing infrastructure in the network is the foundation to delivering low-cost, secure sensor networks. The second area focuses on securing the sensor. Sensor security components include developing an identification scheme, and leveraging authentication algorithms and protocols that address security assurance within the physical, communication network, and application layers. This function will primarily be accomplished through encrypting the communication channel and integrating sensor network firewall and intrusion detection/prevention components to the sensor network architecture. Hence, sensor networks will be able to maintain high levels of security. The third area addresses the real-time and high priority nature of the data that sensor networks collect. This function requires that a quality-of-service (QoS) definition and algorithm be developed for delivering the right data at the right time. A hybrid architecture is proposed that combines software and hardware features to handle network traffic with diverse QoS requirements.

  4. Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

    Energy Technology Data Exchange (ETDEWEB)

    Wayne F. Boyer; Scott A. McBride

    2009-04-01

    This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

  5. 75 FR 18819 - Second DRAFT NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber Security Strategy and...

    Science.gov (United States)

    2010-04-13

    ... Grid Cyber Security Strategy and Requirements; Request for Comments AGENCY: National Institute of..., Smart Grid Cyber Security Strategy and Requirements. This second draft has been updated to address the... logical interface diagrams, and the cyber security strategy sections have all been updated and...

  6. Human factors in network security

    OpenAIRE

    Jones, Francis B.

    1991-01-01

    Human factors, such as ethics and education, are important factors in network information security. This thesis determines which human factors have significant influence on network security. Those factors are examined in relation to current security devices and procedures. Methods are introduced to evaluate security effectiveness by incorporating the appropriate human factors into network security controls

  7. Google - Security Testing Tool

    OpenAIRE

    Staykov, Georgi

    2007-01-01

    Using Google as a security testing tool, basic and advanced search techniques using advanced google search operators. Examples of obtaining control over security cameras, VoIP systems, web servers and collecting valuable information as: Credit card details, cvv codes – only using Google.

  8. Security Embedding Codes

    CERN Document Server

    Ly, Hung D; Blankenship, Yufei

    2011-01-01

    This paper considers the problem of simultaneously communicating two messages, a high-security message and a low-security message, to a legitimate receiver, referred to as the security embedding problem. An information-theoretic formulation of the problem is presented. A coding scheme that combines rate splitting, superposition coding, nested binning and channel prefixing is considered and is shown to achieve the secrecy capacity region of the channel in several scenarios. Specifying these results to both scalar and independent parallel Gaussian channels (under an average individual per-subchannel power constraint), it is shown that the high-security message can be embedded into the low-security message at full rate (as if the low-security message does not exist) without incurring any loss on the overall rate of communication (as if both messages are low-security messages). Extensions to the wiretap channel II setting of Ozarow and Wyner are also considered, where it is shown that "perfect" security embedding...

  9. Securing personal network clusters

    NARCIS (Netherlands)

    Jehangir, Assed; Heemstra de Groot, Sonia M.

    2007-01-01

    A Personal Network is a self-organizing, secure and private network of a user’s devices notwithstanding their geographic location. It aims to utilize pervasive computing to provide users with new and improved services. In this paper we propose a model for securing Personal Network clusters. Clusters

  10. Security in the cloud.

    Science.gov (United States)

    Degaspari, John

    2011-08-01

    As more provider organizations look to the cloud computing model, they face a host of security-related questions. What are the appropriate applications for the cloud, what is the best cloud model, and what do they need to know to choose the best vendor? Hospital CIOs and security experts weigh in.

  11. Hydrological extremes and security

    Science.gov (United States)

    Kundzewicz, Z. W.; Matczak, P.

    2015-04-01

    Economic losses caused by hydrological extremes - floods and droughts - have been on the rise. Hydrological extremes jeopardize human security and impact on societal livelihood and welfare. Security can be generally understood as freedom from threat and the ability of societies to maintain their independent identity and their functional integrity against forces of change. Several dimensions of security are reviewed in the context of hydrological extremes. The traditional interpretation of security, focused on the state military capabilities, has been replaced by a wider understanding, including economic, societal and environmental aspects that get increasing attention. Floods and droughts pose a burden and serious challenges to the state that is responsible for sustaining economic development, and societal and environmental security. The latter can be regarded as the maintenance of ecosystem services, on which a society depends. An important part of it is water security, which can be defined as the availability of an adequate quantity and quality of water for health, livelihoods, ecosystems and production, coupled with an acceptable level of water-related risks to people, environments and economies. Security concerns arise because, over large areas, hydrological extremes - floods and droughts - are becoming more frequent and more severe. In terms of dealing with water-related risks, climate change can increase uncertainties, which makes the state's task to deliver security more difficult and more expensive. However, changes in population size and development, and level of protection, drive exposure to hydrological hazards.

  12. School Security Technologies

    Science.gov (United States)

    Schneider, Tod

    2010-01-01

    Over the past decade electronic security technology has evolved from an exotic possibility into an essential safety consideration. Before resorting to high-tech security solutions, school officials should think carefully about the potential for unintended consequences. Technological fixes may be mismatched to the problems being addressed. They can…

  13. Security the human factor

    CERN Document Server

    Kearney, Paul

    2010-01-01

    This pocket guide is based on the approach used by BT to protect its own data security – one that draws on the capabilities of both people and technology. The guide will prove invaluable for IT managers, information security officers and business executives.

  14. VMware view security essentials

    CERN Document Server

    Langenhan, Daniel

    2013-01-01

    A practical and fast-paced guide that gives you all the information you need to secure your virtual environment.This book is a ""how-to"" for the novice, a ""reference guide"" for the advanced user, and a ""go to"" for the experienced user in all the aspects of VMware View desktop virtualization security.

  15. Energy systems security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

  16. Secure Link Middleware

    Science.gov (United States)

    2008-08-01

    Secure Link middleware as specified by the circled ‘sld’, sld . Using a network traffic analyzer (e.g., tcpdump) at router bulldog and tiger, ARL...or nfs (remote accessing file systems) to be securely operated and used among networked computer systems without any bulldog (router3) bear (router2

  17. Network Security Is Manageable

    Science.gov (United States)

    Roberts, Gary

    2006-01-01

    An effective systems librarian must understand security vulnerabilities and be proactive in preventing problems. Specifics of future attacks or security challenges cannot possibly be anticipated, but this paper suggests some simple measures that can be taken to make attacks less likely to occur: program the operating system to get automatic…

  18. Information security management principles

    CERN Document Server

    Taylor, Andy; Finch, Amanda; Sutton, David; Taylor, Andy

    2013-01-01

    In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. This second edition includes the security of cloud-based resources.

  19. Enhancing Infrastructure Security in Real Estate

    Directory of Open Access Journals (Sweden)

    Kyle Dees

    2011-12-01

    Full Text Available s a result of the increased dependency on obtaining information and connecting each computer togetherfor ease of access/communication, organizations risk being attacked and losing private information through breaches or insecure business activities. To help protect organizations and their assets, companies need to develop a strong understanding of the risks imposed on their company and the security solutions designed to prevent/minimize vulnerabilities. To reduce the impact threats have on a network, organizations need to: design a defense layer system that provides multiple instances of protection to prevent unauthorized access to core information, implement a strong network hardware/intrusion prevention system, and create all-inclusive network/security policies that detail user rules and company rights. In order to enhance the overall security of a basic infrastructure, this paper will provide a detailed look into gathering the organizational requirements, designing and implementing a secure physical network layout, and selecting the standards needed to prevent unauthorized access.

  20. Secure Neighbor Position Discovery in VANETs

    CERN Document Server

    Fiore, Marco; Chiasserini, Carla Fabiana; Papadimitratos, Panagiotis

    2010-01-01

    Many significant functionalities of vehicular ad hoc networks (VANETs) require that nodes have knowledge of the positions of other vehicles, and notably of those within communication range. However, adversarial nodes could provide false position information or disrupt the acquisition of such information. Thus, in VANETs, the discovery of neighbor positions should be performed in a secure manner. In spite of a multitude of security protocols in the literature, there is no secure discovery protocol for neighbors positions. We address this problem in our paper: we design a distributed protocol that relies solely on information exchange among one-hop neighbors, we analyze its security properties in presence of one or multiple (independent or colluding) adversaries, and we evaluate its performance in a VANET environment using realistic mobility traces. We show that our protocol can be highly effective in detecting falsified position information, while maintaining a low rate of false positive detections.

  1. Security and privacy for implantable medical devices

    CERN Document Server

    Carrara, Sandro

    2014-01-01

     This book presents a systematic approach to analyzing the challenging engineering problems posed by the need for security and privacy in implantable medical devices (IMD).  It describes in detail new issues termed as lightweight security, due to the associated constraints on metrics such as available power, energy, computing ability, area, execution time, and memory requirements. Coverage includes vulnerabilities and defense across multiple levels, with basic abstractions of cryptographic services and primitives such as public key cryptography, block ciphers and digital signatures. Experts from engineering introduce to some IMD systems that have  recently been proposed and developed. Experts from Computer Security and Cryptography present new research, which shows vulnerabilities in existing IMDs and proposes solutions. Experts from Privacy Technology and Policy will discuss the societal, legal and ethical challenges surrounding IMD security as well as technological solutions that build on the latest in C...

  2. Aspects with Program Analysis for Security Policies

    DEFF Research Database (Denmark)

    Yang, Fan

    , small modification of the security requirement might lead to substantial changes in a number of modules within a large mobile distributed system. Indeed, security is a crosscutting concern which can spread to many business modules within a system, and is difficult to be integrated in a modular way......Enforcing security policies to IT systems, especially for a mobile distributed system, is challenging. As society becomes more IT-savvy, our expectations about security and privacy evolve. This is usually followed by changes in regulation in the form of standards and legislation. In many cases......-oriented extension of the process calculus KLAIM that excels at modeling mobile, distributed systems. A novel feature of our approach is that advices are able to analyze the future use of data, which is achieved by using program analysis techniques. We also present AspectK to propose other possible aspect...

  3. Efficient Controlled Quantum Secure Direct Communication Protocols

    Science.gov (United States)

    Patwardhan, Siddharth; Moulick, Subhayan Roy; Panigrahi, Prasanta K.

    2016-07-01

    We study controlled quantum secure direct communication (CQSDC), a cryptographic scheme where a sender can send a secret bit-string to an intended recipient, without any secure classical channel, who can obtain the complete bit-string only with the permission of a controller. We report an efficient protocol to realize CQSDC using Cluster state and then go on to construct a (2-3)-CQSDC using Brown state, where a coalition of any two of the three controllers is required to retrieve the complete message. We argue both protocols to be unconditionally secure and analyze the efficiency of the protocols to show it to outperform the existing schemes while maintaining the same security specifications.

  4. Secure quantum communication using classical correlated channel

    Science.gov (United States)

    Costa, D.; de Almeida, N. G.; Villas-Boas, C. J.

    2016-10-01

    We propose a secure protocol to send quantum information from one part to another without a quantum channel. In our protocol, which resembles quantum teleportation, a sender (Alice) and a receiver (Bob) share classical correlated states instead of EPR ones, with Alice performing measurements in two different bases and then communicating her results to Bob through a classical channel. Our secure quantum communication protocol requires the same amount of classical bits as the standard quantum teleportation protocol. In our scheme, as in the usual quantum teleportation protocol, once the classical channel is established in a secure way, a spy (Eve) will never be able to recover the information of the unknown quantum state, even if she is aware of Alice's measurement results. Security, advantages, and limitations of our protocol are discussed and compared with the standard quantum teleportation protocol.

  5. Security Metrics in Industrial Control Systems

    CERN Document Server

    Collier, Zachary A; Ganin, Alexander A; Kott, Alex; Linkov, Igor

    2015-01-01

    Risk is the best known and perhaps the best studied example within a much broader class of cyber security metrics. However, risk is not the only possible cyber security metric. Other metrics such as resilience can exist and could be potentially very valuable to defenders of ICS systems. Often, metrics are defined as measurable properties of a system that quantify the degree to which objectives of the system are achieved. Metrics can provide cyber defenders of an ICS with critical insights regarding the system. Metrics are generally acquired by analyzing relevant attributes of that system. In terms of cyber security metrics, ICSs tend to have unique features: in many cases, these systems are older technologies that were designed for functionality rather than security. They are also extremely diverse systems that have different requirements and objectives. Therefore, metrics for ICSs must be tailored to a diverse group of systems with many features and perform many different functions. In this chapter, we first...

  6. Improving industrial process control systems security

    CERN Document Server

    Epting, U; CERN. Geneva. TS Department

    2004-01-01

    System providers are today creating process control systems based on remote connectivity using internet technology, effectively exposing these systems to the same threats as corporate computers. It is becoming increasingly difficult and costly to patch/maintain the technical infrastructure monitoring and control systems to remove these vulnerabilities. A strategy including risk assessment, security policy issues, service level agreements between the IT department and the controls engineering groups must be defined. In addition an increased awareness of IT security in the controls system engineering domain is needed. As consequence of these new factors the control system architectures have to take into account security requirements, that often have an impact on both operational aspects as well as on the project and maintenance cost. Manufacturers of industrial control system equipment do however also propose progressively security related solutions that can be used for our active projects. The paper discusses ...

  7. A Secure Short Message Communication Protocol

    Institute of Scientific and Technical Information of China (English)

    Chao-Wen Chang; Heng Pan; Hong-Yong Jia

    2008-01-01

    According to the security requirement of the short message service (SMS) industry application, a secure short message communication protocol is proposed. This is an application level protocol constructed on the standard SMS communication protocol using public key authentication and key agreement without the need of wireless public key infrastructure (WPKI). Secure short message transmission and dynamic key agreement between mobile terminals and the accessing gateway are realized. The security of the proposed protocol is validated through the BAN logic. Compared with the standard SMS protocol, the effective payload rate of our protocol can reach 91.4%, and subscriber identity module (SIM) tool kit (STK) applications based on our protocol suit well for all kinds of mobile terminals in practical application.

  8. Indirection and computer security.

    Energy Technology Data Exchange (ETDEWEB)

    Berg, Michael J.

    2011-09-01

    The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyze common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.

  9. Wireless physical layer security

    Science.gov (United States)

    Poor, H. Vincent; Schaefer, Rafael F.

    2017-01-01

    Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments.

  10. Energy security in Yemen

    Energy Technology Data Exchange (ETDEWEB)

    Torosyan, Emil

    2009-09-15

    Yemen, situated in the Arab world, has considerable energy resources. However, its history of repeated revolts, civil wars and terrorism and also the presence of the Wahabi movement and al Qaeda in the country constitute security issues for the energy industry and its infrastructure. The aim of this paper is to assess the impact level on the security of the energy sector in Yemen and the effect that the threats to that sector could have on global energy security. Analyses of the political environment, the security threats and the measures taken to respond to these threats have been carried out. Results showed that Yemen's resources are depleting and that the government is having trouble containing the escalation of conflicts; this situation could lead to Yemen's political collapse which could have an important impact on global energy security.

  11. International Nuclear Security

    Energy Technology Data Exchange (ETDEWEB)

    Doyle, James E. [Los Alamos National Laboratory

    2012-08-14

    This presentation discusses: (1) Definitions of international nuclear security; (2) What degree of security do we have now; (3) Limitations of a nuclear security strategy focused on national lock-downs of fissile materials and weapons; (4) What do current trends say about the future; and (5) How can nuclear security be strengthened? Nuclear security can be strengthened by: (1) More accurate baseline inventories; (2) Better physical protection, control and accounting; (3) Effective personnel reliability programs; (4) Minimize weapons-usable materials and consolidate to fewer locations; (5) Consider local threat environment when siting facilities; (6) Implement pledges made in the NSS process; and (7) More robust interdiction, emergency response and special operations capabilities. International cooperation is desirable, but not always possible.

  12. Security Risks and Protection in Online Learning: A Survey

    Directory of Open Access Journals (Sweden)

    Yong Chen

    2013-12-01

    Full Text Available This paper describes a survey of online learning which attempts to determine online learning providers’ awareness of potential security risks and the protection measures that will diminish them. The authors use a combination of two methods: blog mining and a traditional literature search. The findings indicate that, while scholars have identified diverse security risks and have proposed solutions to mitigate the security threats in online learning, bloggers have not discussed security in online learning with great frequency. The differences shown in the survey results generated by the two different methods confirm that online learning providers and practitioners have not considered security as a top priority. The paper also discusses the next generation of an online learning system: a safer personal learning environment which requires a one-stop solution for authentication, assures the security of online assessments, and balances security and usability.

  13. Rural Security in Colombia: An Opportunity for State Consolidation

    Directory of Open Access Journals (Sweden)

    Patricia Bulla

    2015-07-01

    Full Text Available The citizen security service provided by the Colombian State is unequal. It focuses mainly on large cities and municipal capitals, and is absent in vast expanses of the national geography. In these regions, state incapacity to enforce the law, resolve citizen conflicts, and protect and promote social order based on peaceful coexistence is painfully evident. Also, in a context of armed conflict, the State has placed special emphasis on the fight against illegal armed groups (national security, rather than respond to coexistence and security challenges (citizen security. Post-conflict, the transition from national security to citizen security in rural areas requires the design of security strategies with a regional focus. It should consider institutional adjustments, construction of legal authorities, and the strengthening of local capacities.

  14. A Novel Trusted Computing Model for Network Security Authentication

    Directory of Open Access Journals (Sweden)

    Ling Xing

    2014-02-01

    Full Text Available Network information poses great threats from malicious attacks due to the openness and virtuality of network structure. Traditional methods to ensure infor- mation security may fail when both integrity and source authentication for information are required. Based on the security of data broadcast channel, a novel Trusted Com- puting Model (TCM of network security authentication is proposed to enhance the security of network information. In this model, a method of Uniform content locator security Digital Certificate (UDC, which is capable of fully and uniquely index network information, is developed. Standard of MPEG-2 Transport Streams (TS is adopted to pack UDC data. Additionally, a UDC hashing algorithm (UHA512 is designed to compute the integrity and security of data infor- mation . Experimental results show that the proposed model is feasible and effective to network security authentication. 

  15. Integrating - VPN and IDS - An approach to Networks Security

    Directory of Open Access Journals (Sweden)

    Prabha Rani

    2007-10-01

    Full Text Available The Internet and recent global cyber terrorism have fundamentally changed the way organizations approach security. Recent worm and virus incidents such as Code Red, Nimda, and the Slammer worm have heightened security awareness. Also, numerous other threats have emerged recently that are particularly troublesome. Hence some solution must be provided to encounter the new generation of complex threats. Building up this solution requires the Integration of different security devices. Also system administrators, under the burden of rapidly increasing network activity, need the ability to rapidly understand what is happening on their networks. Hence Correlation of security events provide Security Engineers a better understanding of what is happening for enhanced security situational awareness. Visualization leverages human cognitive abilities and promotes quick mental connections between events that otherwise may be obscured in the volume of IDS alert messages. Keeping all these points in mind we have chosen to integrate VPN and IDS to provide an efficient solution for security engineers.

  16. Developing a secured social networking site using information security awareness techniques

    Directory of Open Access Journals (Sweden)

    Julius O. Okesola

    2014-03-01

    Full Text Available Background: Ever since social network sites (SNS became a global phenomenon in almost every industry, security has become a major concern to many SNS stakeholders. Several security techniques have been invented towards addressing SNS security, but information security awareness (ISA remains a critical point. Whilst very few users have used social circles and applications because of a lack of users’ awareness, the majority have found it difficult to determine the basis of categorising friends in a meaningful way for privacy and security policies settings. This has confirmed that technical control is just part of the security solutions and not necessarily a total solution. Changing human behaviour on SNSs is essential; hence the need for a privately enhanced ISA SNS.Objective: This article presented sOcialistOnline – a newly developed SNS, duly secured and platform independent with various ISA techniques fully implemented.Method: Following a detailed literature review of the related works, the SNS was developed on the basis of Object Oriented Programming (OOP approach, using PhP as the coding language with the MySQL database engine at the back end.Result: This study addressed the SNS requirements of privacy, security and services, and attributed them as the basis of architectural design for sOcialistOnline. SNS users are more aware of potential risk and the possible consequences of unsecured behaviours.Conclusion: ISA is focussed on the users who are often the greatest security risk on SNSs, regardless of technical securities implemented. Therefore SNSs are required to incorporate effective ISA into their platform and ensure users are motivated to embrace it.

  17. Generating WS-SecurityPolicy documents via security model transformation

    DEFF Research Database (Denmark)

    Jensen, Meiko

    2009-01-01

    When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development....

  18. Security Dialogues: Building Better Relationships between Security and Business

    OpenAIRE

    Ashenden, D.; Lawrence, D.

    2016-01-01

    In the real world, there's often a discrepancy between an organization's mandated security processes and what actually happens. The social practice of security flourishes in the space between and around formal organizational security processes. By recognizing the value of risk management as a communication tool, security practitioners can tap opportunities to improve the security dialogue with staff. Published in IEEE Security and Privacy (2016) vol 14/3 pp 82-87 (http://doi.ieeecomputers...

  19. 49 CFR 172.304 - Marking requirements.

    Science.gov (United States)

    2010-10-01

    ... SECURITY PLANS Marking § 172.304 Marking requirements. (a) The marking required in this subpart— (1) Must... labels or attachments; and (4) Must be located away from any other marking (such as advertising)...

  20. Analysis and Evaluating Security of Component-Based Software Development: A Security Metrics Framework

    Directory of Open Access Journals (Sweden)

    Irshad Ahmad Mir

    2012-10-01

    Full Text Available Evaluating the security of software systems is a complex problem for the research communities due to the multifaceted and complex operational environment of the system involved. Many efforts towards the secure system development methodologies like secSDLC by Microsoft have been made but the measurement scale on which the security can be measured got least success. As with a shift in the nature of software development from standalone applications to distributed environment where there are a number of potential adversaries and threats present, security has been outlined and incorporated at the architectural level of the system and so is the need to evaluate and measure the level of security achieved . In this paper we present a framework for security evaluation at the design and architectural phase of the system development. We have outlined the security objectives based on the security requirements of the system and analyzed the behavior of various software architectures styles. As the component-based development (CBD is an important and widely used model to develop new large scale software due to various benefits like increased reuse, reduce time to market and cost. Our emphasis is on CBD and we have proposed a framework for the security evaluation of Component based software design and derived the security metrics for the main three pillars of security, confidentiality, integrity and availability based on the component composition, dependency and inter component data/information flow. The proposed framework and derived metrics are flexible enough, in way that the system developer can modify the metrics according to the situation and are applicable both at the development phases and as well as after development.

  1. Security intelligence a practitioner's guide to solving enterprise security challenges

    CERN Document Server

    Li, Qing

    2015-01-01

    Identify, deploy, and secure your enterprise Security Intelligence, A Practitioner's Guide to Solving Enterprise Security Challenges is a handbook for security in modern times, against modern adversaries. As leaders in the design and creation of security products that are deployed globally across a range of industries and market sectors, authors Qing Li and Gregory Clark deliver unparalleled insight into the development of comprehensive and focused enterprise security solutions. They walk you through the process of translating your security goals into specific security technology domains, fo

  2. Data validation and security for reprocessing.

    Energy Technology Data Exchange (ETDEWEB)

    Tolk, Keith Michael; Merkle, Peter Benedict; DurÔan, Felicia Angelica; Cipiti, Benjamin B.

    2008-10-01

    Next generation nuclear fuel cycle facilities will face strict requirements on security and safeguards of nuclear material. These requirements can result in expensive facilities. The purpose of this project was to investigate how to incorporate safeguards and security into one plant monitoring system early in the design process to take better advantage of all plant process data, to improve confidence in the operation of the plant, and to optimize costs. An existing reprocessing plant materials accountancy model was examined for use in evaluating integration of safeguards (both domestic and international) and security. International safeguards require independent, secure, and authenticated measurements for materials accountability--it may be best to design stand-alone systems in addition to domestic safeguards instrumentation to minimize impact on operations. In some cases, joint-use equipment may be appropriate. Existing domestic materials accountancy instrumentation can be used in conjunction with other monitoring equipment for plant security as well as through the use of material assurance indicators, a new metric for material control that is under development. Future efforts will take the results of this work to demonstrate integration on the reprocessing plant model.

  3. 17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

    Science.gov (United States)

    2010-04-01

    ... Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS M, SHO, ATS, AC, AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY FUTURES Regulation Nms-Regulation of the National Market System §...

  4. DEMOGRAPHIC SECURITY: THEORY, METHODOLOGY, EVALUATION

    Directory of Open Access Journals (Sweden)

    Mikhail V. Karmanov

    2015-01-01

    Full Text Available The paper analyzes the theoretical aspects of demographic security. Reviewed and analyzed the point of view of various scholars to the definition of demographic security. The main directions of statistical analysis of demographic security.

  5. Usable Security and E-Banking: ease of use vis-a-vis security

    Directory of Open Access Journals (Sweden)

    Morten Hertzum

    2004-05-01

    Full Text Available Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Our analysis of the weaknesses suggests that security requirements are among their causes and that the weaknesses may in turn cause decreased security. We view the conflict between ease of use and security in the context of usable security, a concept that is intended to match security principles and demands against user knowledge and motivation. Automation, instruction, and understanding can be identified as different approaches to usable security. Instruction is the main approach of the systems evaluated; automation relieves the user from involvement in security, as far as possible; and understanding goes beyond step-by-step instructions, to enable users to act competently and safely in situations that transcend preconceived instructions. We discuss the pros and cons of automation and understanding as alternative approaches to the design of web-based e-banking systems.

  6. Secure State UML: Modeling and Testing Security Concerns of Software Systems Using UML State Machines

    Directory of Open Access Journals (Sweden)

    S. Batool

    2014-05-01

    Full Text Available In this research we present a technique by using which, extended UML models can be converted to standard UML models so that existing MBT techniques can be applied directly on these models. Existing Model Based Testing (MBT Techniques cannot be directly applied to extended UML models due to the difference of modeling notation and new model elements. Verification of these models is also very important. Realizing and testing non functional requirements such as efficiency, portability and security, at model level strengthens the ability of model to turn down risk, cost and probability of system failure in cost effective way. Access control is most widely used technique for implementing security in software systems. Existing approaches for security modeling focus on representation of access control policies such as authentication, role based access control by introducing security oriented model elements through extension in Unified Modelling Language (UML. But doing so hinders the potential and application of MBT techniques to verify these models and test access control policies. In this research we introduce a technique secure State UML to formally design security models with secure UML and then transform it to UML state machine diagrams so that it can be tested, verified by existing MBT techniques. By applying proposed technique on case studies, we found the results that MBT techniques can be applied on resulting state machine diagrams and generated test paths have potential to identify the risks associated with security constraints violation.

  7. Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

    Science.gov (United States)

    Caruso, Ronald D

    2003-01-01

    Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort.

  8. Based on combination of L2TP and IPSec VPN security technology research

    Directory of Open Access Journals (Sweden)

    Ya-qin Fan

    2012-01-01

    Full Text Available This report is written to provide a method of building secure VPN by combination of L2TP and IPSec in order to meet the requirements of secure transmission of data and improve the VPN security technology. It remedies the secured short comes of L2TP Tunneling Protocol Tunneling Protocol and IPSec security. Simulation and analysis show that the construction method can improve the security of data transmission, and the simulation results of VPN is valuable for security professionals to refer.

  9. Receipt-Free Secure Elections

    OpenAIRE

    2003-01-01

    A fundamental requirement for secure and uncoercible elections is the receipt-free property; if voters cannot prove how they voted to anyone other than themselves, then they cannot be coerced by a second party to cast a particular vote. We begin by describing a protocol for receipt-free elections that was developed by Benaloh & Tuinstra, and then show how this protocol, although correct, is impractical to implement. We then show how to modify this protocol to make it practical to implement. O...

  10. A REVIEW on EFFICIENT MUTUAL AUTHENTICATION RFID SYSTEM SECURITY ANALYSIS

    Directory of Open Access Journals (Sweden)

    S.Vijay Anand

    2013-02-01

    Full Text Available This article describes the technical fundamentals of RFID systems and the associated standards. Specifically, it addresses the security and privacy aspects of this relatively new and heterogeneous Radio Technology. It relates the security requirements, threats and the implemented mechanisms. Then the current security and privacy proposals and their enhancements are presented. This paper would be a useful reference article for beginners as well as experts.

  11. System security in the space flight operations center

    Science.gov (United States)

    Wagner, David A.

    1988-01-01

    The Space Flight Operations Center is a networked system of workstation-class computers that will provide ground support for NASA's next generation of deep-space missions. The author recounts the development of the SFOC system security policy and discusses the various management and technology issues involved. Particular attention is given to risk assessment, security plan development, security implications of design requirements, automatic safeguards, and procedural safeguards.

  12. Seamless and secure communications over heterogeneous wireless networks

    CERN Document Server

    Cao, Jiannong

    2014-01-01

    This brief provides an overview of the requirements, challenges, design issues and major techniques for seamless and secure communications over heterogeneous wireless networks. It summarizes and provides detailed insights into the latest research on handoff management, mobility management, fast authentication and security management to support seamless and secure roaming for mobile clients. The reader will also learn about the challenges in developing relevant technologies and providing ubiquitous Internet access over heterogeneous wireless networks. The authors have extensive experience in im

  13. A Multi-Factor Security Protocol for Wireless Payment - Secure Web Authentication using Mobile Devices

    CERN Document Server

    Tiwari, Ayu; Abraham, Ajith; Knapskog, Svein Johan; Sanyal, Sugata

    2011-01-01

    Previous Web access authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. This paper proposes a new protocol using multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce extra security level with the traditional Login/password system. The system provides a highly secure environment that is simple to use and deploy, that does not require any change in infrastructure or protocol of wireless networks. This Protocol for Wireless Payment is extended to provide two way authentications.

  14. The Security Requirement and Applicable Cryptographic Techniques on Identity Cards%身份证件的安全要求和可使用的密码学技术

    Institute of Scientific and Technical Information of China (English)

    武传坤

    2015-01-01

    Identity cards are often used in our normal life to identity someone. In many cases, identity cards are complementary but necessary documents: when someone tends to sell his/her real estate property, apart from showing the original certiifcate of the property, a valid identity card of the seller is also necessary; in the process of large amount currency withdraw from a bank account, the identity card of the withdrawer together with a valid bank card is necessary. So, in some sense, the forgery detection of many other documents can be complemented by the forgery detection of identity cards. As we know, the production of resident identity cards is a national secret; hence most people do not now know its technical detail. However, as has been shown by many instances in the information technology industry that, the information security provision via manufacturing process has great risks. So public research should be encouraged, and based on the public research outcomes, the manufacture process should combine technical means of protections. This paper tends to overview the weakness of current identity cards in detecting forgeries, discuss the security functionalities that should be possessed by identity cards, particularly by the residential identity cards, intending to explore the possibility for the cryptographic techniques to be used in identity cards, expecting to provide some reference for securer identity card production in the future.%在我们日常生活中少不了使用身份证来鉴别身份.许多情况下,身份证是辅助但又是不可或缺的证件:出售房屋除提供房屋产权证外,还需要提供卖方有效的身份证件;银行提取大额款项除提供银行卡/折外,也需要提供申请人甚至账户户主的有效身份证件.从某种意义上说,许多证件的防伪需求都没有身份证更重要.大家知道,公民身份证制作属于国家机密,一般人不知其技术细节.但是,正如许多IT行业的事例所表明的,

  15. Security Components of Globalization

    Directory of Open Access Journals (Sweden)

    Florin Iftode

    2015-05-01

    Full Text Available The objective of this paper is our intention to present what are the main connections between globalization and international security. In terms of global security we can perceive the globalization as a process by which global state is represented by the UN, with a single world system, represented by major security organizations and with global effects. We will present from the beginning the main theoretical aspects that define the phenomenon of globalization, and then our contribution in assessing the implications of this phenomenon on the regional and global security. The results of our research are materialized in the last part of the paper. They emphasize the personal assessments on how the phenomenon of globalization has direct effect on global security. When talking about government, we think of norms, rules and decisionmaking procedures in the management of international life. The value that we add to the new scientific interpretation of the definition of globalization is represented, primarily, by the valuable bibliographic used resources and the original approach on the concept that refers to the links between globalization and security. This article may be, at any time, a starting point in an interesting research direction in the field of global security.

  16. Security for multihop wireless networks

    CERN Document Server

    Khan, Shafiullah

    2014-01-01

    Security for Multihop Wireless Networks provides broad coverage of the security issues facing multihop wireless networks. Presenting the work of a different group of expert contributors in each chapter, it explores security in mobile ad hoc networks, wireless sensor networks, wireless mesh networks, and personal area networks.Detailing technologies and processes that can help you secure your wireless networks, the book covers cryptographic coprocessors, encryption, authentication, key management, attacks and countermeasures, secure routing, secure medium access control, intrusion detection, ep

  17. Agile IT Security Implementation Methodology

    CERN Document Server

    Laskowski, Jeff

    2011-01-01

    The book is a tutorial that goes from basic to professional level for Agile IT security. It begins by assuming little knowledge of agile security. Readers should hold a good knowledge of security methods and agile development. The book is targeted at IT security managers, directors, and architects. It is useful for anyone responsible for the deployment of IT security countermeasures. Security people with a strong knowledge of agile software development will find this book to be a good review of agile concepts.

  18. WRR-Policy Brief 6 : Big data and security policies: serving security, protecting freedom

    NARCIS (Netherlands)

    Broeders, Dennis; Schrijvers, Erik; Hirsch Ballin, Ernst

    2017-01-01

    Big Data analytics in national security, law enforcement and the fight against fraud can reap great benefits for states, citizens and society but require extra safeguards to protect citizens’ fundamental rights. This requires new frameworks: a crucial shift is necessary from regulating the phase of

  19. Threats or threads: from usable security to secure experience

    DEFF Research Database (Denmark)

    Bødker, Susanne; Mathiasen, Niels Raabjerg

    2008-01-01

    While the domain of security dependent technologies brings new challenges to HCI research it seems that the results and breakthroughs of HCI have not been used in design of security dependent technologies. With exceptions, work in the research field of usable security may be criticized for focusing...... mainly on adjusting user behavior to behave securely. With our background in newer HCI perspectives we address secure interaction from the perspective of security technology as experience. We analyze a number of collected user stories to understand what happens when everyday users encounter security...... dependent technologies. We apply McCarthy & Wright's [12] experience framework to the security domain and our collected stories. We point out that there are significant differences between being secure and having a secure experience, and conclude that classical usable security, focus on people's immediate...

  20. Security and Emergency Management Division

    Data.gov (United States)

    Federal Laboratory Consortium — Volpe's Security and Emergency Management Division identifies vulnerabilities, risks, and opportunities to improve the security of transportation systems, critical...