WorldWideScience

Sample records for cabig security requirements

  1. Software Security Requirements Gathering Instrument

    OpenAIRE

    Smriti Jain; Maya Ingle

    2011-01-01

    Security breaches are largely caused by the vulnerable software. Since individuals and organizations mostly depend on softwares, it is important to produce in secured manner. The first step towards producing secured software is through gathering security requirements. This paper describes Software Security Requirements Gathering Instrument (SSRGI) that helps gather security requirements from the various stakeholders. This will guide the developers to gather security requirements along with th...

  2. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables, ... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  3. Windows Security patch required

    CERN Multimedia

    3004-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  4. Windows Security patch required

    CERN Multimedia

    2003-01-01

    This concerns Windows PCs (XP, 2000, NT) which are NOT centrally managed at CERN for security patches, e.g. home PCs, experiment PCs, portables,... A security hole which can give full privileges on Windows systems needs to be URGENTLY patched. Details of the security hole and hotfix are at: http://cern.ch/it-div/news/hotfix-MS03-026.asp http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

  5. GRID INFORMATION SECURITY FUNCTIONAL REQUIREMENT

    Directory of Open Access Journals (Sweden)

    Amy Poh Ai Ling

    2011-07-01

    Full Text Available This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application ofhermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them and its awareness of this information infrastructure has become critical to the reliability of the power system. Community benefits from of cost savings, flexibility and deployment along with the establishment of wireless communications. However, concern revolves around the security protections for easily accessible devices such as the smart meter and the related communications hardware. On the other hand, the changing points between traditional versus smart grid networking trend and the information security importance on the communication field reflects the criticality of grid information security functional requirement identification. The goal of this paper is to identify the functional requirement and relate its significance addresses to the consumer requirement of an information security of a smart grid. Vulnerabilities may bring forth possibility for an attacker to penetrate a network, make headway admission to control software, alter it to load conditions that destabilize the grid in unpredictable ways. Focusing on the grid information security functional requirement is stepping ahead in developing consumer trust and satisfaction towardsmart grid completeness.

  6. GRID INFORMATION SECURITY FUNCTIONAL REQUIREMENT

    OpenAIRE

    Amy Poh Ai Ling; Mukaidono Masao

    2011-01-01

    This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application ofhermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them ...

  7. Capturing security requirements for software systems

    OpenAIRE

    Hassan El-Hadary; Sherif El-Kassas

    2014-01-01

    Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. Th...

  8. 42 CFR 3.106 - Security requirements.

    Science.gov (United States)

    2010-10-01

    ... ORGANIZATIONS AND PATIENT SAFETY WORK PRODUCT PSO Requirements and Agency Procedures § 3.106 Security requirements. (a) Application. A PSO must secure patient safety work product in conformance with the security... the confidentiality and security of patient safety work product. (2) Distinguishing patient...

  9. Development of the Lymphoma Enterprise Architecture Database: a caBIG Silver level compliant system.

    Science.gov (United States)

    Huang, Taoying; Shenoy, Pareen J; Sinha, Rajni; Graiser, Michael; Bumpers, Kevin W; Flowers, Christopher R

    2009-01-01

    Lymphomas are the fifth most common cancer in United States with numerous histological subtypes. Integrating existing clinical information on lymphoma patients provides a platform for understanding biological variability in presentation and treatment response and aids development of novel therapies. We developed a cancer Biomedical Informatics Grid (caBIG) Silver level compliant lymphoma database, called the Lymphoma Enterprise Architecture Data-system (LEAD), which integrates the pathology, pharmacy, laboratory, cancer registry, clinical trials, and clinical data from institutional databases. We utilized the Cancer Common Ontological Representation Environment Software Development Kit (caCORE SDK) provided by National Cancer Institute's Center for Bioinformatics to establish the LEAD platform for data management. The caCORE SDK generated system utilizes an n-tier architecture with open Application Programming Interfaces, controlled vocabularies, and registered metadata to achieve semantic integration across multiple cancer databases. We demonstrated that the data elements and structures within LEAD could be used to manage clinical research data from phase 1 clinical trials, cohort studies, and registry data from the Surveillance Epidemiology and End Results database. This work provides a clear example of how semantic technologies from caBIG can be applied to support a wide range of clinical and research tasks, and integrate data from disparate systems into a single architecture. This illustrates the central importance of caBIG to the management of clinical and biological data. PMID:19492074

  10. Security Requirements and Security Solutions For Community Administrations

    OpenAIRE

    2003-01-01

    The Internet is slowly becoming a mirror of the society. Everything we do in the real world, we want to do out on the Net: conduct private conversations, keep personal papers, sign letters and contracts, shop, publish documents etc. All these things require security, but we go ahead using the net without asking too many questions. Today security issues are not a fundamental starting point. This also means that the limits of security are the limits of the Internet. There are several reaso...

  11. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  12. Getting Grip on Security Requirements Elicitation by Structuring and Reusing Security Requirements Sources

    Directory of Open Access Journals (Sweden)

    Christian Schmitt

    2015-07-01

    Full Text Available This paper presents a model for structuring and reusing security requirements sources. The model serves as blueprint for the development of an organization-specific repository, which provides relevant security requirements sources, such as security information and knowledge sources and relevant compliance obligations, in a structured and reusable form. The resulting repository is intended to be used by development teams during the elicitation and analysis of security requirements with the goal to understand the security problem space, incorporate all relevant requirements sources, and to avoid unnecessary effort for identifying, understanding, and correlating applicable security requirements sources on a project-wise basis. We start with an overview and categorization of important security requirements sources, followed by the description of the generic model. To demonstrate the applicability and benefits of the model, the instantiation approach and details of the resulting repository of security requirements sources are presented.

  13. Security Requirements for Spent Fuel Storage Systems

    International Nuclear Information System (INIS)

    The U.S. Nuclear Regulatory Commission (Commission or NRC) requires high assurance of adequate protection of public health and safety and the common defense and security for the storage of spent nuclear fuel. Following the terrorist attacks of September 11, 2001, the NRC has achieved this requisite high assurance for all independent spent fuel storage installations (ISFSIs) through a combination of existing security regulations and the issuance of new security orders to individual licensees. However, the NRC's current security regulations for ISFSIs are quite complex and pose challenges both to NRC staff and to the regulated industry. This regulatory complexity is due to multiple factors, including: two different types of ISFSI licenses (general licenses and specific licenses) and varying applicability of regulations based upon whether the ISFSI is collocated with an operating power reactor, collocated with a decommissioning power reactor, or is located away from any power reactors. The NRC's ISFSI security regulations were last comprehensively updated in the early 1990's. Moreover, the nature and characteristics of the threat environment have evolved significantly since that time. The Commission has directed the NRC staff to begin development of a risk-informed and performance-based update to the ISFSI security regulations which will enhance the ISFSI security regulations, while continuing to ensure the common defense and security and public health and safety are adequately protected under the current threat environment. The NRC staff is developing the technical bases supporting this ISFSI security rulemaking. The NRC's specific goals for this rulemaking are to update ISFSI security requirements to apply consistently to both types of ISFSI licensees, to improve the clarity of NRC regulations, to generically incorporate the provisions of the post-9/11 security orders, and to incorporate the Commission's direction on several specific policy issues. The Commission

  14. Argumentation-based security requirements elicitation: the next round

    NARCIS (Netherlands)

    Ionita, Dan; Bullee, Jan-Willem; Wieringa, Roel

    2014-01-01

    Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of the

  15. Smart Grid Information Security (IS) Functional Requirement

    OpenAIRE

    Ling, Amy Poh Ai; Masao, Mukaidono

    2011-01-01

    It is important to implement safe smart grid environment to enhance people's lives and livelihoods. This paper provides information on smart grid IS functional requirement by illustrating some discussion points to the sixteen identified requirements. This paper introduces the smart grid potential hazards that can be referred as a triggering factor to improve the system and security of the entire grid. The background of smart information infrastructure and the needs for smart grid IS is descri...

  16. A SECURITY REQUIREMENT QUALITY MEASUREMENT MODEL FOR REDUCING ECOMMERCE SECURITY RISK

    Directory of Open Access Journals (Sweden)

    Sen-Tarng Lai

    2014-01-01

    Full Text Available E-commerce is an important business transaction system in the network age. However, the network intrusion, malicious users, virus attack and system security vulnerabilities have continued to threaten the operation of the e-commerce, making e-commerce security encounter serious test. In order to avoid system security flaw and defect caused user great loss, how to reduce e-commerce security risk has become a topic worthy of further exploration. In this paper, the critical security requirement for the e-commerce system is investigated and deduced the compliance, availability and manageability quality characteristics for ecommerce software security requirement. Applying the quantified quality characteristics and proposes a Security Requirement Quality Measurement (SRQM model. Based on SRQM model, the paper develops a Security Requirement Quality Improvement (SRQI procedure to identify problem and defect of security requirement quality. And assist in timely to adjust and revise the defects of security requirement quality, enhance the e-commerce security effectively.

  17. Security and Reliability Requirements for Advanced Security Event Management

    OpenAIRE

    RIEKE, Roland; COPPOLINO, Luigi; Hutchinson, Andrew; PRIETO, Elsa; Gaber, Chrystel

    2012-01-01

    This paper addresses security information management in complex application scenarios. Security Information and Event Management (SIEM) systems collect and examine security related events, with the goal of providing a unified view of the monitored systems' security status. While various SIEMs are in production, there is scope to extend the capability and resilience of these systems. The use of SIEM technology in four disparate scenario areas is used in this paper as a catalyst for the develop...

  18. Effective Measurement Requirements for Network Security Management

    OpenAIRE

    Ahmad, Rabiah; Sahib, Shahrin; Nor'Azuwa, Muhamad Pahri

    2014-01-01

    Technical security metrics provide measurements in ensuring the effectiveness of technical security controls or technology devices/objects that are used in protecting the information systems. However, lack of understanding and method to develop the technical security metrics may lead to unachievable security control objectives and incompetence of the implementation. This paper proposes a model of technical security metric to measure the effectiveness of network security management. The measur...

  19. Requirements of a Better Secure Program Coding

    Directory of Open Access Journals (Sweden)

    Marius POPA

    2012-01-01

    Full Text Available Secure program coding refers to how manage the risks determined by the security breaches because of the program source code. The papers reviews the best practices must be doing during the software development life cycle for secure software assurance, the methods and techniques used for a secure coding assurance, the most known and common vulnerabilities determined by a bad coding process and how the security risks are managed and mitigated. As a tool of the better secure program coding, the code review process is presented, together with objective measures for code review assurance and estimation of the effort for the code improvement.

  20. Pattern and security requirements engineering-based establishment of security standards

    CERN Document Server

    Beckers, Kristian

    2015-01-01

    Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security standards presented, and the relations to the elementary concepts of security requirements engineering (SRE) methods explored. Using this knowledge, engineers can build customised methods that support the establishment of security standards. Standard

  1. SECURING VIRTUAL ENTERPRISES: REQUIREMENTS AND ARCHITECTURAL CHOICES

    Directory of Open Access Journals (Sweden)

    Paolo Spagnoletti

    2013-12-01

    Full Text Available Cooperative environments where multiple organizations interact for providing e-services to their customers are widely diffused and often referred as virtual enterprises. IT systems supporting these inter-organizational models must be designed by taking into account both functional and non-functional issues. Among the non-functional issues, information security solutions play an important role as mechanisms for reinforcing trust among members of a virtual enterprise and their supplier/ customers. In this paper, we outline a set of non-functional requirements for IT systems supporting virtual enterprises, and describe the federated identity management system which has been implemented in the context of an EU project (LD-CAST as an example of a trust-reinforcing mechanism.

  2. Security Measurement Based On GQM To Improve Application Security During Requirements Stage

    OpenAIRE

    Ala A. Abdulrazeg; Norita Md Norwawi; Nurlida Basir

    2015-01-01

    Developing secure web applications that can withstand malicious attacks requires a careful injection of security considerations into early stages of development lifecycle. Assessing security at the requirement analysis stage of the application development life cycle may help in mitigating security defects before they spread their wings into the latter stages of the development life cycle and into the final version of product. In this paper, we present a security metrics model based on the Goa...

  3. 48 CFR 52.204-2 - Security Requirements.

    Science.gov (United States)

    2010-10-01

    ... performance of work under the contract in compliance with the change in security classification or... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Security Requirements. 52....204-2 Security Requirements. As prescribed in 4.404(a), insert the following clauses:...

  4. Reusable knowledge in security requirements engineering: a systematic mapping study

    OpenAIRE

    Souag, Amina; / Mazo, Raúl; Salinesi, Camille; Comyn-Wattiau, Isabelle

    2015-01-01

    Security is a concern that must be taken into consideration starting from the early stages of system development. Over the last two decades, researchers and engineers have developed a considerable number of methods for security requirements engineering. Some of them rely on the (re)use of security knowledge. Despite some existing surveys about security requirements engineering , there is not yet any reference for researchers and practitioners that presents in a systematic way the existing pro...

  5. Security Measurement Based On GQM To Improve Application Security During Requirements Stage

    Directory of Open Access Journals (Sweden)

    Ala A. Abdulrazeg

    2015-05-01

    Full Text Available Developing secure web applications that can withstand malicious attacks requires a careful injection of security considerations into early stages of development lifecycle. Assessing security at the requirement analysis stage of the application development life cycle may help in mitigating security defects before they spread their wings into the latter stages of the development life cycle and into the final version of product. In this paper, we present a security metrics model based on the Goal Question Metric (GQM approach, focusing on the design of the misuse case model. Misuse case is a technique to identify threats and integrate security requirements during the requirement analysis stage. The security metrics model helps in discovering and evaluating the misuse case models by ensuring a defect-free model. Here, the security metrics are based on the OWASP top 10-2010, in addition to misuse case modeling antipattern.

  6. TSSR: A Proposed Tool for Secure Software Requirement Management

    OpenAIRE

    Mohammad Ubaidullah Bokhari; Shams Tabrez Siddiqui

    2014-01-01

    This paper provides a unified framework in which entire design of the project can be captured right from the beginning of the software development. This paper discusses about the requirements which should be included in the development of the requirement management tools. As the requirements, criteria which have been discussed, we introduce a requirement management tool known as TSSR (Tool for Secure Software Requirement). This tool manages risk analysis, system requirements, security of the ...

  7. 7 CFR 3550.108 - Security requirements (loans only).

    Science.gov (United States)

    2010-01-01

    ... 7 CFR part 1927, subpart B. These requirements need not be followed for: (1) Loans where the total... 7 Agriculture 15 2010-01-01 2010-01-01 false Security requirements (loans only). 3550.108 Section... 306C Water and Waste Disposal Grants § 3550.108 Security requirements (loans only). When the...

  8. 7 CFR 764.104 - General real estate security requirements.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 7 2010-01-01 2010-01-01 false General real estate security requirements. 764.104....104 General real estate security requirements. (a) Agency lien position requirements. If real estate... Agency; and (4) Equity in the collateral exists. (b) Real estate held under a purchase contract. If...

  9. 31 CFR 203.21 - Collateral security requirements.

    Science.gov (United States)

    2010-07-01

    ... valued, are set forth in 31 CFR part 380. (e) Assignment of securities. By pledging acceptable securities... that are TT&L depositaries have collateral security requirements, as follows: (a) Investor and retainer depositaries—(1) PATAX and EFTPS tax payments. Investor and retainer depositaries must pledge...

  10. Agile Security Requirements : A master study into their application

    OpenAIRE

    Knudsen, Anders Nordli

    2014-01-01

    Agile is the contemporary development practice of choice but security has been claimed as a challenge for it. This thesis investigates whether agile methods can be used for security-critical software and if the reason why the majority of Norwegian companies deviate from the agile methodology in their development is linked to security, by looking at the security requirements. A questionnaire and interviews of Norwegian companies were undertaken, and while the questionnaire did not yield any re...

  11. 40 CFR 267.14 - What are my security requirements?

    Science.gov (United States)

    2010-07-01

    ... 40 Protection of Environment 26 2010-07-01 2010-07-01 false What are my security requirements? 267... PERMIT General Facility Standards § 267.14 What are my security requirements? (a) You must prevent, and minimize the possibility for, livestock and unauthorized people from entering the active portion of...

  12. Security Architecture for TETRA : An analysis based upon Public Safety & Security requirements

    OpenAIRE

    2003-01-01

    Terrestrial Trunked Radio (TETRA) is a new digital standard for Private Mobile Radio (PMR) systems. With emphasis on security during standardization, TETRA is regarded as a highly secure system and suitable for use by Public Safety & Security (PSS) organizations that require a high degree of security in their communication environments. The Norwegian PSS organizations currently use communication systems and equipment that is not interoperable, lack functionality, and pro...

  13. Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

    Directory of Open Access Journals (Sweden)

    Weems William A

    2009-06-01

    Full Text Available Abstract Background Data protection is important for all information systems that deal with human-subjects data. Grid-based systems – such as the cancer Biomedical Informatics Grid (caBIG – seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing. Methods An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios – difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question. Results Thirty-one (31 individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31 individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and

  14. The Cancer Biomedical Informatics Grid (caBIG™) Security Infrastructure

    OpenAIRE

    Langella, Stephen; Oster, Scott; Hastings, Shannon; Siebenlist, Frank; Phillips, Joshua; Ervin, David; Permar, Justin; Kurc, Tahsin; Saltz, Joel

    2007-01-01

    Security is a high priority issue in medical domain, because many institutions performing biomedical research work with sensitive medical data regularly. This issue becomes more complicated, when it is desirable or needed to access and analyze data in a multi-institutional setting. In the NCI cancer Biomedical Informatics Grid (caBIG™) program, several security issues were raised that existing security technologies could not address. Considering caBIG is envisioned to span a large number of c...

  15. SECURED CLOUD SUPPORT FOR GLOBAL SOFTWARE REQUIREMENT RISK MANAGEMENT

    OpenAIRE

    Shruti Patil; Roshani Ade

    2014-01-01

    This paper presents core problem solution to security of Global Software Development Requirement Information. Currently the major issue deals with hacking of sensitive client information which may lead to major financial as well as social loss. To avoid this system provides cloud security by encryption of data as well as deployment of tool over the cloud will provide significant security to whole global content management system. The core findings are presented in terms of how hac...

  16. Security and Privacy in Video Surveillance: Requirements and Challenges

    DEFF Research Database (Denmark)

    Mahmood Rajpoot, Qasim; Jensen, Christian D.

    2014-01-01

    observed by the system. Several techniques to protect the privacy of individuals have therefore been proposed, but very little research work has focused on the specific security requirements of video surveillance data (in transit or in storage) and on authorizing access to this data. In this paper, we...... present a general model of video surveillance systems that will help identify the major security and privacy requirements for a video surveillance system and we use this model to identify practical challenges in ensuring the security of video surveillance data in all stages (in transit and at rest). Our...... study shows a gap between the identified security requirements and the proposed security solutions where future research efforts may focus in this domain....

  17. TSSR: A Proposed Tool for Secure Software Requirement Management

    Directory of Open Access Journals (Sweden)

    Mohammad Ubaidullah Bokhari

    2014-12-01

    Full Text Available This paper provides a unified framework in which entire design of the project can be captured right from the beginning of the software development. This paper discusses about the requirements which should be included in the development of the requirement management tools. As the requirements, criteria which have been discussed, we introduce a requirement management tool known as TSSR (Tool for Secure Software Requirement. This tool manages risk analysis, system requirements, security of the system and project, users/group restriction, encrypted database, traceability and extension of the tool to interact with external requirement management tools. The aim of this paper is to describe the TSSR framework and its four components: Planner, Modeller, Prover and Documenter which will be helpful in interacting and managing requirements with arbitrary number of external tools for secure software development.

  18. Decomposition of the Security Requirements for Connected Information Domains

    NARCIS (Netherlands)

    Schotanus, H.A.; Boonstra, D.; Broenink, E.G.

    2011-01-01

    The introduction of network enabled capabilities (NEC) changed the way defence organisations look at their IT infrastructure. Finding the right balance between security and duty-to-share has proven to be a difficult challenge. The situations are complex and may lead to high security requirements t

  19. Required Security Screenings for Researchers: A Policy Analysis and Commentary

    Science.gov (United States)

    Zucker, Andrew A.

    2011-01-01

    After the attacks of 9/11/2001 the federal government implemented new policies intended to protect people and institutions in the United States. A surprising policy requires education researchers conducting research under contract to the U.S. Department of Education (ED) to obtain security clearances, sometimes known as security screenings.…

  20. Security Requirements for One Stop Government

    Science.gov (United States)

    Schäfer, Georg E.

    The highest ranking e-government solutions are based on one-window, one-click or one stop government concepts. For Europe, the EU services directive sets new requirements for e-government, that have to be met till December 2009. Simple, easy to understand and complete information is one requirement. The other requirements are, that the services covered by this directive shall be available electronically and at a distance (which means mostly “by Internet”). Acceptable solutions are digitally signed mails and, as an alternative or supplement, transaction oriented online services. To implement this, a one stop government with document safe is best practice.

  1. Grid Information Security Functional Requirement - Fulfilling Information Security of a Smart Grid System

    OpenAIRE

    Ling, Amy Poh Ai; Masao, Mukaidono

    2011-01-01

    This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application of hermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them ...

  2. A study of aviation security requirement for Hong Kong

    OpenAIRE

    Tang, Man-chung; 鄧文聰

    2013-01-01

    In view of the 911 terrorist incident plus various cases regarding undeclared dangerous goods were happened, tightening security measure on air cargo was adopted by different governments. Additional requirement of cargo screening would involve extra cost and thus the competitiveness of Hong Kong in the industry may weaken. Concern about that the compliance of new security requirement would affect Hong Kong economy and adversely affect the position of Hong Kong International Airport as an inte...

  3. Meeting EHR security requirements: SeAAS approach.

    Science.gov (United States)

    Katt, Basel; Trojer, Thomas; Breu, Ruth; Schabetsberger, Thomas; Wozak, Florian

    2010-01-01

    In the last few years, Electronic Health Record (EHR) systems have received a great attention in the literature, as well as in the industry. They are expected to lead to health care savings, increase health care quality and reduce medical errors. This interest has been accompanied by the development of different standards and frameworks to meet EHR challenges. One of the most important initiatives that was developed to solve problems of EHR is IHE (Integrating the Healthcare Enterprise), which adapts the distributed approach to store and manage healthcare data. IHE aims at standardizing the way healthcare systems exchange information in distributed environments. For this purpose it defines several so called Integration Profiles that specify the interactions and the interfaces (Transactions) between various healthcare systems (Actors) or entities. Security was considered also in few profiles that tackled the main security requirements, mainly authentication and audit trails. The security profiles of IHE currently suffer two drawbacks. First, they apply end point security methodology, which has been proven recently to be insufficient and cumbersome in distributed and heterogeneous environment. Second, the current security profiles for more complex security requirements are oversimplified, vague and do not consider architectural design. This recently changed to some extend e.g., with the introduction of newly published white papers regarding privacy [5] and access control [9]. In order to solve the first problem we utilize results of previous studies conducted in the area of security-aware IHE-based systems and the state-of-the-art Security-as-a-Service approach as a convenient methodology to group domain-wide security needs and overcome the end point security shortcomings. PMID:20543314

  4. Grid Information Security Functional Requirement - Fulfilling Information Security of a Smart Grid System

    CERN Document Server

    Ling, Amy Poh Ai; 10.5121/ijgca.2011.2201

    2011-01-01

    This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application of hermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them and its awareness of this information infrastructure has become critical to the reliability of the power system. Community benefits from of cost savings, flexibility and deployment along with the establishment of wireless communications. However, concern revolves around the security protections for easily accessible devices such as the smart meter and the related communications hardware. On the other hand, the changing points between traditional versus smart grid networking trend and the information security importance on...

  5. 21 CFR 1309.71 - General security requirements.

    Science.gov (United States)

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false General security requirements. 1309.71 Section 1309.71 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF... Section, Drug Enforcement Administration. See the Table of DEA Mailing Addresses in § 1321.01 of...

  6. 21 CFR 1301.71 - Security requirements generally.

    Science.gov (United States)

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Security requirements generally. 1301.71 Section 1301.71 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF... the Regulatory Section, Drug Enforcement Administration. See the Table of DEA Mailing Addresses...

  7. Transforming security audit requirements into a software architecture

    OpenAIRE

    Yskout, Koen; De Win, Bart; Joosen, Wouter

    2008-01-01

    In this paper, an approach for automated transformations from a security requirements model to a consistent architectural model is presented. The approach can be used with an existing architectural model, and allows input from the architect to be taken into account. The transformation from audit requirements into a UML model is implementated using QVT and Eclipse EMF, and is illustrated by means of a small case study.

  8. 77 FR 71369 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-11-30

    ... From the Federal Register Online via the Government Publishing Office SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 RIN 3235-AL12 Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security-Based Swap Participants and Capital Requirements for...

  9. 78 FR 54720 - Registration and Financial Security Requirements for Brokers of Property and Freight Forwarders

    Science.gov (United States)

    2013-09-05

    ... Federal Motor Carrier Safety Administration Registration and Financial Security Requirements for Brokers of Property and Freight Forwarders AGENCY: Federal Motor Carrier Safety Administration (FMCSA), DOT... freight forwarder authority from FMCSA. Section 32918 amended the financial security...

  10. WIRELESS SENSOR NETWORKS – ARCHITECTURE, SECURITY REQUIREMENTS, SECURITY THREATS AND ITS COUNTERMEASURES

    Directory of Open Access Journals (Sweden)

    Ranjit Panigrahi

    2013-02-01

    Full Text Available Wireless Sensor Network (WSN has a huge range of applications such as battlefield, surveillance, emergency rescue operation and smart home technology etc. Apart from its inherent constraints such as limited memory and energy resources, when deployed in hostile environmental conditions, the sensor nodes are vulnerable to physical capture and other security constraints. These constraints put security as a major challenge for the researchers in the field of computer networking. This paper reflects various issues and challenges related to security of WSN, its security architecture. The paper also provides a discussion on various security mechanisms deployed in WSN environment to overcome its security threats.

  11. 48 CFR 1352.237-72 - Security processing requirements-national security contracts.

    Science.gov (United States)

    2010-10-01

    ... prescribed in 48 CFR 1337.110-70(d), use the following clause: Security Processing Requirements—National... the performance of their work. Regardless of the contractor employees' location, appropriate security... Office of Security before start of work. (2) The Contracting Officer's Representative must send...

  12. 33 CFR 105.305 - Facility Security Assessment (FSA) requirements.

    Science.gov (United States)

    2010-07-01

    ..., personnel identification documents and communication, alarm, lighting, access control, and similar systems...-keeping duties and risk of fatigue on facility personnel alertness and performance; (iv) Security...

  13. 20 CFR 603.9 - What safeguards and security requirements apply to disclosed information?

    Science.gov (United States)

    2010-04-01

    ... 20 Employees' Benefits 3 2010-04-01 2010-04-01 false What safeguards and security requirements... security requirements apply to disclosed information? (a) In general. For disclosures of confidential UC... audit of compliance with the requirements of this part. (2) In the case of disclosures made under §...

  14. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    OpenAIRE

    Herrmann, Andrea; Morali, Ayse; Etalle, Sandro; Wieringa, Roel

    2012-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security” but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justificat...

  15. Demanding Requirement of Security for Wireless Mobile Devices: A Survey

    Directory of Open Access Journals (Sweden)

    K. Muthumanickam

    2014-12-01

    Full Text Available Today, the technology advancement in telecommunication facilitates users to bear portable devices with convenient and timely accessing to their personal and business data on the fly. In this regard, mobile and ubiquitous devices become part of the user’s personal or business growing. Recently, the usage of portable devices has drastically amplified due to wireless data technologies such as GPRS, GSM, Bluetooth, WI-Fi and WiMAX. As the use of wireless portable devices increases, the risks associated with them also increases. Specifically Android Smart-phone which can access the Internet may now signify an ultimate option for malware authors. As the core open communication mediocre, the Airwave, is susceptible, there has been a rise of a security technique suggested by researchers. When comparing to security measures proposed to protect wireless devices, protecting mobile vulnerabilities is still immature. So in this study, we present an organized and widespread overview of the research on the security elucidation for wireless portable devices. This survey study discusses the security risks imposed by vulnerabilities, threats and security measures in the recent past, mainly spotlighting on complex attacks to user applications. We classify existing countermeasures at guarding wireless mobile devices facing different kinds of attacks into various groups; depend on the revealing technique, collected information and operating systems. In the next phase we will design and implement new security model to protect mobile phone resources against unknown vulnerabilities.

  16. A survey of requirements and standardization efforts for IP-telephony-security

    OpenAIRE

    Rensing, Christoph; Roedig, Utz; Ackermann, Ralf; Steinmetz, Ralf

    2000-01-01

    Security as a dimension of trustworthiness in IP-Telephony systems and protocols is a main condition for the commercial success of IP-Telephony. In this work, we present a survey of security requirements and show how various standardization efforts address these requirements. We describe the basic tasks and elements of IP-Telephony systems and compare them to Telephony via PSTNs to derive some possible attacks for example. We classify the security preconditions to achieve trustworthiness of u...

  17. 28 CFR 105.11 - Individuals not requiring a security risk assessment.

    Science.gov (United States)

    2010-07-01

    ... requiring a security risk assessment. (a) Citizens and nationals of the United States. A citizen or national... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Individuals not requiring a security risk assessment. 105.11 Section 105.11 Judicial Administration DEPARTMENT OF JUSTICE (CONTINUED) CRIMINAL...

  18. 19 CFR 113.1 - Authority to require security or execution of bond.

    Science.gov (United States)

    2010-04-01

    ... 19 Customs Duties 1 2010-04-01 2010-04-01 false Authority to require security or execution of bond... execution of bond. Where a bond or other security is not specifically required by law, the Commissioner of Customs, pursuant to Treasury Department Order No. 165 Revised, as amended (T.D. 53654, 19 FR...

  19. 12 CFR 350.12 - Disclosure required by applicable banking or securities law or regulations.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 4 2010-01-01 2010-01-01 false Disclosure required by applicable banking or securities law or regulations. 350.12 Section 350.12 Banks and Banking FEDERAL DEPOSIT INSURANCE CORPORATION... STATE NONMEMBER BANKS § 350.12 Disclosure required by applicable banking or securities law...

  20. 17 CFR 405.5 - Risk assessment reporting requirements for registered government securities brokers and dealers.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Risk assessment reporting requirements for registered government securities brokers and dealers. 405.5 Section 405.5 Commodity and... OF 1934 REPORTS AND AUDIT § 405.5 Risk assessment reporting requirements for registered...

  1. 48 CFR 1804.470 - Security requirements for unclassified information technology (IT) resources.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Security requirements for unclassified information technology (IT) resources. 1804.470 Section 1804.470 Federal Acquisition Regulations... Classified Information Within Industry 1804.470 Security requirements for unclassified information...

  2. 48 CFR 1352.239-72 - Security requirements for information technology resources.

    Science.gov (United States)

    2010-10-01

    ... Clauses 1352.239-72 Security requirements for information technology resources. As prescribed in 48 CFR 1339.270(b), insert the following clause: Security Requirements for Information Technology Resources... information technology resources. 1352.239-72 Section 1352.239-72 Federal Acquisition Regulations...

  3. 48 CFR 1252.239-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... unclassified information technology resources. 1252.239-70 Section 1252.239-70 Federal Acquisition Regulations... of Provisions and Clauses 1252.239-70 Security requirements for unclassified information technology resources. As prescribed in (TAR) 48 CFR 1239.70, insert the following clause: Security Requirements...

  4. 14 CFR 1274.937 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-01-01

    ... information technology resources. 1274.937 Section 1274.937 Aeronautics and Space NATIONAL AERONAUTICS AND... Conditions § 1274.937 Security requirements for unclassified information technology resources. Security Requirements for Unclassified Information Technology Resources July 2002 (a) The Recipient shall be...

  5. WIRELESS SENSOR NETWORKS – ARCHITECTURE, SECURITY REQUIREMENTS, SECURITY THREATS AND ITS COUNTERMEASURES

    OpenAIRE

    Ranjit Panigrahi; Kalpana Sharma; M.K.Ghose

    2013-01-01

    Wireless Sensor Network (WSN) has a huge range of applications such as battlefield, surveillance, emergency rescue operation and smart home technology etc. Apart from its inherent constraints such as limited memory and energy resources, when deployed in hostile environmental conditions, the sensor nodes are vulnerable to physical capture and other security constraints. These constraints put security as a major challenge for the researchers in the field of computer networking. T...

  6. Automated analysis of security requirements through risk-based argumentation

    NARCIS (Netherlands)

    Yu, Yijun; Franqueira, Virginia N.L.; Tun, Thein Tan; Wieringa, Roel J.; Nuseibeh, Bashar

    2015-01-01

    Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about atta

  7. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, Ayse; Etalle, Sandro; Wieringa, Roel

    2012-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security” but need to be able to justify their security investment plans. Currently companies achieve this by means of c

  8. 49 CFR 1562.29 - Armed security officer requirements.

    Science.gov (United States)

    2010-10-01

    ... service with a public agency as a law enforcement officer, other than for reasons of mental instability... DASSP into or out of DCA; and (2) To transport a firearm in accordance with the Armed Security Officer... any applicable probationary period of such service, due to a service-connected disability,...

  9. Multilateral security requirements analysis for preserving privacy in ubiquitous environments

    OpenAIRE

    Gürses, Seda; Berendt, Bettina; Santen, Thomas

    2006-01-01

    Privacy is of great concern in ubiquitous environments in which various technologies collect vast amounts of information about ubiquitous users with differing privacy and security interests. This concern also holds for knowledge discovery systems in which data mining technologies infer substantial new knowledge from these data. Various methods have been proposed to preserve privacy in such environments, including privacy preserving data mining, mixes etc. However, it is not clear which of...

  10. 78 FR 4365 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2013-01-22

    ... Friday, February 22, 2013. \\1\\ See Exchange Act Release No. 68071 (Oct. 18, 2012), 77 FR 70213 (Nov. 23... COMMISSION 17 CFR Part 240 RIN 3235-AL12 Capital, Margin, and Segregation Requirements for Security-Based... Federal Register a proposed rule for public comment to establish capital, margin, and...

  11. Security Requirements for the Prevention of Modern Software Vulnerabilities and a Process for Incorporation into Classic Software Development Lifecycles

    OpenAIRE

    Clagett II, Lee Manning

    2009-01-01

    Software vulnerabilities and their associated exploits have been increasing over the last several years - this research attempts to reverse that trend. Currently, security experts recommend that concerns for security start at the earliest stage possible, generally during the requirements engineering phase. Having a set of security requirements enables the production of a secure design, and product implementation. Approaches for creating security requirements exist, but all have a similar limi...

  12. Critical water requirements for food, methodology and policy consequences for food security

    NARCIS (Netherlands)

    Gerbens-Leenes, P.W.; Nonhebel, S.

    2004-01-01

    Food security and increasing water scarcity have a dominant place on the food policy agenda. Food security requires sufficient water of adequate quality because water is a prerequisite for plant growth. Nowadays, agriculture accounts for 70% of the worldwide human fresh water use. The expected incre

  13. Leadership in organizations with high security and reliability requirements

    International Nuclear Information System (INIS)

    Developing leadership skills in organizations is the key to ensure the sustainability of excellent results in industries with high requirements safety and reliability. In order to have a model of leadership development specific to this type of organizations, Tecnatom in 2011, we initiated a project internal, to find and adapt a competency model to these requirements.

  14. 48 CFR 1352.237-70 - Security processing requirements-high or moderate risk contracts.

    Science.gov (United States)

    2010-10-01

    ... prescribed in 48 CFR 1337.110-70 (b), insert the following clause: Security Processing Requirements—High or...—Moderate Background Investigation (MBI). (2) Investigative requirements for IT Service Contracts are:...

  15. DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTURES – WEB SERVICES CASE STUDY

    Directory of Open Access Journals (Sweden)

    M.Upendra Kumar

    2011-07-01

    Full Text Available Software Engineering covers the definition of processes, techniques and models suitable for its environment to guarantee quality of results. An important design artifact in any software development project is the Software Architecture. Software Architecture’s important part is the set of architectural design rules. A primary goal of the architecture is to capture the architecture design decisions. An important part of these design decisions consists of architectural design rules In an MDA (Model-Driven Architecture context, the design of the system architecture is captured in the models of the system. MDA is known to be layered approach for modeling the architectural design rules and uses design patterns to improve the quality of software system. And to include the security to the software system, security patterns are introduced that offer security at the architectural level. More over, agile software development methods are used to build secure systems. There are different methods defined in agile development as extreme programming (XP, scrum, feature driven development (FDD, test driven development (TDD, etc. Agile processing is includes the phases as agile analysis, agile design and agile testing. These phases are defined in layers of MDA to provide security at the modeling level which ensures that security at the system architecture stage will improve the requirements for that system. Agile modeled Layered Security Architectures increase the dependability of the architecture in terms of privacy requirements. We validate this with a case study of dependability of privacy of Web Services Security Architectures, which helps for secure service oriented security architecture. In this paper the major part is given to model architectural design rules using MDA so that architects and developers are responsible to automatic enforcement on the detailed design and easy to understand and use by both of them. This MDA approach is implemented in use of

  16. Privacy and data security in E-health: requirements from the user's perspective.

    Science.gov (United States)

    Wilkowska, Wiktoria; Ziefle, Martina

    2012-09-01

    In this study two currently relevant aspects of using medical assistive technologies were addressed-security and privacy. In a two-step empirical approach that used focus groups (n = 19) and a survey (n = 104), users' requirements for the use of medical technologies were collected and evaluated. Specifically, we focused on the perceived importance of data security and privacy issues. Outcomes showed that both security and privacy aspects play an important role in the successful adoption of medical assistive technologies in the home environment. In particular, analysis of data with respect to gender, health-status and age (young, middle-aged and old users) revealed that females and healthy adults require, and insist on, the highest security and privacy standards compared with males and the ailing elderly. PMID:23011814

  17. Requirements for Development of an Assessment System for IT&C Security Audit

    Directory of Open Access Journals (Sweden)

    Marius Popa

    2010-12-01

    Full Text Available IT&C security audit processes are carried out to implement information security management. The audit processes are included in an audit program as decision of the management staff to establish the organization situation against to the planned or expected one. The audit processes require evidence to highlight the above issues. The evidences are gathered by audit team and some automation processes to increase the productivity and accuracy of the audit are needed. The paper presents some issues of the requirements for development of an assessment system with some considerations for IT&C security audit. The emphasized issues are grouped in the following sections: IT&C security audit processes, characteristics of the indicators development process and implementation issues of an assessment system.

  18. Requirements for Development of an Assessment System for IT&C Security Audit

    OpenAIRE

    Marius Popa

    2010-01-01

    IT&C security audit processes are carried out to implement information security management. The audit processes are included in an audit program as decision of the management staff to establish the organization situation against to the planned or expected one. The audit processes require evidence to highlight the above issues. The evidences are gathered by audit team and some automation processes to increase the productivity and accuracy of the audit are needed. The paper presents som...

  19. Analysis of impact of noncompliance with physical-security requirements at nuclear facilities

    International Nuclear Information System (INIS)

    Inspectors are required to analyze the impact of instances of noncompliance with physical security requirements at licensed nuclear facilities. A scoring procedure for components and a method for evaluating the effectiveness of the subsystems involved are proposed to reinforce an inspector's judgment about the remaining level of safeguards

  20. 10 CFR 73.58 - Safety/security interface requirements for nuclear power reactors.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Safety/security interface requirements for nuclear power reactors. 73.58 Section 73.58 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) PHYSICAL PROTECTION OF... requirements for nuclear power reactors. (a) Each operating nuclear power reactor licensee with a...

  1. The Health Insurance Portability and Accountability Act: security and privacy requirements.

    Science.gov (United States)

    Tribble, D A

    2001-05-01

    The security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their implications for pharmacy are discussed. HIPAA was enacted to improve the portability of health care insurance for persons leaving jobs. A section of the act encourages the use of electronic communications for health care claims adjudication, mandates the use of new standard code sets and transaction sets, and establishes the need for regulations to protect the security and privacy of individually identifiable health care information. Creating these regulations became the task of the Department of Health and Human Services. Regulations on security have been published for comment. Regulations on privacy and the definition of standard transaction sets and code sets are complete. National identifiers for patients, providers, and payers have not yet been established. The HIPAA regulations on security and privacy will require that pharmacies adopt policies and procedures that limit access to health care information. Existing pharmacy information systems may require upgrading or replacement. Costs of implementation nationwide are estimated to exceed $8 billion. The health care community has two years from the finalization of each regulation to comply with that regulation. The security and privacy requirements of HIPAA will require pharmacies to review their practices regarding the storage, use, and disclosure of protected health care information. PMID:11351916

  2. 48 CFR 3052.204-70 - Security requirements for unclassified information technology resources.

    Science.gov (United States)

    2010-10-01

    ... for unclassified information technology resources. As prescribed in (HSAR) 48 CFR 3004.470-3, insert a clause substantially the same as follows: Security Requirements for Unclassified Information Technology... unclassified information technology resources. 3052.204-70 Section 3052.204-70 Federal Acquisition...

  3. 48 CFR 652.239-71 - Security Requirements for Unclassified Information Technology Resources.

    Science.gov (United States)

    2010-10-01

    ... Unclassified Information Technology Resources. 652.239-71 Section 652.239-71 Federal Acquisition Regulations... Provisions and Clauses 652.239-71 Security Requirements for Unclassified Information Technology Resources. As... Technology Resources (SEP 2007) (a) General. The Contractor shall be responsible for information...

  4. 48 CFR 352.239-72 - Security requirements for Federal information technology resources.

    Science.gov (United States)

    2010-10-01

    ... Federal information technology resources. 352.239-72 Section 352.239-72 Federal Acquisition Regulations... Provisions and Clauses 352.239-72 Security requirements for Federal information technology resources. As... Federal Information Technology Resources (January 2010) (a) Applicability. This clause applies whether...

  5. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, Ayse; Etalle, Sandro; Wieringa, Roel

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security” but need to be able to justify their security investment plans. In this paper, we present a Risk-Based Require

  6. 信息系统安全需求分析方法研究%Approaches for Security Requirements Analysis of Information Systems

    Institute of Scientific and Technical Information of China (English)

    曹阳; 张维明

    2003-01-01

    Security requirements analysis is a precondition to provide effective and appropriate safeguard for information systems. Based on the existing theories and approaches, this paper discusses the categories and analysis procedure of security requirements in information systems. And according to the basic steps of security requirements analysis, the security hazard analysis model and the security risk analysis model are presented here. At the end, the methods of security requirements specification and the corresponding improvements are also introduced.

  7. 75 FR 65442 - Disclosure for Asset-Backed Securities Required by Section 943 of the Dodd-Frank Wall Street...

    Science.gov (United States)

    2010-10-25

    ... Register of October 13, 2010, in FR Doc. 2010-25361, the reference ``249.1300'' is corrected to read ``249... Securities Required by Section 943 of the Dodd-Frank Wall Street Reform and Consumer Protection Act AGENCY...-Backed Securities Required by Section 943 of the Dodd-Frank Wall Street Reform and Consumer...

  8. Analyzing the requirements for a robust security criteria and management of multi-level security in the clouds

    Science.gov (United States)

    Farroha, Bassam S.; Farroha, Deborah L.

    2011-06-01

    The new corporate approach to efficient processing and storage is migrating from in-house service-center services to the newly coined approach of Cloud Computing. This approach advocates thin clients and providing services by the service provider over time-shared resources. The concept is not new, however the implementation approach presents a strategic shift in the way organizations provision and manage their IT resources. The requirements on some of the data sets targeted to be run on the cloud vary depending on the data type, originator, user, and confidentiality level. Additionally, the systems that fuse such data would have to deal with the classifying the product and clearing the computing resources prior to allowing new application to be executed. This indicates that we could end up with a multi-level security system that needs to follow specific rules and can send the output to a protected network and systems in order not to have data spill or contaminated resources. The paper discusses these requirements and potential impact on the cloud architecture. Additionally, the paper discusses the unexpected advantages of the cloud framework providing a sophisticated environment for information sharing and data mining.

  9. Connecting Security Requirements and Software Architecture with Patterns (Beveiligingsvereisten en softwarearchitectuur verbinden met patronen)

    OpenAIRE

    Yskout, Koen

    2013-01-01

    Recurring solutions to software engineering problems are often captured in patterns, which describe, in a generic but reusable manner, a specific problem and a corresponding solution. This thesis develops a deeper understanding about how pattern catalogs can help a software architect to reconcile the software's requirements and the architecture in the context of security. To achieve this goal, we follow an empirical approach.Two aspects of development are taken into account, namely (1) the co...

  10. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    OpenAIRE

    Herrmann, Andrea; Morali, Ayse; Etalle, Sandro; Wieringa, Roel

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security” but need to be able to justify their security investment plans. In this paper, we present a Risk-Based Requirements Prioritization method (RiskREP) that extends misuse case-based methods with IT architecture based risk assessment and countermeasure definition and prioritization. Countermeasure prioritizati...

  11. NERSC Cyber Security Challenges That Require DOE Development andSupport

    Energy Technology Data Exchange (ETDEWEB)

    Draney, Brent; Campbell, Scott; Walter, Howard

    2007-01-16

    Traditional security approaches do not adequately addressall the requirements of open, scientific computing facilities. Many ofthe methods used for more restricted environments, including almost allcorporate/commercial systems, do not meet the needs of today's science.Use of only the available "state of the practice" commercial methods willhave adverse impact on the ability of DOE to accomplish its sciencegoals, and impacts the productivity of the DOE Science community. Inparticular, NERSC and other high performance computing (HPC) centers havespecial security challenges that are unlikely to be met unless DOE fundsdevelopment and support of reliable and effective tools designed to meetthe cyber security needs of High Performance Science. The securitychallenges facing NERSC can be collected into three basic problem sets:network performance and dynamics, application complexity and diversity,and a complex user community that can have transient affiliations withactual institutions. To address these problems, NERSC proposes thefollowing four general solutions: auditing user and system activityacross sites; firewall port configuration in real time;cross-site/virtual organization identity management and access control;and detecting security issues in application middleware. Solutions arealsoproposed for three general long term issues: data volume,application complexity, and information integration.

  12. An analysis of Technical Security Control Requirements For Digital I and C Systems in Nuclear Power Plants

    International Nuclear Information System (INIS)

    Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system

  13. Security

    Science.gov (United States)

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  14. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  15. A Wireless Sensor Network for Hospital Security: From User Requirements to Pilot Deployment

    Directory of Open Access Journals (Sweden)

    Kaseva Ville

    2011-01-01

    Full Text Available Increasing amount of Wireless Sensor Network (WSN applications require low network delays. However, current research on WSNs has mainly concentrated on optimizing energy-efficiency omitting low network delays. This paper presents a novel WSN design targeted at applications requiring low data transfer delays and high reliability. We present the whole design flow from user requirements to an actual pilot deployment in a real hospital unit. The WSN includes multihop low-delay data transfer and energy-efficient mobile nodes reaching lifetime of years with small batteries. The nodes communicate using a low-cost low-power 2.4 GHz radio. The network is used in a security application with which personnel can send alarms in threatening situations. Also, a multitude of sensor measurements and actuator control is possible with the WSN. A full-scale pilot deployment is extensively experimented for performance results. Currently, the pilot network is in use at the hospital.

  16. 76 FR 54374 - Disclosure for Asset-Backed Securities Required by Section 943 of the Dodd-Frank Wall Street...

    Science.gov (United States)

    2011-09-01

    ..., 2011), and was published in FR Doc. 2011-1504 on page 4489 in the Federal Register on January 26, 2011 (76 FR 4489). List of Subjects in 17 CFR Part 240 Reporting and recordkeeping requirements, Securities... the Dodd-Frank Wall Street Reform and Consumer Protection Act AGENCY: Securities and...

  17. C2 Link Security for UAS: Technical Literature Study and Preliminary Functional Requirements. Version 0.9 (Working Draft)

    Science.gov (United States)

    2005-01-01

    This document provides a study of the technical literature related to Command and Control (C2) link security for Unmanned Aircraft Systems (UAS) for operation in the National Airspace System (NAS). Included is a preliminary set of functional requirements for C2 link security.

  18. Safeguards and security requirements for weapons plutonium disposition in light water reactors

    International Nuclear Information System (INIS)

    This paper explores the issues surrounding the safeguarding of the plutonium disposition process in support of the United States nuclear weapons dismantlement program. It focuses on the disposition of the plutonium by burning mixed oxide fuel in light water reactors (LWR) and addresses physical protection, material control and accountability, personnel security and international safeguards. The S and S system needs to meet the requirements of the DOE Orders, NRC Regulations and international safeguards agreements. Experience has shown that incorporating S and S measures into early facility designs and integrating them into operations provides S and S that is more effective, more economical, and less intrusive. The plutonium disposition safeguards requirements with which the US has the least experience are the implementation of international safeguards on plutonium metal; the large scale commercialization of the mixed oxide fuel fabrication; and the transportation to and loading in the LWRs of fresh mixed oxide fuel. It is in these areas where the effort needs to be concentrated if the US is to develop safeguards and security systems that are effective and efficient

  19. 76 FR 34579 - Beneficial Ownership Reporting Requirements and Security-Based Swaps

    Science.gov (United States)

    2011-06-14

    ... otherwise acquires such power based on the purchase or sale of a security-based swap), grants a right to... investment power over the securities based on the purchase or sale of a security-based swap. Following... the Dodd-Frank Act. The definitions of the terms ``swap,'' ``security-based swap,'' and...

  20. 77 FR 71568 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-12-03

    ... (October 18, 2012), which was published in FR Doc. 2012-26164 and appeared on page 70214 of the Federal Register on November 23, 2012 (77 FR 70214): 1. In footnote 172 in the first column of page 70233, the...; ] SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 RIN 3235-AL12 Capital, Margin, and...

  1. 77 FR 70213 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

    Science.gov (United States)

    2012-11-23

    ... Securities International, Inc., Rabobank Nederland, Royal Bank of Canada, The Royal Bank of Scotland Group... Release No. 64372 (Apr. 29, 2011), 76 FR 29818 (May 23, 2011) (``Product Definitions Proposing Release... FR 48208 (Aug. 13, 2012) (Joint final rule with the CFTC) (``Product Definitions Adopting...

  2. 17 CFR 240.6h-1 - Settlement and regulatory halt requirements for security futures products.

    Science.gov (United States)

    2010-04-01

    ... price of a cash-settled security futures product must fairly reflect the opening price of the underlying... settlement price of the security futures product shall fairly reflect: (i) The price of the underlying...(b)(7)), to which the final settlement price of a security futures product is or would be...

  3. Resolving vulnerability identification errors using security requirements on business process models

    OpenAIRE

    Taubenberger, Stefan; Jürjens, Jan; Yu, Yijun; Nuseibeh, Bashar

    2013-01-01

    peer-reviewed Purpose - In any information security risk assessment, vulnerabilities are usually identified by information-gathering techniques. However, vulnerability identification errors - wrongly identified or unidentified vulnerabilities - can occur as uncertain data are used. Furthermore, businesses??? security needs are not considered sufficiently. Hence, security functions may not protect business assets sufficiently and cost-effectively. Design/methodology/approach ...

  4. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  5. Examining self-protection requirements: methods to improve security of HEU materials

    International Nuclear Information System (INIS)

    Full text: Preventing non-state actors from obtaining highly enriched uranium (HEU) is critical to impeding nuclear terrorism, yet security levels at civil sites with HEU on the premises continue to vary greatly throughout the globe. One critical problem thwarting efforts to improve the physical protection of this material is the lack of an international assessment of 1) the conversion time (the time which would be required to convert the material concerned into the metallic components of an explosive device) of spent fuel and other irradiated HEU materials, such as target waste, in particular giving due consideration to the fact that long cooling times may have reduced significantly radiation levels required to deter and/or prevent theft and subsequent handling, and 2) clear recommendations on the ways to evaluate the adequacy of related physical protection measures. While this issue has been studied in some detail for spent fuel from power reactors, with particular emphasis on Pu, similar assessments have not been completed for HEU fuel types, such as those used in more than 130 research reactors and numerous naval installations, in addition to other fuel cycles. This paper provides a preliminary assessment of 'self-protection' standards, by examining the level of radiation needed to incapacitate a would-be thief within hours. The inadequacy of current standards has been suggested by previous assessments with respect to HEU targets used for Mo-99 production. The basis for the evaluation includes historical data on fuel burn-up from the IAEA Research Reactor database, the results of modelling fuel parameters for nuclear submarines, and data on target waste for radioisotope production. These categories of spent materials arc known to be stored at numerous sites in all parts of the world, leading to security concerns. The paper offers an overview of the number of sites that may have spent HEU materials, including non-defueled, decommissioned facilities. The

  6. A Novel Web-based Approach for Balancing Usability and Security Requirements of Text Passwords

    Directory of Open Access Journals (Sweden)

    Dhananjay Kulkarni

    2010-07-01

    Full Text Available Many Internet applications, for example e-commerce or email services require that users create a username and passwordwhich serves as an authentication mechanism. Though text passwords have been around for a while, not muchhas been done in helping naive Internet users in creating strong passwords. Generally users prefer easy-to-rememberpasswords, but service provides prefer that users use a strong, difficult-to-guess password policy to protect their ownresources. In this work we have explored how appropriate feedback on password strength can be useful in choosing astrong password. We first discuss the results of a security vs. usability study that we did, which shows the currenttrends in choosing passwords, and how a password cracking tools can easily guess a majority of weak passwords. Next,we propose a novel framework, which addresses our problem of enforcing password policies. Given a password policy,our framework is able to monitor password strength, and suggest passwords that are stronger. Moreover, since ourpasswords are pareto-efficient, and involve user participation in making a selection, we believe that our frameworkmakes appropriate tradeoffs between password strength and difficulty in remembering. We also propose novel ways tocompute the password reminder interval so that user-satisfaction remains within bounds. Experimental study showsthat our approach is much better that current password creation models, and serves as a practical tool that can beintegrated with Internet applications.

  7. 75 FR 31273 - Social Security Administration Implementation of OMB Guidance for Drug-Free Workplace Requirements

    Science.gov (United States)

    2010-06-03

    ... 20 CFR Part 439 RIN 0960-AH14 Social Security Administration Implementation of OMB Guidance for Drug... Security Administration does a recipient other than an individual notify about a criminal drug conviction... at http://www.gpoaccess.gov/fr/index.html . Background Congress passed the Drug-Free Workplace Act...

  8. 48 CFR 1852.204-76 - Security requirements for unclassified information technolocgy resources.

    Science.gov (United States)

    2010-10-01

    ... NASA approval an IT Security Plan, Risk Assessment, and FIPS 199, Standards for Security Categorization...-Assessment Guide for Information Technology Systems, and FIPS 200, on a yearly basis. (ii) The risk assessment shall be prepared consistent, in form and content, with NIST SP 800-30, Risk Management Guide...

  9. 76 FR 65542 - N.S. Savannah; Exemption From Certain Security Requirements

    Science.gov (United States)

    2011-10-21

    ... March 27, 2009 (74 FR 13970). The revised regulation stated that it was applicable to all Part 50... plan or procedures, physical security plan, guard training and qualification plan, and cyber security... FR 59174). Based upon the environmental assessment, the Commission has determined that issuance...

  10. Maritime supply chain security: Navigating through a sea of compliance requirements

    Directory of Open Access Journals (Sweden)

    Emma Maspero

    2008-11-01

    Full Text Available As a direct result of the 9-11 New York attack all modes of freight and passengertransportation were scrutinised for vulnerabilities. Over 90% of international trade takes place via sea transport for at least some part of the supply chain and as a result there has been a drive to better secure maritime transportation. This paper outlines the background to and the rationale behind the most important of the new security measures for maritime transportation and provides an overview of the likely implications for supply chain role-players. In addition the paper endeavours to create awareness of the importance of maritime supply chain security.

  11. Folic Acid and Vitamin B12 Fortification of Flour: A Global Basic Food Security Requirement

    Directory of Open Access Journals (Sweden)

    Tulchinsky Theodore H

    2010-07-01

    Full Text Available Folic acid is an essential water soluble B vitamin which has been used for decades in the prevention of folate deficiency anemia of pregnancy. In 1991, folic acid taken prior to the start of pregnancy was shown unequivocally to prevent spina bifida and anencephaly—two of the most serious and common birth (neural tube defects. Soon governments recommended that women of reproductive age consume folic acid daily to prevent these birth defects. Because compliance was low and since more than half of pregnancies are unplanned, the United States Food and Drug Administration mandated in 1998 that all enriched flour be fortified with folic acid at a concentration estimated to give the average woman an intake of 100 micrograms of folic acid a day. Canada and Chile followed with similar requirements for folic acid fortification of wheat flour. Now there is mandatory fortification in more than 50 countries globally.Where fortification has been implemented and studied, it has led to dramatic increases in serum folate concentrations, reduction in neural tube defects, folate deficiency anemia, as well as the reduction in homocysteine concentrations and stroke mortality with no known risk. Australia implemented mandatory folic acid fortification in 2009. To date, no country in Europe has implemented mandatory folic acid fortification of flour, although it has been recommended by the UK Food Safety Authority. This review discusses the vital importance of mandatory flour fortification with folic acid and vitamin B12, for public health food security and as a challenge to the New Public Health in Europe and globally.

  12. 77 FR 35259 - Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment

    Science.gov (United States)

    2012-06-13

    ... 29, 2011 (76 FR 73777), the OCC issued proposed guidance together with a notice of proposed... investment securities under section 5(c) of the Home Owners' Loan Act (HOLA), to the extent specified...

  13. A study of international security requirement on Hong Kong air cargo industry : development and challenges

    OpenAIRE

    Tang, Yu-to, Matthew; 鄧汝滔

    2012-01-01

    Currently, most of the research related to aviation sector of Hong Kong would focus on infrastructure perspective such as the building of 3rd runway in HKIA and the cooperation issues among airports in Pearl River Delta (PRD) Region in order to analyze the impact towards competitiveness of Hong Kong as a major international air cargo hub. However, there are not much research on air cargo industry has been done from security perspective but the recent trend of tightening international security...

  14. A Secure Web-Based File Exchange Server: Software Requirements Specification Document

    OpenAIRE

    Mokhov, Serguei A.; Laverdière, Marc-André; Benssam, Ali; Benredjem, Djamel

    2011-01-01

    This document presents brief software specification of a secure file exchange system prototype involving mutual authentication of the users via their browser and the application server with PKI-based certificates as credentials, the use of LDAP for credential management, and authentication between the application and database servers to maintain a high level of trust between all parties.

  15. LTE security

    CERN Document Server

    Forsberg, Dan; Moeller, Wolf-Dietrich

    2010-01-01

    Addressing the security solutions for LTE, a cellular technology from Third Generation Partnership Project (3GPP), this book shows how LTE security substantially extends GSM and 3G security. It also encompasses the architectural aspects, known as SAE, to give a comprehensive resource on the topic. Although the security for SAE/LTE evolved from the security for GSM and 3G, due to different architectural and business requirements of fourth generation systems the SAE/LTE security architecture is substantially different from its predecessors. This book presents in detail the security mechanisms em

  16. Security Requirements, Counterattacks and Projects in Healthcare Applications Using WSNs - A Review

    OpenAIRE

    Fatema, Nusrat; Brad, Remus

    2014-01-01

    Healthcare applications are well thought-out as interesting fields for WSN where patients can be examine using wireless medical sensor networks. Inside the hospital or extensive care surroundings there is a tempting need for steady monitoring of essential body functions and support for patient mobility. Recent research cantered on patient reliable communication, mobility, and energy-efficient routing. Yet deploying new expertise in healthcare applications presents some understandable security...

  17. Regional food security in south-central Appalachia: Connecting diet, land requirement, and agricultural carrying capacity

    OpenAIRE

    Smith, Margaret Blair

    2014-01-01

    Local communities and regional networks are currently exploring the strategy of developing local and regional food systems in order to enhance food security. The relationship between food consumption and production must be tested at various scales and across geographies in order to describe how place-based diets influence agricultural land use and the degree to which a discrete agricultural land base can feed a population. This thesis used two models to integrate data from across the agricu...

  18. Food and nutritional security requires adequate protein as well as energy, delivered from whole-year crop production.

    Science.gov (United States)

    Coles, Graeme D; Wratten, Stephen D; Porter, John R

    2016-01-01

    Human food security requires the production of sufficient quantities of both high-quality protein and dietary energy. In a series of case-studies from New Zealand, we show that while production of food ingredients from crops on arable land can meet human dietary energy requirements effectively, requirements for high-quality protein are met more efficiently by animal production from such land. We present a model that can be used to assess dietary energy and quality-corrected protein production from various crop and crop/animal production systems, and demonstrate its utility. We extend our analysis with an accompanying economic analysis of commercially-available, pre-prepared or simply-cooked foods that can be produced from our case-study crop and animal products. We calculate the per-person, per-day cost of both quality-corrected protein and dietary energy as provided in the processed foods. We conclude that mixed dairy/cropping systems provide the greatest quantity of high-quality protein per unit price to the consumer, have the highest food energy production and can support the dietary requirements of the highest number of people, when assessed as all-year-round production systems. Global food and nutritional security will largely be an outcome of national or regional agroeconomies addressing their own food needs. We hope that our model will be used for similar analyses of food production systems in other countries, agroecological zones and economies. PMID:27478691

  19. Using Semantic Annotation for Mining Privacy and Security Requirements from European Union Directives

    OpenAIRE

    Guarda, Paolo; Kiyavitskaya, Nadzeya; Zannone, Nicola

    2008-01-01

    The increasing complexity of software systems and growing demand for regulations compliance require effective methods and tools to support requirements analysts activities. In order to facilitate alignment of software system requirements and regulations, systematic methods and tools automating regulations analysis must be developed. This work explores applicability of the semantic annotation tool Cerno to mining of rights and obligations from European privacy directives.

  20. Execution of a self-directed risk assessment methodology to address HIPAA data security requirements

    Science.gov (United States)

    Coleman, Johnathan

    2003-05-01

    This paper analyzes the method and training of a self directed risk assessment methodology entitled OCTAVE (Operationally Critical Threat Asset and Vulnerability Evaluation) at over 170 DOD medical treatment facilities. It focuses specifically on how OCTAVE built interdisciplinary, inter-hierarchical consensus and enhanced local capabilities to perform Health Information Assurance. The Risk Assessment Methodology was developed by the Software Engineering Institute at Carnegie Mellon University as part of the Defense Health Information Assurance Program (DHIAP). The basis for its success is the combination of analysis of organizational practices and technological vulnerabilities. Together, these areas address the core implications behind the HIPAA Security Rule and can be used to develop Organizational Protection Strategies and Technological Mitigation Plans. A key component of OCTAVE is the inter-disciplinary composition of the analysis team (Patient Administration, IT staff and Clinician). It is this unique composition of analysis team members, along with organizational and technical analysis of business practices, assets and threats, which enables facilities to create sound and effective security policies. The Risk Assessment is conducted in-house, and therefore the process, results and knowledge remain within the organization, helping to build consensus in an environment of differing organizational and disciplinary perspectives on Health Information Assurance.

  1. Analysis of ISO NE Balancing Requirements: Uncertainty-based Secure Ranges for ISO New England Dynamic Inerchange Adjustments

    Energy Technology Data Exchange (ETDEWEB)

    Etingov, Pavel V.; Makarov, Yuri V.; Wu, Di; Hou, Zhangshuan; Sun, Yannan; Maslennikov, S.; Luo, X.; Zheng, T.; George, S.; Knowland, T.; Litvinov, E.; Weaver, S.; Sanchez, E.

    2013-01-31

    The document describes detailed uncertainty quantification (UQ) methodology developed by PNNL to estimate secure ranges of potential dynamic intra-hour interchange adjustments in the ISO-NE system and provides description of the dynamic interchange adjustment (DINA) tool developed under the same contract. The overall system ramping up and down capability, spinning reserve requirements, interchange schedules, load variations and uncertainties from various sources that are relevant to the ISO-NE system are incorporated into the methodology and the tool. The DINA tool has been tested by PNNL and ISO-NE staff engineers using ISO-NE data.

  2. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey

    Directory of Open Access Journals (Sweden)

    Mohamed S. Abdalzaher

    2016-06-01

    Full Text Available We present a study of using game theory for protecting wireless sensor networks (WSNs from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

  3. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey.

    Science.gov (United States)

    Abdalzaher, Mohamed S; Seddik, Karim; Elsabrouty, Maha; Muta, Osamu; Furukawa, Hiroshi; Abdel-Rahman, Adel

    2016-01-01

    We present a study of using game theory for protecting wireless sensor networks (WSNs) from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs. PMID:27367700

  4. Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey

    Science.gov (United States)

    Abdalzaher, Mohamed S.; Seddik, Karim; Elsabrouty, Maha; Muta, Osamu; Furukawa, Hiroshi; Abdel-Rahman, Adel

    2016-01-01

    We present a study of using game theory for protecting wireless sensor networks (WSNs) from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs. PMID:27367700

  5. Node security

    CERN Document Server

    Barnes, Dominic

    2013-01-01

    A practical and fast-paced guide that will give you all the information you need to secure your Node applications.If you are a developer who wishes to secure your Node applications, whether you are already using Node Security in production, or are considering using it for your next project, then this book will enable you to ensure security of your applications. An understanding of JavaScript is a prerequisite, and some experience with Node is recommended, though not required.

  6. 78 FR 48218 - Emergency Order Establishing Additional Requirements for Attendance and Securement of Certain...

    Science.gov (United States)

    2013-08-07

    ... Federal Railroad Administration Emergency Order Establishing Additional Requirements for Attendance and... crude oil (U.S. DOT Hazard Class 3, UN 1267). At approximately 11:00 p.m. the train stopped near... left unattended for one hour or less, attendance related to locomotives attached to loaded tank...

  7. 49 CFR 1572.17 - Applicant information required for TWIC security threat assessment.

    Science.gov (United States)

    2010-10-01

    ... guilty by reason of insanity, of a disqualifying crime listed in 49 CFR 1572.103(b), in a civilian or... disqualifying crime listed in 49 CFR 1572.103(b), during the five years before the date of the application, or... involuntarily, or is applying for a waiver; (6) Meets the immigration status requirements described in 49...

  8. 49 CFR 1572.9 - Applicant information required for HME security threat assessment.

    Science.gov (United States)

    2010-10-01

    ... reason of insanity, of a disqualifying crime listed in 49 CFR 1572.103(b), in a civilian or military... disqualifying crime listed in 49 CFR 1572.103(b), during the five years before the date of the application, or... involuntarily or is applying for a waiver; (6) Meets the immigration status requirements described in 49...

  9. Regional, national and international security requirements for the transport of nuclear cargo by sea

    Energy Technology Data Exchange (ETDEWEB)

    Booker, P.A.; Barnwell, I. [Marine Operations, BNFL International Transport and British Nuclear Group Security (United Kingdom)

    2004-07-01

    Since the beginning of the nuclear age in the 1940's, the world has focused on the immense possibilities of nuclear power with both its destructive and productive capabilities. The civil nuclear industry in the UK, as in most nuclear weapons states, grew from the military facilities built in the post war years under the political climate of the Cold War. In the early years of the industry, civil and defence nuclear facilities were inextricably linked both in public perceptions and the regulatory infrastructure under which they operated. The nuclear arms race and the spread of communism overshadowed people's perceptions of there being two separate uses of nuclear material. This was a double edged sword which initially allowed the industry to develop largely unhindered by public concerns but latterly meant the industry could not break away from its roots and to many is still perceived as a dangerous and destructive force. Regulatory frameworks governing all aspects of the industry have developed both nationally and internationally driven by valid public concerns, political agendas and an international consensus that the unregulated use of nuclear material has catastrophic possibilities on an international scale. With the internationalisation of the civil nuclear industry and the costs associated with developing facilities to fully support each stage of the fuel cycle, from enrichment, fuel manufacturing, reprocessing and waste remediation, it became inevitable that a transport infrastructure would develop to make best use of the facilities. Regulations, both national and international are implicit in ensuring the security of nuclear material in transit. Due to the physical size of many of the irradiated fuel packages and implications of the changes to transport safety regulations, international transports of nuclear material, other than within mainland Europe, is predominantly carried out by sea.

  10. Regional, national and international security requirements for the transport of nuclear cargo by sea

    International Nuclear Information System (INIS)

    Since the beginning of the nuclear age in the 1940's, the world has focused on the immense possibilities of nuclear power with both its destructive and productive capabilities. The civil nuclear industry in the UK, as in most nuclear weapons states, grew from the military facilities built in the post war years under the political climate of the Cold War. In the early years of the industry, civil and defence nuclear facilities were inextricably linked both in public perceptions and the regulatory infrastructure under which they operated. The nuclear arms race and the spread of communism overshadowed people's perceptions of there being two separate uses of nuclear material. This was a double edged sword which initially allowed the industry to develop largely unhindered by public concerns but latterly meant the industry could not break away from its roots and to many is still perceived as a dangerous and destructive force. Regulatory frameworks governing all aspects of the industry have developed both nationally and internationally driven by valid public concerns, political agendas and an international consensus that the unregulated use of nuclear material has catastrophic possibilities on an international scale. With the internationalisation of the civil nuclear industry and the costs associated with developing facilities to fully support each stage of the fuel cycle, from enrichment, fuel manufacturing, reprocessing and waste remediation, it became inevitable that a transport infrastructure would develop to make best use of the facilities. Regulations, both national and international are implicit in ensuring the security of nuclear material in transit. Due to the physical size of many of the irradiated fuel packages and implications of the changes to transport safety regulations, international transports of nuclear material, other than within mainland Europe, is predominantly carried out by sea

  11. 15 CFR 744.11 - License requirements that apply to entities acting contrary to the national security or foreign...

    Science.gov (United States)

    2010-01-01

    ... entities acting contrary to the national security or foreign policy interests of the United States. 744.11... national security or foreign policy interests of the United States. BIS may impose foreign policy export... to United States national security or foreign policy interests or enabling such transfer,...

  12. Security Architectures for Model Driven Web Requirements – Financial Application Case Study

    Directory of Open Access Journals (Sweden)

    A.V.Krishna Prasad

    2010-07-01

    Full Text Available MDA with executable UML offers an approach that embodies all the key ingredients of the process for developing dependable systems, by offering: A uniform strategy for preserving investment in existing models built using unsupported tools, by automatically migrating them to profiled UML models for subsequent maintenance and development using state of the art UML tools; A clean separation of application behavior from the platform specific implementation using technologies such as Integrated Modular Avionics (IMA, allowing the full potential of IMA to be realized in a consistent and dependable way; A semantically well defined formalism that can be used a basis for modular certification of safety related systems; The ability to generate not only the components of the target system, but components of development tool chain, providing scope for model translation and offering “executable specifications” that can be tested early and mapped reliably onto the target, leading to greater levels of dependency. MDA is a new approach for most organizations, and therefore carries additional training and learning curve costs and also currently the availability of production quality code generators is currently limited. MDA requires developers to work at a more abstract level than code although experience shows that most do not have any difficulty making the adjustment, there will be some who find this change of emphasis difficult to achieve. Building upon the initial success of MDA deployment so far, work is now proceeding on the enhancement of Ada code mapping rules to cover the entire xUML formalism. Work is also underway to develop a generic “adapter/router”component to provide a standard component to provide a standard way to interface re-engineered xUML components with pre-existing components. These techniques are now being applied to another avionics system in the same organization, in response to the customers need for a faster and cheaper upgrade

  13. Information security fundamentals

    CERN Document Server

    Peltier, Thomas R

    2013-01-01

    Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and r

  14. Security for grids

    Energy Technology Data Exchange (ETDEWEB)

    Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

    2005-08-14

    Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.

  15. Security during the Construction of New Nuclear Power Plants: Technical Basis for Access Authorization and Fitness-For-Duty Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Branch, Kristi M.; Baker, Kathryn A.

    2009-09-01

    A technical letter report to the NRC summarizing the findings of a benchmarking study, literature review, and workshop with experts on current industry standards and expert judgments about needs for security during the construction phase of critical infrastructure facilities in the post-September 11 U.S. context, with a special focus on the construction phase of nuclear power plants and personnel security measures.

  16. Information Security Maturity Model

    OpenAIRE

    Information Security Maturity Model

    2011-01-01

    To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

  17. WORKSTATION SECURITY ENSURANCE

    OpenAIRE

    Hudoklin, Alenka; Stadler, Alenka

    1998-01-01

    A methodology for the ensured security of a workstation connected in a computer network with in an organization is presented. A technique for the determination of the required security level for a workstation's tangible and intangible components is described. A set of security measures for each security level of the workstation's tangible and intangible components is selected. The methodology is applied to workstations in the computer network of a Slovenian state agency. The required security...

  18. Junos Security

    CERN Document Server

    Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

    2010-01-01

    Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag

  19. FOOD SECURITY

    Directory of Open Access Journals (Sweden)

    Dorina Ardelean

    2013-12-01

    Full Text Available The assurance of food security at the individual level doesn’t implicitly provide for the one at family level as the concepts of hunger, malnutrition and food insecurity are the steps of the same process of access restricted to a sufficient supply of food. In order to achieve food security at the individual level the following is necessary: ensuring food availability (production, reserve stocks; redistribution of food availability within the country or out through international exchanges; effective access of the population to purchase food consumer goods, by ensuring its effective demand as required. Food security of families (FFS is required for assuring individual food security (IFS, but it is not sufficient because the food available may be unevenly distributed between family members. National food security (NFS corresponds to the possibilities that different countries have to ensure both FFS and IFS without sacrificing other important objectives. Under the name of GAS is defined the global food security which represents permanent access for the entire population of the globe to the necessary food for a healthy and active life.

  20. Secure portal.

    Energy Technology Data Exchange (ETDEWEB)

    Nelson, Cynthia Lee

    2007-09-01

    There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allow special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing

  1. Generalized Software Security Framework

    OpenAIRE

    Smriti Jain; Maya Ingle

    2011-01-01

    Security of information has become a major concern in today's digitized world. As a result, effective techniques to secure information are required. The most effective way is to incorporate security in the development process itself thereby resulting into secured product. In this paper, we propose a framework that enables security to be included in the software development process. The framework consists of three layers namely; control layer, aspect layer and development layer. The control la...

  2. Data security.

    Science.gov (United States)

    2016-09-01

    A government-commissioned review of data security across health and care has led to the proposal of new standards for security and options for a consent/opt-out model. Standards include that all staff complete appropriate annual data security training and pass a mandatory test provided through the revised Information Governance Toolkit, that personal confidential data is only accessible to staff who need it for their current role, and that access is removed as soon as it is no longer required. The consent/opt-out model is outlined under 8 statements, and includes certain circumstances where it will not apply, for example, where there is an overriding public interest, or mandatory legal requirement. PMID:27581899

  3. Strategic planning and security analysis

    International Nuclear Information System (INIS)

    Nuclear security master planning is a deliberative process, founded on the premise that the broad scope of security must be analyzed before any meaningful determinations may be reached on an individual security aspect. This paper examines the analytical process required in developing a Security Master Plan. It defines a four stage process concluding with the selection of security measures encompassing physical security, policy and procedure considerations and guard force deployment. The final product orchestrates each security measure in a complementary and supportive configuration

  4. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage

    Science.gov (United States)

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called “privacy principles” to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions – when implementing laboratory data protocols – with experts in the fields. PMID:26955504

  5. Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage.

    Science.gov (United States)

    Schlosberg, Arran

    2016-01-01

    The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called "privacy principles" to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions - when implementing laboratory data protocols - with experts in the fields. PMID:26955504

  6. Leadership in organizations with high security and reliability requirements; Liderazgo en organizaciones con altos requisitos de seguridad y fiabilidad

    Energy Technology Data Exchange (ETDEWEB)

    Gonzalez, F.

    2013-07-01

    Developing leadership skills in organizations is the key to ensure the sustain ability of excellent results in industries with high requirements safety and reliability. In order to have a model of leadership development specific to this type of organizations, Tecnatom in 2011, we initiated a project internal, to find and adapt a competency model to these requirements.

  7. Security by Design

    International Nuclear Information System (INIS)

    Security by design can reduce the intrinsic vulnerability of nuclear facilities while minimising costs and disruption to operations. The fundamental processes of a nuclear facility should be designed from the start to give the same priority to nuclear security objectives as to nuclear safety. Vital Areas should be designed out, minimising the need for protective security and reducing the risk from insiders. This requires a proactive approach, involving engineers, security managers, safety specialists and operators to optimise the benefits from the intrinsic features of the processes, materials and structures. A robust, threat tolerant design is required. In some areas, measures included in the design to improve nuclear safety will also assist security. In others, a design solution needs to be sought that will minimise conflicting requirements. Security by design requires appropriate organisational commitment and culture to enable full integration of the design for operations, security, safety and safeguards. (author)

  8. Safety Guide no. 5.14 issued in Spain by the Nuclear Safety Council: Security and radiological requirements in the industrial gamma radiography facilities

    International Nuclear Information System (INIS)

    Radioactive facilities where industrial gamma radiography equipment are used, require a use authorization in accordance to the Spanish regulations. In order to get authorized the person in charge of the installation has to display a set of documents; among them two of the most important attending to radiological safety, are the 'Operatory Manual' and the 'Emergency Procedures'. The fulfillment of these documents is essential to get, from the radiological point of view, the optimal conditions for the running of the installation. The Regulation on Sanitary Protection against the Ionizing Radiation, transposition of Directives 80/836/EURATOM and 84/467/EURATOM, provides certain targets to be reached and a set of radioactive protection measures, applied, in general terms, to this kind of installations. The experience gathered on the running of these specially radioactive risky installations demands special attention to the fulfillment of the security and radiological protection measures. The Nuclear Safety Council issued in 1998 the safety guide 5.14, in order to help people in charge of those installations to fulfill the security and radiological requirements, as well to became the guideline in the writing of obligatory documents, specially those referring to the 'Operatory Manual' and the 'Emergency Procedures', where the safe operational procedures of this kind of equipment are described. (author)

  9. Learning Puppet security

    CERN Document Server

    Slagle, Jason

    2015-01-01

    If you are a security professional whose workload is increasing, or a Puppet professional looking to increase your knowledge of security, or even an experienced systems administrator, then this book is for you. This book will take you to the next level of security automation using Puppet. The book requires no prior knowledge of Puppet to get started.

  10. Secure Disk Mixed System

    Directory of Open Access Journals (Sweden)

    Myongchol Ri

    2013-01-01

    Full Text Available We propose a disk encryption method, called Secure Disk Mixed System (SDMS in this paper, for data protection of disk storages such as USB flash memory, USB hard disk and CD/DVD. It is aimed to solve temporal and spatial limitations of existing disk encryption methods and to control security performance flexibly according to the security requirement of system.

  11. Microsoft Azure security

    CERN Document Server

    Freato, Roberto

    2015-01-01

    This book is intended for Azure administrators who want to understand the application of security principles in distributed environments and how to use Azure to its full capability to reduce the risks of security breaches. Only basic knowledge of the security processes and services of Microsoft Azure is required.

  12. Alternative security

    International Nuclear Information System (INIS)

    This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview

  13. Android application security essentials

    CERN Document Server

    Rai, Pragati

    2013-01-01

    Android Application Security Essentials is packed with examples, screenshots, illustrations, and real world use cases to secure your apps the right way.If you are looking for guidance and detailed instructions on how to secure app data, then this book is for you. Developers, architects, managers, and technologists who wish to enhance their knowledge of Android security will find this book interesting. Some prior knowledge of development on the Android stack is desirable but not required.

  14. Relaxing Chosen-Ciphertext Security

    DEFF Research Database (Denmark)

    Canetti, Ran; Krawczyk, Hugo; Nielsen, Jesper Buus

    2003-01-01

    Security against adaptive chosen ciphertext attacks (or, CCA security) has been accepted as the standard requirement from encryption schemes that need to withstand active attacks. In particular, it is regarded as the appropriate security notion for encryption schemes used as components within...... general protocols and applications. Indeed, CCA security was shown to suffice in a large variety of contexts. However, CCA security often appears to be somewhat too strong: there exist encryption schemes (some of which come up naturally in practice) that are not CCA secure, but seem sufficiently secure...... “for most practical purposes.” We propose a relaxed variant of CCA security, called Replayable CCA (RCCA) security. RCCA security accepts as secure the non-CCA (yet arguably secure) schemes mentioned above; furthermore, it suffices for most existing applications of CCA security. We provide three...

  15. 78 FR 5116 - NASA Information Security Protection

    Science.gov (United States)

    2013-01-24

    ... SPACE ADMINISTRATION 14 CFR Part 1203 RIN 2700-AD61 NASA Information Security Protection AGENCY..., Classified National Security Information, and appropriately to correspond with NASA's internal requirements, NPR 1600.2, Classified National Security Information, that establishes the Agency's requirements...

  16. Security Measures in Data Mining

    OpenAIRE

    Anish Gupta; Vimal Bibhu; Rashid Hussain

    2012-01-01

    Data mining is a technique to dig the data from the large databases for analysis and executive decision making. Security aspect is one of the measure requirement for data mining applications. In this paper we present security requirement measures for the data mining. We summarize the requirements of security for data mining in tabular format. The summarization is performed by the requirements with different aspects of security measure of data mining. The performances and outcomes are determin...

  17. DISPOSAL OF TRU WASTE FROM THE PLUTONIUM FINISHING PLANT IN PIPE OVERPACK CONTAINERS TO WIPP INCLUDING NEW SECURITY REQUIREMENTS

    Energy Technology Data Exchange (ETDEWEB)

    Hopkins, A.M.; Sutter, C.; Hulse, G.; Teal, J.

    2003-02-27

    The Department of Energy is responsible for the safe management and cleanup of the DOE complex. As part of the cleanup and closure of the Plutonium Finishing Plant (PFP) located on the Hanford site, the nuclear material inventory was reviewed to determine the appropriate disposition path. Based on the nuclear material characteristics, the material was designated for stabilization and packaging for long term storage and transfer to the Savannah River Site or, a decision for discard was made. The discarded material was designated as waste material and slated for disposal to the Waste Isolation Pilot Plant (WIPP). Prior to preparing any residue wastes for disposal at the WIPP, several major activities need to be completed. As detailed a processing history as possible of the material including origin of the waste must be researched and documented. A technical basis for termination of safeguards on the material must be prepared and approved. Utilizing process knowledge and processing history, the material must be characterized, sampling requirements determined, acceptable knowledge package and waste designation completed prior to disposal. All of these activities involve several organizations including the contractor, DOE, state representatives and other regulators such as EPA. At PFP, a process has been developed for meeting the many, varied requirements and successfully used to prepare several residue waste streams including Rocky Flats incinerator ash, Hanford incinerator ash and Sand, Slag and Crucible (SS&C) material for disposal. These waste residues are packed into Pipe Overpack Containers for shipment to the WIPP.

  18. Non-proliferation of nuclear weapons and nuclear security. Overview of safeguards requirements for States with limited nuclear material and activities

    International Nuclear Information System (INIS)

    This booklet provides an overview of safeguards obligations that apply to States which are parties to the Nuclear Non-Proliferation Treaty (NPT) that have no nuclear facilities and only limited quantities of nuclear material. Most State parties to the NPT have no nuclear facilities and only limited quantities of nuclear material. For such States, safeguards implementation is expected to be simple and straightforward. This booklet provides an overview of the safeguards obligations that apply to such States. It is hoped that a better understanding of these requirements will facilitate the conclusion and implementation of safeguards agreements and additional protocols, and thereby contribute to the strengthening of the IAEA?s safeguards system and of collective security

  19. Non-proliferation of nuclear weapons and nuclear security. Overview of Safeguards requirements for States with limited nuclear material and activities

    International Nuclear Information System (INIS)

    This booklet provides an overview of safeguards obligations that apply to States which are parties to the Nuclear Non-Proliferation Treaty (NPT) that have no nuclear facilities and only limited quantities of nuclear material. Most State parties to the NPT have no nuclear facilities and only limited quantities of nuclear material. For such States, safeguards implementation is expected to be simple and straightforward. This booklet provides an overview of the safeguards obligations that apply to such States. It is hoped that a better understanding of these requirements will facilitate the conclusion and implementation of safeguards agreements and additional protocols, and thereby contribute to the strengthening of the IAEA?s safeguards system and of collective security

  20. Modified Small Business Network Security

    Directory of Open Access Journals (Sweden)

    Md. Belayet Ali

    2012-02-01

    Full Text Available This paper covers some likely threats and effectivesteps for a secure small business. It also involves a flowchart tocomprehend the overall small business network security easilyand we identify a set of security issues and applyappropriate techniques to satisfy the correspondingsecurity requirements. In respect of all, this document isstrong enough for any small business network security.

  1. Secure Transportation Management

    Energy Technology Data Exchange (ETDEWEB)

    Gibbs, P. W. [Brookhaven National Lab. (BNL), Upton, NY (United States)

    2014-10-15

    Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

  2. Secure Transportation Management

    International Nuclear Information System (INIS)

    Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

  3. Nuclear security

    International Nuclear Information System (INIS)

    This paper reports that despite an Executive Order limiting the authority to make original classification decisions to government officials, DOE has delegated this authority to a number of contractor employees. Although the number of original classification decisions made by these contractors is small, this neither negates nor diminishes the significance of the improper delegation of authority. If misclassification were to occur, particularly at the Top Secret level, U.S. national security interests could potentially be seriously affected and threatened. DOE's argument that the delegation of such authority is a long-standing policy and done on a selective basis does not legitimize the practice and does not relieve DOE of its responsibility to meet the requirements of the Executive Order. DOE needs to independently assess all original classification determinations made by contractors; otherwise, it cannot be sure that U.S. national security interests have been or are being adequately protected

  4. Federal technology transfer requirements :a focused study of principal agencies approaches with implications for the Department of Homeland Security.

    Energy Technology Data Exchange (ETDEWEB)

    Koker, Denise; Micheau, Jill M.

    2006-07-01

    This report provides relevant information and analysis to the Department of Homeland Security (DHS) that will assist DHS in determining how to meet the requirements of federal technology transfer legislation. These legal requirements are grouped into five categories: (1) establishing an Office of Research and Technology Applications, or providing the functions thereof; (2) information management; (3) enabling agreements with non-federal partners; (4) royalty sharing; and (5) invention ownership/obligations. These five categories provide the organizing framework for this study, which benchmarks other federal agencies/laboratories engaged in technology transfer/transition Four key agencies--the Department of Health & Human Services (HHS), the U.S. Department of Agriculture (USDA), the Department of Energy (DOE), and the Department of Defense (DoD)--and several of their laboratories have been surveyed. An analysis of DHS's mission needs for commercializing R&D compared to those agencies/laboratories is presented with implications and next steps for DHS's consideration. Federal technology transfer legislation, requirements, and practices have evolved over the decades as agencies and laboratories have grown more knowledgeable and sophisticated in their efforts to conduct technology transfer and as needs and opinions in the federal sector have changed with regards to what is appropriate. The need to address requirements in a fairly thorough manner has, therefore, resulted in a lengthy paper. There are two ways to find summary information. Each chapter concludes with a summary, and there is an overall ''Summary and Next Steps'' chapter on pages 57-60. For those readers who are unable to read the entire document, we recommend referring to these pages.

  5. Operating System Security

    CERN Document Server

    Jaeger, Trent

    2008-01-01

    Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to

  6. Fragile States : Securing Development

    OpenAIRE

    Zoellick, R.

    2008-01-01

    Fragile states are the toughest development challenge of our era. But we ignore them at our peril: about one billion people live in fragile states, including a disproportionate number of the world's extreme poor, and they account for most of today's wars. These situations require a different framework of building security, legitimacy, governance, and the economy. Only by securing development - bringing security and development together to smooth the transition from conflict to peace and then ...

  7. Comparison of Adaptive Information Security Approaches

    OpenAIRE

    Antti Evesti; Eila Ovaska

    2013-01-01

    Dynamically changing environments and threat landscapes require adaptive information security. Adaptive information security makes it possible to change and modify security mechanisms at runtime. Hence, all security decisions are not enforced at design-time. This paper builds a framework to compare security adaptation approaches. The framework contains three viewpoints, that is, adaptation, security, and lifecycle. Furthermore, the paper describes five security adaptation approaches and compa...

  8. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2009-01-01

    Includes coverage of each domain of the Common Body of Knowledge, the standard of knowledge required by IT security professionals worldwide. This book includes information on mobile device security, adaptive threat defense, Web 2.0, virtualization, data leakage, and governance

  9. Information security management with ITIL V3

    CERN Document Server

    Cazemier, Jacques A; Peters, Louk

    2010-01-01

    This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:Fundamentals of information security ? providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.Fundamentals of management of information security - explains what information security manageme

  10. Financial security

    NARCIS (Netherlands)

    M. de Goede

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  11. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  12. 7 CFR 1942.114 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 13 2010-01-01 2009-01-01 true Security. 1942.114 Section 1942.114 Agriculture... Security. Specific requirements for security for each loan will be included in the letter of conditions. Loans must be secured by the best security position practicable, in a manner which will...

  13. E-learning for Transport Security

    International Nuclear Information System (INIS)

    In this course we will look at how to ensure nuclear and radioactive material is transported safely and securely through the following topics: Objectives of transport security; International and national requirements, recommendations and guidance; Background of safety regulations; Basic principles and fundamentals; Application of security functions; Transport security technologies; Transport security plans, readiness reviews and corrective actions

  14. On Provable Security for Complex Systems

    OpenAIRE

    Achenbach, Dirk

    2016-01-01

    We investigate the contribution of cryptographic proofs of security to a systematic security engineering process. To this end we study how to model and prove security for concrete applications in three practical domains: computer networks, data outsourcing, and electronic voting. We conclude that cryptographic proofs of security can benefit a security engineering process in formulating requirements, influencing design, and identifying constraints for the implementation.

  15. The caBIG annotation and image Markup project.

    Science.gov (United States)

    Channin, David S; Mongkolwat, Pattanasak; Kleper, Vladimir; Sepukar, Kastubh; Rubin, Daniel L

    2010-04-01

    Image annotation and markup are at the core of medical interpretation in both the clinical and the research setting. Digital medical images are managed with the DICOM standard format. While DICOM contains a large amount of meta-data about whom, where, and how the image was acquired, DICOM says little about the content or meaning of the pixel data. An image annotation is the explanatory or descriptive information about the pixel data of an image that is generated by a human or machine observer. An image markup is the graphical symbols placed over the image to depict an annotation. While DICOM is the standard for medical image acquisition, manipulation, transmission, storage, and display, there are no standards for image annotation and markup. Many systems expect annotation to be reported verbally, while markups are stored in graphical overlays or proprietary formats. This makes it difficult to extract and compute with both of them. The goal of the Annotation and Image Markup (AIM) project is to develop a mechanism, for modeling, capturing, and serializing image annotation and markup data that can be adopted as a standard by the medical imaging community. The AIM project produces both human- and machine-readable artifacts. This paper describes the AIM information model, schemas, software libraries, and tools so as to prepare researchers and developers for their use of AIM. PMID:19294468

  16. 75 FR 73947 - Securities of Nonmember Insured Banks

    Science.gov (United States)

    2010-11-30

    ..., DC, and should be addressed as follows: Accounting and Securities Disclosure Section, Division of..., Accounting and Securities Disclosure Section, Division of Supervision and Consumer Protection, 550 17th... securities disclosure regulations applicable to state nonmember banks with securities required to...

  17. Intelligent mobile security systems

    International Nuclear Information System (INIS)

    This paper reports that mobile security systems are becoming increasingly important to military (Army, Air Force) and non-military (Drug Enforcement Agency, Border Patrol) organizations as the level and sophistication of terrorist activity increases. Frequently, organizations are required to deploy at remote sites on little notice. To ensure protection of life and equipment, security systems are sometimes required. Often, the personnel deployed on these missions are not adequately trained in the selection, installation, and operation of today's complex security equipment. The Intelligent Mobile Security System (IMSS) concept, as being developed by Sandia National Laboratories (SNL), allows untrained, non-technical personnel to configure, deploy, operate, and troubleshoot temporary/mobile physical security system. The IMSS may be used at nuclear facilities

  18. Security studies

    International Nuclear Information System (INIS)

    physical protection system is not covered by such studies, since this type of detection gives no information on either the effectiveness or the reliability of the MC and A systems. A critical scenario is defined as one which leads to discrepancies involving substantial amounts of NM or for which the detection delay is long. Special care is taken when analysing these scenarios. For critical scenarios, sensitivity analysis could be made to determine the smallest quantity of NM the disappearance of which could be detected or the criteria leading to the detection of the disappearance in the control system or in the accounting system. The threats taken into account are identified with reference to the design basis threat specified by the competent authority. Both internal and external threats are taken in account. Internal threats are defined as attempts by insiders to steal quantities of nuclear material, either once or on several occasions; accumulating these quantities leads to a significant quantity of NM. External threats are defined as attempts by groups of aggressors to steal significant amounts of nuclear material. Two hypotheses are taken into account to test the ability of the physical protection system to counter threats of this type. The first is based on a small group of aggressors with limited resources and the second involves a larger team with more sophisticated resources. Of course security studies have to be carried out in compliance with the corresponding confidentiality rules. In addition, such studies have to be regularly updated, notably if significant modifications are made in the MC and A or PP systems. It is important that security studies are available in the facilities for competent personnel, as it gives the rationale behind control and protection of NM. In particular, it could be used, in a performance-based approach, to support analysis reports or to illustrate that the required level of security has been re

  19. Security Expertise

    DEFF Research Database (Denmark)

    This volume brings together scholars from different fields to explore the power, consequences and everyday practices of security expertise. Expertise mediates between different forms of knowledge: scientific and technological, legal, economic and political knowledge. This book offers the first...... systematic study of security expertise and opens up a productive dialogue between science and technology studies and security studies to investigate the character and consequences of this expertise. In security theory, the study of expertise is crucial to understanding whose knowledge informs security making...... and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think...

  20. Surviving security how to integrate people, process, and technology

    CERN Document Server

    Andress, Amanda

    2003-01-01

    WHY DO I NEED SECURITY? Introduction The Importance of an Effective Security Infrastructure People, Process, and Technology What Are You Protecting Against? Types of Attacks Types of Attackers Security as a Competitive Advantage Choosing a Solution Finding Security Employees The Layered Approach UNDERSTANDING REQUIREMENTS AND RISK What Is Risk? Embracing Risk Information Security Risk Assessment Assessing Risk Insurance SECURITY POLICIES AND PROCEDURES Internal Focus Is Key Security Awareness and Education Policy Life Cycle Developing Policies Components of a Security Policy Sample Security Po

  1. Secure Scrum: Development of Secure Software with Scrum

    OpenAIRE

    Pohl, Christoph; Hof, Hans-Joachim

    2015-01-01

    Nowadays, the use of agile software development methods like Scrum is common in industry and academia. Considering the current attacking landscape, it is clear that developing secure software should be a main concern in all software development projects. In traditional software projects, security issues require detailed planning in an initial planning phase, typically resulting in a detailed security analysis (e.g., threat and risk analysis), a security architecture, and instructions for secu...

  2. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

    OpenAIRE

    X. Su; Bolzoni, D; van Eck, P.A.T.

    2006-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business rationale for security requirements. The rationale is then used a...

  3. Being Secure

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    As the world wrestles with challenges from nontraditional security threats, a new concept of security management is emerging Security has traditionally been seen as the means of defending a territory, primarily through the use of military power. However, as the world evolves through the process of globalization, so too does the concept of security. It now incorporates military, political, economic, societal and environmental issues, as well as the many links that bind them. Yet for most people in the wor...

  4. Watermarking security

    CERN Document Server

    Bas, Patrick; Cayre, François; Doërr, Gwenaël; Mathon, Benjamin

    2016-01-01

    This book explains how to measure the security of a watermarking scheme, how to design secure schemes but also how to attack popular watermarking schemes. This book gathers the most recent achievements in the field of watermarking security by considering both parts of this cat and mouse game. This book is useful to industrial practitioners who would like to increase the security of their watermarking applications and for academics to quickly master this fascinating domain.

  5. Securities lending

    OpenAIRE

    Paul C. Lipson; Sabel, Bradley K.; Frank M. Keane

    2012-01-01

    This paper, originally released in August 1989 as part of a Federal Reserve Bank of New York series on the U.S. securities markets, examines loans of Treasury and agency securities in the domestic market. It highlights some important institutional characteristics of securities loan transactions, in particular the common use of agents to arrange the terms of the loans. While we note that this characteristic sets securities lending apart from most repurchase agreement (repo) transactions, which...

  6. Security Locks

    Science.gov (United States)

    Hart, Kevin

    2010-01-01

    According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions affected--perhaps the…

  7. Design of secure operating systems with high security levels

    Institute of Scientific and Technical Information of China (English)

    QING SiHan; SHEN ChangXiang

    2007-01-01

    Numerous Internet security incidents have shown that support from secure operating systems is paramount to fighting threats posed by modern computing environments. Based on the requirements of the relevant national and international standards and criteria, in combination with our experience in the design and development of the ANSHENG v4.0 secure operating system with high security level (hereafter simply referred to as ANSHENG OS), this paper addresses the following key issues in the design of secure operating systems with high security levels: security architecture, security policy models, and covert channel analysis. The design principles of security architecture and three basic security models: confidentiality,integrity, and privilege control models are discussed, respectively. Three novel security models and new security architecture are proposed. The prominent features of these proposals, as well as their applications to the ANSHENG OS, are elaborated.Cover channel analysis (CCA) is a well-known hard problem in the design of secure operating systems with high security levels since to date it lacks a sound theoretical basis and systematic analysis approach. In order to resolve the fundamental difficulties of CCA, we have set up a sound theoretical basis for completeness of covert channel identification and have proposed a unified framework for covert channel identification and an efficient backward tracking search method. The successful application of our new proposals to the ANSHENG OS has shown that it can help ease and speedup the entire CCA process.

  8. Moving towards Cloud Security

    Directory of Open Access Journals (Sweden)

    Edit Szilvia Rubóczki

    2015-01-01

    Full Text Available Cloud computing hosts and delivers many different services via Internet. There are a lot of reasons why people opt for using cloud resources. Cloud development is increasing fast while a lot of related services drop behind, for example the mass awareness of cloud security. However the new generation upload videos and pictures without reason to a cloud storage, but only few know about data privacy, data management and the proprietary of stored data in the cloud. In an enterprise environment the users have to know the rule of cloud usage, however they have little knowledge about traditional IT security. It is important to measure the level of their knowledge, and evolve the training system to develop the security awareness. The article proves the importance of suggesting new metrics and algorithms for measuring security awareness of corporate users and employees to include the requirements of emerging cloud security.

  9. The Johnson Space Center Management Information Systems (JSCMIS). 1: Requirements Definition and Design Specifications for Versions 2.1 and 2.1.1. 2: Documented Test Scenario Environments. 3: Security Design and Specifications

    Science.gov (United States)

    1986-01-01

    The Johnson Space Center Management Information System (JSCMIS) is an interface to computer data bases at NASA Johnson which allows an authorized user to browse and retrieve information from a variety of sources with minimum effort. This issue gives requirements definition and design specifications for versions 2.1 and 2.1.1, along with documented test scenario environments, and security object design and specifications.

  10. 685. Order amending the Order concerning the definition of goods whose export requires a permit in accordance with the Security Control Act

    International Nuclear Information System (INIS)

    The list of goods which may not be exported without a permit, in accordance with the Act of 1972 on security control, was amended by this Order. The amendment includes numerous items or equipment involving radiation or radioactive materials. It came into effect on 1 December 1990. (NEA)

  11. Automated Security Compliance Tool for the Cloud

    OpenAIRE

    Ullah, Kazi Wali

    2012-01-01

    Security, especially security compliance, is a major concern that is slowing down the large scale adoption of cloud computing in the enterprise environment. Business requirements, governmental regulations and trust are among the reasons why the enterprises require certain levels of security compliance from cloud providers. So far, this security compliance or auditing information has been generated by security specialists manually. This process involves manual data collection and assessment wh...

  12. Security: a supranational legal asset

    OpenAIRE

    Manuel Monteiro Guedes Valente

    2012-01-01

    This paper discusses the concept of security as a manysided, multifunctional and multilevel regulation topology which requires its several actors to view legal assets from a polygonal perspective worthy of legal protection from local to global and from global to local space. The concept of security as a supranational legal asset requires criminal legislation which defines the principles of criminal policy and the intervention of criminal Law, barriers to security trends and to the attempt to ...

  13. 7 CFR 1780.14 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 12 2010-01-01 2010-01-01 false Security. 1780.14 Section 1780.14 Agriculture... (CONTINUED) WATER AND WASTE LOANS AND GRANTS General Policies and Requirements § 1780.14 Security. Loans will be secured by the best security position practicable in a manner which will adequately protect...

  14. 9 CFR 121.11 - Security.

    Science.gov (United States)

    2010-01-01

    ... 9 Animals and Animal Products 1 2010-01-01 2010-01-01 false Security. 121.11 Section 121.11... AGENTS AND TOXINS § 121.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security plan. The security plan must be sufficient to...

  15. Security studies

    International Nuclear Information System (INIS)

    The so called 'Security Studies' constitute one of the major tools for evaluating the provisions implemented at facilities to protect and control nuclear material (NM) against unauthorized removal. Operators use security studies to demonstrate that they are complying with objectives set by the Competent Authority to counter internal or external acts aimed at unauthorized removal of nuclear material. The paper presents the context of security studies carried out in France. (author)

  16. Grid Security

    CERN Document Server

    CERN. Geneva

    2004-01-01

    The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

  17. Securing Hadoop

    CERN Document Server

    Narayanan, Sudheesh

    2013-01-01

    This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

  18. Lemnos Interoperable Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Halbgewachs, Ron [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Smith, Rhett [Schweitzer Engineering Laboratories, Chattanooga, TN (United States); Teumim, David [Teumim Technical, Allentown, PA (United States)

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  19. Secure ETL Process Model: An Assessment of Security in Different Phases of ETL

    OpenAIRE

    M Mrunalini; T. V. Suresh Kumar; K Rajani Kanth

    2013-01-01

    Generally, in the software development process, security is added as an afterthought, which may not assure the complete security of the system. It is also required to add security as part of software development process. This is possible with the quantified values for the parameters under assessment for assuring security. Hence, we suggest having quantified values for the security metrics too. In this paper, a security analysis has been carried out for ETL (Extraction, Transformation and Load...

  20. Security@Runtime: A flexible MDE approach to enforce fine-grained security policies

    OpenAIRE

    Elrakaiby, Yehia; Amrani, Moussa; Le Traon, Yves

    2014-01-01

    In this paper, we present a policy-based approach for automating the integration of security mechanisms into Java-based business applications. In particular, we introduce an expressive Domain Specific modeling Language (Dsl), called Security@Runtime, for the specification of security configurations of targeted systems. The Security@Runtime Dsl supports the expression of authorization, obligation and reaction policies, covering many of the security requirements of modern applications. Security...

  1. Secure Cloud Architecture

    Directory of Open Access Journals (Sweden)

    Kashif Munir

    2013-02-01

    Full Text Available Cloud computing is set of resources and services offered through the Internet. Cloud services are delivered from data centers located throughout the world. Cloud computing facilitates its consumers by providing virtual resources via internet. The biggest challenge in cloud computing is the security and privacy problems caused by its multi-tenancy nature and the outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting cloud services for their businesses, measures need to be developed so that organizations can be assured of security in their businesses and can choose a suitable vendor for their computing needs. Cloud computing depends on the internet as a medium for users to access the required services at any time on pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers from threats and vulnerabilities that prevent the users from trusting it. Various malicious activitiesfrom illegal users have threatened this technology such as data misuse, inflexible access control and limited monitoring. The occurrence of these threats may result into damaging or illegal access of critical and confidential data of users. In this paper we identify the most vulnerable security threats/attacks in cloud computing, which will enable both end users and vendors to know a bout the k ey security threats associated with cloud computing and propose relevant solution directives to strengthen security in the Cloud environment. We also propose secure cloud architecture for organizations to strengthen the security.

  2. Security management

    International Nuclear Information System (INIS)

    Technical progress is moving more and more quickly and the systems thus produced are so complex and have become so unclear to the individual that he can no longer estimate the consequences: Faith in progress has given way to deep mistrust. Companies have adjusted to this change in consciousness. An interesting tendency can be identified: technical security is already available - now the organization of security has become an important objective for companies. The key message of the book is: If outworn technical systems are no longer adequate, the organization must be thoroughly overhauled. Five chapters deal with the following themes: organization as an aspect of society; risk control; aspects of security; is there security in ADP; the broader concept of security. (orig./HP)

  3. Specifying Information Security Needs for the Delivery of High Quality Security Services

    OpenAIRE

    Su, Xiaomeng; Bolzoni, Damiano; Eck, van, C.F.

    2007-01-01

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. We propose to explicitly link security requirements with the organizations' business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process f...

  4. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  5. Global nuclear security engagement

    International Nuclear Information System (INIS)

    Full text: The Nuclear Security Summits in Washington (2010) and Seoul (2012) were convened with the goal of reducing the threat of nuclear terrorism. These meetings have engaged States with established nuclear fuel cycle activities and encouraged their commitment to nuclear security. The participating States have reaffirmed that it is a fundamental responsibility of nations to maintain effective nuclear security in order to prevent unauthorized actors from acquiring nuclear materials. To that end, the participants have identified important areas for improvement and have committed to further progress. Yet, a broader message has emerged from the Summits: effective nuclear security requires both global and regional engagement. Universal commitment to domestic nuclear security is essential, if only because the peaceful use of nuclear energy remains a right of all States: Nations may someday adopt nuclear energy, even if they are not currently developing nuclear technology. However, the need for nuclear security extends beyond domestic power production. To harvest natural resources and to develop part of a nuclear fuel cycle, a State should embrace a nuclear security culture. Nuclear materials may be used to produce isotopes for medicine and industry. These materials are transported worldwide, potentially crossing a nation's borders or passing by its shores. Regrettably, measures to prevent the loss of control may not be sufficient against an adversary committed to using nuclear or other radioactive materials for malicious acts. Nuclear security extends beyond prevention measures, encompassing efforts to detect illicit activities and respond to nuclear emergencies. The Seoul Communique introduces the concept of a Global Nuclear Security Architecture, which includes multilateral instruments, national legislation, best practices, and review mechanisms to promote adoption of these components. Key multilateral instruments include the Convention on Physical Protection of

  6. Demarcation of Security in Authentication Protocols

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    easier, and enables us to define security goals with a fine granularity. We present one such separation, by introducing the notion of binding sequence as a security primitive. A binding sequence, roughly speaking, is the only required security property of an authentication protocol. All other...... authentication goals, the correctness requirements, can be derived from the binding sequence....

  7. Security and Architectural Patterns for Securing the Cloud Architecture

    OpenAIRE

    Golajapu Venu Madhava Rao; Venu Madhav Kuthadi; Rajalakshmi Selvaraj

    2015-01-01

    Operating a cloud securely and efficiently entails a great deal of advanceplanning. A data center and redundant internet connection is required at the beginning to connect to cloud. This can constitute the technology portion of an information security and some network devices that safely and securely serve the communication. National Institute of Standards and Technology states that the process of uniquely assigning the information resources to an information system will define the securit...

  8. Health Security and Risk Aversion.

    Science.gov (United States)

    Herington, Jonathan

    2016-09-01

    Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy. PMID:26990349

  9. A Development Framework for Software Security in Nuclear Safety Systems: Integrating Secure Development and System Security Activities

    International Nuclear Information System (INIS)

    The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering

  10. Security Bingo

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Want to check your security awareness and win one of three marvellous books on computer security? Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us by 31 October 2011 at either Computer.Security@cern.ch or P.O. Box G19710.   Winners[1] must show that they fulfil at least five good practices in a continuous vertical, horizontal or diagonal row. For details on CERN Computer Security, please consult http://cern.ch/security. I personally…   …am concerned about computer security. …run my computer with an anti-virus software and up-to-date signature files. …lock my computer screen whenever I leave my office. …have chosen a reasonably complex password. …have restricted access to all my files and data. …am aware of the security risks and threats to CERN’s computing facilities. &hell...

  11. Formal analysis of security metrics and risk

    OpenAIRE

    Krautsevich L.; Martinelli F.; Yautsiukhin A.

    2011-01-01

    Security metrics are usually defined informally and, therefore, the rigourous analysis of these metrics is a hard task. This analysis is required to identify the existing relations between the security metrics, which try to quantify the same quality: security. Risk, computed as Annualised Loss Expectancy, is often used in order to give the overall assessment of security as a whole. Risk and security metrics are usually defined separately and the relation between these indicators have not been...

  12. Secure data aggregation for wireless sensor network

    OpenAIRE

    Tran-Thi-Thuy, Trang

    2010-01-01

    Like conventional networks, security is also a big concern in wireless sensor networks. However, security in this type of networks faces not only typical but also new challenges. Constrained devices, changing topology or susceptibility to unprecedented security threats such as node capture and node compromise has refrained developers from applying conventional security solutions into wireless sensor networks. Hence, developing security solutions for wireless sensor networks not only requires...

  13. Enhancing the security of electronic commerce transactions

    OpenAIRE

    Khu-smith, Vorapranee

    2003-01-01

    This thesis looks at the security of electronic commerce transaction process- ing. It begins with an introduction to security terminology used in the thesis. Security requirements for card payments via the Internet are then described, as are possible protocols for electronic transaction processing. It appears that currently the Secure Socket Layer (SSL) protocol together with its standardised version Transport Layer Security (TLS) are the most widely used means to se- cure e...

  14. Network Security

    CERN Document Server

    Huang, Scott; Du, Ding-Zhu

    2010-01-01

    This book provides a reference tool for the increasing number of the scientists whose research is related to sensor network security. The book is organized into several sections, each including some chapters exploring a specific topic. Network security is attracting great attention and there are many research topics waiting to be studied. In this book, the topics covered include network design and modeling, network management, data management, security and applications. The aim, intent, and motivation of this book is to provide a reference tool for the increasing number of scientists whose res

  15. Computer security

    CERN Document Server

    Gollmann, Dieter

    2011-01-01

    A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing sec

  16. Secure PVM

    Energy Technology Data Exchange (ETDEWEB)

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  17. Wireless Security

    CERN Document Server

    Osterhage, Wolfgang

    2011-01-01

    In the wake of the growing use of wireless communications, new types of security risks have evolved. Wireless Security covers the major topic of wireless communications with relevance both to organizations and private users. The technological background of these applications and protocols is laid out and presented in detail. Special emphasis is placed on the IEEE 802.11x-Standards that have been introduced for WLAN technology. Other technologies covered besides WLAN include: mobile phones, bluetooth and infrared. In each chapter a major part is devoted to security risks and provisions includin

  18. Secure Java For Web Application Development

    CERN Document Server

    Bhargav, Abhay

    2010-01-01

    As the Internet has evolved, so have the various vulnerabilities, which largely stem from the fact that developers are unaware of the importance of a robust application security program. This book aims to educate readers on application security and building secure web applications using the new Java Platform. The text details a secure web application development process from the risk assessment phase to the proof of concept phase. The authors detail such concepts as application risk assessment, secure SDLC, security compliance requirements, web application vulnerabilities and threats, security

  19. European Security

    DEFF Research Database (Denmark)

    Møller, Bjørn

    Theoretical chapters on "Security", "Organisations" and "Regions," Historical Chapters on "Europe and Its Distinguishing Features" and on "The United Nations," "NATO," "The CSCE/OSCE and the Council of Europe" and "The European Union"...

  20. Security and Architectural Patterns for Securing the Cloud Architecture

    Directory of Open Access Journals (Sweden)

    Golajapu Venu Madhava Rao

    2015-09-01

    Full Text Available Operating a cloud securely and efficiently entails a great deal of advanceplanning. A data center and redundant internet connection is required at the beginning to connect to cloud. This can constitute the technology portion of an information security and some network devices that safely and securely serve the communication. National Institute of Standards and Technology states that the process of uniquely assigning the information resources to an information system will define the security boundary for that system. A massive amount of gear that is racked and cabled following defined patterns is enabled inside this boundary. Need for the infrastructure that is used to manage the cloud and its resources as it operates the cloud. Each component like server, network and storagerequires some degree of configuration. While designing or planning a complex systemit is important to look ahead the process and procedures required for operation of the system. Small cloud systems can be build without much of planning. But any Cloud system substantially bigger size needs significant planning and design. If we fail to plan it leads to higher cost due to inefficiency in design and process. In this paper we study on the architectural components that can be used to build a cloud with security as a priority. This can be achieved by identifying requirements for secured cloud architecture along with key patterns and architectural elements. This paper first discusses on security patterns and an architectural element required and also focuses on several different cloud architectures and secure cloud operation strategies.

  1. Energy Security

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    With an increasing number of countries becoming industrialized, energy, the so-called blood of modern economies, is becoming increasingly important Energy security has become an important factor that directly influences world economic stability and international relations. In an article posted on People's Daily Online, Liu Jianfei, professor at the International Strategic Research Center of the Party School of the Central Committee of the Communist Party of China, shares his opinions on energy security.

  2. Privatising Security

    OpenAIRE

    Irina Mindova-Docheva

    2016-01-01

    The article proposes an analysis of the different approaches towards employing the international legal framework in the regulation and oversight of private military and security companies’ operation in armed conflicts and in peace time security systems. It proposes a partnership-based approach for public and private actors aiming at creating and sharing common values under the principles of solidarity, protection of human rights and rule of law. A focus of further research shou...

  3. Food security

    OpenAIRE

    Dorina Ardelean

    2011-01-01

    The assurance of food security at the individual level doesn’t implicitly provide for the one at family level as the concepts of hunger, malnutrition and food insecurity are the steps of the same process of access restricted to a sufficient supply of food. In order to achieve food security at the individual level the following is necessary: ensuring food availability (production, reserve stocks); redistribution of food availability within the country or out through internationa...

  4. Process Control/SCADA system vendor security awareness and security posture.

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Lüders, S.

    2009-01-01

    A starting point for the adequate security of process control/SCADA systems is the security awareness and security posture by the manufacturers, vendors, system integrators, and service organisations. The results of a short set of questions indicate that major security improvements are required in t

  5. Intrinsic information security - embedding security issues in the design process of telematics systems

    OpenAIRE

    Tettero, Olaf

    2000-01-01

    This book presents the Information Security Embedded Design process (ISED process), a systematic approach to embed information security issues (ISI) in the design process of telematics systems. The approach supports both designers and user organisations. We elaborate on actors, activities and related needs in a design process to design telematics systems in which requirements concerning information security (security for short) are adequately dealt with.

  6. Future trends in secure chip data managemen

    OpenAIRE

    Anciaux, Nicolas; Bouganim, Luc; Pucheral, Philippe

    2007-01-01

    Secure chips, e.g. present in smart cards, TPM, USB dongles are now ubiquitous in applications with strong security requirements. Secure chips host personal data that must be carefully managed and protected, thus requiring embedded data management techniques. However, secure chips have severe hardware constraints which make traditional database techniques irrelevant. We previously addressed the problem of scaling down database techniques for the smart card and proposed the design of a DBMS ke...

  7. Future Trends in Secure Chip Data Management

    OpenAIRE

    Anciaux, Nicolas; Bouganim, Luc; Pucheral, Philippe

    2007-01-01

    Secure chips, e.g. present in smart cards, TPM, USB dongles are now ubiquitous in applications with strong security requirements. Secure chips host personal data that must be carefully managed and protected, thus requiring embedded data management techniques. However, secure chips have severe hardware constraints which make traditional database techniques irrelevant. We previously addressed the problem of scaling down database techniques for the smart card and proposed the design of a DBMS ke...

  8. Security Analysis in Wireless Sensor Networks

    OpenAIRE

    Murat Dener

    2014-01-01

    In recent years, wireless sensor network (WSN) is employed in many application areas such as monitoring, tracking, and controlling. For many applications of WSN, security is an important requirement. However, security solutions in WSN differ from traditional networks due to resource limitation and computational constraints. This paper analyzes security solutions: TinySec, IEEE 802.15.4, SPINS, MiniSEC, LSec, LLSP, LISA, and LISP in WSN. The paper also presents characteristics, security requir...

  9. Security an introduction

    CERN Document Server

    Purpura, Philip P

    2011-01-01

    Section I The History and Profession of SecurityDefinition, Role, and History of Security Security Defined The Contexts of Security The Roles of Security The History of Security Security in an Environment of Threats, Terrorism, and All-Hazards Threats and Hazards Terrorism National Strategies The Profession and Business of Security The Business of Security Professionalism and Security Associations Ethics Regulation of the Security Industry Security Training Higher Education Careers Section II Protecting People and AssetsSecurity Methodology Methodology Defined Security Business Proposals Secur

  10. Security and Security Complex: Operational Concepts

    Directory of Open Access Journals (Sweden)

    Luis Tomé

    2010-01-01

    Full Text Available Security is one of the most ambiguous, contested, and debated ideas in the conceptual framework of international relations. The "traditional" perspective has been severely contested as new approaches develop, and the concept of security has been reworked in all its fundamental components and dimensions, from object and reference to range and security instruments. Likewise, the discussion over the definition and characterization of international security systems, namely regarding competitive security, common security, cooperative security, collective security, and security community, continues to be very lively. Starting from these debates, and in the light of the current international situation, we propose operational concepts of security and of security complex.

  11. [Food security in Mexico].

    Science.gov (United States)

    Urquía-Fernández, Nuria

    2014-01-01

    An overview of food security and nutrition in Mexico is presented, based on the analysis of the four pillars of food security: availability, access, utilization of food, and stability of the food supply. In addition, the two faces of malnutrition in Mexico were analyzed: obesity and undernourishment. Data were gathered from the food security indicators of the United Nations's Food and Agriculture Organization, from the Mexican Scale of Food Security, and from the National Health and Nutrition Survey. Mexico presents an index of availability of 3 145 kilocalories per person per day, one of the highest indexes in the world, including both food production and imports. In contrast, Mexico is affected by a double burden of malnutrition: whereas children under five present 14% of stunt, 30% of the adult population is obese. Also, more than 18% of the population cannot afford the basic food basket (food poverty). Using perception surveys, people reports important levels of food insecurity, which concentrates in seven states of the Mexican Federation. The production structure underlying these indicators shows a very heterogeneous landscape, which translates in to a low productivity growth across the last years. Food security being a multidimensional concept, to ensure food security for the Mexican population requires a revision and redesign of public productive and social policies, placing a particular focus on strengthening the mechanisms of institutional governance. PMID:25649459

  12. Security extensions to DICOM

    Science.gov (United States)

    Thiel, Andreas; Bernarding, Johannes; Schaaf, Thorsten; Bellaire, Gunter; Tolxdorff, Thomas

    1999-07-01

    To ensure the acceptance of telemedical applications several obstacles must be overcome: the transfer of huge amounts of data over heterogeneous hard- and software platforms must be optimized; extended data post-processing is often required; and data security must be taken into consideration; post- processing based on secured data exchange must retain the relationship between original and post-processed images. To analyze and solve these problems, applications of distributed medical services were integrated. Data transfer and management was based on the Digital Imaging and Communications (DICOM) standard. To account for platform- independence of remote users, a novel DICOM server and viewer as implemented in JAVA. Different DICOM-conform data security concepts were analyzed. Encryption of the complete data stream using secure socket layers as well as a partial encryption concepts were tested. The best result was attained by a DICOM-conform encryption of patient-relevant data. The implementation medical services, which used newly develop techniques of magnetic resonance imaging, allowed a much earlier diagnosis of the human brain infarct. The integrated data security enabled remote segmentation within the unsecured internet, followed by storing the data back into the secured network.

  13. An SLA based SaaS Security Level

    OpenAIRE

    Yongjing A. Li; Jiang B. Wu

    2013-01-01

    This paper proposes a data security protection strategy of the SaaS mode -the SLA based SaaS Security Level. At the same time, it gives concept model and implementation architecture of the security scheme which based on the SaaS Security Level. The SLA based SaaS Security Level takes the requirements of tenants to the data security as a starting point, and it mainly relates to data security of the data center, data security of the servers and data security of the clients. This Security Leve...

  14. Privacy and security in teleradiology

    International Nuclear Information System (INIS)

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.

  15. Privacy and security in teleradiology.

    Science.gov (United States)

    Ruotsalainen, Pekka

    2010-01-01

    Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper. PMID:19914020

  16. Integrating Security into the Curriculum

    OpenAIRE

    Irvine, Cynthia E.; Chin, Shiu-Kai; Frincke, Deborah

    1998-01-01

    Computer security can be used as a vehicle to achieve accreditation goals for computer science and engineering programs, while at the same time engaging students with relevant, exciting topics. The authors' approach, based on educational outcomes, illustrates that security topics can contribute to an engineering program by fostering all skills required to produce graduates capable of critical thinking.

  17. Site security personnel training manual

    International Nuclear Information System (INIS)

    As required by 10 CFR Part 73, this training manual provides guidance to assist licensees in the development of security personnel training and qualifications programs. The information contained in the manual typifies the level and scope of training for personnel assigned to perform security related tasks and job duties associated with the protection of nuclear fuel cycle facilities and nuclear power reactors

  18. Security and privacy threats in RFID traceability network

    Institute of Scientific and Technical Information of China (English)

    Chu; Chao-Hsien

    2008-01-01

    To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communication protocol, access permission and privacy preservation. According to the security requirements that are needed in an RFID system, a security model that incorporates security requirements that include privacy of tag data, privacy of ownership, and availability of tag identity is introduced. ...

  19. HUMAN RIGHTS IN TIME OF GLOBALIZING SECURITY

    Directory of Open Access Journals (Sweden)

    Gregor Garb

    2013-01-01

    Full Text Available Diversity of processes in the contemporary international environment and the attendant effects, including security risks bring rapid changes in society. On the other hand, new opportunities and challenges are characterized by globalization of security and modern security paradigm, triggered by the overwhelming number of processes within existing systems of national security that modify the state's role in ensuring the safety of its citizens or residents.In the contemporary security paradigm appears a tendency to provide individual security or deviation to the concept of ensuring security of the individual. Security is becoming a fundamental civil right which requires the synthesis of a wide range of state and social policies, including respect of human rights.International terrorism, as one of the security risks, against which many countries have accepted anti-terrorism laws, which intervene in the free exercise of individual rights and that leads to an imbalance between freedom and security.

  20. Security of radioactive sources

    International Nuclear Information System (INIS)

    Strengthening the security of radioactive sources is not a new issue for the IAEA, which has an international mandate in the protection against radiological situations caused by breaches in the security of radioactive sources. The IAEA is authorized by its Statute to establish pertinent international standards and to provide for their application at the request of a State and, jointly with other specialized agencies within the UN system, has set up international radiation protection and safety standards that include requirements on the security of radioactive sources. International security requirements are mandatory for IAEA operations but are not legally binding for Member States, which may however adopt them for use in their national regulations. For providing for the application of its international standards, the IAEA uses a variety of mechanisms -- including the performance of peer-review appraisals of the security situation in a requesting State and the provision of technical co-operation and education and training. The IAEA has also a mandate in the implementation of relevant obligations undertaken by States through international 'conventions', notably the conventions of notification of radiological emergencies and of emergency assistance, which would be applicable should such crises occur. Following a decision of its General Conference (as a result of an international conference on security organized by the IAEA jointly with Interpol, the WCO and the EC at Dijon in 1998), the IAEA has been implementing an international Action Plan covering the security of radioactive sources. Among other relevant actions, a non-binding 'Code of Conduct' for Sates has been adopted. An international conference of national authorities regulating the security of radioactive sources, convened by the IAEA in Buenos Aires in 2000, recommended an updating and strengthening of the Action Plan. The overall strategy is to ensure that significant radioactive sources are localized

  1. Information Security

    International Nuclear Information System (INIS)

    As nuclear materials and technologies spread, the global community needs to be ever more vigilant to prevent their acquisition by those that have no legitimate reason to access or use them. International efforts to strengthen nuclear security measures gained momentum when, in 2009, President Obama announced his intention to convene for the first time an international Nuclear Security Summit. Held in Washington in 2010, the Summit was attended by 47 Heads of State who collectively committed to securing all vulnerable nuclear material within four years. Two years later, 53 Heads of State came together at a second Summit in Seoul and agreed a set of concrete actions to deliver on this ambition. The Summit process has functioned not only as a catalyst to move nuclear security up States’ political consciousness, but also as a platform for broadening their perspective on this agenda. Specifically, the last three years have seen the international community increasingly recognise the fundamental need for nuclear security regimes to protect not only nuclear material and physical assets from non-state actors, but also the information needed to obtain and use these goods for nefarious purposes

  2. An Efficient Secure Real-Time Concurrency Control Protocol

    Institute of Scientific and Technical Information of China (English)

    XIAO Yingyuan; LIU Yunsheng; CHEN Xiangyang

    2006-01-01

    Secure real-time databases must simultaneously satisfy two requirements in guaranteeing data security and minimizing the missing deadlines ratio of transactions. However, these two requirements can conflict with each other and achieve one requirement is to sacrifice the other. This paper presents a secure real-time concurrency control protocol based on optimistic method. The concurrency control protocol incorporates security constraints in a real-time optimistic concurrency control protocol and makes a suitable tradeoff between security and real-time requirements by introducing secure influence factor and real-time influence factor. The experimental results show the concurrency control protocol achieves data security without degrading real-time performance significantly.

  3. Food security under climate change

    Science.gov (United States)

    Hertel, Thomas W.

    2016-01-01

    Using food prices to assess climate change impacts on food security is misleading. Differential impacts on income require a broader measure of household well-being, such as changes in absolute poverty.

  4. Transportation security personnel training manual

    International Nuclear Information System (INIS)

    Objective of this manual is to train security personnel to protect special nuclear materials and nuclear facilities against theft and sabotage as required by 10 CFR Part 73. This volume contains the introduction and rationale

  5. International Energy Security Indicators and Turkey’s Energy Security Risk Score

    OpenAIRE

    Gelengul KOCASLAN

    2014-01-01

    Energy security has been a priority for many countries. What makes energy security that important is; its bilateral relationship with economic, political, social, environmental sustainability and military issues. As an inevitable consequence of globalization cooperation in the field has been a must and it is required international energy security indicators to make energy security risk evaluations in order to establish adequate policies. The aim of the study is to review energy security withi...

  6. Energy security

    International Nuclear Information System (INIS)

    In the case of Cuba, energy security goes beyond the typical security framework of energy supply to encompass the economic blockade which affects Cuba's access to some markets for its traditional products and obstructs international credit options. Recent problems concerning security of national energy supply include: - Shortages of foreign exchange necessary for the purchase of fuel and spare parts, for new investments and for the implementation of programmes supporting the rational use of energy. - High dependence on imported energy, including oil and petroleum products. -Use of domestic crude oil, with energy performance slightly below that of the imported fuels it replaces, especially fuel oil. The main negative aspect is the high sulphur content, which has adverse operational and environmental effects. - Interruptions in energy services resulting from hurricanes and tropical storms, and from breakdowns and accidents related to the transport of fuels, especially coastal transport. The strategies employed to improve Cuba's energy security situation are based on: - Increased economic competitiveness; - Fuel conservation and rational use of energy; - Efficient exploration and use of oil and natural gas; - Development of renewable energy sources; - Legal and institutional support of activities in the energy sector; - Active involvement in the international arena focused on regional integration efforts and international forums related to technological, energy and environmental issues, and on strengthening bilateral alliances aimed at creating the necessary environment for trade, technological transfer and foreign investment for guaranteeing national energy supply

  7. Arctic Security

    DEFF Research Database (Denmark)

    Wang, Nils

    2013-01-01

    of the general security situation and to identify both the explicit and the implicit agendas of the primary state actors. The region contains all the ingredients for confrontation and conflict but the economical potential for all the parties concerned creates a general interest in dialogue and cooperation...

  8. A secure open system?

    Science.gov (United States)

    Crowe, James A.

    1993-08-01

    The notion of a large distributed computing system in support of a program like EOSDIS, carries with it the requirement that the system provide the user with guarantees about the integrity of the data and certain assurances about the security of the network of computing systems. This paper examines the challenges of providing a `secure' open system and how these challenges may be addressed from both an architectural as well as functional viewpoint. The role of discretionary access control, mandatory access control, and detection and control of computer viruses is discussed. It has often been observed that the role of the security engineer is one of restricting access to data, whereas the role of the system architect, of an open system that is encouraging research, should make data easy to obtain and utilize. This paradox is manifest in a system such a EOSDIS where to be useful, the systems data must be easy to obtain, but to ensure the integrity of the data it must exercise some level of security. This paper address the use and role of the Security Services of the OSF Distributed Computing Environment in support of networked applications, such as those that may be used in the implementation of the EOS Science Network. It further examines the role of mandatory access control mechanisms to provide data integrity guarantees. The paper further discusses how a system like EOSDIS may prevent computer viruses using a system of automated detection mechanisms and configuration control.

  9. Concepts and Practices of Cooperative Security

    DEFF Research Database (Denmark)

    Keating, Vincent; Wheeler, Nicholas J

    2013-01-01

    development of a security community, Charles Osgood's GRIT strategy and a unilateral 'leap of trust.' Both of these, however, initially require elites to develop security dilemma sensibility. The long-term stability of security communities is fundamentally linked to the presence of embedded trust among the...

  10. 14 CFR 460.53 - Security.

    Science.gov (United States)

    2010-01-01

    ... 14 Aeronautics and Space 4 2010-01-01 2010-01-01 false Security. 460.53 Section 460.53 Aeronautics and Space COMMERCIAL SPACE TRANSPORTATION, FEDERAL AVIATION ADMINISTRATION, DEPARTMENT OF....53 Security. An operator must implement security requirements to prevent any space flight...

  11. 15 CFR 742.4 - National security.

    Science.gov (United States)

    2010-01-01

    ... 15 Commerce and Foreign Trade 2 2010-01-01 2010-01-01 false National security. 742.4 Section 742.4... INDUSTRY AND SECURITY, DEPARTMENT OF COMMERCE EXPORT ADMINISTRATION REGULATIONS CONTROL POLICY-CCL BASED CONTROLS § 742.4 National security. (a) License requirements. It is the policy of the United States...

  12. 10 CFR 39.71 - Security.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Security. 39.71 Section 39.71 Energy NUCLEAR REGULATORY COMMISSION LICENSES AND RADIATION SAFETY REQUIREMENTS FOR WELL LOGGING Security, Records, Notifications § 39.71 Security. (a) A logging supervisor must be physically present at a temporary jobsite...

  13. 14 CFR 121.538 - Aircraft security.

    Science.gov (United States)

    2010-01-01

    ..., FLAG, AND SUPPLEMENTAL OPERATIONS Flight Operations § 121.538 Aircraft security. Certificate holders conducting operations under this part must comply with the applicable security requirements in 49 CFR chapter... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Aircraft security. 121.538 Section...

  14. 7 CFR 331.11 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 5 2010-01-01 2010-01-01 false Security. 331.11 Section 331.11 Agriculture..., DEPARTMENT OF AGRICULTURE POSSESSION, USE, AND TRANSFER OF SELECT AGENTS AND TOXINS § 331.11 Security. (a) An individual or entity required to register under this part must develop and implement a written security...

  15. 14 CFR 135.125 - Aircraft security.

    Science.gov (United States)

    2010-01-01

    ....125 Aircraft security. Certificate holders conducting operators conducting operations under this part must comply with the applicable security requirements in 49 CFR chapter XII. ... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Aircraft security. 135.125 Section...

  16. 7 CFR 1951.866 - Security.

    Science.gov (United States)

    2010-01-01

    ... 7 Agriculture 14 2010-01-01 2009-01-01 true Security. 1951.866 Section 1951.866 Agriculture... REGULATIONS (CONTINUED) SERVICING AND COLLECTIONS Rural Development Loan Servicing § 1951.866 Security. (a) Loans from RDLF intermediaries to ultimate recipients. Security requirements for loans...

  17. 7 CFR 1494.401 - Performance security.

    Science.gov (United States)

    2010-01-01

    .... (2) To support a request for the cancellation of performance security furnished in connection with an... 7 Agriculture 10 2010-01-01 2010-01-01 false Performance security. 1494.401 Section 1494.401... Program Operations § 1494.401 Performance security. (a) Requirement to establish performance...

  18. 24 CFR 891.775 - Security deposits.

    Science.gov (United States)

    2010-04-01

    ... 24 Housing and Urban Development 4 2010-04-01 2010-04-01 false Security deposits. 891.775 Section 891.775 Housing and Urban Development Regulations Relating to Housing and Urban Development (Continued... Individuals-Section 162 Assistance § 891.775 Security deposits. The general requirements for security...

  19. Security Systems Consideration: A Total Security Approach

    Science.gov (United States)

    Margariti, S. V.; Meletiou, G.; Stergiou, E.; Vasiliadis, D. C.; Rizos, G. E.

    2007-12-01

    The "safety" problem for protection systems is to determine in a given situation whether a subject can acquire a particular right to an object. Security and audit operation face the process of securing the application on computing and network environment; however, storage security has been somewhat overlooked due to other security solutions. This paper identifies issues for data security, threats and attacks, summarizes security concepts and relationships, and also describes storage security strategies. It concludes with recommended storage security plan for a total security solution.

  20. Integrated safeguards and security management plan; TOPICAL

    International Nuclear Information System (INIS)

    Berkeley Lab is committed to scientific excellence and stewardship of its assets. While security principles apply to all work performed at the Laboratory, their implementation is flexible. Berkeley Lab adheres to the following principles: Line management owns security; Security roles and responsibilities are clearly defined and communicated; Security functions are integrated; An open environment supports the Laboratory's Mission; The security program must support the scientific and operational missions of the Laboratory and must be value added; and Security controls are tailored to individual and facility requirements

  1. The Extended Concept of Security and the Czech Security Practice

    Directory of Open Access Journals (Sweden)

    Libor Stejskal

    2008-12-01

    Full Text Available According to the extended concept of security, the nation state is no longer the sole privileged reference object of security. The traditional model of national security is developing from military terms to a broader concept which embraces the international, economic, social, environmental, and human rights dimensions of security. The meaning and relevance of the concept is being extended “upwards”, to international organisations, and “downwards”, to regional and local authorities, non-governmental organisations, communities, and individual citizens. This has immediate bearing on the everyday security reality of the Czech Republic. In international context, the “security frontier” of the Czech Republic is expanding, e.g. through the country’s involvement in UN and NATO security missions in conflict-ridden regions of Europe and the world. The country also helps enhance the internal security of the European Union, whose strength depends on its Member States’ willingness to “harmonise” the pursuit of their respective national security interests. This approach is especially important with regard to the principal security threats Europe faces and will continue to face in the future: terrorism and organised crime. It is vital that the Czech Republic have a well-working security system capable of responding effectively to a broad range of threats. This requirement applies first and foremost to the Police, the Fire and Rescue Service, and intelligence services. Unfortunately, with the present effectiveness of the Czech security system, much remains wishful thinking and, due to the lack of a comprehensive framework, a comparatively low level of protection against emergencies exists. Fight against crime is hampered by inefficient operation of the Police and judiciary. A thorough analysis of the aforementioned problems could provide basis for a broader public debate over the priorities and goals of Czech security policy, which should

  2. Opinions about Component Energetic Security

    OpenAIRE

    Elena GOLUMBEANU (GEORGESCU)

    2012-01-01

    Collective security (international) represent the morphological expression of individual security components. According to the Report presented at the United Nations Development Programme, collective security (international) as well as national security, is the expression of seven synergistic dimensions as follows: economic security, food security, environmental security, personal security, community security, political security and individual security. As part of economic security, energy an...

  3. Secured Ontology Mapping

    Directory of Open Access Journals (Sweden)

    Manjula Shenoy.K

    2012-11-01

    Full Text Available Today’s market evolution and high volatility of business requirements put an increasing emphasis on theability for systems to accommodate the changes required by new organizational needs while maintainingsecurity objectives satisfiability. This is all the more true in case of collaboration and interoperabilitybetween different organizations and thus between their information systems. Ontology mapping has beenused for interoperability and several mapping systems have evolved to support the same. Usual solutionsdo not take care of security. That is almost all systems do a mapping of ontologies which are unsecured.We have developed a system for mapping secured ontologies using graph similarity concept. Here we giveno importance to the strings that describe ontology concepts ,properties etc. Because these strings may beencrypted in the secured ontology. Instead we use the pure graphical structure to determine mappingbetween various concepts of given two secured ontologies. The paper also gives the measure of accuracyof experiment in a tabular form in terms of precision, recall and F-measure.

  4. GSM Security Using Identity-based Cryptography

    CERN Document Server

    Agarwal, Animesh; Das, Manik Lal

    2009-01-01

    Current security model in Global System for Mobile Communications (GSM) predominantly use symmetric key cryptography. The rapid advancement of Internet technology facilitates online trading, banking, downloading, emailing using resource-constrained handheld devices such as personal digital assistants and cell phones. However, these applications require more security than the present GSM supports. Consequently, a careful design of GSM security using both symmetric and asymmetric key cryptography would make GSM security more adaptable in security intensive applications. This paper presents a secure and efficient protocol for GSM security using identity based cryptography. The salient features of the proposed protocol are (i) authenticated key exchange; (ii) mutual authentication amongst communicating entities; and (iii) user anonymity. The security analysis of the protocol shows its strength against some known threats observed in conventional GSM security.

  5. Computer Security: the security marathon

    CERN Multimedia

    Computer Security Team

    2014-01-01

    If you believe that “security” is a sprint, that a quick hack is invulnerable, that quick bug fixing is sufficient, that plugging security measures on top of existing structures is good, that once you are secure your life will be easy... then let me convince you otherwise.   An excellent example of this is when the summer students join us at CERN. As the summer period is short, software projects must be accomplished quickly, like a sprint. Rush, rush! But often, this sprint ends with aching muscles. Regularly, these summer students approach us to have their project or web server made visible to the Internet. Regularly, quick security reviews of those web servers diagnose severe underperformance with regards to security: the web applications are flawed or use insecure protocols; the employed software tools, databases or web frameworks are sub-optimal and not adequately chosen for that project; the operating system is non-standard and has never been brought up-to-date; and ...

  6. Information Security Awareness: An Innovation Approach

    OpenAIRE

    Corona, Carlos Orozco

    2010-01-01

    Scholars and security practitioners seem to converge in the understanding that Information Security is in great part a problem about people; hence the need for a more holistic approach in order to understand human behaviour in the Information Security field which requires a multidisciplinary approach. Recent events such as the “Interdisciplinary Workshop on Security and Human Behaviour” hosted in Boston, Massachusetts in June 2008, are considering this approach and they have conveyed a multi...

  7. Overview of Security Threats in WSN

    OpenAIRE

    Ms. Poonam Barua; Mr. Sanjeev Indora

    2013-01-01

    Wireless sensor network is a combination of tiny devices called as sensor nodes which havecomputing, sensing and processing capabilities. As WSN are deployed in hostile environment usually and canbe physically accessible by an adversary; he/she can affect the confidentiality and integrity of the data as wellas some other security measures. So security is a main concern in wireless sensor network especially inhostile environment. In this paper we focus on security requirements, security scheme...

  8. Towards integrated security for sensor network aplications

    OpenAIRE

    Cionca, Victor; Newe, Thomas; Dad??rlat, Vasile

    2010-01-01

    Widespread and commercial usage of Wireless Sensor Networks is kept back by the lack of strong and easy to use security. The wide range of applications of WSNs implies different and often contradictory security requirements. This paper argues the need for a configurable security architecture for WSNs and presents a methodology and software implementation to determine the most resource efficient suite of security protocols for a given application.

  9. A Security Architecture for Health Information Networks

    OpenAIRE

    Kailar, Rajashekar

    2007-01-01

    Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today’s healthcare enterprise. Recent work on ‘nationwide health information network’ architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set t...

  10. Collective Security

    DEFF Research Database (Denmark)

    Galster, Kjeld

    of one party, led to regarding the armed services as harmful to designs for developing civic society and a waste of resources generally. Moreover, they estimated that armed defence was a priori hopeless and possibly even dangerous as it might attract unnecessary attention by a would-be belligerent.......Collective Security: National Egotism (Abstract) In Danish pre-World War I defence debate the notion of collective security is missing. During the early years of the 19th century, the political work is influenced by a pervasive feeling of rising tension and danger on the continent of Europe...... and real defence of the country’s neutrality let alone a capability to support possible League of Nations action, should such need arise. The anti-militarist ideology of one party, led to regarding the armed services as harmful to designs for developing civic society and a waste of resources generally...

  11. Security system

    Science.gov (United States)

    Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

    2016-02-02

    A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

  12. Password Security

    OpenAIRE

    Danuvasin Charoen

    2014-01-01

    This study investigates users’ behavior in password utilization. Good password practices are critical to the security of any information system. End users often use weak passwords that are short, simple, and based on personal and meaningful information that can be easily guessed. A survey was conducted among executive MBA students who hold managerial positions. The results of the survey indicate that users practice insecure behaviors in the utilization of passwords. The results support the li...

  13. Watermarking security

    OpenAIRE

    Furon, Teddy

    2016-01-01

    International audience This chapter deals with applications where watermarking is a security primitive included in a larger system protecting the value of multimedia content. In this context, there might exist dishonest users, in the sequel so-called attackers, willing to read/overwrite hidden messages or simply to remove the watermark signal.The goal of this section is to play the role of the attacker. We analyze means to deduce information about the watermarking technique that will later...

  14. Network Security

    OpenAIRE

    Sunil Kumar

    2012-01-01

    The rapid increase in computer, mobile applications and wireless networks has globally changed the features of network security. A series of Internet attack and fraudulent acts on companies and individual network have shown us that open computer networks have no immunity from intrusions. The traditional way of protecting computer networks, such as firewalls and software encryption are insufficient and ineffective. The wireless ad-hoc network is susceptible to physical attack or harm due to...

  15. Selection, Classification and requirements give design he/she gives the important systems for the security in a center he/she gives production he/she gives radiopharmaceuticals and marked compounds

    International Nuclear Information System (INIS)

    In the work the security functions are identified that should complete the system, subsystems and components to guarantee the security the workers and human populations. Was selected the system that intervene in the security the installation and they are classified in categories by deterministic methods consider their holding in the detection and mitigation the radiological events postulates and the maintenance in normal operation conditions

  16. Strengthening nuclear security

    International Nuclear Information System (INIS)

    The international situation after the end of the Cold-War has been quite unstable, due to the occurrence of frequent regional conflicts and domestic wars based on ethnic, religious or racial reasons. Further, threats to the would peace and security by non-state actors, like international terrorist groups, have been recognized after 9.11 terrorist attacks to the World Trade Center buildings and to the Pentagon. Utilization of nuclear energy, which encompasses both peaceful uses and military ones, required an establishment of regulatory system, by which risks associated with the development of nuclear energy can be controlled. Accordingly, nuclear safety control system, and then non-proliferation control system has been developed, both in the international level and notional level. In recognition of the present unstable international situations, it is required to establish, maintain and strengthen a system which control nuclear security aspect, in addition to the present systems. (author)

  17. THz and Security Applications

    CERN Document Server

    Sizov, Fedir; Detectors, Sources and Associated Electronics for THz Applications

    2014-01-01

    These proceedings comprise invited papers from highly experienced researchers in THz technology and security applications. THz detection of explosives represents one of the most appealing technologies to have recently emerged in dealing with terrorist attacks encountered by civil security and military forces throughout the world. Discussed are the most advanced technologies and developments, the various points of operational strength and weaknesses as well as are suggestions and predictions the best technological solutions to  overcome current operational limits.  The current status of various levels of cooling in THz detectors, sources and associated electronics are also addressed. The goal was to provide a clear view on the current technologies available and the required advances needed in order to achieve more efficient systems. This goal was outlined in part by establishing the baseline of current uncertainty estimations in physics-based modelling and the identification of key areas which require additi...

  18. Usable SPACE: Security, Privacy, and Context for the Mobile User

    Science.gov (United States)

    Jutla, Dawn

    Users breach the security of data within many financial applications daily as human and/or business expediency to access and use information wins over corporate security policy guidelines. Recognizing that changing user context often requires different security mechanisms, we discuss end-to-end solutions combining several security and context mechanisms for relevant security control and information presentation in various mobile user situations. We illustrate key concepts using Dimitri Kanevskys (IBM Research) early 2000s patented inventions for voice security and classification.

  19. Security in Industrial Networks

    OpenAIRE

    Sørensen, Jan Tore

    2007-01-01

    A major trend in the automation and power industries is the transition from closed proprietary network solutions to open TCP/IP protocols running on Ethernet technologies. As these industries converge on an all IP platform, new challenges and requirements on the security level of the devices arise. The introduction of integrated operations in the oil and gas industry has provided many benefits for the industry, but it has also opened up the information flow between Distributed Control Systems...

  20. Single Page Web Applications Security

    Directory of Open Access Journals (Sweden)

    Bogdan Beda

    2015-06-01

    Full Text Available With the constant spread of internet access, the world of software is constantly transforming product shapes into services delivered via web browsers. Modern next generation web applications change the way browsers and users interact with servers. A lot of word scale services have already been delivered by top companies as Single Page Applications. Moving services online poses a big attention towards data protection and web application security. Single Page Application are exposed to server-side web applications security in a new way. Also, having application logic being executed by untrusted client environment requires close attention on client application security. Single Page Applications are vulnerable to the same security threads as server-side web application thus not making them less secure. Defending techniques can be easily adapted to guard against hacker attacks.

  1. Transportation Security Administration

    Science.gov (United States)

    ... content Official website of the Department of Homeland Security CSS for FAQ Transportation Security Administration Search When I fly can I bring ... to know if you could bring through the security checkpoint. Main menu Administrator Travel Security Screening Special ...

  2. SOA-based security governance middleware

    CERN Document Server

    de Leusse, Pierre; 10.1109/SECURWARE.2010.17

    2012-01-01

    Business requirements for rapid operational efficiency, customer responsiveness as well as rapid adaptability are actively driving the need for ever increasing communication and integration apabilities of software assets. In this context, security, although acknowledged as being a necessity, is often perceived as a hindrance. Indeed, dynamic environments require flexible and understandable security that can be customized, adapted and reconfigured dynamically to face changing requirements. In this paper, the authors propose SOA based security governance middleware that handles security requirements on behalf of a resource exposed through it. The middleware aims at providing different security settings through the use of managed compositions of security services called profiles. The main added value of this work compared to existing handlers or centralized approaches lies in its enhanced flexibility and transparency.

  3. Metric-Aware Secure Service Orchestration

    Directory of Open Access Journals (Sweden)

    Gabriele Costa

    2012-12-01

    Full Text Available Secure orchestration is an important concern in the internet of service. Next to providing the required functionality the composite services must also provide a reasonable level of security in order to protect sensitive data. Thus, the orchestrator has a need to check whether the complex service is able to satisfy certain properties. Some properties are expressed with metrics for precise definition of requirements. Thus, the problem is to analyse the values of metrics for a complex business process. In this paper we extend our previous work on analysis of secure orchestration with quantifiable properties. We show how to define, verify and enforce quantitative security requirements in one framework with other security properties. The proposed approach should help to select the most suitable service architecture and guarantee fulfilment of the declared security requirements.

  4. Security engineering: Phisical security measures for high-risk personnel

    OpenAIRE

    Jelena S. Cice; Marko D. Andrejić; Nebojša K. Dragović

    2013-01-01

    The design of physical security measures is a specialized technical area that does not fall in the normal skill record and resume of commanders, architects, engineers, and project managers. This document provides guidance to those parties tasked with implementing existing and emerging physical protection system requirements: -    Creation of a single-source reference for the design and construction of physical security measures for high-risk personnel (HRP). -    Promulgation of multi-servic...

  5. Transport security of radioactive material

    International Nuclear Information System (INIS)

    Radioactive material transport safety is highly regulated and the transport safety regulations have been in effect for decades. Transport security recommendations for many types of radioactive material have just been developed and are now being applied, and the potential impact on transport operations is significant. While the security measures and definition of high consequence radioactive material added to the United Nations Model Regulations for Transport of Dangerous Goods were recognized as a very positive step, the IAEA initiated a review of these provisions to ensure they were technically sound and consistent with other approaches used in nuclear and radioactive material security. Several significant steps have been taken in further defining appropriate security measures to apply during transport and these are reflected in the IAEA guide 'Security in the Transport of Radioactive Material'. These measures can be adopted by countries and international transport modal organizations to provide a consistent approach in security requirements for these materials. However, there is still much to be accomplished before transport security is on par with transport safety. This poster briefly describes the implementation of the IAEA security recommendations. The poster will also present information on the training course 'Security in Transport of Radioactive Material' that has been given at a number of occasions in different parts of the world. This training course, developed cooperatively by the IAEA, the U.S. National Nuclear Security Administration and The Australian Radiation Protection and Nuclear Safety Agency (ARPANSA), is based on the guidance and is intended to educate Member States in how to apply the Recommendations. The poster also will present information on transport security upgrade assistance programs that are now getting started. (author)

  6. Human Security

    OpenAIRE

    Mary Kaldor

    2012-01-01

    The essay poses the question whether the so-called Arab spring offers the potential to complete the 1989 revolutions. It first discusses what was hoped to be achieved in 1989, and it then argues that the post-1989 arrangements failed to prevent new security challenges from emerging. The Islamist threat came to play the role that the Communist threat had played to the West or the Western threat had played to the East. The essay then turns to the question on what needs to happen if current even...

  7. Network security

    CERN Document Server

    Perez, André

    2014-01-01

    This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring. Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying

  8. Information Security and Integrity Systems

    Science.gov (United States)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  9. IAEA Nuclear Security Human Resource Development Program

    International Nuclear Information System (INIS)

    The IAEA is at the forefront of international efforts to strengthen the world's nuclear security framework. The current Nuclear Security Plan for 2006-2009 was approved by the IAEA Board of Governors in September 2005. This Plan has three main points of focus: needs assessment, prevention, detection and response. Its overall objective is to achieve improved worldwide security of nuclear and other radioactive material in use, storage and transport, and of their associated facilities. This will be achieved, in particular, through the provision of guidelines and recommendations, human resource development, nuclear security advisory services and assistance for the implementation of the framework in States, upon request. The presentation provides an overview of the IAEA nuclear security human resource development program that is divided into two parts: training and education. Whereas the training program focuses on filling gaps between the actual performance of personnel working in the area of nuclear security and the required competencies and skills needed to meet the international requirements and recommendations described in UN and IAEA documents relating to nuclear security, the Educational Program in Nuclear Security aims at developing nuclear security experts and specialists, at fostering a nuclear security culture and at establishing in this way sustainable knowledge in this field within a State. The presentation also elaborates on the nuclear security computer based learning component and provides insights into the use of human resource development as a tool in achieving the IAEA's long term goal of improving sustainable nuclear security in States. (author)

  10. INFORMATION SECURITY IN LOGISTICS COOPERATION

    Directory of Open Access Journals (Sweden)

    Tomasz Małkus

    2015-03-01

    Full Text Available Cooperation of suppliers of raw materials, semi-finished products, finished products, wholesalers, retailers in the form of the supply chain, as well as outsourcing of specialized logistics service require ensuring adequate support of information. It concerns the use of appropriate computer tools. The security of information in such conditions of collaboration becomes the important problem for parties of contract. The objective of the paper is to characterize main issues relating to security of information in logistics cooperation.

  11. Communication security in open health care networks.

    Science.gov (United States)

    Blobel, B; Pharow, P; Engel, K; Spiegel, V; Krohn, R

    1999-01-01

    Fulfilling the shared care paradigm, health care networks providing open systems' interoperability in health care are needed. Such communicating and co-operating health information systems, dealing with sensitive personal medical information across organisational, regional, national or even international boundaries, require appropriate security solutions. Based on the generic security model, within the European MEDSEC project an open approach for secure EDI like HL7, EDIFACT, XDT or XML has been developed. The consideration includes both securing the message in an unsecure network and the transport of the unprotected information via secure channels (SSL, TLS etc.). Regarding EDI, an open and widely usable security solution has been specified and practically implemented for the examples of secure mailing and secure file transfer (FTP) via wrapping the sensitive information expressed by the corresponding protocols. The results are currently prepared for standardisation. PMID:10724890

  12. Usable security and e-banking

    DEFF Research Database (Denmark)

    Hertzum, Morten; Jørgensen, Niels; Nørgaard, Mie

    2004-01-01

    Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Our analysis of the weaknesses suggests that security requirements are among their causes...... and that the weaknesses may in turn cause decreased security. We view the conflict between ease of use and security in the context of usable security, a concept that is intended to match security principles and demands against user knowledge and motivation. Automation, instruction, and understanding can be identified...... as different approaches to usable security. Instruction is the main approach of the systems evaluated; automation relieves the user from involvement in security, as far as possible; and understanding goes beyond step-by-step instructions, to enable users to act competently and safely in situations...

  13. Usable Security and E-Banking

    DEFF Research Database (Denmark)

    Hertzum, Morten; Juul, Niels Christian; Jørgensen, Niels Henrik;

    2004-01-01

    Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Analysis of the weaknesses suggests that security requirements are among their causes...... and that the weaknesses may in turn cause decreased security. Conceptually we view the conflict between ease of use and security in the context of usable security, intended to match security principles and demands against user knowledge and motivation. Automation, instruction, and understanding can be identified...... as different approaches to usable security. Instruction is the main approach of the systems evaluated; automation relieves the user from involvement in security, as far as possible; and understanding goes beyond step-by-step instructions, to enable users to act competently and safely in situations...

  14. Framework Design of Secure Cloud Transmission Protocol

    Directory of Open Access Journals (Sweden)

    Dinesha H A

    2013-01-01

    Full Text Available Cloud computing technologies are in high demand because of several benefits. Many business organizations are looking into cloud computing services to reduce the cost and complexity of their business infrastructure and its preservation. However, there are certain security issues in cloud computing technologies. To overcome those security issues, we propose secure cloud transmission protocol design. This framework design details will help us in developing a secure protocol for the customers who are using cloud computing technologies over insecure internet. In this paper we discuss: i Overview model of proposed secure cloud transmission system in internet ii Security requirements iii roles and responsibilities of secure transmission protocol in OSI and iv Framework Design of secure cloud transmission.

  15. Extremely secure identification documents

    International Nuclear Information System (INIS)

    The technology developed in this project uses biometric information printed on the document and public key cryptography to ensure that an adversary cannot issue identification documents to unauthorized individuals or alter existing documents to allow their use by unauthorized individuals. This process can be used to produce many types of identification documents with much higher security than any currently in use. The system is demonstrated using a security badge as an example. This project focused on the technologies requiring development in order to make the approach viable with existing badge printing and laminating technologies. By far the most difficult was the image processing required to verify that the picture on the badge had not been altered. Another area that required considerable work was the high density printed data storage required to get sufficient data on the badge for verification of the picture. The image processing process was successfully tested, and recommendations are included to refine the badge system to ensure high reliability. A two dimensional data array suitable for printing the required data on the badge was proposed, but testing of the readability of the array had to be abandoned due to reallocation of the budgeted funds by the LDRD office

  16. MODEL-BASED SECURITY ENGINEERING OF SOA SYSTEM USING SECURITY INTENT DSL

    Directory of Open Access Journals (Sweden)

    Muhammad Qaiser Saleem

    2011-01-01

    Full Text Available Currently most of the enterprises are using SOA and web services technologies to build their web information system. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of development and left onto developer. Properly configuring security requirements in SOA applications is quite difficult for developers because they are not security experts. Furthermore SOA security is cross-domain and all required information are not available at downstream phases. Furthermore, business process expert; who is the actual stakeholder of the business process model is unable to specify security objectives due to lake of security modelling elements in a general purpose modelling languages like UML. As a result, business process expert either ignore the security intents in their model or indicate them in textual way. A security intents DSL is presented as a UML profile where security intents can be modelled as stereotypes on UML modelling elements during the business process modelling. Aim is to facilitate the business process expert in modelling the security requirements along the business process modelling. This security annotated business process model will facilitate the architectural team in specifying the concrete security implementation. As a proof of work we apply our approach to a typical on-line flight booking system business process.

  17. 12 CFR 220.12 - Supplement: margin requirements.

    Science.gov (United States)

    2010-01-01

    ... security, except for an exempted security, money market mutual fund or exempted securities mutual fund... occurs, whichever is greater. (b) Exempted security, non-equity security, money market mutual fund or exempted securities mutual fund: The margin required by the creditor in good faith or the percentage set...

  18. Internet Banking Security Strategy: Securing Customer Trust

    OpenAIRE

    2012-01-01

    Internet banking strategies should enhance customers¡¯ online experiences which are affected by trust and security issues. This study provides perspectives of users and nonusers on internet banking security with a view to understanding trust and security factors in relation to adoption and continuous usage. Perception of internet banking security influenced usage intentions. Nonusers viewed internet banking to be insecure but users perceived it to be secure with perceived ease of use influenc...

  19. 17 CFR 242.600 - NMS security designation and definitions.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false NMS security designation and... (CONTINUED) REGULATIONS M, SHO, ATS, AC, AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY FUTURES Regulation Nms-Regulation of the National Market System § 242.600 NMS security designation and...

  20. Security Metrics: A Solution in Search of a Problem

    Science.gov (United States)

    Rosenblatt, Joel

    2008-01-01

    Computer security is one of the most complicated and challenging fields in technology today. A security metrics program provides a major benefit: looking at the metrics on a regular basis offers early clues to changes in attack patterns or environmental factors that may require changes in security strategy. The term "security metrics" loosely…

  1. 32 CFR 2400.45 - Information Security Program Review.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Program Review. 2400.45... SECURITY PROGRAM Office of Science and Technology Policy Information Security Program Management § 2400.45 Information Security Program Review. (a) The Director, OSTP, shall require an annual formal review of the...

  2. Information Security and Transparency in the Electronic Government

    OpenAIRE

    Mohamed Mohamed Al Hady

    2006-01-01

    A Study about information security in the electronic government, starts with a general introduction about information technology, then deals information systems in the digital environment, requirements of natural security for information systems, then offers some considerations related to information security, and finally defines how to execute information security.

  3. 49 CFR 1540.209 - Fees for security threat assessment.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Fees for security threat assessment. 1540.209...: GENERAL RULES Security Threat Assessments § 1540.209 Fees for security threat assessment. This section describes the payment process for completion of the security threat assessments required under subpart....

  4. Embedding security messages in existing processes: a pragmatic and effective approach to information security culture change

    CERN Document Server

    Lopienski, Sebastian

    Companies and organizations world-wide depend more and more on IT infrastructure and operations. Computer systems store vital information and sensitive data; computing services are essential for main business processes. This high dependency comes with a number of security risks, which have to be managed correctly on technological, organizational and human levels. Addressing the human aspects of information security often boils down just to procedures, training and awareness raising. On the other hand, employees and collaborators do not adopt security attitude and habits simply when told to do so – a real change in behaviour requires an established security culture. But how to introduce a security culture? This thesis outlines the need of developing or improving security culture, and discusses how this can be done. The proposed approach is to gradually build security knowledge and awareness, and influence behaviours. The way to achieve this is to make security communication pervasive by embedding security me...

  5. 7 CFR 764.355 - Security requirements.

    Science.gov (United States)

    2010-01-01

    ... repaid based upon the applicant's production and income history; addresses applicable pricing risks through the use of marketing contracts, hedging, options, or other revenue protection mechanisms, and includes a marketing plan or similar risk management practice; (3) The applicant has had positive net...

  6. Securing energy equity

    International Nuclear Information System (INIS)

    Addressing energy poverty rather than energy equity conveniently evades the problem of the gap in energy consumption per capita in the developed and developing world. For energy security policies to adequately address energy poverty it requires a widening of scope from national to global. This is a comment to the forthcoming presentation of IEA's proposition for a new architecture for financing universal modern energy access to be presented at the conference 'Energy for all-Financing access for the poor' held in Oslo in October 2011. - Highlights: → Addressing energy poverty may elude the disparity in energy consumption between rich and poor. → A minimum threshold of energy for the poor does not itself address inequity in energy consumption. → Energy equity may be secured by widening scope from national to global, from the poorest to us all.

  7. ORACLE DATABASE SECURITY

    OpenAIRE

    Cristina-Maria Titrade

    2011-01-01

    This paper presents some security issues, namely security database system level, data level security, user-level security, user management, resource management and password management. Security is a constant concern in the design and database development. Usually, there are no concerns about the existence of security, but rather how large it should be. A typically DBMS has several levels of security, in addition to those offered by the operating system or network. Typically, a DBMS has user a...

  8. SECURITY CHALLENGESASA FACTOR AFFECTINGTHE SECURITY OFMANET: ATTACKS, AND SECURITY SOLUTIONS

    OpenAIRE

    Dr.Nabeel Zanoon; Dr.Nashat Albdour; Dr.Hatem S. A. Hamatta; RashaMoh'd Al-Tarawneh

    2015-01-01

    The Ad Hoc mobile network (MANET) is a wireless network with properties which may constitute challenges and weaknesses before the security progress in MANET network. It causes weakness in security, which leads to increased attacks on MANET. In this paper the challenges and attacks likely to threaten MANET will be investigated. As a corollary, security solutions will be discussed, the relationship between them will be concluded and architectural security solutions in MANET will beproposed.

  9. Planning security for supply security

    International Nuclear Information System (INIS)

    The situation of the hardcoal mining industry is still difficult, however better than last year. Due to better economic trends in the steel industry, though on a lower level, sales in 1994 have stabilised. Stocks are being significantly reduced. As to the production, we have nearly reached a level which has been politically agreed upon in the long run. Due to the determined action of the coalmining companies, a joint action of management and labour, the strong pressure has been mitigated. On the energy policy sector essential targets have been achieved: First of all the ECSC decision on state aid which will be in force up to the year 2002 and which will contribute to accomplish the results of the 1991 Coal Round. Furthermore, the 1994 Act on ensuring combustion of hardcoal in electricity production up to the year 2005. The hardcoal mining industry is grateful to all political decision makers for the achievements. The industry demands, however, that all questions still left open, including the procurement of financial means after 1996, should be settled soon on the basis of the new act and in accordance with the 1991 Coal Round and the energy concept of the Federal Government. German hardcoal is an indispensable factor within a balanced energy mix which guarantees the security of our energy supply, the security of the price structure and the respect of the environment. (orig.)

  10. Information Security: Past, Present and Future - Impact of Developments in Information Technology on Security

    OpenAIRE

    Overbeek, P.L.

    1991-01-01

    The development of information security is addressed in relation to the development of information technology. The leading question is: how has information security developed itself so far, and how should it progress to address tomorrow's security needs. An overwiew is given of the use of information technology in the past, present and expectations for the future. For each period, the security requirements and solutions are discussed, It is made clear that the developments in information tech...

  11. Compatibility of safety and security

    International Nuclear Information System (INIS)

    Full text: With regard to protection against sabotage, i.e. malicious acts that may entail radiological releases, safety and security share the same common objective to protect the health of man and the environment. The method is identical and includes a general aim of prevention of risks and limitation of the consequences. In both cases, priority is given to prevention. A certain number of fundamental principles are associated to this approach, in which there is a considerable amount of similarity between safety and security. Moreover, it is essential to note that the acceptable risk is the same whether the initiating event of a given radiological release is following a natural event, equipment failure or a malicious act. The steps taken to provide protection against a malicious act naturally incorporate specific features related to physical protection but are also based on intrinsic provisions concerning safety. Organizational principles are the same in terms of safety and security. The State must set up appropriate legislative and regulatory frameworks, in particular, to designate a competent authority both in the safety and security fields. The competent authority must define, for both safety and security, the goals to attain and perform a nuclear operator activity control and assessment mission. Nuclear operators are the prime accountable for the safety and security of their installations. The State must verify that the responsibilities of each and everyone are clearly identified and accepted, both in the safety and in the security domain. Protection with regard to malicious acts requires, however, a different positioning and larger and more direct involvement of the State in security than in safety. Safety culture and security culture are based on very similar principles. They must co-exist, back each other up and mutually enhance each other. When considering the different design and operating situations of nuclear installations, similarities and differences

  12. Computer Security: the security marathon, part 2

    CERN Multimedia

    Computer Security Team

    2014-01-01

    Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

  13. Securing the Global Airspace System Via Identity-Based Security

    Science.gov (United States)

    Ivancic, William D.

    2015-01-01

    Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

  14. Guidelines for development of NASA (National Aeronautics and Space Administration) computer security training programs

    Science.gov (United States)

    Tompkins, F. G.

    1983-01-01

    The report presents guidance for the NASA Computer Security Program Manager and the NASA Center Computer Security Officials as they develop training requirements and implement computer security training programs. NASA audiences are categorized based on the computer security knowledge required to accomplish identified job functions. Training requirements, in terms of training subject areas, are presented for both computer security program management personnel and computer resource providers and users. Sources of computer security training are identified.

  15. Information security management handbook, v.7

    CERN Document Server

    O'Hanley, Richard

    2013-01-01

    Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features 27 new chapters on topics

  16. A REVIEW ON SECURED CLOUD COMPUTING ENVIRONMENT

    Directory of Open Access Journals (Sweden)

    M. Hemanth Chakravarthy

    2014-01-01

    Full Text Available Nowadays, the scientific problem becomes very complex; therefore, it requires more computing power and storage space. These requirements are very common in an organization while dealing with current technological data and requirements. Based on these basic requirements, need of higher computational resources is an important issue when dealing with current technological methodology. Hence, cloud computing has become the most important computing paradigm of recent world. The cloud computing is an open source and using Internet as network model. Rapid growth in the field of “cloud computing” also increases severe security concerns, because security has a constant issue. This study reviews security models of cloud computing.

  17. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  18. Information Systems Security Audit

    Directory of Open Access Journals (Sweden)

    Gheorghe Popescu

    2007-12-01

    Full Text Available The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  19. Knowledge-based computer security advisor

    International Nuclear Information System (INIS)

    The rapid expansion of computer security information and technology has included little support to help the security officer identify the safeguards needed to comply with a policy and to secure a computing system. This paper reports that Los Alamos is developing a knowledge-based computer security system to provide expert knowledge to the security officer. This system includes a model for expressing the complex requirements in computer security policy statements. The model is part of an expert system that allows a security officer to describe a computer system and then determine compliance with the policy. The model contains a generic representation that contains network relationships among the policy concepts to support inferencing based on information represented in the generic policy description

  20. Transforming Homeland Security [video

    OpenAIRE

    McIntyre, David; Center for Homeland Defense and Security Naval Postgraduate School

    2011-01-01

    A pioneer in homeland security, and homeland security education, David McIntyre discusses the complexities in transforming homeland security from a national program in its inception, to also include state and local agencies and other public and private parties.

  1. Cyberspace security system

    Energy Technology Data Exchange (ETDEWEB)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  2. Cyberspace security system

    Science.gov (United States)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  3. Security in mobile messaging

    OpenAIRE

    Nurtdinova, Daria

    2016-01-01

    Nowadays the Internet and smartphones are a substantial part of everyday life. It helps us to be in touch with others and to manage business projects more easily. IM immediately adapts to the possibili-ties of digital sphere and to human requirements. The academic purpose is to review the development of messaging applications and security features through the last 25 years. The main aim of the case is to find a free of charge cross-platform instant messenger with the end-to-end encrypted ...

  4. A Learning-Based Approach to Reactive Security

    OpenAIRE

    Barth, Adam; Rubinstein, Benjamin I. P.; Sundararajan, Mukund; Mitchell, John C.; Song, Dawn; Bartlett, Peter L.

    2009-01-01

    Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst-case assumptions about the attacker: we grant the attacker complete knowledge of the defender's strategy and do not require the ...

  5. Secure Information Sharing in an Industrial Internet of Things

    OpenAIRE

    Ulltveit-Moe, Nils; Nergaard, Henrik; Erdödi, László; Gjøsæter, Terje; Kolstad, Erland; Berg, Pål

    2016-01-01

    This paper investigates how secure information sharing with external vendors can be achieved in an Industrial Internet of Things (IIoT). It also identifies necessary security requirements for secure information sharing based on identified security challenges stated by the industry. The paper then proposes a roadmap for improving security in IIoT which investigates both short-term and long-term solutions for protecting IIoT devices. The short-term solution is mainly based on integrating existi...

  6. Security and Security Complex: Operational Concepts

    OpenAIRE

    Luis Tomé

    2010-01-01

    Security is one of the most ambiguous, contested, and debated ideas in the conceptual framework of international relations. The "traditional" perspective has been severely contested as new approaches develop, and the concept of security has been reworked in all its fundamental components and dimensions, from object and reference to range and security instruments. Likewise, the discussion over the definition and characterization of international security systems, namely regarding competitive s...

  7. Pool-site E-voting Security

    Directory of Open Access Journals (Sweden)

    Ciprian Ezeanu

    2009-12-01

    Full Text Available The aim of this paper is to present e-voting procedure describing its advantages and disadvantages. Conventional security measures such as firewalls or SSL communications are necessary but not sufficient to guarantee the specific security requirements of e-voting. Besides these conventional security measures, it is also necessary to implement an additional layer of specialized security technology to address the specific risks posed by electronic voting and guarantee critical security requirements such as voters’ privacy, vote integrity and voter-verifiability. Analyzing the security of Diebold AccuVote-TS voting machine it was observed the vulnerabilities of this machine to different classes of attacks like: vote-stealing attack, Denial-of-Service (DoS attack and injecting attack code.

  8. Foundational aspects of security

    DEFF Research Database (Denmark)

    Chatzikokolakis, Konstantinos; Mödersheim, Sebastian Alexander; Palamidessi, Catuscia;

    2014-01-01

    This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security.......This Special Issue of the Journal of Computer Security focuses on foundational aspects of security, which in recent years have helped change much of the way we think about and approach system security....

  9. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1991-01-01

    This security guide of the Department of Energy covers contractor and subcontractor access to DOE and Mound facilities. The topics of the security guide include responsibilities, physical barriers, personnel identification system, personnel and vehicular access controls, classified document control, protecting classified matter in use, storing classified matter repository combinations, violations, security education clearance terminations, security infractions, classified information nondisclosure agreement, personnel security clearances, visitor control, travel to communist-controlled or sensitive countries, shipment security, and surreptitious listening devices.

  10. Security Testing: A Survey

    OpenAIRE

    Felderer, M.; Büchlein, M.; Johns, M; Brucker, A.D.; Breu, R.; Pretschner, A.

    2015-01-01

    Identifying vulnerabilities and ensuring security functionality by security testing is a widely applied measure to evaluate and improve the security of software. Due to the openness of modern software-based systems, applying appropriate security testing techniques is of growing importance and essential to perform effective and efficient security testing. Therefore, an overview of actual security testing techniques is of high value both for researchers to evaluate and refine the techniques and...

  11. A Research Agenda for Security Engineering

    Directory of Open Access Journals (Sweden)

    Rich Goyette

    2013-08-01

    Full Text Available Despite nearly 30 years of research and application, the practice of information system security engineering has not yet begun to exhibit the traits of a rigorous scientific discipline. As cyberadversaries have become more mature, sophisticated, and disciplined in their tradecraft, the science of security engineering has not kept pace. The evidence of the erosion of our digital security – upon which society is increasingly dependent – appears in the news almost daily. In this article, we outline a research agenda designed to begin addressing this deficit and to move information system security engineering toward a mature engineering discipline. Our experience suggests that there are two key areas in which this movement should begin. First, a threat model that is actionable from the perspectives of risk management and security engineering should be developed. Second, a practical and relevant security-measurement framework should be developed to adequately inform security-engineering and risk-management processes. Advances in these areas will particularly benefit business/government risk assessors as well as security engineers performing security design work, leading to more accurate, meaningful, and quantitative risk analyses and more consistent and coherent security design decisions. Threat modelling and security measurement are challenging activities to get right – especially when they need to be applied in a general context. However, these are decisive starting points because they constitute the foundation of a scientific security-engineering practice. Addressing these challenges will require stronger and more coherent integration between the sub-disciplines of risk assessment and security engineering, including new tools to facilitate that integration. More generally, changes will be required in the way security engineering is both taught and practiced to take into account the holistic approach necessary from a mature, scientific

  12. Security aspects of PFBR

    International Nuclear Information System (INIS)

    With five decades of research and development in the nuclear energy for application areas like medicine, agriculture, besides the major thrust area of power production, India is marching ahead with a highly ambitious nuclear energy program. The program spans to all nuclear fuel cycle activities starting from exploration and mining, fuel fabrication, power production to managing spent fuel and nuclear waste. The Primary objectives of the nuclear security system of PFBR is to protect the nuclear facility and nuclear fuel against acts which may endanger public by radiation exposure, protect the nuclear material against theft, prevent malevolent acts, permit only authorized activities in the protected areas, protect proprietary information, material and finally protection of employees and public around the nuclear facilities. The systems are devised on the principle of 4 Ds-deter, detect, delay and defeat and are realized by well defined technical, operative and administration measures suitably backed by our national law. There are well developed contingency plans to handle emergencies arising out of incidents related to radiological sabotage, theft of nuclear material, Intrusion into the facility, nuclear and other industrial accidents, fire and natural calamities. The contingency plan stipulates periodic emergency drills and reporting and corrective measures required for observed deficiencies. PFBR attaches a great importance to security of nuclear material and facilities from the very beginning. An integrated multipronged approach for security of PFBR is adopted. These systems are constantly reviewed and updated taking into account the complex and dynamic changes in security scenario and making them an integral part of our nuclear energy program. (author)

  13. Reliable Process for Security Policy Deployment

    OpenAIRE

    Preda, Stere; Cuppens-Boulahia, Nora; Cuppens, Frederic; Garcia-Alfaro, Joaquin; Toutain, Laurent

    2009-01-01

    We focus in this paper on the problem of configuring and managing network security devices, such as Firewalls, Virtual Private Network (VPN) tunnels, and Intrusion Detection Systems (IDSs). Our proposal is the following. First, we formally specify the security requirements of a given system by using an expressive access control model. As a result, we obtain an abstract security policy, which is free of ambiguities, redundancies or unnecessary details. Second, we deploy such an abstract policy...

  14. SPION: Secure Protocols in OSI Networks

    OpenAIRE

    Ahlgren, Bengt; Lindgren, Per; Sirotkin, Teet

    1989-01-01

    SPION: Secure Protocols in OSI Networks This report describes how security services can be realized in a computer network using the protocols of the Open Systems Interconnection (OSI) reference model for communication. The report starts with defining security requirements for a "typical" local area network in a company, university or similar organization. It is assumed that the organization does not use the network for transfer of extremely sensitive information, such a...

  15. Improving the Security of the Medical Images

    OpenAIRE

    Ahmed Mahmood; Tarfa Hamed; Charlie Obimbo; Robert Dony

    2013-01-01

    Applying security to the transmitted medical images is important to protect the privacy of patients. Secure transmission requires cryptography, and watermarking to achieve confidentiality, and data integrity. Improving cryptography part needs to use an encryption algorithm that stands for a long time against different attacks. The proposed method is based on number theory and uses Chinese remainder theorem as a backbone. This approach achieves high level of security and stands against differe...

  16. Improving Security Policy Decisions with Models

    OpenAIRE

    Caulfield, T.; Pym, D.

    2015-01-01

    Security managers face the challenge of designing security policies that deliver the objectives required by their organizations. We explain how a rigorous methodology, grounded in mathematical systems modelling and the economics of decision-making, can be used to explore the operational consequences of their design choices and help security managers to make better decisions. The methodology is based on constructing executable system models that illustrate the effects of different policy choic...

  17. Keystone Business Models for Network Security Processors

    OpenAIRE

    Arthur Low; Steven Muegge

    2013-01-01

    Network security processors are critical components of high-performance systems built for cybersecurity. Development of a network security processor requires multi-domain experience in semiconductors and complex software security applications, and multiple iterations of both software and hardware implementations. Limited by the business models in use today, such an arduous task can be undertaken only by large incumbent companies and government organizations. Neither the “fabless semiconductor...

  18. Usable Security For Named Data Networking

    OpenAIRE

    Yu, Yingdi

    2016-01-01

    Named Data Networking (NDN) is a proposed Internet architecture, which changes the network communication model from “speaking to a host” to “retrieving data from network”. Such data-centric communication model requires a data-centric security model, which secures data directly rather than authenticating the host where data is retrieved from and securing the channel through which data is delivered, so that data can be safely distributed into arbitrary untrusted storage and retrieved over untru...

  19. Security issues for the software evolution model

    OpenAIRE

    Rambidis, Anastasios X.

    1998-01-01

    This thesis examines the security requirements of the software evolution model and identifies possible security mechanisms called "control classes" that are applicable to the model. Then, based on combinations of "control lasses," proposes a suitable security level for each of the model's databases. Furthermore this thesis deals with the possibility of using Pretty Good Privacy as a method for protection of software data stored in databases. The software evolution model captures all the neces...

  20. Security in Internet of Things Systems

    OpenAIRE

    Tuen, Christian Dancke

    2015-01-01

    Security in the current Internet of Things is not as good at it ought to be. This thesis shows some glaring flaws in existing products, which is often created because of oversight from the developers, as the constraints existing in IoT requires a more thorough thought-process than is normal in desktop computing. Due to limited power, bandwidth and processing power, everything needs to get stripped down to the bare minimum, while still maintaining good security properties. Security is an ...

  1. GSM Security Using Identity-based Cryptography

    OpenAIRE

    Agarwal, Animesh; Shrimali, Vaibhav; Das, Manik Lal

    2009-01-01

    Current security model in Global System for Mobile Communications (GSM) predominantly use symmetric key cryptography. The rapid advancement of Internet technology facilitates online trading, banking, downloading, emailing using resource-constrained handheld devices such as personal digital assistants and cell phones. However, these applications require more security than the present GSM supports. Consequently, a careful design of GSM security using both symmetric and asymmetric key cryptograp...

  2. Management of Information Security in Financial Accounting

    OpenAIRE

    Aurel Serb; Constantin Baron; Nicoleta Magdalena Iacob (Ciobanu); Costinela - Luminita Defta

    2014-01-01

    Security issues in financial accounting are complex, and the risks are often difficult to stipulate, even for experts. The issues presented in this article try to be formed in a contribution to the consolidation of problems in the field of risk, and former vulnerabilities in cyber security in financial accounting. The use of an information security management system became a requirement for organizations because on the states began adopting mandatory data protection legislation and informatio...

  3. Object Security in the Internet of Things

    OpenAIRE

    Palombini, Francesca

    2015-01-01

    The Internet of Things and the constrained environment that comes from the growth of constrained devices connected to the Internet brings new security challenges that cannot be solved in a satisfactory way with only transport layer security. A more flexible solution is required, both to protect sensitive data and user privacy but also to distribute policies in a secure and standardized way. The same privacy problems arise in the general web setting with processing and storage more and more mo...

  4. Review on Cyber Security Programs for NPP Application

    International Nuclear Information System (INIS)

    Increased history records of cyber security (CS) attacks and concerns for computers and networks technical mishaps pull out cyber security to open places. In spite of secrete nature of security, transparent and shared knowledge of many security features are more required at modern plant floors. Korea Institute of Nuclear Safety (KINS), US Government and Nuclear Regulatory Commission (NRC) requested to develop cyber security plans and enforce their implementing to the NPPs. [KINS] [CFR] [RG 5.71] This paper reviews various cyber security guidelines and suggests an applicable cyber security program development models during the life cycle of NPP's Instrumentation and Control (I and C) systems

  5. Securing the Application Layer in eCommerce

    Directory of Open Access Journals (Sweden)

    Bala Musa S

    2012-01-01

    Full Text Available As e-commerce transaction is evolving, security is becoming a paramount issue since a great deal of credit cards, fund transfer, web shopping and public retirements are involved. Therefore, an appropriate development process is necessary for such security critical application. Also, handling security issues at early stage of software development is paramount to avoiding vulnerabilities from scaling through production environment unnoticed. This paper proposes a comprehensive security requirements and security design within the development phase of an e-commerce application as a security control to identify security flaws at early stage of web application development which might prevent re-architecture when discovered at a later stage.

  6. Security: a supranational legal asset

    Directory of Open Access Journals (Sweden)

    Manuel Monteiro Guedes Valente

    2012-01-01

    Full Text Available This paper discusses the concept of security as a manysided, multifunctional and multilevel regulation topology which requires its several actors to view legal assets from a polygonal perspective worthy of legal protection from local to global and from global to local space. The concept of security as a supranational legal asset requires criminal legislation which defines the principles of criminal policy and the intervention of criminal Law, barriers to security trends and to the attempt to enhance the principle of presumed hazard as a basis for criminal intervention. We contend that the obstacle to "human self-objectification" in the global polygon is a (new world legal order as humanity's future balance.

  7. On Building Secure Communication Systems

    DEFF Research Database (Denmark)

    Carvalho Quaresma, Jose Nuno

    This thesis presents the Guided System Development (GSD) framework, which aims at supporting the development of secure communication systems. A communication system is specified in a language similar to the Alice and Bob notation, a simple and intuitive language used to describe the global...... perspective of the communications between different principals. The notation used in the GSD framework extends that notation with constructs that allow the security requirements of the messages to be described. From that specification, the developer is guided through a semi-automatic translation that enables...... the verification and implementation of the system. The translation is semi-automatic because the developer has the option of choosing which implementation to use in order to achieve the specified security requirements. The implementation options are given by plugins defined in the framework. The...

  8. Security 2020 Reduce Security Risks This Decade

    CERN Document Server

    Howard, Doug; Schneier, Bruce

    2010-01-01

    Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine

  9. MODERN NETWORK SECURITY: ISSUES AND CHALLENGES

    Directory of Open Access Journals (Sweden)

    SHAILJA PANDEY

    2011-05-01

    Full Text Available Secure Network has now become a need of any organization. The security threats are increasing day by day and making high speed wired/wireless network and internet services, insecure andunreliable. Now – a - days security measures works more importantly towards fulfilling the cutting edge demands of today’s growing industries. The need is also induced in to the areas like defense, where secure and authenticated access of resources are the key issues related to information security. In this paper Author has described the important measures and parameters regarding large industry/organizational requirements for establishing a secure network. Wi-Fi networks are very common in providing wirelessnetwork access to different resources and connecting various devices wirelessly. There are need of different requirements to handle Wi-Fi threats and network hacking attempts. This paper exploresimportant security measures related to different network scenarios, so that a fully secured network environment could be established in an organization. Author also has discussed a case study to illustratethe minimal set of measures required for establishing network security in any organization.

  10. The corporate security professional

    DEFF Research Database (Denmark)

    Petersen, Karen Lund

    2013-01-01

    In our age of globalization and complex threat environments, every business is called upon to manage security. This tendency is reflected in the fact that a wide range of businesses increasingly think about security in broad terms and strive to translate national security concerns into corporate...... speech. This article argues that the profession of the security manager has become central for understanding how the relationship between national and corporate security is currently negotiated. The national security background of most private sector security managers makes the corporate security...... professional inside the company a powerful hybrid agent. By zooming in on the profession and the practice of national security inside companies, the article raises questions about where to draw the line between corporate security and national security along with the political consequences of the constitution...

  11. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1993-06-01

    This guide is provided to aid in the achievement of security objectives in the Department of Energy (DOE) contractor/subcontractor program. The objectives of security are to protect information that, if released, would endanger the common defense and security of the nation and to safeguard plants and installations of the DOE and its contractors to prevent the interruption of research and production programs. The security objective and means of achieving the objective are described. Specific security measures discussed in this guide include physical barriers, personnel identification systems, personnel and vehicular access control, classified document control, protection of classified matter in use, storing classified matter, and repository combinations. Means of dealing with security violations and security infractions are described. Maintenance of a security education program is discussed. Also discussed are methods of handling clearance terminations, visitor control, travel to sensitive countries, and shipment security. The Technical Surveillance Countermeasures Program (TSCM), the Computer Security Program, and the Operations Security Plan (OPSEC) are examined.

  12. 75 FR 47311 - Extension of Agency Information Collection Activity Under OMB Review: Aviation Security...

    Science.gov (United States)

    2010-08-05

    ... period soliciting comments, of the following collection of information on March 4, 2010, 75 FR 9920... security costs and information reasonably necessary to complete an audit. This requirement includes... SECURITY Transportation Security Administration Extension of Agency Information Collection Activity...

  13. Using the safety/security interface to the security manager's advantage

    International Nuclear Information System (INIS)

    Two aspects of the safety/security interface are discussed: (1) the personal safety of nuclear security officers; and (2) how the security manager can effectively deal with the safety/security interface in solving today's requirements yet supporting the overall mission of the facility. The basis of this presentation is the result of interviews, document analyses, and observations. The conclusion is that proper planning and communication between the players involved in the security/safety interface can benefit the two programs and help achieve overall system integration, ultimately contributing to the bottom line. This is especially important in today's cost conscious environment

  14. Metro Manila Water Security Study

    OpenAIRE

    World Bank

    2012-01-01

    The metropolitan waterworks and sewerage system (MWSS) services the water supply and sewerage requirements of Metro Manila including the Province of Rizal and parts of Cavite, an area composed of the estimated 15 million residents in one of the fast growing urban centers in the world. In order to secure the water supply for Metro Manila, some alternative water sources, that is Laguna Lake, ...

  15. Complete Quantum Communication with Security

    OpenAIRE

    Mitra, Arindam

    1998-01-01

    The long-standing problem of quantum information processing is to remove the classical channel from quantum communication. Introducing a new information processing technique, it is discussed that both insecure and secure quantum communications are possible without the requirement of classical channel.

  16. Security Technologies for Open Networking Environments (STONE)

    Energy Technology Data Exchange (ETDEWEB)

    Muftic, Sead

    2005-03-31

    -domain scenarios is supported by a set of security engines that represent the core of the Federated Identities Management Server, which is also an extension of the Domain Security Server. The Federated Identity Management server allows users to federate their identities or terminate the federation between the service provider and the identity provider. At the service provider web site, the users are offered a list of identity providers to which they can choose to federate their identities. After users federate their identity, they can perform Single Sign-On protocol in an environment of federated domains. The group security system consists of a number of security technologies under a unified architecture, which supports creation of secure groups and execution of secure group transactions and applications in an open networking environment. The system is based on extensions of the GSAKMP standard for group key distribution and management. The Top layer is the Security Infrastructure with the Security Management and Administration System components and protocols that provide security functions common to all secure network applications The Middle layer is the Secure Group Protocols and Applications layer, consisting of the Policy and Group Key Distribution Server and Web-based (thin) Client. The Bottom layer is the supporting Middleware Security Platform, the cryptographic platform already described above. The group security system is designed to perform the functions necessary to create secure groups and enable secure group applications. Specifically, the system can manage group roles, create and disseminate a group security policy, perform authentication and authorization of users using PKI certificates and Web services security, generate group keys, and recover from compromises. In accordance with the GSAKMP standard, the group security system must perform all the required group life-cycle functions: group definition, group establishment, group maintenance, and group removal. The

  17. Based on combination of L2TP and IPSec VPN security technology research

    OpenAIRE

    Ya-qin Fan; Chi Li; Chao Sun

    2012-01-01

    This report is written to provide a method of building secure VPN by combination of L2TP and IPSec in order to meet the requirements of secure transmission of data and improve the VPN security technology. It remedies the secured short comes of L2TP Tunneling Protocol Tunneling Protocol and IPSec security. Simulation and analysis show that the construction method can improve the security of data transmission, and the simulation results of VPN is valuable for security professionals to refer.

  18. 27 CFR 18.19 - Security.

    Science.gov (United States)

    2010-04-01

    ... 27 Alcohol, Tobacco Products and Firearms 1 2010-04-01 2010-04-01 false Security. 18.19 Section 18.19 Alcohol, Tobacco Products and Firearms ALCOHOL AND TOBACCO TAX AND TRADE BUREAU, DEPARTMENT OF THE... Provisions Document Requirements § 18.19 Security. The concentrate plant and equipment will be so...

  19. 12 CFR 703.11 - Valuing securities.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Valuing securities. 703.11 Section 703.11 Banks and Banking NATIONAL CREDIT UNION ADMINISTRATION REGULATIONS AFFECTING CREDIT UNIONS INVESTMENT AND... price quotation on the security from an industry-recognized information provider. This requirement...

  20. 14 CFR 129.25 - Airplane security.

    Science.gov (United States)

    2010-01-01

    ... security requirements in 49 CFR chapter XII. ... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false Airplane security. 129.25 Section 129.25... AND FOREIGN OPERATORS OF U.S.-REGISTERED AIRCRAFT ENGAGED IN COMMON CARRIAGE General § 129.25...

  1. Cyber Security--Are You Prepared?

    Science.gov (United States)

    Newman, Scott

    2007-01-01

    During the summer 2002 term, Oklahoma State University-Okmulgee's Information Technologies Division offered a one credit-hour network security course--which barely had adequate student interest to meet the institution's enrollment requirements. Today, OSU-Okmulgee boasts one of the nation's premier cyber security programs. Many prospective…

  2. 76 FR 4079 - Information Technology (IT) Security

    Science.gov (United States)

    2011-01-24

    ... SPACE ADMINISTRATION 48 CFR Parts 1804 and 1852 RIN 2700-AD46 Information Technology (IT) Security... NASA FAR Supplement (NFS) to update requirements related to Information Technology Security, consistent... rule in the Federal Register (73 FR 73201-73202) on December 2, 2008. The sixty day comment...

  3. Secure Storage Architectures

    Energy Technology Data Exchange (ETDEWEB)

    Aderholdt, Ferrol [Tennessee Technological University; Caldwell, Blake A [ORNL; Hicks, Susan Elaine [ORNL; Koch, Scott M [ORNL; Naughton, III, Thomas J [ORNL; Pogge, James R [Tennessee Technological University; Scott, Stephen L [Tennessee Technological University; Shipman, Galen M [ORNL; Sorrillo, Lawrence [ORNL

    2015-01-01

    help with this issue, which are a particular instances of the more general challenge of efficient host/guest IO that is the focus of interfaces like virtio. A collection of bridging technologies have been identified in Chapter 4, which can be helpful to overcome the limitations and challenges of supporting efficient storage for secure enclaves. The synthesis of native filesystem security mechanisms and bridging technologies led to an isolation-centric storage architecture that is proposed in Chapter 5, which leverages isolation mechanisms from different layers to facilitate secure storage for an enclave. Recommendations: The following highlights recommendations from the investigations done thus far. - The Lustre filesystem offers excellent performance but does not support some security related features, e.g., encryption, that are included in GPFS. If encryption is of paramount importance, then GPFS may be a more suitable choice. - There are several possible Lustre related enhancements that may provide functionality of use for secure-enclaves. However, since these features are not currently integrated, the use of Lustre as a secure storage system may require more direct involvement (support). (*The network that connects the storage subsystem and users, e.g., Lustre s LNET.) - The use of OpenStack with GPFS will be more streamlined than with Lustre, as there are available drivers for GPFS. - The Manilla project offers Filesystem as a Service for OpenStack and is worth further investigation. Manilla has some support for GPFS. - The proposed Lustre enhancement of Dynamic-LNET should be further investigated to provide more dynamic changes to the storage network which could be used to isolate hosts and their tenants. - The Linux namespaces offer a good solution for creating efficient restrictions to shared HPC filesystems. However, we still need to conduct a thorough round of storage/filesystem benchmarks. - Vendor products should be more closely reviewed, possibly to

  4. 支持动态策略的安全核(Security Kernel)机制的研究%Research of Security Kernel Mechanism Supporting Dynamical Policies

    Institute of Scientific and Technical Information of China (English)

    吴新勇; 熊光泽

    2002-01-01

    Security of information system requires a secure operation system. Security kernel meets the requirement and provides a bedrock to security of operation system. This paper extracts the deficiency of traditional security kernel, presents a security kernel mechanism supporting policy flexibility, simplified secure interface. It optimizes the performance by reused policy cache, provids a method to revoke granted permissions and assures the atomicity of revocation permissions and granting new permissions. As a result, all refinements help security kernel to improve its flexibility, extensibility and portability.

  5. Toward Quality of Security Service in a Resource Management System Benefit Function

    OpenAIRE

    Irvine, Cynthia E.; Levin, Timothy E.

    2000-01-01

    Enforcement of a high-level statement of security policy may be difficult to discern when mapped through functional requirements to a myriad of possible security ser- vices and mechanisms in a highly complex, networked environment. A method for articulating network security functional requirements, and their fulfillment, is presented. Using this method, security in a quality of service frame- work is discussed in terms of “variant” security mecha- nisms and dynamic security policies. For illu...

  6. Quality of Security Service in a resource management system benefit function

    OpenAIRE

    Levin, Timothy; Irvine, Cynthia

    1999-01-01

    Enforcement of a high-level statement of security policy may be difficult to discern when mapped through functional requirements to a myriad of possible security services and mechanisms in a highly complex, networked environment. A method of articulating network security functional requirements, and their fulfillment, is presented. Using this method, security in a quality of service framework is discussed in terms of "variant" security mechanisms and dynamic security policies. For illustratio...

  7. Untangle network security

    CERN Document Server

    El-Bawab, Abd El-Monem A

    2014-01-01

    If you are a security engineer or a system administrator and want to secure your server infrastructure with the feature-rich Untangle, this book is for you. For individuals who want to start their career in the network security field, this book would serve as a perfect companion to learn the basics of network security and how to implement it using Untangle NGFW.

  8. Security culture in Germany

    International Nuclear Information System (INIS)

    The standing of the terms 'security' and 'culture' will be discussed. A brief overview about states and operators responsibilities linked to security culture will be given, and a definition of the term 'security culture' will be explained. The security culture in German nuclear facilities will be briefly discussed

  9. Networking and Security Measures

    OpenAIRE

    Vaibhav Gupta; Sumit Goswami; Ashok Kumar; Mohinder Singh

    2004-01-01

    By writing this paper a small effort has been put to understand the growing network needs and its security. Various types of network threats and security services are discussed. This will help in designing a secure and robust network infrastructure by discussing management security policies and risk analysis.

  10. RFID security

    OpenAIRE

    Καλυβιώτη, Αριστέλα

    2008-01-01

    Αντικείμενο αυτής της διπλωματικής εργασίας είναι το RFID Security. Στο κεφάλαιο 1 παρουσιάζεται η ιστορική αναδρομή και οι εφαρμογές του RFID. Στο κεφάλαιο 2 αναλύεται περισσότερο η αρχιτεκτονική του RFID και κάποια χαρακτηριστικά του γνωρίσματα καθώς και τα πρότυπα που το περιβάλλουν. Στο κεφάλαιο 3 περιγράφονται οι στόχοι και οι ιδιότητες της ασφάλειας. Στο κεφάλαιο 4 παρουσιάζονται οι βασικοί τύποι επίθεσης , οι τύποι σύμφωνα με τον αντικειμενικό σκοπό τους και αναλύονται περισσότερο οι α...

  11. 17 CFR 41.45 - Required margin.

    Science.gov (United States)

    2010-04-01

    ... PRODUCTS Customer Accounts and Margin Requirements § 41.45 Required margin. (a) Applicability. Each... positions held on behalf of a customer in a securities account or futures account as set forth in this... security future shall be twenty (20) percent of the current market value of such security future....

  12. 17 CFR 242.403 - Required margin.

    Science.gov (United States)

    2010-04-01

    ...) REGULATIONS M, SHO, ATS, AC, AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY FUTURES Customer Margin... of a customer in a securities account or futures account as set forth in this section. (b) Required... be twenty (20) percent of the current market value of such security future. (2) Offsetting...

  13. Professional Cocoa Application Security

    CERN Document Server

    Lee, Graham J

    2010-01-01

    The first comprehensive security resource for Mac and iPhone developers. The Mac platform is legendary for security, but consequently, Apple developers have little appropriate security information available to help them assure that their applications are equally secure. This Wrox guide provides the first comprehensive go-to resource for Apple developers on the available frameworks and features that support secure application development.: While Macs are noted for security, developers still need to design applications for the Mac and the iPhone with security in mind; this guide offers the first

  14. IAEA nuclear security program

    International Nuclear Information System (INIS)

    Although nuclear security is a State responsibility, it is nevertheless an international concern, as the consequences of a nuclear security incident would have worldwide impact. These concerns have resulted in the development of numerous international instruments on nuclear security since the terrorist events in the USA on September 11, 2001. The IAEA Office of Nuclear Security has been charged to assist Member States to improvement their nuclear security and to meet the intent of these international obligations in order to ensure a cohesive thread of nuclear security protects the global community. The programs underway and planned by the Office of Nuclear Security will be discussed in this paper. (author)

  15. Survey of information security

    Institute of Scientific and Technical Information of China (English)

    SHEN ChangXiang; ZHANG HuangGuo; FENG DengGuo; CAO ZhenFu; HUANG JiWu

    2007-01-01

    The 21st century is the age of information when information becomes an important strategic resource. The information obtaining, processing and security guarantee capability are playing critical roles in comprehensive national power, and information security is related to the national security and social stability. Therefore, we should take measures to ensure the information security of our country. In recent years, momentous accomplishments have been obtained with the rapid development of jnformation security technology. There are extensive theories about information security and technology. However, due to the limitation of length, this article mainly focuses on the research and development of cryptology, trusted computing, security of network, and information hiding, etc.

  16. Security guide for subcontractors

    International Nuclear Information System (INIS)

    The objectives of security in the Department of Energy (DOE) contractor/subcontractor program are: (1) to ensure the protection of information which, if related, would endanger the common defense and security of the nation; and (2) to safeguard the plants and installations of the DOE and its contractors in order that research and production programs will not be interrupted. To achieve these objectives, security responsibilities have been divided into three interdependent categories: personnel security, physical security, and security education and quality audits. This guide presents instructions for implementing a security program at a contractor/subcontractor site

  17. Security for multi-hop wireless networks

    CERN Document Server

    Mahmoud, Mohamed M E A

    2014-01-01

    This Springer Brief discusses efficient security protocols and schemes for multi-hop wireless networks. It presents an overview of security requirements for these networks, explores challenges in securing networks and presents system models. The authors introduce mechanisms to reduce the overhead and identify malicious nodes that drop packets intentionally. Also included is a new, efficient cooperation incentive scheme to stimulate the selfish nodes to relay information packets and enforce fairness. Many examples are provided, along with predictions for future directions of the field. Security

  18. Safety versus Security in the Quality Calculus

    DEFF Research Database (Denmark)

    Nielson, Hanne Riis; Nielson, Flemming

    2013-01-01

    Safety and security are both needed for ensuring that cyber-physical systems live up to expectations, but often an intelligent trade-off is called for, because sometimes it is impossible to obtain optimal safety at the same time as optimal security. In the context of the Quality Calculus we develop...... a type system for checking the extent to which safety and security goals have been met. Safety goals include showing that certain error configurations are in fact not reachable and hence do not require intelligent error handling. Security goals include showing that highly trusted communications can...

  19. Improved verification methods for OVI security ink

    Science.gov (United States)

    Coombs, Paul G.; Markantes, Tom

    2000-04-01

    Together, OVP Security Pigment in OVI Security Ink, provide an excellent method of overt banknote protection. The effective use of overt security feature requires an educated public. The rapid rise in computer-generated counterfeits indicates that consumers are not as educate das to banknote security features as they should be. To counter the education issue, new methodologies have been developed to improve the validation of banknotes using the OVI ink feature itself. One of the new methods takes advantage of the overt nature of the product's optically variable effect. Another method utilizes the unique optical interference characteristics provided by the OVP platelets.

  20. Safety versus Security in the Quality Calculus

    DEFF Research Database (Denmark)

    Nielson, Hanne Riis; Nielson, Flemming

    Safety and security are both needed for ensuring that cyber-physical systems live up to expectations, but often an intelligent trade-off is called for, because sometimes it is impossible to obtain optimal safety at the same time as optimal security. In the context of the Quality Calculus we develop...... a type system for checking the extent to which safety and security goals have been met. Safety goals include showing that certain error configurations are in fact not reachable and hence do not require intelligent error handling. Security goals include showing that highly trusted communications can...

  1. New initiatives in materials security

    International Nuclear Information System (INIS)

    NRC Mission: To license and regulate the Nation's civilian use of byproduct, source, and special nuclear materials to ensure adequate protection of public health and safety, promote the common defense and security, and protect the environment. Scope of Responsibility: NRC's regulatory mission covers three main areas: - Reactors: commercial reactors for generating electric power and non-power reactors used for research, testing, and training; - Materials: uses of nuclear materials in medical, industrial, and academic settings and facilities that produce nuclear fuel; - Waste: transportation, storage, and disposal of nuclear materials and waste, and decommissioning of nuclear facilities from service. A Changing Environment: - National security is dominant concern; - Obtain appropriate balance between safety and Security initiatives and Operational activities; - Multiple layers of systems, infrastructures for various licensees. Effective Communication: Not easy; Sound bites galore; Nuclear 'phobia'; Acceptability of risk; Balance of cost and benefits; Responsibility of the regulator, licensees and radiation protection professionals. Prioritized Licensee Groups: - High priority: Panoramic irradiators; manufacturers/distributors; - Medium priority: medical and research facilities, radiography, well-logging, broad-scope licenses, self-shielded irradiators, open-field irradiators, and other licensees; - Low priority: Portable gauges. Increased Security Measures: Security Zone; Control Access; Monitor, Detect, Assess, and Respond; Transportation Security; Additional control to secure portable and mobile devices; Liaison with Local Law Enforcement Agencies; Background Investigations and Fingerprinting; License Verification; Document Retention; Information Protection; Orders/Legally binding requirements to more than 3000 licensees. Orders Issued: Large Panoramic Irradiators Security Measures (60 Orders issued 6/03, Inspections done); Manufacturing and Distribution Licensees

  2. Lecture 2: Software Security

    CERN Document Server

    CERN. Geneva

    2013-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development, testing and deployment. Sebastian Lopienski is CERN’s deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and ...

  3. 33 CFR 104.230 - Drill and exercise requirements.

    Science.gov (United States)

    2010-07-01

    ... the substantial and active participation of relevant company and vessel security personnel, and may.... 104.230 Section 104.230 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Requirements § 104.230 Drill and...

  4. 33 CFR 105.220 - Drill and exercise requirements.

    Science.gov (United States)

    2010-07-01

    ...) Exercises are a full test of the security program and must include substantial and active participation of.... 105.220 Section 105.220 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: FACILITIES Facility Security Requirements § 105.220 Drill and...

  5. Securing By Design

    OpenAIRE

    Weber, Cynthia; Lacy, Mark

    2011-01-01

    This article investigates how modern neo-liberal states are 'securing by design' harnessing design to new technologies in order to produce security, safety, and protection. We take a critical view toward 'securing by design' and the policy agendas it produces of 'designing out insecurity' and 'designing in protection' because securing by design strategies rely upon inadequate conceptualisations of security, technology, and design and inadequate understandings of their relationships to produce...

  6. Network Security Scanner

    OpenAIRE

    G. MURALI; M.Pranavi; Y.Navateja; K. Bhargavi

    2011-01-01

    Network Security Scanner (NSS) is a tool that allows auditing and monitoring remote network computers for possible vulnerabilities, checks your network for all potential methods that a hacker might use to attack it. Network Security Scanner is a complete networking utilities package that includes a wide range of tools for network security auditing, vulnerability Auditing, scanning, monitoring and more. Network Security Scanner (NSS) is an easy to use, intuitive network security scanner that c...

  7. Performance Evaluation of Security Protocols

    CERN Document Server

    Genge, Bela

    2009-01-01

    We propose a comparative performance evaluation of security protocols. The novelty of our approach lies in the use of a polynomial mathematical model that captures the performance of classes of cryptographic algorithms instead of capturing the performance of each algorithm separately, approach that is used in other papers. A major advantage of using such a model is that it does not require implementation-specific information, because the decision is based on comparing the estimated performances of protocols instead of actually evaluating them. The approach is validated by comparatively evaluating the performances of 1000 automatically generated security protocols against the performances of their actual implementations.

  8. Open source systems security certification

    CERN Document Server

    Damiani, Ernesto; El Ioini, Nabil

    2009-01-01

    Open Source Advances in Computer Applications book series provides timely technological and business information for: Enabling Open Source Systems (OSS) to become an integral part of systems and devices produced by technology companies; Inserting OSS in the critical path of complex network development and embedded products, including methodologies and tools for domain-specific OSS testing (lab code available), plus certification of security, dependability and safety properties for complex systems; Ensuring integrated systems, including OSS, meet performance and security requirements as well as achieving the necessary certifications, according to the overall strategy of OSS usage on the part of the adopter

  9. Quality of Protection Evaluation of Security Mechanisms

    Directory of Open Access Journals (Sweden)

    Bogdan Ksiezopolski

    2014-01-01

    Full Text Available Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol.

  10. Quality of protection evaluation of security mechanisms.

    Science.gov (United States)

    Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

    2014-01-01

    Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol. PMID:25136683

  11. Incorporating User-oriented Security into CC

    DEFF Research Database (Denmark)

    Sharp, Robin

    2009-01-01

    environment which contains not only other computer systems, but also human users. A case study involving the design of a secure medical instrumentation system will be used to illustrate the problems involved in incorporating user requirements into a secure design, so that system, when implemented, will help......Current versions of the Common Criteria concentrate very heavily on technical security issues which are relevant for the design of secure systems. This approach largely ignores a number of questions which can have great significance for whether or not the system can be operated securely in an...... users to understand whether they are operating the system in a secure manner, thus avoiding user-related pitfalls such as leaking of confidential data as a result of inappropriate input, loss of patient privacy, inappropriate user reactions due to slow system response, or other similar threats not...

  12. Information security protecting the global enterprise

    CERN Document Server

    Pipkin, Donald L

    2000-01-01

    In this book, IT security expert Donald Pipkin addresses every aspect of information security: the business issues, the technical process issues, and the legal issues. Pipkin starts by reviewing the key business issues: estimating the value of information assets, evaluating the cost to the organization if they are lost or disclosed, and determining the appropriate levels of protection and response to security incidents. Next, he walks through the technical processes required to build a consistent, reasonable information security system, with appropriate intrusion detection and reporting features. Finally, Pipkin reviews the legal issues associated with information security, including corporate officers' personal liability for taking care that information is protected. The book's coverage is applicable to businesses of any size, from 50 employees to 50,000 or more, and ideal for everyone who needs at least a basic understanding of information security: network/system administrators, managers, planners, archite...

  13. International Legal Framework for Nuclear Security

    International Nuclear Information System (INIS)

    The responsibility for nuclear security rests entirely with each State. There is no single international instrument that addresses nuclear security in a comprehensive manner. The legal foundation for nuclear security comprises international instruments and recognized principles that are implemented by national authorities. Security systems at the national level will contribute to a strengthened and more universal system of nuclear security at the international level. The binding security treaties are; Convention on the Physical Protection of Nuclear Material, the 2005 amendment thereto, Safeguards Agreements between the Agency and states required in Connection with the Treaty on the Non-Proliferation of Nuclear Weapons. Model Protocol additional to agreement(s) between State(s) and the Agency for the application of Safeguards Convention on Early Notification of a Nuclear Accident, Convention on Assistance in the Case of a Nuclear Accident or Radiological Emergency, Convention on Nuclear Safety, Joint Convention on the Safety of Spent Fuel Management and on the Safety of Radioactive Waste Management

  14. Developing security protocols in χ-Spaces

    DEFF Research Database (Denmark)

    Crazzolara, Federico; Milicia, Giuseppe

    2002-01-01

    an implementation of SPL (Security Protocol Language), a formal model for studying security protocols. In this paper we discuss the use of χ-Spaces as a tool for developing robust security protocol implementations. To make the case, we take a family of key-translation protocols due to Woo and Lam and......It is of paramount importance that a security protocol effectively enforces the desired security requirements. The apparent simplicity of informal protocol descriptions hides the inherent complexity of their interactions which, often, invalidate informal correctness arguments and justify the effort...... of formal protocol verification. Verification, however, is usually carried out on an abstract model not at all related with a protocol’s implementation. Experience shows that security breaches introduced in implementations of successfully verified models are rather common. The χ-Spaces framework is...

  15. Radioactive source security: the cultural challenges

    International Nuclear Information System (INIS)

    Radioactive source security is an essential part of radiation protection. Sources can be abandoned, lost or stolen. If they are stolen, they could be used to cause deliberate harm and the risks are varied and significant. There is a need for a global security protection system and enhanced capability to achieve this. The establishment of radioactive source security requires 'cultural exchanges'. These exchanges include collaboration between: radiation protection specialists and security specialists; the nuclear industry and users of radioactive sources; training providers and regulators/users. This collaboration will facilitate knowledge and experience exchange for the various stakeholder groups, beyond those already provided. This will promote best practice in both physical and information security and heighten security awareness generally. Only if all groups involved are prepared to open their minds to listen to and learn from, each other will a suitable global level of control be achieved. (authors)

  16. Security Service Technology for Mobile Networks

    Institute of Scientific and Technical Information of China (English)

    Aiqun Hu; Tao Li; Mingfu Xue

    2011-01-01

    As mobile networks become high speed and attain an all-IP structure, more services are possible. This brings about many new security requirements that traditional security programs cannot handle. This paper analyzes security threats and the needs of 3G/4G mobile networks, and then proposes a novel protection scheme for them based on their whole structure. In this scheme, a trusted computing environment is constructed on the mobile terminal side by combining software validity verification with access control. At the security management center, security services such as validity verification and integrity check are provided to mobile terminals. In this way, terminals and the network as a whole are secured to a much greater extent. This paper also highlights problems to be addressed in future research and development.

  17. Security model for VM in cloud

    Science.gov (United States)

    Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

    2013-03-01

    Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

  18. Security in the Transport of Radioactive Materials

    International Nuclear Information System (INIS)

    The United States Department of Energy National Nuclear Security Administration's (DOE/NNSA) Global Threat Reduction Initiative (GTRI), the International Atomic Energy Agency (IAEA) and active IAEA Donor States are working together to strengthen the security of nuclear and radioactive materials during transport to mitigate the risks of theft, diversion, or sabotage. International activities have included preparing and publishing the new IAEA guidance document Security in the Transport of Radioactive Material while ensuring that security recommendations do not conflict with requirements for safety during transport, and developing and providing training programs to assist other countries in implementing radioactive material transport security programs. This paper provides a brief update on the status of these transportation security efforts.

  19. Combining security risk assessment and security testing

    OpenAIRE

    Großmann, Jürgen; Seehusen, Fredrik

    2014-01-01

    Complex networked systems have become an integral part of our supply infrastructure. Mobile devices, home automation, smart grids and even vehicles are connected via the Internet and becoming accessible and thus vulnerable to hacker attacks. While the number of security incidents drastically increases, we are more than ever dependent on a secure and mature ICT infrastructure. One of the keys to maintain such a secure and dependable infrastructure are mature, systematic and capable proactive m...

  20. NETWORK SECURITY: AN APPROACH TOWARDS SECURE COMPUTING

    OpenAIRE

    Rahul Pareek

    2011-01-01

    The security of computer networks plays a strategic role in modern computer systems. In order to enforce high protection levels against malicious attack, a number of software tools have been currently developed. Intrusion Detection System has recently become a heated research topic due to its capability of detecting and preventing the attacks from malicious network users. A pattern matching IDS for network security has been proposed in this paper. Many network security applications...

  1. Macro Security Methodology for Conducting Facility Security and Sustainability Assessments

    International Nuclear Information System (INIS)

    Pacific Northwest National Laboratory (PNNL) has developed a macro security strategy that not only addresses traditional physical protection systems, but also focuses on sustainability as part of the security assessment and management process. This approach is designed to meet the needs of virtually any industry or environment requiring critical asset protection. PNNL has successfully demonstrated the utility of this macro security strategy through its support to the NNSA Office of Global Threat Reduction implementing security upgrades at international facilities possessing high activity radioactive sources that could be used in the assembly of a radiological dispersal device, commonly referred to as a 'dirty bomb'. Traditional vulnerability assessments provide a snap shot in time of the effectiveness of a physical protection system without significant consideration to the sustainability of the component elements that make up the system. This paper describes the approach and tools used to integrate technology, plans and procedures, training, and sustainability into a simple, quick, and easy-to-use security assessment and management tool.

  2. Principles of Security: Human, Cyber, and Biological

    CERN Document Server

    Stacey, Blake C

    2013-01-01

    Cybersecurity attacks are a major and increasing burden to economic and social systems globally. Here we analyze the principles of security in different domains and demonstrate an architectural flaw in current cybersecurity. Cybersecurity is inherently weak because it is missing the ability to defend the overall system instead of individual computers. The current architecture enables all nodes in the computer network to communicate transparently with one another, so security would require protecting every computer in the network from all possible attacks. In contrast, other systems depend on system-wide protections. In providing conventional security, police patrol neighborhoods and the military secures borders, rather than defending each individual household. Likewise, in biology, the immune system provides security against viruses and bacteria using primarily action at the skin, membranes, and blood, rather than requiring each cell to defend itself. We propose applying these same principles to address the c...

  3. On Invertible Sampling and Adaptive Security

    DEFF Research Database (Denmark)

    Ishai, Yuval; Kumarasubramanian, Abishek; Orlandi, Claudio;

    2011-01-01

    Secure multiparty computation (MPC) is one of the most general and well studied problems in cryptography. We focus on MPC protocols that are required to be secure even when the adversary can adaptively corrupt parties during the protocol, and under the assumption that honest parties cannot reliably...... erase their secrets prior to corruption. Previous feasibility results for adaptively secure MPC in this setting applied either to deterministic functionalities or to randomized functionalities which satisfy a certain technical requirement. The question whether adaptive security is possible for all...... functionalities was left open. We provide the first convincing evidence that the answer to this question is negative, namely that some (randomized) functionalities cannot be realized with adaptive security. We obtain this result by studying the following related invertible sampling problem: given an efficient...

  4. ENDPOINT PROTECTION SECURITY SYSTEM FOR AN ENTERPRISE

    OpenAIRE

    Ruotsalainen, Petri

    2013-01-01

    The thesis subscriber was Metso Shared Services Ltd. The objective was to find out if Microsoft Forefront Endpoint Protection 2010 (FEP) would be secure and cost-effective enough system to fulfill the requirements of the company’s endpoint protection security system. Microsoft FEP was compared and benchmarked with some other most significant endpoint protection products based on the requirements and definitions of the subscriber. The comparison and evaluation were based on investigation a...

  5. Establishing a National Nuclear Security Support Centre

    International Nuclear Information System (INIS)

    The responsibility for creating and sustaining a nuclear security regime for the protection of nuclear and other radiological material clearly belongs to the State. The nuclear security regime resembles the layers of an onion, with the equipment and personnel securing the borders and ports representing the outer layer, and nuclear power, research reactors and nuclear medicine facilities representing the inner layers, and the actual target material representing the core. Components of any nuclear security regime include not only technological systems, but the human resources needed to manage, operate, administer and maintain equipment, including hardware and software. This publication provides practical guidance on the establishment and maintenance of a national nuclear security support centre (NSSC) as a means to ensure nuclear security sustainability in a State. An NSSC's basic purpose is to provide a national focal point for passing ownership of nuclear security knowledge and associated technical skills to the competent authorities involved in nuclear security. It describes processes and methodologies that can be used by a State to analyse the essential elements of information in a manner that allows several aspects of long term, systemic sustainability of nuclear security to be addressed. Processes such as the systematic approach to training, sometimes referred to as instructional system design, are the cornerstone of the NSSC concept. Proper analysis can provide States with data on the number of personnel requiring training and instructors needed, scale and scope of training, technical and scientific support venues, and details on the type and number of training aids or simulators required so that operational systems are not compromised in any way. Specific regulatory guidance, equipment or technology lists, or specifications/design of protection systems are not included in this publication. For such details, the following IAEA publications should be consulted

  6. Managing Cisco network security

    CERN Document Server

    Knipp, Eric

    2002-01-01

    An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

  7. Hybrid-secure MPC 

    DEFF Research Database (Denmark)

    Lucas, Christoph; Raub, Dominik; Maurer, Ueli

    2010-01-01

    parameter ρ < n/2, we obtain one MPC protocol that is simultaneously IT secure with robustness for up to t ≤ ρ actively corrupted parties, IT secure with fairness (no robustness) for up to t < n/2, and computationally secure with agreement on abort (privacy and correctness only) for up to t < n -ρ. Our......Most protocols for distributed, fault-tolerant computation, or multi-party computation (MPC), provide security guarantees in an all-or-nothing fashion. In contrast, a hybrid-secure protocol provides different security guarantees depending on the set of corrupted parties and the computational power...... of the adversary, without being aware of the actual adversarial setting. Thus, hybrid-secure MPC protocols allow for graceful degradation of security. We present a hybrid-secure MPC protocol that provides an optimal trade-off between IT robustness and computational privacy: For any robustness...

  8. Do you write secure code?

    CERN Multimedia

    Computer Security Team

    2011-01-01

    At CERN, we are excellent at producing software, such as complex analysis jobs, sophisticated control programs, extensive monitoring tools, interactive web applications, etc. This software is usually highly functional, and fulfils the needs and requirements as defined by its author. However, due to time constraints or unintentional ignorance, security aspects are often neglected. Subsequently, it was even more embarrassing for the author to find out that his code flawed and was used to break into CERN computers, web pages or to steal data…   Thus, if you have the pleasure or task of producing software applications, take some time before and familiarize yourself with good programming practices. They should not only prevent basic security flaws in your code, but also improve its readability, maintainability and efficiency. Basic rules for good programming, as well as essential books on proper software development, can be found in the section for software developers on our security we...

  9. Cyber Security and Resilient Systems

    International Nuclear Information System (INIS)

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation's cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested - both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  10. Cyber Security and Resilient Systems

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson

    2009-07-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  11. Security classification of information

    Energy Technology Data Exchange (ETDEWEB)

    Quist, A.S.

    1993-04-01

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

  12. Secure and Efficient Routable Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.; Winn, Jennifer D.

    2010-05-01

    This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

  13. Course Material Selection Rubric for Creating Network Security Courses

    OpenAIRE

    Marriotti, Matthew

    2009-01-01

    Teaching network security can be a difficult task for university teachers, especially for teachers at smaller universities where the course loads are more diverse. Creating a new course in network security requires investigation into multiple subject areas within the field and from multiple sources. This task can be daunting and overwhelming for teachers from smaller universities because of their requirement to teach multiple subjects, not just network security. Along with the requirement of ...

  14. Smart security proven practices

    CERN Document Server

    Quilter, J David

    2014-01-01

    Smart Security: Understanding and Contributing to the Business is a video presentation. Length: 68 minutes. In Smart Security: Understanding and Contributing to the Business, presenter J. David Quilter demonstrates the benefits of how a fully integrated security program increases business profits and delivers smart security practices at the same time. The presentation does away with the misconception that security is only an expense. In fact, a well-integrated security program can protect business interests, thereby enhancing productivity and net income. Quilter covers cost analysis and secu

  15. ICT security management

    OpenAIRE

    Schreurs, Jeanne; Moreau, Rachel

    2008-01-01

    Security becomes more and more important and companies are aware that it has become a management problem. It’s critical to know what are the critical resources and processes of the company and their weaknesses. A security audit can be a handy solution. We have developed BEVA, a method to critically analyse the company and to uncover the weak spots in the security system. BEVA results also in a general security score and security scores for each security factor. These will be used in the risk ...

  16. Android apps security

    CERN Document Server

    Gunasekera, Sheran

    2012-01-01

    Android Apps Security provides guiding principles for how to best design and develop Android apps with security in mind. It explores concepts that can be used to secure apps and how developers can use and incorporate these security features into their apps. This book will provide developers with the information they need to design useful, high-performing, and secure apps that expose end-users to as little risk as possible.  Overview of Android OS versions, features, architecture and security.  Detailed examination of areas where attacks on applications can take place and what controls should b

  17. Securing the Vista Environment

    CERN Document Server

    Gregory, Peter

    2007-01-01

    "Securing the Vista Environment" takes you on a quick tour of the most significant security features in Vista, Microsoft's first revision of Windows in almost six years. You'll get background on threats and vulnerabilities that will make you think differently about security. Security is more than just the technology and configurations--it's about how we use the system that makes it secure or not. Then we'll cover Vista's security features, from user privileges to Windows Defender, User Account Control, and BitLocker, as well as strategies for protecting your information from unwanted disclo

  18. INNOVATIVE SECURITY: THE BASIC CONCEPTS, ESSENCE

    Directory of Open Access Journals (Sweden)

    V. A. Sakovich

    2016-01-01

    of the person. That is, the spheres which problems of safe development cannot be solved within the limits of economic security are mentioned. There is an objective requirement, for the decision of these many-sided and multidimensional problems arising in the course of formation of innovative economy, its safe development to generate within the limits of system of national security a new direction innovative security.

  19. A layered approach to user-centered security

    DEFF Research Database (Denmark)

    Bødker, Susanne

    2008-01-01

    The workshop will explore the possibilities of a user-centered perspective on security. With exceptions, existing research may be criticized for being highly system-centered, focusing on how one may change user behavior to deal with the requirements of security, or on how security aspects can be...

  20. 48 CFR 606.302-6 - National security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 4 2010-10-01 2010-10-01 false National security. 606.302... ACQUISITION PLANNING COMPETITION REQUIREMENTS Other Than Full and Open Competition 606.302-6 National security. (b) This subsection applies to all acquisitions involving national security information,...

  1. 48 CFR 6.302-6 - National security.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 1 2010-10-01 2010-10-01 false National security. 6.302-6... COMPETITION REQUIREMENTS Other Than Full and Open Competition 6.302-6 National security. (a) Authority. (1... for when the disclosure of the agency's needs would compromise the national security unless the...

  2. NFPA 99 Chapter 13 and healthcare security management.

    Science.gov (United States)

    D'Angelo, Michael S

    2016-01-01

    The new NFPA 99 Security Management Standard for healthcare facilities requires a Security Vulnerability Analysis be conducted annually, the author reports. This will usually uncover little change from year to year, he says, but by using the right model the analysis can be used to win back security additions that had previously been rejected by the C-Suite. PMID:26978960

  3. The chief information security officer insights, tools and survival skills

    CERN Document Server

    Kouns, Barry

    2011-01-01

    Chief Information Security Officers are bombarded with huge challenges every day, from recommending security applications to strategic thinking and business innovation. This guide describes the hard and soft skills that a successful CISO requires: not just a good knowledge of information security, but also attributes such as flexibility and communication skills.

  4. Disaster at a University: A Case Study in Information Security

    Science.gov (United States)

    Ayyagari, Ramakrishna; Tyks, Jonathan

    2012-01-01

    Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

  5. An Overview Of The Security Concerns In Enterprise Cloud Computing

    OpenAIRE

    Anthony Bisong; Rahman, Syed M.

    2011-01-01

    Deploying cloud computing in an enterprise infrastructure bring significant security concerns.Successful implementation of cloud computing in an enterprise requires proper planning andunderstanding of emerging risks, threats, vulnerabilities, and possible countermeasures. We believe enterprise should analyze the company/organization security risks, threats, and available countermeasures before adopting this technology. In this paper, we have discussed security risks and concerns in cloud comp...

  6. An Overview of the Security Concerns in Enterprise Cloud Computing

    OpenAIRE

    Bisong, Anthony; Syed; Rahman, M.

    2011-01-01

    Deploying cloud computing in an enterprise infrastructure bring significant security concerns. Successful implementation of cloud computing in an enterprise requires proper planning and understanding of emerging risks, threats, vulnerabilities, and possible countermeasures. We believe enterprise should analyze the company/organization security risks, threats, and available countermeasures before adopting this technology. In this paper, we have discussed security risks and concerns in cloud co...

  7. 33 CFR 106.255 - Security systems and equipment maintenance.

    Science.gov (United States)

    2010-07-01

    ... maintenance. 106.255 Section 106.255 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND... Shelf (OCS) Facility Security Requirements § 106.255 Security systems and equipment maintenance. (a... procedures for identifying and responding to security system and equipment failures or malfunctions....

  8. Security Design of Remote Maintenance Systems for Nuclear Power Plants Based on ISO/IEC 15408

    Science.gov (United States)

    Watabe, Ryosuke; Oi, Tadashi; Endo, Yoshio

    This paper presents a security design of remote maintenance systems for nuclear power plants. Based on ISO/IEC 15408, we list assets to be protected, threats to the assets, security objectives against the threats, and security functional requirements that achieve the security objectives. Also, we show relations between the threats and the security objectives, and relations between the security objectives and the security functional requirements. As a result, we concretize a necessary and sufficient security design of remote maintenance systems for nuclear power plants that can protect the instrumentation and control system against intrusion, impersonation, tapping, obstruction and destruction.

  9. Security barriers in the physical protection concept of nuclear facilities in Switzerland

    International Nuclear Information System (INIS)

    The presentation describes the structural security measures - security zones and barriers - used for the physical protection of nuclear facilities in Switzerland, especially nuclear power plants. Part 1 deals with the concept of security zones and barriers: arrangement and functions of security zones and barriers, requirements on the level of resistance of security barriers, allocation of buildings, systems and installations to security zones in nuclear facilities. Part 2 deals with examples concerning requirements, construction and inspection of the various security barriers, and describes the development of special components for security barriers

  10. SecureD: A Secure Dual Core Embedded Processor

    OpenAIRE

    Ragel, Roshan G.; Ambrose, Jude A.; Parameswaran, Sri

    2015-01-01

    Security of embedded computing systems is becoming of paramount concern as these devices become more ubiquitous, contain personal information and are increasingly used for financial transactions. Security attacks targeting embedded systems illegally gain access to the information in these devices or destroy information. The two most common types of attacks embedded systems encounter are code-injection and power analysis attacks. In the past, a number of countermeasures, both hardware- and sof...

  11. Security Protocols in a Nutshell

    OpenAIRE

    Toorani, Mohsen

    2016-01-01

    Security protocols are building blocks in secure communications. They deploy some security mechanisms to provide certain security services. Security protocols are considered abstract when analyzed, but they can have extra vulnerabilities when implemented. This manuscript provides a holistic study on security protocols. It reviews foundations of security protocols, taxonomy of attacks on security protocols and their implementations, and different methods and models for security analysis of pro...

  12. Developing a Security Metrics Scorecard for Healthcare Organizations.

    Science.gov (United States)

    Elrefaey, Heba; Borycki, Elizabeth; Kushniruk, Andrea

    2015-01-01

    In healthcare, information security is a key aspect of protecting a patient's privacy and ensuring systems availability to support patient care. Security managers need to measure the performance of security systems and this can be achieved by using evidence-based metrics. In this paper, we describe the development of an evidence-based security metrics scorecard specific to healthcare organizations. Study participants were asked to comment on the usability and usefulness of a prototype of a security metrics scorecard that was developed based on current research in the area of general security metrics. Study findings revealed that scorecards need to be customized for the healthcare setting in order for the security information to be useful and usable in healthcare organizations. The study findings resulted in the development of a security metrics scorecard that matches the healthcare security experts' information requirements. PMID:26718256

  13. Physical security at research reactors

    International Nuclear Information System (INIS)

    Of the 84 non-power research facilities licensed under 10 CFR Part 50, 73 are active (two test reactors, 68 research reactors and three critical facilities) and are required by 10 CFR Part 73.40 to provide physical protection against theft of SNM and against industrial sabotage. Each licensee has developed a security plan required by 10 CFR Part 50.34(c) to demonstrate the means of compliance with the applicable requirements of 10 CFR Part 73. In 1974, the Commission provided interim guidance for the organization and content of security plans for (a) test reactors, (b) medium power research and training reactors, and (c) low power research and training reactors. Eleven TRIGA reactors, with power levels greater than 250 kW and all other research and training reactors with power levels greater than 100 kW and less than or equal to 5,000 kW are designated as medium power research and training reactors. Thirteen TRIGA reactors with authorized power levels less than 250 kW are considered to be low power research and training reactors. Additional guidance for complying with the requirements of 73.50 and 73.60, if applicable, is provided in the Commission's Regulatory Guides. The Commission's Office of Inspection and Enforcement inspects each licensed facility to assure that an approved security plan is properly implemented with appropriate procedures and physical protection systems

  14. Educational Programme in Nuclear Security (Chinese Version)

    International Nuclear Information System (INIS)

    Higher education plays an essential role in nuclear security capacity building. It ensures the availability of experts able to provide the necessary competencies for the effective national nuclear security oversight of nuclear and other radioactive material and to establish and maintain an appropriate nuclear regime in a State. This guide provides both the theoretical knowledge and the practical skills necessary to meet the requirements described in the international framework for nuclear security. Emphasis is placed on the implementation of these requirements and recommendations in States. On the basis of this guide, each university should be able to develop its own academic programme tailored to suit the State's educational needs in the area of nuclear security and to meet national requirements.

  15. Ubiquitous Health Monitoring Systems: Addressing Security Concerns

    Directory of Open Access Journals (Sweden)

    Mahmoud Elkhodr

    2011-01-01

    Full Text Available Problem statement: It is important to secure the transmission of patient’s EHR in remote health monitoring systems. Security is among the main issues that need to be realized for the adaption of this monitoring technology. The face of healthcare is changing as ubiquitous computing technologies are being incorporated into the existing infrastructure. We specify the requirements, needed security mechanism, outstanding issues and the future challenges as well as the open problems that need to be achieved. Approach: Although there were benefits to technology, approaches that offer reliable privacy and security features must be presented to users in order to make these systems socially accepted. Results: We investigated the privacy and security implications generated from the deployment of remote health monitoring technology. To achieve these security requirements, building on the strengths of Transport Layer Security (TLS protocol, a trust negotiation approach was proposed. The application of this approach results in significant improvements in overcoming security related concerns compared to the traditional identity-based only access control techniques. Conclusion: We believe these considerations will eventually contribute toward an efficient and practical deployment of remote monitoring systems.

  16. Formal policies for flexible EHR security.

    Science.gov (United States)

    Blobel, Bernd; Pharow, Peter

    2006-01-01

    State of the Art methodologies for establishing requirements and solutions to securing applications are based on narrative descriptions about the use of available system, sometimes also dedicated to system components. Even nowadays new developments to ruling application security services by the use of predicate logic suffer from being administered manually. Therefore, security and privacy requirements cannot be properly met resulting in restrictions and fears for allowing the use of sensitive data and functions. Because of the sensitivity of personal health information and especially of genetic data with its wider implications beyond the original subject of care, weaknesses in guaranteeing fine-grained security and privacy rules lead to less acceptance or even the avoidance of essential information transfer and use. To overcome the problem, security and privacy have to become properties of the architectural components of the respective health information system. Embedding security into the systems architecture allows for negotiating and enforcing any security and privacy services related to principals, their roles, their relationships, further contextual information as well as other regulations summarized in formally modeled policies. The paper introduces the evolving paradigm of the model-driven architecture, first time also comprehensively deployed for security and privacy services in bio-genetic and health information systems. PMID:17095829

  17. Security of Dependable Systems

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...... in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions....

  18. Department of Homeland Security

    Science.gov (United States)

    ... Main Content Official website of the Department of Homeland Security Contact Us Quick Links Site Map A-Z ... Forms Combating Human Trafficking Taking Action on Immigration Homeland Security Jobs Visa Waiver Program Immigration Case Status Science & ...

  19. Checking Security Policy Compliance

    CERN Document Server

    Gowadia, Vaibhav; Kudo, Michiharu

    2008-01-01

    Ensuring compliance of organizations to federal regulations is a growing concern. This paper presents a framework and methods to verify whether an implemented low-level security policy is compliant to a high-level security policy. Our compliance checking framework is based on organizational and security metadata to support refinement of high-level concepts to implementation specific instances. Our work uses the results of refinement calculus to express valid refinement patterns and their properties. Intuitively, a low-level security policy is compliant to a high-level security policy if there is a valid refinement path from the high-level security policy to the low-level security policy. Our model is capable of detecting violations of security policies, failures to meet obligations, and capability and modal conflicts.

  20. Wireshark network security

    CERN Document Server

    Verma, Piyush

    2015-01-01

    If you are network administrator or a security analyst with an interest in using Wireshark for security analysis, then this is the book for you. Basic familiarity with common network and application services terms and technologies is assumed.

  1. Security of Dependable Systems

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...... in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions....

  2. Secure DTN Communications Project

    Data.gov (United States)

    National Aeronautics and Space Administration — Innoflight proposes to implement and perform an on-orbit demonstration of a Secure DTN communications suite on the SCaN Testbed aboard the ISS. Secure DTN is a...

  3. Security in Computer Applications

    CERN Document Server

    CERN. Geneva

    2004-01-01

    Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development. The last part of the lecture covers some miscellaneous issues like the use of cryptography, rules for networking applications, and social engineering threats. This lecture was first given on Thursd...

  4. Social Security Financial Crises

    OpenAIRE

    Rodrigo Cerda

    2003-01-01

    This paper explores the causes of the social security financial crises. We indicate that the financial crisis might be endogenous to the social security system. The main idea is that the PAYG social security system might affect fertility and human capital's decisions and therefore, may negatively impact the aggregated growth rate of the economy. These effects lead to an endogenous erosion of the financial basis of the PAYG social security program so that, as a consequence, the PAYG system is ...

  5. When security becomes green

    International Nuclear Information System (INIS)

    Environmental security is a relatively recent concept which gives rise to intense debate at the heart of the theory of international relations. What is the referent object of environmental security? To what extent can the scarcity of a natural resource be the cause of a 'green' war? Is climate change a threat to national security? This article tackles these questions through a review of the literature on the theoretical work dealing with environmental security in the field of international relations. (author)

  6. East Asia's Security System

    OpenAIRE

    Hojzáková, Věra

    2012-01-01

    The aim of the master thesis is to characterize and evaluate the current security system in East Asia, to show the security strategies of the system actors and the existing friction points, and to assess the future development of the security system in place. For this purpose the author first defines the East Asia's security system using the conceptual tools of three international relations theories, namely neo-realism, neo-liberalism, and constructivism. In the following section, the securit...

  7. Security system signal supervision

    Energy Technology Data Exchange (ETDEWEB)

    Chritton, M.R. (BE, Inc., Barnwell, SC (United States)); Matter, J.C. (Sandia National Labs., Albuquerque, NM (United States))

    1991-09-01

    This purpose of this NUREG is to present technical information that should be useful to NRC licensees for understanding and applying line supervision techniques to security communication links. A review of security communication links is followed by detailed discussions of link physical protection and DC/AC static supervision and dynamic supervision techniques. Material is also presented on security for atmospheric transmission and video line supervision. A glossary of security communication line supervision terms is appended. 16 figs.

  8. Electronic healthcare information security

    CERN Document Server

    Dube, Kudakwashe; Shoniregun, Charles A

    2010-01-01

    The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

  9. Mobile platform security

    CERN Document Server

    Asokan, N; Dmitrienko, Alexandra

    2013-01-01

    Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrat

  10. Security system signal supervision

    International Nuclear Information System (INIS)

    This purpose of this NUREG is to present technical information that should be useful to NRC licensees for understanding and applying line supervision techniques to security communication links. A review of security communication links is followed by detailed discussions of link physical protection and DC/AC static supervision and dynamic supervision techniques. Material is also presented on security for atmospheric transmission and video line supervision. A glossary of security communication line supervision terms is appended. 16 figs

  11. Developing Secure Cloud Applications

    OpenAIRE

    Rak, Massimiliano; Ficco, Massimo; Battista, Ermanno; Casola, Valentina; Mazzocca, Nicola

    2014-01-01

    Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud service provider prospective in order to securely integrate frameworks and Infrastructures as a Services in a Cloud datacenter. Customer could not monitor and evaluate the security mechanisms enforced by service provider. Service Level Agreements mainly focus on performance related terms and no guarantees are ...

  12. Security Policy Enforcement

    OpenAIRE

    Irvine, Cynthia E.

    2005-01-01

    Many chapters of this Handbook describe mechanisms that contribute to various facets of security. The arbitrary use of security mechanisms provides no prescription for the achievement of security goals. It is only in their application in the context of organizational objectives for the protection of information and computational assets that security can be assessed. This chapter is intended to discuss the policies that provide a rationale for those mechanisms and to broadly examine their enfo...

  13. Web Application Security Testing

    OpenAIRE

    Bukovský, Ondřej

    2012-01-01

    The purpose of this bachelor's thesis is to present the topic of web applications security. The purpose of the first, theoretical part of this work is to introduce and describe fundamentals like web security or penetration testing. OWASP (Open Web Application Security Project) and their ten most critical web applications security risks are presented in the rest of the first part. Second, practical part describes tested web application and defines purpose and scope of penetration tests. Then t...

  14. Web Security Testing Cookbook

    CERN Document Server

    Hope, Paco

    2008-01-01

    Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.

  15. Information Security Management

    OpenAIRE

    Huang, Lu

    2015-01-01

    The main purpose of the thesis was to present different areas of information security controls based on the international information security standard ISO 27001. The thesis also describes the methods of risk analysis and how to establish, implement, maintain and improve information security system in organizations. Most of the material was collected from books and various online resources. Some information was taken also from the teaching materials of the information security course. ...

  16. Advanced Linux Security

    Directory of Open Access Journals (Sweden)

    Ranjit Nimbalkar

    2013-01-01

    Full Text Available Using mandatory access control greatly increases the secu-rity of an operating system. SELinux, which is an implemen-tation of Linux Security Modules (LSM, implements several measures to prevent unauthorized system usage. The se-curity architecture used is named Flask, and provides a clean separation of security policy and enforcement. This paper is an overview of the Flask architecture and the implementation in Linux.

  17. Network Security with Cryptography

    OpenAIRE

    Prof. Mukund R. Joshi; Renuka Avinash Karkade

    2015-01-01

    Network Security & Cryptography is a concept to protect network and data transmission over wireless network. Data Security is the main aspect of secure data transmission over unreliable network. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Netw...

  18. Hybrid Security Policies

    Directory of Open Access Journals (Sweden)

    Radu CONSTANTINESCU

    2006-01-01

    Full Text Available Policy is defined as the rules and regulations set by the organization. They are laid down by management in compliance with industry regulations, law and internal decisions. Policies are mandatory. Security policies rules how the information is protected against security vulnerabilities and they are the basis for security awareness, training and vital for security audits. Policies are focused on desired results. The means of achieving the goals are defined on controls, standards and procedures.

  19. SECURE REMOTE CLIENT AUTHENTICATION

    Directory of Open Access Journals (Sweden)

    K.Pradeep,

    2010-10-01

    Full Text Available This paper discusses an application of Secure Remote Client Authentication. It presents a Smart Cards and Digitally certification from third party vendors, Smart cards are based on algorithm to provide secure Remote client Authentication. These schemes vary significantly.In relation to today’s security challenges, which includephishing, man-in-the-middle attacks and malicious software. Secure Remote Client authentication plays a key role.

  20. SECURE REMOTE CLIENT AUTHENTICATION

    OpenAIRE

    K.Pradeep,; R.Usha Rani; E.Ravi Kumar; K.Nikhila,; Vijay Sankar

    2010-01-01

    This paper discusses an application of Secure Remote Client Authentication. It presents a Smart Cards and Digitally certification from third party vendors, Smart cards are based on algorithm to provide secure Remote client Authentication. These schemes vary significantly.In relation to today’s security challenges, which includephishing, man-in-the-middle attacks and malicious software. Secure Remote Client authentication plays a key role.

  1. Measuring Network Security

    OpenAIRE

    Serrelis, Emmanouil; Alexandris, Nikolaos

    2010-01-01

    The question that was analyzed in this chapter is whether and how the principles of the security measurement methodologies can be applied so that the objective measurement of security of business services can be achieved. The motives that support this question are focused in the justification of expenses and investments that are related with to security. Thus, although the management of security is closely related to technical and organisational

  2. Methodology for security development of an electronic prescription system.

    OpenAIRE

    Niinimäki, J.; M.; Savolainen; Forsström, J. J.

    1998-01-01

    Data security is an essential requirement in all health care applications. Developers of medical information systems should utilize the existing security development and evaluation methods to foresee as many of the technical and human factors that may endanger data security as possible and apply appropriate precautions. Modern smart card technology facilitates the building of robust security framework for interorganizational shared care systems. In this article, we describe the way we utilize...

  3. Norms, standards, models and recommendations for information security management

    OpenAIRE

    Karol Kreft

    2010-01-01

    Information is the factor which can decide about the potential and market value of a company. An increase in the value of intellectual capital of an information-driven company requires development of an effective security management system. More and more often companies develop information security management systems (ISMS) based on already verified models. In the article, the main problems with management of information security were discussed. Security models were described, as well as the ...

  4. Cyber security best practices for the nuclear industry

    International Nuclear Information System (INIS)

    When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

  5. Secure transaction processing in firm real-time database systems

    OpenAIRE

    George, Binto; Haritsa, Jayant

    1997-01-01

    Many real-time database applications arise in safety-critical installations and military systems where enforcing security is crucial to the success of the enterprise. A secure real-time database system has to simultaneously satisfy who requirements guarantee data security and minimize the number of missed transaction deadlines. We investigate here the performance implications, in terms of missed deadlines, of guaranteeing security in a real-time database system. In particular, we focus on the...

  6. Restricted access processor - An application of computer security technology

    Science.gov (United States)

    Mcmahon, E. M.

    1985-01-01

    This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

  7. Traceability for adaptive information security in the cloud

    OpenAIRE

    Nhlabatsi, Armstrong; Tun, Thein; Khan, Niamul; Yu, Yijun; Bandara, Arosha; Khan, Khaled; Nuseibeh, Bashar

    2014-01-01

    One of the key challenges in cloud computing is the security of the consumer data stored and processed by cloud machines. When the usage context of a cloud application changes, or when the context is unknown, there is a risk that security policies are violated. To minimize this risk, cloud applications need to be engineered to adapt their security policies to maintain satisfaction of security requirements despite changes in their usage context. We call such adaptation capability Adaptive Info...

  8. Managing security in an e-business environment

    OpenAIRE

    Davcev, Ljupco

    2009-01-01

    Technological developments over the past few years have made significant contributions to securing the Internet for e-business. Ensuring security for e-business information exchange is essential as it entails exchange of sensitive information. E-business transactions entail transfer of funds with buyers, sellers and business partners. Vulnerabilities and security incidents in the digital environment require an understanding of technology issues and security challenges for privacy and trust...

  9. A Model Based Security Testing Method for Protocol Implementation

    OpenAIRE

    Yu Long Fu; Xiao Long Xin

    2014-01-01

    The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of ...

  10. A Security Adaptation Reference Monitor for Wireless Sensor Network

    OpenAIRE

    El-Maliki, Tewfiq; Seigneur, Jean-Marc

    2012-01-01

    Security in Wireless Sensor Network has become a hot research topic due to their wide deployment and the increasing new runtime attacks they are facing. We observe that traditional security protocols address conventional security problems and cannot deal with dynamic attacks such as sinkhole dynamic behavior. Moreover, they use resources, and limit the efficient use of sensor resources and inevitably the overall network efficiency is not guaranteed. Therefore, the requirements of new security...

  11. Educational Programme in Nuclear Security

    International Nuclear Information System (INIS)

    The potential of a malicious act involving nuclear or other radioactive material is a continuing worldwide threat. Available data indicate circumstances in which nuclear and other radioactive material are vulnerable to theft, are uncontrolled, or are in unauthorized circulation. States must establish sustainable security measures to prevent such acts and to protect society from nuclear terrorism. Appropriate training and education at all levels and in all relevant organizations and facilities can play a major role in this process. There is increased interest in nuclear applications. Many States have expressed interest in expanding or introducing nuclear power in their country as a result of their own assessment of their energy supply needs, because of climate change, and development requirements. The projected increase in the demand for nuclear energy will increase the number of nuclear reactors worldwide and, consequently, the amount of nuclear material in use. Possible malicious acts involving nuclear or other radioactive material are a real threat. These developments are mirrored by an increase in the use of nuclear techniques in non-power applications. As a result, the need for experts in the area of nuclear security has become of great importance, and both universities and students have shown an increasing interest in nuclear security specialities. In September 2005, the Board of Governors approved a Nuclear Security Plan covering the period 2006-2009. This emphasized, inter alia, the importance of human resource development to assist States in building capacity to establish and maintain appropriate nuclear security to prevent, detect and respond to malicious acts involving nuclear and other radioactive material. The Nuclear Security Plan envisages the development of guidance for an educational programme in nuclear security that could be used by all States. In pursuit of this goal, this publication has been developed to provide advice and assistance to

  12. Computer security of NPP instrumentation and control systems: regulatory framework

    International Nuclear Information System (INIS)

    The paper examines the regulatory framework on computer security of NPP instrumentation and control systems (I and C) and presents the short overview of IAEA Nuclear Security Series. It considers the key reference manual from these series and draft new guide on NPP I and C computer security. The paper presents requirements for information and computer security of NPP I and C from the standards of the International Electrotechnical Commission (IEC) and, in particular, the standard regulating requirements for NPP I and C computer security program. Regulatory guide of the US Nuclear Regulatory Commission with requirements for computer security program of nuclear facilities has been analyzed. The research considers challenges of regulatory control in this area and defines tasks to improve regulatory framework on computer security at Ukrainian nuclear facilities.

  13. Refelctions on the security

    Directory of Open Access Journals (Sweden)

    Ladislav Hofreiter

    2013-07-01

    Full Text Available In this paper are presented the author‘s reflections about concept meaning of the security, about his systemic perception and actual scientific access to the security research. The author presented securitology paradigm for valuation security optional reference object.

  14. Europe: Future security agenda

    International Nuclear Information System (INIS)

    The security in Europe is not a condition but a process. At different stages of that process the priorities and political significance of various factors determining the security of individual states, and Europe as w whole, are changing. While thinking of future, the importance of searching for new means of confidence building, disarmament, co-ordination and cooperation among various security structures increases

  15. Secure pairing with biometrics

    NARCIS (Netherlands)

    Buhan, I.R.; Boom, B.J.; Doumen, J.M.; Hartel, P.H.; Veldhuis, R.N.J.

    2009-01-01

    Secure pairing enables two devices that share no prior context with each other to agree upon a security association, which they can use to protect their subsequent communication. Secure pairing offers guarantees of the association partner identity and it should be resistant to eavesdropping and to a

  16. Autonomous Security Patrol System

    OpenAIRE

    Erramouspe, Jake

    2010-01-01

    This project provides an efficient and cost-effective solution to building security and active monitoring. The security is monitored and controlled by autonomous patrol robots. Any indication of a security breach will result in an immediate alarm and activation of the robot group to subdue and tranquilize the intruder.

  17. A methodology for performing computer security reviews

    International Nuclear Information System (INIS)

    DOE Order 5637.1, ''Classified Computer Security,'' requires regular reviews of the computer security activities for an ADP system and for a site. Based on experiences gained in the Los Alamos computer security program through interactions with DOE facilities, we have developed a methodology to aid a site or security officer in performing a comprehensive computer security review. The methodology is designed to aid a reviewer in defining goals of the review (e.g., preparation for inspection), determining security requirements based on DOE policies, determining threats/vulnerabilities based on DOE and local threat guidance, and identifying critical system components to be reviewed. Application of the methodology will result in review procedures and checklists oriented to the review goals, the target system, and DOE policy requirements. The review methodology can be used to prepare for an audit or inspection and as a periodic self-check tool to determine the status of the computer security program for a site or specific ADP system. 1 tab

  18. A methodology for performing computer security reviews

    International Nuclear Information System (INIS)

    This paper reports on DIE Order 5637.1, Classified Computer Security, which requires regular reviews of the computer security activities for an ADP system and for a site. Based on experiences gained in the Los Alamos computer security program through interactions with DOE facilities, the authors have developed a methodology to aid a site or security officer in performing a comprehensive computer security review. The methodology is designed to aid a reviewer in defining goals of the review (e.g., preparation for inspection), determining security requirements based on DOE policies, determining threats/vulnerabilities based on DOE and local threat guidance, and identifying critical system components to be reviewed. Application of the methodology will result in review procedures and checklists oriented to the review goals, the target system, and DOE policy requirements. The review methodology can be used to prepare for an audit or inspection and as a periodic self-check tool to determine the status of the computer security program for a site or specific ADP system

  19. Core software security security at the source

    CERN Document Server

    Ransome, James

    2013-01-01

    First and foremost, Ransome and Misra have made an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. This book clarifies to executives the decisions to be made on software security and then provides guidance to managers and developers on process and procedure. Readers are armed with firm solutions for the fight against cyber threats.-Dr. Dena Haritos Tsamitis. Carnegie Mellon UniversityIn the wake of cloud computing and mobile apps, the issue of software security has never been more importan

  20. Android Security Framework: Enabling Generic and Extensible Access Control on Android

    OpenAIRE

    Backes, Michael; Bugiel, Sven; Gerling, Sebastian; von Styp-Rekowsky, Philipp

    2014-01-01

    We introduce the Android Security Framework (ASF), a generic, extensible security framework for Android that enables the development and integration of a wide spectrum of security models in form of code-based security modules. The design of ASF reflects lessons learned from the literature on established security frameworks (such as Linux Security Modules or the BSD MAC Framework) and intertwines them with the particular requirements and challenges from the design of Android's software stack. ...

  1. Web Applications Security : A security model for client-side web applications

    OpenAIRE

    Prabhakara, Deepak

    2009-01-01

    The Web has evolved to support sophisticated web applications. These web applications are exposed to a number of attacks and vulnerabilities. The existing security model is unable to cope with these increasing attacks and there is a need for a new security model that not only provides the required security but also supports recent advances like AJAX and mashups. The attacks on client-side Web Applications can be attributed to four main reasons – 1) lack of a security context for Web Browsers...

  2. Regulating the private security industry

    CERN Document Server

    Percy, Sarah

    2002-01-01

    The under-regulation of the private security industry has increasingly become a topic of media and academic interest. This Adelphi Paper enters the debate by explaining why the industry requires further regulation, and what is wrong with the current system. It begins by briefly defining the industry and explaining the need for more effective regulation, before analysing three types of regulation: domestic, international and informal (including self-regulation).

  3. Poland's gas security

    OpenAIRE

    Rosicki, Remigiusz

    2015-01-01

    The subject matter analyzed in the text is Poland’s energy security as illustrated with the security of gas supply (gas supply security). The text analyzes a selection of problems concerned with gas security and so the focus is on: (1) a description of gas supply contracts, and (2) an assessment of gas supply security with regard to the technical import capabilities of the transmission infrastructure. In both cases two time-frames were applied: (1) 2006–2010, (2) the period after 2010 with a ...

  4. Information security fundamentals

    CERN Document Server

    Blackley, John A; Peltier, Justin

    2004-01-01

    Effective security rules and procedures do not exist for their own sake-they are put in place to protect critical assets, thereby supporting overall business objectives. Recognizing security as a business enabler is the first step in building a successful program.Information Security Fundamentals allows future security professionals to gain a solid understanding of the foundations of the field and the entire range of issues that practitioners must address. This book enables students to understand the key elements that comprise a successful information security program and eventually apply thes

  5. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2014-01-01

    The runaway growth of computer viruses and worms and the ongoing nuisance posed by malicious hackers and employees who exploit the security vulnerabilities of open network protocols make the tightness of an organization's security system an issue of prime importance. And information systems technology is advancing at a frenetic pace. Against this background, the challenges facing information security professionals are increasing rapidly.Information Security Management Handbook, Fourth Edition, Volume 2 is an essential reference for anyone involved in the security of information systems.

  6. Information security management handbook

    CERN Document Server

    2002-01-01

    The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the tech

  7. Android security cookbook

    CERN Document Server

    Makan, Keith

    2013-01-01

    Android Security Cookbook' breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabilities in the form of detailed recipes and walkthroughs.""Android Security Cookbook"" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from

  8. Pro Spring security

    CERN Document Server

    Scarioni, Carlo

    2013-01-01

    Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications

  9. Secure Vehicular Communication Systems: Design and Architecture

    CERN Document Server

    Papadimitratos, P; Holczer, T; Schoch, E; Freudiger, J; Raya, M; Ma, Z; Kargl, F; Kung, A; Hubaux, J -P

    2009-01-01

    Significant developments have taken place over the past few years in the area of vehicular communication (VC) systems. Now, it is well understood in the community that security and protection of private user information are a prerequisite for the deployment of the technology. This is so, precisely because the benefits of VC systems, with the mission to enhance transportation safety and efficiency, are at stake. Without the integration of strong and practical security and privacy enhancing mechanisms, VC systems could be disrupted or disabled, even by relatively unsophisticated attackers. We address this problem within the SeVeCom project, having developed a security architecture that provides a comprehensive and practical solution. We present our results in a set of two papers in this issue. In this first one, we analyze threats and types of adversaries, we identify security and privacy requirements, and we present a spectrum of mechanisms to secure VC systems. We provide a solution that can be quickly adopte...

  10. SECURITY ISSUES AND COUNTERMEASURES FOR VOIP NETWORKS

    Directory of Open Access Journals (Sweden)

    M.Rajeswari*,

    2015-01-01

    Full Text Available Voice over Internet Protocol (VoIP has been widely deployed since the integration of the voice and data networks reduces management effort and cost. Since VoIP share the same infrastructure with traditional data network, it inherits all security problems from data network. Furthermore, VoIP also has its own security problems coming from new protocols and network component. This paper focuses on these VoIP specific security threats and the countermeasures to mitigate the problem. At first, this paper gives a brief introduction of VoIP techniques: the network structure, network components, protocols and standards, data handling procedures, quality of service requirements. Secondly, the paper discusses the VoIP specific security threats using the principle of CIA (Confidentiality, Integrity and Availability. The countermeasure to mitigate these threats is also discussed. At last, the paper proposes the practice to secure VoIP networks.

  11. A Framework for Secure Cloud Computing

    Directory of Open Access Journals (Sweden)

    Ahmed E. Youssef

    2012-07-01

    Full Text Available Cloud computing is one of the most discussed topics today in the field of information technology. It introduces a new Internet-based environment for on-demand, dynamic provision of reconfigurable computing resources. The biggest challenge in cloud computing is the security and privacy problems caused by its multi-tenancy nature and the outsourcing of infrastructure, sensitive data and critical applications. In this paper, we propose a framework that identifies security and privacy challenges in cloud computing. It highlights cloud-specific attacks and risks and clearly illustrates their mitigations and countermeasures. We also propose a generic cloud computing security model that helps satisfy security and privacy requirements in the clouds and protect them against various vulnerabilities. The purpose of this work is to advise on security and privacy considerations that should be taken and solutions that might be considered when using the cloud environment by individuals and organizations.

  12. Analysis of MANET Security, Architecture and Assessment

    Directory of Open Access Journals (Sweden)

    Sweta Kaushik

    2012-03-01

    Full Text Available in these days, the Mobile ad hoc network (MANET technology spreads widely. Architecture and security issue is the most sensitive challenge of MANET. MANET support to nodes for directly communications with all the other nodes within their radio ranges through multiple wireless links, where the nodes are not in the direct communication range using intermediate node(s to communicate with each other. In a MANET, the users’ mobile devices behave as a network, and they must cooperatively provide the different functions which are generally provided by the network infrastructure like as routers, switches, servers. The security issues and requirement of the MANET depends on its application. Specific security architecture is necessary for specific application. The security challenges in the MANET generate because of its dynamic topology, vulnerable wireless link and nomadic environment. In this paper we have discussed the architecture and security issues of MANET.

  13. Review your Computer Security Now and Frequently!

    CERN Multimedia

    IT Department

    2009-01-01

    The start-up of LHC is foreseen to take place in the autumn and we will be in the public spotlight again. This increases the necessity to be vigilant with respect to computer security and the defacement of an experiment’s Web page in September last year shows that we should be particularly attentive. Attackers are permanently probing CERN and so we must all do the maximum to reduce future risks. Security is a hierarchical responsibility and requires to balance the allocation of resources between making systems work and making them secure. Thus all of us, whether users, developers, system experts, administrators, or managers are responsible for securing our computing assets. These include computers, software applications, documents, accounts and passwords. There is no "silver bullet" for securing systems, which can only be achieved by a painstaking search for all possible vulnerabilities followed by their mitigation. Additional advice on particular topics can be obtained from the relevant I...

  14. Network security with openSSL cryptography for secure communications

    CERN Document Server

    Viega, John; Chandra, Pravir

    2002-01-01

    Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications.The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. The library is the only free, full-featured SSL implementation for C and C++, and it can be used programmatically or from the command line to secure most TCP-based network protocols.Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library?s advanced features. And, inst...

  15. Using IND-CVA for constructing secure communication

    Institute of Scientific and Technical Information of China (English)

    HU ZhenYu; JIANG JianChun; SUN FuChun

    2009-01-01

    Within the framework of UC (universally composable) security, a general method is presented to con-struct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext verification attacks). A channel protocol with using the method first invokes an ideal key-exchange protocol to get a session key, and then computes the messages with an authenticated en-cryption scheme. The paper shows that a channel protocol is UC secure if and only if the underlying authenticated encryption scheme is both IND-CVA secure and INT-PTXT secure. The condition about secure channel protocol in this paper is much weaker than IND-CCA secure and INT-CTXT secure. The IND-CVA can be presented for describing the privacy requirements of secure channels in detail. More-over, the method for designing secure channel protocol in the paper reduces the UC security of secure channels, which are measured by action-simulation in the UC security framework, to the security of authenticated encryption schemes, which are measured semantically.

  16. Securing remote services by integrating SecurID strong authentication technology in EFDA-Federation infrastructure

    International Nuclear Information System (INIS)

    Remote participation facilities among fusion laboratories require access control solutions with two main objectives: to preserve the usability of the systems and to guaranty the required level of security for accessing to shared services. On one hand, this security solution has to be: single-sign-on, transparent for users, compatible with user mobility, and compatible with used client applications. On the other hand, it has to be compatible with shared services and resources among organisations, providing in each case the required access security level. EFDA-Federation is a security infrastructure that integrates a set of fusion laboratories and enables to share resources and services fulfilling the requirements previously described. In EFDA community, JET and RFX have security access policies to some of their services that require strong authentication mechanisms. In both cases, strong authentication is based on RSA SecurID tokens. This is a hardware device that is supplied to and generates a new password every minute. The job presents two main results. The first one is the integration of RSA SecurID into EFDA-Federation. Thanks to it, federated organisations are able to offer SecurID to their users as an alternative strong authentication mechanism, with the corresponding increase of security level. The second result is the development of a new access control mechanism based on port knocking techniques and its integration into EFDA-Federation. Additionally, a real application in RFX is presented and includes the integration of its SecurID infrastructure as federated authentication mechanism, and the application of the new access control mechanism to its MDSplus server.

  17. Public key infrastructure for DOE security research

    Energy Technology Data Exchange (ETDEWEB)

    Aiken, R.; Foster, I.; Johnston, W.E. [and others

    1997-06-01

    This document summarizes the Department of Energy`s Second Joint Energy Research/Defence Programs Security Research Workshop. The workshop, built on the results of the first Joint Workshop which reviewed security requirements represented in a range of mission-critical ER and DP applications, discussed commonalties and differences in ER/DP requirements and approaches, and identified an integrated common set of security research priorities. One significant conclusion of the first workshop was that progress in a broad spectrum of DOE-relevant security problems and applications could best be addressed through public-key cryptography based systems, and therefore depended upon the existence of a robust, broadly deployed public-key infrastructure. Hence, public-key infrastructure ({open_quotes}PKI{close_quotes}) was adopted as a primary focus for the second workshop. The Second Joint Workshop covered a range of DOE security research and deployment efforts, as well as summaries of the state of the art in various areas relating to public-key technologies. Key findings were that a broad range of DOE applications can benefit from security architectures and technologies built on a robust, flexible, widely deployed public-key infrastructure; that there exists a collection of specific requirements for missing or undeveloped PKI functionality, together with a preliminary assessment of how these requirements can be met; that, while commercial developments can be expected to provide many relevant security technologies, there are important capabilities that commercial developments will not address, due to the unique scale, performance, diversity, distributed nature, and sensitivity of DOE applications; that DOE should encourage and support research activities intended to increase understanding of security technology requirements, and to develop critical components not forthcoming from other sources in a timely manner.

  18. Introduction to Hardware Security

    Directory of Open Access Journals (Sweden)

    Yier Jin

    2015-10-01

    Full Text Available Hardware security has become a hot topic recently with more and more researchers from related research domains joining this area. However, the understanding of hardware security is often mixed with cybersecurity and cryptography, especially cryptographic hardware. For the same reason, the research scope of hardware security has never been clearly defined. To help researchers who have recently joined in this area better understand the challenges and tasks within the hardware security domain and to help both academia and industry investigate countermeasures and solutions to solve hardware security problems, we will introduce the key concepts of hardware security as well as its relations to related research topics in this survey paper. Emerging hardware security topics will also be clearly depicted through which the future trend will be elaborated, making this survey paper a good reference for the continuing research efforts in this area.

  19. Information security cost management

    CERN Document Server

    Bazavan, Ioana V

    2006-01-01

    While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book-Focuses on setting the right road map so that you can be most effective in your information security implementationsDiscusses cost-effective staffing, the single biggest expense to the security organizationPresents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectivelyI...

  20. Wireless network security and cracking security key

    OpenAIRE

    Bikov, Dusan; Bouyuklieva, Stefka; Stojanova, Aleksandra

    2014-01-01

    Wireless technology gives us mobility easy access to the computer network without copper wires. With the increased use of wireless technology, more and more Wi-Fi hotspots, rising number of cell phones, PDAs, Tablet PC, laptops (devices with Wi-Fi module), wireless security is an ever increasing issue for many organizations. In other words wireless networks add another entry point into a network for hackers. Because this technology is relatively new there is many security vulnerabilities. ...